One of the fastest growing online real estate brokerages hired a new Director of IT Security in April 2022. The company had two critical goals for the new employee: overhaul obsolete security policies by Q3 and define updated cybersecurity requirements that would deliver ISO 27001 compliance.

Accomplishing these goals in just three months was daunting, given the Director’s existing workload. With limited options available in the marketplace, how would he meet these strategic objectives?

He and his team found just what they needed with Policy Source — the trusted source for information technology/cybersecurity policies. Leveraging Policy Source’s expertise, extensive library of policies mapped to ISO 27001 and advisory services for policy customization the goals were accomplished with time to spare.

A Global Company with Global Security Challenges

With more than 86,000 agents around the world working remotely — and even more customers — this online brokerage has global privacy and data issues. They were identifying risks within the computing ecosystem at the beginning of 2022 and determined the need for more comprehensive security policies that would support the company’s objective to achieve compliance with ISO/IEC 27001:2013.

“When organizations fail to secure or protect this data, it exposes them to a host of business risks like breaches, financial losses, reputational damage, or even potential fines and prosecution,” explains Forbes.¹ “[ISO 27001] standards help global businesses establish, organize, implement, monitor and maintain their information security management systems.”

The leadership team knew when they brought in the Director of IT Security that these gaps needed to be remediated. Despite the Director’s extensive cybersecurity experience, building a security architecture for the real estate company’s expanding compliance requirements would be a formidable challenge.

Policy Source — The Collaborative and Continuous Solution

“Policies are the foundation of a company,” says the Director of IT Security. “I knew I needed user-friendly policies that could be speedily and affordably implemented. I also wanted maintenance, training and a partnership that continued after the sale.”

He found all of these capabilities and more with Policy Source. The Director gained access not just to policies developed and enhanced over two decades, but also the professional services needed to customize, implement and manage that policy framework on a go-forward basis, using the Policy Source Portal^TM.

Policy Source helped the Director of IT Security define ISO 270001 compliant policies by delivering:

• A library of clearly-written policies, vetted against numerous industry sectors, that map to all 114 control requirements outlined in the ISO 27001 framework
• Consultative guidance to customize policy content to fit specific company requirements
• A secure, cloud-based portal with intuitive, configurable dashboards and automated approval workflows
• Customizable formatting designed to meet the real estate company’s branding standards

“The most important aspect of Policy Source is how it facilitates creating easily-auditable SOC reports,” says the Director of IT Security. “We needed to be able to demonstrate that robust internal controls are in place to [safeguard] customer data.”

Policy Source simplified the process of developing, implementing and maintaining ISO 27001 compliant policies, making it swift, easy and affordable. Policy Source’s resources and knowledge even helped junior members of the company’s IT security team to implement and enforce new security practices that will help the organization achieve ISO 27001 compliance.

For More Information

The dynamic nature of the security policy landscape requires organizations to upgrade their IT and cybersecurity policies. Contact us to see how Policy Source can deliver value for your organization.

1. Drolet, Michelle. “ISO 27001 Certification: What It Is And Why You Need It.” Forbes. https://www.forbes.com/sites/forbestechcouncil/2022/03/23/iso-27001-certification-what-it-is-and-why-you-need-it/