Risk Management Consulting
 
 
Xcina Case Study

ISO 27001 Assessment and Implementation for UK Rail Operator

Undertaking a maturity assessement of client's information security framework against the ISO 270001 standard.

About the client

The client is a large UK train operating company managing multiple rail franchises in the UK.

Highlights and key components of the engagement

Xcina Consulting was engaged as a strategic partner supporting the organisation’s desire to conduct a maturity assessment of its information security framework against the ISO27001 standard.

Methodology and Approach

Our methodology and approach included the following:

  • Review the current operating environment and statement of applicability
  • Work with internal teams to establish the scope of the engagement
  • Develop and discuss the assessment methodology with the internal team before commencing the assessment
  • Execute the assessment in line with relevant professional standards, client expectations and best practices in readiness for a potential future external certification body audit
  • Provide advice and support to the organisation as it prepares its environment for a potential future audit of the implemented ISMS
  • Provide expert advice to the ISMS implementation team
  • Discuss findings throughout the assessment to ensure no surprises in the draft audit report
  • Draft the assessment report and discuss it with the client, ensuring that all feedback is considered in the final report
  • Review the stakeholders’ comments on the draft assessment report, update the report as required and issue the final version
  • Arrange close-out meetings with all stakeholders

 

Results and Outcome

Xcina conducted an initial, fully documented gap analysis against ISO 27001, which identified several opportunities for improvement and provided a compliance baseline. Working closely with the client, our team then communicated clear and structured advice and actionable recommendations to facilitate the organisation’s compliance journey. This culminated in a successful formal certification audit in which the client achieved a clear pass.

Following on from this success, Xcina are maintaining their trusted advisor status by conducting outsourced internal audits for the client, ahead of the next round of surveillance auditing by the certifying body.

What This Means for You

Whether you are at an early stage of your Cyber Maturity journey or looking for continuous improvement, Xcina delivers:

  • Independent benchmarking assessments against leading cyber maturity frameworks such as NIST, CAF, ISO27001, NIS2, DORA and TSA, identifying areas for improvement
  • Expert advice on complex security, resilience and certification issues and best practices
  • Pragmatic implementation assistance to help strengthen your security and resilience posture

Industry and sector:

Transportation

Solutions and service area:

Xcina’s objective:

Xcina Consulting was engaged as a strategic partner supporting the organisation’s desire to conduct a maturity assessment of its information security framework against the ISO27001 standard.

We’d love to hear from you

To discuss how the areas highlighted in this case study, or any other aspect of risk management, information governance or compliance impact your business, speak with our team, tell us what matters to you and find out how we can help you navigate complex issues to help you deliver long term value.

If you have any questions or comments, or if there’s anything you would like to see covered, please get in touch by emailing Xcina Consulting at info@xcinaconsulting.com. We’d love to hear from you.

David MacPhail

Information Security Senior Consultant

Speak to me directly by Email, or
Telephone: +44 (0)20 3745 7820

David MacPhail

Subscribe to Updates

Receive regular updates from our expert consultants as they provide clarification and guidance on issues impacting your organisation.

Subscribe >>