Blue Crystal Solutions achieves ISO certification to underpin secure service offerings

Business joins a small group of MSPs accredited for quality and information security, with plans to expand AI services.

Blue Crystal Solutions has achieved ISO 9001:2015 certification for quality management systems and ISO/IEC 27001:2022 certification for information security management systems.

The specialist cloud and database services company made the decision to seek the certifications in response to mitigating cybersecurity threats for itself and customers.

Vito Rinaldi, managing director, Blue Crystal Solutions said, “To match the standards required from our existing client base and remove barriers to engagement for future customers,” said

The dual certifications, valid for three years, mean the Adelaide-based business has proven protection against cyber attacks, data breaches and unauthorised access.

Global benchmarks that recognise secure, robust systems

Blue Crystal Solutions must maintain a live risk register that tracks threats across people, processes and technology, operate within a framework of 93 security controls, and monitor, review and enhance security performance year after year.

ISO 9001 sets the standard for quality management systems and mandates that customer requirements, measurable objectives and audits drive continual improvement. All processes must be documented, repeatable and transparent.

“Achieving ISO 9001 means our clients are guaranteed reliable outcomes, fewer defects and smoother engagements” said Rinaldi.

Securing dual ISO certification was a company-wide initiative that began with a comprehensive gap analysis and risk assessment, followed by extensive process refinement and documentation across all teams, culminating in a rigorous independent audit conducted by an accredited certification body.

The business also had support from ISO365, its virtual CISO, and Compass Assurance Services, its independent auditor.

“With a full complement of local consultants to support our clients, this is something we’ve always been able to deliver, and this certification just makes it official.” Rinaldi said.

Accreditation supports plans to expanding data-centric services

The dual accreditation comes as the business moves further into data-centric services such as private LLM deployments and modern data platforms.

Blue Crystal Solutions is seeing increased demand from businesses looking to develop private LLMs and have access to secure, cost-efficient and compliant AI assistants. However, businesses face significant complexity and risk, according to Rinaldi.

“Private LLMs offer organisations the benefits of a powerful AI assistant — fully secured, hosted within your own cloud or data centre, and fine-tuned to your data, policies, and workflows,” he said.

The company wants to position itself as a trusted partner that can offer these specialised, secure services.

“We can help design, build and manage these deployments end-to-end, ensuring that organisations can innovate confidently while maintaining cost efficiency and compliance,” he said.

Looking ahead, the business plans to continue being guided by ISO365 best practices and achieve Essential Eight Maturity Level 2, as defined by the Australian Cyber Security Centre’s (ACSC). This level is designed to defend against more sophisticated adversaries.

It also plans to continue expanding into defence and other security-sensitive sectors and will seek defense industry-specific accreditation to support customers in these industries.

“With the defence industry a focus area for us, where we have several large scale database management contracts, we’re on our journey to achieve DISP certification,” Rinaldi concluded.