Graphic version of this page

News & Events

Healthcare Insurance Provider Case Study

Details
16 February 2012

Client: A major private healthcare insurance provider
Title: ISO27001 Implementation and Certification
Product / Service: Consultancy

Background: The Department of Health (DoH) mandated that all private sector healthcare providers who in any way process patient information must become certified to ISO27001, to demonstrate that they are operating at best practice levels for information security.

Red Island Consulting engaged with this healthcare provider to project manage them through the process of implementing and achieving certification within their global data center. Certification was successfully achieved after nine months.

The Objective: To meet with DoH requirements and achieve ISO27001 certification.

The Solution: Using our proven methodologies and tools, Red Island Consulting worked with this client to build, implement and monitor their information security management system (ISMS).

The project milestones can be described as:

  • Information asset identification;
  • Business impact assessment;
  • Risk assessment;
  • Agreeing the risk treatments;
  • Documenting all required policies and processes;
  • Implementation of required security controls;
  • Gathering evidence of maturity, effectiveness and continuous improvement; and
  • UKAS ISO27001 certification audits.

Following on from the successof this project, the client has engaged us to certify other areas of their UK and US business. We have conducted PCI DSS consultancy and also worked closely with them on an award winning information security awareness programme.

Testimonial: The client's IS Information Security Manager comments:

"Red Island has been key in all of our ISO27001 certification projects: the original certification of our data centre in the UK; the subsequent extension of that certificate earlier this year to a second data centre; and the certification programme for a subsidiary company in the US.

When we first embarked on the ISO27001 programme, we engaged the services of some large consultancy companies. These turned out to be expensive, a 'slow' approach (a lot of talking and little action) and, I felt, exuded a somewhat pessimistic outlook for completing in reasonable timeframes.

Red Island are genuine experts in ISO27001. Unlike some of the other consultancies we have used who will talk about it, Red Island actually DO things: they have provided us with their own proven ISO27001 methodology (asset register, risk register, action tracker etc.) and their consultants have done much of the leg work. They 'fixed' things for us such as Security Policy gaps and shortfalls in our risk assessment tables. Their guarantee of a Pass is genuine. As a company, I found them to be small enough to be nimble, responsive and value for money, yet influential enough in their field of expertise to be extremely effective: their relationship with certification bodies has proven to be very valuable to us.

ISO27001 is now a way of life for us  we use the methodology as the basis for all our information security activities. It is not a 'tick box' compliance exercise  and Red Island are key partners in our vision."