What is an ISO Certification
An ISO Certification helps your business stand out from the crowd as they prove that your business has been reviewed externally and met the criteria required in the view of that external auditor. All ISO’s are internationally recognised, so they can be important to those seeking international, or public sector contracts.
Every ISO Certification requires the holder to prove they have policies, procedures and examples of them being followed, that meet the requirement of the standard being sought. The most popular ones are: ISO 9001, ISO 14001, ISO 45001, ISO 27001 with ISO 22301 becoming more popular.
Each of the above standards has a core set of requirements to try and ensure the management of the company are fully behind the ideals of the standards. The peripheral sections concentrate on the ability of the company to demonstrate practical adherence to each standard and the communication required to obtain support throughout the company.
The ISO audit process is based on a three year cycle. Year one is a full review, with years two and three being interim reviews. What those interim reviews are based upon will be based on your history and evidence from other audits undertaken by your reviewing body. You never know exactly what the external auditor will want to look at in detail until a couple of weeks before the review. Being prepared is everything!
How Should an ISO Certification Process Start
Step 1 Assessment – Identifying Gaps
Any good process begins with an initial assessment that helps identify where your existing processes are definitely not up to speed and highlights the areas in need of improvement. This will highlight what needs to be done.
Step 2 Planning – In-Depth Review
Following the initial assessment, we work with you to implement the right policies, procedures, communication methods, and other practices for your organisation. Once you’re ready, we will arrange a Stage 1 review with your chosen external auditing organisation.
Step 3 First External Review
Your first external review is called a Stage 1 review and it consists of an external auditor reviewing a subset of your important documentation, and proof that you follow your procedures and have credible communication processes in place.
The result of your Stage 1 review will dictate what happens next. If you fail it completely you will be invited to reapply for another Stage 1 review within a given timescale. If you pass you will be asked to prepare for your next external review, a Stage 2 review. How well you did will depend on when they recommend you arrange the Stage 2 review for. If you did brilliantly, they will suggest you ask a day as quickly as possible, where as there could be a recommendation to arrange a review for three, or even six, months depending on the number and/or seriousness of issues found.
Step 4 Second External Review
Based on your Stage 1 assessment, we will help to create a unique and detailed roadmap for achieving the compliance certificate you desire for your organisation. We can either project manage that roadmap, or be involved and “get our hands dirty” helping you arrange the documentary requirements to secure your certification.
Step 5 Onward Maintenance
As one of the prime drivers for any ISO standard is continual improvement, any company must be able to demonstrate how they assure this happens. There is no magic formula for this as each company is relatively individual. There are common threads, which we understand and can help you create streamlined, and practical, ways to doing this.
ISO 9001
ISO 9001 is known as the Quality Management Standard. This isn’t particularly in relation to the quality of the “widgets” you may manufacture, but how the company defines quality, how it maintains quality and how it intends to improve its standard of quality.
The most recognisable benefits from attaining ISO 9001 are: Increased Customer Confidence, Effective Complaint Resolution, Process Improvement and Ongoing Optimisation.
The seven principles that are considered to underpin the ISO 9001 standard are: Customer Focus, Leadership, Engagement of People, Process Approach, Improvement, Evidence-Based Decision Making, and Relationship Management.
The one document that most of the rest of the documentation relies upon is the Quality Management System. This would be the main document an external auditor would examine and weaknesses in this document would alert them of potential weaknesses elsewhere in the organisation.
ISO 14001
ISO 9001 is known as the Environmental Management Standard. While the technical elements of this Standard will be concentrated on the effects of the activities of a company on their surroundings, the root still relies on management’s desire and direction.
The environment includes fauna, flora and us, so there is a correlation between detrimental impact on animals, plant and water courses, and things that impact us. Health and Safety is not purely physical, there are the mental aspects to bear in mind too.
The most recognisable benefits from attaining ISO 14001 are: Creating an Environmental Policy, Planning Sustainably, Considered Implementation, Environmentally based checking and corrective action, and Management Reviews of how effective the sustainability plans are.
The one document that most of the rest of the documentation relies upon is the Environmental Management System. This would be the main document an external auditor would examine and weaknesses in this document would alert them of potential weaknesses elsewhere in the organisation.
Many people think that ISO 14001 revolves around three words, Reduce, Re-use and Recycle. They do play a big part in choosing appropriate strategies to deliver a great Environmental Management System, but you would be falling far short of requirements if you included nothing else. You also need to consider the effects of your activities on your neighbourhood and of how they may affect climate control. This isn’t just about scoring points it encompasses how you control the effects on your community, both the business and residential community, too.
ISO 27001
ISO 27001 is known as the information security standard and encompasses things like data protection, internal system security and exposure to cyber threats. There are standards that should be maintained within the business so that the ability to achieve this standard is easier to achieve.
The one document that most of the rest of the documentation relies upon is the Information Management System. This would be the main document an external auditor would examine and weaknesses in this document would alert them of potential weaknesses elsewhere in the organisation.
Key thoughts should be around how easy your systems can be accessed by unauthorised users, users having the ability to access personal systems on work devices and providing company systems for all systems access.
To follow the standard, you will also need to show that there is a common theme pertaining to how users are created and how external parties use your data (including people like your accountant, especially is they have full access to your accounting records and operate your company payroll on your behalf).
Confidentiality needs to be another of your primary thoughts when attempting to attain and maintain this standard.
ISO 45001
ISO 45001 is known as the health and safety standard and encompasses things like reducing the impacts of how you do things for your staff, the handling of risks, following rules set through laws, maintaining constant communication, smoother operations and (in many cases) reduced costs. There are protocols that should be actively maintained within the business so that the ability to achieve, and maintain, this standard is easier.
The one document that most of the rest of the documentation relies upon is the Health & Safety Management System. This would be the main document an external auditor would examine and weaknesses in this document would alert them of potential weaknesses elsewhere in the organisation.
Let’s face it, health and safety legislation is a minefield. Anything that helps us to understand the consequences of our actions has to be a good thing. This is where the ISO 45001 helps as it crystalises how you can prepare for, and communicate how to react to, most situations.
Most things get worse when we do nothing about them. The same is true here and not knowing how to resolve a health and safety related issue can leave you in very hot water.
ISO 22301
ISO 22301 is known as the continuity plan standard and helps to bring together the important things to be realised and planned for in case an emergency situation emerges. Covid-19 happening in 2020 reminds us how unforeseen the impacts of these events can be. Some things are important to bear in mind so that the business can keep on operating, even at a minimal level, until the situation is resolved.
As with the other certifications, the one document that most of the rest of the documentation relies upon is the accompanying management system. This would be the main document an external auditor would examine and weaknesses in this document would alert them of potential weaknesses elsewhere in the organisation.
While attaining your ISO 22301 qualification you will need to analyse where your business is currently at, where it is exposed to common causes of disruption, and what needs to be put in place to minimise the impact should something unexpected happen. You will not be able to cover every conceivable situation, but having a plan means most of the work has already been done and small adaptations for a truly unexpected situation are a lot easier.
Your analysis will also identify the key risks to your business, especially when understanding how to comply with existing undertakings. This will enable the creation of a business continuity plan will be both practical and meaningful for your business. You may need to identify limitations of what can be done to support customers while an emergency exists in your business. You may want to ask what is in your customers business continuity plan too.
Summary
Any qualification, including an ISO certification, can be a great way to publicise what you believe, what you know, and your dedication to those around you. This can be a great way to promote the trustworthiness of your business and help it to rise above your competitors.
This is one of a number of dedicated pages that highlights various aspects of how standards can be a real benefit to your business, Visit here https://eyebray.com/standards/ to find out more.