Should I get an ISO Standard?
The benefits of ISO Standards and attaining ISO Certification
There is a vast amount that can be said here. We have tried to compartmentalise this by dividing our response into the answers of specific questions. If you feel we have missed something or want a more personalised answer, please feel free to contact us directly.
Why are you considering an ISO Standard and which one should you go for?
ISO Standards were created following World War II in order to help drive the regeneration of world trade at that time. The values espoused then are still valid today because at all times (the ISO standards have been regularly updated since their inception) the process behind each ISO Standard’s creation is to take globally accepted best practice and combine it within the wording. Thus each ISO Standard represents the epitome of the latest management best-practice – literally “standing on the shoulders of giants” to ensure that any organisation using an ISO Standard, is doing so with the most optimal and up-to-date approach to improving your organisation’s operations and results.
At many points in the life of an organisation there are times when the existing method of operation has to make a change to allow growth to take place. Eg when a micro company (with a few staff led by a tight team of 1-3 people who make all the decisions) wants to move to a small company (where key managers focus on key areas in support of one another under the guidance of 1 or more senior managers/board): in this instance the delegation of responsibilities, decision making and control switch from one mode to the next. This is difficult to achieve without better and clearer controls that the staff can take on board and reference during the changeover process. It is also a time when the danger of losing cohesion during the scale change can cause the organisation to revert to its smaller state.
Other typical “change points” might be the advent of new legislation, a new boss, a dramatic shift in the market or any one of many impacts on the organisation requiring a reaction that not just compensates, but develops the organisation in such a way as to benefit from such change.
There are some industry sectors, most notably automotive or aviation, where this is regularly the case. Often would-be suppliers can get OEM attention to trial components – but the big orders then come with the proviso that the pertinent ISO standard is a requirement. This feeds directly into their own control processes – if they cannot be certain that their suppliers provide quality inputs into their own process, they, in turn cannot produce quality outputs. If such a lapse results in customer accidents or deaths, then things rapidly become unstuck – hence their insistence.
Other industrial sectors to be considered are the medical device world where the relevant ISO standard feeds directly into the CE marking required to market into the EU ensuring that the ISO 13485 Medical Devices standard is a regular industry sector candidate. Also the ISO 17025 Laboratory Competence standard kicks in with test laboratories and acoustic/vibration testing fields.
Back in 2015, the UK Government decreed that it wanted more SMEs tendering to government and local authority and other public service contracts. The issue was how were these public bodies supposed to assess which of the many organisations stepping forward would be best for them. One parameter added into the mix was the inclusion of ISO standards within the “nice to have” section of the tender’s requirements. The result of the shift to SMEs competing raised the number of applications exponentially. The public service employee tasked with wading through the mass submissions was faced with hundreds of documents and no time (and probably less inclination) so the logical “knife” sliced out only those that had ISO standards made the cut to the next level. As a result, the de facto result was that public service tenders often “required” an ISO Standard certification.
So, does this mean that having an ISO Standard means that you will get the tender? No – of course not! It is not the certification that matters here – it is the operation of the procedures that the certification represents. Thus those organisations that got the ISO Standard simply to get through that aspect of the tender, did not get the work as they had not taken on board the requirements and actions necessary to glean the benefits of having the ISO Standard – which is what the tender was after in the first place: reliability, efficiency, cost-effectiveness, timely, consistent and constantly improving service.
So while an ISO Standard is often a requirement to be met if you wish to be a serious contender in the public sector tendering market, it is one to take seriously and take on for other reasons as well as gaining the tender – otherwise, experience shows it is a waste of time as it will not be followed up and utilised properly and so will fail on all levels: no tender success as well as no benefits from the ISO Standard directly.
One approach that uses ISO Standards is to use it as a levelling of playing fields when dealing with multitudinous operating systems that need to talk to each other, be analysed comparatively, interact operationally and evolve to become more efficient in conjunction one with the other. An example might be when 2 (or more) organisations merge. Their different systems need to be combined to optimise the savings that were, no doubt, promised as one of the benefits of the merger – while at the same time institutional knowledge and expertise must not be lost but combined to evolve the enhanced offering (probably another of the merger promises). Thus, one ISO System is introduced that all departments have to operate within. The discussions required to develop such systems allow previous organisational differences to be dissected for optimisation while allowing people to attribute the process to the development of the ISO system, rather than allow it to become a battle to preserve their previous identity. The result ought to be an amalgamation that everyone supports and can buy into rather than a disastrous rift between different sections of the newly combined organisation.
These are the benefits accruing because of changes to the internal structure of the organisation so that it operates more effectively, more efficiently, more cost effectively, with continuous improvement and high levels of training for all its operatives. All these improvements will generate a lower cost base ensuring that the organisation is able to operate with fewer resources yet be able to compete with the strongest in its field.
These benefits derive directly from the new capability of the organisation now that it has the ISO Standard in place. Its cost base lowered and its resource use lessened, ensuring that additional products in range, variation and volume can be offered to wider markets. The ISO Standard holder can be sure of meeting other qualifying levels – whether of other such schemes or specific to individual companies – so allowing new markets to be accessed. In short, it allows the markets available to the organisation to be expanded if not multiplied. In combination with the reduced cost base inferred by the internal benefits above, this yields a rare and powerful offering.
This relates to the fact that the ISO Standard is a third-party assessed, globally recognised certification. This means that gaining the ISO Standard allows that organisation to “boast” about having it, and using it not only as an internal device to improve ROI, nor just as a market expanding device to enhance its returns, it can use this as a way to raise publicity and fight off competition by demonstrably being better than others.
In truth, any ISO Standard generates all three areas of benefits detailed above – and it is the combination of the three that make for such a dramatic change in fortunes for the organisation that takes its ISO Standards seriously.
Many studies have been carried out on these very questions. ISO Standards have been around for decades. Over 1.6 million organisations around the globe have ISO certification. There have also been studies of the studies – so called Meta Studies – one of which reviewed over 42 separate pieces of research looking for commonalities and comparisons between them. It found that there was clear evidence that organisations that had ISO Standards and which took those standards seriously had clearly benefitted and in some cases to the extent that they were the best in their niche market. So the short answer to these questions is “Yes”.
“(Reference: ‘Does ISO 9001 pay? Analysis of 42 Studies.’ Manders and de Vries, 2012)”
Which ISO Standard should I go for?
There are two distinct types of ISO Standard – the generic (applicable to all organisations) and the industry sector specific (applicable to individual industry sectors only).
The generic ISO Standards include ISO 9001 Quality, ISO 14001 Environment and ISO 45001 Health & Safety. There are other candidates potentially, such as ISO 27001 Data Security or ISO 22301 Business Continuity which could probably also be regarded as generic albeit not nearly so many have them. Click on the links to learn more about each standard.
The key ISO related industry sectors are covered by the following standards: AS9100 series Aerospace, Defence and Space; IATF 16949 Automotive; ISO 17025 Laboratory Competence; ISO 13485 Medical Devices and ISO 15189 Medical Laboratory Competence. There are other such standards, but these are far less common than the ones listed here – if you want to find out more about other industry sectors, please contact us.
The process of gaining ISO Certification (or ISO Accreditation for ISO 17025 Laboratory Comeptence or ISO 15159 Medical Laboratory Competence) can be divided into two stages: Stage 1 involves designing, creating and installing the written systems, templates, procedures and records structures. This is completed when the assessors have reviewed the systems etc as written and confirmed they are in conformance with the requirements of the relevant ISO Standard.
Once Stage 1 has been passed, the organisation commences to use the systems and procedures ensuring records are completed, tasks undertaken, meetings and audits carried out etc. Some or all of these may already be happening, but during this second stage, there can be no varying from the processes and procedures without either defining this as a non-conformance and/or changing the procedures to ensure that what is being done is now defined as the formal way forwards. Once sufficient time has passed for the records to have built up, the assessors return for the Stage 2 review – this covers ensuring that the system as operated still conforms with the requirements of the relevant ISO Standard.
Once you have passed the Stage 2 assessment, you gain your certification/accreditation (it varies according to which ISO Standard you are aiming at).
It rather depends how much work is involved in running your own operations. This is not being flippant, but a recognition that if the procedures are designed correctly, they will reflect what the organisation already does on a day to day basis for the vast majority of activities. There will be variances – relating to where the ISO Standard requires something more or different from what has previously been done. This is normally a reflection of either the standard being based on a more up to date approach to carrying out such a task, or where an additional feature is asked so that tracking and monitoring, that may not previously have been carried out, is now possible. To be clear, if the ISO Standards did not require something more than before, people would be asking what the point of them was!
The normal areas of difference relate to:
- Document Controls (ensuring that formal documents are maintained, stored and changed only with authorisation and review procedures),
- Internal Audits (ensuring that the procedures are checked to be operating according to the stated approach in the systems – whether by the organisation’s own staff or using external consultants), and the
- Management Reviews (carried out on all documentation pertaining to the relevant ISO Standard to ensure that evolutions, changes, feedback and audit reports can be fed into the updates on the systems alongside new Board requirements, changes in legislation/equipment/personnel or whatever).
So while there will be additional effort in relation to these areas, most of the additional work will ultimately relate to the extra work gained from improving the sales given the reduced cost base, enhanced skillsets, more efficient processes etc brought on by the ISO Standard itself.
This is one of those “how long is a piece of string?” type questions. It depends on, among other considerations:
- the scope to be covered by the processes,
- the number of ISO Standards being installed,
- the number of personnel and sites who will use the systems,
- the way the systems are installed (paper v virtual systems, cloud v server, manual activities v automated activities etc),
- the level of authorisation and review required at each stage,
- the choice of assessor (they vary in cost considerably),
- the timeframe for installation,
- the type of standard chosen (some of the industry sector ones have few consultants in their field so they tend to be very busy and/or more expensive) and
- how much the organisation wants to carry out itself v the amount it wants to use a consultant specialist (and the latter may well be cheaper than the former – albeit the former is often covered under the existing wage bill).
“One thing can be made clear – one of the reasons some assessors are more expensive than others is that some assessors are fully accredited under the ISO process (in the UK this usually means under the UK Accreditation Service (UKAS) which has been appointed for this task by the international ISO organisation. Other assessors are not accredited in this way. They may be accredited, but through other organisations (often set up by them themselves) which means they are officially outside the formal ISO structure. This is not illegal, but it is always cheaper as they do not have to pay ISO to operate within the ISO structure as other assessors do. These other assessors may charge a tenth of the amount that the ISO structured assessors charge. They may also offer both consultancy and assessment (it is forbidden to undertake both roles under the ISO structure). Sometimes they apparently ask customers to commit to up to 10 years of payments – which seems a great deal of commitment at the beginning of such a project. Finally, you should know that if your certification is from one of these other assessors, then it is not transferable to an ISO assessor – whereas all ISO structured assessors’ certificates are transferable between each other (ie you can change assessors more or less when you wish).”
The simplest of organisations (1 site, <5 people, 1 area of scope, 1 simple generic standard, utilising good existing systems with well-informed staff) might require 5-8 days of consultant time. A complex organisation (multiple sites, large staff numbers, multiple scopes, multiple standards, complex industrial standards, based on archaic practices with staff who don’t want to know) might require over 100 days of consultant time.
The day costs will depend on the standard concerned, the availability and rarity of the consultant skills, the distances to be travelled, the timeframe to be completed etc.
All of these factors can be determined before the project is kicked off meaning we can give a full formal proposal (not an estimate) for most projects before any commitment is asked for. Sometimes, especially when in more complex scenarios, there may be a need for a GAP analysis piece of work to be undertaken before such proposals can be made. Contact us for more information.
“Your experience in the aerospace industry proved very useful and made a significant contribution to our efforts to achieve certification.”
– AirTanker Services Ltd
Meet a Qualitator