Why does ISO 27001 security matter?

Locatrix’s Executive Manager of Technology, Andrew Eross, explains why?


Andrew Eross (aka Locatrix’s international man of Mystery) has been with Locatrix since 2018, coming across to what was then Concept Safety Systems as part of its acquisition of the original Locatrix. The acquisition was a strategic move that strengthened the company with highly skilled developers, like Andrew, who specialised in mobile application development.


Originally from New Hampshire in the USA, Andrew started coding at about 10 years old and by the late 90’s he and a few high school friends founded his first software company called Chasma Interactive. Between then and now, Andrew moved to Australia, where he graduated from the University of Queensland with a bachelor’s degree in Computer Science. He continued to work after graduation and helped found the original Locatrix Communications. He worked as that company’s CTO where he focused on web, mobile, and geospatial application development, delivering 50+ projects to a variety of enterprise clients over the course of 10 years. Andrew has since moved to Brazil and continues to work remotely for the Locatrix that we know today.

What does it take to become ISO 27001 accredited?


Andrew’s strong project management skills sees him heading up many of our major projects at Locatrix, one of which was the implementation of ISO-27001, an international standard for how to manage information security. Organizations that meet the standard's requirements can choose to be certified by an accredited certification body following successful completion of an audit.


As Andrew Explains “The majority of the work in achieving ISO-27001 certification was around documenting and formalizing processes that were already in place, and then ensuring those processes/procedures are regularly reviewed and updated. In many cases, we were already doing the right thing, but it simply hadn’t been documented into a procedure. Risk management was also a major subject, where risks had previously been considered and mitigated across the business, but again were lacking a formal structure and review period for re-analysis. This work took 2-3 people approximately 5 months, keeping in close communication with all areas of the business. Being a training focused business that had already obtained similar certifications (ISO-9001) this made the process much easier as we had many similar structures and policies already in place, along with an established compliance team. Had this not been the case, I expect it would have taken at least twice as long. Our development team was also already using most of the best practice guidance, which lessened the impact to their work. The initial audit passed with no non-conformities found - a major accomplishment for the team and business. Our success depended heavily on top management support, which we received.”

Why did Locatrix decide to become ISO 27001 accredited?


Locatrix works regularly with large enterprise organisations, such as Qantas, Commonwealth Bank, SunCorp, Queensland Government, all of which set a high bar for standards compliance among their top vendors. “We felt it was necessary to achieve ISO-27001 compliance in order to meet the needs of our clients, and to give our investors, employees and management a high level of confidence in the information security practices implemented by our business”.


This level of certification protects Locatrix against Cyber-attacks, data leaks, and ransomware, all of which have all been major new stories in recent years, with many major corporations falling victim. Such attacks prove extremely costly, along with the loss of reputation and public confidence. It’s clearly something that every organisation needs to be concerned about, and Locatrix made the decision to be pro-active in addressing corporate security before it becomes an issue and to instil those practices into our business.


Andrew’s assignment was to implement this standard to strengthen Locatrix’s security stance, but he sees the true benefits as being handed on to our Partners, setting us well ahead of the competition in providing something others can’t: “Our Partners get to enjoy the same benefits as we do, their data protected from cyber-attacks and data leaks, being able to alleviate their concerns by ensuring their customer’s data is protected. It’s a real advantage for them to rely on us to deliver that service securely so they can concentrate on their core business and customer deliverables. ISO-27001 certification is not easy to achieve, in fact the total count of certifications in Australia numbering only in the hundreds. Many organisations follow the guidance, but don’t pursue formal accreditation. Within our sector of building emergency safety, it’s an even rarer certification, and so gives our company a clear advantage when customers are comparing solutions” At Locatrix we consider ourselves to be very fortunate to have Andrew as a member of our team. He’s always reliable and readily available to provide assistance on any matter – no matter where in the world he is at that point of time. Andrew’s incredible technical knowledge along with his brilliant communication skills bring a true richness to our Executive team.


And why does Andrew stay at Locatrix?


“That’s pretty easy: I really enjoy the work and I like the people I work with. I especially like how the work we do has a real-world impact and that we’re doing something that may save lives. I enjoyed my time in game development and similar work, but it’s really a different experience when you speak regularly with police, fire, and other emergency organisations who want to leverage your work to improve their ability to help people. On top of that, our company’s tech mentality is a perfect match for me: We don’t cut corners, we follow procedure, take the time to do things the right way, and we strike a nice balance between working with the latest technologies while ensuring they’re long-term choices.” And how does Andrew see the future at Locatrix?


“I tend to stay with companies for the long haul, and I try my best to choose my positions carefully to find a place that I can see a clear future with. That’s very much the case here where I like our work, the philosophies behind it, and the team pulling it all together. Our growth strategy around increasing our partner eco-system makes perfect sense to me, and I can see this organisation continuing to expand rapidly. I see plenty of opportunities for myself personally, and I’ve received nothing but positive support from the team and management. The company will soon be expanding outside of Australia, which will open up even more opportunities in other areas of the world.”

23 views