In their own words...
Read on below for the full transcript of the podcast.
(0:11) Conor McGrath:
Okay, welcome to today's podcast hosted by Flowforma and designed to empower users on their digital transformation journey. Today we are talking all things ISO and I'm here with Flowforma's financial controller Aoife Harte and we're going to be talking about how Flowforma process automation is ensuring ISO compliance. To begin with Aoife, I suppose if you could tell us a little bit about ISO, it would be a good place to start.
(0:40) Aoife Harte:
The ISO accreditation that we have is ISO 27001. So basically, this is a management standard. So, it basically focuses on risk management.
So that means that you set up a robust set of security frameworks. But that is adaptable to your own company. And so, you don't have to have a specific way, a larger company will need a specific way of doing things, a smaller company needs a specific way of doing things.
But you can change this framework as well and adapt it to make sure that it fits your company's style. So basically, it will set yourself up with processes and tools. So that you can protect all your sensitive data and any potential threats that you see. So that's what the ISO 27001 certificate is.
(1:28) Conor McGrath:
Okay, brilliant. And why is it important to have an ISO certification?
(1:34) Aoife Harte:
So definitely to help against information breach, that's one of our highest needs for this to be implemented. But it also ensures that we have all the vital information available to the right people at the right time. As well as that, there's an expectation out there now. There's an expectation from customers that you are taking care of their data. There's an expectation from our stakeholders in the company. And that would include like our board members or our shareholders and also our employees. So, it's very important for employees now coming in. Are much more aware of the information security risks. And it's maybe one of the first questions that they ask you when they're coming in on interview to make sure that you have a proper process in place to, I suppose, protect against this threat.
(2:24) Conor McGrath:
Definitely. And how was the ISO process completed here at Flowforma?
(2:32) Aoife Harte:
We didn't really know what our security gaps were at that time. So, we had to do a project to try and identify what the gaps might be. And put in that framework that I was talking about to kind of protect us against those gaps. We didn't have documentations or processes in place to protect us from any potential risks. So, we had to kind of think about what was missing from that perspective and put them in place.
(2:58) Conor McGrath:
I understand, Aoife, that this process was digitalized. Could you give us a bit of an insight as to why this was done?
(3:05) Aoife Harte:
Number one, I'm very, very, very, very focused on digitizing processes because they just run much more smoother when you have them digitalized. You can kind of see where the gaps are in current processes If you have them digitalized, you can make better decisions So we really wanted to focus on automating the ISO processes So we could really... Basically, it was probably saving time. So, if we didn't actually automate it, we would have had to hire somebody in at a cost of about 60k. Just to actually do the processes. Then also, we wanted to be able to improve our processes for ISO. Because it's risk management and again, as I said, the framework can be adapted for each company. We wanted to make sure that whatever processes we were putting in were the right fit for our company. And the best way to figure out if it's the right fit is to automate it. So that you can see if there's blockers, people are being delayed on processes. Or whether there's something just not right in the way that we are actually creating the process in the beginning. That people don't want to go near. So, it was much easier for us to kind of see this isn't a fit when it was automated than if it was a manual process.
(4:20) Conor McGrath:
So how long did the process take to digitalize? And I suppose with that, did it take a lot of effort from your team to digitalize the process?
(4:31) Aoife Harte:
We kind of work on a mode here in Flowforma about getting out a minimal viable product. MVP or that sort of process. So, what we want to do is get our processes out to the people who are going to use them as fast as possible the initial step is just the person who owns the process. There's an ownership for all processes in Flowforma. So, whoever owns the process will meet with the main stakeholders in that process? So just say for our access process, we had Gerrard, our CTO, owns the process. So, he would have met with our administrators of all the systems and our owners of all the systems. App management, as everybody knows at the moment, and its access is a bit of a beast because there is a lot of apps to manage with their own access systems. There isn't one way to sort of look at the access and control it through one piece. So, he met up with the administrators and owners and kind of went through the process to see if it would be acceptable. Got their feedback, built the process in Flowforma in about two or three days. And then we released it out to the wider audience to get their feedback on it and just get them using it. So, we get them using it straight away, it goes live, and then we have continuous feedback loop. So, we will continually meet with the administrators of the systems, with the owners of the systems about once a month and just make sure it's still working for them. Make sure that if they need any small changes, we can get them implemented. So, at the very beginning, we put the process live and we quickly noticed that maybe one or two of our systems needed external users added. So, we actually had to put in a step for this as well. It only took about, I think, an hour for Gerard to update the system. But it was quickly done and implemented. But that's kind of the way that we would treat all our processes within the ISO certification.
(6:27) Conor McGrath:
OK, I'm sure our listeners would like to know. What are the benefits you've seen from digitalising the ISO process?
(6:34) Aoife Harte:
There's definitely better decision making. That's been really high up on our priority. because we do have a lot more data behind us. So, there's definitely better decision making. We've had improved accuracy as well. So, we find that the information that we have now is very solid because it's all been automated and recorded through the process. It also has eliminated a lot of human error. So, when you have a process that people have to read up every time to remember what exactly to record or to put it in an email. It's really difficult. Sometimes they'll think, oh, well, I just need these three pieces of information because that's what I sent the last time. But when we have this very structured way of doing it, it just eliminates all that human error. So, we would have had just... we did an audit. So as part of our access, again, we have an audit on it every six months. So, we had an audit for access. Just say the first one we would have done before we had the full implementation of the access process. And we have improved our errors on administration access by about 74% by just implementing the process. So, it's just making sure that the right people have admin access and that nobody is getting that extra stuff there. The accreditation really... It really avoids any financial costs that you might have against data breaches because we have a very specific process to follow if any threat comes in So we can actually just... If we follow that process, it will reduce any financial costs that will be associated with it and we're obviously all insured for cyber insurance, etc. But you have to do it in a very specific way that we've now reviewed and put in as part of our process. Again, the other benefit of having the certification is we have very high levels of trust now from all our stakeholders. So, we've high levels of trust from the board that we're protecting the information within our company especially any sensitive information, again, from our clients they feel really assured that we have the ISO certification. And again, the employees coming in, there's just a sense of trust that we're running the business in the right way and that no cyber-attack could really impact us in a huge way. The biggest thing that I think... So, we're a scaling company, so obviously we're growing our employee count. But the biggest return on investment that we've had on the automation side is not actually hiring in a person to actually run this process. We're able to run it with our current resources. And so, it's obviously the savings on that person. So, you could be talking anywhere in the range of about 60k a year that we will be saving on just implementing it. Now, that would get bigger and bigger and bigger as we grow and scale.
(9:31) Conor McGrath:
So, one final question for you today, Aoife, and that is what is the future for ISO here at Flowform?
(9:40) Aoife Harte:
So again, for the future for us, we will and are intending to scale. So, scaling will be very important. Making sure that that framework is the correct framework for us needs to be constantly assessed. And the best mode of assessment is having the processes digitalized so that we can get feedback from all our senior leadership team, all our employees so that we can actually make it fit for the company at the right time. So that's the major thing for the future of us. It's really the way we have them automated at the moment. It's really quick to make changes. So, we want to keep that ability to change fast within the company so that we can scale as fast as we possibly can and keep our information assets as protected as we possibly can.
(10:30) Conor McGrath:
Excellent. Thanks so much Aoife for joining me today and thanks to everyone who's listened also and if you'd like to digitalize your ISO process to achieve the esteemed ISO certification why not book a call with our experts today at www.flowforma.com Thanks all for now.