Great news for us, and for anyone focused on documented quality procedures: Code String has retained its ISO certifications. We are ISO27001:2013 and ISO 9001:2015 compliant – that’s for Information Security Management and Quality Management respectively.
In some ways, it felt more challenging being re-evaluated than it did submitting the business to the initial ISO audits a year ago. What would everyone conclude if we failed to retain the accolade? Answers on a postcard, please. It was never in doubt but, well, you know…
Our original certification in 2016 came about as a natural extension of the processes we had put in place to meet the requirements of a new, high-profile blue-chip client. Upon closer scrutiny, we realised that these newly-implemented procedures already covered more than 80% of the journey to ISO accreditation.
This time around, the ‘ISO Surveillance’ auditor was impressed with the way ISO is already integral to every aspect of the business. As Jan points out: “We do it without thinking about it. We don’t do it specifically for ISO; it just happens to be ISO compliant.”
What works supremely well is how our inherent processes accommodate and deal with suggested quality improvements. Outcomes from the ISO audit go into our internal code base; we raise a ticket, which gets addressed, closed, dated and documented. Guess what… it’s exactly the same procedure we use to manage improvements to our clients’ projects. It’s the ultimate closed loop process. And it was already in place.
What’s next? An internal review, then we’ll be audited again in 12-months’ time, to validate our continued worthiness.