How Kocho built an Integrated Management System for multiple ISOs and corporate risk management

The Challenge

Kocho was formed following the merger of two companies, only one of which was already compliant with ISO 27001 and ISO 9001. Each had different approaches to risk management. Kocho needed to integrate the best practices from both to create a cohesive framework for ISO 27001 and 9001 compliance.
Both companies previously relied on cumbersome spreadsheets, which proved inadequate for effective compliance management. Regular risk reviews and follow-up tasks are essential for maintaining compliance, but busy staff found the spreadsheet-based system inefficient and time-consuming.

“You can’t do risk management with a spreadsheet. It’s impossible because you can’t get a proper overview, so you get bogged down in reviewing certain items only. Everyone loses interest and you don’t make good progress.”

Steve Martin Head of Sustainability and Compliance, Kocho

He added: “We needed to unify our approach and create a single, streamlined system for managing compliance. We were doing things the clunky old way with lots of spreadsheets, and we wanted to get a lot more efficient.”

Kocho needed an efficient solution to manage compliance and risk across multiple ISO standards. They aimed to build an Integrated Management System (IMS) that would simplify, standardise and centralise their compliance efforts, enabling stronger ongoing engagement and oversight.

The Solution

Kocho chose ISMS.online to manage compliance for ISOs 27001 and 9001, and now also ISO 14001. They consolidated policies, trackers, and documentation across various ISO standards into one centralised platform, simplifying management and ensuring all relevant information is in one place. A centralised view with easy filtering and tagging makes it far easier to track progress and spot risks and vulnerabilities.

Recognising the platform’s potential to manage all types of compliance, Kocho has extended its use beyond ISOs, incorporating business-level risk management and other compliance areas. These include health and safety, and a list of blocked countries. It is easy to replicate templates, customise features, and link relevant information across different compliance areas — using ISMS.online as a secure, scalable IMS.

“Setting up new compliance areas is pretty straightforward,” said Steve. “Being able to easily view and link related information is the beauty of the tool — it would be very difficult to represent that visually in a spreadsheet or Word doc.”

“ISMS.online makes our day-to-day compliance management very efficient. Having everything together in one centralised, well-ordered place allows us to easily see progress, priorities, and what’s coming up.”

Steve Martin Head of Compliance, Kocho

The Result

Consolidating not only multiple ISO standards but also key business-related risks into an IMS has been transformative for Kocho. It has improved risk management efficiency, effectiveness, and accountability. ISMS.online has given Kocho a comprehensive, cost-effective compliance solution, enabling a small team to manage compliance to a high standard and ensure continuous improvement.

External audits now take less time because it’s straightforward for auditors to access and check everything within ISMS.online, reducing questions and speeding up the process. The clear proof it provides of Kocho’s effective risk management has bolstered their confidence, which Steve views as an intangible but valuable benefit.

“Having ISMS.online has built our audit confidence because we can show we’re managing things well and mitigating risks. And audits are quicker because it’s easier for the auditor to see all the information they need.”

Steve Martin Head of Sustainability and Compliance, Kocho

The intuitive user interface, automated reminders, and clear visibility over tasks and progress ensure timely and efficient risk reviews, strengthening a culture of compliance.

“ISMS.online revolutionised our risk reviews. We streamlined our processes, improved visibility, and increased engagement,” said Steve. “People are now excited to participate because the process is quick and efficient, and it’s easier to hold everyone accountable. It’s a spectacular difference.”

“The ROI of ISMS.online is evident as it enables our small compliance team to manage multiple ISOs plus other corporate compliance requirements. It gives us the core capabilities we need at a very competitive price.”

Steve Martin Head of Sustainability and Compliance, Kocho

What’s Next?

As well as working towards ISO 14001 certification, Kocho is planning to add DORA and NIST management to their IMS. The company’s commitment to continuously extending and improving their use of ISMS.online is partly due to the high-quality service provided by its support team.

“The ISMS.online team’s communication is second to none,” said Steve. “They’re always very responsive, helpful, and patient — a delight to work with. They’re committed to building an ongoing relationship and continuing to improve the platform.”

For more information, visit our integrated compliance page or contact us to see how we can help your business.