A milestone month for BMABA governance

Hi there,

Over the past few weeks, our Senior Leadership Team has been heads-down on three major external audits running back-to-back. We've come out the other side with results that genuinely set BMABA apart, and we wanted to share them with you.

ISO 9001:2015 surveillance audit passed clean

Our annual surveillance audit, conducted by British Assessment Bureau (a UKAS-accredited certification body) against the international standard for quality management systems, concluded with zero non-conformities and zero opportunities for improvement raised. That's an exceptional outcome by any measure, especially for a self-funded non-profit like BMABA CIC.

The auditor specifically commented on the level of detail across our QMS documentation, the maturity of the management system and team, and the depth of audit evidence we presented across every clause assessed. For a standard as rigorous as ISO 9001:2015, that's the kind of result that doesn't happen by accident.

ISO 27001 Stage 1 cleared, Stage 2 confirmed for July

We've also just completed our Stage 1 audit, again with British Assessment Bureau, toward ISO 27001:2022 certification, the international standard for information security management. Stage 1 was a substantial undertaking on its own, and the result has been strong enough that our Stage 2 (the full certification audit) is now scheduled for early July. Another hugely challenging audit process passed with no non-conformities.

If successful in July, BMABA will become the first independent martial arts governance organisation to achieve ISO 27001 certification. Not the first in our country. The first - ever. That's a position we don't take lightly, and we'll keep you posted as we move through Stage 2.

Cyber Essentials re-certified

Alongside the ISO work, we've successfully renewed our Cyber Essentials certification under the UK government scheme. This confirms that our development frameworks, system architecture, and day-to-day security practices continue to meet the national baseline for technical cyber security, across an expanded device fleet and updated cloud infrastructure.

Thank you for bearing with us

These processes consume an enormous amount of SLT time. Helen, Niki, Kirsty and Giovanni have been deep in audit preparation, evidence gathering, document control reviews and policy work for several weeks running. Response times on some non-urgent items have been slower than we'd like, and we appreciate the patience members have shown while we've been in this cycle. We also appreciate all of our team here - customer services, Bella and Cat in particular, who have been plugging the gaps.

Christina, for managing the Strategic desk in Helen's absences, and the whole SLT team for managing this alongside BMABA's considerable day to day.

Why this actually matters to you

This is the unsexy part of what we do. It's not often seen. It doesn't make for exciting social media. But it is the backbone of our credibility, and by association, your club's credibility.

When AXA underwrite our insurance scheme, when CIMSPA recognise us as a Training Provider Partner, when local authorities, schools, leisure trusts and corporate venues check who they're dealing with before letting your club through the door, these are the credentials that get you across the line. ISO 9001. Cyber Essentials. Soon, ISO 27001. UKAS-accredited, externally audited, independently verified.

It's what separates a properly governed, professionally run not-for-profit standards body from the dozens of self-appointed, one-man-band associations operating without any external scrutiny. Anyone can call themselves a governing body. Very few can demonstrate it under audit conditions, year after year, against international standards.

What's next

Stage 2 of ISO 27001 in early July is the major one on the horizon, and we'll share the outcome publicly the moment it's confirmed.

In the meantime, normal service resumes. We've got new CPD launching, some genuinely exciting partnerships in the pipeline, the next version of our CRM ready to roll out, and a long list of other developments that have been penned back while the SLT have been buried in audits and inspections. We can't wait to start getting it all into your hands.

Two places by narrow roads, as always.