Nigel Coulson
Published on: June 4, 2024
“Our journey to ISO 9001 and ISO 27001 certification has been a major milestone. It’s a testament to our dedication to doing things right here at TMT and continuously looking to improve and evolve. As we move forward, we’re just as committed to maintaining these high standards and delivering the best for our customers and partners” – Nigel Coulson, Information Security Manager, TMT ID.
Getting ISO 9001 and ISO 27001 certification has been something of a long held ambition for us here at TMT.
These certifications aren’t just window dressing, they show we’re serious about security and keeping all the data we process, safe and secure.
As a business we rely on large scale data sets both inside and outside of our core network, and for us it is therefore business critical to maintain the highest standards for our data handling and information security.
We are also a business whose client base expect the highest levels of data security and quality of service. We knew we already had robust and effective controls and processes in place, but we needed to be able to challenge this assumption and to demonstrate the effectiveness of these controls.
We started our journey with Cyber Essentials and IASME certifications but knew that ISO 9001 and ISO 27001 certifications were the goal.
The ISO Standards set the bar for quality management and information security, and we wanted to prove we could meet those very high standards. Plus, we wanted to really show our customers and partners that we’re dedicated to doing things right and protecting their data.
The ISO 9001 standard is all about having a solid Quality Management System (QMS). A management system that helps us meet our customer needs and adhere to regulations and best practice whilst always looking to improve. ISO 27001 focused on Information Security Management Systems (ISMS), making sure we keep all the data that we hold or process, safe from any threats.
Our first action was a detailed gap analysis exercise. We needed to see how we measured up against these standards. Armed with this we put together an ‘Information Security Management System’ team from across the business, Security, IT, Operations, HR, Legal and our CTO —to lead the charge.
We set ourselves a set of clear, achievable quality goals that matched our business aims. We mapped out all our key processes, looking for ways to streamline and cut out any inefficiencies and making sure that processes joined up effectively across departments’ documentation. We put together detailed policies, procedures, and work instructions to ensure everything was done consistently and reliably. We ensured our customer satisfaction and customer feedback measures were effective and that where lessons learned were needed we tracked and implemented.
We also took a good hard look at all the possible risks to our information, figuring out how likely and how severe they were, implementing corrective or mitigation measures to tackle these risks, including things like improved access control, improved data encryption, integrity checks on backups, and incident management exercises.
We then created clear policies for how to handle information security, from data protection to dealing with incidents, educating our people about best practices in information security, and making sure everyone knew how to keep our data safe. We set in place regular exercises to test the effectiveness of our training.
With these policies, processes and systems now in place, we had to keep checking and improving them. We achieved this through regular internal audits, supported by our Security Operations Centre partner who themselves are ISO-certified auditors, together we audited our systems to find any issues and figure out ways to improve. Throughout we held management reviews to keep those who lead our business informed and their inputs helped us stay on track and keep improving. Whenever we found problems, and I am pleased to report we didn’t find many, we fixed them quickly and made sure they wouldn’t happen again.
After all of this, the final hurdle was the certification audits, conducted by an external body. We had taken the decision to put all our activities in scope for ISO and consequently, our audits took place over a number of weeks and with multiple auditors. They went through our systems with a fine-tooth comb, checking everything against the ISO standards. We are delighted to have completed our final Stage 2 audit with zero non-compliance findings. Passing this audit was a huge and important moment for us, the culmination of a lot of hard work and effort from the entire team here at TMT. All our hard work had paid off!
Getting the ISO 9001 and ISO 27001 certifications is a big deal for TMT. It shows we’re committed to delivering top-quality services and keeping our data secure. We firmly believe that these certifications will help build confidence with customers and partners alike, with the knowledge that the controls and processes we have in place to manage their data have been scrutinised by a team of professional auditors and found to be good and effective. Fully aligning our processes to ISO will help us run more efficiently, manage any risks better, and foster a culture of continuous improvement for our quality and security.
Our journey to ISO 9001 and ISO 27001 certification has been a major milestone. It’s a testament to our dedication to doing things right here at TMT and continuously looking to improve and evolve. As we move forward, we’re just as committed to maintaining these high standards and delivering the best for our customers and partners.
Last updated on July 9, 2024
"Phone number verification plays a critical role in helping to detect and prevent online fraud. TMT ID’s TeleShield product provides easy access to global mobile data, enabling us to enhance the actionable results of our MaxMind minFraud® services."
"BTS (Business Telecommunications Services) is successfully using TMT’s Velocity and Live services to check the status of mobile numbers. This way we make sure we optimize the performance of the service offered to our customers and ensure the quality of terminating traffic to all countries.”
"Working with TMT’s TeleShield service has expanded our ability to detect fraud and minimise the risk to our business. TeleShield brings peace of mind and the opportunity to stop fraud before it affects our customers’ bottom line or the service."
"LATRO relies on TMT’s TeleShield to provide the most up to date and reliable numbering qualification information within our fraud reporting tools, enabling us to protect our customer’s revenues and empowering them to defend themselves against fraudulent numbers."
"TMT is a valued partner that enables us to manage our routing costs effectively. They proactively and continuously expand their operator and country coverage while delivering exceptional customer service. We can always count on them to achieve high-quality results and look forward to our continued collaboration."
"TMT provides us with the most comprehensive numbering intelligence data through their fast and reliable Velocity and Live services. TMT is a trusted partner for us, their products ensure that we continue to optimise the best performance and service to our customers."
"TeleShield from TMT gives 42com the power to detect and target telephony fraud scams internationally, thereby protecting our company from the financial and customer experience impacts of telecommunications fraud."
"It has been a pleasure to work with the team at TMT. They have become an essential provider of accurate numbering data information and Number Portability services globally."
"Deutsche Telekom Global Carrier uses TMT ID as one of their key suppliers for Mobile Number Portability Data services. Deutsche Telekom Global Carrier uses TMT ID’s Velocity MNP solution. This is an ultra-fast query service that optimises the routing of international voice calls and A2P messaging."
We provide the most comprehensive device, network and mobile numbering data available
Contact us > Chat to an expert >
