+44 3301 333 307 magma@magmacloud.co.uk
Telecoms & Public Sector

Telco / Local Authority Partnership —
ISMS & ISO 27001

ISMS delivery, ISO 27001 readiness, PSN accreditation, and data centre migration architectural leadership for a major joint venture between a telecommunications provider and a local authority.

Sector
Telecoms & Public Sector
Type
ISMS & Compliance
Standards
ISO 27001, PSN
Status
Completed

The Challenge

Joint ventures between the private sector and local authorities present a distinctive set of security and compliance challenges. The entity inherits obligations from both sides — the commercial risk profile and contractual requirements of a telecommunications provider, and the public sector obligations around data handling, PSN connectivity, and transparency. When a major telco formed a joint venture with a local authority to deliver managed IT services, the combined organisation needed to establish a credible information security management baseline that would satisfy both commercial clients and public sector governance requirements.

The organisation needed an ISO 27001-aligned Information Security Management System — not just as a certification target, but as a working framework that could be applied consistently across the joint venture's operations. At the same time, PSN (Public Services Network) accreditation was required to maintain connectivity with local authority systems, adding a specific set of technical and process controls that had to be evidenced and maintained.

Alongside the compliance programme, the organisation was undertaking a significant infrastructure project: migrating its data centre estate. This migration needed to be architected in a way that preserved — and where possible improved — the security posture being built through the ISMS programme.

What We Did

Magma Cloud led the design and delivery of the organisation's Information Security Management System (ISMS) — building the policy framework, risk assessment processes, controls library, and evidence documentation required to operate to ISO 27001 standards. The ISMS was designed to be operationally workable, not just an audit artefact: controls were proportionate to the organisation's actual risk profile, and documented processes reflected how work actually happened rather than how a textbook said it should.

We then led the ISO 27001 readiness programme — preparing the organisation for certification by working through each of the standard's control domains, identifying gaps, implementing remediation, and building the evidence base required to demonstrate compliance. This included staff awareness, supplier management, incident response, business continuity, and the full range of technical and organisational controls required under Annex A.

For PSN accreditation, we worked through the Code of Connection requirements, assessed the organisation's technical controls against the PSN framework, and worked with the team to close the gaps. PSN accreditation is a specific, detailed process — one where organisations with limited experience of public sector IT compliance routinely underestimate the evidence burden. We had worked through it before, and that experience was reflected in the pace and quality of the submission.

As architectural lead for the data centre migration, we designed the target architecture, defined the migration sequence, and ensured that security controls were embedded in the new environment from the outset. The migration was sequenced to avoid gaps in PSN connectivity or ISO 27001 control coverage during the transition.

Outcomes

  • ISO 27001-aligned ISMS designed, documented, and embedded — operational across the joint venture
  • ISO 27001 readiness programme completed — organisation prepared for certification across all Annex A control domains
  • PSN accreditation achieved — Code of Connection requirements met, evidence base submitted and approved
  • Data centre migration architected and sequenced with no loss of PSN connectivity or ISO 27001 control coverage during transition
  • Organisation positioned to sustain its compliance posture and serve both commercial and public sector clients with confidence

Services Used

Facing similar challenges?

Book a free Ignite Assessment — a 30-minute call with a senior security architect. You'll leave with a read of your current posture, the top risks we'd tackle first, and a clear view of how we can help.

Book Ignite Assessment