ISO Update: What our globally recognised quality and security standards mean for you

Big Bite’s two ISO certifications give our clients assurance that the products and services we supply are of high quality, as well as demonstrating that we take security very seriously, which is key for the enterprise-level projects that we work on. But what does that mean for our clients, and why should you choose a supplier with these standards?

The benefits of ISO 9001 and ISO 27001 

In 2018, we successfully implemented ISO 9001 and ISO 27001 standards for Information Security and Quality Management. The International Standards Organisation (ISO) is an independent, non-governmental international organisation that promotes worldwide proprietary, industrial and commercial standards which include standards for information security.

The first of these two accreditations, ISO 9001, relates to us maintaining the expected high-quality standards in the organisation. ISO 27001 is specific to information security management systems, and for establishing, implementing, maintaining and continuously improving ISMS.

Quality is key with ISO 9001. The accreditation provides a set of procedures for delivering products and services, and these procedures ensure consistency in everything we do as a company. By ensuring the quality is maintained, it gives confidence to our existing and prospective clients.

In its essence, ISO 27001 ensures that we follow the best principles of information security, which protects not just our own data, but the client’s too. At enterprise-level, the publishing organisations and financial institutions we work with, utilise huge amounts of data that has to be secure. The sheer volume of information that is processed when dealing with something such as a site migration, requires not only the infrastructure to manage the security of data, but also an incredibly organised team to facilitate such a complex multilevel project. 

Being trusted by enterprise-level clients such as Octopus, Amnesty International and Gumtree is why we have these ISO standards checked by a third party, to give confidence. This is why due diligence is so important.

Continuous improvements, regular audits

The rigorous process we undertook to achieve and implement these standards took almost 12 months and a lot of hard work. Since that point, over the last two years, the two ISO’s have been continually and independently audited by Lloyd’s Register UK. Lloyds is an internationally recognised body and is highly regarded in the industry for its thorough investigative surveillance measures. 

Lloyd’s Register has taken our processes and formalised and standardised them. For example, documenting each of our client relationships at all times gives more security and more accountability.

The processes allow us to continue to structure project management in a way that ensures quality is kept to a high standard alongside reducing risk across the project. We continue to build upon a solid foundation of processes on which we base all projects, and although workflows will occasionally require a different approach depending on the scope of the project, the goal is ultimately the same. 

In addition to focusing on project management systems, we have also incorporated continuous ISO improvement processes into our sales practices and design and UX approach. Lloyds commended us, as we passed through the latest audit, on how well our journeys are planned and executed from sales through to discovery, into design, development and finally to launch. 

Last month, we are happy to announce that we completed our latest assessment visit. In this review, we demonstrated that we had maintained all the controls that we have in place, for both security and QA. 

What continuous ISO improvements mean for our clients

There’s many benefits to choosing an ISO-certified partner, including: 

  • Additional peace of mind.
  • A better understanding of project phases and clarity for next steps.
  • Heightened communication between Big Bite and our clients.
  • Ability to highlight risk prior to work commencing, with clear impact levels and solutions put in place to reduce these risks.
  • Informative reporting, such as sprint reports, release documents and runbooks.
  • Deeper client relationships and long-lasting partnerships.
  • By capturing client feedback, and ongoing perceptions, we can continually promote quality standards.
  • We are nurturing an environment where a client can feel secure. In the real world things can go wrong – what we’re trying to do is minimise this as much as humanly possible, and create a system where things are traceable and testable via an accountable audit trail.

We’re very proud of achieving these two accreditations, and we continue to work towards full continuous certificate renewal and ongoing compliance.