Home Resources Case Studies

OLR Case Study

05 June 2023
OLR is a leading Oracle Retail implementation partner, helping customers redefine success. In March 2023, the company achieved its latest accomplishment: ISO 27001 (Information Security Management).

When leading retailers need help with major Oracle Retail transformation projects, they turn to OLR. For the past 20+ years, OLR has helped customers enjoy accelerated success through streamlined operations and quicker ROI.

OLR services cover everything, from delivery to support and testing, ensuring that customer touchpoints (like Oracle Xstore Point of Sale and e-commerce) seamlessly integrate with backend solutions for merchandising and operations.

OLR offers all the pre-requisite end-to-end services, without retailers having to worry about any information security threats.

OLR achieved ISO 27001 to stay ahead of the changing security and technology landscape.

Evolving to meet client expectations

OLR has faced rapid expansion over the years.

It now has 4 global locations (UK, Portugal, India and USA) and 300+ employees – and a growing customer portfolio to match.

With this expansion came an increasing number of customers looking for OLR to adopt the principles of ISO 27001, a globally accredited information security certification.

As cyber threats become more prevalent and sophisticated, retailers started challenging their technology partners – including OLR – to demonstrate their commitment to robust information security measures.

With more clients requiring suppliers to either have ISO 27001 certification or complete complex compliance questionnaires to qualify for doing business, OLR decided to pursue the certification.

Certification assures clients that OLR has made a significant investment to ensure the highest-level information security controls are in place.

By implementing ISO 27001, OLR took a strategic approach to improve its operations.

Overcoming past resource challenges

OLR had investigated ISO 27001 before; however, it hadn’t come to fruition. This was due to several factors, with resource challenges as a common theme.

Now that there was a backdrop of customers requiring ISO 27001, OLR decided to fully invest in working towards the certification.

The company already had its own policies and procedures around information security. The development and support sides of the business were heavily process-centric, as were the corporate support functions.

However, striving for ISO 27001 allowed OLR to:

  • Apply consistency across the business areas

  • Enhance or supplement existing policies

  • Address any gaps in the policy portfolio

This was all with the support of its consultancy, Teamwork IMS, which became an extension of OLR’s internal leadership group.

OLR credits Teamwork IMS for helping assemble and organise the relevant artefacts.

Giving NQA the green light

With plans for ISO 27001 underway, OLR launched its competitive procurement cycle.

The company worked alongside its consultant, Teamwork IMS, to find the perfect fit. Together, they chose NQA based on the following:

  • Competitive quote (with a firm-fixed-price for the entire certification period)

  • Offer of in-country auditors within the pricing brackets, if required

  • Optimum fit in line with OLR’s size, culture, and process orientation

Having chosen NQA as the ISO 27001 certification body, it was now time to get audit-ready.

Preparing for the audit

With the ISO 27001 certification audit looming ahead, the OLR team enrolled on NQA training.

The company had already completed the gap analysis phase, using the training course (ISO 27001:2013 (ISMS) Essentials Learning) to consolidate their understanding.

OLR could fill any remaining knowledge gaps by attending the training course.

The audit and a welcoming outcome: ISO 27001

The assessor for OLR was Ben Adediji, who oversaw every stage of the ISO 271001 certification audit.

Following the usual to-and-fro over email, NQA and OLR soon got the audit ball rolling.

Stage 1: Document review

The first 2 days of the audit involved Teams meetings between Ben, OLR project leads, and Teamwork IMS.

It's joked that the most memorable phrase was “scroll down, please” as Ben worked his way through 40+ information security documents!

Stage 2: Evidential audit (part 1)

5 weeks after the initial document review, everyone once again met over Teams. This time, it was for the Stage 2 assessment at OLR’s site in Bangalore.

As part of the physical and environmental control element required by ISO 27001, OLR’s Bangalore Operations Director took Ben on a 1-hour video tour of the office premises.

NQA’s ability to conduct remote audits meant that Ben could check off all aspects of building security and maintenance – without needing to hop on a flight to Bangalore.

Stage 2: Evidential audit (part 2)

The following week, the OLR team met Ben at their London office in person.

Alongside comparing policy with evidence and 4 days of international Teams meetings, Ben took ‘walkabout time’.

This involved closing off the physical and environmental checks of the London office, during which he took a particular interest in the fire extinguishers.

Note: Why fire extinguishers?

ISO 27001 confirms that equipment and people dealing with sensitive information – whether stored in paper or digital form – are protected from external environmental threats.

These threats can lead to loss, damage and/or theft with potentially devastating consequences on company operations.

Let’s say the threat was a fire:

  • A fire at OLR’s office would threaten the availability and integrity of data.

    • E.g. A paper file sets alight, stopping the business from being able to access or use the information it stores.

  • Fire extinguishers would minimise the impact and interference caused by the fire.

    • E.g. Fire extinguishers are used as soon as the fire breaks out, before the flames reach the paper file.

After an intense 8 days of auditing, Ben announced his ISO 27001 recommendation for OLR.

Incorporating ISO 27001 into the day-to-day

Since becoming ISO 27001 certified in February 2023, OLR has been busy:

  • Embedding the revised policies and practices into the business

  • Ensuring all compliance records become part of daily operations

  • Learning how to adjust the policy inventory for the 2022 variant

    • By understanding this now, the company can be prepared for recertification (2 years post-certified).

OLR already benefits from the hours saved, proving its security compliance with one certification. The ISO certificate and confirmation number are all that’s needed!

ISO 27001 has opened doors to new opportunities, giving OLR a competitive advantage.

Final thoughts from NQA

NQA is honoured to have awarded OLR with ISO 27001, working in collaboration with Teamwork IMS.

It’s fantastic seeing clients like OLR take a systematic approach to managing and keeping sensitive data secure. More companies are realising how beneficial (and vital) ISO 27001 is, and we are confident this will only continue to grow.

Thinking about your information security? Visit our ISO 27001 page or get in touch today.

Download a PDF version of OLR's case study here.