EPCC ISO 2025 success
23 July 2025
We are pleased to announce we have passed our annual external ISO audits, recertifying us for ISO 9001 Quality Service Delivery and ISO 22301 Business Continuity and Disaster Recovery. An interim surveillance audit for ISO 27001 Information Security was also carried out.
At this time of year we have an annual two-week marathon of external certification ISO audits. This time a qualified auditor from the certification body carried out a series of 19 audit sessions across three standards:
- ISO 9001 quality service delivery
- ISO 27001 information security
- ISO 22301 business continuity and disaster recovery.
During each audit, members of staff responsible for running the particular element being examined must present evidence to support our compliance with the relevant parts of the particular standard and also demonstrate improvements made since the previous audit. Every three years a full recertification audit is carried out across the whole of the standard in question and, on the years between, a more lightweight surveillance audit is carried out to ensure things haven’t slipped. This year two out of the three standards had full re-certification audits (ISO 9001 Quality Service Delivery and ISO 22301 Business Continuity). ISO 27001 Information Security had a surveillance audit.
At the end of the two weeks (and with all concerned on their knees) we are delighted to be able to report that we have passed with flying colours. The auditor’s report was sent forward for checking by the certification body and then, having confirmed all is well, we have been re-awarded the two certificates that were up for re-certification. Our information security certificate is valid until 2027.
Whilst it is a huge amount of work to prepare – collecting all the evidence of the achievements of the past year, from service desk statistics, through security vulnerability monitoring, business continuity testing, and HR processes around staff joining and leaving – it is very worthwhile.
The audits ensure we continue to apply best practice in delivering services to our customers and users. We use the processes, policies and instructions developed to run the best services we can, and identify areas for improvement. We want our customers and users to be able to trust us as a safe pair of hands to host their services, projects and data. It is also a great validation of the hard work of all our staff in a wide variety of roles who contribute to service delivery and customer satisfaction. Every one of the EPCC team - from Finance and HR through to the Service Desk, the Systems team, the Research Support Engineers and many others - all play a crucial role in enabling vital scientific research to be carried out by our users on the services we run.
A large post audit drink was well earned by everyone!
