General

MCM Successfully Completes ISO 27001:2022 Transition Audit and Recertifies for ISO 27001 and ISO 9001

MCM has successfully completed the ISO 27001:2022 transition audit in January 2025 and has been recertified for both ISO 27001 (Information Management) and ISO 9001 (Quality Management) in February 2025. This dual recertification demonstrates MCM’s commitment to maintaining the highest standards in both information security and quality management.

Why This Matters

ISO 27001 is the international standard for information security management systems (ISMS), ensuring that organisations manage the security of assets such as financial information, intellectual property, employee details, and information entrusted by third parties. The transition to the 2022 version of the standard highlights MCM’s dedication to staying current with the latest best practices and regulatory requirements.

ISO 9001, on the other hand, is the world’s most recognised quality management standard. Achieving recertification demonstrates MCM’s continuous improvement and commitment to delivering high-quality products and services that meet customer and regulatory requirements.

The Journey to Recertification

The journey to achieving these certifications was rigorous and required a comprehensive review of MCM’s processes and systems. The successful transition to ISO 27001:2022 involved updating policies and procedures to align with the new requirements, conducting thorough internal audits, and ensuring that all employees were trained and aware of their roles in maintaining information security.

Similarly, the ISO 9001 recertification process involved a detailed examination of MCM’s quality management system, ensuring that it continues to meet the stringent requirements of the standard. This included a focus on customer satisfaction, continuous improvement, and the effective implementation of quality management principles.

What This Means for Our Clients

For our clients, this dual recertification is a clear indication of MCM’s dedication to excellence. It assures them that their information is secure and that they can expect consistent, high-quality products and services. Our clients can have confidence in our ability to manage risks, protect their data, and deliver on our promises.

Looking Ahead

As we move forward, MCM remains committed to maintaining these high standards and continuously improving our processes. We will continue to invest in our people, technology, and systems to ensure that we not only meet but exceed the expectations of our clients and stakeholders.

Join Us on Our Journey

We invite you to join us on our journey of excellence. Stay connected with us to learn more about our ongoing efforts to enhance our information security and quality management practices. Follow us on our social media channels and subscribe to our newsletter for the latest updates.

Nagra met an important milestone in its deep geological repository programme last month with the announcement of Nördlich Lägern as its proposed host site for a repository. To support this, Nagra has made a variety of documents available which are aimed at the public, providing more inforation in an easily consumable format.

MCM is happy to have helped in developing the ‘Nagra RD&D Vision’, a high-level pamphlet which outlines the context, drivers and long-term plans for RD&D to further support Nagra’s programme in the coming decades. The pamphlet is available to download via the Nagra website.

MCM was well positioned for this work due to our close collaboration on the Nagra Roadmap – summarised at a strategic level in the RD&D Vision – and more general support in updating the RD&D Plan (NTB 21-02).

This short project has been a great the opportunity to use the technical, communication and graphics expertise of our team – led by Jake Kinghorn-Mills, and we hope the vision is useful as a condensed summary of the detailed and complex topics involved.

Certified Quality

At MCM, we recognise the importance of quality in everything we do. As part of our aim to continuously improve, we have recently been working with The British Assessment Bureau to implement a Business Management System which supports our business processes. MCM has been compliant with the standards outlined in ISO 9001:2015 for some time, but we are delighted to have now achieved formal recognition through certification.

Prioritising Information Security

Building on our commitment to information security, we have been improving our IT security systems to ensure ISO 27001:2017 compliance. In collaboration with a Managed Service Provider, we have introduced stronger security controls which monitor the performance of our systems to ensure all Information contained within it is secure. We are proud to be formally accredited with an internationally recognised information security ISO standard as a result of our recent improvements.

Cyber Essentials Plus is a Government backed scheme designed to guard against the most common internet based cyber security threats and allows organizations of all sizes to demonstrate their commitment to cyber security.

The security controls below are externally assessed via a technical audit to verify that Cyber Essentials controls are in place.

Firewalls
Secure Configuration
Access Controls
Malware Protection
Patch Management

MCM were assessed by Cyber Tech Security Ltd against the IASME standards for Cyber Essentials Plus.

MCM is helping transfer of knowledge to young professionals and to new nuclear programmes. The modules on geological disposal at the Summer Institute of the World Nuclear University in Oxford, UK, were again this year presented by MCM staff. In addition, approaches to cooperation between countries were described and discussed at the INPRO Dialogue Forum organised by the IAEA in Vienna.

Cyber Essentials is a Government backed scheme designed to guard against the most common internet based cyber security threats and allows organizations of all sizes to demonstrate their commitment to cyber security.

These basic security controls are:

1. Firewalls
2. Secure Configuration
3. Access Controls
4. Malware Protection
5. Patch Management

From April 1st 2020 IASME became the Cyber Essentials Partner with the National Cyber Security Centre. This year MCM was assessed and certified by IASME .  A copy of our Certificate can be viewed below:

MCM and their partners Arup are delighted to have been re-selected to be the sole providers of knowledge management services to the NDA Estate.  Knowledge Management is a key enabler of safe, secure, efficient and effective management of the UK’s civil nuclear liability, from decommissioning to disposal.

For further details see the brochure below:

Cyber Essentials is a UK government scheme that sets out 5 basic security controls to protect organisations against around 80% of common internet cyber attacks.

These basic security controls are:

1. Firewalls
2. Secure Configuration
3. Access Controls
4. Malware Protection
5. Patch Management

For the fourth year running our certification was assessed and approved by IT Governance Ltd. A copy of our Certificate can be viewed below:

For the third year running MCM has been able to demonstrate our commitment to cyber security by achieving the standard required for Cyber Essentials Certification.  This standard confirms that we have the necessary security controls in place to reduce the threat of cyber attack by an estimate 80%.

Our certification was assessed and approved by IT Governance Ltd. A copy of our Certificate can be viewed below:

With effect from Monday 1st October 2018, we have moved offices.  Our new address is now:

1 Little King Street
Bristol
BS1 4HW

All other contact details remain the same.