CASE STUDY

How GEOxyz Took Control Over User Access to Support ISO 27001 Compliance

GEOxyz operates in a highly data-driven and security-sensitive environment. With a growing digital footprint and increasing regulatory pressure from ISO 27001 and NIS2, the organisation needed a clear, defensible understanding of who has access to what, and why, across its critical systems.

CUSTOMER CASE

Download the Full Customer Case

[SMART MOCKUP] [CUSTOMER CASE] [GEOxyz] (1)

✅  Criteria New IVIP Solution

✅  How They Achieved Identity Visibility

✅  IAM & ISO 27001 Compliance
COMPANY INFO

GEOxyz - International Leader in Marine Surveys and Offshore Activities

  • Company Name: GEOxyz
  • Headquarters: Belgium
  • Employees: +900 FTES
  • Industry: Maritime
  • Key focus: Security and Compliance 
GEOxyz - Logo

About Customer GEOxyz

GEOxyz is an international maritime data company delivering high-quality geospatial data for offshore and infrastructure projects worldwide. While the company operates vessels at sea, its core value lies in the data it collects, processes, and delivers to customers.

With a growing organisation and an increasingly complex IT landscape, protecting sensitive data and maintaining control over access to systems is a fundamental requirement for daily operations.

GEOxyz - Cold Picture

The Challenge: Visibility and Control

As GEOxyz continued to grow, the organisation increasingly recognised that it is, at its core, a data company. While operating in a maritime environment, the real value GEOxyz delivers lies in the data it collects, processes, and provides to customers. Protecting that data, therefore became a critical responsibility.

In the context of ISO/IEC 27001 certification, identity and access management emerged as a fundamental requirement. At the same time, evolving regulatory frameworks such as NIS2 reinforced the need for continuous control and demonstrable oversight of access to critical systems.

However, GEOxyz was operating in a complex IT environment with multiple systems, roles, and users, including freelancers and temporary workers. Without centralised visibility, it became increasingly difficult to maintain control and confidently answer essential questions around access.

GEOxyz - Success Story

"The biggest challenges were visibility and control. Without good governance, it’s difficult to answer simple questions like who has access to which systems and why."

GEOxyz - Picture - Enzo Vanooteghem
IT SECURITY MANAGER GEOxyz Enzo Vanooteghem

Why GEOxyz Chose Elimity's Identity Visibility and Intelligence Platform

When evaluating solutions for identity and access management, GEOxyz deliberately avoided complex, long-running IAM programs that depend heavily on external consultants or proprietary technology. The organisation was looking for a solution that could be implemented pragmatically and managed by its own team.

Based on these considerations, GEOxyz defined a clear set of criteria the solution needed to meet:

  • It had to provide immediate visibility into who has access to which systems;

  • It needed to be practical and understandable for internal teams;

  • It had to support identity and access governance without excessive complexity;

  • It should avoid vendor lock-in and rely on open, flexible technology;

  • It had to align with ISO/IEC 27001 requirements and audit expectations;

  • It needed to be implementable without long timelines or reliance on third-party consultants.

Elimity Insights matched these requirements, offering a structured but pragmatic approach to identity and access management that fit GEOxyz’s technical environment, regulatory context, and internal capabilities.

“As the organization grows, identity management becomes more important, not less. With more systems, more users, and more data, having clear control over access is essential to stay secure and in control.”

GEOxyz - Picture - Jan Catrysse
CTO and CISO GEOxyz Jan Catrysse

The Results

  • Implementation completed within weeks;

  • Centralised visibility into identities and access rights across systems;

  • Structured access reviews with clear ownership and accountability;

  • Consistent validation of access by responsible managers;

  • Improved oversight of access as users, roles, and systems change;

  • Stronger support for security operations and audit preparation;

  • Solid foundation for long-term identity governance.

"Elimity's solution gives us a clear overview of access rights across systems and makes access reviews easier by assigning review tasks to managers."

GEOxyz - Picture - Enzo Vanooteghem
IT SECURITY MANAGER GEOxyz Enzo Vanooteghem

"At GEOxyz, we wanted a practical solution which would be usable by our own people. We did not want a multi-year trajectory or a solution that depends on external consultants."

GEOxyz - Picture - Jan Catrysse
CTO and CISO GEOxyz Jan Catrysse

Audit Readiness and ISO 27001 & NIS2 Support

For GEOxyz, identity and access management (IAM) is a key pillar of its ISO 27001 approach. Demonstrating control over who has access to which systems and being able to provide clear, consistent evidence during audits are essential requirements. 

With Elimity Insights, GEOxyz established a more structured way to review and validate access rights, making audit preparation more manageable and repeatable.

This structured approach not only supports ISO 27001 controls around identity management but also helps GEOxyz build a solid foundation for evolving regulatory expectations, including NIS2, as cybersecurity requirements continue to mature.

“For ISO certification, audits require proof. You need to be able to clearly demonstrate who has access to which systems and why.”

GEOxyz - Picture - Jan Catrysse
CTO and CISO GEOxyz Jan Catrysse

The Future: From Visibility to Long-Term Governance

As GEOxyz continues to grow as a data-driven organisation, identity and access management remains a critical foundation for cybersecurity and governance.

With clearer visibility and structured access reviews in place, the organisation is well positioned to strengthen its identity governance over time and maintain control as systems, users, and regulatory expectations evolve.

“Identity management is not a one-time project. It’s something that has to evolve together with the organization.”

GEOxyz - Picture - Jan Catrysse
CTO and CISO GEOxyz Jan Catrysse
GEOxyz Stock Photo 3

Featured On This Video

CTO & CISO

Jan Catrysse

IT SECURITY MANAGER

Enzo Vanooteghem

Book a Demo with Elimity's Experts

Hubspot Blog - Book a Demo