Wheatley Turner Associates, Environmental Management Consultants
Wheatley Turner Associates, Data Security Consultants
Wheatley Turner Associates, Information Security Consultants
Wheatley Turner Associates, GDPR Consultants, Shropshire
ISO 9001 Quality, Information Security & Environment Certification From Experts You Can Trust.

Wheatley Turner Associates was established in East Sussex in 2002 by Stephen R Wheatley, a member of the Chartered Quality Institute, who has over 20 years experience in Quality Assurance including working for one of the top six certification bodies as a Lead Auditor. We have recently relocated to Shropshire.

Our approach is hands-on and one of our objectives is to cement a long–term relationship with our clients, which includes working in the majority of industry sectors and provide consultancy, auditing services and assistance with certification to a variety of British & International standards and the EU GDPR.

Click on the following links for more information on each of the services we can offer:

ISO 9001 – Quality Management – Quality Assurance Standard

Implementing a Quality Management System will achieve the following benefits:

Encourage staff by defining their key roles and responsibilities.

Effective risk management.

Make cost savings through improved efficiency and productivity, product or service deficiencies will be highlighted.

Improvements can be implemented, resulting in reduced complaints and errors and improved service quality. Customers will be aware that orders are met consistently, on time and to the correct specification.

Working practices will be carried out in a controlled and effective manner.

Quality analysis of practical key performance indicators.



Registration to ISO 9001 by an accredited certification body shows commitment to quality, customers, and determination to work towards improving efficiency.

It demonstrates that your company has maintained an effective quality management system that satisfies the requirements of an independent, external audit.

An ISO 9001 certificate enhances company image in the eyes of customers, employees and shareholders alike.

Can give a competitive edge to an organisation’s marketing.

ISO/IEC 27001: – Information Security Management Standard

Information is critical to the operation and perhaps even the survival of your business. Certification to ISO/IEC 27001 will help you to manage and protect your valuable information assets.

ISO/IEC 27001 defines the requirements for an Information Security Management System (ISMS) and encompasses IT security standards and risk management. The standard is designed to ensure the selection of adequate and proportionate security controls to help you to protect your information systems and give confidence to any interested parties, especially your customers.

Effective implementation of and certification to ISO/IEC 27001 with the scope extension of ISO/IEC 27701:2019 for Privacy Information Management will give assurance by independent audit, that your organisation is complying with the General Data Protection Regulations 2016 and the UK Data Protection Act 2018 requirements.

ISO/IEC 27701

Do you control and/or process Personally Identifiable Information and concerned whether you meet the requirements of the GDPR?

Almost every organization processes Personally Identifiable Information (PII). Further, the quantity and types of PII processed is increasing, as is the number of situations where an organization needs to cooperate with other organizations regarding the processing of PII. Protection of privacy in the context of the processing of PII is a societal need, as well as the topic of dedicated legislation and/or regulation all over the world.

The Information Security Management System (ISMS) defined in ISO/IEC 27001 is designed to permit the addition of sector specific requirements, without the need to develop a new Management System. ISO Management System standards, including the sector specific ones, are designed to be able to be implemented either separately or as a combined Management System.

This extension has been developed around the requirements of the General Data Protection Act 2016 (GDPR) and will give organisations the credibility of being independently audited by an accredited certification body, resulting in a certificate to demonstrate that the organisation meets the requirements of the GDPR in the control and processing of Personally Identifiable Information (PII).

ISO/IEC 27701 is not a standard. Organisations who already hold an accredited ISO/IEC 27001 Information Security Management Systems certificate can bolt-on the requirements of ISO/IEC 27701 to their existing system and get certificated. Other organisations can apply for certification to both ISO/IEC 27001 and ISO/IEC 27701 after implementation of an ISMS that includes the management of PII.

ISO/IEC 27017

Do you already have an Information Security Management System conforming to ISO/IEC 27001 and are now, predominantly using cloud hosting services or providing them?

Organisations that utilise or provide cloud hosting services should consider implementation of ISO/IEC 27017 Security Controls for Cloud Service users or Cloud Service providers to enhance and update their existing ISMS. The latest iteration of ISO/IEC 27001 has not kept pace with the increase and availability of cloud services today. Therefore, organisation’s ISMS’s may not be robust enough to meet the enhanced security controls recommended by ISO/IEC 27017.

BS ISO 22301 – Societal Security. Business Continuity Management Systems

It is fundamentally important to continue business operations in the event of a disruption, whether due to a major disaster or a minor incident.

Updated from BS 25999, the world’s first British standard for business continuity management (BCM), is available to assist you to minimize the risk of such disruptions.

Effective implementation of an ISO 22301 Business Continuity Management System will give your customers the assurance that you have analysed the risks and threats of disruption to your business and have put in place effective, tested plans to ensure recovery in the shortest period of time.

ISO 14001 – Environmental Management Standard
WHAT IS ISO 14001?

ISO 14001 is the international standard for environmental management of businesses. It prescribes controls for those activities that have an effect on the environment, including the use of natural resources, work environment, handling and treatment of waste, energy consumption & recycling.



Implementing an Environmental Management System is a systematic way to identify and control the effects your company has on the environment. Cost savings can be made through improved efficiency. This is achieved by detecting ways to minimise waste and dispose of it more consciously and effectively, and by learning how to use energy more efficiently. It verifies compliance with current legislation and makes insurance coverage more accessible.



ISO 14001 management systems can be integrated with other systems such as ISO 9001 & ISO 45001

ISO 45001 – Occupational Health & Safety Management Standard
WHAT IS ISO 45001?

ISO 45001 is the certification for Occupational Health and Safety Management Systems based on current criteria such as BS8800, Health and Safety at work Act 1974 and the Management of Health and Safety at Work Regulations 1999.



Registration to ISO 45001 demonstrates a commitment to implement, maintain and improve the way in which you manage your Health and safety system.

If your company has 4 or more staff you will have to document your Health and Safety Policy, Responsibilities and Arrangements by law. Documented risk assessments are also a requirement.

If you have to comply with these requirements then why not control the activities within an independently assessed management system?

Alternatively we can assist you with all the legal requirements for occupational health and safety relative to your business.

Sector Specific Schemes
PAS 43 – Management system specification for the safe working of vehicle breakdown, recovery and removal operations.

An advantage if implemented within an ISO 9001 quality management system and can have benefits if integrated with ISO 45001 and ISO 14001.

ISO 13485 – Medical Devices – Quality management system – Requirements for regulatory purposes

Based on ISO 9001 but should be implemented on its own. This standard specifies the requirements for the design and development, production, installation and servicing of medical devices, and the design, development, and provision of related services.

AS9100/AS9120 Aerospace and Defence Standard

Based on ISO 9001 but should be implemented on its own.

AS9100 is a quality management system for the design, development, production, installation and servicing for defence and aerospace companies.

AS9120 is for aerospace/aircraft/defence product stockists only.

BRC Global Standard for Food Safety

A standard produced by the British Retail Consortium designed to comply with the Food Hygiene Regulations and similar to ISO 22000. Must be implemented within a quality management system and must include a HACCP system.

BRC/IOP Global Standard for Packaging and Packaging Material

Originally designed to establish criteria for the supply of packaging and packaging materials for the food industry, this standard is now adopted by major retailers and packaging businesses around the world. Certification verifies technical performance, aids manufacturers’ fulfillment of legal obligations, and helps provide protection to the consumer.

BRC Global Standard for Storage and Distribution

This Standard provides certification for the section of the supply chain between BRC Standards for the manufacture of food, packaging and consumer products and the end user of these products, the retailer/food service company.

Aimed at organisations involved in the storage and distribution of goods, the Standard is designed to ensure best practice in the handling, storage and distribution of products and to promote continuous improvement in operating practices.

BRC Global Standard for Consumer Products

Sets out requirements that an organisation should adhere to in order to be able to consistently produce safe, legal consumer products to the quality required by its customers.


Hazard Analysis & Critical Control Point (HACCP) systems are a mandatory requirement when your operations involve food or food ingredients. HACCP systems have also been used effectively in other industry sectors.

In general, HACCP involves identifying hazards in a process, analyzing the risk, identifying critical control points and measures to minimize or eliminate the risk.

Other Standards
ISO/IEC 17025 – Requirements for the Competence of Testing & Calibration Laboratories

Applies equally to instrument calibration, non-destructive and destructive testing, and microbiological test facilities. Audited by UKAS.

BS ISO 20252 – Market, Opinion and Social Research

If you carry out, commission or buy market research, demonstrating best practice is a powerful driver to potential clients, consumers and competitors.

ISO 20252 market, opinion, social research, vocabulary and service requirements is an international standard that sets a common level of quality for market research internationally.