ISO certification is just a money making exercise for auditors, right?
When you want to grow the business, especially when selling to the public sector or other businesses, you will begin to receive tenders that ask you 101 questions about quality, health and safety, and more than likely environmental management. They are also going to ask (possibly demand) that you are ISO certified.
Like it or not, if you want to get into the larger customers or sectors, one way or another you are going to have to answer the questions. Often, the first question will ask “are you ISO Certified for …? If yes ignore the next 20 questions”. So wouldn’t it be worthwhile becoming ISO certified?
This article is intended to give you some insight, and reassurance that, done right, it isn’t just a way for auditors to make money.
Dispelling your fears
First things first, this isn’t just a money making exercise for auditors. ISO is a not for profit organisation. It is an independent, non-governmental, international organisation with a membership of 163 national standards bodies (such as BSI from the UK).
Download our template for FREE by clicking below:
Through its members, it brings together experts to share best practice knowledge and develop voluntary, consensus-based practical International Standards that support innovation and provide guidance on how the subject in hand should be managed, such as quality, environmental impact and health & Safety.
What are ISO standards for then?
ISO management systems standards are intended to make things work, work consistently, and work well. They give specifications for products, services and, as in this case, management systems.
Leading question, who said an A4 piece of paper is the size it is? Who determined what a credit card should be like?
Yes, it’s ISO.
So why do businesses ask for ISO certification?
The answer lies above. ISO standards are acknowledged to be the gold standard for how to do things.
There are two things that ISO certification proves to a potential customer
1. You do things the ‘right way’, to a demanding level
2. Your systems and processes have been independently audited to prove they meet the requirements of the standards
The certification process is such that authorised (“UKAS accredited”) companies check your systems and processes against the standard and objectively determine if they comply or not.
And here we should say something important. Neither the standards or the auditors are telling you how to do what you do; only how you should manage things like quality or health and safety. When the auditors come, they check you are doing what you say you are doing – not an unreasonable expectation.
What are the main standards?
ISO is responsible for publishing over 22,000 standards. There are three, maybe four, that businesses are generally aware of:
- ISO 9001, quality management
- ISO 14001, environmental management
- ISO 45001, occupational health and safety (*)
We say 4, because ISO 27001, information security management, is rapidly increasing in it’s use, not least because of GDPR. The table below gives numbers of entities certified (**):
(taken from THE ISO SURVEY OF MANAGEMENT SYSTEM STANDARD CERTIFICATIONS – 2017 – EXPLANATORY NOTE, iso.org.)
(**) ISO 45001 was published in 2018. It replaces OHSAS 18001, which was a British standard used globally. No figures have been published regarding the number of certificates issued, but it is believed to be hundreds of thousands.
What do we have to do?
Each standard calls for you to comply with about 25 to 30 requirements, or clauses. None of them are unreasonable and fall into the following headings:
1. Strategic business planning
2. Providing leadership
4. Resource management
5. Operational control
6. Measuring business performance, with a view to
7. Continual improvement
Within that list, the standards call for three (yes, three) pieces of documented information – that’s not unreasonable is it?
How do we become ISO certified?
It’s a straightforward process, and if you understand the steps, and more importantly the purpose of each step, you will see they all make sense and will make the business better.
The steps are based on the simple concept of plan-Do-Check-Act [PDCA] cycle:
- PLAN: Build a system that reflects how the business works today (NOT how you want it to work, not yet at least), and meets the 25 or so requirements the standards ask of you
- DO: Run it a while. Let everyone know how things should be done (& why, people will buy in if they see it makes sense)
- CHECK: Two main steps, carry out a review (or internal audit in ISO speak), then review key management information (known as management review by ISO)
- ACT: Make changes based on the results of the reviews (hence the “NOT” above)
- CERTIFY: Find a UKAS accredited body that you can work with. There are plenty to choose from, and the best are those that work with you to not only get you certified, but continue to get the improvement benefits that will arise.
Whatever your line of business you can’t argue that any of the 7 groups of requirements above does not make sense or does not apply to your business.
Neither can you argue that to plan, do, check and act is not a sensible thing to do either. You may not want or like to do it, but you know you should!
Another important consideration is that businesses that are looking for certification are typically growing. They really do need to put some formal systems and processes in place to manage that growth, and that is exactly what ISO standards help you do.
ISO Certification is a sign of a serious business and one that cares – if you’re considering growing and developing your business then consider bringing the disciplines and procedures of ISO certification into your business in a positive way and find yourself an expert to support these steps.
Straight forward advice from Yorkshire Powerhouse
Now you’ve read our article on ISO Certification – have you any more questions?
Here at Yorkshire Powerhouse, we’re happy to help as much as possible – is there anything else we can do to help you, do you have any further questions or can we help introduce you to an expert – please let us know:
Being ISO certified, in itself, is not the important bit. The best management systems are those that are imbedded in the business’ DNA itself. Read >
ISO, the organisation responsible for ISO 9001:2015, quality management systems have openly published their seven quality principles Read >