How to Gain and Maintain ISO Certification

By: Fusion Risk Management, Staff

December 12, 2018 in Business Continuity

At the Educational Testing Service (ETS), education is everything. The nonprofit organization is dedicated to advancing quality and equity in education for people worldwide by creating assessments based on rigorous research. Founded in 1947, ETS develops, administers, and scores more than 60 million tests annually – including the TOEFL® and TOEIC® tests, the GRE® tests and The Praxis Series® assessments – in more than 180 countries, at over 9,000 locations worldwide.

In the same way that ETS is committed to excellence in the services they deliver, they are committed to excellence in how they manage business continuity. ETS’s Business Continuity Management System has been certified to the BS-25999 certification since 2009 and is now certified to the ISO-22301 standard. Considering the rigor associated with ISO certification, we wanted to hear why ETS took this unusual step – most organizations in the industry are content to align themselves with ISO guidelines, but do not seek certification.

Check out a short excerpt of our interview with Dr. Timothy Mathews, Executive Director of Enterprise Resiliency at ETS, to learn the story behind the certification and to discover the role the Fusion Framework® System™ plays in supporting this significant accomplishment.

Achieving and maintaining ISO-22301 certification is not a simple task. Why did ETS decide to pursue certification?

We did so for two main reasons. First, we do a lot of global work. Many of our tests are international assessments, recognized around the world as global brands. Therefore, we wanted to embrace the international ISO standard. It demonstrates to our international customers that we are not just wired in to an American standard. We’re an organization with global responsibility, and we take that seriously in every area of our business.

Second, we work with a lot of large governmental organizations – federal, state, and local – and with departments of education and university systems around the world. All these organizations have formal and rigorous Request for Proposal processes. One component of every RFP addresses business continuity and disaster recovery. In the absence of a standard, you have to determine how to craft your response for each RFP, which consumes a huge amount of time. It was eating up six to eight weeks of staff time in my department each year. And, there was always the risk of miscommunication or misunderstanding, which could hurt the RFP process.

However, all organizations are familiar with ISO standards. We now have a pre-defined RFP response document that describes our business continuity management system in the context of the ISO-22301 standard, which has reduced our team’s workload by an order of magnitude. The response clearly lays out our program and provides our certification number, so that an independent person can validate our certification.

How has the Fusion Framework helped you maintain your world-class ISO-certified business continuity program?

Fusion has greatly helped us to maintain the ISO requirement to have an enterprise-level awareness of the program through its user-friendly interface and the convenience of single sign-on. We have over 500 people in the organization who are tasked with maintaining, approving, or participating in activities. With our previous system, it used to be a struggle to get users to log in, and it was even more difficult for them to use. In contrast, the Fusion Framework is simple to login to and easy to use, so people enter and exit the system on a much more frequent basis.

The graphical dashboard reporting has also contributed significantly to aiding awareness at the executive level. It motivates management to engage with the program because they see data and actionable items presented the same way they receive information from other parts of the business.

Certainly, there are a lot of technical aspects to the Fusion Framework that we love and that make it great – such as automation, configurability, a procedure library, and more – but from the ISO perspective, it has given us the ability to demonstrate conclusively to auditors that our organization is aware of, supports, and engages with the program.

Read our full interview with ETS >