Case Study: Scottish Friendly achieves dual ISO 27001 and ISO 22301 certification with URM

Scottish Friendly Assurance Society Limited - Customer Case Study

Scottish Friendly Assurance Society Limited, the largest mutual life society in Scotland, wanted to strengthen best-practice information security and business continuity across the whole organisation as its business became increasingly reliant on IT, e-commerce and online service delivery. The company sought to improve protection of customer information, maintain availability of systems, and embed consistent IS and BC processes through a dual ISO 27001 and ISO 22301 certification programme. URM was brought in as a consulting and training partner to provide light-touch guidance while Scottish Friendly retained ownership of the work.

URM supported Scottish Friendly with its management systems development, including combined business impact analysis and risk assessment using Abriska, staff awareness sessions, integrated incident reporting via an Action Tracker, management review and auditing improvements, and business continuity exercises that relocated 20% of the workforce to a disaster recovery site 5 miles from head office. The result was successful certification to ISO 27001 and ISO 22301, greater staff ownership and awareness, a more resilient organisation, improved feedback and incident handling, reduced audit preparation time, and better information classification and handling across the business.

Scottish Friendly Assurance Society Limited

Fiona McBain

Chief Executive