Credibility is key
- Background
As a new consultancy business, we needed to prove to our prospective clients that we were as credible, trustworthy and forward-thinking as our more established competitors. As we would be privy to our clients’ deepest, darkest secrets, we also needed to convince customers that we would protect their data from accidental or malicious harm. - ClientRisk Evolves
- CategoryCyber Essentials, IASME
- TagsCyber Essentials, IASME
Company background
Helen Barge founded Risk Evolves in 2015 after a career in risk and compliance at IBM. Having experienced first-hand how compliance supported business growth, she was determined to help SMEs use compliance to underpin their success.
The need
As a new consultancy business, we needed to prove to our prospective clients that we were as credible, trustworthy and forward-thinking as our more established competitors.
As we would be privy to our clients’ deepest, darkest secrets, we also needed to convince customers that we would protect their data from accidental or malicious harm.
The challenge
With limited funds available, Helen knew that spending money on advertising campaigns to win new business simply wasn’t an option. Instead, she planned to use her network of contacts to find our first clients and deliver such an excellent service that they’d recommend Risk Evolves to other businesses. Knowing that she would be privy to extremely confidential information about business financials, operations and objectives, she expected that any potential client would do their due diligence and require the company – which consisted of just Helen at that stage – to follow strict procedures to safeguard their valuable data.
Given Helen’s background at IBM where security and confidentiality is part of the organisation’s DNA, she knew that a cyber security certification would help pre-empt customer demands, help her fledgling business to prove its credibility and shortcut some repetitive and time-consuming supplier questionnaires.
Certificating a start-up
It is unusual for a start-up business – especially one with just one employee – to seek a cyber security certification. Yet, Helen knew that finding the right certification would bring benefits to the table for Risk Evolves and its clients.
She was particularly interested in certifying Risk Evolves to the IASME Governance standard. This was already recognised as a cost-effective and credible alternative to ISO27001 for UK SMEs, thanks to its alignment with the Government’s 10 Steps to Cyber Security (as used by the majority of the FTSE350), its integration with Cyber Essentials and its optional GDPR compliance assessment.
Accordingly, she began preparing the business for its self-assessment.
Streamlining IASME Governance certification
To achieve IASME Governance certification, you must complete a questionnaire which covers 22 topics and fills over 40 sheets of A4. Always keen to bring order to a project, Helen created a five-step process to prepare Risk Evolves for certification:
- Ensure stakeholders understand the requirements
- Identify the gaps
- Develop an action plan to close any gaps
- Complete the self-assessment questionnaire
- Take steps to nurture an ongoing culture of compliance
We still use this process today to simplify the certification process for our clients.
Growth through compliance
Within three years of achieving these certifications, we had developed a loyal customer base, trebled our turnover and increased our headcount to 12.
This left our founder, Helen, facing with a dilemma common to many business owners – how to ensure her own personal standards would continue to be met as Risk Evolves grew. Find out how she solved this problem in our case study on our ISO9001 Quality Management System. Alternatively, explore how and why we later implemented the IT standards ISO27001 and ISO27701 as part of an Integrated Management System.