David Wolf · Portfolio Use Case
ISO 27001 information security management system audit, gap analysis, and management consulting for a regulated iGaming platform.
Delivered ISO 27001 information security management system (ISMS) audit and management consulting for Pathwwway, a regulated iGaming platform. Work covered ISMS scoping, gap analysis against ISO 27001 controls, risk assessment support, policy and documentation review, and management consulting to help the organization build a certification-ready security management posture aligned to the iGaming regulatory environment.
Client
Pathwwway iGaming
Engagement Type
consulting
Period
2017
Role
ISO 27001 Auditor / Management Consultant
Focus Areas
Pathwwway, ISO 27001, ISMS
The Context
ISO 27001 is the international standard for information security management systems. Certification requires a structured approach to identifying information assets, assessing risks, implementing controls across 114 Annex A control objectives (ISO 27001:2013), maintaining documented evidence of control operation, and committing to continual improvement. For an iGaming platform, the ISMS scope intersects with player data, payment processing, fraud/risk systems, identity and access management, third-party integrations, incident response, business continuity, and jurisdictional compliance obligations. The audit and consulting engagement ran alongside the Deputy Head of Technology period at Pathwwway, providing both technical leadership context and external audit perspective.
The Challenge
ISO 27001 audits in regulated iGaming environments surface a characteristic set of gaps: incomplete asset inventories, undocumented risk assessments, inconsistent access control evidence, weak supplier management documentation, and ISMS policy frameworks that exist on paper but lack operational discipline. The challenge was conducting an honest gap assessment, prioritizing what mattered most for certification readiness, and translating findings into management consulting guidance that a technology leadership team could actually implement — balancing audit rigor with operational pragmatism in a fast-moving platform environment.
What I Did
The Outcome
Completed ISO 27001:2013 gap analysis across all Annex A control domains for the Pathwwway iGaming platform.
Consulting
Guidance delivered to technology leadership and management stakeholders
Key Deliverables
Client
Pathwwway iGaming
Engagement Type
consulting
Period
2017
Role
ISO 27001 Auditor / Management Consultant
Focus Areas
Pathwwway, ISO 27001, ISMS
The Context
ISO 27001 is the international standard for information security management systems. Certification requires a structured approach to identifying information assets, assessing risks, implementing controls across 114 Annex A control objectives (ISO 27001:2013), maintaining documented evidence of control operation, and committing to continual improvement. For an iGaming platform, the ISMS scope intersects with player data, payment processing, fraud/risk systems, identity and access management, third-party integrations, incident response, business continuity, and jurisdictional compliance obligations. The audit and consulting engagement ran alongside the Deputy Head of Technology period at Pathwwway, providing both technical leadership context and external audit perspective.
The Challenge
ISO 27001 audits in regulated iGaming environments surface a characteristic set of gaps: incomplete asset inventories, undocumented risk assessments, inconsistent access control evidence, weak supplier management documentation, and ISMS policy frameworks that exist on paper but lack operational discipline. The challenge was conducting an honest gap assessment, prioritizing what mattered most for certification readiness, and translating findings into management consulting guidance that a technology leadership team could actually implement — balancing audit rigor with operational pragmatism in a fast-moving platform environment.
What I Did
The Outcome
Completed ISO 27001:2013 gap analysis across all Annex A control domains for the Pathwwway iGaming platform.
Consulting
Guidance delivered to technology leadership and management stakeholders
Key Deliverables
Focus Areas
Tools & Technologies
Public-Safe Caveat
This case study is based on user-provided project context and should be treated as a draft scaffold until exact audit scope, certification outcomes, engagement dates, and supporting artifacts are confirmed from resume, LinkedIn/Profile, or other records.
David Wolf
AI Security · Product Security · Security Leadership
Based on analyzed public signals, not proof of any individual's or company's internal state.
