ISO 27001 consultancy services from RightCue help Solidatus capitalise on growth opportunity

Solidatus is a leading data lineage and metadata management provider. The company focuses on intelligent data management, discovery and visualisation services to empower customers and help them identify and act on opportunities. Solidatus was established in 2017 to address a gap in the market for these services. Since opening its doors, Solidatus has garnered a number of awards and was recently named in Deloitte’s Fast 50 for the second year running.

The company offers a host of solutions, including governance and regulatory compliance, data risk and controls, data sharing, business integration and ESG. It has offices in the UK, US, Singapore and India and provides those solutions to global customers across financial services, retail, utilities and local government.

Working with customers in highly regulated industries, such as banking and finance, meeting legislative requirements and having the right security standards in place is paramount for Solidatus. As the company grew, it became clear that having an official security certification would not only enable Solidatus to maintain and surpass required standards, but would also demonstrate that commitment to both new and existing customers. As a result, Solidatus began investigating achieving both CSA Star Level 2 and ISO 27001 certification.

Starting the ISO 27001 and CSA Star certification journey

CSA Star Level 2 certification is an independent assessment of security of a cloud service provider and was created by the Cloud Security Alliance (CSA). It is based on achieving ISO 27001 certification and meeting criteria specified in the Cloud Controls Matrix (CCM). CSA STAR Certification demonstrates that a cloud service provider conforms to the applicable requirements of ISO 27001, has addressed issues critical to cloud security as outlined in the CCM, and has been assessed against the STAR Capability Maturity Model for the management of activities in CCM control areas.

Both certifications enable organisations to demonstrate to customers and stakeholders they have the right cyber security controls in place to deal with cyber threats and mitigate risk.

Finding the best CSA Star and ISO 27001 implementation partner

Working with the right partner is critical in achieving desired certifications, especially when that partner understands the needs of the business, the industry it operates in and how certification can benefit an organisation.

While the Solidatus team had in-house cyber security skills, it didn’t have the right experience to take the organisation through both certifications.

“We began looking at how to get ISO 27001 certification and CSA Star Level 2. After an extensive search it became clear that while many companies stated they could deliver both, RightCue was the only business that met our requirements. Their knowledge was extensive and they had worked with smaller businesses like us and in the SaaS space.” – Imran Musawi, Cyber Security Engineer, Solidatus.

The team at RightCue was recommended for its ISO 27001 consultancy services and its work on CSA Star, and proved it was the right partner to help Solidatus though its certification journey.

The challenge of fast growth

As a small company that grew quickly through the pandemic, many of Solidatus’s processes weren’t as comprehensive as they needed to be. In addition, this also meant the processes couldn’t adapt to cope with that growth and meet the needs of the business. One of the things RightCue would address was looking at those processes in light of Solidatus’s current and future requirements, as well as certification criteria, to help the business better serve its customer base.

ISMS - Information Security Management System

Building a robust information security foundation

RightCue began by performing an in-depth gap analysis, assessing the maturity of existing security processes and getting to grips with Solidatus’s business goals and culture – both of which have an impact on the ongoing success of implementing and maintaining a framework.

From there, RightCue developed a comprehensive implementation plan that was tailored specifically to the needs of Solidatus. The plan formed the foundation from which to work, with the RightCue team collaborating with Solidatus to identify their most valuable information assets, document data flows and create information security policies and other documentation.

Guiding through the certification journey

RightCue focused on optimising security management by eliminating redundant administrative processes, ensuring all activities and tasks directly contributed to enhancing control effectiveness. Throughout the project, there were regular project meetings – weekly or bi-weekly – between the RightCue team and Solidatus to monitor progress and address any concerns from stakeholders. This was especially important given the changes around the processes and ensuring all stakeholders were onboard and comfortable with the approach.

Solidatus received additional support from RightCue in the form of comprehensive email and online help to help in risk comprehension, identifying and implementing risk treatments and controls, and reviewing internal documentation to support the audit process.

The RightCue team also helped manage the relationship with the certification body, including reviewing contracts, ensuring the audits considered changes to standards, scheduling the four stages of certification audits within the project, and supporting during the audits themselves.

“The RightCue team were instrumental in the process – to be blunt, if there was no RightCue, we wouldn’t have been able to do this. Their knowledge of controls was outstanding, and they really understood our business,” stated Imran Musawi, Cyber Security Engineer, Solidatus.

Mock ISO 27001 certification audit

To prepare Solidatus for the assessment and audit, RightCue carried out a mock audit, led by a consultant who hadn’t previously worked on the project to maintain independence. Conducted in the same way as the real thing, the Solidatus team was put through its paces, answering questions and gathering the relevant documentation needed. The result was successful – giving Solidatus the confidence needed to undergo the real certification process.

Getting the right ISMS results

Solidatus has now successfully certified to ISO 27001 and CSA Star level 2. The information security management system (ISMS) is now fully embedded in Solidatus’s business processes, and with both certifications the company now has the ability to show its customers it has the right security controls in place and assure them of the safety of their data.

“We really valued the pragmatic and flexible approach RightCue took when working with us. They were clearly experts in the field and were able to support us through the whole process including setting up a mock assessment process, so we knew what to expect.

“The impact on the business has been great. Customers and prospects are reassured that we have best in class security protocols. The sales team are confident and happy to share certification and relevant documents around our processes. It has freed up time across the business, but crucially given us confidence internally.

“Of course, cyber security is never complete, but we have a solid foundation to work from and know what we need to do to be even better for our next assessment. If you’re thinking of tackling this certification, RightCue would make a great partner.” – Daniel Waddington, CTO, Solidatus.

“It’s always important to work closely with the customer in developing your plan, implementing it and training the team on the new controls and policies. But what we also find is that transparency has to form the basis of the relationship. We are always clear about the time and effort that is required and Solidatus was very receptive to our help. We guided Solidatus through the whole process, worked with them on their deadlines, and we’re delighted with the result.” – Sonal Agarwal, Executive Director and Managing Consultant, RightCue Assurance

To find out more about the key benefits of gaining ISO 27001 certification read our article: The key benefits of ISO 27001 certification: safeguarding your business

What our clients think

“We began looking at how to get ISO 27001 certification and CSA Star Level 2. After an extensive search it became clear that while many companies stated they could deliver both, RightCue was the only business that met our requirements.

“The RightCue team were instrumental in the process – to be blunt, if there was no RightCue, we wouldn’t have been able to do this. Their knowledge of controls was outstanding, and they really understood our business.”

IMRAN MUSAWI . SOLIDATUS

“We were keen to develop our IT security to the next level so we could expand our client base as well as giving existing clients further peace of mind. Working with RightCue has been a total pleasure. They are just lovely people and to us they are not only trusted advisors but they feel like part of our extended team.

"Working with RightCue has supported our growth as a business and given us the reassurance we need, knowing that our security and data protection is well developed and managed - that's thanks to RightCue.”

JANINE BISHUN . ACASTER LLOYD CONSULTING LTD

“In early 2021, the ATI established the FlyZero project, with ambitious targets and timeframes. RightCue were involved from the start, contributing ideas and sustainable solutions to keep the project data secure.

“RightCue are so supportive and helpful. They operate almost as a virtual CIO and worked with me on a long-term strategy for IT and security to ensure it remains fit for purpose as the business continues to grow.”

ANN DYSIEWICZ . AEROSPACE TECHNOLOGY INSTITUTE

“Beyond the accreditations, RightCue have caused us to think harder. To develop a maturity for our cyber security – processes and ideas for the future, and to think beyond IT to the business implications. Would I work with RightCue again? Absolutely, without hesitation…’

DAVID BATHO . EXETER COLLEGE

“RightCue helped us to achieve our cyber security accreditations including Cyber Essentials and IASME. But it’s more than that - the protection and management of data is now very much at the centre of our business.

“The RightCue team are absolute stars. Nothing is too much trouble. if you need help with cyber security, you can’t go wrong with RightCue.”

DAN CURTIS-ALLEN . FROST & SULLIVAN

"The team at Rightcue worked very closely with our internal team on our ISO27001 accreditation. They were extremely thorough and rigorous throughout the process, they acted professionally at all times and guided us through each step of the way to attain ISO27001. I would recommend Rightcue to help you achieve your security accreditations.”

SIMON ADAMS . PRD TECHNOLOGIES LTD

"They don’t just do the job and leave. They are at the end of the phone and happy to advise and engage at any time if you need them. If you’re considering Cyber Essentials accreditation, I’d definitely recommend RightCue.”

PAUL AUGUSTUS . ROWANS HOSPICE

"Whilst going for a computer security accreditation is never easy, the team at RightCue made it as painless as possible. They were clearly very knowledgeable and as helpful as they could be, given their role as a certification body…”

RAY SMITH . MUSKETEER SOLUTIONS LTD

“There is no doubt working with RightCue saved me a hell of a lot of time. I didn’t have to spend ages researching solutions. I would say RightCue are a very dependable resource, and are reassuringly competent. A good choice if you’re looking to acquire security accreditations…’

BEN COPE . CREATE IT

“We have been hugely impressed with the team at RightCue. They are very approachable and incredibly knowledgeable...Achieving those accreditations was so much easier, by working with an experienced and accomplished team of professionals, such as RightCue…’

SHELLEY HAWLEY . STALIS

“Having confidence in recommending them to our clients has allowed us to concentrate on playing to our strengths.

All of the RightCue team are very helpful and very willing to go the extra mile. They are very committed to delivering a good service, and that’s why we are always happy to refer them.”

PAUL LLOYD . LLOYD TECHNOLOGY

Get in touch with us

If you’d like to find out more about how to how to achieve ISO 27001 certification using our ISO 27001 services contact us today.

+44 (0)1256 260 780

EMAIL US

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.