Understanding risk and delivering quality are fundamental to the success of our business, so we invest in continuous improvement of our internal systems and standards. Over the years, we’ve implemented a number of management systems which are certified to recognised British and international standards, and are examined by external experts on a regular basis. They assess the strength of processes and controls related to specific sustainability topics identified in our materiality matrix.
We’re currently certified to the following standards, the certificates for which can be found in our download centre.
Our Ministry of Defence (MoD) account team achieved this standard for quality management systems in 2011 to meet the client's requirements. This compliments the robust risk and quality management processes we already have in place.
ISO14001 is the standard for Environmental Management Systems (EMS). The EMS provides assurance that we’re managing the environmental impacts of our business activities in line with our environmental policy, legal requirements and objectives.
The ISO 20000-1 standard assesses our IT Service Management System. It’s important for our clients as it covers 'the design, transition, delivery and improvement of services that fulfil service requirements'; and helps to ensure effective delivery of the IT services our clients expect of a professional services firm.
ISO 22301 is the standard for Business Continuity Management systems. Business continuity is critical for our business, which frequently involves handling large volumes of sensitive commercial and personal information. Holding the standard shows stakeholders that we’re continuing to ensure that it is both safeguarded and available at the right times. We’d previously held the precursor standard, BS 25999, since 2009.
ISO 27001 focuses on the management controls to protect information assets. This is a high priority for many of our stakeholders, which is reflected in our materiality matrix. For this reason, we also introduced a metric to our non-financial scorecard, reflecting the number of non-conformities to the standard that our external assessors report.
ISO 27701 is a privacy extension to ISO 27001 and covers our Personal Information Management System. Certification under ISO 27701 provides assurance that the firm is collecting and using personal data in line with privacy regulations.
Energy consumption is our second largest environmental impact, and also a key area of cost for the business. Achieving ISO 50001, the standard for energy management systems, has helped us to measure and understand our use of energy across the business, and to reduce our energy consumption by more than 50% since 2007.
ISO 45001 is the international standard for management of health and safety. The H&S management system provides assurance the firm its meeting its legal duty and helps us to challenge ourselves to make sure our people are appropriately looked after in the delivery of their work from our offices.
Our assessors, BSI, typically report the conclusions of their audits in four categories:
A situation that raises significant doubt about the ability of the management system to achieve its intended policy and objectives.
A single identified lapse, which would not in itself raise significant doubt as to the overall capability of the management system. As such they can be a useful for identifying areas for additional improvement.
Opportunity for improvement
A recommendation which, in the opinion of the auditor, could deliver an incremental improvement to the system.
We use the auditor’s findings to identify any potential weaknesses and prioritise areas for improvement.
Corporate sustainability, PwC United Kingdom