Sectors: IT

Marketing Impact Limited

Background

Marketing Impact Limited is a New Zealand-based marketing services firm that specialises in delivering smart, strategic communication programmes. With expertise in direct mail, email marketing, data management, and fulfilment, they help businesses engage customers and build loyalty at scale.

With a reputation built on consistency and quality, MIL works with a wide range of clients to deliver personalised, effective communication — across both print and digital channels. Their long-standing team and results-driven approach have made them a trusted partner for organisations seeking reliable, high-impact customer outreach.

The Challenge

As Marketing Impact began working with government agencies, and larger financial and commercial clients, security audits became more frequent and intense. The very first question in these engagements was increasingly the same: “Are you ISO 27001 certified?”

If the answer was yes, audits were quick and straightforward. If not, the business faced a burdensome process — draining internal resources and slowing down growth.

Leadership recognised this trend as more than a compliance hurdle; it was becoming a competitive battleground. Over two years, the cost of managing these growing requirements had already approached $600K — a figure many competitors wouldn’t be able to absorb.

There were four main drivers for change:

  1. Continuous improvement – Embed a culture of ongoing growth and risk management.
  2. Customer retention – Maintain trust and meet rising client expectations.
  3. Client acquisition – Turn infosec into a marketing and sales advantage.
  4. Peace of mind – Provide confidence to shareholders and stakeholders.

“It has been fantastic, we achieved ISO certification in 18 months, an unprecedented result. A credit to Lisa and our team working together to get the result.”


Alan Hard — Managing Director, Marketing Impact Limited

The Solution

Axenic was selected through a competitive tender process — not just for capability, but for chemistry. With a long-standing internal team (average tenure: 19 years), it was critical to find a partner who could fit seamlessly into the culture and work rhythm.

Axenic delivered a clear and achievable roadmap, led by their expert Lisa, who became a key driver of the programme. With 91 new security controls introduced, the organisation achieved ISO 27001 certification in just 18 months — an exceptional result.

The project was delivered within budget, without surprises, and supported by strong internal project management. Lisa is now embedded as Marketing Impact’s virtual CISO (vCISO), continuing to support and guide their ongoing security efforts.

The Results

Working with Axenic enabled MIL to:

  • Achieved ISO 27001 certification in record time (18 months).
  • Gained 6–7 major new business opportunities post-certification.
  • Created a strong foundation for growth — with the potential to double in size over the next 12 months.
  • Improved operational efficiency and internal confidence.
  • Positioned ISO 27001 at the core of commercial operations.
  • Maintained a seamless, trusted partnership through vCISO support.

“Being part of the MIL ISO journey as vCISO continues to be a very rewarding experience for me. I’m privileged to have had the opportunity to work alongside such a terrific team of people, who remain so focussed and committed to maintaining the high bar of assurance which has been adopted as their ‘new normal’.”

Lisa Zannino – vCISO, and Axenic Consulting Lead.

Visit Marketing Impact Limited website

Download case study (pdf)

iPayroll

We could not have done it without Axenic, they tied the whole thing together for us

Martin Gleeson
Managing Director, iPayroll

WhosOnLocation

Axenic has been a trusted and indispensable partner in our information security journey. We first engaged Axenic in 2017 to help us navigate the complex requirements of GDPR, and their expertise and guidance were instrumental in ensuring our compliance ahead of the 2018 deadline. Their value was quickly proven, and we subsequently brought them on to deliver a comprehensive risk assessment of our Information Security Management System (ISMS) and prepare us for ISO 27001 certification. 

Thanks to Axenic’s professionalism and deep domain knowledge, we successfully achieved certification in 2019. The Axenic team continued to play a vital role in managing and strengthening our ISMS and overall security posture right up to our recent acquisition by a global tech company. Consequently, we have retained our ISO27001 Certification ever since. I highly recommend Axenic to any organisation seeking expert, reliable, and results-driven information security and privacy consultancy.

Darren Whitaker-Barnett
CEO & Founder, WhosOnLocation

WhosOnLocation

ISO 27001 Certification

Background

WhosOnLocation is a small, innovative, and rapidly growing New Zealand based Software as a Service (SaaS) solution provider of people presence management services. Since their inception in 2012, they have experienced strong growth, expanding to support 5000+ clients across over 25 countries.

WhosOnLocation Chief Executive, Darren Whitaker-Barnett approached Axenic with a challenge that is common to most small NZ service providers.

The Challenge

Help WhosOnLocation compete in a global marketplace. Increase their security capability and reduce the effort that is required to demonstrate that capability to customers. To help differentiate their business in the marketplace.

The WhosOnLocation service collects a range of personal information about people entering and leaving customers’ sites. Darren and his team were increasingly being asked by customers how secure their service is and how they are protecting the information collected. Responding to individual requests for different sets of information to provide customers with this assurance was becoming time-consuming as the WhosOnLocation’s customer base grew. Along with existing customers, when tendering for new business they also need to provide this information to prospective customers. 

Axenic has recently worked with us on a business security assessment and a security roadmap to achieve alignment to EU General Data Protection Regulation (GDPR). The security gap analysis work, the knowledgable people they assigned to our project, as well as the recommendations and assistance they extended to us when implementing new practices so impressed myself and our development and infrastructure team that we now use Axenic in the role of Chief Information Security Officer (CISO), also known as a Virtual CISO. Our current engagement extends beyond the role of CISO and included them leading our ISO 27001 certification project. With Axenic we feel we have a partner with a vested interest in ensuring we and our customer data is secure.

DARREN WHITTAKER, FOUNDER/CEO, WHOSONLOCATION

Our partnership with Darren and his team at WhosOnLocation has been a great example of right sizing security for a small growing company and staying focused on the business benefits of doing it well. Helping them achieve ISO27001 certification has been the icing on the cake.

TERRY CHAPMAN, MANAGING DIRECTOR, AXENIC

The Solution

Rather than trying to meet diverse security requirements across multiple jurisdictions, Axenic agreed with WhosOnlocation that an approach based on international standards would be the best way to help WhosOnlocation effectively meet their customer’s needs. Achieving certification against internationally recognised security standards such as ISO/IEC 27001 Information Security Management System (ISO 27001) would enable WhosOnlocation to provide its customers with confidence that their information is protected. This would also provide them with a strong competitive advantage when compared with similar service providers. To achieve the desired outcome and completing the work on a pragmatic budget commensurate with the size of their business, Axenic analysed the overlapping requirements between the multiple international standards to deliver an optimised roadmap of activities that allowed WhosOnlocation to: 

  • Address their GDPR requirements.
  • Develop a milestone-based timeline to improve their security maturity.
  • Work towards international security standards including ISO27001, with WOL successfully achieving this at the end of 2019.

To reach a good balance between cost and impact, Axenic provided a Virtual Chief Information Security Officer to work on a part-time basis with WhosOnlocation to drive the implementation and adoption of good security practices.

The Results

To date, Axenic has worked with WhosOnlocation to help them achieve:

  • Compliance with the NZ Privacy Act 1993
  • On-time compliance with the EU GDPR by May 2018
  • A significant uplift in overall security maturity within WhosOnlocation
  • Continue to build a culture of security with the organisation
  • Attainment of WhosOnlocation’s ISO 27001 certification successfully meeting international security standards

Working with Axenic to achieve ISO 27001 certification has helped WhosOnlocation to:

  • Making it easier for WhosOnlocation to compete in an exclusive global market with competitors who also have ISO 27001
  • More than halving the time it takes the security team to provide assurance that they are effectively managing their risk exposure and customer information. (pre-ISO 27001 approx. 32 hours per quarter, post ISO is approx. 8 hours per quarter)
  • Give WhosOnLocation the ability to approach large multi-national companies.

We made the right decision by engaging with Axenic. As we were going through the process it has become evident that we couldn’t do it without their help.

TOM PECK, CHIEF TECHNOLOGY OFFICER, WHOSONLOCATION

Visit WOL website

Download case study (pdf)