FlowForma is the leading provider of enterprise-class, no code business process automation solutions that empower organizations to rapidly digitalize a wide range of activities. Headquartered in Dublin, Ireland, the company are business process automation, workflow, and digital transformation experts. As the business continues to expand, with offices in Ireland, the UK, USA, and Lithuania, documenting an information security framework from both a company and customer standpoint is a necessity.
Implementing an ISMS that meets current standards requires significant commitment. From the outset, FlowForma decided to take the approach where roles and responsibilities for the implementation and management of the ISMS would be distributed across the organization, rather than it being an individual or specific teams’ responsibility. This is more commonly referred to as de-centralization of tasks. By taking this approach the business hoped to make information security part of everyone’s day to day job, which in turn would ensure adoption of its new processes.
One of the biggest requirements for any security framework to be implemented is to ensure that all vital data is made available to the correct stakeholders at the right point in time . Having the power to customize the framework fit to the company’s style and adapt it over time as requirements change was equally imperative. A streamlined process to capture and protect any sensitive data will also eradicate potential threats and risks for the business.
“There is an expectation from customers that you are taking care of their data. There is an expectation from our stakeholders in the company including our board members and our employees too,” commented Aoife Harte, Financial Controller at FlowForma. “We wanted to make sure that whatever process we put in place, it was the right fit for our company.”
To help the business reach its ambitious goals and objectives the decision was made unanimously to achieve ISO 27001 certification internally, ensuring confidentiality, integrity, and availability for all FlowForma employees, stakeholders, and customers using the companies very own award-winning process automation tool, to deliver its success through digitalizing the accreditation process.
To complete this project, the team at FlowForma first needed to identify the gaps and areas for improvement and development within the original certification process. By moving the process online bottlenecks can be clearly and easily identified, highlighting blockers and delays. With a better understanding of these, a streamlined and transparent new process was recreated to replace the old one. With a digitalized alternative, better decisions are made with huge time savings for the entire team tasked to complete the process.
Using FlowForma as the example, the business can also now advise its current customers on how to digitalize their own ISO processes using FlowForma Process Automation. With the tool’s flexibility and adaptability, the security framework can be adapted to each companies’ specific requirements, adding additional value to their existing ROI. “We really wanted to focus on automating the ISO process so we could save time,” recalled Aoife Harte. “If we did not automate it, we would have had to hire somebody in at a cost of about €60,000, just to complete the process. We also wanted to be able to improve our own processes for ISO from a risk management perspective.”
Using the 100% no code FlowForma Process Automation tool, development of the first ISO process took only two days, after liaising with all relevant stakeholders and system administrators within the business. Once built and pushed into a live environment, it was released to the wider business for additional evaluation and to familiarize themselves with the new process.
A monthly meeting has since been set up by system administrators to discuss the process and any new feedback that is received on its performance. Due to FlowForma Process Automation’s speed and flexibility, minor changes to the process have been easily made over time including adding external users to specific systems. These enhancements were quickly implemented by the Chief Technical Officer, taking just one hour to update.
The Outcome
The benefits from digitalizing this business process have been seen across the board. Better decision making was a key requirement for the FlowForma team given the importance of the data involved within the process, with better accuracy also deriving from automation.
At each step in the process key data is collected and this data is then displayed through dashboards, allowing the ISMS committee members oversight on the core ISMS processes. For example, each staff member’s access to each application can easily be reviewed while new application access requests can be monitored.
The captured information is authenticated as it is recorded throughout the entirety of the process – eliminating human error. “We have reduced our errors on administration access by about 74% by just implementing the process and it ensures that the relevant people have the correct admin access,” said Aoife Harte. A recurring 6-month audit has also been created internally to monitor system access.
Another area in which the team has seen direct benefits has been the major reduction in the time spent on decision responses to threats. “We now have a clear process to follow when any threats are detected, ” Aoife Harte added. “Having a clearly defined process ensures that when a threat is detected we know who to involve in review and decision making. This has reduced the amount of time spent reviewing and making decisions on threats by about 54%.”
Thanks to digitalizing this process, both internal and external audits can now be completed with ease. Internal access audits of tools and software used by employees is now easily managed in dashboards using FlowForma Analytics. Providing evidence of policy adherence is easily accomplished as information is now collected at each step in the process and documented throughout, cutting time for FlowForma staff by 50% to collect the required data. “In our last external audit, we had zero non-conformities and zero opportunities for improvement recommendations from our external auditor,” noted Aoife Harte.
Having achieved ISO 27001 certification, FlowForma now has the Information Security Management System in place which can evolve as the company continues to grow.
“If we did not automate it, we would have had to hire somebody in at a cost of about €60,000, just to complete the process. We also wanted to be able to improve our own processes for ISO from a risk management perspective.”
.png?width=175&height=42&name=logo_20(1).png "FlowForma"){kind=logo}
