How LifeArc used Xoralia’s policy management software to achieve rapid ISO 27001 certification
Xoralia launches within three days to secure ISO 27001 certification with easy policy access and high employee attestation rates
LifeArc is a self-funding, not-for-profit UK medical research charity, and they specialise in early-stage translation – advancing lab-based scientific discoveries to a point at which they can be developed into the next generation of diagnostics, treatments and cures.
LifeArc operates in a strictly regulated sector where compliance and information security are critical. It is essential that LifeArc’s workforce have easy and effortless access to the latest up-to-date policies and procedures.
Supporting LifeArc’s ISO 27001 certification audit
Providing access to policies and establishing related employee attestation processes was considered to be an important factor in LifeArc gaining ISO 27001 certification, confirming that robust information security management processes and practices are in place.
LifeArc had an upcoming ISO 27001 audit and wanted to urgently improve the access employees have to information security policies and procedures.
Policies were currently being stored across LifeArc’s SharePoint tenant but weren’t always easy to find, with multiple versions of the same policy circulating. Employees found they were wasting time and wanted to be confident that any policy they found was up to date.
Meeting an ambitious three-day deadline
With only days to go to the audit, LifeArc approached Content Formula for guidance on how they could best reorganise their policies and procedures documentation and provide easier access for employees, for example using labelling and relevant document tags to improve findability.
After holding a workshop to understand their needs, we recommended that LifeArc immediately implement Content Formula’s Xoralia policy management solution.
As Xoralia can be installed rapidly and would integrate seamlessly into LifeArc’s existing SharePoint environment and Microsoft 365 digital workplace, we aimed for an ambitious three-day go-live date, meeting the deadline for the approaching information security audit.
Launching Xoralia’s policy management solution in record speed
Working in a close partnership with LifeArc, we worked to get Xoralia live within 72 hours. The project team gathered the latest version of policies and procedural documents from policy owners so these could be easily accessed through Xoralia’s central policy library.
We worked with LifeArc to configure Xoralia with custom labels and tags so that policies can easily be found by employees, either through search or by browsing meaningful categories.
The strong partnership between Content Formula and LifeArc enabled a successful launch to all 500 employees within the deadline.
An easily accessible central policy library that employees trust
Today Xoralia provides easy access to nearly thirty key policies, processes and guidelines relating to information security, risk management, physical security and related topics.
LifeArc, with the help of Xoralia, has successfully achieved their desired ISO 27001 accreditation, providing confidence to regulators and external partners that information security is robustly managed to the highest standards.
Achieving high rates of employee attestation
Employees and consultants working with LifeArc leverage Xoralia’s employee attestation features to confirm that they have read and understood information security policies.
Using Xoralia’s in-built reporting features, teams monitoring compliance can easily trigger further notifications to raise attestation rates; this is already having some success as the charity is now working towards increasing the high 87.5% attestation rate that has already been achieved.
Extending the success of Xoralia
The team are impressed with the impact Xoralia has had. Not only has it helped the charity to achieve ISO 27001 accreditation but also eliminated issues around version control and made it easier for policy owners to keep their documents up to date, with related notifications and clarity over ownership.
It has also saved employees time and increased confidence that the policies accessed are the very latest.
Given this success, the team are now planning to extend the use of Xoralia to focus on their documentation relating to laboratory operations, another area where policies, procedures and guidelines are key.