In order to help us improve efficiency and give our clients an extra level of security, in 2018 we began the rigorous process to implement not one, but two globally respected ISO standards for Information Security and Quality Management.
Fast forward almost 12 months and we’re thrilled to have been successfully certified for both the ISO 9001 and ISO 27001 standards, regulated by the International Standards Organisation! The two accreditations are a testament to the dedication we have for improving our processes and the continued service we offer our clients, as well as quality assurance and testing for all of our products and processes.
“ISO International Standards ensure that products and services are safe, reliable and of good quality. For business, they are strategic tools that reduce costs by minimizing waste and errors and increasing productivity. They help companies to access new markets, level the playing field for developing countries and facilitate free and fair global trade”.
What is the International Standards Organisation?
Founded in 1946, the International Standards Organisation (or ISO) is an independent, non-governmental international organization with a membership of 164 national standards bodies. The ISO promotes worldwide proprietary, industrial and commercial standards which include standards for information security. Representatives from numerous national standards organisations from around the world make up the well-respected organisation.
What is the ISO 9001 standard?
The ISO 9001 standard is based on a number of quality management principles including a strong customer focus, the motivation and implication of top management, the process approach and continual improvement in these areas. In order to achieve ISO 9001, companies must consistently demonstrate products and services that meet customer and regulatory requirements, as well as regular measurement and analysis of the key areas.
What does the ISO 27001 standard for Information Security cover?
According to its documentation, ISO 27001 was developed to “provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information security management system.” Achieving ISO 27001 accreditation is a complex process which takes months, and sometimes even years. The aim of the standard is to assess and minimise all security risks associated with a business, which includes any assets, vulnerabilities, threats and impacts which could impact our company.
But, why?
We chose to implement the two standards to demonstrate our ability to consistently provide a high-quality service for our enterprise level clients, which meets their needs and industry standards whilst also practising good security practices across the company to keep our data safe. Both policies include details for documentation, management responsibility, internal audits, continual improvement, and corrective and preventive action.
It has taken almost 12 months (and lots of hard work!) to successfully implement the two standards, which includes a not-so-light IMS document which details all of our processes and the measures we take to minimise risk. Information, including our IMS document and statement of applicability, can be provided on request.
We’re super proud of achieving these two accreditations and look forward to the opportunities they will bring.