Case Study
CR2 limited – ISO 27001:2022
ISO 27001 certification confirmed the work that CR2 has been doing against a global standard and provides a platform and stimulus to continuously improve information security governance, engagement and accountability among employees at CR2.
Introduction
CR2 Limited is a global leader in digital banking and payments, operating across MEA with offices in Dublin, Dubai, Jordan, Egypt, India and Australia. Their flagship platform, BankWorld, offers a comprehensive suite of services to over 100 banks across 60 countries. The business prides itself on a commitment to continuous innovation and customer-centric solutions. As a supplier to banks and financial services organisations CR2 has a dedication to security. The business has achieved PCI (Payment Card Industry) secure software standard certification for their BankWorld and BankWorld ATM Client software solutions, reflecting their proactive approach to safeguard sensitive information.
Opportunities
In 2023, CR2 recognised an opportunity to confirm their information security credentials by obtaining ISO 27001:2022 certification. This decision stemmed from the need to ensure the completeness and consistency of existing security measures. By aligning with the internationally recognised ISO 27001 standard, CR2 aimed to benchmark their defences against a global standard to continue to instil trust with all stakeholders – colleagues, customers, suppliers and regulators.
Approach
CR2 established a senior project team led by CR2’s Head of Information Security and Business Process and Compliance Manager. This project team developed an ISO 27001:2022-aligned Information Security Management System (ISMS) to support the business in adhering to industry best practices.
The implementation phase began with a detailed gap analysis, performed by skilled auditors from Certification Europe, who systematically identified existing security measures and areas requiring attention. All policies and procedures were then meticulously reviewed and amended where necessary by the CR2 team to ensure alignment with ISO standards. Control owners played a key role in reviewing and endorsing these policies, integrating them into the ISMS.
CR2 used the project as a platform to continuously build employee awareness and engagement. A comprehensive internal communications plan supported all steps with regular updates. Information security training sessions and awareness campaigns continued to reinforce a culture of information security consciousness across all levels of the organisation.
Collaboration with Certification Europe included certification auditing (Stage 1 and Stage 2), gap analysis consultancy and Lead Auditor Training. This comprehensive engagement assisted with a smooth journey toward ISO 27001 certification. The entire process, from the initial conversation with Certification Europe to the certification recommendation, spanned eight months, with the official certificate issued six weeks thereafter, reflecting the efficiency of their collaborative approach.
Outcome
CR2’s successful ISO 27001 certification marked the significant outcome as an important external endorsement of their continuous commitment to information security excellence. The certification serves as a tangible testament to CR2’s global standards in safeguarding sensitive information and upholding the highest standards of information security practices.
Internally, ISO certification has reinforced the continuous rigor and accountability on information security practices. Employees are now more aware and engaged, actively contributing to the ongoing improvement of information security measures within the organisation. Externally, ISO certification has positioned CR2 as a trusted partner in the digital banking and payments landscape. The certification serves as a powerful differentiator, enhancing CR2’s reputation and opening doors to new opportunities in the global marketplace.
CR2’s journey towards ISO 27001 certification has further confirmed the business as a leader in the industry, confident to achieve continued growth and success in the ever-evolving digital landscape.
ISO 27001 certification clearly demonstrates CR2’s commitment to information security and that our organisation and management system consistently deliver to internationally recognised standards. Certification Europe accompanied us throughout our journey to certification and they are a valued partner who have provided support and training in addition to impartial and professionally conducted assessments.
Barry Quirke
Business Process and Compliance Manager
