Attraqt has achieved ISO 27001 accreditation.

provides leading retailers with the ability to power exceptional shopping experiences. Their technology, driven by AI, helps retailers to improve the customer search and discovery experience by matching products with consumer interests in a fresh and engaging way.

The business employs approximately 170 staff who are split across office locations; London, Amsterdam and Sofia, Paris, Sydney and Hamburg. It has a number of high profile customers including asos, Harvey Nichols and Timberland.

The challenge

As a market leader in its field, Attraqt understood the need to demonstrate, to its customers, that it had the necessary security standards in place under the ISO27001 framework. In addition, the business was keen to test its current security policies by using vulnerability scanning and penetration testing services.

“We deal with many prominent retail customers who increasingly expect ISO 27001 accreditation as standard when they send out their RFP documentation. We already had robust information security practices in place, but these were not as clearly defined as policies — we felt that as an industry leader we should have these in place,” said Hiten Kacha, IT manager of Attraqt.

“We also found that customers were starting to ask about our cyber security practices. Using Bridewell Consulting’s expertise in cyber security services, as well as information security, we were able to test our own security posture and evidence this to our customers.”

Attraqt considered a number of options, from general consultancy to fully outsourcing the project. Although the business had the in-house skills, Attraqt wanted to complete the ISO27001 accreditation process quickly and with minimal impact on the day-to-day running of the business.

ISO 27001: the cyber security standard that organisations should strive for across the supply chain

Mark Darby, founder and chief executive at Alliantist, explores the importance of ISO 27001 — the cyber security standard that organisations should strive for. Read here

The solution

Attraqt met with a number of information security consultancy providers at Infosec 2018. Following this, they had a number of scoping meetings with Bridewell Consulting to understand the project parameters and financial costs.

As a result of these meetings, the Bridewell Consulting team worked with Attraqt on a five-day consultancy engagement. This gave Attraqt a full gap analysis of where the business needed to focus and a definitive project proposal from Bridewell detailing the costs and resources needed to complete the ISO27001 certification.

“We were very impressed with how Bridewell took the time to understand our business. They gave us a defined plan which outlined the processes and methods needed to achieve our certification,” said Kacha.

“It was important for us to choose a partner that we could trust and work with as an extension of our own business. Bridewell fitted the bill.”

10 cyber security trends to look out for in 2020

What cyber security trends and issues can the world expect in 2020: more stringent regulation, creations of new roles? Read here

The results

The full engagement started in February 2019 and Attraqt achieved its full ISO 27001 accreditation in September 2019.

One key aspect of the certification was directly linked to the outcomes of penetration testing and vulnerability scanning. Having Bridewell perform all these services kept everything ‘under one roof’, ensuring that the project came in on schedule and on budget.

“The project has been very successful, but we recognise that getting the certification is only the first step. Bridewell has been a valuable addition to our team over the last six months. We look forward to using their expertise in the future, particularly around security scanning and penetration testing, to help us maintain and develop our security framework,” added Kacha.