ISO 27001PharmaceuticalISMS Implementation

Case Study: Leading ISO 27001 Implementation at Valneva

How Sandy Smajic single-handedly implemented a complete ISMS from scratch in just 6 months, achieving 42% risk reduction.

🎯 Project Overview

Sandy Smajic served as Security Engineer at Valneva, a specialty vaccine company, and took on the ambitious role of leading an ISO 27001 implementation project single-handedly. Starting from zero security maturity with no existing ISMS, he established a robust Information Security Management System from the ground up in just 6 months.

⚠️ Critical Starting Challenges

  • Zero security maturity - no existing ISMS or security function
  • Single-person team handling entire implementation
  • Aggressive 6-month timeline for certification readiness
  • Cross-departmental alignment across IT, Finance, HR, R&D

🚀 Comprehensive Implementation Strategy

Phase 1: Foundation Building

  • Comprehensive risk assessment of all information assets
  • Threat analysis with vulnerability scanning
  • Risk register creation with treatment plans

Phase 2: Control Implementation

  • Complete policy suite aligned with ISO 27001
  • Technical controls - access, encryption, backups
  • Statement of Applicability for all 93 Annex A controls

📈 Exceptional Results Delivered

42%
Critical risk reduction
6 months
Implementation timeline
100%
Certification readiness
0
Major non-conformities

🏆 Strategic Business Impact

The project delivered far-reaching benefits beyond compliance, creating a culture of security awareness and positioning Valneva as a leader in pharmaceutical cybersecurity. The success enabled new business opportunities requiring ISO 27001 certification.

Organizational Transformation

Security became a shared responsibility across all departments, with dedicated champions in each team

Competitive Advantage

ISO 27001 readiness opened doors to new partnerships and government contracts

💡 Key Success Learnings

Top Management Support is Critical

Executive buy-in enabled faster policy approvals and cross-departmental cooperation

Structured Framework Aids Speed

Following ISO 27001 structure provided clear roadmap even under tight timeline

Cross-Functional Engagement Drives Success

Involving all departments created security champions and eased change management

← Back to HomeBook a Consultation