The client is a small part of a global organisation operating in the UK and Ireland. They have a workforce of around 100 staff, of whom half are geographically dispersed and operate from home. Most of the office-based staff work in a call centre. They coordinate the distribution of incontinence products to individuals.
As a key supplier to the NHS and Care Homes, the client was required to demonstrate effective business continuity and information security procedures. The client also felt that this was good business, due to the vulnerability of the clients, the time criticality for some deliveries and the amount of sensitive data that is held.
Cambridge Risk Solutions worked with the client over a number of years, until mergers led to restructuring of the department.
We were initially engaged to implement an Information Security Management System (ISMS) for certification to ISO 27001. Working closely with the business, this was implemented within a couple of months, having been designed so that it could be adapted to include ISO 22301 and for later inclusion of ISO 9001, which the client already held.
Shortly after successful certification to ISO 27001, the client decided to proceed with ISO 22301 certification, and we worked with the client to update the ISMS to create a fully Integrated Management System. By this time, the revised ISO 9001 had been published, requiring our client to revisit the documentation that was in place. Our consultant was able to easily extract the existing procedures and update the Integrated Management System to fully encompass the requirements of the Quality standard.
The Integrated Management System has now been in successful operation for some time, and encompasses all three standards as well as Labour Standards Assurance System (LSAS, an NHS requirement).
It was used as the basis for the NHS Data Security and Protection Toolkit, which the client was required to submit annually.