Clipper Logistics (Clipper) are a powerhouse in the third-party logistics domain serving a variety of well-known fashion and cosmetic brands, as well as supporting public and governmental services such as the NHS. Their reliance on technology means that everything must run consistently, seamlessly, to continue providing critical services to their customers – no matter the circumstances.
Clipper and Commissum’s relationship is longstanding, beginning in 2017, as Clipper embarked on adopting a strategic approach to cyber security that aligned with their objectives for both risk management and business continuity. This commenced with the provision of testing services and technical assurance, as their sole supplier over a three-year period, which was successfully renewed in 2020 with an expanded scope of services.
Owing to their growth and expansion into other sectors, a long-term goal of Clipper’s was to gain ISO 27001 certification, this requirement was accelerated in 2020 by the pandemic when Clipper took on the fulfilment of PPE for the NHS. Clipper therefore enlisted Commissum to support them with the implementation and certification process. This usually spans a one-year period, but could take longer depending on current maturity level, complexity, and in-house expertise of your organisation.
ISO 27001 certification is no mean feat due to the level of detail and myriad applicable controls, whilst combining best practices across three key elements of an organisation: people, processes, and technology. Even taking some steps towards (that are in line with) the standard can improve your overall security posture without accreditation. Striving for, and committing to, ISO 27001 accredited status isn’t simply about gaining a badge, but ultimately improving your organisation’s attitude and methods of working in line with cyber security best practice.
As with any implementation support, Commissum initiated the project with a gap analysis, to provide an overview of what controls were in place, current level of compliance with the standard, and highlight areas for implementation to create an effective plan that would bring the organisation up to the standard overall. Despite Clipper already taking proactive steps in enforcing cyber security measures, this was their first cyber project of this scale and magnitude, and within a tight timeframe to guarantee Clipper’s ability to continue bidding on government contracts.
The gap analysis highlighted several areas where either improvements, or more stringent creation and implementation of components, were necessary. This varied from new (or updated) policies, standard operating procedures, undertaking internal audits, to establishing an internal security management group, as well as the end goal of a robust Information Security Management System (ISMS). After six months of committed and hard work, Clipper were awarded their ISO 27001 certification in August 2022 – a remarkably quick turnaround.
“Thanks to close collaboration, dedication, and guidance from Commissum, we’re extremely pleased to have been awarded ISO 27001 status in short timeframe. Throughout our time working together, Commissum have consistently provided remarkable expertise and service, and have successfully encouraged and embedded a security culture within Clipper. I look forward to working together in the future and can rely on them for our upcoming cyber security projects.”
Ian Grant, IT Risk and Security Manager