ISO 9001 & 27001 - CASE STUDY

NWT were approached by a client, a specialised Software as-a-Service (SaaS) company, to support them with their ISO9001 and ISO27001 accreditation journey. They had a developed governance framework for their business with many of the standard controls and policies, but needed to extend to full 9001 and 27001 certification. These standards have become a requirement for their key business partnerships such as Microsoft and AWS.

The first step in the journey was to ensure that the client was conversant with the structure and frameworks of the ISO9001 and ISO27001 standards and could relate their current policies and processes. Maturity models were used to assess what had already been developed against the standard, provide the basis of feedback to the client to help understanding of the standard and develop the backlog of work required to bridge the gaps. This approach defined the scope of work required but also enhanced the understanding of the standard by the client as a key preparation for the eventual audits.

NWT Started with the ISO9001 Quality Management System QMS standard and assisted with the preparation of the necessary processes and policies. With this completed as a foundation, the ISO27001 Information security requirements were then added to provide an overall integrated Management system. Combining the two systems in this way ensures a simplified documentations structure and simplifies auditing requirements going forward.

Following the introduction of both standards to the client and development of the policies and controls, NWT then provided the necessary internal audit processes, creating the backlog of improvements to enhance both standards to position the client for the external audits for certification. Finally, NWT Provided close support throughout the external audits leading to full certification as maturing management systems.