Case Studies

Case studies

Recent examples of practical, audit-ready security work

Over the past three years, Caracara Intelligence has supported organisations across multiple sectors with the design, operation, and improvement of their information security and governance frameworks.

Our work focuses on building practical, audit-ready systems that reflect how organisations actually operate — not template-driven compliance or documentation created purely for certification. We work closely with leadership and operational teams to assess risk, strengthen governance, and embed sustainable security practices.

Below are selected examples of recent engagements that show how we help organisations achieve measurable, defensible outcomes under audit and scrutiny.

Selected engagements

Examples of the work delivered

Case study

ISO 27001 Recertification & ISMS Refresh

ISO 27001

An organisation had held ISO 27001 certification for approximately ten years, but the Information Security Management System had evolved organically over time. Documentation was largely aligned to the 2017 version of the standard, with limited structured review as requirements and business operations changed.

The challenge
  • Out-of-date documentation aligned to the previous standard
  • Accumulated legacy policies and procedures with unclear relevance
  • Limited recent internal audit coverage
  • Risk documentation that no longer reflected how the organisation operated
What we found
  • Policies and procedures referencing superseded controls
  • A Statement of Applicability requiring review and restructuring
  • Risk assessments needing stakeholder validation
  • An internal audit programme needing refresh to reflect current scope and risk
The solution
  • Structured ISO 27001:2022 gap analysis
  • Updated and rationalised documentation set
  • Review and update of the Statement of Applicability
  • Risk register refresh with stakeholder input
  • Re-established internal audit programme
  • Acted as fractional Information Security Manager through the recertification cycle
How it was delivered
  • Worked closely with leadership and operational teams
  • Aligned the ISMS to how the organisation actually operated
  • Removed obsolete material and clarified document ownership
  • Focused on practical evidence and audit defensibility
The result
  • Successful ISO 27001 recertification
  • No major nonconformities and no minor nonconformities
  • A streamlined, current, and defensible ISMS
  • Clear ownership of policies, risk, and controls
  • Improved confidence in the ISMS as a living management system
Case study

ISO 27001:2017 to ISO 27001:2022 Transition & Uplift

ISO 27001:2022

An organisation was operating an established ISO 27001 ISMS aligned to the 2017 standard, but needed to transition to the 2022 revision while maintaining certification and meeting evolving customer and regulatory expectations.

The challenge
  • Uplift the ISMS without disrupting day-to-day operations
  • Maintain leadership engagement through the transition
  • Ensure full compliance with the updated standard
  • Refresh the internal audit approach to match the new control structure
What we found
  • New and revised control requirements needed structured review
  • Policy language and document structure required updating
  • Governance documentation needed clearer alignment to operational reality
  • The organisation required practical support to manage the transition efficiently
The solution
  • Full ISO 27001:2022 gap analysis across the existing ISMS
  • Updated and reissued affected documentation
  • Aligned policies, procedures, and records to the 2022 control framework
  • Reviewed the ISMS holistically for consistency and completeness
  • Acted as fractional Information Security Manager throughout the uplift
How it was delivered
  • Worked directly with the leadership team to review and approve updates
  • Recommended proportionate changes rather than unnecessary bureaucracy
  • Embedded changes into normal business operations
  • Maintained a focus on audit readiness and sustainability
The result
  • Successful transition from ISO 27001:2017 to ISO 27001:2022
  • An ISMS updated in line with current risks and operational practice
  • Leadership-approved governance documentation
  • Improved audit readiness and clarity of control ownership
  • Confidence that the ISMS could be maintained sustainably going forward

All engagements were delivered in alignment with ISO 27001 certification requirements and focused on practical, defensible implementation rather than template-led compliance activity.

Next step

Need similar support for certification, uplift, or governance improvement?

Get in touch to discuss how Caracara Intelligence can support your organisation with practical, audit-ready information security work.

Contact us
Contact Us