The software & technology sector is thriving. With this opportunity comes the need to achieve sustainable and sustained growth by successfully mitigating the risks in the business environment.
As a software & technology company, it is likely that you will have to consider customer requirements as an intrinsic part of your product and business model. It goes without saying the unwritten requirement to maintain security of data and develop robust software that is fit for the best of clients. ISO 9001 and 27001 will help you develop your processes to sufficiently control your business systems and information security functions.
2SB are experienced ISO Consultants who assist companies that develop telecommunications services, websites & applications, API gateways and banking, insurance, & medical software.
In the software and technology world, a well managed business is as essential as a secure product or service - a great way to apply best practice is through the implementation of ISO 9001. This business management tool helps organisations to document and develop robust systems and processes, retain quality while reducing costs, improve internal harmony and deliver investor & client satisfaction.
When implemented well, it can work seamlessly alongside ISO 27001 certification to deliver a wholistic approach to secure business management, to assure clients of quality and safety of data.
Proving you can provide security of information is a likely to be a business critical requirement. With online threats impacting businesses large and small, your clients will be looking for a solution that will allow them to achieve continuity of service and security of data.
ISO 27001 is a comprehensive management standard that looks at every element of your business activity. From secure development and network security, through to access control and asset management, you must consider how to address existing weaknesses and make continual improvements.
One of the core principles at 2SB is to become the business for which we are working. With years of business experience, all of our consultants have the ability to quickly understand the culture of the business they are working in.
Once we understand your business, we are able to quickly implement processes that deliver value to your business, engaging with your employees at all levels - we aren't interested in paperwork and procedures for the sake of certification. We are there to ensure your business complies to the standard with a fair balance of effort and time.
The ISO assessment process can be quite confusing. Understanding the difference between ISO, UKAS (the national accreditation body) and the certification bodies is the first step:
ISO is the International Organisation that writes standards for many different industry sectors. ISO 9001, 14001, 27001 and 45001 are some of the best known but as of January 2019 there were over 21,000 different ISO standards. ISO will review standards and issue updates, and write new standards where there is a need. It sits right at the top.
If ISO write the rules, it is UKAS who oversees them at the highest level in the UK. UKAS is the sole national accreditation body for the UK and is recognised by government. UKAS visit certification bodies to ensure that they and their assessors are performing to a sufficiently high level. Certification bodies seek to get accreditation from UKAS to demonstrate their competence, and 2SB believe in only suggesting certification bodies who have been accredited by UKAS. Some certification bodies are not UKAS accredited, but this means the certificate they issue is unregulated – these certificates carry less weight and in the worst cases may not demonstrate any compliance to the ISO standard.
The next step down is the Certification Bodies (DNV, NQA, ISOQAR, BSI etc). It is the certification bodies who will visit and audit your business to check for compliance against the ISO standards. Some certification bodies specialise in certain industries, some have international reputations, some are more competitively priced than others. There are around 100 certification bodies who are accredited by UKAS and it is up to your business who you ask to assess your ISO system. All certification bodies should do a similar job, however like with anything, the type of service given can vary. 2SB can help you select the right body to use for your business (and are not affiliated with any certification body).
Consultants (like 2SB) are used to help guide businesses implement management systems. They understand the standards needed to achieve certification but also look to add value to your business. It is possible for a business to successfully gain certification without the use of consultants however it can require considerable internal resources. Consultancies possess the experience, knowledge and training that can streamline the process and provide cost effective guidance as well as bring added value to your systems.