The only thing standing between a green energy technology company and a big business win was a company security policy. Not only did the company need to develop one, they didn’t know where to start. Kalles Group cybersecurity experts helped client leaders select the right security standard and establish a plan to put security measures in place. Luckily, the security plan – and the promise to follow the steps to establish the outlined security infrastructure – was enough to win the business.
Our client, a provider of technology-enabled, protection plans for residential and commercial solar systems faced an enormous opportunity. The company was asked to bid for the business of a global technology company that owned a solar panel portfolio that would multiply our client’s current business.
In order to win the contract, our client was asked to complete an RFP that included a comprehensive security questionnaire. This client had never encountered a security review of this kind and they lacked in-house security expertise. Company executives sought a partner to help bring the organization up to speed.
The client didn’t have answers for the security questionnaire because they hadn’t yet put a security program in place.
Eddy Cruz, Cybersecurity Practice Director at the Kalles Group
The client’s executive team approached Kalles Group with a request to help bring the company’s security program to an acceptable standard, and help the company win the RFP.
Recognizing the urgency of the situation, the first order of business for the Kalles Group team was to bring the client executives up to speed with a comprehensive view of security, all the areas of the organization affected, the recognized security standards, and what a security program entailed. Like many of Kalles Group’s new clients, while the security review revealed the organization’s diligence in system security, there were areas where immediate improvements could be made and where near-term changes would make marked security improvements.
These initial discussions provided client leaders with a plan for the immediate-term and the knowledge they needed to make the next decisions – which security framework to choose, and how to quickly build a new security program within this framework that satisfied the expected standards of the strategic prospect.
The Kalles Group team helped the client understand that there are multiple security frameworks established to address different security needs. After evaluating the security needs of the company and its clients, as well as the existing structures and corporate security concerns, Kalles Group helped the client decide that the ISO 27001 framework would best meet their concerns, as well as be most expediently and effectively applied.
With a framework selected and a rough plan for implementation of a security program in place, the client still faced the challenge of responding to the security questions within the RFP. Kalles Group offered the client a different perspective on how to respond to the RFP. Client leaders were concerned that if current compliance with the security questions was requisite, the client would not win the business.
Kalles Group suggested that the client could, with full transparency, answer the security questions based on the company’s new security implementation plan, with specific timing around milestones related to unaddressed items. With the help of Kalles Group experts, the client clearly and thoroughly resolved the security questions and the RFP was completed and returned.
The project team spent a focused 3-week sprint defining and framing out a security program and setting that program into motion, so that the plan could be communicated in the RFP. Once this was complete, Kalles Group and the client filled out the RFP in a way that took into account the current and future security posture of the business, but also didn’t preclude the potential business transaction. The pragmatic collaboration between Kalles Group and the client created a lightweight team that could work quickly.
Several months later, the client was informed that they won the business and today they have multiplied the solar panel portfolio managed by their software.
While the client is focused on the challenges of rapid growth, the ongoing investment in the security program continued after the RFP. With the help of Kalles Group, the client continues to execute toward more effective security practices that are embedded within the company systems.
The client is committed to the work required to bring the company up to ISO 27001 standard. Once the company has received the ISO 27001 certification, future RFPs that include system security questionnaires will be much easier to respond to, and business that requires evidence of system security can be easily won.