How did you arrive where you are in your career today? What’s your background?
I’ve done quite a bit of this and a lot of that! I have nearly two decades’ experience in IT, data security and information protection and many associated roles which largely relate to securing of equipment and infrastructure. It’s all relevant to Confidentiality, Integrity, Availability and Capacity which is of course highly relevant when it comes to ISO 27001 Information Security Management Systems and ISO 20000 IT Service Management.
What are your qualifications?
As is often the case with people in the broader IT sector, you end up with a list of qualifications as long as your arm. I think it’s important to be well rounded in experience, qualifications, and the application of those both to help clients. So as well as having many ITIL certificates, I have other more general business qualifications such as PRINCE2 and others relating to Business Analysis. Naturally as a Lead Auditor I also have relevant auditing qualifications too. These different qualifications in a variety of practices means I’m able to understand the business context for clients, which they appreciate.
You were a sub-contractor before joining ISOQAR. What’s it like being a “subbie”?
It’s a balancing act. On the one hand you have the flexibilities that go with working for yourself but on the other hand you have lots of variables to consider and manage so things can get complicated quickly.
What made you decide to give up being a subbie?
Ultimately, stability for family life. 16–18-hour days can become a norm and not all the activities you will do as a subbie are necessarily value added for the clients. For instance, things like VAT returns etc. I decided I needed to be more available for my family, not just present as a body.
It’s a competitive market for Auditors at the moment, so you probably had plenty of options. Why did you choose ISOQAR over the competition?
I had three offers from different organisations within a week of one another, one a direct competitor. However, it was the family-oriented approach and supporting nature of ISOQAR that shone through. At this point in my career, it was more than ever about the people.
I wanted to work somewhere that would let me move fast and challenge for improvement when required (with respect of course!). I didn’t want to just be a cog in a machine. ISOQAR was the only organisation I spoke to that I felt this from authentically. I’m pleased to say that now I’m established in my role, the company has proven and reinforced this at every turn. Ultimately, it will be ISOQAR that benefit massively from embracing me as I give them my all. GO ISOQAR family!!
What standards do you audit?
I currently audit ISO 9001 and ISO 27001 with plans to audit additional standards where I can really add value to our clients. For those upcoming standards though, you’ll have to watch this space, or, of course, if you’re really interested you could come and join ISOQAR to find out how the journey progresses and while you’re at it, make a career for yourself!
Which is your favourite standard to audit, and why?
Really, do I have to answer this? It’s going to come off as a nerdy / geeky answer … OK, here goes … I’m a 27001 guy, it appeals to my information security / protection side and naturally aligns itself with the service management knowledge and experience I have built up over 17+ years. One of the aspects that really surprises me is that no matter how qualified or experienced one is, clients are constantly demonstrating interesting ways to meet the requirements. ISO 27001 is growing up and going through a period of change. So if you ae thinking of a role at ISOQAR now’s probably the right time to make that call that you’ve been putting off - the worst that can happen is you have a thoroughly nice chat with one of the team!
Do you think auditing suits a particular kind of personality?
OK, so let’s clear out the elephant in the room. On its own, auditing is seen by some as drier than … well, I’ll leave you to think of something to put in here ;o). But there is a huge element of creativity involved for those that can see and want to explore that nature within themselves. If you’re curious, like to learn, like to ask questions, and genuinely care for people (yes, you read that right, I said people, I can’t emphasise how much auditing is about people not tech / machine wizardry alone) then auditing is for you. Life’s too short, it’s easy to get comfortable doing things that aren’t necessarily valuable or exploring the best ‘you’. If you think it’s for you, I will say take the leap.
Care to share any interesting tales of audits you’ve been on?
Come on, really? You can’t expect too much information from a 27001 guy who has signed more NDA’s than he has eaten hot meals.
What’s your favourite thing about being an auditor?
Did I say ‘people’ already? In a world where there seems to be negative news at every turn, I get to meet people and visit organisations who are striving to be the best they can. They’re looking to fulfil the requirements of standards in some of the most creative ways. This world view keeps me optimistic, energised, and excited about how our clients and the management standards space will evolve.