ISO 9001 and ISO 27001 Certifications: Demonstrating Our Commitment to Quality and Security
We’re pleased to share that we have successfully achieved both ISO 9001, for Quality Management, and ISO 27001, for Information Security Management, with no nonconformities or areas for improvement raised across either standard.
For NHS and public sector procurement professionals, these certifications provide NOE CPC customers with further confidence of our ability to be a high-quality and efficient framework provider. They also confirm that our approach to quality and information security has been assessed against internationally recognised standards, providing clear, credible evidence to support confident and well-informed procurement decisions.
Raf M Rafaqut, Senior Systems and Process Analyst at NOE CPC, said: “Preparation started long before the audit itself, with a focus on ensuring our processes, controls, and documentation reflected how the organisation operates day-to-day, not just how it looks on paper.”
Raf is also leading NOE CPC’s work towards ISO/IEC 42001 certification for Artificial Intelligence Management, building on the organisation’s commitment to strong governance, effective risk management and the responsible use of emerging technologies.
What the standards mean in practice
ISO 9001 confirms that our operational processes are clearly defined, consistently applied, and subject to regular review. It demonstrates a structured approach to understanding customer requirements, maintaining service quality, and embedding continual improvement throughout our day-to-day operations.
ISO 27001 covers information security and demonstrates that appropriate controls are in place to protect information. Risks are identified, assessed and managed, and our approach has been independently assessed against one of the most widely recognised information security standards in the world. This means you can engage with us knowing that quality and security are not just policies on a page; they are how we operate every day.
Why this matters for public sector procurement
Public sector procurement requires trust, accountability, and compliance. The organisations you work with need to be reliable, transparent, and compliant with governance expectations. ISO certification reduces the due diligence burden on your side and provides independent validation that our systems and controls are fit for purpose.
It also demonstrates supply chain maturity. As NHS organisations face increasing scrutiny around third-party risk, working with an ISO-certified procurement provider is a straightforward way to evidence that your procurement decisions are well-founded.
Maintaining certifications through continual improvement
Achieving certification was the outcome, but the work continues every day through internal audits, management reviews, and a culture where colleagues at every level take ownership of quality and security. We will continue to ensure we retain these certifications, which means we will keep evaluating and improving our processes to stay aligned with industry best practice.
You can find out more about our certifications by visiting our Certifications page here.