<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=229461991482875&amp;ev=PageView&amp;noscript=1">

When considering new business partners, there are multiple individual areas to review in order to gauge their suitability for the job.

One of the most useful ones can be to examine a company’s external certifications.

ISO Certifications are globally recognised standards that apply to a variety of management practices and processes.

In the words of ISO Quality Services Limited:

“The certification can be used to tender for business as a proof of a company’s credibility but also to instil confidence in the potential client that you will keep your promises.”

Therefore, when companies make reference to their ISO Certifications, it’s generally a positive sign as to their level of competence.

However, things are not always as they appear.

When is a certification not a certification?

In relation to Contract and Vendor management, the most relevant ISO certifications are ISO 27001 - Information Security and ISO 9001 - Quality.

They reflect a commitment to, and competence in, protecting confidential information as well as an overall approach to business management that delivers a consistently high level of service to customers.

If you look at the bottom of this page, you’ll see two round logos, which show that Gatekeeper has these two certifications.

ISO Certifications

There’s also further confirmation on this page and the certificates themselves can be provided upon request.

All of which go to prove that Gatekeeper has met the required standards for these relevant ISO certifications.

So far, so clear. So where does the opportunity for confusion come in?

Gatekeeper, like the vast majority of contract management solutions, is cloud-based. Our platform, and the data contained within it, is hosted using Amazon Web Services (AWS), in our case across five global instances.

This secure and flexible solution is a common approach across our sector.

To demonstrate its credibility and suitability as a hosting service, AWS itself has also attained ISO 27001 and 9001 certifications.

So in the case of a company like Gatekeeper, its customers have the added reassurance that not only does Gatekeeper itself work to the highest standards when it comes to information security and quality management, but so does its hosting partner.

However, this isn’t the case for all companies in the sector.

It’s not uncommon to see promotional material making reference to “certified data centres” or similar as well as including the specific names of the ISO certifications (27001 & 9001).

It’s easy to read this and make the assumption that the business itself is certified to those standards.

The distinction is important, especially if information security is one of the key criteria that a prospective buyer is rating companies against.

Of course it’s reassuring to know that the underlying data centres of a prospective partner are run to the highest standards. However, it’s not necessarily a point of differentiation if you have several companies hosted on AWS, none of which themselves are actually certified.

Given the prevalence of cloud hosting, this level of security certification could be considered “table stakes” when it comes to working with companies’ sensitive contract and vendor data.

The certification is of course important as the hosting company works at the ‘data layer’ of the application only. The ‘software layer’ is provided by the software company.

In the case of Gatekeeper, our ISO certification ensures the same very high level of process and security is maintained from the data layer all the way to the software layer. If the software company has not achieved their own ISO certification then there is no standard approach applied and this can leave you and your data exposed.

It’s therefore important to understand that no matter the level of information security achieved by the underlying hosting services, this can all be undone if the company itself is negligent or adopts poor practices in relation to the data it manages on behalf of its customers.

This is why it’s vital, if there’s any ambiguity or confusion, to request copies of a company’s ISO certificates so the details can be checked and verified.

To receive a copy of Gatekeeper’s Security Pack, including relevant ISO certifications, please contact us today.

Ian Bryce
Ian Bryce

Ian writes on a variety of topics, bringing together his own knowledge and experience with that of industry experts.


Contract Management , Control , Compliance , Vendor Management , Contract Lifecycle Management , Contract Management Software , Visibility , Contract Lifecycle , Supplier Management , Case Study , Contract Risk Management , Vendor Management Software , Contract Management Strategy , Contract Repository , Risk Mitigation , Contract Automation , Workflows , CLM , Contract Ownership , Contract Visibility , Contracts , Supplier Performance , Supplier Risk , Contract and vendor management , Legal , Legal Ops , Podcast , Risk , Third Party Risk Management , Vendor Onboarding , contract renewals , Gatekeeper Guides , RFP , Supplier Relationships , TPRM , Business continuity , CLM solutions , COVID-19 , Contract Managers , Contract Performance , Contract Redlining , Contract Review , Contract Risk , ESG , Metadata , Negotiation , Procurement Reimagined , Procurement Strategy , SaaS , Supplier Management Software , Vendor Portal , Vendor risk , webinar , Artificial Intelligence , Clause Library , Contract Administration , Contract Approvals , Contract Management Plans , Contract compliance , ESG Compliance , Kanban , RBAC , Recession Planning , Regulation , Regulatory compliance , SOC Reports , Security , Sustainable Procurement , collaboration , AI , Audit preparedness , Audit readiness , Audits , Business Case , Clause Template , Contract Breach , Contract Governance , Contract Management Audit , Contract Management Automation , Contract Monitoring , Contract Obligations , Contract Outcomes , Contract Templates , Contract Tracking , Contract Value , Dashboards , Data Fragmentation , Due Diligence , Employee Portal , Excel , FCA , Future of Procurement , ISO Certification , KPIs , Legal automation , LegalTech , Market IQ , NetSuite , Obligations Management , Procurement , Procurement Planning , Redline , Scaling Business , Spend Analysis , Standard Contractual Clauses , Suppler Management Software , Touchless Contracts , Vendor risk management , central repository , success hours , time-to-contract , Australia , BCP , Breach of Contract , Brexit , Business Growth , CCPA , CMS , CPRA 2020 , CSR , Categorisation , Centralisation , Certifications , Cloud , Conferences , Confidentiality , Contract Ambiguity , Contract Analysis , Contract Approval , Contract Attributes , Contract Challenges , Contract Change Management , Contract Community , Contract Disengagement , Contract Disputes , Contract Drafting , Contract Economics , Contract Execution , Contract Management Features , Contract Management Optimisation , Contract Management pain points , Contract Negotiation , Contract Obscurity , Contract Reminder Software , Contract Reporting , Contract Routing , Contract Stratification , Contract Termination , Contract Volatility , Contract relevance , Contract relevance review , Contracting Standards , Contracting Standards Review , Cyber health , Data Privacy , Data Sovereignty , Definitions , Digital Transformation , Disputes , EU , Electronic Signatures , Enterprise , Enterprise Contract Management , Financial Services , Financial Stability , Force Majeure , GDPR , Gatekeeper , ISO , IT , Implementation , Integrations , Intergrations , Key Contracts , Measurement , Mergers and Acquisitions , Microsoft Word , Modern Slavery , NDA , Operations , Parallel Approvals , Partnerships , Pharma , Planning , Port Agency , Pricing , RAG Status , Redlining , Redlining solutions , Requirements , SaaStock , Shipping , Spend optimzation , Startups , SuiteApp , SuiteWorld , Supplier Cataloguing , Technology , Usability , Vendor Governance , Vendor Relationship Management , Voice of the CEO , automation , concentration risk , contract reminders , document automation , eSign , esignature , post-signature , remote working , vendor centric

Related Content


subscribe to our newsletter


Sign up today to receive the latest GateKeeper content in your inbox.

Subscribe to Email Updates