Opticore is an IT consultancy founded in 2013 to bridge a gap in the market between the major IT services providers and the consultancy market. The London-based firm employs around 75 permanent network engineers, across disciplines. Offering vendor-neutral services including design, implementation and audit work, Opticore has clients in the banking, media, insurance, healthcare and telecommunications sectors.
Due to client requests and questions, Opticore wanted to gain a competitive advantage by showing it has the right compliance and cyber security practices. The company embarked on achieving international ISO certification for information security management (ISO 27001) in October 2019.
Mike Hord, Opticore Commercial Director said: “Over the past three years we have grown rapidly as a business. We wanted to put the structures in place to enable us to get to the next level of growth. As an organisation that prides itself on our quality of service, ISO certification provides a stamp of excellence which opens doors to new clients. Our mission is connecting people and moving data across global corporate networks, so we need to ensure that we walk the walk and everything we do is done securely.”
However, in preparation of the ISO audit and accreditation process, the company saw a lack of in-house resource to dedicate to the task. Bridewell Consulting was brought in to assist with the certification and implementation of the frameworks which involves setting objectives and establishes principles for action with regard to information security. Bridewell was brought in as a specialist cyber security and data privacy consultancy that delivers support, management and audit services around achieving ISO accreditation. Bridewell worked with Opticore to understand its requirements, what processes were already in place, and exactly what needed to be implemented from a framework point of view.
It used a tried five-phase methodology which started with scope design and planning, moved to risk assessment and remediation, and then brought in ISMS controls and risk mitigation. The project was rounded off with an evaluation and preparation stage, before certification was awarded in the final phase.
The pandemic forced the stage one and stage two audits to be online. Opticore was even able to accelerate the process at the start of the lockdown as it had more time to devote to the project, which was ultimately completed to schedule in September 2020.
Opticore says that it’s now competing at a level above or alongside its competitors when it comes to demonstrating its security credentials. It is now looking to constantly improve its security measures and continues to engage Bridewell as a partner to regularly assess its security capability, with the next goal being to achieve the UK official Cyber Essentials certification. The firm says that the process has been a trigger for the organisation to formalise and document all of its backend processes.
Hord added: “We wouldn’t hesitate to recommend Bridewell’s services. The whole project went very smoothly, and we came through the certification with flying colours. Our relationship with Bridewell has been tremendous and it really feels like part of our team now. They guided us gently through the process and always kept us on track.
“Having a sounding board with its security expertise is invaluable, and I can’t speak of Bridewell highly enough.”
