What challenges were you and your team experiencing prior to working with us – what prompted you to seek a solution? One of the reasons we decided to certify to ISO 27001 was part of our succession plan, so future successors could take it forward and operate the business standing on its own two feet.
We had a renewed sense of focus and vision, aimed at growing and trying to impact and support as many businesses as we can, to be safer places to operate. With that has come growth. We have gone from processing a small line of checks to processing 70,000 DBS checks in a year.
Due to the sheer quantity of data we work with, we felt we had a duty to become certified to ensure we are protecting our client’s data in the best possible way. There’s also some wording in the data protection guidance, specifically around handling personal and sensitive data, such as criminal data.
We take it extremely seriously, so the motivation was a sense of responsibility to our customers. We had no commercial motivation, but we’re aware it could open up opportunities.
The project was very much self-led, with no external pressures.
How did you go about searching for the solution and services? We reached out to a few ISO service providers, some through referrals, some through Google search and had conversations with them. We spoke to a couple of organisations who had worked with Evalian® in the past, to get their input. We wanted someone who could embed into Personnel Checks and work as a partner.
After initial conversations with Chris, and then with Danny to understand how he would lead the project, we felt Evalian® would be that partner and would match well with our work ethics and goals.
Please describe the reasons you decided to work with us. We narrowed it down to two companies. There were two main factors behind why we chose Evalian®:
1) The price was all-encompassing right through to certification, the other organisation was much more compartmentalised, with add-on costs. When we forecasted their offering against Evalian®’s, Evalian® came out a touch more expensive, but in the long run, we felt the offering was much more comprehensive and valuable in terms of time and resources.
2) We really liked Danny, who resonated with our way of thinking and seemed to really understand how our business worked and how we work as a team. We felt Evalian® would embed well in the business, whereas the other service providers seemed more transactional. We didn’t want just a set of documents, we wanted to change the culture within the organisation, and we felt Danny would certainly do that.
Did you have any expectations going into the process? We didn’t really have any expectations, apart from the fact we knew the process was going to require a lot of time, buy-in and commitment. After a gap analysis (benchmark assessment), when Danny started guiding us through, he showed us a particular slide and it was overwhelming, but he explained it bit by bit concisely and it put us at ease quickly. We knew from that point that we had nothing to worry about and that we would have the right kind of support we needed every step of the way.
Can you describe the process we took your business through and anything you learnt about your own business through working this way? After the initial scoping calls, we had lots of check-ins from Danny throughout the project. We didn’t at any point feel like we were falling behind with documentation and deadlines. He was always available and responsive and reassured us that there are no ‘silly questions’, really helping us understand the fundamentals of what was required, why it was required and the benefits to the business.
He prepared us very well for what was coming and ensured we weren’t under any illusion that it would be a piece of cake but he supported us through each of our audits and we went in armed as well as we possibly could be.
Were there any challenges you found along the way and how did you feel we or your consultant, helped to support you through that? The biggest challenge was communicating the requirements down through our business – how to explain what ISO 27001 meant. Danny supported us with that very well and furnished Tracey and me and the project leads, with vocabulary as well as ideas and rationale. He even joined one or two full team meetings and he completely owned it and presented what the standard was, what it involved and articulated it really well to the team.
There weren’t any insurmountable challenges. We knew taking on ISO 27001 certification and running a business at the same time would be difficult to do – but it’s been very helpful having that external iso 27001 consultancy, to give us that bit more momentum and keep us on track during busy periods and understand where we are and help push us over the line.
What has been the most significant achievement for your business facilitated by using our services? Our processes and procedures are now really robust. We have a strong suite of iso 27001 documents, well organised and they cover everything we need to cover. Our mentality has evolved throughout the business now on every level.
For example, when it comes to onboarding new suppliers, we know we have key documents that will support that process and certain guidelines to follow in order to ensure we’re doing everything in the correct way and protecting our clients.
What impact has the results from working with us had on your clients/stakeholders? It gives them that reassurance that we’re absolutely committed to what we’re doing and that we’re doing things properly. The integrity behind what we do is so important to us as a business, we practice what we preach and we’re reassuring our customers we’re treating their data with respect and doing everything within our power to ensure their data is safe in our hands.
We now have an internal structure that is recognised, and it shows that we keep our own house really strongly in order.
What do you hope to achieve in the future? We’re looking at BCORP. We are based in the smallish town of Blackburn but we want to show that we are being progressive and considering other factors that our business might impact like the environment.
We will definitely be considering working with Evalian® again – perhaps ISO 9001 in the not-too-distant future. We’d highly recommend Evalian® to other organisations considering using their services. It’s rare these days to find an organisation that provides you with consistent consultancy right from buy-in to completion, without aspects of a project changing hands throughout the process, we really appreciated that.