PPQ safeguards Queenslanders' personal information

Prior to founding Cadent, James Gauci spent three years leading the digital and technology function at Personalised Plates Queensland (PPQ), a high-volume ecommerce business that sells custom vehicle registration plates, managed by Publicis Groupe on behalf of the Queensland Department of Transport and Main Roads (TMR). During his time at the organisation, James led an agile transformation, a ground-up internal business system overhaul, and a major ecommerce site update to significantly improved commercial and customer satisfaction outcomes.

He also initiated PPQ's journey toward Queensland Government IS18 compliance, which included ISO 27001 certification, amongst other features. After James ended his time with the business, Cadent was invited to consult to ensure continuity of the initiative.

PPQ handles all of the information you may expect a standard ecommerce company to manage, but uniquely, it's required to handle government identification documents like driver licences, and access sensitive government systems. This makes the potential impact associated with risks to the confidentiality of this information considerably greater.

Establishment of ISO 27001 compliance in the organisation posed several distinctive challenges: the ISMS had to be portable along with the head contract should it be awarded to another party, it had to incorporate a suite of standards and frameworks required by IS18, and it had to integrate with Publicis Groupe's own governance framework and ISMS.

In collaboration with PPQ's GRC vendor, Cadent deeply customised PPQ's policies to describe and account for its unique governance landscape and advised key stakeholders in the business on risk management, inventories and access controls. Cadent also acted as chair for ISMS committee meetings over the transition period.

One year after commencement of the initiative, PPQ was successfully certified as ISO 27001 compliant.