Understanding risk and delivering quality are fundamental to the success of our business, so we invest in continuous improvement of our internal systems and standards. Over the years, we’ve implemented a number of management systems which are certified to recognised British and international standards, and are examined by external experts on a regular basis. They assess the strength of processes and controls related to specific sustainability topics identified in our materiality matrix.
We’re currently certified to the following standards, the certificates for which can be found in our download centre.
ISO 20000-1 (held since 2014)
The ISO 20000-1 standard assesses our IT Service Management System. It’s important for our clients as it covers 'the design, transition, delivery and improvement of services that fulfil service requirements'; and helps to ensure effective delivery of the IT services our clients expect of a professional services firm.
ISO 22301 (held since 2013)
ISO 22301 is the standard for Business Continuity Management systems. Business continuity is critical for our business, which frequently involves handling large volumes of sensitive commercial and personal information. Holding the standard shows stakeholders that we’re continuing to ensure that it is both safeguarded and available at the right times. We’d previously held the precursor standard, BS 25999, since 2009.
ISO 27001 (held since 2011)
ISO 27001 focuses on the management controls to protect information assets. This is a high priority for many of our stakeholders, which is reflected in our materiality matrix. For this reason, we also introduced a metric to our non-financial scorecard, reflecting the number of non-conformities to the standard that our external assessors report.
ISO 50001 (held since 2012)
Energy consumption is our second largest environmental impact, and also a key area of cost for the business. Achieving ISO 50001, the standard for energy management systems, has helped us to measure and understand our use of energy across the business, and to reduce our energy consumption by more than 50% since 2007.
Our assessors, BSI, typically report the conclusions of their audits in four categories:
A situation that raises significant doubt about the ability of the management system to achieve its intended policy and objectives.
A single identified lapse, which would not in itself raise significant doubt as to the overall capability of the management system. As such they can be a useful for identifying areas for additional improvement.
Opportunity for improvement
A recommendation which, in the opinion of the auditor, could deliver an incremental improvement to the system.
We use the auditor’s findings to identify any potential weaknesses and prioritise areas for improvement.
Corporate sustainability, PwC United Kingdom