Case Study

Aerospace Subsidiary Meets ISO 27002:2013 Compliance to Mitigate Risk

Dedicated resource and gap analysis allow organization to meet compliance by target date

Challenge

A leading aerospace manufacturer performed an internal security audit of their subsidiaries. They uncovered issues with ISO 27002:2013, an international security standard that provides guidelines for information security management practices.

When one subsidiary was struggling to meet these compliance standards in the short timeframe requested by the parent company, we were brought in to help.

With the audit report looming, the subsidiary had seven weeks to become compliant. To meet the deadline, the subsidiary would need to rely on our experts and their knowledge of security best practices and compliance.

Solution 

We began the engagement with a Project Launch Workshop and provided a dedicated security expert until project completion. Our expert performed a gap analysis of the organizations existing policies against the ISO 27002:2013 standard. The gap analysis uncovered current policies around electronic commerce, audit and logging that needed rework, as well as vulnerability management, acceptable use and third party management policies that still needed to be developed.

Due to the lack of resources, our security expert worked with the organizations internal quality assurance team to develop and edit 25 policies to conform with ISO 27002:2013.

Conclusion

WWT successfully developed policies, procedures, standards and guidelines that aligned and conformed to ISO 27002:2013 within the organization’s tight deadline. The organization is now compliant, cleared from their parent companies internal audit and better aligned with security best practices.

Additionally, our security expert strengthened the organization’s security posture by creating an incident response plan and vulnerability management program. The organization did not have either in place prior to our engagement, and now will be able to create efficiencies around security processes and daily management, better protect their systems, differentiate a threat from a risk and respond properly after an incident occurs.