How we Developed a Streamlined, Customised ISO 27001 Implementation
Customer Case
HuFiCon Management Memo:
Journey with the CISO
A mountain climb to cyber security resilience. Find out how to get to the summit of cyber security resilience in Inge van der Beijl's management memo, from her presentation at the Human Firewall Conference (HuFiCon) on the 14.11.2024.
The climb will take you from the base camp of foundational security to the high-camp of a security conscious culture, all the way to the summit consisting of strategic security integration.
Inge van der Beijl
Director Innovation
Building Trust Through Pragmatic Security
Our client is a leading player in the automotive leasing sector. Clients trust them with sensitive financial data and want to feel confident their trust is well-placed. Despite mature security processes, the organisation lacked an essential proof point of their information security efforts: ISO 27001 certification.
Realising they were missing a key competitive advantage as a supplier, the company wanted become ISO 27001 certified without adding unnecessary bureaucracy to their processes.
For this, we developed a tailor-made implementation solution that built on their existing Governance, Risk, and Compliance (GRC) processes. Open collaboration and trust paved the way to a successful certification for our client.
At a Glance: Custom ISO 27001 Implementation
Client
- One of the largest automotive leasing companies in the Netherlands.
Challenge
- Needed ISO 27001 certification to prove their data security standards and score higher in RFPs
- Wanted full organisational scope (not just IT), without adding layers of bureaucracy
- Goal: lean, pragmatic certification built on existing GRC processes
Solution
- Tailor-made ISO 27001 approach based on reuse and supplement model
- Embedded Northwave consultant worked onsite with the GRC team for six months
- Only one new document created; all others extended from existing structures
- GRC team trained in ISO logic and requirements
Results
- ISO 27001 certification achieved across the full organisation
- Certification strengthens competitive position and client confidence
- Lean, efficient project completed in just six months
- Positive collaboration built on trust, camaraderie, and celebration of success Continued investment in Northwave’s cyber resilience training for the workforce
Challenge:
Streamlined Full-Scope Certification
To fully align with client expectations, our client decided to certify the entire organisation rather than limiting the scope. This provides their customers with more transparency, as strong information security standards are applied across all leasing services.
But broadening the scope also increased complexity. Many different business operations needed to be addressed, and the organisation wanted to avoid creating processes for the sake of ticking compliance boxes. Since they already had high information security standards, the goal was clear: efficient, streamlined ISO 27001 implementation that didn’t unnecessarily complicate their existing data security practices.
Approach:
Reuse and Supplement
Our team recommended a model that would extend the organisation’s existing GRC documentation where necessary and avoid reinventing processes. For six months, a Northwave Business Security consultant worked onsite two days a week at our client’s office in the Netherlands. This embedded approach helped us gather deep insights into the organisation’s inner workings and GRC processes. With proactive and transparent collaboration, our consultant was always connected with the right people, received clear answers, and was empowered to act quickly.
We trained the GRC team in ISO logic and requirements. Then, our teams worked together to identify opportunities to improve documentation already in place. We reused what already met, or even exceeded, the certification requirements and supplemented as needed. Northwave business consultants ensured smooth communication with auditors and prepared the organisation for every stage of certification.
Results:
Certification and Confidence
- Our client achieved full-scope ISO 27001 certification in six months–outpacing the traditional FastTrack Solution.
- Only one new document was added to existing processes (the mandatory ISO 27001 Statement of Applicability). All other requirements were met by reusing and extending the organisation’s current documents and processes.
- The certification directly supports client trust and provides a competitive advantage as a supplier when submitting requests for proposals (RFPs).
- The GRC team gained ISO expertise that will help them continue to raise operating standards and adapt to changes in data security regulations.
For both organisations, this project demonstrated that achieving new security standards doesn’t need to be an operational burden. With a pragmatic, tailor-made approach, ISO 27001 can be adapted to the organisation, not the other way around. Our work with the company continues as we help them to further improve business resilience and enable their workforce to defend against cyber threats.
Collaboration Built on Trust
A highlight of this project was the spirit of the collaboration. Our client’s team welcomed us with openness and enthusiasm. Together we tackled complex certification requirements while also genuinely enjoying the process. We kept the momentum going by celebrating each new milestone and achievement along the way. Northwave even delivered champagne to toast when the certification was secured.
Today, our client proudly displays their ISO 27001 certificate in their office–prominent proof that they are a trusted supplier. Beyond certification, this project shows how cyber security can be a strategic business enabler that delivers both compliance and customer confidence.
Want to know how we can help you streamline or FastTrack ISO 27001 certification? Get in touch with our experts today. We’ll help you find identify the solution that is the best fit for your business goals and security posture.
“Thank you so much for being part of this project, and for your patience and support especially when it came to navigating the external audit! Your help really made a difference in keeping things on track and making sure everything went smoothly with both the Certifying Body, the external auditor and our internal setup matching with the ISO27001 requirements.”
Local Information Security Officer at a leading automotive leasing company
We are here for you
Need help with your cyber security or wondering how secure your business really is?
Get in touch and we will help you find the best solution.