.svg)
.svg)
The Company
Great Place To Work® (GPTW) Germany has been supporting German and international companies in developing a successful corporate culture for over 20 years. The company is renowned for its employee surveys, certifications, and annual "Best Workplace" awards. To achieve a Great Place To Work® certification or award, employees are confidentially and representatively surveyed about their employer satisfaction. Company leaders also provide information about their personnel and leadership practices. This year alone, Great Place To Work® supported more than 1,000 companies of all sizes and industries in Germany and surveyed over 100,000 employees.
Challenge
GPTW faced the task of implementing an efficient and pragmatic Information Security Management System (ISMS) in accordance with ISO/IEC 27001. This decision was primarily driven by two factors:
1. Risk Management: Secure data processing is a core requirement for Great Place To Work®'s services. An ISO/IEC certification is intended to document the already high level of data processing, secure it, and review it for potential improvement points.
2. Customer Requirements: Potential new clients increasingly expect an ISO/IEC 27001 certification. The certification enhances the chances of customer acquisition and simplifies any audit processes before engagement for both potential new clients and GPTW.
GPTW formulated specific requirements:
- Avoidance of Over-Bureaucratization: Past experiences showed that a certified quality management system can involve a lot of bureaucracy. For GPTW, it was important to have a pragmatic approach and a lean management system.
- Integration of Existing Data Protection Measures: GPTW had already established comprehensive data protection practices, including a corresponding management system, which needed to be integrated into the new ISMS.
Solution
To avoid the time and expense of implementing an ISMS with consulting service providers, GPTW compared several software providers and concluded that the SECJUR Digital Compliance Office had the most advanced development status on the market and was the ideal solution for GPTW.
The platform offers a structured step-by-step approach for building an ISMS and a clear alternative to endless Excel spreadsheets. Automation reduces bureaucratic overhead and avoids the issues GPTW had with their previous QMS. For instance, with the help of the policy generator, GPTW was able to quickly create customized policies at the desired level of complexity without having to work through standard templates independently or provide consultants with comprehensive discussions to convey the necessary information.
Impact
With SECJUR, GPTW achieves its goal: a maximally efficient setup of a maximally efficient ISMS.
- Time Optimization: By automating processes, GPTW can build a robust ISMS without diverting excessive resources from their core business. This allows the company to continue focusing on its main tasks in analyzing and improving workplace cultures.
- Streamlined Processes: The platform supports the development of a pragmatic ISMS that focuses on core processes (employee surveys, certifications, Best Workplace Competitions) and avoids unnecessary bureaucracy.
As a result, GPTW benefits from improved customer relationships through demonstrable implementation of best practices in information security. Additionally, extensive supplier audits can be reduced since ISO/IEC 27001 is recognized as the international gold standard for information security.
