Company News
Lignacite achieves ISO 27001 certification
Posted by 
We are delighted to share that Lignacite has secured ISO 27001 certification, marking a major step forward in our ongoing commitment to excellence across all areas of the business. The internationally recognised standard sets out the criteria for managing sensitive company and customer information, giving clients greater peace of mind when it comes to data handling and confidentiality.
The achievement follows a rigorous process led by our Compliance Manager Marvyn Candler, who has helped us to secure four other accreditations in the past three years, including ISO 9001 for quality, ISO 14001 for environmental management and ISO 45001 for health and safety.
"ISO 27001 was the next logical step on our journey," says Marvyn. "We wanted to give our clients the assurance that any information they share with us will be treated with confidentiality and protected in line with legal standards. We won’t disclose anything without consent and we make sure data is stored securely, away from any risk of theft or loss."
Digital transformation
Working closely with IT Manager, Leon O’Neill, Marvyn started to build an information security management system for the business, conducting a gap analysis to define where we were starting from and how to get to the point at which we could apply for ISO 27001.
"Leon’s contribution has been critical,” says Marvyn. “He’s spent three years modernising our systems, from servers and software to implementing smart, cloud-based platforms. His work has transformed the way we manage everything from deliveries to customer orders.
“In the past, paperwork and phone calls were standard for order processing and delivery management. Now, smart tablets and cloud platforms ensure everything is streamlined, traceable and secure. Drivers now get their delivery information on tablets, invoices are issued digitally, and customers can see exactly what’s happening. It’s a complete shift in how we work," he adds.
Once the management system was developed, the certification process began. This included a stage one assessment (focusing on the management system structure) and a stage two audit, where the British Standards Institution (BSI) evaluated whether we had put our policies into practice. We’re pleased to say that we met the requirements of the standard and gained certification this month.
Ongoing practices
Achieving ISO 27001 is just the beginning of our journey. Maintaining and improving our systems is now a key focus in the months and years ahead.
Our Brandon and Nazeing sites will also undergo two surveillance audits each year to ensure standards are continually being met. These audits will assess everything from document labelling and CCTV management to risk assessments and business continuity planning.
To ensure ongoing compliance, internal training has been rolled out across the business. All team members have completed awareness training through a bespoke learning management system, and managers involved in compliance have undergone more in-depth sessions, including ISO 27001 auditor training from BSI.
Leon also completed an internal auditor qualification and is set to undertake the lead auditor course next year.
"Given how IT-heavy ISO 27001 is, it’s important that Leon plays a leading part in its ongoing management,” Marvyn adds. “Leon has been keen to be involved, and it’s been great to see him deepen his understanding of the management systems."
"It’s been a big team effort," Marvyn reflects. "Now that we’ve secured ISO 27001, we can focus on refining our processes, making improvements and ensuring we stay ahead of the curve when it comes to information security."
We’re proud of this achievement, but our journey doesn’t stop here. We remain committed to excellence in everything we do. Stay tuned as we continue to strengthen our systems and pursue further accreditations that reflect our high standards.
