Case study
-
ISO 27001 Compliance
Alignment with international standards for information security management.
-
Reduced Financial Risk
10% reduction in insurance premiums and mitigated compliance fines.
-
Security-First Culture
100% of key staff trained in security responsibilities with continuous risk forum.
Overview
Condor Ferries operates a year-round ferry service connecting the UK, Guernsey and Jersey and the port of St Malo in France across 18 ferry routes. Each year the firm carries over one million passengers, 200,000 passenger vehicles and 100,000 freight vehicles on its services – the latter providing a vital supply link with the Channel Islands.
The challenge
As a recognised and well-respected brand with an extensive operational footprint across multiple locations, Condor Ferries was keenly aware of the target it represented for threat actors. It wanted peace of mind that IT security is being managed in line with best practices to mitigate financial and reputational risk.
However, its in-house IT team, while extremely capable, didn’t have the time and resources to manage cybersecurity and support business transformation. The alternative, hiring a full-time top-tier Chief Information Security Officer (CISO), was deemed too expensive and unnecessary given the firm’s requirements.
The solution
QuoStar was engaged to deliver its CISO service—to dovetail around the IT team and provide guidance around IT security, compliance and governance. We worked through several stages:
Assessment & Review: Including a full review of information security management within Condor Ferries and a remote on-site and on-vessel assessment of IT security controls and configurations. QuoStar also assessed data flows within and outside the company, and undertook cyber-impact assessments against critical assets.
Reporting: QuoStar delivered a report detailing which areas should be addressed to improve security posture, and what was needed to attain ISO 27001 compliance. We also delivered an IT security risk register and a roadmap for future efforts.
Management system: QuoStar delivered a strategy workshop and training for those with security responsibilities, and developed a security and risk forum to help create a security-first culture at Condor Ferries. We advised on management structure, and implemented documentation for managing an Information Security Managed System (ISMS)
CISO-as-a-service: Condor Ferries now has a trusted CISO that works closely with the business to advise on security obligations, monitors fcompliance, oversees third-party testing and supplier risk management, and much more.
-
Continuous cyber risk management
The Condor Ferries IT team and board have continuous visibility into security posture and a process for monitoring, evaluating, improving and reporting on it. This has helped to create a security-aware culture in the organisation where everyone does their part to protect the business from cyber threats.
-
More time for business transformation
Thanks to QuoStar’s work, the in-house IT team has been able to focus on delivering high-value transformation projects for the business. They have the peace of mind that QuoStar is always available as a trusted partner going forward.
-
Managed reputational and financial risk
Condor Ferries is able to evidence enhanced security posture to external parties like customers, regulators and insurers. This enables it to reduce premiums, minimise the risk of compliance fines and differentiate in the market on its security capabilities.
Related services
Sign up to receive expert insights, event invites, and more – delivered straight to your inbox.
