ValStream provides a high-stakes document intelligence and repair management solution for heavy industries such as aviation. The winner of Boeing’s 2023 Supplier of the Year and a Deloitte Tech Fast 50 honouree, ValStream manages critical data that keeps global fleets moving.
To maintain this momentum, ValStream needed mature, scalable security that reflected their status as a world-class technology partner.
The challenge: Balancing rapid growth with strong governance
For an SME scaling at ValStream’s pace, they faced a requirement to improve and scale their security posture rapidly. To secure tier-1 enterprise customers, the company had to meet robust procurement criteria including:
- ISO 27001 certification: A non-negotiable for global aerospace and asset-intensive sectors.
- Risk Governance: Board-level assurance that cyber risks were managed using a structured, repeatable framework.
- Operational Security: Balancing rapid product development with robust technical controls.
The solution: A strategic virtual CISO partnership
We deployed a Virtual CISO model to provide executive-level security leadership without the ongoing cost of a full-time employee. This was delivered in two phases:
Phase 1: Building the foundation (the road to ISO 27001)
We built an Information Security Management System tailored to ValStream’s risk profile.
- Audit readiness: We guided the team through the rigorous stage 1 and 2 audits, resulting in successful ISO 27001 certification.
- Human firewall: We implemented an ongoing security awareness program, using security-first thinking in staff onboarding and engineering practices.
- Technical defence: We initiated a 24/7 managed Security Information and Event Management platform to allow secure, identity-based access for the global workforce.
Phase 2: Sustaining excellence
Post-certification, the relationship transitioned into a long-term strategic partnership. Our virtual CISO then provided continued benefits:
- Ongoing governance: Monthly operational reviews and KPI monitoring.
- Sales enablement: Responding to complex vendor security questionnaires, supporting the sales cycle.
- Risk maturity: Maintaining a live risk register to inform decision-making.
The results: Security as a competitive advantage
The partnership transformed security from a technical requirement into a business capability:
- Certified trust: ISO 27001 certification achieved and maintained, supporting the enterprise procurement process.
- Culture shift: Significant reduction in phishing click-rates and 100% training completion.
- Board-level clarity: Transparent view of cyber risk, backed by data-driven KPIs.
- Scalable infrastructure: Implementation of 24/7 monitoring and secure access service edge architecture – a secure foundation for future growth.
Customer Perspective
“Before working with Cybersec, security felt like a constant worry in the background. By the end of the engagement, security had shifted from a compliance millstone to an ongoing leadership capability. We now have the assurance our board and customers expect, driven by the thought leadership of Agincourt.”
— David Stevens, CEO, ValStream