• Industry: Aviation 
  • Service Line: ISO27001 
  • Geography: Bahrain 

With its aim in achieving ISO 27001 and 3 other local standard compliance, a Middle Eastern aviation company partnered with VaporVM to help them in improve their existing documentation policies, identify gaps, and establish risk assessment process. Through the partnership, the client is able to provide their customers the highest possible security standards and now an ISO 27001 certified. 

Business Challenges 

Compliance with ISO 27001 was previously about having a competitive edge, but ISO 27001 certification has now become the norm for best-practice information security that drives business success regardless the industry.  

ISO 27001 is the only standard that sets out the specifications for an information security management system (ISMS). Organizations must increasingly demonstrate their ability to be trusted for information security and privacy management and having ISO 27001 demonstrates that an organization has identified risks and implemented preventative measures to protect itself from information security breaches. 

This is why a Middle Eastern Aviation company partnered with VaporVM to help them achieve ISO 27001 and 3 other local standards compliance. 

Business Challenges 

The scope was to find the client’s gaps in terms of security as per the 4 standards, identify the missing controls, provide recommendations, improve their existing documentation & risk management, and help them achieve the standards requirements in a timely manner. Requirement 

Client Requirements

The client wanted a solution to restore those virtual machines to its original state. There were about 350 virtual machines which were needed to be restored. Installation of antivirus on those affected machines and updated security polices in their AWS environment were also required. Solution 

Solution

VaporVM Security team performed the GAP assessment as per ISO27001, their country’s state secret law, PDPL, Cyber Trust Framework and provided them with recommendations. Our team improved the existing risk assessment process and included all the services in it apart from the assets.  

Documented the policies, standards, and procedures as per the new template and requirements. Proposed the road map to help them achieve the implementation of missing controls in a timely manner and achieve the compliance. 

Value Created 

Through the partnership, the client has Improved their existing documentation of policies, standards, and procedure. They have now a well-designed completed document, identified the missing controls and gaps, and an established risk-assessment process.  The VaporVM Security team had also conducted an internal audit and defined the client’s roadmap. Most importantly, they have achieved compliance with the ISO27001, and 3 local standards.