Welcome to Amtivo in Ireland, formerly Certification Europe and EQA

cert eu logo eqa Logo white

CR2 Limited

ISO 27001:2022 Case Study

ISO 27001 certification confirmed the work that CR2 has been doing against a global standard and provides a platform and stimulus to continuously improve information security governance, engagement and accountability among employees at CR2.

Introduction

CR2 Limited is a global leader in digital banking and payments, operating across MEA with offices in Dublin, Dubai, Jordan, Egypt, India and Australia. Their flagship platform, BankWorld, offers a comprehensive suite of services to over 100 banks across 60 countries. The business prides itself on a commitment to continuous innovation and customer-centric solutions. As a supplier to banks and financial services organisations CR2 has a dedication to security. The business has achieved PCI (Payment Card Industry) secure software standard certification for their BankWorld and BankWorld ATM Client software solutions, reflecting their proactive approach to safeguard sensitive information.

CR2 Limited case study - smartphones

Opportunities

In 2023, CR2 recognised an opportunity to confirm their information security credentials by obtaining ISO 27001:2022 certification. This decision stemmed from the need to ensure the completeness and consistency of existing security measures. By aligning with the internationally recognised ISO 27001 standard, CR2 aimed to benchmark their defences against a global standard to continue to instil trust with all stakeholders – colleagues, customers, suppliers and regulators.

CR2 case study - bank cards

Approach

CR2 established a senior project team led by CR2’s Head of Information Security and Business Process and Compliance Manager. This project team developed an ISO 27001:2022-aligned Information Security Management System (ISMS) to support the business in adhering to industry best practices.

The implementation phase began with a detailed gap analysis, performed by skilled auditors from Amtivo, formerly Certification Europe, who systematically identified existing security measures and areas requiring attention. All policies and procedures were then meticulously reviewed and amended where necessary by the CR2 team to ensure alignment with ISO standards. Control owners played a key role in reviewing and endorsing these policies, integrating them into the ISMS.

CR2 case study - woman looking at bank card and smartphone

CR2 used the project as a platform to continuously build employee awareness and engagement. A comprehensive internal communications plan supported all steps with regular updates. Information security training sessions and awareness campaigns continued to reinforce a culture of information security consciousness across all levels of the organisation.

Collaboration with Amtivo included certification auditing (Stage 1 and Stage 2), gap analysis consultancy and Lead Auditor Training. This comprehensive engagement assisted with a smooth journey toward ISO 27001 certification. The entire process, from the initial conversation with Amtivo to the certification recommendation, spanned eight months, with the official certificate issued six weeks thereafter, reflecting the efficiency of their collaborative approach.

CR2 case study - customer paying by card in a cafe

Outcome

CR2’s successful ISO 27001 certification marked the significant outcome as an important external endorsement of their continuous commitment to information security excellence. The certification serves as a tangible testament to CR2’s global standards in safeguarding sensitive information and upholding the highest standards of information security practices.

Internally, ISO certification has reinforced the continuous rigor and accountability on information security practices. Employees are now more aware and engaged, actively contributing to the ongoing improvement of information security measures within the organisation. Externally, ISO certification has positioned CR2 as a trusted partner in the digital banking and payments landscape. The certification serves as a powerful differentiator, enhancing CR2’s reputation and opening doors to new opportunities in the global marketplace.

CR2’s journey towards ISO 27001 certification has further confirmed the business as a leader in the industry, confident to achieve continued growth and success in the ever-evolving digital landscape.

CR2 Limited case study - Trusted by over 100 banks graphic

Barry Quirke
Start Quote

ISO 27001 certification clearly demonstrates CR2’s commitment to information security and that our organisation and management system consistently deliver to internationally recognised standards. Amtivo, formerly Certification Europe, accompanied us throughout our journey to certification and they are a valued partner who have provided support and training in addition to impartial and professionally conducted assessments.

End Quote

Barry Quirke

Business Process and Compliance Manager

CR2 Limited

Sign Up to Our Newsletter

Enter your details below to ensure you stay up to date with all the latest certification news and expert insights.