Case Study: Government Education and Training achieves compliant data handling and stronger continuity with Commissum

Government Education and Training - Customer Case Study

Government Education and Training, a government education and careers guidance body, needed to comply with new mandatory Whitehall data handling requirements following the HMRC data loss. To improve operational risk control, the organization also sought support with business continuity planning and ISO 27000 information security management. Commissum was engaged as an independent information assurance consultancy to help address these compliance and resilience challenges.

Commissum designed and implemented a data handling framework to identify and classify sensitive information, define governance roles, and create risk assessment and classification tools for demonstrable compliance. It also reviewed and updated business continuity and disaster recovery plans, and carried out a comprehensive ISO 27001 gap analysis including ISMS, risk assessments, Statement of Applicability, and ISO 27002 control reviews. The result was stronger alignment with Cabinet Office mandates, improved information security and business continuity maturity, and ongoing trusted support from Commissum as the client’s security partner.