FastTrack Obtains Valuable ISO 27001 Certification
As part of FastTrack’s commitment to maintaining standards around information security management, IT Manager Bailey Stewart and his team have obtained ISO 27001 certification. FastTrack sat down with Bailey to find out what this means to the business, and for FastTrack’s customers, as well as what the future holds for future FastTrack releases.
FastTrack: What were you doing prior to FastTrack?
Bailey Stewart: Prior to FastTrack, I spent about a decade running my own businesses. I built up and spun out a couple of startups, which was good. I have a long history of software development in me, as much as operational awareness too. The last couple of big gigs I did were in home loans, which was leads management – so sales and home loans, as well as in the medical world, with big CRMs for medical practitioners.
After that, I went to Catch, who do big online retail, and really learnt quite a bit about how to run larger teams, as well as culture. Most of that was the beginning of the conversation with FastTrack when I decided to move on.
Why did you decide to move to FastTrack?
I stopped running my own business because I was sick of being alone. I’m a creature of sociability, and I don’t know how to stop talking at times. I like talking to people, and hanging out with people. I like to be on the same team as people, so having a client-supplier relationship was boring and tedious. At Catch, I got to build that sociability, but the move to FastTrack was about having the right culture at all levels of business – a culture that’s willing to change, and for me the position was about being able to start change, bring change and manage change throughout a business. There’s a level of support throughout the entire business on ideas generation. It’s on the wall as ‘One Team’, but it actually is. You can walk into any room and say ‘this’ and people will go ‘interesting, probably not’ or ‘interesting, we’ll think about it’ and it’ll actually go somewhere. The main driver for me was to be valued at all levels and affect change.
Is culture something you think greatly influences a business’ success or failure?
You live or die by your people. If you don’t bring people on the journey when you need to change, you’ll die. There’s nothing dying at FastTrack. There’s nothing but good people wanting to do the right thing. There’s a lot of good change around me, and the people that I work with.
How do you think that culture translates to helping customers?
If you’re not going to strive to look at what your customer needs, with a focus on having a good culture internally, then it will be discoverable, and seen by the output that you have. There’s an amazing link between culture and work that’s done. Good team culture is borne of interesting work that people are interested in doing. When you have that cadence, when you get people on the train to do that work with the right mindset and the right culture, then the output for the customer is better, more, faster etc. They’re absolutely linked.
Building on that, how do you and your team help customers when they need it?
Our operations department is responsible for all releases of the software, and the platform itself in terms of hosting arrangements. We are tasked with bearing knowledge about how to improve the product through operational standards as well. Over time, we’re the guys that make sure it goes out when there’s an upgrade, and the guys that are there when things go bump in the night. The operations team is like the surf lifesavers of software. We’re there to keep everyone between the flags.
Can you explain what the ISO 27001 certification means?
ISO stands for International Standards Organisation. The standard number is 27001. It was last updated in 2013.
What that ISO standard is about is ensuring that the business as a whole, not just IT, conforms to a set of policies and standards around information security management. It’s ensuring that there’s a management system in place, it’s auditable and workable within the whole business so we can stay on top of our security responsibilities. It’s a great framework to follow as it also includes external auditing, ensuring we are as secure as we can be. This is just so important in today’s data security climate. We take that responsibility very seriously, given the sensitive nature of our customers data.
The ISO 27001 accreditation gives our clients a level of comfort that we’re mature in our security footing, and we’ve been judged externally to be competent in security management, and continually so.
How do you ensure that level of security across the business, as someone involved in IT?
Having the authority to do so! That helps. I have a title of IT manager, but I also have a couple of subtitles – Information Security Officer, and I’m part of the governance committee along with other senior executives, and we drive it as a business. I say we, and that’s the most important bit. It’s a team effort, everyone’s involved, and realistically, how do we stay on top of it – we make sure we can’t lapse. We make sure we have external auditors, and we make sure we’re always doing things in the most secure way we can, and when we’re not, we have other people telling us to pick up our game.
What are you most proud of during your time at FastTrack so far?
Getting the ISO 27001 certification number 1! I came on board with a platform of four things to do. I’ve done all four now, which is good. I’ve got another 20 which I care about, but obtaining the ISO is… again, it’s a feather in my cap, but for the business it’s a huge thing. The ISO 27001 accreditation gives our clients a level of comfort that we’re mature in our security footing, and we’ve been judged externally to be competent in security management, and continually so.
Why should a customer care about the certification?
In this day and age, with tighter regulations around data security, what we do as a business is host data for companies to make money from. If we’re not treating that with the seriousness which it deserves, we wouldn’t have to get certified for anything, but we chose to before anyone told us we had to, because we take it very seriously. For any customer looking at FastTrack, come on board because we know what we’re doing, and we’ve been judged to know what we’re doing, it’s not just us saying that.
Finally, what’s your vision for IT/devops at FastTrack to better support customers?
We’ve heard from customers that they want more releases, more often. I know I can help deliver that, that’s the whole of IT, and with the other leaders of the team we’ll work towards that. Another tenant is increased product quality. With every release we get better and faster, and the product quality should be increasing. We want to move towards more releases more often, which means customers are getting features faster, which helps their time-to-market against competitors. We want to build trust in the customers that we can do that, and do it successfully. This is the core concept of Continuous Improvement and that’s what the FastTrack team is all about.