Zog is a domestic and business energy supply company created by two double Queen’s Award winning entrepreneurs. Offering cheap domestic and business gas, Zog was founded to help customers find the best energy supply solution. Utilising modern and user-friendly technology and with few overheads, the company prides itself on offering transparent tariffs that make it very easy for customers to ‘make the switch.’.
With the rollout of smart meters on the horizon, Zog is, like all companies in its sector, required to comply with the new data security demands of the Smart Energy Code (SEC). At the same time, the rising need to protect customer information led Zog to pursue the idea of ISO/IEC 27001-security certification. Having found Applied Risk Management on a register of BSI approved ISO consultants, Zog met with Andy Mills who reassured the company that there was significant overlap between the two standards. By preparing for ISO 27001, Zog would be ideally placed to meet the SEC demands.
“In a competitive marketplace, it is vital that we are able to demonstrate our commitment to information security, so ISO 27001 was a logical step.”
TONY CHESTER, DIRECTOR, ZOG ENERGY
The aim of ISO 27001 is to protect information assets within a company. The first step is to identify all the operational controls that are required. To do this, Applied Risk Management assisted Zog Energy to carry out a thorough review of all the company’s assets, and carried out a risk analysis to uncover any security threats and vulnerabilities.
“A company’s assets can range from the tangible – customer data, employee information and supplier contracts for example – to the intangible, such as a company’s brand.”
The Zog Directors worked alongside Andy to review any gaps that needed to be filled, and to put procedures in place to protect data and prevent a breach. Andy was able to quickly identify the additional requirements that Zog would need to meet in order to conform to the upcoming SEC.
Understanding the requirements of ISO and interpreting them on a day-to-day basis is a challenge for many companies. Andy takes the approach that the business should understand and own their ISO management system and provides the tools needed through tailored coaching, templates and feedback.
“When companies first view the ISO standards, they can become daunted and over-engineer their information security management system which can make it unsustainable in the long term. I can help companies overcome this hurdle by showing them how to interpret the wording effectively, and without unnecessary bureaucracy.”
The second stage of the process involves implementing the security standards. These vary from business to business, and encompass everything from creating password-protected areas of the network to establishing a procedure that employees follow when they are the first to enter or leave the building. Once implemented, the business has a framework to continually monitor, manage and improve information security across all areas of the organisation.
Knowing how to prepare for the formal certification audit can be a daunting prospect for many companies. To overcome this challenge, Andy ran a series of mock audits. As a qualified and registered ISO auditor, he is able to provide a deep insight about what companies can expect and can put them through their paces to prepare for the audit itself. Zog passed the audit without a single non-conformity:
“To get a completely clean sheet – it doesn’t come any better than that! All credit to the Zog team. They really wanted this and it shows.”
The process of gaining ISO 27001 took around 10 months. By adopting and understanding the standard, Zog is able to confidently adapt its management system to meet changing market forces, which will be a huge benefit in a customer-focused environment.
“We are delighted to have attained this information security certification. Achieving ISO 27001 is a challenging task but thanks to Applied Risk Management, we have the robust framework we need to provide peace of mind over our data to both staff and customers alike.”PDF Download - ZOG ENERGY Case Study
“The environment for customer information is becoming increasingly hostile so Zog was doing exactly the right thing by pursuing ISO 27001. It will reassure customers that their data is safe and make the transition to smart metering a smooth one.”
MANAGEMENT CONSULTANT AND ISO AUDITOR, APPLIED RISK MANAGEMENT
To demonstrate the highest level of data security to the customers and the regulator
Interpretation makes it easy for staff to understand and evolve the management system whilst being compliant with ISO standards
Company directors are able to demonstrate and apply a high level of control over their customer’s information and business information
Company owns its management system and can react quickly on opportunities to improve