Select regional store:

Workforce Metrics

Workforce Metrics achieves ISO27001 certification in only three months for under £5k!

This case study shows how IT Governance helped Workforce Metrics achieve ISO27001 certification. Enter your email address at the bottom of this page if you would like a PDF version of this case study. Call us on +44 (0) 845 070 1750 to discuss your own ISO27001 consultancy requirements.

Workforce Metrics Case Study

When Workforce Metrics was founded by Andy Shettle in 2009, the company was literally just him and his PC.

Andy knew that ISO27001 compliance was often a vital requirement – particularly when tendering for contracts awarded by local government, the NHS and the public sector – and the absence of this accreditation could have meant a lot of wasted time completing additional forms and audits in order to win business.

Workforce Metrics is a business which handles a huge amount of sensitive data, such as detailed personnel records for its clients, and the reasons for such an organisation having strong information security in place in today’s ‘cyber-threatening’ environment are self-evident.

In addition to this, there are the statutory requirements of the Data Protection Act 1998, which apply to all organisations and are often cited in public sector tender documents and requests for proposals. These drivers, together with the rising cost of security breaches in terms of fines, loss of reputation and the impact on the confidence of stakeholders, means that there is a growing requirement to provide supply chain assurance through UKAS-accredited ISO27001 compliance certificates.

“My best advice to other SME’s that are seeking to comply with ISO27001? Don’t agonise over how to do it or how long it will take. Call in IT Governance and let the experts show you how to achieve the best result. This will save you time and money, and ensure the desired outcome: ISO27001 certification.”

Andy Shettle, Managing Director


When Andy Shettle, managing director of Workforce Metrics, planned for growth in his start-up software business, he was thinking big. His client base consisted mostly of public sector organisations with over 750 employees on average. These organisations have mature HR departments that are required by law to manage policy compliance. Therefore, Andy already understood the growing need to demonstrate compliance when he started his software enterprise based in Redhill, Surrey.

Established in 2009, Workforce Metrics is a specialist provider of employee relations (ER) software to human resource professionals and HR departments. ‘ER Tracker’ is designed to drive inefficiencies out of managing ER cases where people-orientated processes are involved. The company’s software can be deployed either on premises or in the cloud, and provides visibility of information on dashboards.

With coaching and mentoring support from IT Governance, one of the most experienced ISO27001 consultancy practices in the world today, Andy has been able to demonstrate conclusively that SME businesses with between one and ten employees can adopt ISO 27001 information security certification without restrictive paperwork.


The main drivers for gaining ISO27001 certification were:

  1. Partner assurance;
  2. Differentiation: Workforce Metrics would gain an advantage over its competitors, both by having certification and by publicising this fact;
  3. Compliance with the requirements of an ever-growing number of government and public sector prospective clients looking to make efficiency savings around their employee relations caseload.

To quote Andy:

“Workforce Metrics came into existence to fulfil the growing compliance needs of HR departments that were struggling to implement new legislative requirements. As a business, we knew that the problem of handling these changes effectively was down to metrics: policy compliance meant having better data in the system. This is particularly important for the requirements of workforce monitoring as required under the UK Equality Act: Public Sector Equality Duty.

Click here to read more »


Andy was impressed with the project support that he received from IT Governance: “When I first met Steve [Watkins], I was unaware that he had written several books on ISO27001. It was only later that I realised why the advice that I had been given was so authoritative: Steve is surely one of the most experienced consultants in this field.

“I had heard many stories from clients about how many years it could take and the cost involved in achieving ISO27001 certification, and there’s no doubt that some organisations could struggle, should they be offered poor quality advice. We, on the other hand, achieved our goal in four months by hiring IT Governance’s Mentor & Coach support service!

“We focused on using Steve’s considerable skills to transfer to us the knowledge that we needed to allow Workforce Metrics to run its ISMS going forward. This ensured that we were able to speedily put in place the implementation and ongoing management was as painless as possible. Based on the Mentor & Coach support described in their detailed proposal, the consultancy work estimated was an appropriate level of investment for Workforce Metrics. Enough for us to obtain the assistance that we required to embed an ISMS compliant to ISO 27001, measured in days rather than weeks or months of hire cost.

Click here to read more »


Thanks to coaching and mentoring support from IT Governance, Workforce Metrics passed their Second Stage audit conducted by The Audit People, a UKAS-accredited certification body. As a result, they were issued an ISO27001 certificate in November 2013, less than four months after Andy engaged IT Governance.

In Andy’s words: “IT Governance helped us to pull the whole thing together in much less time than we were led by some sources to believe. I would recommend that if you want the result of UKAS-accredited certification in a timely manner, you should consult IT Governance first! By taking this route, we have gained valuable status in our dealings with existing and prospective clients, and I am confident that certification will help us to gain business by providing the appropriate level of assurance.

“My best advice to other small businesses that are seeking to comply with ISO 27001? Don’t agonise over how to do it or how long it will take… call in IT Governance and let the ISO27001 experts show you how to achieve the best result. This will save you time and money, and ensure the desired outcome: ISO27001 accredited certification.”

Click here to read more »

Download this case study now

To get a PDF version of this case study enter your email address below and we will send you a copy straight away.

Just as we have helped Workforce Metrics to achieve ISO27001 compliance on time and within budget, we can help you. Call us now on 00 800 48 484 484.

This website uses cookies. View our cookie policy