Standards Should Be Standard

Compliance with the law and regulations is important nationally and globally while compliance with technical and other performance standards—and of course Best Practice—is required of service providers and suppliers. Because it is essential, we take compliance for granted.

Which may be something of a problem or even a challenge. If everyone complies then all are equal and there is no differentiation or competitive edge. From a buyer’s or a client’s point of view, so far so good. You can rest happy in the knowledge that all of the potential service or supply partners you might choose to do business with are responsibly compliant.

But suppose you are a business that wants to choose its business partners on the basis of excellence, or at least of comparatively superior or above average performance? Mere ‘compliance’, however well and authoritatively certified, is not going to be enough—although it will certainly be one of your basic criteria.

Since 2002 Servecentric has provided data centre and managed services to companies wishing to outsource their IT infrastructure. We have in all modesty been very successful in attracting clients from all sectors, public and private, including financial services and ICT with some household name blue chip companies. We gained their business in the first place because we demonstrated that we had the highest standards in physical assets, technology and expertise—and that we would be good people to partner with.

Our path to ISO certification

Back in the mid 2000s we secured a very significant contract which was pivotal in our growth. It was from a financial services client, still with us, which put us through a rigorous audit. Its team looked at every security detail of the building and the critical facilities to support its operations. We could confidently say that we were compliant with every requirement then current, because we knew the efforts we had made to be so. But we actually had little to prove it. We were compliant but not certified! On winning that contract we realised that it was important to have our compliance and operational standards formally and objectively certified.

We looked into ISO27001 Information Security as a formal Information Security Management System. In those early days we were one of the first data centres to achieve that ISO certification. There was not as much known about it then while today it has almost become obligatory. If clients want to outsource their IT and especially data information, they must be confident that it is in a safer and more secure place than the internal IT room with the reassurance of backup power and network connectivity to keep the systems running 24x7. In this sector today, credibility comes with certificates.

Most potential clients do not have the resources to conduct a full onsite audit. At the same time our relatively small team found that a lot of time was taken up repeating essentially the same information in response to requests for tenders and client audits. We also recognised that objective certification was going to be a serious business requirement in the future.

ISO certification is a two stage process involving initial on-site audits after which ongoing surveillance audits take place twice a year. It is rigorous and we welcome that. Servecentric is now certified in three relevant standards: ISO9001 – Quality Management, ISO27001 Information Security and ISO20000-1 IT Service Management. Our certification is independent, in the sense that it is specifically for us and our Irish data centre operations, not a group certification like so many in the market.

A new mantra for our team

‘Better check with ISO’ has become a mantra for our team. Nothing is done or implemented or changed without checking with ISO and verifying that it is in line with our certified processes and procedures. This is our basic set of quality references. It is actually as much a frame of mind or an ethos as a formal governance structure and for us is simply part and parcel of the service.

But there is a higher level. Compliance, willing and strict and comprehensive, is today a base level. Some industries talk about World Class Manufacturing. We believe in World Class Service. That is an emerging term but largely in consumer service industries like hospitality. But there is absolutely no reason why those concepts of continuous improvement in processes and performance should not be adopted in our business of operating data centres, hosting operational ICT and data and particularly in assisting and advising our clients.

One metaphor that has become a bit of a marketing cliché is ‘the journey’, whether to the cloud or the next generation of connectivity or communications or whatever. Fair enough. We want to be the business partner and companion of choice because we are better than most at everything we do. Compliance is not enough. It is simply where excellence begins.