Getting ISO Certified: The Need-to-Know about ISO

Richard Brown
Subscribe Contact us

Authors

In 1947, 65 delegates from 25 countries collected to produce the International Organization for Standardization (ISO). An independent, non-governmental body, ISO came together with the intention of sharing knowledge in order to ‘support innovation and provide solutions to global challenges’ (see their official website). Just over 70 years since publishing their first ISO standard in 1951, the ‘Standard reference temperature for industrial length measurements’, the organisation has grown exponentially to encompass 24,992 International Standards across the technology, management, and manufacturing sectors.


Cambridge Management Consulting has spent the best part of two years devoted to earning their certification across three families of these standards – namely, 9001, 14001, and 27001 – through a combined effort of meticulousness, analysis, and a commitment to constant improvement, both internally and for the benefit of our customers and clients.


In this article, we go into further detail about what ISO is and what it means to be certified, specifically the three that Cambridge MC have prioritised; why it matters to be certified; the process to getting there; and how Cambridge MC can help you to achieve the same standardisation. 


What is an ISO?


As aforementioned, an ISO is one in a family of standardisations that establish a benchmark for how an organisation should operate within a particular faculty. At the core of this is ISO 9001, which is focussed on quality management; given its emphases of customer focus, top management, process transformation, and continual improvement, 9001 is the most fundamental and adaptable standard that ISO certifies (being applicable to organisations of any size) and is thus the most widely held. At the time of writing, the ISO official website boasts of over one million organisations across over 170 countries holding an ISO 9001. 


However, ISO does not stop here. This page of their official website lists 17 further standards an organisation might wish to undergo, and these are just their ‘most popular’. Using those standards that we decided to adopt as examples, here is a snapshot of the range of business operations that ISO covers:


ISO 9001: To reiterate, ISO 9001 lies at the core of the ISO project. The most commonly held standard, 9001 assists a business to lay their foundational principles of quality management, which further standards, such as those listed below, can subsequently be layered upon. To summarise, using the values listed in more detail here, ISO 9001 prioritises and optimises an organisation’s customer focus, leadership, people engagement, process approach, improvement, evidence-based decision making, and relationship management.


ISO 14001: An ever more pressing, relevant, and vital standard, ISO 14001 focuses on the environmental impact of an organisation, and how they can optimise their operations to be more sustainable. Not only is this an attractive standard to possess from a business point of view, improving the reputation of your organisation and providing a ‘competitive and financial advantage through improved efficiencies and reduced costs’ (see this brochure on the standard), but it also contributes to the betterment of the world and encourages the same from suppliers and clients by integrating them into your own business systems—hence Cambridge MC’s own choice to earn this certification. 


ISO 27001: The most recent standard under Cambridge MC’s belt, ISO 27001 is the world’s most recognised standard for information security management systems (ISMS). In a world with increasingly frequent and prevalent cyber security risks and traps, this standard assists organisations to become equally aware of them, encouraging proactivity by identifying and addressing any chinks in an organisation’s digital armour, and thus tackling any issues before they arise. In short, ISO 27001 names its core values as risk management, cyber-resilience, and operational excellence. 


These are just several of ISO’s thousands of standardisations designed to streamline the operations and running of an organisation. However, the work does not stop here: though ISO has taken the time and care to design these standards, your organisation must apply the effort to implement them. In the next couple of sections, we break down both why it is desirable to have an ISO and the method behind getting certified, from the lessons we learned going through the process. 


Why we chose to get certified


As with most organisations, the choice to become ISO certified for Cambridge MC came down to one thing: risk management. At the crux of the ISO journey, particularly 9001 but also, for Cambridge MC, when it came to beginning 14001 and 27001, is identifying and addressing the potential risks to our organisation before they arise. Waiting to complete an ISO when and while risks become apparent will only cause them to exacerbate. Beginning the process well in advance allows them to be acknowledged, minimised, and resolved before they have a chance to inflict significant damage upon a business. 


For our business environment, one of the most crucial factors to completing ISO 9001 was growth. Though rapidly growing in clientele and project size, Cambridge MC is still a relatively young company, and was, until not too long ago, relatively small. At this time there was less need for an established QMS system, however, as our team began to expand and multiply, we quickly recognised that it would be an essential factor by the time we could prepare the groundwork. In this way, the QMS system that was built through ISO 9001 at the time has since been able to grow and mature as the company does, expanding to incorporate aspects of the company as they come to fruition. To those start-ups or smaller organisations anticipating growth of this nature, we strongly recommend engaging with ISO 9001 sooner rather than later. 


Since then, achieving 14001 and 27001 have felt like very natural steps. Beyond the reasons listed previously, earning and understanding 14001 was very close to the heart of what Cambridge MC does, given our close proximity and working relationship with our sustainability-led sister-company, edenseven. From there the decision was simple: how do we best demonstrate the principles that we promote. 


With 27001, the thought process boiled down to best practice. As a company that handles large amounts of data day-to-day, without adopting an official plan to reduce and avoid security risks, we could potentially jeopardise the running of both our own company and that of our clients. With ISO 27001, we have closed-up any gaps that could allow these dangers to sneak through.


The ISO Process


Earning the ISO certification, beginning specifically with 9001, took around 18 months in total to complete. With regard to identifying and evaluating the risks that you seek to absolve through gaining the ISO, the process opened with an assessment of the scope that the ISO would cover. This does not have to be static, it can reflect the current nature of your organisation in a way that leaves room for change, growth, and maturity over time, as we experienced at Cambridge MC. This beginning stage is further supplemented by the use of an internal auditor, who assists with identifying and substantiating the scope of the project.


Once your scope is outlined, you can begin filling it in. At Cambridge MC, we conducted this by designing and building out a company manual. This initially represented and reflected the QMS principles of ISO 9001 and our assimilation of them into our working patterns, however it has since evolved to include ISO 14001 and 27001. (The latter of these also depended on the achievement of Cyber Essentials and Cyber Essentials Plus externally to the ISO, making us the first organisation affiliated with Data Connectivity (our primary IT provider) to earn these certifications.)


Once this was completed, we then subscribed to a certifying body, who appointed an external auditor to check that we have since complied with ISO standards not just on paper, but in practice. They had the opportunity to delve as deep into our working operations as they please, and open up as much interpretation within our manual as they deemed appropriate, to affirm that we were performing to standard. Only then could we achieve certification.


The process does not end there. At Cambridge MC, we are not concerned with earning the ISO standardisation in order to get a certificate on our wall or a badge on our website’s homepage, and this is something that ISO itself assures. The certification is only valid for three years, at which point it will need to be renewed via another assessment; in the interim your organisation must undergo frequent surveillance to assure that you are keeping to your principles in the meantime. As such, one of the primary values promoted by the ISO and adopted proudly by Cambridge MC, is continual improvement. 


At Cambridge MC, we demonstrate this through our Weekly Learning and Development (L&D) sessions – an internal seminar every Friday afternoon in which one of our clients or team members has the opportunity to educate the rest of the group on a particular topic or industry. Though optional, these sessions are strongly encouraged and give the chance for the Cambridge MC team to improve their learning and skillset outside of their particular specialism or department. Further to this, we are committed to the principles attached to our ISO certification by regularly reviewing our risk register, processes, policies, procedures, etc. The more assimilated these self-assessments become in our working patterns, the more ingrained the ISO values have become.


Notes:


[1] Given that ‘International Organization for Standardization’ translates to different acronyms in different languages, in line with their founding principles, these delegates decided to standardise it to ‘ISO’, partially derived from the Greek ‘isos’ to mean ‘equal’. ‘Whatever the country, whatever the language, we are always ISO.’


How Cambridge MC can help you


Becoming ISO certified is incredibly beneficial, if not near-essential, to the running of a successful and growth-orientated organisation. Assimilating a widely-recognised and proven standardisation system into one’s business and operating patterns not only allows for minimisation of risks and continued improvement throughout growth phases, but it also proves to current and potential clients and customers that you take these principles seriously.


For these reasons, if you are similarly interested in having your organisation become ISO certified, Cambridge Management Consulting is now equipped with the knowledge and experience to help you bring this to fruition. Please get into contact for any insight, advice, or guidance that can help you along your own journey to getting certified. 

About Cambridge Management Consulting


Cambridge Management Consulting (Cambridge MC) is an international consulting firm that helps companies of all sizes have a better impact on the world. Founded in Cambridge, UK, initially to help the start-up community, Cambridge MC has grown to over 200 consultants working on projects in 25 countries. Our capabilities focus on supporting the private and public sector with their people, process and digital technology challenges.


What makes Cambridge Management Consulting unique is that it doesn’t employ consultants – only senior executives with real industry or government experience and the skills to advise their clients from a place of true credibility. Our team strives to have a highly positive impact on all the organisations they serve. We are confident there is no business or enterprise that we cannot help transform for the better.


Cambridge Management Consulting has offices or legal entities in Cambridge, London, New York, Paris, Dubai, Singapore and Helsinki, with further expansion planned in future. 


For more information visit www.cambridgemc.com or get in touch below.

Contact - Africa

Subscribe to our Newsletter

Blog Subscribe

SHARE CONTENT

Case Study: A Rapid Strategy Stress Test to Accelerate a Go-to-Market Strategy

by Mauro Mortali 9 May 2026
We were approached by a global networking systems, services, and software company that specialises in optical and routing solutions. Their technology helps carriers, enterprises, and governments build more efficient and scalable networks, particularly for high-bandwidth applications like 5G, cloud computing, and AI-driven networking. Africa is a key strategic market for this client. They are also playing an active role in advancing outlined 5G technology on the continent, emphasising a focus on routing and switching aggregation components, network slicing, and monetisation. The Opportunity The client engaged Cambridge MC to provide external insight and support to augment and accelerate the progress of their Go-to-Market plans for Africa. We proposed our in-house rapid Strategy Stress Test that delivers key insights across areas of your strategy using a 1–5 health-scoring matrix. The client's aim is to grow market share in the region with a precisely focussed strategy that targets their market with key propositions and solutions. We were engaged to review this strategy and their plans for the region, identifying critical opportunities and gaps with a quick turnaround. Approach We used our Rapid Strategy Stress Test methodology which provides: Target geographies, opportunities, and partners for resource effectiveness and success maximisation Assessment of client's Go-to-Market Strategy including identification and testing of key assumptions Identification of new opportunities and any gaps in the strategy Recommendations on how best to capitalise on the market and accelerate their route to success This included carrying out target addressable and client-addressable market sizing by country for the Optical, Data Centre Interconnect, Routing and Switching portfolios; competitor market share analysis; analysis of current and planned data centre build in the target countries; future trend analysis, including Political, Economic, Social, Technological, Legal and Environmental trends by country. We put their GtM strategy and plans through our Stress Test framework, scoring capabilities against best-in-class – across 11 parameters such as Market Potential, Adaptability to Local Needs, Pricing and Marketing & Demand Generation. Recommendations were made against each of the 11 areas relating to opportunities to accelerate their GtM strategy. In order to support effective targeting of resources into key countries, we developed a country prioritisation framework across 15 parameters, such as GDP growth, energy supply, stability of regulatory environment, and ease of doing business. This quantitative assessment was supplemented with the real world experience of our Africa experts. 
A digital human made of blocks and wires jumping into the air

Your Digital Transformation Isn’t Failing Because of the Tech

by Ruth Redding 23 April 2026
Why digital transformation fails: human adoption. Learn how leaders can reduce change resistance, protect ROI and improve programme success with structured change management | READ FULL ARTICLE
Businessman walks across desert into AI portal

5 AI Use Cases You Can Stand Up in 90 Days

9 April 2026
This article suggests how to pilot AI in 90 days with five practical use cases for operations leaders – from triage and forecasting to summarisation – with clear governance and measurable value | READ FULL ARTICLE
Wind farms and solar panels in the countryside at dawn

Energy, Risk and Competitiveness: The Real Sustainability Conversation

by Scott Armstrong 27 March 2026
Sustainability | Energy, risk and competitiveness – find out why sustainability is no longer just about reporting, but about resilience, cost control and long-term advantage | READ FULL ARTICLE
Yello and turquoise neon lights.

Press Release: Cambridge Management Consulting Acquires The Carrier Club

24 March 2026
International consulting firm, Cambridge Management Consulting has acquired telecommunications cost-reduction specialist, The Carrier Club, strengthening its ability to help organisations reduce their telecoms and network infrastructure costs.
Pembroke College lawn bathed in sunlight

Case Study: A Corporate Partnership Between Pembroke College & Cambridge MC Based on Shared Values

by Tim Passingham 12 March 2026
CAMBRIDGE | See how Cambridge MC and Pembroke College are creating mutual value through a unique corporate partnership spanning student opportunities, academic collaboration and industry events | READ FULL CASE STUDY
Neon sharks made out of code.

Ransomware in 2026: What Boards Actually Need to Know

by Simon Crimp 9 March 2026
Cyber Security | Ransomware in 2026 is a board-level resilience issue. Learn the key risks, weak spots and practical questions boards should ask to improve readiness, recovery and response.
The Top 21.2026 at the awards event in Cambridge, UK.

#21toWatch 2026 Winners Revealed: Deeptech Founders Tackling Society's Toughest Health and Climate Challenges

6 March 2026
The #21toWatch Top21.2026 winners have been announced at an awards ceremony at The Glasshouse innovation hub in Cambridge.
Asian business woman near a long window and looking at a tablet.

IWD 2026: Embracing The Power of Femininity at Work

by Arianna Mortali 6 March 2026
BLOG | A student’s perspective on why women shouldn’t have to ‘play masculine’ to succeed at work – and how valuing empathy, confidence and inclusive leadership can help close gender gaps and build healthier organisations.
More posts