Nearing the finish line!

Before the auditor comes a knockin’ on our door, but we are ready!

The majority of Galaxy’s action points, identified during the Gap Analysis and subsequent project, have been closed off, with a few “spin off projects” scheduled for 2024. Galaxy will be working closely with the GRG Compliance Team and the Network Administratos to ensure that some of the improvements we have implemented within Galaxy are rolled out to the other Sites and TEams within the Group.

A key improvement has been re-organising the controls within some of our controlled documents into the four categories used by the ISO 27002 Standard: Organisation, People, Physical and Technological. This has made cross reference between different documents, for example the Data Protection and Information Security Policy, and the controls within associated risk assessments easier. The same categories have also been used for our revised internal audit templates, again making the management of risks, controls and action points easier.

The way we organise our management systems has made communications between Galaxy and the GRG Compliance Teams, and other functions such as training, simpler.

One lesson learned is just how important the change management processes that we have used at Galaxy – to manage the ISO 27001 Upgrade Project - are going to be for the rest of the Guernsey Recycling Group in 2024.

Which means … lots more spreadsheets :-D