Spire Technology Group
Spire Technology Group, a leading provider of IT, cybersecurity and telecommunication services, needed to implement ISO 27001 certification to secure a key contract with a US-based client. In addition, they also decided to pursue ISO 9001 certification, which was a long-term goal for the business. Together, these certificates enabled Spire to not only secure new business but enhance their service offering too.
Founded in 2001, Spire Technology Group has always focused on simplifying processes and enhancing efficiency when it comes to their customers IT and telecommunications. Their comprehensive service offering includes IT management, cybersecurity, communication solutions, and business management systems. Spire supports a diverse client base across various industries including government and healthcare, education, construction and engineering, financial and professional services and leisure and hospitality.
Despite their excellent customer satisfaction and retention rates, Spire needed to provide external assurance to a prospective client that their processes met global standards.
The challenge: a client requirement for ISO 27001
In 2022, Spire had the opportunity to work with a US-based client specialising in security services. However, a critical requirement was that they would need ISO 27001 certification, the internationally recognised standard for information security management. Without this certification, Spire risked losing the contract. This scenario isn’t unusual and is becoming more common with international business dealings to ensure best practices, regulatory compliance and data security.
The solution: satisfying the client’s needs alongside the business’ long-term goal
To meet the client’s requirements, Spire decided to implement ISO 27001. However, the leadership team also saw this as an ideal opportunity to pursue ISO 9001 certification, the standard for quality management. The Directors had long since recognised the benefits of ISO 9001, however not having the dedicated resource to ensure the task was completed to its optimum had prevented them from implementing the standard until now. Director, Paul Valentine reflected: “I had previous experience with ISO 9001 and knew firsthand how it improves internal processes and supported tenders especially with those organisations operating within the public sector. We had always intended to achieve ISO 9001 certification but hadn’t had the resources”.
Because both ISO 9001 and ISO 27001 share the same Annex SL structure, Spire was able to streamline the implementation process. There are lots of overlaps across both management systems such as processes for internal auditing and document control. Spire will therefore be able to save both time and money by integrated the systems simultaneously.
The results: client retention and new business opportunities
Spire’s existing processes were already well-aligned with the ISO standards, which made the certification process seamless. After achieving ISO 27001, Spire secured the contract with their US-based client and have since expanded their service offering to them.
Further success has followed. Thanks to Spire’s reputation for quality management and information security they landed a major project with a national care home and education organisation, which is in line with the UK’s copper switch off ending in Jan 2027 and will involve upgrading telephony systems and fibre circuits for over 170 locations across the UK. Like many of their new clients, this project came through a referral, highlighting Spire’s strong reputation as a trusted and reliable managed IT and telephony services provider. Their certifications have provided an extra layer of credibility, acting as a key differentiator in a competitive market.
Unexpected benefits
Beyond securing and retaining clients, Spire has experienced several additional benefits:
Improved reporting and efficiency: improved project reporting has allowed Spire to measure work progress against original scopes more effectively. As well as ensuring quality control and improving communication, this new process which is now completed mostly online has also improved efficiency.
Team morale and communication: Spire have shifted to more frequent team check-ins and reviews, resulting in better communication, improved morale, and enhanced teamwork. Employees feel more empowered to share challenges and ideas, which has improved morale and fostered a collaborative working environment. The introduction of new HR software has also allowed for better management of team progress towards KPIs.
Proactive issue addressing: by implementing a structured internal auditing process as part of their day-to-day activities, combined with regular client feedback, Spire are better able to identify and address any potential issues. This proactive approach ensures that problems are managed before they escalate, improving overall client satisfaction and operational efficiency.
The future: transition to ISO 27001:2022
Shortly after achieving their ISO 27001 certification, the Standard received a significant update. These updates are common practice across ISO standards to ensure they remain relevant in an evolving business environment. Following their re-certification visit in early 2024, where they received no non-conformances, Spire is on track to complete their transition to ISO 27001:2022 at their next audit. This will provide their clients with further assurance that Spire continues to uphold the highest standards of information security in a rapidly changing landscape.
Lessons learned: the importance of dedicated resources
Reflecting on their journey, Paul emphasises the need for dedicated resources when pursuing ISO certification. He commented: “If you’re looking to implement an ISO Standard, whilst the process requires the ‘buy-in’ from the organisation, we would recommend you dedicate a champion within the organisation to take responsibility for managing the process. Additionally, since acquiring these standards, we have adapted our weekly team meeting to discuss and identify where improvements can be made”.
This doesn’t necessarily mean hiring new staff. The role of managing ISO certifications, like ISO 27001 and ISO 9001, can be integrated into an existing role within the business. What’s crucial is that someone takes responsibility for overseeing the process to ensure certifications are maintained and fully integrated into your operations.
A final reflection on Spire’s ISO Journey
Implementing ISO 9001 and ISO 27001 has proved to be transformative for Spire Technology Group. Not only were they able to secure and retain a key client, but it allowed them to enhance their service offering and operational efficiencies too. With these certifications, Spire is well-positioned as a reliable and efficient partner with a strong track record in quality management and information security. As a result, they continue to gain new clients through referrals and word of mouth recommendations thanks to consistently delivering a top-tier service to their clients.
Lead Assessor Dan Pemberton, who has worked closely with Spire commented: “It has been a privilege working with the team at Spire Technology Communications, over the past few years. They have worked incredibly hard to ensure their management system is working in a way that not only meets the requirements of the business, but also that of the ISO 9001 and ISO 27001 Standards.
It is clear that the company finds a benefit from being compliant to both Standards, which is helping to ensure a consistently high-level of customer satisfaction whist also maintaining a high degree of information security“.
Paul also shared his positive experience working with ISO QSL during the process: “The team within ISO QSL have been instrumental in helping us attain both ISO 27001 and ISO 9001 standards. Dan has been especially helpful and has made the process efficient. Well done Team ISO QSL”.