Book a Call

What are ISO Standards

ISO’s are a set of internationally recognised standards that show that a company, or organisation, has both the will and the wherewithal to create, maintain and improve their systems. ISO standards are useful to show your dedication attaining and maintaining standards detailed within each standards. 

There are 5 main standards that focus on key areas, although there are common themes running throughout all the standards. Some documentation that is required for one may be re-usable for all of the 5 standards listed below. 

Another common theme is the ability to continuously improve your systems to help maintain your certification. What this really means is, you cannot rest on your laurels once you have achieved the certification of choice. There is an ongoing programme required to review what is in place, measure that against the requirements (which can be tricky as the standards do change) and make improvements from where you are. 

All the certifications mentioned below take time to attain and maintain. This includes management time as part of your proof for performance review is a regular management level meeting.

ISO 9001

ISO 9001 is recognised as the Quality standard. This means you have to have policies and procedures in place to make sure you follow not just the standard, but all the legal responsibilities you have. These will differ, in detail, depending what industry you are in and how many staff you have (e.g. a requirement to fully comply with HSE legislation once you have 6 or more staff). 

You will need to show you have considered each clause within the standard (some of which do overlap) in order to attain a certification. You will also need to prove to an auditor that you have got a system in place to maintain the processes that ensure you can retain your certification. 

If you say you have a related certification, you will need to provide evidence that it is current and audited externally – where that is required.

ISO 14001

ISO 14001 is recognised as the Environmental standard. This means you have to have policies and procedures in place to make sure you follow not just the standard, but all the legal responsibilities you have. These will differ, in detail, depending what industry you are in and how many staff you have (the ability to prove appropriate waste management strategies for your business). 

You will need to show you have considered each clause within the standard (some of which do overlap) in order to attain a certification. You will also need to prove to an auditor that you have got a system in place to maintain the processes that ensure you can retain your certification.

If you say you have a related certification, you will need to provide evidence that it is current and audited externally – where that is required.

ISO 27001

ISO 27001 is recognised as the Information Security standard. This means you have to have policies and procedures in place to make sure you follow not just the standard, but all the legal responsibilities you have. These will differ, in detail, depending what industry you are in and how many staff you have (the ability to prove appropriate IT strategies for your business). 

You will need to show you have considered each clause within the standard (some of which do overlap) in order to attain a certification. You will also need to prove to an auditor that you have got a system in place to maintain the processes that ensure you can retain your certification. You will also have to prove your systems are adequately protected through penetration testing and the use of data encryption and Mult Factor Authentication (MFA). 

If you say you have a related certification, you will need to provide evidence that it is current and audited externally – where that is required.

ISO 45001

ISO 45001 is recognised as the Health & Safety standard (it replaces ISO 18001). This means you have to have policies and procedures in place to make sure you follow not just the standard, but all the legal responsibilities you have. These will differ, in detail, depending what industry you are in and how many staff you have (consideration for the safety of all those that are impacted through the products and/or services you provide). 

You will need to show you have considered each clause within the standard (some of which do overlap) in order to attain a certification. You will also need to prove to an auditor that you have got a system in place to maintain the processes that ensure you can retain your certification. 

If you say you have a related certification, you will need to provide evidence that it is current and audited externally – where that is required.

ISO 22301

ISO 22301 is recognised as the Business Continuity standard. This means you have to have policies and procedures in place to make sure you follow not just the standard, but all the legal responsibilities you have. These will differ, in detail, depending what industry you are in and how many staff you have (e.g. a requirement to provide evidence that you have considered loss of premises, or a particular skill or person). 

You will need to show you have considered each clause within the standard (some of which do overlap) in order to attain a certification. You will also need to prove to an auditor that you have got a system in place to maintain the processes that ensure you can retain your certification. 

Testing how you ensure your systems can cope in emergency situations is a key output. If you work on a server located in your building, a loss of the building can detrimentally impact your ability to operate.

If you say you have a related certification, you will need to provide evidence that it is current and audited externally – where that is required.

Common Themes

There are 10 sections within each standard, and you will need to show that you have evidence that you comply with each section. That will include any industry specific rules that apply to your business. Evidence is your friend when attaining, or maintaining, an ISO certification. Make sure you retain proof of your actions, including evidence of communication with interested parties

 

If you haven’t got a certification yet you will need to prepare for a Stage 1 preliminary review by an external auditor, then a Stage 2 review. The length of time between these two reviews depends on how many things need to be improved, in the view of the external auditor.

 

You will need to satisfy an auditor that your programme is continuous and that you have been reviewing the company’s performance. All of the standards take time to support, but they can be vital to attaining, or maintaining, larger contracts.

 

Improvement processes are considered to be followed correctly when it is shown that the Demming Cycle (commonly referred to as Plan – Do – Check – Act, or PDCA) dominates your improvement planning.

Gaining ISO certifications are not the only forms of certification that may be applicable to your business but talk to us about what else you might need.

Other certifications, like the ISOs, require training as a part of the package to support the communication of knowledge throughout the organisation.

There is a lot of information in here, however, please look through the other blogs here: https://eyebray.com/blog/ . Any other information you want may well have been provided already. As with this blog, some of what I provide is very detailed. 

We would be pleased to answer your enquiry through email at enquiries@eyebray.com, by calling 0743211611, or by using https://meetings.hubspot.com/eyebrayltd to see when I am free.