We take our certifications and accreditations incredibly seriously as they form an important framework to our business and demonstrate to the outside world our commitment to maintaining internationally recognised standards. We invest significantly each year to ensure these certifications and accreditations remain at the heart of our company ethos.


ISO (International Standards Organisation) offers international standards across a wide range of disciplines. Audits are performed to ensure compliance with the standard and certificates are awarded by an independent external body, ACS. We hold the following ISO certifications:


ISO 9001:2008

Quality Management: Ensures the business delivers a consistent level of quality to its customers which requires well defined and regularly reviewed processes and procedures. This focusses on managing change, meeting customer expectations and delivering a programme of continuous improvement to the benefit of our business and our clients.


ISO 14001:2004

Defines the requirements of an effective environmental management system for small to large organisations. This provides a framework to improve resource efficiency, reduce waste, and drive down costs. The main aim is for our environmental impact to be measured and minimised.


Investors in People accreditation

This sets the standard for better people management and defines ‘what it takes to lead, support and manage people for sustainable results.’ Each year we’re assessed to measure our performance against key performance indicators and to ensure we are meeting the correct level required for on-going accreditation.


We are a registered Bacs Bureau

For payment processing, we are a Bacs Approved Bureau and as a registered Data Controller* and Processor we have the highest standards of data security and control. Being a Bacs Bureau means we are permitted to make payments to customers from a client’s own bank account using our Bacs Bureau facility; this is particularly beneficial when we’re reimbursing large sums to customers.
* Registered Data Controller. The Data Protection Act 1998 requires that every organisation that processes personal information to register with the Information Commissioner’s Office (ICO).


PCI DSS Compliant

MRM is compliant with Payment Card Industry Data Security Standard (PCI DSS) with stringent processes in place to protect personal data:

  • No cardholder data held by MRM
  • Credit/debit card details are held by a PCI-compliant Level 1 Service Provider - referenced using tokens for all card transactions
  • No cardholder data accepted via email
  • Any cardholder data sent via post order forms are redacted immediately the data has been entered onto the system