Alpha Swanson achieved ISO 27001 certification on own system

Alpha Swanson has achieved ISO 27001:2022 certification, giving the UK consultancy three ISO certifications.

The new certification sits alongside its existing ISO 9001 and ISO 14001 certifications. The business now holds recognised certifications covering quality management, environmental management and information security management.

Alpha Swanson secured ISO 27001:2022 certification using its own Certain® management system platform. Its information security management system was audited twice within three months by two separate UKAS-accredited certification bodies, with both audits confirming compliance.

The result strengthens the consultancy’s case that firms advising clients on ISO compliance should also meet those standards themselves. That argument is likely to resonate with companies facing greater scrutiny over governance and information security controls.

Own system

Its information security management system is hosted and managed on Certain®, which it also uses to hold documentation for ISO 9001 and ISO 14001. The platform now underpins an integrated management system across all three standards.

ISO 27001 is widely used as a framework for identifying and managing information security risks. Organisations that gain certification are assessed on the controls, processes and governance structures they use to protect sensitive information.

For consultancies operating in the ISO market, holding certification can carry particular weight because they advise clients on the same standards. Alpha Swanson’s latest certification brings that issue into sharper focus, especially in information security, where client expectations and regulatory pressure have increased.

Jon Tait, systems director at Alpha Swanson, addressed that point directly.

“Any consultancy can tell you how to achieve ISO certification. We believe you should expect them to hold it themselves. ISO 27001 is the most demanding standard we work with and achieving it on our own Certain® platform is proof of exactly what it can do,” said Tait.

Audit scrutiny

The double audit is a notable part of the certification process described by Alpha Swanson. Assessment by two separate UKAS-accredited bodies within a short period adds scrutiny to how the management system was built and maintained.

That matters because UKAS accreditation is often treated in the UK market as an important marker of assurance in certification. Businesses seeking ISO recognition commonly distinguish between accredited and non-accredited certification when choosing advisers and auditors.

Alpha Swanson wants to promote the value of UKAS-accredited certification across sectors, while recognising that formal certification may not be the first step for every business. It positions Certain® as a system for organisations building standards-aligned processes before deciding whether to pursue external certification.

The broader backdrop is a market in which customers, partners and suppliers increasingly ask businesses to show evidence of structured controls over data, risk and operations. For smaller firms in particular, consultancies often play a central role in helping management teams translate ISO requirements into day-to-day procedures.

Against that backdrop, Alpha Swanson’s own certification gives it a stronger basis for arguing that advisers should be able to demonstrate compliance themselves, not just guide clients through the process.