Project Description

Company background

MEG is a digital quality management system for healthcare. Its suite of configurable mobile and cloud-based tools enable providers to engage staff in quality improvement, patient safety and manage compliance with accreditation or regulatory standards.

The easy-to-use modules can be used on any device by frontline workers to collect data from all over an organisation. Capture incidents, audits, risk assessments, and access information anytime right at the point of care. Management can collate, analyse and act upon real-time information and metrics across multiple sites, consolidating data into a centralised platform.

MEG is currently in operation in hospitals across 15+ countries with multilingual support.

Download this Case Study

Download PDF

Why become certified to ISO 27001?

Digitisation in healthcare has become increasingly important since the beginning of the COVID-19 pandemic, and this led to MEG experiencing a significant growth in its business. MEG wanted to become certified to ISO 27001, to show the importance it places on security from the beginning. The ISO 27001 information security standard is a globally accepted standard that demonstrates that an organisation values security by applying repeatable policies and documented procedures to manage risk. For MEG, there were three main business drivers for becoming certified to the standard:

  • To protect and enhance its reputation, helping it to grow into other markets
  • In a heavily regulated industry like healthcare, attaining ISO certification helps to prove how seriously the company takes its responsibilities

  • Getting an independent assessment of its security posture

Getting the right measures in place from the beginning and building towards certification means MEG can continue on its growth path.

How BH Consulting helped

MEG saw ISO 27001 certification as a big task but didn’t want to be afraid of taking it on, so they engaged with BH Consulting, the independent cybersecurity and data protection consultancy, to help put in place the elements needed to identify and manage risks, which would be the basis for achieving certification.

BH Consulting broke down the whole process and put an easy-to-follow structure and plan in place to move easily through each stage. It held bi-weekly meetings with MEG which addressed all requirements of the standard one by one with BH Consulting providing practical subject-matter expertise and tracking progress.

  • BH Consulting’s team started with a gap analysis exercise to identify areas of MEG’s business where it might need help and attention
  • It held risk management workshops to build MEG’s risk register and develop a robust methodology for assessing IT and security risks
  • BH Consulting provided training and awareness to the MEG team, tailored to meet its business and to improve staff understanding of cyber- related threats
  • As part of the alignment phase, BH Consulting ensured all policies and additional supporting documentation were in place, filling the gaps where necessary
  • It provided specific advice where required to steer the company towards meeting all requirements of the ISO 27001 standard
  • The engagement finished with the implementation phase that included an internal audit to confirm everything was in place.

Outcome

Once BH Consulting had helped to put the necessary structures in place, MEG contacted the certification body to carry out the two-stage audit process. MEG subsequently passed its certification with flying colours and is now ISO 27001 certified.

The company is delighted that it can give customers the reassurance that it takes security seriously and has done everything it can to ensure it is secure.

And, as ISO 27001 certification is an ongoing process requiring regular independent audits, it’s evidence of a continuing commitment to embed good security practice throughout the business. As an Irish company, MEG hopes this certification will help it to grow exponentially.

We found BH Consulting to be a huge help in achieving our ISO 27001 certification as they put so much structure on the process and helped us along every step of the way.

Their knowledge and guidance the whole way along the journey was reassuring and really made the process seamless and easy to follow and understand. They were there to keep us accountable and ensure we were progressing at our bi-weekly meetings. We would definitely recommend BH Consulting to any organisation thinking of going for ISO 27001 certification.

Guvanch Meredov, Head of Product

Let’s Talk

Please leave your contact details and a member of our team will be in touch shortly.

Name*