How Kocho built an Integrated Management System for multiple ISOs and corporate risk management

Experts in identity, security, and cloud solutions, Kocho offer IT services and consulting that optimise business performance through robust cybersecurity and managed IT services. The business helps clients enhance their security posture, streamline IT operations, and achieve cost-efficiencies. Demonstrating high standards of security and operational excellence to recognised international standards​ is essential for Kocho to secure work and retain clients’ trust.

Kocho was formed following the merger of two companies, only one of which was already compliant with ISO 27001 and ISO 9001.

Each had different approaches to risk management. Kocho needed to integrate the best practices from both to create a cohesive framework for ISO 27001 and 9001 compliance.
Both companies previously relied on cumbersome spreadsheets, which proved inadequate for effective compliance management. Regular risk reviews and follow-up tasks are essential for maintaining compliance, but busy staff found the spreadsheet-based system inefficient and time-consuming.

He added: “We needed to unify our approach and create a single, streamlined system for managing compliance. We were doing things the clunky old way with lots of spreadsheets, and we wanted to get a lot more efficient.”

Kocho needed an efficient solution to manage compliance and risk across multiple ISO standards. They aimed to build an Integrated Management System (IMS) that would simplify, standardise and centralise their compliance efforts, enabling stronger ongoing engagement and oversight.

Kocho chose ISMS.online to manage compliance for ISOs 27001 and 9001, and now also ISO 14001.

They consolidated policies, trackers, and documentation across various ISO standards into one centralised platform, simplifying management and ensuring all relevant information is in one place. A centralised view with easy filtering and tagging makes it far easier to track progress and spot risks and vulnerabilities.Recognising the platform’s potential to manage all types of compliance, Kocho has extended its use beyond ISOs, incorporating business-level risk management and other compliance areas. These include health and safety, and a list of blocked countries. It is easy to replicate templates, customise features, and link relevant information across different compliance areas — using ISMS.online as a secure, scalable IMS.“Setting up new compliance areas is pretty straightforward,” said Steve. “Being able to easily view and link related information is the beauty of the tool — it would be very difficult to represent that visually in a spreadsheet or Word doc.”

Consolidating not only multiple ISO standards but also key business-related risks into an IMS has been transformative for Kocho.

It has improved risk management efficiency, effectiveness, and accountability. ISMS.online has given Kocho a comprehensive, cost-effective compliance solution, enabling a small team to manage compliance to a high standard and ensure continuous improvement.External audits now take less time because it’s straightforward for auditors to access and check everything within ISMS.online, reducing questions and speeding up the process. The clear proof it provides of Kocho’s effective risk management has bolstered their confidence, which Steve views as an intangible but valuable benefit.

The intuitive user interface, automated reminders, and clear visibility over tasks and progress ensure timely and efficient risk reviews, strengthening a culture of compliance.

“ISMS.online revolutionised our risk reviews. We streamlined our processes, improved visibility, and increased engagement,” said Steve. “People are now excited to participate because the process is quick and efficient, and it’s easier to hold everyone accountable. It’s a spectacular difference.”

As well as working towards ISO 14001 certification, Kocho is planning to add DORA and NIST management to their IMS.

The company’s commitment to continuously extending and improving their use of ISMS.online is partly due to the high-quality service provided by its support team.“The ISMS.online team’s communication is second to none,” said Steve. “They’re always very responsive, helpful, and patient — a delight to work with. They’re committed to building an ongoing relationship and continuing to improve the platform.” For more information, visit our integrated compliance page or contact us to see how we can help your business.