Overview
TTI Success Insights is an industry-leading assessment provider dedicated to sparking transformative experiences in people’s everyday lives.
Service Provided
- ISO/IEC 27001 recertification audit
Challenge
One of the advantages the ISO/IEC 27001 cybersecurity standard offers companies is the ability to customize its Information Security Management System (ISMS), and the scope of the resulting certification audit, to the company’s risk profile and the data it needs to protect.
John Kloian, information security manager for TTI Success Insights, which creates science-backed assessments and diagnostic tools to improve organizational results, was frustrated with their previous auditor.
Looking for an auditor willing to learn TTI’s business, exposures, and information security practices, Kloian was introduced to Sensiba.
“I’ve always had a philosophy about compliance that you should not be running around like chickens with your heads off two days before an audit,” he said. “You shouldn’t change anything. Your management system should reflect how you work, and that’s how we arrange ourselves. Auditors can tell when you’ve panicked a week before.”
John KloianInformation Security Manager, TTI Success Insights
Solution
TTI’s road to ISO/IEC 27001 recertification had started several years before. As the company was growing, it attracted larger customers that were asking more detailed questions about the personally identifiable information (PII) TTI was using on their behalf.
The need to demonstrate effective security practices, and the global acceptance of the ISO/IEC 27001 standard, led TTI to build a cloud-based ISMS and pursue ISO/IEC 27001 certification.
Unlike some standards that specify how companies meet security requirements, ISO/IEC 27001 gives organizations flexibility to align their ISMS with their risks. This can include, for instance, the company’s contractual or compliance obligations and the information it needs to protect. ISO/IEC 27001 offers baseline controls that should be customized to reflect a company’s policies and procedures, risk tolerance, and culture.
“Sensiba understood the standard, and they took time to understand our risks and our practices,” Kloian said. “Sensiba knew what we were doing and how we were doing it and didn’t raise questions about items that didn’t apply to our needs.”
Result
With a completed recertification audit, TTI continues to demonstrate its commitment to effective data protection practices and meeting the requirements outlined in the ISO/IEC 27001 standard.
And with a recertification audit designed with the company’s needs in mind, it reached those goals smoothly and within its timelines, Kloian said.
“During our introductory call, we talked about the way our ISMS was structured and how we would provide any needed evidence,” Kloian said. “Because our ISMS is cloud-based, we knew everything would be easy to share. Everything was hyperlinked, and there wasn’t any point for me to extract policies and upload them into a different system when everything was easily available.
Ready to get started?
Find out how our GRC team can help you with your compliance. Contact us to learn more about how we can work together toward your goals.
Case Studies
Ready for more inspiration? Dive into additional client success stories where we showcase diverse projects, innovative solutions, and the transformative impact we’ve had on businesses like yours.
