Securing business data

Gala Coral - ISO27001

Case Study: Gala-Coral-lg
Gala Coral Interactive - ISO27001

Gala Coral Interactive achieves ISO27001 in just 10 months with CNS Group

Gala Coral Interactive (GCI), one of the UK’s largest gaming firms, was required to gain and maintain an operational Information Security Management System (ISMS) that conformed to ISO/IEC 27001:2013 for its online gambling services and to provide ongoing assurance to the industry regulators, in this case The Gaming Commission. GCI already had stringent security controls and processes in place, but was eager to gain this certification as part of its on-going assurance to the governing bodies. GCI was working to tight deadlines and, after a rigorous supplier selection process, chose CNS to deliver the consultancy needed to ensure these deadlines were met. 


Client Overview

Gala Coral Interactive Ltd is a dedicated division of the Gala Coral Group, specifically developed as an online presence to offer a world class bingo and casino gaming service. Their brands include Coral, Gala Bingo & Gala Casino and they are one of the UK’s largest gaming firms both online and on the high street. 

“We have found CNS to be a responsible and trustworthy business partner who deals with integrity and respect.

We really appreciate efforts put by each one of CNS professionals for making GCI more robust and security compliant. Because of such efforts only, we have successfully closed the ISO audit.” 
Information Security Manager, GCI.


The Challenge

The main challenge faced by GCI and CNS was time. A fully operational ISM system needed to be in place within 10 months and pass the audit without any non-conformities. 
In order to meet these requirements, CNS had to quickly understand the business and security philosophy of GCI and ensure that the ISMS created would integrate properly.


The Solution

CNS provided GCI with up to 3 ISO27001 lead auditors to ensure that the project was delivered in time. The project followed CNS’s standard methodology and stages:

Stage 1 – GAP Analysis

Stage 2 – Creation of Governance Structure

Stage 3 – Risk Assessment

Stage 4 – Assistance with creation and review of Core Policies and Procedures

Stage 5 – Risk Remediation Activity

Stage 6 – Training & Awareness

Stage 7 – Pre-Audit Readiness Review

Stage 8 – Certification Audit

As a result, GCI passed its ISO27001:2013 on 26
th March 2015. The relationship between GCI and CNS has continued to grow and CNS will be assisting GCI throughout 2016 to ensure that their compliance is retained, which will be achieved through CNS’s annual MYQSA service.

To find out more about CNS Group’s Compliance and Consulting services, click

Get in touch

Talk to our experts today
call us

Get in touch

Talk to our experts today +44 (0) 20 7592 8800

Send us a message

We'll get back to you Send us a message

Connect with us

See what we're saying elsewhere