Overview
Client is the world’s largest manufacturer of evaporative air coolers and a recognized global leader in energy-efficient air-cooling solutions. With operations in over 60 countries and a strong focus on sustainable innovation, the company caters to a broad spectrum of customers across residential, commercial, and industrial segments. As a publicly listed company, Symphony required a mature and auditable information security framework to align with its global reputation and business obligations.
Client: Intelligent Automation Company (Name Withheld for Confidentiality)
Industry: Electrical and Electronic Manufacturing
Employees: 930
Revenue: $176.4 Million
Locations in Scope: Gujarat, India (2 Sites)
Engagement Duration: 2019 – Ongoing
Challenges
- Establishing an Information Security Management System (ISMS) across engineering, R&D, operations, and supply chain
- Managing and securing data spread across manufacturing, vendor systems, and cloud services
- Addressing the rising importance of intellectual property protection and secure design processes
- Ensuring that information security practices scale with the company’s rapid global expansion
- Recently, aligning with the updated ISO 27001:2022 requirements while maintaining business continuity
Our Solution
Kalp Systems provided end-to-end consulting support through two distinct project phases:
Phase 1 – Initial Certification (2019):
- Conducted organization-wide risk assessment, asset classification, and gap analysis
- Designed a pragmatic ISMS covering technical, physical, and administrative controls
- Developed core documentation including ISMS policy, SoA, procedures, training modules, and risk treatment plans
- Supported internal audits, management reviews, and external audits leading to successful ISO 27001:2013 certification
Phase 2 – Transition to ISO 27001:2022 (Ongoing):
- Re-initiated ISMS review based on the 2022 control set
- Conducted delta assessment to map new and updated controls (e.g., threat intelligence, secure coding, cloud services governance)
- Coordinating implementation, stakeholder training, and documentation updates as per 2022 version
- Managing the transition timeline in coordination with certification body audits
Results
- Achieved ISO 27001:2013 certification across both sites with no major audit findings
- Integrated security practices into manufacturing and product lifecycle processes
- Strengthened intellectual property and R&D data protection aligned with international standards
- Currently facilitating a smooth and timely transition to ISO 27001:2022, ensuring continuity and future-readiness