Inseya Case Study
fortControl supports Inseya with a practical ISMS platform for the successful implementation and preparation for ISO 27001 certification.
Limited visibility, high manual effort
Inseya relies heavily on stable, secure and compliant information processing. Business processes, customer data, internal communication and technical systems are highly digitized and partly dependent on external service providers and cloud platforms. The existing ISMS setup based on MS Office tools such as Word and Excel was unclear, time-consuming to maintain and lacked sufficient transparency for audits and management. A practical solution was needed that clearly structures the ISO 27001 process, systematically maps risks and integrates efficiently into existing workflows.
More visibility, less effort
With fortControl, Inseya has centrally bundled and largely automated risks, measures and responsibilities. The platform supports end-to-end risk assessment — from identifying risks to tracking measures and providing transparent audit documentation.
Using fortControl, we introduced clear structures into our ISMS, built it up quickly and keep it effortlessly up to date. The platform is easy and intuitive to use and has saved us significant time. A real relief in day-to-day operations.
ISB and Managing Consultant
ISMS and SOC: Why SMEs need both
Many SMEs face the same challenge: increasing requirements, expanding attack surfaces — but limited resources. Combining a structured ISMS with operational security monitoring offers a practical approach. Together with Maxim Lachmann, Information Security Officer (ISO) at Inseya, we take a closer look at how these two approaches complement each other in practice.
Maxim, what was the motivation behind partnering with fortControl?
By structuring risks, supplier assessments and measures, fortControl creates transparent, audit-ready evidence at any time. Based on fortControl, Inseya supports customers in reaching ISO 27001 maturity faster, demonstrating it clearly and meeting security requirements efficiently.
For SMEs, this means that risks and measures are no longer scattered across individual documents, but centrally traceable — a key foundation for audits and decision-making.
What role does Inseya’s SOC as a Service play in this overall setup?
The SOC is the operational core of security monitoring. Our customers benefit from continuous analysis of security-relevant events, clearly defined escalation processes and concrete recommendations for action. This ensures that security is not only approached from a preventive perspective, but actively monitored and managed.
In practice, this means that security incidents are not only detected, but also prioritised and followed up with clear next steps.
Why is this combination particularly relevant for SMEs?
SMEs typically lack the resources to build their own security team or operate a 24/7 SOC. At the same time, regulatory requirements and threat levels continue to increase. By combining our Managed Security Services with the structured ISMS approach enabled by fortControl, SMEs gain access to a level of security that was previously reserved for larger organisations — but with predictable effort and clear responsibilities.
The key benefit for SMEs: professional security becomes accessible without the need to build internal teams.
How would you position this approach in the context of the Swiss ICT minimum standard?
With a combination of SOC and ISMS, we cover a large part of the core functional areas of the ICT minimum standard for our customers. The ISMS, based on fortControl, provides clear policies, processes and governance, while our Managed SOC covers Protect, Detect and Respond — including endpoint and network security.
This results in a coherent, practical security model for SMEs that is both technically and organisationally robust.
Closing remarks
Anyone looking to build sustainable information security needs to think in terms of both structure and operations. An ISMS provides the necessary structure, while a SOC ensures operational execution. Only the combination of both creates a security model that works in day-to-day business — especially for SMEs with limited resources.