HomeBlogCase StudyGovernance and ComplianceCase Study: ISO 27001:2013 Certification and Transition to ISO 27001:2022 for a Global Air Cooling Solutions Manufacturer

Case Study: ISO 27001:2013 Certification and Transition to ISO 27001:2022 for a Global Air Cooling Solutions Manufacturer

Overview

Client is the world’s largest manufacturer of evaporative air coolers and a recognized global leader in energy-efficient air-cooling solutions. With operations in over 60 countries and a strong focus on sustainable innovation, the company caters to a broad spectrum of customers across residential, commercial, and industrial segments. As a publicly listed company, Symphony required a mature and auditable information security framework to align with its global reputation and business obligations.

Client: Intelligent Automation Company (Name Withheld for Confidentiality)
Industry: Electrical and Electronic Manufacturing
Employees: 930
Revenue: $176.4 Million
Locations in Scope: Gujarat, India (2 Sites)
Engagement Duration: 2019 – Ongoing

Challenges

  • Establishing an Information Security Management System (ISMS) across engineering, R&D, operations, and supply chain
  • Managing and securing data spread across manufacturing, vendor systems, and cloud services
  • Addressing the rising importance of intellectual property protection and secure design processes
  • Ensuring that information security practices scale with the company’s rapid global expansion
  • Recently, aligning with the updated ISO 27001:2022 requirements while maintaining business continuity

Our Solution

Kalp Systems provided end-to-end consulting support through two distinct project phases:

Phase 1 – Initial Certification (2019):

  • Conducted organization-wide risk assessment, asset classification, and gap analysis
  • Designed a pragmatic ISMS covering technical, physical, and administrative controls
  • Developed core documentation including ISMS policy, SoA, procedures, training modules, and risk treatment plans
  • Supported internal audits, management reviews, and external audits leading to successful ISO 27001:2013 certification

Phase 2 – Transition to ISO 27001:2022 (Ongoing):

  • Re-initiated ISMS review based on the 2022 control set
  • Conducted delta assessment to map new and updated controls (e.g., threat intelligence, secure coding, cloud services governance)
  • Coordinating implementation, stakeholder training, and documentation updates as per 2022 version
  • Managing the transition timeline in coordination with certification body audits

Results

  • Achieved ISO 27001:2013 certification across both sites with no major audit findings
  • Integrated security practices into manufacturing and product lifecycle processes
  • Strengthened intellectual property and R&D data protection aligned with international standards
  • Currently facilitating a smooth and timely transition to ISO 27001:2022, ensuring continuity and future-readiness

Leave a Reply

Your email address will not be published. Required fields are marked *

This is a staging environment