Why Are Companies Working With PR Agencies That Do Not Have Any Work Quality or Data Security Certifications

Written By steve gardiner

For something as commercially sensitive as corporate communications, the agency selection process is often surprisingly loose.

Particularly when these same companies apply strict standards to legal advisers, financial partners, IT providers, and cybersecurity vendors, who are expected to provide certifications on systems, controls, accountability, and risks.

Yet when it comes to PR, many still choose agencies based solely on chemistry, reputation, creative promise, or price. In 2026, that selection criterion no longer makes sense.

Managing sensitive corporate information

The modern communication agency operates at the heart of corporate risk. PR consultancies get deeply involved in messaging for the Leadership, Board and stock announcements. Strategic narratives. Crisis response. Internal communications. These are not peripheral tasks — they are the moments that define how a business is perceived, trusted, and valued.

And companies are handing that responsibility to external agencies every day. That trust carries weight. It needs to be earned. And yet many companies still work with agencies that cannot demonstrate audited quality processes or audited information security controls. That should be a very serious concern for any business.

At Lighthouse PR, we have taken a very different approach. To the best of our knowledge, Lighthouse PR is the only PR agency in Romania certified to both ISO 9001 and ISO 27001. That is not just a technical distinction. It is a meaningful operational advantage.

Operational quality and data security - two essential business requirements.

ISO 9001 matters because it means quality is not left to chance. It reflects a structured workflow, consistent delivery and a commitment to continual improvement. In practical terms, it means clients can expect work to move through a disciplined system rather than an informal chain of emails, assumptions and last-minute improvisation.

ISO 27001 matters even more in a world where confidential communication is constantly exposed to risk. It means information security is managed formally and systematically. For clients, that means greater assurance that sensitive corporate communications are handled with the seriousness they deserve.

Offering work discipline, confidentiality, and trust

Put simply, Lighthouse PR is uniquely positioned to offer both a proven workflow process for every client and the data security assurance required for confidential corporate communication.

That should not be unusual in this industry, or Romania, but it is. It appears that Lighthouse PR is unique, as it is the only ISO certified PR agency in Romania.

Which raises a fair question: why are companies still comfortable using PR agencies without this essential requirement?

Why would any business trust sensitive communication to a partner that cannot demonstrate how it protects confidential information? Why would they accept inconsistent workflows in a field where precision, timing and accountability are critical?

For too long, PR has been treated as if creativity alone were enough. It is not.

Creativity matters. Strategic thinking matters. Strong writing matters. But in modern corporate communications, so does governance, consistency, control, and security. The agency of today is not just a source of ideas. It is a trusted operator inside sensitive business territory. That requires more than talent. It requires systems.

The Lighthouse guarantee

This distinction is why Lighthouse PR’s dual certification matters so much. It gives clients a clear point of difference and a clear reason for the utmost confidence. It signals that quality is embedded in process and that data security is treated as a business-critical responsibility, not an afterthought.

In a market where many agencies still cannot offer either assurance, that is not a detail.

It is a first-mover advantage. It is a meaningful differentiator. Virtually a guarantee of work quality and security. And it is precisely the kind of standard companies should now expect as a minimum.

Because in corporate communications, trust should never depend on noble intentions alone. It should be backed by a process and protected by design.

———

About the Author

Steve Gardiner (Exec MBA) is a senior marketing and commercial leader at Lighthouse PR, bringing global experience from Accenture, Electronic Arts, Virgin Media, Telekom, and Etisalat. Latterly, as VP Business at Etisalat, he was responsible for $1.8B in revenue.

Today, Steve applies his strategic, marketing, and growth expertise to support Lighthouse PR clients as part of the agency’s service offering.

steve gardiner https://www.lighthousepr.ro
Next

Why Partnership Matters More Than Supply in Strategic Communication