GoCardless
Case Study.

GoCardless
Adopting a tailored approach to ISO 27001 implementation to develop a healthy security management system.

When GoCardless, the global leader in direct bank payment solutions, needed to formalise its programme around ISO 27001, the firm realised that external help was necessary to optimise and finalise implementation.

GoCardless sought experienced advice for their ISO27001 certification programme management due to rapid growth which placed resources under pressure. The information security management system (ISMS) process needed thoughtful implementation to make it more applicable to a modern firm. GoCardless turned to Inavate who came highly recommended.

Implementing and maintaining ISO 27001 can be complicated; navigating regulations, processes, procedures, people, co-ordinating all requirements of the standard to form one overarching management system that works for the business. However, it can be effortless with the right processes in place alongside regular maintenance needed for the ISMS to keep it running smoothly. This is where an external firm like Inavate can help by providing expert advice whilst tailoring its approach to each firm’s unique requirements to get you into a good position.

Formalisation of the ISO27001 programme

Melissa Jardin, Senior Incident Response Manager at GoCardless, explains how Inavate helped GoCardless.

Melissa says: “With resources stretched, we turned to an external ISO 27001 consultancy to invigorate the process and create a healthy security management system. Inavate made us re-evaluate our approach to come at it from a better, more repeatable perspective. They came highly recommended, and we could soon see why.”

Melissa says: “We’re 100% cloud-based as a business, so we do things a little differently compared to the standard requirements, which were written some time ago. Before working with Inavate, at initial stages, we had explored ISO 27001 template kits but we needed more flexibility. Inavate were adaptable in making the process work for us whilst honouring the core requirements.”

Melissa goes on to explain: “Inavate is good at challenging the auditors. They get to the intended purpose of the standard which is essential as we don’t always do things in the expected way due to our ways of working.”

A tailored approach to securing your firm

Inavate understands that each firm is unique. Therefore, a tailored approach aligned with a business strategy and requirements is essential to ensure that a company gets real value out of ISO 27001 implementation. Inavate’s bespoke methodology ensures that an information security management system encompasses the business for a holistic solution, providing assurance to management teams and reassurance to clients that their information is secure.

Melissa says: “Inavate offered the tailored approach we were looking for. They recognise context, they don’t just offer advice for the sake of it. And in our case, they looked at what would work for us, and went to great lengths to understand our company, our ethos and our approach to the way we work. We’re very flexible, and we needed that same approach from a consultancy. Inavate’s expertise has saved us a huge amount of effort in the long run, helping us be organised and laying the groundwork for the future.”

Melissa adds: It’s great to have the customised policies and processes that we now have, ones that are tailored to the way GoCardless operates. And, we are fully confident they meet the auditors’ expectations.”

Maintaining a healthy security management system

With certification achieved, GoCardless continues to work with Inavate in a consultancy role to support with internal auditing, offer expertise and ensure ongoing efficiency. Melissa explains: “Inavate knows what ‘good’ looks like so they provide continual guidance. With their ongoing support in a number of iterations, we were able to move the programme from good to great.”

Work with Inavate, ISO 27001 consultants

Inavate Consulting is a specialist ISO 27001 and cyber security practice. With over 200 independently audited ISO 27001 implementations we are trusted to deliver practical and commercially advantageous cyber security strategies across all business sectors. Our specific area of expertise is working with Hi-Tech start-ups and regulated markets including iGaming, Financial and Technology across the UK, European and US market.

About GoCardless

GoCardless is a global leader in direct bank payment solutions, making it easy to collect both recurring and one-off payments directly from customers’ bank accounts through direct debit and open banking. The GoCardless global payments network and technology platform take the pain out of getting paid for 75,000 businesses worldwide, from multinational corporations to small businesses. Each year GoCardless processes over US$30 billion of payments across more than 30 countries. GoCardless is headquartered in the UK, with additional offices in Australia, France, Germany and the United States. For more information, please visit www.gocardless.com and follow on Twitter @GoCardless.