Microsoft Purview

The Challenge

As a result of working with clients in highly regulated industries, AlfaPeople needed to demonstrate that is has the right compliance and cyber security practices in place. The company embarked on achieving internationally recognised ISO certification, for both quality management (ISO 9001) and information security (ISO 27001). In addition, the company was bidding for a major project where compliance played a major role.

“We’re a rapidly growing expanding business. With the right frameworks in place, we can assure our growing client base that not only do we have the best practices and processes in place for quality management, but that their data is safe with us, which is a key differentiator in today’s climate,” explained Phillip Rawlinson, MD of AlfaPeople UK.

“Achieving ISO 9001 also means that we have the right foundation to scale up more quickly and be more agile in our approach.”

However, in preparation of the audit and accreditation process, the company identified a lack of in-house resource to dedicate to the task. Bridewell was brought in to assist with the certification and implementation of the frameworks.

The Solution

Bridewell is a specialist cyber security and data privacy consultancy that delivers a range of solutions, including support, management and audit services around achieving ISO accreditation.

The Bridewell team worked with AlfaPeople to understand what was required, what processes were already in place, and what needed to be implemented from a framework point of view.

Based on the demands of the project and looking at the longer-term benefits of implementing a standards framework, Bridewell recommended a business management system to deal with the control of all the associated documentation. The system would also act as a resource for employees and auditors to source the evidence and documentation needed as part of the initial audit, as well as future audits.

Since implementing the business management system, AlfaPeople has been able to centralize its processes, policies and procedures. This includes standard templates for contracts and working with third parties, as well as procedures on employee behavior and adherence to security policies.

“It’s a great point of reference for our employees and a fantastic resource for the ISO qualifications, but it also helps us with the way we work with our customers and suppliers. It’s helped us win new business and contracting for that business, because we can prove we have the infrastructure in place,” said Rawlinson.

The Results

Bridewell prides itself on a 100% first-time success rate when it comes to helping customers become ISO accredited. In the case of AlfaPeople, this also proved to be true. The company achieved its certification for both standards first-time round, and in a lot less time than its other offices.

“Bridewell was extremely knowledgeable and efficient. They looked at what we had in place and then made recommendations on where we needed to improve, what documentation was needed to support that, and what additional training we needed. The team worked with us right from scoping out the requirements to preparing us for the external audit with the auditors.”

“The project went according to plan, in terms of budget and deadline, and achieving the accreditation has enabled us to win new customers and is a key differentiator for us, especially ISO 27001. I would recommend the Bridewell team, based on their professionalism, expertise and high quality of service delivery,” concluded Rawlinson.