ISO certification is just a money making exercise for auditors, right?

Editors Note: Expert content needs an expert content writer and Yorkshire Powerhouse is pleased to publish this business advice article on being ISO Certified, kindly written by a real expert in his field – Roger Etchells from Episode Consultants Ltd.

Please Contact Roger for any aspect of ISO Certification, Quality Management, Environmental or Health & Safety systems – click on the advert links above or below – please mention Yorkshire Powerhouse when you make contact.

When you want to grow the business, especially when selling to the public sector or other businesses, you will begin to receive tenders that ask you 101 questions about quality, health and safety, and more than likely environmental management. They are also going to ask (possibly demand) that you are ISO certified.

Like it or not, if you want to get into the larger customers or sectors, one way or another you are going to have to answer the questions. Often, the first question will ask “are you ISO Certified for …? If yes ignore the next 20 questions”. So wouldn’t it be worthwhile becoming ISO certified?

This article is intended to give you some insight, and reassurance that, done right, it isn’t just a way for auditors to make money.

Dispelling your fears

First things first, this isn’t just a money making exercise for auditors. ISO is a not for profit organisation. It is an independent, non-governmental, international organisation with a membership of 163 national standards bodies (such as BSI from the UK).

Through its members, it brings together experts to share best practice knowledge and develop voluntary, consensus-based practical International Standards that support innovation and provide guidance on how the subject in hand should be managed, such as quality, environmental impact and health & Safety.

What are ISO standards for then?

ISO management systems standards are intended to make things work, work consistently, and work well. They give specifications for products, services and, as in this case, management systems.

Leading question, who said an A4 piece of paper is the size it is? Who determined what a credit card should be like?

Yes, it’s ISO.

So why do businesses ask for ISO certification?

The answer lies above. ISO standards are acknowledged to be the gold standard for how to do things.

There are two things that ISO certification proves to a potential customer

1. You do things the ‘right way’, to a demanding level

2.  Your systems and processes have been independently audited to prove they meet the requirements of the standards

The certification process is such that authorised (“UKAS accredited”) companies check your systems and processes against the standard and objectively determine if they comply or not.

And here we should say something important. Neither the standards or the auditors  are telling you how to do what you do; only how you should manage things like quality or health and safety. When the auditors come, they check you are doing what you say you are doing – not an unreasonable expectation.

What are the main standards?

ISO is responsible for publishing over 22,000 standards. There are three, maybe four, that businesses are generally aware of:

• ISO 9001, quality management
• ISO 14001, environmental management
• ISO 45001, occupational health and safety (*)

We say 4, because ISO 27001, information security management, is rapidly increasing in it’s use, not least because of GDPR. The table below gives numbers of entities certified (**):

(taken from THE ISO SURVEY OF MANAGEMENT SYSTEM STANDARD CERTIFICATIONS – 2017 – EXPLANATORY NOTE, iso.org.)

(**) ISO 45001 was published in 2018. It replaces OHSAS 18001, which was a British standard used globally. No figures have been published regarding the number of certificates issued, but it is believed to be hundreds of thousands.

What do we have to do?

Each standard calls for you to comply with about 25 to 30 requirements, or clauses. None of them are unreasonable and fall into the following headings:

1. Strategic business planning
2. Providing leadership
3. Planning
4. Resource management
5. Operational control
6. Measuring business performance, with a view to
7. Continual improvement

Within that list, the standards call for three (yes, three) pieces of documented information – that’s not unreasonable is it?

How do we become ISO certified?

It’s a straightforward process, and if you understand the steps, and more importantly the purpose of each step, you will see they all make sense and will make the business better.

The steps are based on the simple concept of plan-Do-Check-Act [PDCA] cycle:

• PLAN: Build a system that reflects how the business works today (NOT how you want it to work, not yet at least), and meets the 25 or so requirements the standards ask of you
• DO: Run it a while. Let everyone know how things should be done (& why, people will buy in if they see it makes sense)
• CHECK: Two main steps, carry out a review (or internal audit in ISO speak), then review key management information (known as management review by ISO)
• ACT: Make changes based on the results of the reviews (hence the “NOT” above)
• CERTIFY: Find a UKAS accredited body that you can work with. There are plenty to choose from, and the best are those that work with you to not only get you certified, but continue to get the improvement benefits that will arise.

Some conclusions

Whatever your line of business you can’t argue that any of the 7 groups of requirements above does not make sense or does not apply to your business.

Neither can you argue that to plan, do, check and act is not a sensible thing to do either. You may not want or like to do it, but you know you should!

Another important consideration is that businesses that are looking for certification are typically growing. They really do need to put some formal systems and processes in place to manage that growth, and that is exactly what ISO standards help you do.

ISO Certification is a sign of a serious business and one that cares – if you’re considering growing and developing your business then consider bringing the disciplines and procedures of ISO certification into your business in a positive way and find yourself an expert to support these steps.

Straight forward advice from Yorkshire Powerhouse

Have you any questions?

Here at Yorkshire Powerhouse, we’re happy to help as much as possible – is there anything else we can do to help you, do you have any further questions or can we help introduce you to an expert – please let us know: