Volume Seven - January 2026
Subject – Why the Company got ISO Certified
Hi everyone and welcome to Volume 7 of Source Code Conversations. We’re really excited that our monthly series is now available in audio podcast format, as well as the usual written version on sourcecodecontrol.com.
Otherwise, nothing changes. Monthly sit downs with experts from across our business to bring you the latest on key topics and trends.
This month we’re delighted to welcome Gourav Tandon, our Country Lead for India and one of our amazing project consultants for our partnership with Microsoft. Source Code Control were delighted to achieve ISO 27001 certification in 2024 and further bolstered that with 27701 this year. We sat down with Gourav to dive into why the company decided to pursue ISO accreditation, the process involved and the benefits that it will bring for us, as well as our clients and partners.
Thanks for giving us your time, let’s get into the conversation.
Matt Webb: Thank you very much for joining us today and for being our first guest on a recorded podcast. We’re lucky to have you here to talk about ISO for Source Code Control. To start, could you tell our listeners a little about yourself and your background with the company?
Matt: Perfect. That sets us up nicely for today’s topic which is all about the ISO accreditations. First off, for the listeners, what is ISO accreditation in basic terms, and why does it matter to companies like ours?
Gourav: ISO stands for the International Organisation for Standardisation. It provides frameworks for organisations to ensure quality and security. For example, ISO 9001 focuses on quality management, while ISO 27001 is about information security. Being ISO certified signals globally that your processes meet the highest standards. For us, it was about demonstrating trust and quality to customers and stakeholders.
Matt: So, a strong foundation the company to build on. Was this journey driven by a specific client requirement or an event?
Gourav: There were two things in mind when we were thinking of ISO. Firstly, how do we expand globally, our offices opening in India and Poland. The second was, competitive advantage. As we opened offices in India, Poland, and elsewhere, we needed a global standard. And ISO helps us pitch to more customers. It grows with us.
Matt: How does this fit into the company’s long-term vision?
Gourav: We wanted to integrate security to be part of our core strategy, not just a checklist item. ISO helps embed security as a long term strategy. And we’re not stopping at ISO 27001 and 27701. We want to get re-certified every year and to add more certifications in ISO, that focus on AI for example.
Matt: Interesting, AI is a very hot topic at the moment. Looking outward, what benefits will ISO accreditation offer our current and future clients and partners?
Gourav: It gives them confidence. Security was already part of our culture, but ISO adds a stamp of authenticity. It shows we have governance frameworks in place, helping clients to justify working with us.
Matt: Going back previously to what you said, like a rubber stamp for the company in how we operate. Was there any competitive pressure applied or market trend that you spotted that were influencing this decision?
Gourav: Yes, there’s always market pressure that plays its part. New frameworks like the EU Cyber Resilience Act and data protection laws which we have to stay competitive. Going for ISO gives us that edge while reinforcing our security-first culture.
Matt: Let’s talk about the process. What were the biggest challenges in pursuing ISO accreditation?
Gourav: Having seen the process four times now, I would say the biggest challenge is always chain management. ISO is a framework that touches from an executive layer, to an anlyst, to senior leadership. It touches everyone in the company. Make it HR, IT and operations.
Matt: As you’ve gone through this process four times and a very experienced pair of hands with ISO, what are the biggest surprises you’ve seen in the process?
Gourav: That’s a good question because surprises can be different. As for the company focus, if it’s around security like we were, this was the shortest span that we received our ISO certification. When you look deep inside, you’re 90% almost there. SO we were 90% there, we just had to put processes around it. So I would say the biggest surprise is you don’t know how ready you are if you’re security focused. Completing the certification, you will know on how ready you are and do an internal gap analysis and see what you need to fix.
Matt: That’s a good way of thinking about it. For listeners considering ISO accreditation, what advice would you give to them, where should they start?
Gourav: Firstly, get a good auditor. Get a good company which can guide you through the process. Don’t think ISO as just documentation, integrate it into your core processes, into your strategic objectives and it’ll be easy. Leadership buy-in to do ISO, it makes the process much easier. It adds value to the process.
Matt: As a business, since we’ve been through this a couple of different versions of ISO over the last few years, did we work with the same auditor? Would you recommend using the same auditor for multiple certifications?
Gourav: I would highly recommend if you’ve got the same auditor because most of the time what happens is even if you’re working through different ISO processes, 50% or 40% process remain the same. However, once you have the base ready you can change it. It’s not people dependent it’s more process dependent.
Matt: So let’s start to think about the future outlook for the company then along the lines of ISO. So how do you see the ISO accreditation that we have gathered and the plans that we have as an organisation shaping our future growth?
Gourav: That was part of the plan when we started ISO, it’s not just focusing around getting the process right, but how we can grow as a business. It helps us acquire new customers and manage risk effectively. A lot of big customers are coming back to us saying we don’t need to audit you because you’re already ISO certified and you audit your process each year.
Matt: Earlier on you mentioned AI, what are the plans for the company in terms of additional certifications and standards? How would that cater for AI in technology?
Gourav: Since achieving ISO 27001 and 27701, the first board meeting we announced this and started discussing about ISO 42001. This is ISO for AI. Since we cover AI adoption workshops, masterclasses and development. We now have to focus on AI risk management. ISO 42001 will give us that base to do end-to-end AI workflow management.
Matt: Fantastic. To close, what message would you give to clients and stakeholders?
Gourav: Security and data protection are top priorities for us. We want to focus on getting the certifications right, but getting the processes right internally, which are audited by third party independent auditors. They help us stay ahead, and certifications like ISO 27001, 27701, and Cyber Essentials Plus reinforce that commitment.
Matt: Perfect way to end. Thank you, Gourav, for sharing your insights. We look forward to speaking again, maybe after ISO 42001!
That wraps up our conversation with Gourav on why ISO accreditation matters and how it sets us up for the future. If you enjoyed this episode, don’t forget to share it with your colleagues and follow us on LinkedIn at ‘Cloud Services by Source Code Control’ to know when the next Volume drops, which will be focused on the IT and HR considerations of ISO accreditation. Thanks for listening, and we’ll see you next time on Source Code Conversations.
Gourav Tandon
Interviewee
Matt Webb
Interviewer
Zoe Hawkins
Editor