IT Governance Makes ISO 27001 Certification Quick Work for Gemserv

Share Article

A leading energy market consultancy has achieved ISO 27001 certification from scratch in just ten months with the help of IT Governance Limited.

A leading energy market consultancy has achieved ISO 27001 certification from scratch in just ten months with the help of IT Governance Limited. Gemserv, which advises on regulatory and governance issues in liberalising energy markets, turned to ISO 27001 specialists IT Governance for strategic advice, training and coaching as it embarked upon its compliance project. After only ten months, Gemserv passed its ISO 27001 audit without a single comment or qualification by the independent assessors.

Gemserv called in IT Governance to advise it in late 2006. Gemserv routinely handles sensitive commercial and economic data on behalf of its clients, which include several sector regulators in the UK and Ireland, the Carbon Trust and the Institution of Mechanical Engineers. Having already achieved ISO9001 certification in 2004, the company identified ISO 27001 as a natural way to enhance its reputation further.

Gemserv's selection of IT Governance was partly due to a shared belief that the in-house team should take ownership of the compliance process. IT Governance's approach is to facilitate a knowledge transfer to its clients, equipping them to deliver and maintain ISO 27001 compliance over the long-term.

IT Governance guided the company through several preparatory stages, including the appointment of a project board, selection of a project management methodology and training of the project team. All team members attended a one-day Foundation Course, which explained the purpose of the standard and the particular requirements of its risk assessment process. Project manager Dinesh Sharma also undertook a more detailed three-day Masterclass, which covered the entire implementation process, including project scoping, risk assessments, documentation, management review and preparation for a successful certification audit. Sharma says, "We were extremely pleased with the training, which managed to inform but not overwhelm us."

IT Governance then devised a tailored five-stage roadmap to review the work of the project team at critical junctures in their work. Reviews took place following completion of the Information Security Policy, Project Scoping and Project Initiation documents; at the Risk Assessment and Risk Treatment stages; and again during an internal audit immediately prior to the two-stage independent assessment.

Speaking about IT Governance's contribution, Sharma says, "When you're in unfamiliar territory it's good to have guide. Bringing IT Governance in periodically struck the right balance for us, making us stand on our own feet but also ensuring we remained on track. It has been less costly than using a permanently assigned consultant, so we were able to progress our compliance project on a reasonable budget."

Gemserv's CEO Nigel Bromley feels that achieving ISO 27001 certification has brought important competitive benefits: "We saw ISO 27001 as a way of proving that our information assets are secure. It is going to be an important tool to help us win more business. Being certified will increasingly become a prerequisite for tenders."

"Achieving ISO 27001 certification has allowed Gemserv to show that it is 'a safe pair of hands' for data security and business continuity", says IT Governance consultant Steve Watkins, who managed the engagement and acted as 'project coach'. "It is also another demonstration of the company's commitment to best practice in all its work."

Further information about IT Governance's consultancy services is available at


IT Governance Ltd is the one-stop-shop for information books, tools, training and consultancy. It is an international authority on ISO 27001 and has published a suite of authoritative compliance guides to the standard. IT Governance is 'non-geek': it approaches IT issues from a non-technology background and talks to management in its own language. Its customer base spans Europe, the Americas, the Middle East and Asia. More information is available at

Gemserv ( is a consultancy specialising in liberalising energy markets. It advises on, defines and implements regulatory structures and governance frameworks and works with the market-level bodies that set standards, establish and promote best practice and accredit participants.


Share article on social media or email:

View article via:

Pdf Print

Contact Author

80:20 PR
+44 20 7924 7576
Email >
Visit website