Talk to us!

We are thrilled to announce that ZoomDoc Health has officially achieved ISO 27001 certification, with the expert guidance of our consulting team at Acorn Compliance. For ZoomDoc, this marks a significant milestone in their compliance journey. With only three Observations for Improvement (OFIs), our approach made the implementation of ISO 27001 practical and understandable for the whole organisation. 

Collaborative Partnership for Success

As external consultants, we worked closely with ZoomDoc’s Compliance Team throughout the entire process, providing the necessary expertise to guide them through each step—from initial assessment to risk analysis to implementing a robust Information Security Management System (ISMS) and finally preparing for the external audit.

In just a few months, ZoomDoc achieved their ISO 27001 certification, through documented compliance with Clauses 4-10 and having a relevant statement of applicability in line with their business needs.

Here’s a closer look at how we got it done:

Gap Analysis & Risk Assessments

We began by conducting a comprehensive review of ZoomDoc’s existing information security framework. Through a detailed gap analysis, we identified areas where the company was already up to scratch with the clauses and pinpointed other areas that required improvement in order to fully comply with the standard. Conducting risk assessments highlighted the internal and external risks that would need to be assessed, monitored and controlled. This thorough analysis and assessment laid the foundation for the next steps in the certification process.

Policy Development & Process Optimization

With a clear view of where ZoomDoc stood within information security, we worked with their compliance team to design and implement a set of robust security policies and processes that aligned with their business values, needs and the ISO 27001 standard. It was critical that this stage wasn’t a hindrance to the organisation but allowed them to optimise current business functions while having a clear vision of security within information systems. Our primary goal was to ensure that the organisation adopted the standard and were in full compliance with it.

Employee Training & Awareness

Having a successful ISMS in practice hinges on the ability for employees to successfully act out processes, adhere to policies, and understand their roles within the ISMS. 

For this to operate, comprehensive training materials were provided to help educate staff on the importance of information security, their individual responsibilities within the ISMS, and how to adhere to the standard. By ensuring an Executive-to-Manager-to-Employee level of security awareness across the company, a long-term culture of security was implemented with compliance and security first in mind.

Audit Support & Compliance

As ZoomDoc moved toward the final audit phase, we continued to prepare them for the external audit. In this stage, we made sure all policies were up to date, reviewed, and backed by evidence. We collected results from training exercises and reports to discuss and evaluate any missing documentation. Prior to the audit, we reviewed the plan which is given to the company from the assessor to provide a structured process to follow on the audit days. This makes the job of the auditor much easier and delivers a seamless experience for all involved. It is important to note that, for companies already implementing the standard, it is good practice to understand what to expect during the audit. On the other hand, for companies new to the standard, this is highly crucial. Gaining clear visibility around what clauses and necessary controls will be checked, not only provides a strong basis for how you structure your ISMS pre-audit, but also proves to the auditor that you have approached it with care and precision.

Achieving ISO 27001: A Testament to Commitment

For businesses looking to enhance their information security practices, ISO 27001 provides a structured framework to safeguard sensitive data, mitigate risks, and stay up to date with the evolving threat landscape. ISO 27001 is an internationally recognised standard, so certification makes your company a much more attractive partner to businesses that prioritise information security.

ZoomDoc’s success story is a testament to this and to the strength of trust in partnerships. 

Thank you Kenny, Maruthy and the ZoomDoc Team for your co-operation!

Struggling with Compliance?

At Acorn Compliance, we go beyond basic compliance. Instead of treating your regulatory needs as a one-time checklist, we help you build a culture of compliance within your organisation.

Our healthtech specialists can help you with leading global regulations and standards such as ISO 27001, HIPPA and MDR. 

Book a call, and we can discuss your specific needs.