INDUSTRY
IT
EMPLOYEES
0-10
FRAMEWORK
ISO 9001, ISO 27001
TIMEFRAME
24 WEEKS
The Company
Emme4 is an Italian SMB operating in the Information Technology sector, mostly working as outsourced software development company. Led by Giorgio, a developer by heart, and Lorenzo, the company managed to secure large clients since its day 0.
During its +30 years life, Emme4 build and maintained a Quality Management System certified ISO 9001 with DNV, one of the leading Third-Party Auditors. This helped built a constant mindset of continuous improvement and structured way of working.
The business relied during its more than 10 years being ISO 9001 certified both on internal auditors and external consultants.
The Problem
Emme4 received notice from some of its major clients that being ISO 9001 certified was not enough anymore in the new cybersecurity context: a proof of Information Security was necessary.
ISO 27001 was the frameworks of choice: given the high level of synergies between ISO 9001 and ISO 27001, this represented the opportunity to build an Integrated Management System between Quality and Information Security.
Emme4 had its upcoming audit with DNV scheduled for April 2025. It needed to be done by then and wanted a more advanced solution than the traditional pen-and-paper.
The Solution
Emme4 was looking for several options. Complaion stood out from its competitors because of the software on top of the ISO Lead Auditor. This allowed the company to import its existing ISO 9001 Quality Management System (QMS) and build on top a ISO 27001 compliant Information Security Management System (ISMS).
Complaion’s consultant Carla di Franco followed the Company from start to finish:
Gap Assessment from ISO 9001 documentation: a precise analysis of each existing procedures was done, to assess the status-quo.
Implementing Ad-hoc Controls: Complaion personalized ISO 27001 Controls to the specific needs of Emme4.
Finalizing Information Security Management System Procedures: after a compliant implementation, the full ISMS was built on top of the existing Quality Management System
Running ISO 27001 and ISO 9001 integrated Audit: finally, Complaion's ISO Lead Auditor ran the Audit in the platform and produced all relevant reporting.
Surveillance Audit for ISO 9001 and ISO 27001 integration Audit: DNV Auditor conducted third-party audits.
Combining a proprietary platform with a dedicated ISO Lead Auditor, Complaion served Emme4 to proceed to the next step of its compliance journey: building an Integrated Management System.
The Results
Complaion implemented the full Information Security Management System (ISMS) and imported the Quality Management System (QMS) to fit Emme4 timeline.
Thanks to its platform and the dedicated ISO Lead Auditor, Emme4 was able to streamline management for the ISO 9001 Certification and add the ISO 27001 on top.
