The Challenge
Amalgamotion needed to achieve ISO 27001 compliance to support its “Invest for Growth” strategy, meet NSW Government customer requirements, and safeguard sensitive government data on its cloud platform. There was also a clear need to reduce reputational and operational risks tied to potential cybersecurity gaps.
“Building business maturity has been central to our growth plans. Securing ISO accreditations isn’t just a box-ticking exercise—it’s a statement about how we do business.” - Gareth Rumbelow, Founder and CEO of Amalgamotion
After successfully attaining ISO 9001 (Quality), ISO 14001 (Environment), and ISO 45001 (OH&S) in 2023, the company shifted its focus to ISO 27001 (Information Security) for 2024. However, Amalgamotion recognised it didn’t have the capacity and specific in-house expertise to confidently tackle ISO 27001 certification. To keep operations running smoothly while navigating the complexities of compliance, they needed to bring in external specialists.
The Solution
Amalgamotion turned to Insicon for support in achieving ISO 27001 certification. They evaluated several solutions but ultimately selected Insicon due to its demonstrated expertise and structured approach.
"Insicon’s proposal stood out for its clarity and structure. They provided confidence that we could achieve certification within the proposed timeline without compromising quality.” - Clint Goad, Head of Operations at Amalgamotion
Working closely with Insicon, Amalgamotion dedicated two full-time staff to the project and completed the certification process in eight months.
'Whilst utilising our own internal skills, expertise and capabilities throughout this initiative, we wouldn’t have achieved this outcome without the specialist support and expertise from Insicon. In a true, partnership-principled manner, Insicon became an integral part of our business and a natural extension of the team.' - Gareth Rumbelow, Founder and CEO of Amalgamotion
The Process
The project commenced in May 2024 and spanned eight months. Key steps included:
- Initial Gap Analysis: Prior to engaging Insicon, Amalgamotion assessed its readiness for ISO 27001 certification, identifying significant gaps in compliance readiness.
- Dedicated Resources: Amalgamotion allocated two full-time staff members to focus exclusively on the implementation alongside Insicon’s team.
- Collaborative Framework: Weekly workgroups ensured transparent communication and iterative progress tracking using tools like JIRA for task management.
- Policy Development: Leveraging standard templates with Insicon’s guidance and expertise, Amalgamotion developed policies and procedures aligned with their business and the ISO 27001 standards.
- Operational Integration: The team established operational controls within JIRA to maintain ongoing compliance post-certification.
Despite initial challenges in aligning expectations and resources, the partnership achieved success through mutual adaptability and commitment to delivering a successful outcome. Weekly workgroups facilitated transparent communication and iterative progress tracking, ensuring alignment between teams.
The Results
- ISO 27001 Certification: Amalgamotion achieved ISO/IEC 27001:2022 certification in December 2024, meeting customer demands and enhancing its cybersecurity posture.
- Business Growth: ISO 27001 compliance positions Amalgamotion favourably for future tenders which require stringent information security standard.
- Operational Maturity: The project instilled rigor into Amalgamotion’s governance processes, ensuring sustainable practices for managing sensitive data.
- Enhanced Awareness: Regular updates and training sessions foster organisational awareness of cybersecurity best practises.
“We now have a robust governance framework that will serve us well into the future and goes far beyond just certification.” - Clint Goad, Head of Operations at Amalgamotion
Lessons Learned
- Early preparation is key: Amalgamotion’s pre-engagement gap analysis expedited the implementation process.
- Dedicated resources drive success: Assigning full-time staff ensured focus amidst competing priorities.
- Collaboration matters: Transparent communication between teams mitigated initial anxieties and fostered trust.
Conclusion
Matt Miller, co-founder and CEO of Insicon, added, “We know that real compliance isn’t about paperwork—it’s about building a security culture that supports business growth and resilience. We help Australian businesses move beyond box-ticking, guiding them to practical, lasting improvements that stand up to scrutiny and set them apart in the market.”
Organisations chasing certifications rarely succeed if they simply “tick the box.” Amalgamotion achieved real results by:
- Recognising the genuine need and value behind certification, not just treating it as a formality.
- Taking an innovative, tailored approach that fit their business, rather than following a cookie-cutter process.
- Embedding ongoing tools, policies, governance, and practical processes that matured their operations to a reputable, referenceable standard.
“Whilst utilising our own internal skills, expertise and capabilities throughout this initiative, we wouldn’t have achieved this outcome without the specialist support and expertise from Insicon. In a true, partnership-principled manner, Insicon became an integral part of our business and a natural extension of the team. Their experience, support and professionalism were paramount in guiding us from an idea to a clear intent, end then through to a successful implementation of ISO 27001. Working together it is less about the fact we achieved the objective, but more the about the way we achieved it.”- Gareth Rumbelow, Founder and CEO of Amalgamotion
