Menu
Learn how Digital Octopii helped Intelliteq certify for ISO 27001 in just six months whilst improving their information security and governance
Achieved certification for ISO 27001
Implemented fully functional information management system
Completed in just six months
Intelliteq is a fintech company based in London, England, focused on simplifying complex financial processes. Through its award winning Gretel platform, Intelliteq aims to help its members reunite with their financial assets and investments that have been lost over time, from their first bank account to forgotten shares.
Gretel is a one-stop shop, using innovative technology to enable users to find lost assets across the ecosystem of financial institutions in as little as three minutes. Gretel’s revolutionary digital hub provides expert advice and assistance in a helpful, straightforward way.
Underlined with great integrity and operational excellence, Gretel ensures that finding lost assets is straightforward for anyone in the United Kingdom, regardless of age, technical know-how or financial knowledge. Intelliteq also aims to assist financial institutions and companies with the challenges of complying with regulatory measures surrounding lost assets.
Due to Intelliteq’s nature as a technology company specialised in processing large amounts of personal data, the business needed an effective way of demonstrating it has rigorous control mechanisms and governance in place. Intelliteq needed to show they could maintain the confidentiality, integrity, and availability of the personal data they were entrusted with.
At the inception of the business, through the due diligence processes of their large corporate institution partners, it was clear that information security requirements needed to follow the ISO 27001 framework.
“There was one corporate entity that said you have to have it; if you haven’t got ISO 27001 certification, that’s an absolute barrier. Although now for us it’s less about the due diligence challenges of not having it than the upsides of having certification”
By being externally certified to ISO 27001 by the British Standards Institute (BSI), a UKAS accredited body, Intelliteq are able to evidence that the proper controls are in place to their corporate partners, with no further questions necessary.
Once the decision to obtain ISO 27001 certification was made, it was agreed that using a consultant made sense. Intelliteq sought a recognised consultancy to help guide them through the certification process. Tom knew Digital Octopii were business experts and discovered we are experts at complex ISO certification frameworks.
“When it comes to something like ISO 27001, it’s a huge scope with many potential pitfalls. The problem is that you can flounder around in the dark trying to work it out yourself, or you can bring in expert help and get that support. So we wanted to ensure that we could fast-track the process.”
Intelliteq had asked BSI, as their chosen certification body, to make recommendations. They were given a panel of potential BSI Associate Consultants to assist them in the process. Three potential consultants were shortlisted and, after meeting with them, Tom quickly settled on Digital Octopii. They found Elisabeth Belisle, Digital Octopii’s Founder and ISO consultant, was a highly knowledgeable, experienced consultant. Tom felt they could work with her effectively over a long period.
“This isn’t like getting your toe checked out if you’ve stubbed it; this is a long-term relationship, so we wanted someone we could work with. Someone who would be with us through thick and thin, like a marriage almost.”
As there were already several information security policies and procedures in place, the first step was to perform a gap analysis against the requirement of the standard. Intelliteq collaborated with Elisabeth to “get their house in order” so that by the time they reached the stage 1 and 2 audits, the top team at Intelliteq was confident they could go into those assessments and come out the other side with a certificate.
“Effectively, we performed the gap analysis, plugged all the gaps and went through the assessments, as Elisabeth had been laterally performing internal audits monthly.”
By executing a gap analysis, collaborating with Digital Octopii to amend/produce documentation and having monthly internal audits, Tom feels they have been able to improve their information security, despite the fact they already had robust controls in place before the journey started.
They already had highly-accredited digital partners helping them ensure the technology and architecture were state-of-the-art in terms of information security. But in terms of governance and the thought processes behind managing data, the ISO 27001 journey provided many ongoing advantages. The personal data is now stored and managed in a very rigorous manner with strict governance in place.
Aside from the improved information governance and management, Intelliteq also benefits from having an external party in Digital Octopii to carry out internal audits. This ensures controls are scrutinised, facilitating continual improvement in information security practices.
“Externally conducted internal audits are essential; you shouldn’t mark your own homework. We’ve got a lot of things to do, all the time, and actually having someone who’s dedicated to it is really important, to be laser-focused on it and keep us really on point.”
With the support of Digital Octopii, Intelliteq passed stage 1 and 2 audits within a few months. Intelliteq started working with Elisabeth in October 2021 and reached their stage 1 audit at the start of 2023 in January.
Intelliteq quickly reached the stage 2 audit about eight weeks later in March and ultimately achieved the ISO 27001 certification, accomplishing their initial goal, in less than six months.
Aside from being happy with how quickly they reached stage 1 and 2 audits, meeting their fast-track expectations, Intelliteq’s Tom Simmonds and Ashley Hollands were glad to have only spent around 20 days each in achieving certification during the entire period, helping them to remain focused on the typical day-to-day running of their business and application, Gretel.
ISO 27001 certification has helped Intelliteq meet its clients’ needs, grow its business and help more consumers around the nation to reclaim their lost bank accounts, pensions, and investments.
No matter what phase your ISO project is in, we can support you.
As Associate Consultants of the British Standards Institute, we are recognised experts in this field. We will help you become compliant to one of the above standards; whether you want to obtain certification by BSI or another UKAS accredited body – or whether you just want to improve your current practices.
Not sure which standard is best for you or where to start?