Space tech security accreditation
Snapshot
A manufacturer of spacecraft and communications satellites was planning on expanding its services to the European market, but found an obstacle in its way: National and EU-wide regulations regarding communications infrastructure security.
The company chose to address this by attaining ISO-27001 certification, which would show that it meets cybersecurity best practices. But to attain this standard, this company needed an external partner that would help usher it through the accreditation process – thoroughly, quickly and on a budget. They reached out to Kalles Group.
Our consultants went in, assessed the company’s cybersecurity status, identified areas where work was needed, and prepared the relevant employees at the company to work with ISO-27001 auditors. The company achieved the needed accreditation, and the strategy is proving to be a good one, as one EU country has agreed to accepted the ISO-27001 certification as meeting it’s regulatory requirement for market entry.
Challenge
Our client was working under a demanding timeline that left it with little time to meet the various cybersecurity requirements for communications satellites laid out by the EU and its more than two dozen member countries. In light of this, the company opted to become accredited under ISO-27001, an international cybersecurity standard for all businesses, in order to show regulators throughout Europe that their processes and products could be trusted. The company brought in Kalles Group to guide it through this process. They needed our work to be of high quality, fast, and on a budget. Though the adage in business is that you can usually only achieve two of those three criteria, Kalles Group achieved all three.
One significant challenge in the work was the client’s approach minimizing documentation to only what is needed. As a pioneer in space tech innovation, the client prioritized efficiency, and sought not to be bogged down by documentation unless it was absolutely necessary. However, in an accreditation process, documentation is key. Another challenge arose from the fact that KG’s consultants needed information and cooperation from the company’s engineers, who were unused to this “bureaucratic” work and were sensitive to the time demands being placed on them by the accreditation process.
Approach
Given the time constraints, KG’s consultants chose to carry out discovery and execution in parallel. That is to say, as soon as an area of work was identified, they moved quickly to get the work started. They began with an assessment of parameters – exactly which parts of the company, and which areas of activity, would have to be involved to meet the more than 100 requirements for ISO-27001 accreditation. Through a gap analysis, our consultants determined which of these requirements were already being met, either entirely or in part; which areas were lacking and needed work; and whether or not evidence was available to prove conformity to the required standards.
Carrying out this work required a large measure of diplomacy. Managers and engineers at highly innovative companies are often unaccustomed to the sort of work required to meet accreditation standards, and to ensure that our efforts had the cooperation of all relevant stakeholders, our consultants reduced their demands on them to the minimum necessary.
Kalles Group brought in its own engineers to enable direct data collection, reducing the time demands on the client’s staff. This approach of minimizing the demands on company employees, while working on discovery and execution in tandem using KG’s own resources, allowed us to prepare the company for its ISO-27001 audit in the tight four-month window set out for the work.
Results
Through a series of action plans, KG’s consultants ensured that the client had the necessary documentation to show that their processes were compliant with the requirements of ISO-27001 standards. Those action plans also prepared our client’s relevant stakeholders to engage with the auditors, showing them how to negotiate with the auditors and ensure the auditors’ concerns were addressed.
In broadest terms, Kalles Group prepared this client to navigate the constraints it faced in meeting the requirements needed for cybersecurity accreditation in the European market.
The results speak for themselves: the client attained ISO-27001 accreditation, and on the strength of that, is positioned to enter numerous European markets.