Gart’s Expertise in ISO 27001 Compliance Empowers Spiral Technology for Seamless Audits and Cloud Migration

  • Azure Cloud Cost Optimization
  • Azure Migration
  • Cloud computing
  • Compliance Audit
  • DevOps Consulting
  • GCP Cloud
  • ISO 27001 Compliance
  • IT Infrastructure and DevOps Consulting
  • IT Infrastructure Audit
Gart's Expertise in ISO 27001 Compliance Empowers Spiral Technology for Seamless Audits and Cloud Migration

About the Client

Spiral Technology is a Boston-based leader in augmented reality for industrial inspections. Their forward-thinking platform integrates augmented reality to optimize inspection processes. Committed to top-tier security and compliance, Spiral Technology partnered with Gart for expert guidance in ISO 27001 audits and cloud infrastructure design.

Challenge

Spiral Technology, a leading Augmented Reality platform for industrial inspections, faced the critical challenge of preparing for ISO 27001 audits while concurrently launching a product for a significant customer. The complexity of aligning DevOps tasks, ensuring compliance, and migrating cloud infrastructure demanded expert assistance to navigate seamlessly.

preparing for ISO 27001 audits

Solution

In their pursuit of a trusted ally, Spiral Technology discovered Gart through an online search. Our dedicated team, consisting of 2 experts, embarked on a thorough engagement. We tackled over 55 pending ISO 27001 compliance tasks, meticulously reviewed DevOps settings, and orchestrated a seamless migration from Google Cloud Platform (GCP) to Azure, leveraging Terraform and automation tools.

The 55 pending ISO 27001 compliance tasks were categorized into three levels: Infrastructure and Cloud Security, Personal Security, and Code Security.

Cloud Security

In the realm of cloud security, the initial assessment of the Google Cloud Platform (GCP) revealed open configurations. Gart’s experts configured security groups and firewalls to restrict public access to services. Single Sign-On (SSO) integration with GCP’s Google Workspace enhanced overall security management. This allowed centralized control, including the implementation of Multi-Factor Authentication (MFA) for all GCP access.

Single Sign-On (SSO) integration with GCP’s Google Workspace enhanced overall security management.

The client’s code repository, hosted on GitLab, underwent similar enhancements. MFA was enforced, and access levels were configured based on roles, distinguishing between developers and administrators.

Multi-Factor Authentication (MFA) for all GCP access.

Infrastructure Security

Addressing infrastructure security, data encryption was implemented, securing the database. External access to all application endpoints was restricted, permitting entry only through a virtual private network (VPN). Backup strategies for databases were devised, ensuring data integrity and availability. Additionally, a comprehensive Backup and Disaster Recovery plan was developed and tested, complete with scenarios, response methods, and a stringent 40-minute Service Level Agreement (SLA).

Personal Security

ISO 27001 places a strong emphasis on personal security. A centralized system was established to manage and control devices used in development. A curated list of approved software for development was created, ensuring adherence to security standards.

Code Security

For code security, the GitLab repository played a pivotal role. It was configured securely, granting access only to those who required it. Branch protection was enforced, and Dynamic Application Security Testing (DAST) and vulnerability scans were introduced to enhance the security posture.

Dynamic Application Security Testing (DAST)

Results

The collaboration between Gart and Spiral Technology produced tangible outcomes, evidencing progress and success. Gart’s expertise was showcased through the completion of 55 ISO 27001 compliance tasks, underscoring our proficiency in the field. The seamless migration from Google Cloud Platform (GCP) to Azure further demonstrated our capabilities. Additionally, Spiral Technology benefitted from 10 hours of high-quality IT infrastructure advisory during video calls, highlighting Gart’s commitment to client success.

For a detailed client testimonial, visit Clutch to see what Spiral Technology’s CEO, Konstantyn Shyshkin, had to say about Gart’s professionalism, subject matter knowledge, and cultural fit. The project was well-organized, with Gart’s team utilizing tools like Notion to efficiently manage tasks and maintain clear communication. The CEO’s direct involvement during the audit exemplified Gart’s dedication to client success.

This case study illuminates how Gart’s expertise and collaborative approach empowered Spiral Technology to navigate the challenges of ISO 27001 audits, achieve measurable outcomes, and establish a robust foundation for enhanced security compliance in their industry.

people icon

Let’s work together!

See how we can help to overcome your challenges

arrow arrow

Thank you
for contacting us!

Please, check your email

arrow arrow

Thank you

You've been subscribed

We use cookies to enhance your browsing experience. By clicking "Accept," you consent to the use of cookies. To learn more, read our Privacy Policy