It was a pleasure to work with the Migrant Help team and to assist in the development of their management system. The main challenge was to assess their unique physical locations, particularly as some branches were shared with other organisations. We also needed to consider Migrant Helps wider objectives for remote working and the secure processing of sensitive personal information.
The solution was to use the AvISO checklist and scenario analysis risk methodology, which ensured that all 114 clauses of the ISO 27001 Annex A controls list were addressed. This really helped to identify opportunities for improvement in all business areas and to develop an effective treatment plan.
We also worked with Migrant Help to develop a set of tailored information security policies for key areas such as access control, remote working and physical information security, which included clear guidelines on how to protect sensitive data.
Technology such as Teams and SharePoint can really help reduce the work required to achieve certification