17 - May - 2016

ISO Quality Management and Information Security Management Systems

Post by Barry S
Ixis Service

In line with our constant strive to continually improve, we're on the path to ISO 9001 and 27001 certification.

As a lean, agile, and bureaucracy free outfit we had been quite content in self-managing our methods and processes and not being held back with the weight of outdated and bloated standards; we left all that back in the 1990s surely? Then, for a large government body we were working with to migrate away from a traditional dedicated datacentre type setup to a container based bleeding edge type setup, an audit was commissioned to satisfy their own internal security department due to the lack of certification to prove our competence in this area.  

What came out of that two day invasive poke around every dark corner of our work by two very serious chaps, was a pat on the back and a thumbs up that we were in fact pretty much ISO compliant with one or two gaps, and some documentation. Gold Stars were awarded for business continuity in the event of a disaster; it's true our office could we wiped from the face of the planet and we could still provide 100% of our service 100% of the time, and also for control and governance around access to our clients systems; thanks to our slightly paranoid yet very clever infrastructure team.

Out of this initial audit came some actions and we were able to make some quick changes during the lifespan of the migration project, but to become certified we realised we needed help. Through recommendation we hired James Parson, Director and Senior Consultant at Profile Consulting:

"Profile Consulting was invited to do a Gap Analysis of current system arrangements at Ixis against the requirements of the international management standards ISO 9001: 2015 and ISO 27001: 2013.  At this stage Ixis have good internal systems but these were not defined and they also have clever people doing clever things around Drupal but in a way that lacked an externally obvious structure.  ISO 9001 and 27001 provide this management framework within which Ixis can show the good things it is doing, so that they will be more visible to the outside commercial world and auditable against consistent good management practices.  The Action Plan within the Gap Analysis provides a plan to train all Company staff, define in process flows the core procedures, record activities in a Policy Manual, implement these new arrangements and audit the revised processes to confirm they are working appropriately.  Ixis has shown a willingness to embrace these different methods of working while retaining what it does best.  The Company is on target to comfortably achieve external UKAS accredited certification in the autumn of 2016."

There is quite a bit of questioning and documenting everything we do; which is a useful exercise for any organisation, and we're already streamlining and adding governance as we go. Not quite the headache we first thought, this ISO certification.

For more about the ISO 9001 and 27001 standards go here, for more about Profile Consulting visit their website here.

Profile picture for user Barry S

Barry S

Operations Director

Helping to lubricate the inner workings, sticking up for process and quality, keeping the staff sane and the clients happy.

Comments

Music to my ears..."lean, agile, and bureaucracy free outfit" not afraid to tackle ISO 27001 which many believe can be restrictive to operating in a lean and agile way. 

I'm desperate to tell you about a software solution which is perfect for your way of working and will dramatically reduce your management time in implementation and ongoing, 'in-life' maintenance, of your ISMS. Complementing the expert guidance of Profile Consulting, it would make life simpler, help you get more from you information security management and speed-up your route to certification. 

It seems our organisations are very similar and I'd love an opportunity for a quick chat to explore if the solution could help you as much as it helped us with our ISO 27001.

Add new comment

Share this article

Our thoughts

Let's work together

Get in touch and find out how we can empower your organisation.
Back to top