SnapComms Uses Multi-Channel Campaign To Launch ISMS Program
3 April 2020
SnapComms was awarded ISO 27001 and ISO 27018 certification in 2019 for achieving the highest international standards in Information Security Management and the Protection of Personally Identifiable Information.
For Gustavo Orozco, Information Security Manager, maintaining and improving the Information Security Management System (ISMS) is a challenge and because of that, SnapComms requires the use of multiple platforms to keep its employees up to date and aware of the changes and improvements of the ISMS.
Providing the information through the right channels allow the staff to be part of the latest security and privacy practices within the organization. Any gaps in the internal communication and training processes open the door for security incidents and brand reputation issues.
While standard training was the primary way to provide knowledge and create employee awareness, it was found to be difficult to deliver as not all the employees can attend planned sessions for different circumstances. The number of times where training had to be reschedule made it hard for the Information Security Manager to provide the appropriate training.
Attendees of training sessions were not enjoying receiving training related to complicated and large policies.
Standard training will be provided as this is necessary, however, SnapComms required a different and friendly channel/tool for increasing the awareness and engagement of its employees.
Having evaluated alternative channels, SnapComms chose to use its own solution (SnapComms Go) to improve its training and awareness program as part of the Information Security Management System. The need for strong and visual messaging with high impact led the Information Security Manager to select
Desktop alerts provide high visibility and maximum impact, getting employee attention for important messages. Critically for the SnapComms distributed workforce, this is equally effective on all desktop, laptop and mobile devices.
The SnapComms tool have been widely used by SnapComms employees.
The primary use has been sending Desktop and Mobile Alerts inviting to read the latest changes on Information Security and Privacy Policies as well as important improvements for the ISMS itself. When relevant changes are applied, the Alerts are sent to raise the knowledge and awareness of the staff.
The following alerts have been created by the Information Security team:
• Reporting security incidents and events
• Privacy Shield Policy
• New ISMS space
The following alerts have been created by the People & Culture team:
• Working from home (Teleworking policy)
• Work from home 2020 guidelines
• We all love workplace policies
• Clear desk/clear screen policy quiz
• General Information Security Policy
• Information Classification Policy
• ISMS Security Objectives
SnapComms Go allows easy message recognition with the option to add links and references to the improved security and privacy policies.
People & Culture has also been using the tool to share updates on security policies associated to the workplace policies. The alerts sent by People & Culture keep the employees aligned with the code of conduct and workplace policies. Alerts related to the Clear Desk / Clear Screen Policy and Teleworking Policy are good examples of how SnapComms Go is useful for creating awareness and engagement among the employees.
The tracking capability has been especially welcomed. “That was great because it gave us a lot of metrics that we had previously not been able to have with the standard methodology. When we sent an alert, we measure how many people are actually reading versus how many people are not engaging,” explains Gustavo.
Gustavo is enthusiastic about the possibilities for more widespread use in other areas of the business. “Now that we've been using it and having success with it, we're trying to go back to other internal departments and encourage them to create and manage their own ISMS alerts. You don't need to come through Information Security every time you want to send an alert.”
The Information Security department has proved the effectiveness of using SnapComms Go as a complementary tool for raising the knowledge and awareness of employees with regards to the latest changes and improvements in the Information Security Management System (ISMS). The feedback received by the Information Security Manager has been positive and the staff recognizes the importance of being up to date with regards to information security and privacy practices within the organization.
The reports and tracking capability allow the Information Security Manager to create and focus future announcements when relevant changes on security and privacy policies have been implemented.
SnapComms can start using this case study to promote its solution with companies struggling with training and awareness programs.
According to Simon Jordan, Managing Director and Principal Consultant of Resilient IT, our implementation partner for ISO 27001, “Creation of awareness and effective communication is always one of the most challenging areas in implementation of an information security management system. To be effective it needs to be delivered consistently over a long period of time and not by email. This is often one of the hardest areas for an Auditor to assess within an organization and one of the most important due to the ‘human risk’ aspects that are always present.
"It is fantastic to see SnapComms leveraging their own solution for this exact task and being able to truly evidence the results particularly in a tough audit like ISO 27001:2013. The SnapComms solution would be of great assistance to any organization undertaking implementation of any standard that requires development of awareness and/or culture change within an organization; Health and Safety for example.”
Read the original press release on SnapComms achieving ISO certification.
For more information contact:
Gustavo Orozco - Information Security Manager
Phone: +64 9 950 3360