Search
Close this search box.

Case Study

CR2 limited – ISO 27001:2022 

ISO 27001 certification confirmed the work that CR2 has been doing against a global standard and provides a platform and stimulus to continuously improve information security governance, engagement and accountability among employees at CR2.

Introduction

CR2 Limited is a global leader in digital banking and payments, operating across MEA with offices in Dublin, Dubai, Jordan, Egypt, India and Australia. Their flagship platform, BankWorld, offers a comprehensive suite of services to over 100 banks across 60 countries. The business prides itself on a commitment to continuous innovation and customer-centric solutions. As a supplier to banks and financial services organisations CR2 has a dedication to security. The business has achieved PCI (Payment Card Industry) secure software standard certification for their BankWorld and BankWorld ATM Client software solutions, reflecting their proactive approach to safeguard sensitive information.

Opportunities

In 2023, CR2 recognised an opportunity to confirm their information security credentials by obtaining ISO 27001:2022 certification. This decision stemmed from the need to ensure the completeness and consistency of existing security measures. By aligning with the internationally recognised ISO 27001 standard, CR2 aimed to benchmark their defences against a global standard to continue to instil trust with all stakeholders – colleagues, customers, suppliers and regulators.

Approach

CR2 established a senior project team led by CR2’s Head of Information Security and Business Process and Compliance Manager. This project team developed an ISO 27001:2022-aligned Information Security Management System (ISMS) in collaboration with Certification Europe. This supported the business in adhering to industry best practices.

The implementation phase began with a detailed gap analysis, systematically identifying existing security measures and areas requiring attention. All policies and procedures were meticulously reviewed and amended where necessary by the team to align with ISO standard requirements. Control owners played a key role in reviewing and endorsing these policies, integrating them into the ISMS under the guidance of Certification Europe.

CR2 used the project as a platform to continuously build employee awareness and engagement. A comprehensive internal communications plan supported all steps with regular updates. Information security training sessions and awareness campaigns continued to reinforce a culture of information security consciousness across all levels of the organisation.

Collaboration with Certification Europe included certification auditing (Stage 1 and Stage 2), gap analysis consultancy and Lead Auditor Training. This comprehensive engagement assisted with a smooth journey toward ISO 27001 certification. The entire process, from the initial conversation with Certification Europe to the certification recommendation, spanned eight months, with the official certificate issued six weeks thereafter, reflecting the efficiency of their collaborative approach.

Outcome

CR2’s successful ISO 27001 certification marked the significant outcome as an important external endorsement of their continuous commitment to information security excellence. The certification serves as a tangible testament to CR2’s global standards in safeguarding sensitive information and upholding the highest standards of information security practices.

Internally, ISO certification, supported by Certification Europe, has reinforced the continuous rigor and accountability on information security practices. Employees are now more aware and engaged, actively contributing to the ongoing improvement of information security measures within the organisation. Externally, ISO certification has positioned CR2 as a trusted partner in the digital banking and payments landscape. The certification serves as a powerful differentiator, enhancing CR2’s reputation and opening doors to new opportunities in the global marketplace.

CR2’s journey towards ISO 27001 certification has further confirmed the business as a leader in the industry, confident to achieve continued growth and success in the ever-evolving digital landscape.

ISO 27001 certification clearly demonstrates CR2’s commitment to information security and that our organisation and management system consistently deliver to internationally recognised standards. Certification Europe accompanied us throughout our journey to certification and they are a valued partner who provide guidance, support and training in addition to impartial and professionally conducted assessments.

Barry Quirke

Business Process and Compliance Manager