Becoming ISO accredited can create a competitive advantage for a company, particularly with ISO 27001, the international standard for information security management. So it proved for AlfaPeople, Microsoft Dynamics Partners with hundreds of customers and 14 offices across three continents.
ISO 27001 helped them to win new business and have the right foundation to scale up more quickly and be more agile. As a result of working with clients in highly regulated industries, AlfaPeople needed to demonstrate that is has the right compliance and cyber security practices. The company embarked on achieving internationally recognised ISO certification, for both quality management (ISO 9001) and info-security (ISO 27001). The company was bidding for a major project where compliance played a major role.
Phillip Rawlinson, MD of AlfaPeople UK, said: “We’re a rapidly growing expanding business. With the right frameworks in place, we can assure our growing client base that not only do we have the best practices and processes in place for quality management, but that their data is safe with us, which is a key differentiator in today’s climate.
“Achieving ISO 9001 also means that we have the right foundation to scale up more quickly and be more agile in our approach.”
When preparing for the audit and accreditation process, the company identified a lack of in-house resource to dedicate to the task. Bridewell Consulting was brought in to assist with the certification and implementation of the frameworks.
Bridewell is a specialist cyber security and data privacy consultancy that offers support, management and audit services around achieving ISO accreditation. Bridewell worked with AlfaPeople to understand what was required, what processes were already in place, and what needed doing from a framework point of view. Based on the demands of the project and looking at the longer-term benefits of implementing a standards framework, Bridewell recommended a business management system to deal with the control of all the associated documentation. The system would also act as a resource for employees and auditors to source the evidence and documentation needed as part of the initial audit, as well as future audits.
Since bringing in the business management system, AlfaPeople has been able to centralise its processes, policies and procedures. This includes standard templates for contracts and working with third parties, as well as procedures on employee behaviour and adherence to security policies.
Rawlinson said: “It’s a great point of reference for our employees and a fantastic resource for the ISO qualifications, but it also helps us with the way we work with our customers and suppliers. It’s helped us win new business and contracting for that business, because we can prove we have the infrastructure in place.”
AlfaPeople achieved its certification for both standards first-time round, and in less time than its other offices.
Rawlinson added: “Bridewell was extremely knowledgeable and efficient. They looked at what we had in place and then made recommendations on where we needed to improve, what documentation was needed to support that, and what additional training we needed. The team worked with us right from scoping out the requirements to preparing us for the external audit with the auditors.
“The project went according to plan, in terms of budget and deadline, and achieving the accreditation has enabled us to win new customers and is a key differentiator for us, especially ISO 27001. I would recommend the Bridewell team, based on their professionalism, expertise and high quality of service delivery.”
