We could not have done it without Axenic, they tied the whole thing together for us
Martin Gleeson
Managing Director, iPayroll
Sectors: IT
WhosOnLocation
Axenic has been a trusted and indispensable partner in our information security journey. We first engaged Axenic in 2017 to help us navigate the complex requirements of GDPR, and their expertise and guidance were instrumental in ensuring our compliance ahead of the 2018 deadline. Their value was quickly proven, and we subsequently brought them on to deliver a comprehensive risk assessment of our Information Security Management System (ISMS) and prepare us for ISO 27001 certification.
Thanks to Axenic’s professionalism and deep domain knowledge, we successfully achieved certification in 2019. The Axenic team continued to play a vital role in managing and strengthening our ISMS and overall security posture right up to our recent acquisition by a global tech company. Consequently, we have retained our ISO27001 Certification ever since. I highly recommend Axenic to any organisation seeking expert, reliable, and results-driven information security and privacy consultancy.
Darren Whitaker-Barnett
CEO & Founder, WhosOnLocation
WhosOnLocation
Background
WhosOnLocation is a small, innovative, and rapidly growing New Zealand based Software as a Service (SaaS) solution provider of people presence management services. Since their inception in 2012, they have experienced strong growth, expanding to support 5000+ clients across over 25 countries.
WhosOnLocation Chief Executive, Darren Whitaker-Barnett approached Axenic with a challenge that is common to most small NZ service providers.
The Challenge
Help WhosOnLocation compete in a global marketplace. Increase their security capability and reduce the effort that is required to demonstrate that capability to customers. To help differentiate their business in the marketplace.
The WhosOnLocation service collects a range of personal information about people entering and leaving customers’ sites. Darren and his team were increasingly being asked by customers how secure their service is and how they are protecting the information collected. Responding to individual requests for different sets of information to provide customers with this assurance was becoming time-consuming as the WhosOnLocation’s customer base grew. Along with existing customers, when tendering for new business they also need to provide this information to prospective customers.
Axenic has recently worked with us on a business security assessment and a security roadmap to achieve alignment to EU General Data Protection Regulation (GDPR). The security gap analysis work, the knowledgable people they assigned to our project, as well as the recommendations and assistance they extended to us when implementing new practices so impressed myself and our development and infrastructure team that we now use Axenic in the role of Chief Information Security Officer (CISO), also known as a Virtual CISO. Our current engagement extends beyond the role of CISO and included them leading our ISO 27001 certification project. With Axenic we feel we have a partner with a vested interest in ensuring we and our customer data is secure.
DARREN WHITTAKER, FOUNDER/CEO, WHOSONLOCATION
Our partnership with Darren and his team at WhosOnLocation has been a great example of right sizing security for a small growing company and staying focused on the business benefits of doing it well. Helping them achieve ISO27001 certification has been the icing on the cake.
TERRY CHAPMAN, MANAGING DIRECTOR, AXENIC
The Solution
Rather than trying to meet diverse security requirements across multiple jurisdictions, Axenic agreed with WhosOnlocation that an approach based on international standards would be the best way to help WhosOnlocation effectively meet their customer’s needs. Achieving certification against internationally recognised security standards such as ISO/IEC 27001 Information Security Management System (ISO 27001) would enable WhosOnlocation to provide its customers with confidence that their information is protected. This would also provide them with a strong competitive advantage when compared with similar service providers. To achieve the desired outcome and completing the work on a pragmatic budget commensurate with the size of their business, Axenic analysed the overlapping requirements between the multiple international standards to deliver an optimised roadmap of activities that allowed WhosOnlocation to:
- Address their GDPR requirements.
- Develop a milestone-based timeline to improve their security maturity.
- Work towards international security standards including ISO27001, with WOL successfully achieving this at the end of 2019.
To reach a good balance between cost and impact, Axenic provided a Virtual Chief Information Security Officer to work on a part-time basis with WhosOnlocation to drive the implementation and adoption of good security practices.
The Results
To date, Axenic has worked with WhosOnlocation to help them achieve:
- Compliance with the NZ Privacy Act 1993
- On-time compliance with the EU GDPR by May 2018
- A significant uplift in overall security maturity within WhosOnlocation
- Continue to build a culture of security with the organisation
- Attainment of WhosOnlocation’s ISO 27001 certification successfully meeting international security standards
Working with Axenic to achieve ISO 27001 certification has helped WhosOnlocation to:
- Making it easier for WhosOnlocation to compete in an exclusive global market with competitors who also have ISO 27001
- More than halving the time it takes the security team to provide assurance that they are effectively managing their risk exposure and customer information. (pre-ISO 27001 approx. 32 hours per quarter, post ISO is approx. 8 hours per quarter)
- Give WhosOnLocation the ability to approach large multi-national companies.
We made the right decision by engaging with Axenic. As we were going through the process it has become evident that we couldn’t do it without their help.
TOM PECK, CHIEF TECHNOLOGY OFFICER, WHOSONLOCATION