Cyber security advisory

Assisting a research organisation
achieve information security certification

The client

The South Australian Health and Medical Research Institute (SAHMRI) is South Australia’s flagship independent not-for-profit health and medical research organisation. SAHMRI’s research covers a broad spectrum that includes precision cancer treatment, women’s and children’s health, aboriginal health and lifelong health.

Challenges

SAHMRI was required to obtain international information security certification ISO 27001. This was a business-critical task because a major contract was contingent on SAHMRI being ISO 27000 compliant.

Solution

Insight undertook a gap analysis of SAHMRI systems, policies and processes against ISO 27000 requirements.

Once the gaps were identified, Insight developed a comprehensive plan that not only closed the gaps from the governance and policy perspective but also included staff training and other activities to help SAHMRI embed ISO 27000 – compliant practices and processes. 

This was a key element of our services, as the ISO 27000 certification has a strong focus on the evidence that the organization actually follows its information security policies.

Outcome

Following Insight’s engagement, SAHMRI successfully obtained ISO 27000 certification, which not only allowed it to sign the major contract referred to earlier but, more importantly, uplifted its information security capability to face ever increasing cyber threats and challenges.