"The Information Security Management System includes extensive documentation, which was tailored to fit our company's operations and needs."

Information Security Management System in one and a half months

DealDash is an online auction platform founded in 2009, addressing inventory surplus challenges in the U.S. market while offering consumers the opportunity to purchase high-quality products, such as electronics and home goods, at competitive prices. The company collaborates with international consumer brands, wholesalers, and retailers. Elmo assisted DealDash in building its Information Security Management System (ISMS). CEO Pasi Lohi shares his experience with the project.

Why did DealDash decide to implement an Information Security Management System?

Previously, we had focused primarily on the technical security of our e-commerce platform, but we had not taken a comprehensive approach to information security. Threats evolve rapidly, and it is crucial to assess risks systematically. While it is impossible to prepare for everything, having a plan and clear roles for unexpected situations is essential.

Why did you choose Elmo for the project?

We had been looking for a consultant to help develop our ISMS for some time, but most offerings seemed to focus solely on technical cybersecurity. Elmo was a well-known and trusted ICT company within our network, and we discovered they provided exactly the service we needed.

How did the project progress?

Smoothly. An ISMS involves extensive documentation, which we reviewed and tailored to fit our company’s operations and needs in weekly increments. The entire project was completed in just 1.5 months.

Were there any surprises?

We were not specifically aiming for an ISO certification, but with the ISMS we developed, we are already close to meeting the certification requirements. With a bit of additional work, we could achieve compliance if we decide to pursue certification in the future.

What impact has the ISMS had on your daily operations?

Awareness of information security has increased significantly. Employees actively discuss risks, and security consciousness has become a natural part of our daily work. Additionally, we have adopted best practices that have both improved security and streamlined operations—for example, in user account management.

Learn about the customer