Re-certifying against six ISO standards isn’t a tick-box exercise. It’s a serious, evidence-heavy process that touches almost every part of how we operate. This year, we decided to do it differently, and honestly, it helped us better understand how AI could be used to improve workplace productivity.
A Quick Bit of Context
Syntura holds accreditations across ISO 9001, 14001, 20000, 27001, 27017, and 27018. Together, these standards cover quality, environmental responsibility, IT service management, information security, and cloud data protection. Staying certified means keeping a large body of documentation current, accurate, and audit-ready — every year, without fail. And considering the solutions we provide and the sectors we support, all these certifications mean a lot to us and our business.
That’s a lot of reading, drafting, cross-referencing, and version control. And it falls on real people who have plenty of other things to do.
So, this year, Stuart – our Compliance Manager – worked alongside Tim, our Microsoft Practice Manager, to see how best parts of this tedious process could be automated and how we could bring Microsoft 365 Copilot into the process to do that. Not to hand the work over to AI, but to make the work more manageable for the humans doing it.
What Copilot Actually Did (and Didn’t Do)
We were deliberate about scope from the start. Copilot was introduced as a productivity layer, useful for the lower-judgement, high-volume tasks that eat time and increase efforts. The higher-judgement work, such as verification, auditor dialogue, and final sign-off, all stayed firmly with the team, as it should be.
In practice, that meant Copilot helped the most in three areas:
Reviewing documents for accuracy against supporting material. Instead of manually reading two versions of a policy side by side, Copilot pulled out the differences, flagged where citations to procedures, tickets, or change logs would strengthen the narrative, and surfaced gaps. Faster, more consistent, and less prone to fatigue, as it is a high-concentration task.
Drafting executive summaries. For every policy, procedure, and plan, Copilot produced a clean, plain-English summary. Document owners then reviewed it for nuance, checked it reflected how the process actually runs, and approved. The drafting happened in minutes. The thinking still happened with people.
Locating supporting evidence. When a control statement needed to be backed up by training records, change logs, or incident reports, Copilot helped identify the right candidate material; this saved Stuart and his team members from manually hunting through folders under what is a time-sensitive process.
The Numbers That Came Out the Other Side
- A total of 125 documents were updated with the support of Copilot during the programme.
- ~30% uplift in weekly output at peak time that went back into deeper reviews, corrective actions, and audit preparation
That’s not a trivial gain. In a process with a fixed deadline and a finite team, 30% more capacity means less stress, fewer shortcuts, and better outcomes.
How We Kept It Safe
This is the part we’re most proud of and the part that matters most if you’re thinking about doing something similar.
Grounded access. Copilot only ever surfaced (i.e., accessed) content that the user was already permitted to see. No data leaked across permission boundaries. The least-privilege model we apply to our infrastructure applied equally here.
Sensitivity label inheritance. Wherever applicable, Microsoft 365’s automatic sensitivity labelling was applied to drafts and updates; this was to ensure it was always clear what kind of data a document contained and authors could handle it appropriately throughout.
Human in the loop, always. Every Copilot-assisted document went through manual review and sign-off before it touched the audit pack. No exceptions, and this was critical.
Clear scope. Copilot drafted, summarised, and helped locate evidence. It did not make compliance determinations. It did not write auditor communications. That line was never crossed.
Our success is a direct result of the business working with the compliance and IT teams to execute a Copilot rollout in line with our guiding principle of accountability – it’s this synergy that turns opportunity into reality. Everyone is on a journey with AI enablement; it’s a transformative way of working. One thing is very clear: Copilot and generative AI in general are not IT initiatives, but they can full support the business initiatives. Stuart, Compliance Manager
What It Means If You’re Already a Syntura Customer
Your confidence in us is backed by independently audited standards. What this process demonstrated is that those standards aren’t just renewed; they’re getting sharper. More consistent documentation, clearer evidence trails, better-structured audit packs. The 30% efficiency gain also means faster turnaround when you need responses, updates, or queries resolved under pressure. The bar went up, not down.
And if you ever consider doing the same and implementing such a project in-house, we have the process and guidelines ready to help you unlock and implement Copilot to get you the same results or outputs.
What It Signals If You’re Considering Working With Us
We apply the same discipline internally that we bring to client engagements. The approach Stuart used — grounded access, sensitivity controls, human oversight, and clear scope — is exactly the framework we’d build for you. We’re not selling something we haven’t used and lived through ourselves.
And the model is transferable. Whether you’re managing ISO recertification, GDPR compliance workflows, or sector-specific governance obligations, the combination of people, process, and the right enabling technology can work just as well for your team as it did for ours. And we know how to do this well.
People-Inspired Solutions — This Is What It Looks Like in Practice
At Syntura, our guiding principle is that technology should work for people and not the other way around. We start with how your teams actually work, where the friction is, and what would genuinely make their day better. Then we apply the right tools, which in this case happened to be an LLM.
Copilot fits that principle well. It handled the heavy lifting — the reading, comparing, and drafting — so Stuart and the team could focus on the things that actually required their expertise. That’s not augmentation. That’s empowerment.
Interested in What This Could Look Like for You?
If you’re exploring where Copilot could safely accelerate your own governance or recertification work, we’d be glad to talk it through. We offer a Copilot review, assessment, and exploration workshop, specifically scoped to your standards, your data boundaries, and your team’s way of working.
No generic demos. No pressure. Just an honest conversation about what’s possible.