Case Study: WHEATLEY


About Wheatley

Wheatley is a technology company that creates software to help utilities companies manage their data flows, market messaging and metering assets. Formed in 1991, Wheatley provides mission-critical solutions that solve complex problems to many of the UK’s strongest utility services, with its software metering solutions impacting 22m homes nationwide.

The challenge

Wheatley decided to implement ISO/IEC 27001 ahead of the certification becoming mandatory in the UK utilities supply chain. Assuring a secure environment for its client data was becoming increasingly critical in the energy provider supply chain in which Wheatley operates.

As an existing ISO 9001 certified business, Wheatley was already convinced of the benefits of increased governance and the reassurance that certification offers to clients and prospects. Like many SMEs, Wheatley did not have the option to employ a full time ISO manager so opted to entrust their project to an external consultant. Applied Risk Management, also a fellow partner at Innovation Martlesham, was the logical choice. Having met with Andy Mills, Management Consultant & ISO Auditor at Applied Risk Management, Jane Bromley, the Marketing Manager at Wheatley, knew instantly she’d made the right call.

“From the outset, Applied Risk Management was focused on truly understanding our business and took the time to explain how the principles of ISO/IEC 27001 could be applied to deliver the maximum commercial benefits.”

The solution

Having met with Wheatley and spent two days on-site, Applied Risk Management set about creating a gap analysis to highlight and address any immediate areas of concern.

Following this, Applied Risk Management worked closely with Wheatley, providing all the training, coaching and templates needed for Jane to write and revise the policies herself.

Empowerment and ownership is at the core of the Applied Risk Management approach. By providing tailored training and coaching, sharing deep expertise and through practical tasks and feedback, Wheatley as a company has all the tools and knowledge needed to understand and own its management information system and evolve it once Applied Risk Management has left site.

Being a qualified ISO auditor for BSI and IMS International, Andy can also check the management system is compliant and effective before a company’s formal certification audits. These mock audits prove invaluable in preparing employees for the big day. Wheatley passed with flying colours.

“Because Andy is also a qualified external auditor he simulated the external audit to give Wheatley staff the experience of being formally assessed against the ISO standards.”

With their ISO/IEC 27001 certification granted, the management system is now a central part of Wheatley’s business. Employees recognise the need to apply additional security measures to their day jobs and aren’t scared to make suggestions, which are easily accommodated within the ISO framework. The result is a far higher level of information security, which will bear Wheatley in good stead both now and in the face of changing market regulation.

As testament to the quality of Andy’s services, Applied Risk Management is now facilitating Wheatley’s transition to the latest version of ISO 9001 and the company is also working towards ISO 22301 – Business Continuity.

“Thanks to Applied Risk Management, we both understand and own our information management system. We have the knowledge and the confidence to control our business in an effective manner, delivering tangible benefits to customers, suppliers and employees.”

pdf downloadPDF Download - WHEATLEY Case Study

“Most of our customers require us to have ISO27001 as part of their own due diligence process, so we knew certification was fundamental to our continued success.”


The results

Reduced risk

Non-conformities are captured and handled consistently and effectively

Continuous improvement

Wheatley owns the system and can make positive improvements


Framework inspires confidence among staff who take pride in doing a good job

Commercial edge

More than a tick in the box,’ ISO certification provides reassurance to clients seeking Wheatley’s services


Robust yet flexible system caters for changing market forces, e.g. GDPR