Wilson James is a leading security, construction logistics and aviation services provider with more than 5,000 employees. They deliver solutions to clients operating across the aviation, construction, corporate, energy, manufacturing and technology industries.

The Challenge

Competitive tenders are a part of everyday business for Wilson James. With an increasing emphasis on information security questions, Wilson James took the decision to get ISO27001 certified. They kicked off an information security management standards programme which, although not an IT project, was reliant on IT for its success.

The Solution

Having agreed with the CEO that the scope should be the whole company, we worked with the Heads of Business to identify the key people to be involved with the certification project.

Data was gathered about key information assets across the organisation, looking at the importance to the business of confidentiality, integrity and availability. We captured information about asset locations and applications as well as details on the databases used and the server systems they relied on. We also looked at the importance of the assets and potential threats, identified the information security controls that needed to be in place and assessed the maturity and effectiveness of existing controls.

The data was used to create a risk register prioritising the key threats that the business needed to be protected from, and subsequently a project plan to develop and implement a set of policies, procedures and management systems. Risk Champions were created throughout the business to share information with the user base.

The output of the project gained full board support and the Chief Executive signed off the overarching Security Policy. Stage 1 and 2 audits were carried out by external auditors BSI (a UKAS accredited company) following which Wilson James were recommended for certification.

The Results
The ISO27001 framework was successfully rolled out across the whole organisation.
Formal leadership and governance frameworks were embedded with the Information Security Group set up and chaired by the Chief of Staff; Information Security Manager appointed, and internal audit team established.
Leading Resolutions completed full handover and knowledge transfer to the client to set them up to manage the certification going forward.
“Wilson James is a diverse and varied business which made the achievement of ISO 27001 a significant challenge. Against a tight timeframe for accreditation, the assistance and guidance provided by Leading Resolutions was invaluable. Their expertise, experience and overall performance are second to none. The success of the project within the demanding time constraints demonstrates clearly the excellence of their capability and their professionalism.”
Mark Abraham