Types: Case Studies

WhosOnLocation

ISO 27001 Certification

Background

WhosOnLocation is a small, innovative, and rapidly growing New Zealand based Software as a Service (SaaS) solution provider of people presence management services. Since their inception in 2012, they have experienced strong growth, expanding to support 5000+ clients across over 25 countries.

WhosOnLocation Chief Executive, Darren Whitaker-Barnett approached Axenic with a challenge that is common to most small NZ service providers.

The Challenge

Help WhosOnLocation compete in a global marketplace. Increase their security capability and reduce the effort that is required to demonstrate that capability to customers. To help differentiate their business in the marketplace.

The WhosOnLocation service collects a range of personal information about people entering and leaving customers’ sites. Darren and his team were increasingly being asked by customers how secure their service is and how they are protecting the information collected. Responding to individual requests for different sets of information to provide customers with this assurance was becoming time-consuming as the WhosOnLocation’s customer base grew. Along with existing customers, when tendering for new business they also need to provide this information to prospective customers. 

Axenic has recently worked with us on a business security assessment and a security roadmap to achieve alignment to EU General Data Protection Regulation (GDPR). The security gap analysis work, the knowledgable people they assigned to our project, as well as the recommendations and assistance they extended to us when implementing new practices so impressed myself and our development and infrastructure team that we now use Axenic in the role of Chief Information Security Officer (CISO), also known as a Virtual CISO. Our current engagement extends beyond the role of CISO and included them leading our ISO 27001 certification project. With Axenic we feel we have a partner with a vested interest in ensuring we and our customer data is secure.

DARREN WHITTAKER, FOUNDER/CEO, WHOSONLOCATION

Our partnership with Darren and his team at WhosOnLocation has been a great example of right sizing security for a small growing company and staying focused on the business benefits of doing it well. Helping them achieve ISO27001 certification has been the icing on the cake.

TERRY CHAPMAN, MANAGING DIRECTOR, AXENIC

The Solution

Rather than trying to meet diverse security requirements across multiple jurisdictions, Axenic agreed with WhosOnlocation that an approach based on international standards would be the best way to help WhosOnlocation effectively meet their customer’s needs. Achieving certification against internationally recognised security standards such as ISO/IEC 27001 Information Security Management System (ISO 27001) would enable WhosOnlocation to provide its customers with confidence that their information is protected. This would also provide them with a strong competitive advantage when compared with similar service providers. To achieve the desired outcome and completing the work on a pragmatic budget commensurate with the size of their business, Axenic analysed the overlapping requirements between the multiple international standards to deliver an optimised roadmap of activities that allowed WhosOnlocation to: 

  • Address their GDPR requirements.
  • Develop a milestone-based timeline to improve their security maturity.
  • Work towards international security standards including ISO27001, with WOL successfully achieving this at the end of 2019.

To reach a good balance between cost and impact, Axenic provided a Virtual Chief Information Security Officer to work on a part-time basis with WhosOnlocation to drive the implementation and adoption of good security practices.

The Results

To date, Axenic has worked with WhosOnlocation to help them achieve:

  • Compliance with the NZ Privacy Act 1993
  • On-time compliance with the EU GDPR by May 2018
  • A significant uplift in overall security maturity within WhosOnlocation
  • Continue to build a culture of security with the organisation
  • Attainment of WhosOnlocation’s ISO 27001 certification successfully meeting international security standards

Working with Axenic to achieve ISO 27001 certification has helped WhosOnlocation to:

  • Making it easier for WhosOnlocation to compete in an exclusive global market with competitors who also have ISO 27001
  • More than halving the time it takes the security team to provide assurance that they are effectively managing their risk exposure and customer information. (pre-ISO 27001 approx. 32 hours per quarter, post ISO is approx. 8 hours per quarter)
  • Give WhosOnLocation the ability to approach large multi-national companies.

We made the right decision by engaging with Axenic. As we were going through the process it has become evident that we couldn’t do it without their help.

TOM PECK, CHIEF TECHNOLOGY OFFICER, WHOSONLOCATION

Visit WOL website

Download case study (pdf)

Human Rights Measurement Initiative

Background

HRMI (Human Rights Measurement Initiative) is a small, not-for-profit, global collaborative project focussed on producing metrics that track Human Rights performance as defined in Human Rights law. HRMI is comprised of academics and human rights experts from around the world, the first of its kind and independent from any government entity. Data is collected by respondents residing in the specific countries measured and the metrics are published on the HRMI website for anyone to freely access.

Axenic provided just the right person for the job with the right background and experiences and it seemed like a really thorough process that they helped make really easy

ANNE MARIE BROOK, CO-FOUNDER AND DEVELOPMENT LEAD, HUMAN RIGHTS MEASUREMENT INITIATIVE

Last year, HRMI’s successful pilot in 13 countries (Angola, Australia, Brazil, Fiji, Kazakhstan, Kyrgyzstan, Liberia, Mexico, Mozambique, Nepal, New Zealand, Saudi Arabia and the UK) had given them the confidence to expand their reach to include all 170 countries who have signed/ratified the global human rights treaty.

At Axenic, we deal with a lot of large organisations. It was fulfilling to be able to help a smaller organisation with their delivery of a really worthwhile project

TONY MCNAMARA, SENIOR CONSULTANT, AXENIC

HRMI approached Axenic to help the organisation identify and manage the inherent risks associated with this important project. As part of Axenic’s commitment to supporting impactful citizenship initiatives, we were happy to donate the consulting time to HRMI at no cost.

The Challenge

The HRMI team knew that they needed a robust way to manage their security. The data collected for the survey metrics is very sensitive and protecting this information is crucial. In addition, the integrity of the information collected relies on HRMI being able to protect the identities of the respondents to ensure their safety. HRMI had identified concerns that some governments could act in a hostile manner if their performance results were negative.

Needing to find a more efficient and scalable way to collect information, while protecting the respondents’ privacy, HRMI had decided to procure and implement a new CRM. They needed expert advice on the security criteria the CRM would need to meet so that they could perform due diligence on the potential solution.

I was really happy to have the risks identified in the way that Axenic defined these for us

ANNE MARIE BROOK, CO-FOUNDER AND DEVELOPMENT LEAD, HUMAN RIGHTS MEASUREMENT INITIATIVE

The Solution

Axenic worked with HRMI to undertake an information security risk assessment based on their business requirements and in collaboration with their third party suppliers. Axenic helped HRMI to identify specific security risks that they had not considered, confirmed some suspected risks and identified new risks.

Along with establishing the security requirements of HRMI’s new CRM, Axenic also helped HRMI identify broader risks impacting their wider service and ways to manage these.

Through the information security risk assessment, HRMI was able to identify the risks that they needed to manage and how to effectively protect the identities of the survey respondents and HRMI information.

The Results

As a result of the services provided by Axenic, HRMI are now able to:

  • Develop an updated security policy.
  • Have assurance that they are asking the correct security related questions when screening future third party providers.
  • Communicate confidently with their stakeholders about measures taken to keep survey respondents safe.
  • Communicate confidently to current survey respondents detailing how HRMI keeps their identities safe and how they can keep themselves safe.
  • Recruit more survey respondents through assurance that their identities will remain confidential.
  • Have confidence that they have the right information they need to select the best CRM solution to improve their operational efficiencies and provide them with scalability.
  • Have assurance that the controls that the CRM vendor has in place will meet their business needs and security requirements.

Through our work with HRMI, the not-for-profit has developed a good understanding of how information security can help them achieve a great citizenship outcome.

This initiative is an important part of improving human rights for people around the world that would otherwise not have a voice. Protecting the identities of individuals participating in this initiative and ensuring that HRMI is able to keep its information safe is absolutely critical. Axenic is happy to be able to lend our information security expertise to such a great cause

TERRY CHAPMAN, GENERAL MANAGER, AXENIC

Visit HRMI website

Download case study (pdf)