Helping an accrediting body to get accredited: IASME’s story
As one of just five companies appointed as Accreditation Bodies for the Government’s Cyber Essentials Scheme, IASME Consortium Ltd is well versed in recognising the importance of certifications and accreditations in opening doors to new business.
By 2018, following significant growth in popularity for the scheme, launched some four years prior, many more companies were looking to adopt Cyber Essentials. Often running an ISO accredited management system themselves, a generous proportion of these companies naturally expected IASME to be doing the same. With their active encouragement, Chris and the team researched the options and soon recognised that consultancy would be the fastest way to ensure that IASME’s quality systems were made ready for the their first audit against UKAS ISO 9001 Quality Management System standards.
Chris Pinder, Business Development Manager at IASME, comments, “We’d grown significantly over the previous couple of years and we wanted to demonstrate to existing and potential clients that our commitment to quality was as strong as it was when the company started in 2012. The accreditation was also becoming something we needed to open new doors for us. The business as a whole had had no formal exposure to ISO 9001 however, we felt that implementing the system would help ensure we had the right policies and procedures in place and ensure they we were focussed on both our and our customers’ needs.”
Chris, who had prior experience of ISO 9001, had concerns that he had been out of the loop for a few years. Having chosen the team at ISO Quality Services Ltd (ISOQSL) to provide consultancy, Chris was delighted that his allocated consultant, Dan Pemberton, was able to bring him back up to speed, briefing him on the changes found in the 2015 version of the standard.
During IASME’s on-site gap analysis, they reviewed the existing processes and controls to identify where improvements could be made or additional measures were needed. Of course, Dan and Chris could not implement a quality management system in isolation. Chris explains, “The decision to go for ISO was a whole company decision, everyone bought into the concept from the beginning, although some of the team cautioned concern that the system could control us rather than us control the system.” With this in mind, they took care to ensure that improvements were implemented in such a way that they would become fully embedded into the company and a natural part of day to day operations.
Chris praises Dan’s positive approach which helped ensure that whole process was a positive experience, “He didn’t just tell us where we needed to improve, he also praised us for the good practice we already had in place.”
As for the initial concerns about the possibility of the system controlling the people, Chris comments, “The processes we have in place now are more structured yet not so controlled that they become bureaucratic or a hindrance to the smooth running of the business. One of our concerns was that ISO would add unnecessary layers but, in reality, it has simply helped us update and enhance our processes. The system work extremely well for the business.”
The entire process from gap analysis to the successful audit by an independent accredited certification partner took 10 months and Chris was delighted with the Assessor’s comments. The team was praised for having a very mature system in comparison to its relative infancy; fine comments indeed to receive during an accreditation audit.
As well as operating its new management system and operating Cyber Essentials, IASME also offers its own information assurance governance standard and is now focussing on the launch of its new internet protection monitoring system for small businesses, charities and vulnerable individuals in the community. It has employed 14 previously unemployed neuro-diverse individuals to staff this project. For more information, see www.iasme.co.uk.
Chris’s Top Tips
- If you’re wavering with your decision, just go for it. There’s a misconception that ISO 9001 is burdensome however, if implemented properly, it works for and with your business.
- Involve your team. We update our team via team meetings and we have embedded ISO as part of the induction for new starters so they are aware of the importance of quality management to IASME.
- Be open to advice. It has helped us implement a wider range of methods by which to measure customer satisfaction, all of which have been extremely positive. It shows we are delivering what the customer wants and has provided the means for our customers to propose new ideas.
Consultant’s View: Dan Pemberton:
The organisation had a great deal of information already in place however, work was needed in order to add structure and correctly comply with the international standard.
From the onset, my aim was to ensure the management system fitted in with the ethos and direction of the organisation, whilst still maintaining the level of compliance required by the standard. As a consultant, with the full support of ISOQSL, my aim was to ensure the management system worked for the organisation and not the other way around.
Well done to all involved.
Managing Director’s View: Jennifer Semini:
Having known Chris and the team from IASME for some time through the local business networking circuit, we were delighted to have been selected as their consultancy partner for the implementation for the ISO 9001. We really appreciate having the opportunity to assist such a growing and well-respected Worcestershire business. We felt a real sense of pride when Chris called the office to share the good news that they had passed their UKAS audit with flying colours and we look forward to being on hand to help where needed in the future.
IASME’s achievements have since been recognised at the 2019 National Cyber Awards, where the IASME team was delighted to win the Cyber Business of the Year Award. View our awards and memberships or read about our award-winning customer service.