Enact and Live Differentiate Themselves with ISO/IEC 27001 Certification from SGS United Kingdom Ltd
Leading UK provider of direct conveyancing legal services, enact, and its sister company The Live Organisation, have achieved ISO/IEC 27001, the Information Security Management standard that demonstrates to existing and potential customers, suppliers and shareholders the integrity of an organisation’s data and systems.
enact and Live deliver direct conveyancing services for sale, purchase and remortgage transactions, lender panel validation, mortgage shortfall recovery, and other property-related services to high street banks, building societies and estate agents. The service includes free access to an online tracking system, 24 hours a day, 7 days a week.
“We wanted to satisfy our clients’ increasing requirements in the areas of information security, and to differentiate ourselves in the market place,” says Helen Pullin, Organisation Improvement Manager.
Having already achieved ISO 9001 certification, the companies reused some of the learning and deliverables from the earlier project. “We’d been introduced to SGS United Kingdom Ltd by the consultant we worked with on ISO 9001 during 2010 and found their auditors and support staff to be very helpful, so we were happy to build on that relationship when going through ISO/IEC 27001.”
Work began with a gap analysis in October 2011, by looking at the existing Information Security Management System (ISMS) and highlighting the development needed to make it meet the requirements of the standard.
The development of procedures and controls followed during Q4 and early Q1 2012, with the Stage 1 audit taking place in February. Some fine-tuning and further internal auditing completed the work, before the certification (Stage 2) audit at the end of April 2012.
“Most of the controls required by the standard were already well-established but we didn’t necessarily have them fully documented, nor did we have the recognised management processes in place for information security,” says Helen Pullin.
“Where appropriate, we extended the mandatory procedures from our Quality Management System to cover our ISMS and rolled them out across the company. We also introduced a risk assessment methodology specifically for Information Systems (IS) risks, formalised our information classification and handling procedures, implemented a programme of internal audit and refreshed users’ knowledge of information security, especially in the areas of clear-desk and storage of hard-copy information.”
The project received sponsorship from the group’s CEO and all the directors were on-board from the outset. As a team, they developed the key performance indicators that underpin the measurement of the ISMS, undertook the initial risk assessment and were involved in drafting and approving the policies and procedures needed. IT, HR and Training all played a major part in developing the new procedures and controls rolled out to the employees. All staff had to confirm that they’d received, read and understood the new U ser Guide, and were subject to spot checks on their adherence to the controls and procedures.
“We now have a robust way of measuring how effective our ISMS controls and procedures really are,” adds Helen Pullin.
“We manage the IS risks more closely than before and have a better understanding of the threats to data security that we face, which ones to accept and which need to be addressed to minimise the impact. Our corporate clients have the added assurance that we can now evidence that we are committed to taking care of their data. And they can assure their customers that their supply chain operates to the same high standard that they do.
“From the start, the SGS auditor was very helpful in making sure our management systems were operating efficiently and to the right standard,” adds Helen Pullin. “For ISO/IEC 27001 we had an auditor who specialised in the standard. This was highly beneficial because he was an expert in the field. What’s more, he didn’t just point out problems. He was very keen to praise where we had done things well.”
About the SGS Group
SGS is the world’s leading inspection, verification, testing and certification company. SGS is recognised as the global benchmark for quality and integrity. With more than 70,000 employees, SGS operates a network of over 1,350 offices and laboratories around the world.
About enact and Live:
Enact is one of the largest direct conveyancing companies in the UK. The company’s mission is clear: to be a national centre of excellence dedicated to providing remortgage and conveyancing legal services in a fast, efficient and innovative way.
Live is a leading provider of innovative property-related products and services, working in partnership with independent estate agencies, strengthening brand propositions and developing lucrative revenue streams.
SGS is the world’s leading inspection, verification, testing and certification company. SGS is recognized as the global benchmark for quality and integrity. With more than 70,000 employees, SGS operates a network of over 1,350 offices and laboratories around the world.