Strengthening Assurance and Incident Response with ISO 27001 Compliance

Facing critical customer demands for ISO 27001 compliance, JET Electrical Testing struggled with ineffective guidance from a previous provider. Seiso stepped in with a clear, strategic approach, delivering a tailored solution that addressed JET’s compliance gaps, strengthened incident response, and built confidence with their clients. By streamlining governance, automating compliance with Drata, and enhancing risk management, Seiso empowered JET to achieve ISO 27001 audit readiness, retain key clients, and position themselves for future growth with assurance and control.

Client Situation

JET Electrical Testing is a specialized provider of electrical testing, maintenance, and engineering services, operating primarily in the electrical power systems industry. Headquartered in Lawrenceville, New Jersey, JET offers a wide range of services designed to ensure the safety, reliability, and efficiency of electrical infrastructure. The company leverages cutting-edge technology and a highly skilled team of engineers, making it a trusted partner for organizations that depend on the uninterrupted functioning of their electrical systems.

JET Electrical Testing faced a significant business challenge when one of their key customers required them to undergo an ISO 27001 audit to ensure compliance with the industry’s stringent security standards. The request put JET in a difficult position, as they had limited experience navigating the complexities of ISO standards and lacked the internal resources to achieve the required audit readiness. Meanwhile, their existing cybersecurity provider had failed to deliver the results needed, which further delayed their compliance efforts.

Recognizing the urgency to meet their customer’s demands, JET sought a new solution. Seiso was able to identify the gaps in their current security program and provided clear, actionable advice on how to achieve ISO audit readiness.

Our Solution

Our engagement with JET Electrical Testing was driven by the Seiso Way approach which prioritizes simplicity, precision, and efficiency in tackling complex cybersecurity and compliance challenges. From the beginning, we focused on delivering results quickly, minimizing unnecessary complexity and providing clarity at every step. Our expertise in aligning business needs with security requirements allowed JET to meet their immediate compliance demands and also establish a robust security program to support their long-term business growth.

ISO Gap Assessment

The first step was conducting a thorough ISO 27001 gap assessment to evaluate JET’s existing security posture against ISO 27001:2013 standards. Unlike their previous control-based assessments, we took a more strategic, risk-based approach following our Seiso 10 Domains^SM assessment methodology, cross mapped to many security standards, including ISO 27001.

We dove deeper into JET’s operations, understanding their business and security needs, and provided actionable insights along with a clear path forward. Our streamlined assessment methodology allowed us to deliver a comprehensive analysis without the lengthy delays JET had experienced before.

Additionally, we anticipated future requirements by aligning JET’s security practices with the newly released ISO 27001:2022 standard, ensuring they were prepared for both current and evolving compliance landscapes.

Remediation

Our remediation process was designed to be both simple and precise. After identifying the gaps, we delivered a strategic, prioritized plan using heat maps to visually represent the most critical areas for improvement. This approach enabled JET to focus its resources effectively, addressing the most urgent issues first. One of the ways we stand out is by integrating business goals with security requirements—ensuring that JET’s day-to-day operations could continue seamlessly while we strengthened their security posture.

A key part of our remediation strategy was addressing governance processes and documentation aligned with ISO standards. Recognizing the value in a fresh start, JET’s Director of IT, asked us to create a new governance stack from the ground up. The result was a robust, scalable governance framework that not only met the audit requirements but also provided JET with a solid foundation for future growth.

Audit Preparation

We developed all the necessary ISO documentation, ensuring JET had a comprehensive and organized audit trail. We also brought in an independent ISO internal auditor to review JET’s systems. This auditor had no prior involvement in the development of the security program, ensuring an unbiased assessment. Throughout the entire process, we managed the audit, providing guidance, project management, and ensuring that everything moved forward without a hitch. Our deep understanding of ISO 27001 allowed us to simplify the process, turning what had once been a confusing challenge into a clear, manageable project.

Risk Register Development

Developing a comprehensive risk register was another key component of our solution for JET. We worked closely with their team to build out a robust risk management program, one that allowed them to proactively identify, manage, and mitigate security risks. The new risk register became a living document that JET could update as their business and security needs evolved.

We made sure that the risk register wasn’t just about checking a compliance box, but rather about integrating security into JET’s operations. This is central to our “Seiso Way”—we don’t just deliver security solutions; we ensure those solutions help drive business growth.

Incident Response Planning and Preparedness

JET already had an incident response plan in place, but it wasn’t sufficient to handle real-world security incidents. We worked alongside JET’s team to enhance their plan, making sure it was fully aligned with ISO 27001 standards and that it provided the depth and structure required for effective incident management.

To validate the plan, we conducted a tabletop exercise simulating a real-world incident. This involved their IT department and HR, allowing us to evaluate their readiness and identify areas for improvement. After the exercise, we provided JET with a detailed report outlining our findings and recommendations.

Governance Documentation

JET’s outdated governance documentation put them at risk of audit failure. Our solution was to develop a completely new set of governance documents, including updated policies on access control, incident management, and risk management, all fully aligned with the latest ISO 27001:2022 standards.

We understand that overly complex policies can be difficult to manage, so we focused on creating clear, actionable documents that JET could easily maintain. This new governance stack not only met their compliance needs but also provided a scalable framework that would grow with their business.

Compliance Automation Implementation

Automating compliance tasks was also a key priority for JET. We led an agile implementation of Drata including modules for their policy center, asset inventory, and risk register, automating key components of their compliance efforts.

This new level of automation allowed JET to maintain real-time visibility into their compliance status, reducing the time and resources required to manage ongoing audits.

Ongoing compliance automation plans include vendor risk management and access reviews, further enhancing their ability to manage their security posture.

Extending ISMS into Shared Services

Seiso continues to work with JET to extend their ISMS with a roadmap of implementation managed services that support the JET team to execute faster and prioritize their resources. These projects include:

• Further operationalize Drata into operations
• Access Management Program improvements to address internal audit findings
• Business Continuity program improvements to address internal audit findings
• Monthly Risk Management Program Maintenance
• Annual penetration testing
• Annual table top exercise
• Quarterly access management program reviews
• Quarterly vender risk management program reviews
• Annual Business continuity program oversight
• Annual governance documentation maintenance
• Annual security awareness training program oversight.

Results

Through every phase of our engagement, our focus remained on delivering simplicity, efficiency, and expertise. We helped JET move from confusion and frustration with their previous provider to confidence and control over their security and compliance processes.

One of the most immediate outcomes was JET’s successful preparation for their customer-mandated ISO 27001 audit. With our guidance, JET was able to provide their customers with the assurance that they had a fully implemented Information Security Management System (ISMS), aligned with the ISO 27001:2022 standard. This audit readiness allowed JET to retain a key client relationship that was at risk due to compliance concerns. Retaining this client not only secured ongoing business but also helped JET maintain its reputation as a reliable and trustworthy service provider.

By partnering with us, JET Electrical Testing overcame significant compliance and security challenges, achieving immediate and long-term results. Our solutions addressed their pressing need for ISO 27001 audit readiness and laid the foundation for a sustainable security program that would evolve with their business.

The impact of our work was felt across multiple areas of their organization, leading to both operational improvements and business growth.

JET’s initiative to test over 1 million smart meters for Public Service Electric & Gas in NJ benefited from having improved security controls which provided additional assurance to the utility provider.

With an overhauled compliance framework, JET continues to streamline their internal operations and reduce the risk of non-compliance, ensuring that they can meet both current and future regulatory demands.

This new level of compliance visibility has enhanced their ability to respond quickly to audits and other customer demands, making compliance management more efficient and less burdensome. By improving their response plan and conducting real-world simulations, we ensured that JET was fully prepared to handle security events with minimal disruption to their operations, enhancing their overall operational resilience.