An assessor’s view – using ISO 27001 to protect Cerebreon’s sensitive client data

Recently I had the pleasure of working with Ken Doherty and Gillian Doyle at Cerebreon Technologies. This award winning FinTech company is located in the picturesque village of Ardara on the Wild Atlantic Way in Co Donegal, Ireland.

The company, established in 2016, is the proud developer of an innovative FinTech product providing business intelligence software and analytics platforms targeted at the UK Insolvency sector.

The firm automatically processes and analyses millions of insolvency documents for both insolvency and creditor firms using machine intelligence and algorithms to spot insolvency failures in advance. The data is extremely sensitive so it is critical to Cerebreon’s clients that the firm has a consistent and robust approach to information security.

Accordingly, ISO Quality Services Ltd were asked to facilitate the implementation of the internationally recognised Information Security Management System, ISO 27001. I was happy to provide support in my role as Lead Assessor.

I was initially surprised to see a cutting-edge IT company, employing six highly qualified and skilled specialists, based in this remote location. To top it all, they also run a truly paperless office so full marks to them for good environmental practices.

During the preliminary assessment, I was immediately struck by the Management Team’s enthusiasm and commitment to achieving certification.

It was evident to me that Gillian and Ken, who have previously worked in the finance and IT sectors, already had many strong working practices in place that we could build upon together.

We agreed on an action plan which would ensure compliance with all of the requirements of ISO 27001 that were applicable to Cerebreon Technologies’ current and future operations. To support this, a draft Information Security Management System Overview was prepared along with several other key documents describing how Cerebreon Technologies control their information security risks.

After several weeks, progress was reviewed to ensure the new procedures were embedded into the organisation.

Certification to this internationally recognised standard enables Cerebreon Technologies to demonstrate to its key stakeholders, including potential clients, that it takes a best practice approach to data protection and information security.

Well done to one and all for another great achievement.

Pictured at the ISO 27001 Certificate Presentation is ISO Quality Services Ltd Lead Assessor Kieran Ryan with Ken Doherty (COO) of Cerebreon Technologies

From the client’s perspective:

“The advice and guidance from Kieran has been really helpful and comes from a practical perspective. This is great.

The online platforms is a great resource and full of helpful document templates and guidance notes.

The engagement and contact from our Client Manager, Chrissy, has been really helpful and friendly. She gave great advice and guidance on what might suit our business needs at this stage of our company development without being too pushy or overly trying to sell us something we didn’t need. I really appreciated that.”