As a small to medium sized enterprise (SME), it’s essential that you make the most of the resources that are out there to help you reach your potential. The international standards provided by the International Standards Organisation (ISO) are one such resource that, if you can make use of, can do wonders for your business. ISO pools together the expertise of its members to form these world-class standards, and businesses can then gain accreditations to demonstrate to their market that they are meeting those standards. These accreditations, which include ISO 26000 (social responsibility) and ISO 27001 (information security management), can help your business prove to clients and shareholders alike that you are providing the highest quality of products and services.
Why is this kind of accreditation important?
There are a number of reasons why these accreditations, awarded by independent bodies such as the NQA, are beneficial. In fact, ISO provides its own document listing ten of these reasons. The biggest single benefit to meeting these standards, which encapsulates what ISO is trying to say in their 10 reasons, is that getting these accreditations will show the world that your business is the real deal. Whatever product or service it is that you specialise in, having the relevant accreditations will reassure existing customers that their money is in good hands, will be a hook for potential customers as they see that your business is one they can trust, and will help your whole organisation to become a more efficient, profitable machine that is always in line with legal requirements.
Case Study: How to obtain ISO 27001 accreditation
To make all of this clearer, I want to focus on a specific accreditation: ISO 27001. This accreditation, which recognises information security management, is an ongoing process. It starts with an initial audit to see where your strengths and weaknesses lie when it comes to information and data security, and then helps your business to implement and information security management system (ISMS), which ensures that you can continue to meet the global standard.
Accreditation processThe accreditation process starts with the filling out of a Quote Request Form, which helps your accrediting body, to assess your business’s situation. From here your company is helped to set up the ISMS. The implementation of this system is then assessed over two visits, over the course of which you demonstrate that you’ve been successfully using the system - covering people, processes and IT - for at least 3 months. After this initial process, a combination of annual surveillance and three-yearly re-certification ensures that your company goes on meeting the industry standards.
Benefits of this accreditationDon’t be put off if all that sounds gruelling; the benefits of the accreditation are worth it. Attaining ISO 27001 has all the benefits mentioned above, as well as more specific upsides. For example, if your company is involved in handling sensitive customer data, this accreditation will minimise the risk of threats such as viral attacks and cybercrime, and show shareholders and customers that you are serious about protecting their information. The system ensures that there is a focus on security throughout the company, not just at the senior level, and that you are able to comply with regulations such as the Data Protection Act at all times. Put all of this together, and you get a package which shows the world that your SME is good at what they do, and that you are able to keep the promises that you make regarding data and information security.
Why does this matter to your SME?
Maybe ISO 27001 isn’t particularly relevant to your business, but it’s just one accreditation out of many. Browse a comprehensive list of international standards to see whether there is a standard that can boost your business’s credibility in an area that you require.
There are general benefits to having these sort of accreditations, mostly around helping you to prove that your company performs to a globally recognised standard. Similarly, as you can see with ISO 27001, there are specific benefits to each standard that can give your company that essential boost, helping you to maximise your ability to do things well, and to help you show that you are good enough to compete with even the biggest of your competitors. These accreditations are worth thinking about, because they might be just what you need to push your business to the next level.
By Lucy Shipley, Managing Director at Shredall/SDS