StuWalsh.com

Information Security and Data Protection News, Articles, Consultancy, Guidance and Training Services

Advertisment Image
Advertisment Image

Blue Stream Academy Ltd.

Background

Between August 2018 and May 2024, during my time as Chief Information Security Officer (CISO) at Blue Stream Academy Ltd., I was responsible for leading the organisation’s information security efforts at a time of significant growth and increasing regulatory complexity.

My role was to ensure the protection of sensitive data and oversee the creation, implementation, and continual improvement of a comprehensive Information Security Management System (ISMS), aligned with UK regulations including the General Data Protection Regulation (GDPR), ISO 27001 standards, and PCI-DSS requirements.

Objectives

  • Establish and maintain a fully operational and audit-ready ISMS.
  • Embed ongoing GDPR compliance across the organisation.
  • Achieve and sustain ISO 27001 certification and PCI-DSS compliance.
  • Strengthen the confidentiality, integrity, and availability of all information assets.
  • Promote a company-wide security-conscious culture.

My Contributions

  • Strategic Information Security Leadership
  • Developed and implemented an organisation-wide Information Security Strategy aligned with executive priorities and risk appetite.
  • Delivered regular risk and compliance updates to the executive leadership team.
  • Design and Operation of the ISMS
  • Built a scalable ISMS tailored to the company’s operational needs, using a framework based on ISO 27001:2013 principles.
  • Authored and managed critical documents including risk assessment frameworks, access control policies, incident response plans, and asset registers.
  • Ensuring Regulatory Compliance
  • Conducted full lifecycle data mapping and GDPR compliance checks.
  • Developed Records of Processing Activities (RoPA), Data Protection Impact Assessments (DPIAs), and vendor risk management procedures.
  • Oversaw PCI-DSS controls implementation related to payment data security.
  • Risk Management and Continuous Improvement
  • Led internal security audits and coordinated external ISO27001 audits with successful outcomes.
  • Proactively assessed and addressed new and emerging risks through a structured continuous improvement process.
  • Security Awareness and Incident Response
  • Rolled out targeted security awareness training across the organisation.
  • Designed and operationalised incident response protocols and business continuity planning strategies.

Results

  • Full ISO 27001 Certification achieved and maintained.
  • Consistent GDPR compliance across data processing activities.
  • Successful implementation of PCI-DSS controls without major audit findings.
  • Significantly reduced incident rates and improved employee security awareness.
  • Fostered a resilient, security-first culture across all teams.

Reflection

This experience reinforced the critical importance of not just implementing controls, but embedding security into an organisation’s culture. By combining strong governance with practical operational measures, Blue Stream Academy Ltd. was able to achieve and maintain an exemplary standard of information security compliance throughout my tenure.

Disclaimer

The information provided in this case study is a reflection of my personal experiences and contributions during my employment. It does not disclose any confidential or proprietary information and does not represent the views, strategies, or endorsements of Blue Stream Academy Ltd.
RSS
Follow by Email
Facebook
X (Twitter)
LinkedIn