Question? Call Us +44 330 122 8239

Build your trusted brand

Help getting certified

Certification under internationally recognised standards is good for business. It helps prove you have the systems and controls in place to be trusted to do what you say you will – an important part of the principle of ex fidabona and maximising the value of your data.

Not only that, improved systems and processes can help cut costs, reduce risk and improve efficiency.

We can help you select the right information governance standards for you and help you prepare for certification.

Which one(s)?

Standards to consider

  • ISO 27001

    ISO 27001 encompasses people, processes and technology. ISO 27001 is information security focused and provides assurance that data is appropriately secured.

  • ISO 9001

    ISO 9001 demonstrates your ability to consistently provide products and services which meet customer and regulatory requirements. ISO 9001 provides a framework which helps preparation for other standards.

  • ISO 27701

    ISO 27701 extends your security efforts to cover privacy management to demonstrate the measures taken to comply with data protection laws such as the GDPR.

  • DSP toolkit

    Organisations must use this toolkit to provide assurance of their information security practices and that personal data is handled correctly when supplying to the NHS.

  • Cyber Essentials

    Cyber Essentials is a simple but effective, Government backed scheme with two levels of certification that will help your organisation demonstrate how it addresses the most common information security risks.

  • BS 10012

    BS 10012 is a privacy management standard aimed specifically at GDPR compliance (unlike ISO 27701 which is designed to be regulation independent).

certification preparation

Helping you plan your route to certification

We take the time to understand your organisation and which standard(s) would provide a measurable financial and operational benefit. Where appropriate, we help you plan the order in which to apply for certification to reduce duplication of effort and ensure your certification plan is achieved in manageable phases. We identify the systems and controls you need to create and help embed these within policies and processes to ensure a consistent, beneficial and sustainable culture aligned with the company’s objectives is created e.g. many of the steps you need to take for information security certifications cross over with your privacy and information governance obligations so we ensure consistency in the approach taken in areas such as:

You're never on your own

Certification requires continuous review, evaluation and management. As the needs of your organisation change so will the controls you need to embed within policies and processes. We can support your ongoing certification readiness in proactive ways such as preparation for annual surveillance audits, plans to address and avoid non-conformances and ad hoc assistance to help support your governance function in expert, cost effective ways. We are never more than a phone call away if you need some assistance.

Frequently asked questions

There are normally two reasons why you are looking at this page:

  1. Your corporate or public sector customers require you to have one or more certifications.
  2. You are wondering whether certification is right for you.

The thing both of these have in common is trust. Certification is a way to establish trust in your organisation and win more business.

Well, improved processes should help cut costs and lead to efficiencies.

For example, most of the controls you need to implement for many certifications require the recording of decisions made and the considerations involved at the time.

While this may seem an additional layer of red tape, the truth is you make these decisions anyway. You already have at least an informal process to engage the right people and consider various factors. Certification helps you formalise these processes and ensure better decisions are made by taking a consistent approach and reducing the chances of costly issues being missed and needing to be subsequently addressed.

Your data is only valuable if your organisation has the lawful right to use the data in a way which is compliant with applicable laws and your contractual obligations.

The processes you establish as part of certification will help you establish this right and consider the related risks which you need to manage e.g. consent and information security.

The asset management and data mapping obligations under most certifications will also help you to better understand the data you have, where it is and how best to exploit it under your Data Strategy.

This is a question of approach and what you aim to achieve.

You only realise the full value of any certification if its requirements are embedded in your organisation’s culture in a positive way. Otherwise, certification can be an expensive tick box – lip service.

Most certifications have common foundations, ones which can be operationally embedded more easily and consistently if done in manageable phases, starting with the most straightforward version e.g. moving from a QMS to an ISMS.

This is an example of what we mean when we say most certifications have common foundations.

In this case, the ‘MS‘ part of the acronym – Management System – prefixed with Q (Quality – ISO 9001), IS (Information Security – ISO 27001) or PI (Personal Information – ISO 27701).

A management system documents processes, procedures and responsibilities for achieving organisational policies and objectives.

A QMS forms a foundation which can be expanded to cover other areas required for an ISMS and then a PIMS. Whether done in order or concurrently, it is important there is consistency across the three areas so you have, in practice, one Management System covering all the certifications which is easy to develop and maintain.

Solutions, not problems. Value, not tick boxes.

We are certification agnostic. We help you select the one(s) which suit your organisation and ensure they are implemented in a way which enhances your business.

We know how the tick box approach creates cost not value. We have experience of making certification become a part of the culture of your organisation. We provide solutions which provide a pragmatic way to achieve certification which adds value to your business not red tape or restrictions.

Get Started

Let's talk about your needs

We know. This is normally where you’d see an easy to submit enquiry form. One that’s likely an entry into a lottery whether you’ll get a response or not. 

Get the answers you need. We don’t bite.

Use live chat or book in a no obligation online meeting to help us get to the bottom of how we can best help you (invite some colleagues if that will help).

Learn More

Related Insight

Related Events

jQuery(function($){ $(document).on('click','.elementor-location-popup a', function(event){ elementorProFrontend.modules.popup.closePopup( {}, event); }); });
@font-face { font-display: block; font-family: Roboto; src: url( format("woff2"), url( format("woff") } @font-face { font-display: fallback; font-family: Roboto; font-weight: 600; src: url( format("woff2"), url( format("woff") } @font-face { font-display: fallback; font-family: Roboto; font-weight: 700; src: url( format("woff2"), url( format("woff") } #sib-container input:-ms-input-placeholder { text-align: left; font-family: "Helvetica", sans-serif; color: #c0ccda; } #sib-container input::placeholder { text-align: left; font-family: "Helvetica", sans-serif; color: #c0ccda; } #sib-container textarea::placeholder { text-align: left; font-family: "Helvetica", sans-serif; color: #c0ccda; }
Your subscription could not be saved. Please try again.
Your subscription has been successful.


Subscribe to our newsletter and stay updated.

window.REQUIRED_CODE_ERROR_MESSAGE = 'Please choose a country code'; window.EMAIL_INVALID_MESSAGE = window.SMS_INVALID_MESSAGE = "The information provided is invalid. Please review the field format and try again."; window.REQUIRED_ERROR_MESSAGE = "This field cannot be left blank. "; window.GENERIC_INVALID_MESSAGE = "The information provided is invalid. Please review the field format and try again."; window.REQUIRED_MULTISELECT_MESSAGE = 'Please select at least 1 option'; window.translation = { common: { selectedList: '{quantity} list selected', selectedLists: '{quantity} lists selected' } }; var AUTOHIDE = Boolean(0);

We use Sendinblue as our marketing platform. By Clicking above to submit this form, you acknowledge that the information you provided will be transferred to Sendinblue for processing in accordance with their terms of use

jQuery(function($){ $(document).on('click','.elementor-location-popup a', function(event){ elementorProFrontend.modules.popup.closePopup( {}, event); }); });


We're excited you'd like to come along!

However, we need to tell you something important before you do:

How we use the personal data you provide when booking to attend an event.

In short, we ask for your name, email, the organisation you represent and phone number. For paid events we also collect billing information to process your order. We use this information to manage the event and your attendance by sending you email and SMS (if you provide a mobile number) confirmations and reminders about the event and any replays which are available. For some events we may invite you to complete optional surveys to either help us tailor the event beforehand or get feedback from you after the event is over.

The information you provide will be transferred to our Webinar platform provider where we use analytics to help measure the effectiveness of our webinars e.g. record whether you attend the event and how long you attended for. We also store your information in our CRM where it may be combined with publicly available information about you or the organisation you represent (such as that from LinkedIn or Companies House) and your communications with us. This combined picture will be used to help identify which of our services may be of interest to the organisation you represent; so, yes, we may market to you but only in your professional capacity and only in a targeted way once we know more about how our services may be of benefit to the organisation you represent. Above all, we promise to stop when you tell us to.

Please see our Website Privacy Notice for more information.

fidabona celebrates
Subscribe to get 15% discount