Successful ISO 27001 Implementation at Advanced Petrochemical Company – A Case Study
In today’s rapidly evolving digital landscape, safeguarding sensitive information is a top priority for organizations, especially in industries handling critical manufacturing and petrochemical processes. This case study highlights how PopularCert, a leading ISO certification consulting firm, successfully guided Advanced Petrochemical Company, located in Al Jubail Industrial Area, Saudi Arabia, in implementing ISO 27001: Information Security Management System (ISMS).
Client Overview
Advanced Petrochemical Company is a major player in the petrochemical industry, specializing in the manufacturing of polypropylene and petrochemical products. With a facility of 1000+ employees and well-established departments, including IT, Quality Control (QC), Procurement, Administration, Manufacturing, and HR, information security was a key area of concern for the organization.
Challenges Faced
Before ISO 27001 implementation, a detailed gap analysis was conducted, which revealed several critical information security gaps in the company’s existing business processes, including:
- Absence of an ISMS Policy to define information security objectives.
- Lack of a disciplinary action procedure for employee data violations.
- Weak IT asset distribution and access revocation processes.
- Unsecured server room setup with outdated security measures.
- Server backup stored on NAS instead of a secure cloud environment.
- No confidentiality agreements with third-party IT vendors.
- Inadequate communication on planned system downtimes and maintenance activities.
Despite having a Quality Control (QC) department overseeing ISO standards, Mr. Saud (CISO) and Mr. Ahmed spearheaded the initiative for ISO 27001 implementation with strong backing from the CEO, Mr. Abdullah.
Our Approach
PopularCert assigned a team of three experts to handle different aspects of the project:
- Syed (Senior Consultant) – Supervised and coordinated the entire implementation process.
- Basit – Managed the documentation and compliance procedures.
- Rizwan – Conducted training sessions for employees on ISMS policies and best practices.
Types Of Certification
- ISO Certification
- ISO 9001 Certification
- ISO 14001 Certification
- ISO 45001 Certification
- ISO 22000 Certification
- ISO 27001 Certification
- ISO 17025 Certification
- ISO 13485 Certification
- ISO 20000-1 Certification
- ISO 22301 Certification
- ISO 50001 Certification
- ISO 37001 Certification
- IATF 16949 Certification
- ISO 29001 Certification
- ISO 31000 Certification
- ISO 20121 Certification
- ISO 10002 Certification
- ISO 41001 Certification
Get Free Consultation
Our Clients
Over six months, our team visited the company for one week per month, working closely with the management and department heads to implement ISO 27001 controls, policies, and procedures.
To overcome internal resistance, particularly from the QC department, we emphasized the need for a separate document control system for ISMS, as their existing documentation methods were outdated and unsuitable for managing digital records and soft copies.
Key Implementations
Our consulting services ensured the company successfully adopted:
- A robust Information Security Policy aligning with ISO 27001 requirements.
- A comprehensive Risk Management System to identify, assess, and mitigate security risks.
- A Statement of Applicability (SoA) documenting all security controls applied.
- Improved server security measures and migration of backups to a secure cloud environment.
- Clear procedures for IT asset disposal and employee access revocation.
- Mandatory confidentiality agreements for IT vendors and third-party service providers.
- A structured incident response plan to handle cybersecurity threats effectively.
External Audit & Certification
Advanced Petrochemical Company had an independent arrangement with DNV Certification Body for auditing and certification. The external audit was conducted over four days by two Dutch auditors in two stages.
The auditors found minor non-conformities (NCs) related to
- Regulatory compliance – The need for better tracking of legal cybersecurity requirements.
- Legal register maintenance – A requirement to document and regularly update relevant laws and regulations.
The company’s CISO took just one week to resolve these issues, leading to a successful ISO 27001 certification.
Outcome & Client Appreciation
The implementation of ISO 27001 strengthened information security at Advanced Petrochemical Company, ensuring compliance with global security standards. The company’s leadership praised the PopularCert team for their expertise and professionalism. As a token of appreciation, the team received gifts – Syed was gifted a watch, while Basit and Rizwan received smartphones.
Conclusion
This case study showcases PopularCert’s expertise in ISO 27001 implementation for large-scale organizations. With the successful certification of Advanced Petrochemical Company, we continue to drive information security excellence across industries.
Looking for ISO 27001 Certification for Your Organization?
Contact PopularCert today for expert consulting services, Visit contact@popularcert.com to learn more.