Case Study: Xerox
Xerox is the world’s leading global enterprise for business process and document management. They provide the industry’s broadest portfolio of document technology, services and software, and the most diverse array of business process and IT outsourcing support.
Graham Hill, Operations Manager for an off-site print centre at Xerox Global Document Outsourcing (GDO), was responsible for implementing the ISO 9001 and ISO 27001 standards, which their site has proudly held with The British Assessment Bureau (BAB) since 2008.
Why ISO certification?
Robust information security is of vital importance for the
diverse range of clients that entrust their sensitive data and
documents in Xerox’s care. Graham tells us why he sought ISO
certification for his organisation.
"It is my job to ensure that the site gives the best service possible to our clients. To help with achieving this implementing the ISO standards was a logical step."
"ISO certification is further endorsement from an external body that Xerox Global Document Outsourcing (GDO) has processes and procedures in place to ensure that clients work is dealt with in an organised and quality driven manner."
Why BAB?
BAB has over 40 years experience in the assessment industry. Their reputation was established in 1969 as
a specialist in certification scheme management. In 1997, the
Secretary of State for Trade and Industry approved the use of
the word 'British' in the corporate title in recognition of
their pre-eminent status.
BAB was recommended to Xerox by a business associate, and here Graham tells us of his experience of working with BAB.
"The service we have received from BAB has been excellent - they come across as a time served organisation with a wealth of experience in the field."
"The highlight of the service for me was the efficiency with which the assessments and audits were carried out. We also greatly value the helpful advice and assistance given throughout the process and the professionalism of our Auditor."
The certification process
Once an organisation decides to go ahead with certification, they are assigned a Lead Assessor who remains the principal contact throughout the registration process and beyond. Prior to a formal Audit, the Lead Assessor visits to explain the standard and undertakes a conformity assessment of the organisation’s current arrangements. The organisation then receives a detailed report including all required actions and together with their Lead Assessor, determines an appropriate timetable for the Audit Assessment. Graham tells us of his experience.
“The whole implementation process went very smoothly. We were
fortunate in that we already had a lot of the required quality
processes in place and it was just a case of bringing these in
line with the ISO requirements. Our assessor was very thorough
and helpful taking us carefully through the processes and
requirements of both ISO 9001 and ISO 27001.”
“Implementing the standards has given us the opportunity to revisit our policies and procedures and make improvements which have benefited both our clients and ourselves. It has been a team effort, with everyone on site being actively involved.”
Once an organisation is ready for a formal Audit Assessment, a Lead Assessor will make the required arrangements for the Audit to take place. Graham says,
“The actual audit process was very in depth and thorough and feedback identified a few areas where further improvements could be made. In general, the feedback was very positive and it was nice to receive recognition in the form of successful certification for the work we had put in.”
Benefits of certification
Successful organisations recognise that their quality and its
assurance are most credible when validated by a respected third
party. The benefits include a more motivated workforce, less
costly re-work and increased client satisfaction. Being
certified can also help you to qualify for tenders, gain
external finance, and set you apart from your competitors. In
fact, 44% of BAB’s ISO 9001 certified clients saw an increase in
new orders as a direct result of achieving ISO certification;
according to findings from their 2011 client satisfaction
survey.
Xerox understands the importance of certification as a differentiator in a very competitive market and the information security standard, ISO 27001, is particularly relevant to its business. Graham tells us just some of the many benefits ISO certification has brought to his organisation.
"Our certifications have meant that we can offer our clients an assurance that we are certified to the two standards. Having improved quality processes in place has reduced our waste and improved efficiency."
"ISO 27001 is clarification to our clients that we take all aspects of IT and data security seriously and have documented procedures and processes in place to ensure it is regularly reviewed."
Contact
Clare Tiley
The British Assessment Bureau
Research and Analysis Manager