Does external accreditation make a real difference?

A personal view from our Managing Director

Creatio recently had an external audit by BSI to maintain our ISO27001:2013 Information Security accreditation.

The two days were intensive but beneficial – a view we didn’t have we when embarked on gaining ISO27001 accreditation back in 2016. Back then we thought it would be painful, bureaucratic, and troublesome but a necessary evil as we had started to see tenders requiring such accreditation.

Well, we couldn’t have been more wrong!

Very quickly we understood the benefits of making various internal changes to align with the ISO27001 requirements as the changes really enhanced what we do and how we do it, and positively transformed the culture of the company.

We are thankful that our incredible staff continually embrace new ideas and the changes we implement. They all have contributed to various internal and external audits over the years.

As a team, we quicky benefitted from the accreditation, not only in setting us further apart from our competitors and helping us to win various tenders, but through internal growth and improvements across each of our business functions.

We are now completely committed and are rolling out the concept of ISO Champions within our teams not only for ISO27001 but across a range of other ISO Standards and external accreditations we have embarked on achieving.

Our recent audit with the BSI was a fantastic experience with this year’s Auditor being as robust, informative, and challenging as her predecessors as, over two days, she probed our arrangements across a range of areas of our business such as:

  • Risk Assessment and Management
  • Performance Evaluation and Improvement
  • HR Security, HR Processes and Training & Development
  • Physical & Environmental Controls Security
  • IT Access Control
  • System Acquisition, Development & Maintenance
  • Incident Management
  • Client On-boarding
  • Code Development & Deployment
  • Security Awareness Interviews
  • Legal and Regulatory Compliance

We were delighted to pass the audit with no non-conformities and have already implemented several suggestions the Auditor made in relation to improving our arrangements further. More pleasing than that was the highlighting of several areas of good practice in the Audit Report which were due to the hard work of our incredible team and our two lead internal auditors Rose Ahmed and Sally Green.

So, does an ISO accreditation make a difference? For us, absolutely - an ISO accreditation is not just a tick box exercise or a burden, it is something that adds real value to our business and helps us continually review and enhance our arrangements to help us keep ahead of our competitors.

If you are debating whether to go for external accreditation, our advice would be - go for it with an open mind and genuine commitment to enhancing and changing your arrangements further and we suspect you’ll look back a few years later and be glad you embarked on your accreditation journey.

We would have no hesitation in recommending BSI to anyone and would be happy to share with you how our Governance Module helps us to manage and embed our Governance, ISO, and Cyber Essentials arrangements.

Good luck and enjoy the journey!