Digital Octopii helped On-Site Scanning certify for ISO 9001, 27001, 22301 and BS 10008 in just nine months through the creation of an integrated management system (IMS).
Achieved certification for all four standards
Completed in just nine months
Implemented fully functional integrated management system
Based in Port Glasgow, Scotland, On-Site Scanning (OSS) offers multiple services to UK organisations that need help with their documents, either with storing, scanning or managing them electronically. These services are available to the private sector and also the public sector, primarily the NHS.
The business has always specialised in document scanning. Prior to embarking on the implementation of multiple ISO standards, OSS already worked to an ISO level of quality through its compliance with BS 10008:2020 Evidential Weight and Legal Admissibility of Information Stored Electronically.
On-Site Scanning’s directors have a clear vision and want to grow their business in the public sector, particularly with the NHS, by helping their customers realise and unlock the potential and value of their documents. To achieve this, OSS knew they needed to become further certified so they could get onto public sector frameworks that required more certification than they currently held.
The decision was taken to certify to ISO 27001 (Information Security), ISO 9001 (Quality), ISO 22301 (Business Continuity), and BS 10008 (Legal Admissibility). Rather than operate each management system in isolation from each other, OSS wanted to implement an Integrated Management System (IMS) covering all four standards. This would save them time and money when it came to both internal and external audits.
Joint Managing Director of OSS, Barry Higgins, knew these standards would allow them to get on their desired frameworks, meeting public sector and corporate client requirements. By being on par with already certified companies, OSS could tender for the same jobs and expand the business offering.
Barry explains they were already complying with certain standards as the business required so he was very familiar with compliance and governance, however now OSS needed to be certified and verified by a third party.
The company’s objectives in attaining certification in all four areas were:
OSS set themselves a target of 12 months to achieve those objectives. Obtaining 4 certifications in one year is a very tall order! To achieve this, the business created a new Compliance Officer role with a dedicated employee. Kirn Darroch was brought in to manage the standards implementation project and run their eventual on-going compliance.
When OSS initially began working towards ISO certification, they were trying to go it alone, without a consultant. They had made some progress over several months but eventually realised the extent and complexity of work required to implement four standards at the same time, within a year. Finding an expert to properly guide them to their end goals sooner and more efficiently made sense.
They found that Elisabeth Belisle, Digital Octopii’s Founder and ISO consultant, has been the perfect consultant to meet their objectives. OSS was introduced to Elisabeth after a close working partner, Ricoh, informed them of their work with Elisabeth and Digital Octopii that helped them achieve several standards.
After initiating work with Digital Octopii, both parties quickly set a working pattern of weekly calls with intense workload in between. Together Kirn and Elisabeth worked through the requirements of the standards, the different controls to implement, and produced the documentation and evidence required to get ready for external audit by official certification bodies, the British Assessment Bureau (for ISO 9001, 27001 and 22301) and LRQA (for BS 10008).
The early to mid-stages of certification were heavily dependent on Digital Octopii. Still, as the weeks went by, OSS, and Kirn, in particular, felt more confident in their understanding and ability to modify and maintain the controls and requirements of the standards. Although they are not fully there yet and still have regular meetings with Digital Octopii, they’re in a much better position than before they started.
After starting work with Digital Octopii, OSS obtained the first two certifications (ISO 9001 and ISO 27001) in two months; then came BS 10008 a month later, and they achieved ISO 22301 six months on. We helped them achieve all four ISO certificates in nine months.
One of the most significant benefits for OSS is how it’s improved the running of the business. The process transformed aspects of the company, allowing OSS to improve its operations. They became better organised, more streamlined and more efficient. Creating an Integrated Management System enhanced their reporting and monitoring, which has proven vital to their business.
The result: certified in 9 months for ISO 27001, ISO 9001, ISO 22301 and BS 10008 with a functional integrated management system.
In the end, OSS has been successfully certified for the standards it set out to achieve, well-within the 12-month deadline it had set itself. They’re not yet completely independent and self-sufficient in maintaining their recertifications every three years, but they are very close to it. In the process, they learned a great deal about their business that they may not have otherwise and have greatly improved all their operations internally and externally.
Introducing a formal risk management system into the business has helped prevent problems and ensure their operations run smoothly.
No matter what phase your ISO project is in, we can support you.
As Associate Consultants of the British Standards Institute, we are recognised experts in this field. We will help you become compliant with one of the above standards; whether you want to obtain certification by BSI or another UKAS-accredited body – or whether you just want to improve your current practices.
Not sure which standard is best for you or where to start?