Case Study: EntrustIT
Established in 2006, entrustIT provide their growing customer base a range of cloud computing services, primarily hosted desktop and email, together with full IT support.
Already a trusted supplier with authorised Microsoft Silver Partner and Citrix Cloud Services Partner status, the company added ISO 9001 and ISO 27001 certification to their list of credentials during 2014.
entrustIT sought to demonstrate to both prospective and existing clients that they are a cut above the rest. Whilst many companies claim to offer a quality service, not many can actually prove it. Managing Director – Jeff Dodd – therefore looked at the ISO 9001 quality management standard as a way of ensuring best practice within the company. Jeff explained;
“We felt that ISO 9001 would help to create some structure to what we do – ensuring repeatable processes that people could rely on. As we grow, the challenge would only become greater, so we felt getting processes in place now would benefit us and our clients both today and into the future.”
With the world increasingly storing data online, ISO 27001 also provided an opportunity for entrustIT to reassure clients that their data was safe whilst under their responsibility. Certification could also lead to opening up new opportunities for the business. Jeff added;
“We saw ISO 27001 as a key differentiator for “quality” cloud organisations, so we wanted to be an early adopter. Security is understandably high on people’s list of concerns when they adopt cloud computing and we wanted to be able to simply point to our certification as evidence that we take security issues seriously. Not only that, but also, that our approach stands up to external scrutiny.”
To reap the benefits from implementing an ISO management system, buy-in from management is important so that best practice filters down the organisation. Appropriately then, it was Jeff who took on primary responsibility for both ISO 9001 and ISO 27001 implementation.
The start of the certification process begins with an initial Stage 1 audit by a BAB assessor. As part of this, a Gap Analysis is included so organisations come away knowing exactly what is needed in order to achieve successful certification. Whilst the idea of an audit can be daunting, the reality is many businesses are doing plenty of good things already, it’s just that processes aren’t formalised. Jeff commented on his experience;
“At the initial audit we found we were non-compliant in pretty much every area! However, it wasn’t that we didn’t have processes; it was that documentation for them was non-existent.”
Implementing an ISO management standard provides an opportunity to question how things are done and to see what can be made simpler and more efficient, for the benefit of staff and clients. Jeff explained how implementation went, saying;
“It took us quite a while to work through each element, gather together what we were doing and then convert it into something that could be written up. The exercise encouraged us to make changes to processes where we needed them and to remove those which added no value. Overall, the staff appreciated the additional structure and it started to feel like a coming of age process for the business.”
Whilst many may have a preconceived idea of what a typical ISO assessor may be like, BAB’s ethos is to be pragmatic and understanding of the pressures of running a small business. Ultimately, the intention of ISO standards is that they help the business, not burden it! Jeff commented on the relationship established with their assessor;
“Whilst we were very pleased to complete the audit successfully, it also provided us with some suggestions for continual improvement into the future.”
For their clients, ISO 9001 promises the company is committed to providing a high level of service, consistently. Meanwhile, entrustIT join the likes of Google in providing assurance to their clients that data is safe in their hands, thanks to help from ISO 27001. Jeff summed up the experience;
“Everyone understands the importance of quality and security to us as an organisation. As a result, it helps to keep them focused on what our clients want. Although it’s too early to say, we think it will be reassuring to our existing clients that we are progressing and maturing as an organisation. Our new clients can also be confident that with these certifications we’re showing our commitment to remaining a leader in our market.”
Find out more about us
Next entry: BAB adds OHSAS 18001 to UKAS accreditation
Previous entry: Case Study: Sight for Surrey