Full-cycle Consulting for ISO/IEC 27001:2022 Compliance

We helped CIGen comply with ISO/IEC 27001:2022 standard by establishing a tailored and scalable Information Security Management System (ISMS) that aligns with the best security practices
Customer:
AI, Azure, and Custom Software Solutions Company
Strengthening information security

  • Business Need

    Our Client, a global software development company, aimed to grow their business, involving major customers from highly regulated markets. This required a solid compliance foundation, so CIGen engaged us to help strengthen their information security and pass ISO/IEC 27001:2022 certification.

  • Result

    We helped CIGen design and build an ISMS that complied with both ISO/IEC 27001:2022 requirements and the company’s operational needs. This allowed our Client to set up cohesive information security practices and get ready for entering compliance-driven markets.

Red background
This certification reinforces our commitment to safeguarding information and maintaining the integrity of our operations.
Maryan Savka
CEO
CIGen

Collaboration Overview

Key Facts

CIGen specializes in Azure Cloud development, AI, and digital transformation services. The company aimed to expand their operations into the regulated markets, which required compliance with ISO/IEC 27001:2022. So, CIGen engaged us to help strengthen their information security posture and ensure that all secure data handling practices were in place.

We developed a step-by-step compliance roadmap and guided the Client through the certification journey. This approach ensured seamless transformation of existing processes and helped CIGen pass the certification audit without nonconformities. Our full-cycle consulting services included:

  • Business process analysis
  • ISMS creation
  • Documentation development
  • Risk assessment
  • Internal audits
  • Business continuity plan (BCP) creation
  • Support during ISO/IEC 27001:2022 certification audit

Compliance with ISO 27001 requires both deep expertise in the regulatory framework and understanding of Client workflows to properly structure, implement, and validate the essential ISMS components. Therefore, we started with stakeholder interviews to discover CIGen’s existing processes and map the framework requirements accordingly.

As off-the-shelf ISMS templates didn’t fit the agile business model CIGen follows, we also closely collaborated with the Client’s engineering and DevSecOps teams to adapt policies and controls to the company’s way of working. As a part of this, we:

  • Assessed compliance readiness
  • Conducted security gap analysis
  • Designed a custom ISMS framework
  • Introduced ISMS to the company’s workflows

The implementation of formal security governance practices often leads to a slowdown in operations. Given GICen’s fast delivery pace, our priority was to prevent any of such delays. Thus, we decided to extend formal policies with practical adjustments and created a custom methodology for achieving ISO 27001 certification.

According to it, we embedded compliance requirements right into the Client’s operational reality and ensured transparent communication of these changes to the team. As a result, we not only minimized frictions in the workflow but helped CIGen foster a proactive security mindset across the departments, through:

  • Infosec and compliance workshops
  • Informational security awareness training
  • Risk management sessions facilitation

Size & Duration

1.5 FTE, January 2024 – November 2024

Highlights

Size & Duration

1.5 FTE, January 2024 – November 2024

INDUSTRY
COUNTRY
SOLUTIONS
SERVICES
TECHNOLOGIES

Testimonials

I'm thrilled to announce that CIGen has officially received our ISO/IEC 27001:2022 certification. This milestone is a testament to our incredible team's hard work and dedication. A huge thank you to everyone who supported us throughout this journey. Together, our commitment to excellence and security has made this achievement possible.
Maryan Savka, CEO at CIGen
Maryan Savka

CEO

CIGen

Leadership involvement is crucial for establishing an ISMS. Maryan Savka, CEO of CIGen, supported the team from the beginning, promptly addressing roadblocks. With the proactive assistance and guidance of Sigma Software’s lead consultant Yuriy Honcharuk, they ensured the ISMS was effective and seamlessly integrated into the company's operations, so employees didn’t perceive it as a disruption but rather logical steps in the processes.
Evgeniy Bachinsky, Quality Director
Evgeniy Bachinskiy

Vice President

Sigma Software

Compliance Specialists
Let us discuss how our team can contribute to your success

Related Services

Cybersecurity Consulting Services

Engage our team to adopt & enhance security at any stage of your product SDLC.
Read more

Application Security Services

Embed security into your entire app portfolio early on with our all-out support.
Read more

Regulatory Compliance Consulting

Rely on our seasoned experts to align your operations with evolving regulations.
Read more

AI Consulting Services

Unlock business opportunities with AI seamlessly integrated into your workflows.
Read more