Receiving a certification for ISO 9001 informs your customers that your company is committed to providing enhanced customer satisfaction and meeting all applicable customer and regulatory requirements. In other words, it helps solidify your customers belief that you will get the job done right because you have instituted a quality management system that confirms you meet your obligations. ISO 9001 is a broad-based management system standard, and therefore can be applied to any manufacturing or service industry. The newest version of the internationally recognized standard, ISO 9001:2015 was published September 15, 2015.

ISO 45001, Occupational health and safety management systems – Requirements with guidance for use, is the world’s first International Standard for occupational health and safety (OH&S). It provides a framework to increase safety, reduce workplace risks and enhance health and well-being at work, enabling an organization to proactively improve its OH&S performance. This will help them manage their OH&S risks and improve their OH&S performance by developing and implementing effective policies and objectives.

ISO/IEC 27001 specifies requirements for the establishment, implementation, monitoring and review, maintenance and improvement of an overall management and control framework – for managing an organization’s information security risks. The standard covers all types of organizations (e.g. commercial enterprises, government agencies and non-profit organizations) and all sizes from small businesses to huge multinationals. By receiving certification for ISO 27001 you show your clients that bringing information security under management control is a prerequisite for sustainable, directed and continuous improvement.

CMMI for Development is a reference model that covers activities for developing both products and services. Organizations from many industries, including aerospace, banking, computer hardware, software, defense, automobile manufacturing, and telecommunications, use CMMI for Development.

CMMI for Development contains practices that cover project management, process management, systems engineering, hardware engineering, software engineering, and other supporting processes used in development and maintenance.

The O-TTPS is a set of organizational guidelines, requirements, and recommendations for component suppliers, providers, and integrators to enhance the integrity of commercial off the shelf (COTS) information and communication technology (ICT) products and the security of the global supply chain.

O-TTPS will help assure against the threat of tainted and counterfeit products.

The O-TTPS is structured by prefacing each requirement with the associated activity area described below:

Technology Development

  • Product Development/Engineering-related requirements: PD
  • Secure Development/Engineering methods: SD

Supply Chain Security

  • Supply Chain-related requirements: SC

GMS Registrar provides a comprehensive suite of services tailored for the financial sector, ensuring compliance and strategic financial management. 

Their expertise in System and Organization Controls (SOC) reports demonstrates a commitment to security and risk management, crucial for client trust. Additionally, their capabilities in Earned Value Management and Cost Estimation offer robust tools for project management and budgeting. 

The provision of DCAA Compliant Accounting Services further aligns with stringent government standards, while their proficiency in Integrated Program Management Data and Reporting (IPMDAR) supports detailed project oversight.

These series of ISO standards deal primarily with environmental management systems. It prescribes controls for those activities that have an effect on the environment. These include the use of natural resources, handling and treatment of waste and energy consumption. When your company obtains an ISO 14001 registration, you are showing that you are committed to minimizing harmful effects on the environment through its activities (i.e. production, disposal, etc.) and to continually improve your environmental performance. If you are a supplier to automotive customers or exporting product to the European and/or Asian markets, then ISO 14001 registration is especially important to you.

A worldwide standard specifically aimed at IT Service Management. It details an integrated set of management processes for the effective delivery of services to the business and its customers. The standard complements the process approach defined within ITIL from the Office of Government Commerce (OGC).

ISO/IEC 20000 consists of two parts:

  1. ISO/IEC 20000-1:2018 is the formal Specification and defines the requirements for an organization to deliver managed services of an acceptable quality for its customers.
  2. ISO/IEC 20000-2:2018 is the Code of Practice and describes the best practices for Service Management processes within the scope of ISO/IEC 20000-1. This will be of particular use to organizations preparing to be audited against ISO/IEC 20000 or planning service improvements.

GMS Registrar is a Federal Risk Authorization and Management Program (FedRAMP) accredited Third Party Assessment Organization (3PAO) providing security assessments for Cloud Service Providers.

The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.

The CMMI-SVC model provides guidance for applying CMMI best practices in a service provider organization. Best practices in the model focus on activities for providing quality services to customers and end users. CMMI-SVC integrates bodies of knowledge that are essential for a service provider.

The CMMI-SVC model is a collection of service best practices from government and industry that is generated from the CMMI Architecture and Framework. CMMI-SVC is based on the CMMI Model Foundation or CMF (i.e., model components common to all CMMI models and constellations ) and incorporates work by service organizations to adapt CMMI for use in the service industry.

More CMMI partnership information

ASME NQA-1 Certification of the quality assurance program for organizations that supply items or services that provide a safety function for nuclear facilities in conformance with the requirements of the ASME NQA-1 standard.

If you have ever considered selling to Nuclear Facilities and SMART Facilities (Small Modular Accredited Reactors Technologies) NQA-1 is the certification you will need.

The ASME NQA-1 Certification Program seeks to meet the needs of the nuclear industry by expanding the supply chain with organizations who are committed to understanding quality and providing high quality products and services.


CMMC has been created through the review and combination of various cybersecurity standards and best practices and mapped these controls and processes across several maturity levels that range from basic cyber hygiene to advanced. When the associated controls and processes are implemented they will reduce risk against a specific set of cyber threats.

GMS has the experience and understanding of assisting the 300,000 DoD contractors that span the Defense Supply Chain that will be requiring this new certification starting January 2020 when the requirements are finalized. Contact us to be prepared for this new element of acquisition to ensure your proposals, and organizations remain competive across the vairous agencies and departments of the DoD.