ISO 27001 Certification— How We Made it
On August 15, amidst much hoorahing and a number of shiny wide smiles on the faces of everyone who had been involved in the ‘interesting’ journey, we organised our ISO 27001 Certification unveiling ceremony at Vibranium Valley and it is not stretching the facts to say that everyone heaved a collective sigh of relief.
Toye Oyewunmi, who heads the Operational Excellence Team at Venture Garden Group — and who was the Project Lead and Acting CISO, was responsible for driving us to the point where we actually received the beautifully-framed certificate — recounted his experience and observations with us.
Basically, we were able to get the scoop, firsthand.

Why did we decide to get the certification?
Following an Internal Audit review that was done in 2017, the Executive Management decided that we needed to update our IT risk management framework to safeguard our payment platforms and services from attacks and data loss. Thus, for us, embarking on the journey to get the ISO 27001 Certification transcended just getting the award. To our investors and customers, securing this certification reassures them that we have put in place adequate security controls (systems and processes) to manage the risk we are exposed to in the space we play.
The Team
The project was executed by a joint team of Consultants from Infoprive and the VGG project team which comprised Toye Oyewunmi (Project Lead and Acting CISO), Femi Mogaji (Head, Network Infrastructure), Ibijoke Oyewole (VigiPay Operations Manager), Funke Adewale (Information Security Analyst), Kassim Ajani (Operational Excellence Officer) and Subulola Jiboye (Communications Associate). Also, Information Security Management System (ISMS) Champions were appointed from cross-functional departments to facilitate implementation and change management across the Company.

The Challenges Faced
The project officially kicked-off in February 2018 and was scheduled to run for 10 weeks but had to be extended for about 6 weeks as some other organizational projects were happening at the same time (i.e. the relocation to Vibranium Valley and migration from one enterprise system to another) which caused multiple competing priorities for the delivery team for a while.
The Process Itself
The journey began with a current state assessment to review our existing information security management system and comparing it with the requirements of the ISO/IEC 27001 standard. This initial assessment allowed us to identify gaps relative to the standard and to put in place necessary processes, systems and controls to eliminate the risks flagged.
Thereafter, we went through a two-stage process with the certifying body (PECB). The First stage assessed our readiness for the main audit by checking if the necessary ISO/IEC 27001 requirements were in place. Afterward, a second stage assessment was conducted to verify the conformance and effectiveness of the processes and controls to ISO/IEC 27001 standard for the in-scope segment of the organization. Upon the successful completion of the audit, we were issued the certificate which is valid and renewable after 3 years.


Elation and Gratitude
We are truly pleased to have earned the ISO 27001 Certification from PECB Canada, thanks to the dedication and hard work of our delivery team and consultants that helped to make this happen. This is a significant milestone which we are proud to celebrate as it further demonstrates our commitment to best in class security practices as we expand our operations to new markets both local and abroad.
