The client wanted an objective assessment of their Information Security Management System (ISMS) to identify areas of improvement.
The software that they develop is their Intellectual Property (IP) and is required to meet industry safety assurance requirements.
Their aim was to comply with the ISO/IEC 27001 standard and seek to achieve independent certification to demonstrate their commitment to the National Rail Safety Board and customers.
One of Amethyst's certified ISO/IEC 27001 Lead Auditors conducted the gap analysis audit against the international industry standard.
The audit consisted of interviews with employees, the review of documentation, observations of their working practices and assessment by the consultant of the evidence.
The customer report documented the audit findings and made recommendations to improve their technical and management security controls.
The findings were presented to the company executive board, the report was well received and the client planned corrective action and implementation of the recommendations.