CASE STUDY
Satcom – certified and compliant

About

Satcom

Satcom is a B2B SaaS company that uses IoT and AI to offer a platform to keep track of vehicles, employees, products and processes and to manage them efficiently and networked.

Location

Switzerland

Industry

B2B SaaS

Logistics

Employees

25-50

The Challenge

Automating ISO 27001 compliance without overwhelming IT demands

Satcom was getting constant requests from partners and customers regarding their ISO 27001 certification. At that time, Paulo, the Data Protection Officer (DPO) was solely responsible for implementing the system, with assistance from IT and product colleagues. However, the primary responsibility for organizing and implementing the system rested on his shoulders. Alone, this task was daunting. The goal was to find a tool that would not only assist him but also save time in the implementation process. It's a big job and Satcom wanted to find a solution that would save time and allow them to complete the certifications without involving a large number of IT specialists.

The Solution

Secfix transforms Satcom's ISO 27001 approach

Satcom turned to Secfix automation tool as a solution. With Secfix's clear plan and guidance, Satcom got the direction they needed to achieve certification. Secfix's high degree of automation and excellent customer support helped them spend less time on this project than if they had done it without Secfix.

The main aspects that Satcom liked about Secfix were:

  • Assistance with data mapping, particularly in the Cloud. Given the extensive size of Satcom’s database, manual mapping would have been exceedingly time-consuming and would have required dedicated personnel. Secfix's intervention here was a significant time-saver.
  • Provision of comprehensive documentation. This included policies, risk assessment frameworks, and Statement of Applicability (SoA) templates. These pre-filled templates were particularly helpful in giving them a clear idea of how to implement new processes.
  • Secfix Agent to monitor devices. The agent proved to be extremely beneficial in the early stages. It facilitated basic implementations in their employee devices, such as disk encryption and automatic screen locking on computers.
Why Secfix

Seeking for a trusted partner that can facilitate compliance

Initially, the project focused on obtaining ISO 27001 certification. Satcom was seeking a partner to facilitate a smoother and quicker process. During Satcom’s search, Paulo, came across three companies, one of which was Secfix. After an engaging initial conversation with them, they decided to choose Secfix.

They opted for Secfix based on their unique proposal. They offered not just a service, but a partnership that aligned with their needs — a flexible, tailored approach rather than a pre-packaged solution. This alignment was a key factor in their initial decision to work with them.

Results

Getting ISO 27001, ISO 27701 and ISO 27018 certified

The Secfix team played a pivotal role in guiding Satcom to achieve ISO 27001 certification. Following this success, the next year saw Satcom expand their ambitions, aiming to attain ISO 27701 and ISO 27018 certifications in response to growing customer demand. With Secfix's expertise, the journey towards these additional certifications, including the preparation for the ISO 27001 surveillance audit and the new implementations for ISO 27701 and ISO 27018, proceeded seamlessly. Satcom was able to leverage their existing ISO 27001 framework, efficiently adapting it to meet the requirements of the new standards. The Secfix platform offered a comprehensive view, clearly delineating the interconnections between the standards and outlining the additional steps necessary for Satcom to secure all three certifications.

For small companies that don't have a lot of people who can work on ISO 27001 implementation Secfix is a great solution. It worked well for us and I would recommend it.

Paulo Vitor Souza

Data Protection Officer at Satcom International AG