CRV was about to take an important step: the ISO 27001 process started. The certificate had value, but the real profit lay in increasing internal awareness and support. The organization wanted to grow in structure, ownership and cooperation. Not only to obtain the certificate, but especially to get a better grip on your own way of working.
CRV engaged TeamValue to supervise the process. ISO became the tool for focusing the way-of-work. By linking the process to daily practice and providing guidance with structure, coaching and pragmatic tools, there was support and room for change with business value.
About CRV
CRV is an international cooperative with Dutch roots, active in cattle improvement. With a strong focus on genetics, data and innovation, CRV helps farmers around the world make their livestock healthier, more efficient and more sustainable. By combining practical knowledge with advanced technology, CRV provides valuable insights and solutions that contribute to future-proof dairy and beef farming.
We didn't need a paper reality, but something that really works in practice. With TeamValue's approach, we have achieved structure and workability together. A foundation that strengthens us now and in the future!
Martijn Quist — Global IT Operations Manager
Value unlocked
- ISO 27001 certification achieved in 6 months on budget.
- 100% of the mandatory documentation in order during the first audit.
- A supported and workable Way of Work that suits the organization.
- Visible improvement in quality, compliance and productivity.
- Proud of employees: the certificate felt like a confirmation of their daily work.
Our approach
Preparing for ISO 27001:2022
The first step was to align the new ISO 27001:2022 standard with CRV's existing way of working. TeamValue brought a different approach to this: ISO became not the goal, but the means to focus and improve CRV's Way of Work.
By making a comparison with the Critical Security Controls (CIS), a bridge was built between theory and practice. At the same time, an ISO steering group was formed with employees who already had experience with information security and audits, which ensured recognition and continuity in the process.
Structure and awareness
CRV itself had already laid a strong foundation, including a SWOT analysis, phishing campaigns, cybersecurity training and a planned pen test. TeamValue built on this with a project and implementation plan that bundled and strengthened these initiatives. During the kick-off, the common goal was clearly set: not only complying with ISO, but building a supported and future-proof way of working. The combination of substantive preparation and targeted guidance created a sense of urgency and ownership.
Setting up the Information Security Management System (ISMS)
An important step was the switch from Cybermanager to IsoPlanner as a central tool for the Information Security Management System (ISMS). The previous tooling was too far from the workplace and had little support. IsoPlanner brought overview, accessibility and was better suited to the teams' experience. SharePoint was set up as a central place for documentation, roles and updates. This combination provided structure and ownership.
Risk analysis & controls
The new ISO 27001:2022 controls were described, assessed and tested against the existing method. Risk analyses were then carried out and linked to the relevant measures. This gave CRV insight into vulnerabilities and provided concrete tools for improvement. We helped CRV make this translation into practice fast and effective.
Process transparency with the RAG method
Throughout the process, regular RAG meetings were organized. RAG stands for Red, Amber, Green and is a visual method for quickly providing insight into the status of projects: red means attention required, orange (amber) represents risks or delays, and green means everything is on track. These short, targeted meetings helped to monitor progress, discuss bottlenecks and make quick decisions.
From resistance to ownership
As with many change processes, there was some reluctance in the beginning. Employees were faced with new policies that they had to learn about and apply. Through personal “Make it yours” conversations, this reluctance was converted into engagement and ownership.
The strength of our approach
What made this collaboration unique was the combination of substantive knowledge, pragmatism and people-centered guidance. By not approaching ISO as a goal, but using it as a catalyst for improvement, engagement was created - which also accelerated. A practical approach that lasts and is secured within CRV.
Continue talking?
Do you recognize the need for a supported and workable approach to information security and are you looking for a way to link ISO 27001 to sustainable change? We are happy to think along about how you can design this process successfully and practically.
.webp)
