Implementing Multiple Certifications (ISO 27001, ISO 22301 & ISO 9001)

The Solution

Cambridge Risk Solutions worked with the client over a number of years, until mergers led to restructuring of the department.

We were initially engaged to implement an Information Security Management System (ISMS) for certification to ISO 27001.

Working closely with the business, this was implemented within a couple of months, having been designed so that it could be adapted to include ISO 22301 and for later inclusion of ISO 9001, which the client already held.

Shortly after successful certification to ISO 27001, the client decided to proceed with ISO 22301 certification, and we worked with the client to update the ISMS to create a fully Integrated Management System.

By this time, the revised ISO 9001 had been published, requiring our client to revisit the documentation that was in place. Our consultant was able to easily extract the existing procedures and update the Integrated Management System to fully encompass the requirements of the Quality standard.

The Integrated Management System has now been in successful operation for some time, and encompasses all three standards as well as Labour Standards Assurance System (LSAS, an NHS requirement).

It was used as the basis for the NHS Data Security and Protection Toolkit, which the client was required to submit annually.