News

MCM Successfully Completes ISO 27001:2022 Transition Audit and Recertifies for ISO 27001 and ISO 9001

MCM has successfully completed the ISO 27001:2022 transition audit in January 2025 and has been recertified for both ISO 27001 (Information Management) and ISO 9001 (Quality Management) in February 2025. This dual recertification demonstrates MCM’s commitment to maintaining the highest standards in both information security and quality management.

Why This Matters

ISO 27001 is the international standard for information security management systems (ISMS), ensuring that organisations manage the security of assets such as financial information, intellectual property, employee details, and information entrusted by third parties. The transition to the 2022 version of the standard highlights MCM’s dedication to staying current with the latest best practices and regulatory requirements.

ISO 9001, on the other hand, is the world’s most recognised quality management standard. Achieving recertification demonstrates MCM’s continuous improvement and commitment to delivering high-quality products and services that meet customer and regulatory requirements.

The Journey to Recertification

The journey to achieving these certifications was rigorous and required a comprehensive review of MCM’s processes and systems. The successful transition to ISO 27001:2022 involved updating policies and procedures to align with the new requirements, conducting thorough internal audits, and ensuring that all employees were trained and aware of their roles in maintaining information security.

Similarly, the ISO 9001 recertification process involved a detailed examination of MCM’s quality management system, ensuring that it continues to meet the stringent requirements of the standard. This included a focus on customer satisfaction, continuous improvement, and the effective implementation of quality management principles.

What This Means for Our Clients

For our clients, this dual recertification is a clear indication of MCM’s dedication to excellence. It assures them that their information is secure and that they can expect consistent, high-quality products and services. Our clients can have confidence in our ability to manage risks, protect their data, and deliver on our promises.

Looking Ahead

As we move forward, MCM remains committed to maintaining these high standards and continuously improving our processes. We will continue to invest in our people, technology, and systems to ensure that we not only meet but exceed the expectations of our clients and stakeholders.

Join Us on Our Journey

We invite you to join us on our journey of excellence. Stay connected with us to learn more about our ongoing efforts to enhance our information security and quality management practices. Follow us on our social media channels and subscribe to our newsletter for the latest updates.

This achievement underscores our commitment to maintaining the highest standards of cybersecurity. The Cyber Essentials certification is a government-backed scheme that helps organisations protect themselves against a whole range of the most common cyber-attacks. The Cyber Essentials Plus certification takes this a step further with a hands-on technical verification.

What This Means for Our Clients:

• Enhanced Security: Our renewed certifications ensure that we continue to implement robust security measures to protect your data.
• Trust and Confidence: Clients can have peace of mind knowing that MCM meets stringent cybersecurity standards.
• Continuous Improvement: We are dedicated to continually improving our security practices to stay ahead of emerging threats.

Nagra met an important milestone in its deep geological repository programme last month with the announcement of Nördlich Lägern as its proposed host site for a repository. To support this, Nagra has made a variety of documents available which are aimed at the public, providing more inforation in an easily consumable format.

MCM is happy to have helped in developing the ‘Nagra RD&D Vision’, a high-level pamphlet which outlines the context, drivers and long-term plans for RD&D to further support Nagra’s programme in the coming decades. The pamphlet is available to download via the Nagra website.

MCM was well positioned for this work due to our close collaboration on the Nagra Roadmap – summarised at a strategic level in the RD&D Vision – and more general support in updating the RD&D Plan (NTB 21-02).

This short project has been a great the opportunity to use the technical, communication and graphics expertise of our team – led by Jake Kinghorn-Mills, and we hope the vision is useful as a condensed summary of the detailed and complex topics involved.

MCM is delighted to have supported Nagra in the update of their Research, Development and Demonstration (RD&D) Plan and its preparation for publication. The published version of the document can be found on the Nagra website: Technical Report NTB 21-02 | Nagra.

MCM worked closely with key senior Nagra staff and Nagra technical subject matter experts to develop the ‘Nagra Disposal Programme Roadmap’ using a tiered structure (Fig. 3-1 of NTB 21-02).

Fig. 3-1 of NTB 21-02 illustrating the tiered structure of the Nagra Roadmap.

Collaborative Approach

Through a series of workshops and an agile, iterative approach, MCM worked with Nagra subject matter experts across a variety of disciplines to produce thirteen roadmap graphics against this tiered structure (published as NTB 21-02 Appendix A3) along with a description of Nagra’s long-term disposal programme (captured in Tier 1 & 2, published as NTB 21-02 Chapter 3) and the programme aspects with a significant RD&D component (captured in Tier 3, published as NTB 21-02 Chapter 7).

Prior to publication, MCM also worked alongside the internal Nagra team to re-structure and review the RD&D Plan, supporting Nagra in highlighting and communicating the progress which has been made since the publication of its previous version in 2016.

MCM Team

The MCM team was led by Jake Kinghorn-Mills with primary support from Tara Beattie and Alastair Clark. MCM Project Lead, Jake Kinghorn-Mills said:

“It’s fantastic to have seen our initial engagement with Nagra in 2019 lead to the publication of the full suite of Nagra Roadmap graphics through NTB 21-02. The project has been a rewarding experience which undoubtedly benefited from the close involvement of senior Nagra staff and the collaborative approach embraced by all members of the Nagra-MCM project team.”

Certified Quality

At MCM, we recognise the importance of quality in everything we do. As part of our aim to continuously improve, we have recently been working with The British Assessment Bureau to implement a Business Management System which supports our business processes. MCM has been compliant with the standards outlined in ISO 9001:2015 for some time, but we are delighted to have now achieved formal recognition through certification.

Prioritising Information Security

Building on our commitment to information security, we have been improving our IT security systems to ensure ISO 27001:2017 compliance. In collaboration with a Managed Service Provider, we have introduced stronger security controls which monitor the performance of our systems to ensure all Information contained within it is secure. We are proud to be formally accredited with an internationally recognised information security ISO standard as a result of our recent improvements.

Cyber Essentials Plus is a Government backed scheme designed to guard against the most common internet based cyber security threats and allows organizations of all sizes to demonstrate their commitment to cyber security.

The security controls below are externally assessed via a technical audit to verify that Cyber Essentials controls are in place.

Firewalls
Secure Configuration
Access Controls
Malware Protection
Patch Management

MCM were assessed by Cyber Tech Security Ltd against the IASME standards for Cyber Essentials Plus.

MCM is helping transfer of knowledge to young professionals and to new nuclear programmes. The modules on geological disposal at the Summer Institute of the World Nuclear University in Oxford, UK, were again this year presented by MCM staff. In addition, approaches to cooperation between countries were described and discussed at the INPRO Dialogue Forum organised by the IAEA in Vienna.

Cyber Essentials is a Government backed scheme designed to guard against the most common internet based cyber security threats and allows organizations of all sizes to demonstrate their commitment to cyber security.

These basic security controls are:

1. Firewalls
2. Secure Configuration
3. Access Controls
4. Malware Protection
5. Patch Management

From April 1st 2020 IASME became the Cyber Essentials Partner with the National Cyber Security Centre. This year MCM was assessed and certified by IASME .  A copy of our Certificate can be viewed below:

MCM and their partners Arup are delighted to have been re-selected to be the sole providers of knowledge management services to the NDA Estate.  Knowledge Management is a key enabler of safe, secure, efficient and effective management of the UK’s civil nuclear liability, from decommissioning to disposal.

For further details see the brochure below:

Dr Ally Clark (MCM) provided consultancy support to the International Atomic Energy Agency (IAEA), providing expert opinion and development of an IAEA document entitled ‘Design Principles and Approaches for Radioactive Waste Repositories’.  This publication is intended to assist Member States in planning for the disposal of radioactive waste.  It describes the approaches and principles to be considered during the planning and design of radioactive waste disposal facilities.