You may have heard about ISO standards or seen companies displaying their certification on documentation, products, or vehicles.
- But what are they?
- What do they mean?
- Are they required?
In this article, we will give you insight into what they are all about and give you the information you need to decide for yourself.
Who or What is ISO?
The International Organisation for Standardisation (ISO) is an organisation established in 1946 with 25 Civil Engineers to obtain consensus across different countries in Europe to have a consistent set of specifications for a given subject matter.
Contrary to popular belief, ‘ISO’ is not a pure acronym. According to ISO themselves:
“Because ‘International Organization for Standardization’ would have different acronyms in different languages (IOS in English, OIN in French for Organisation Internationale de normalisation), our founders decided to give it the short form ISO. ISO is derived from the Greek ‘isos’, meaning equal. Whatever the country, whatever the language, we are always ISO.”
How is ISO relevant today?
Today, ISO has moved on from its Civil Engineering roots. It currently has almost 30,000 different standards covering everything from Quality; Health and Safety; Pharmaceuticals; Information security, and manufacturing standards, to name but a few. ISO are behind the ability for us to order a credit card and use it in any card reader in the UK, France, Spain, or to purchase a car seat in Italy that fits any vehicle in France.
The most instantly recognised piece of standardisation is the humble shipping container. Whilst not developed by ISO, it was adopted in 1968 as their ‘Standard Box’. For the first time, this enabled vehicle manufacturers, shipbuilders and handling agents to have one set of common dimensions.
We do not manufacture; does that mean ISO is not relevant for us?
No. With such an array of different standards available, there will be a standard to cover a wide variety of requirements. These are the more general standards that will fit with most organisations:
- ISO 9001 Quality Management
- ISO 14001 Environmental Management
- ISO 45001 Health and Safety
- ISO 27001 Information Security
- ISO 44001 Collaborative working
- ISO 31000 Risk Management
- ISO 50001 Energy Management
Is having an ISO certification mandatory?
No. There is no legal requirement to have an ISO certification. That said, in some industries, customers may not work with a supplier that does not hold a certification, as they have no frame of reference to be able to trust the outputs the supplier produces.
Who is ISO suitable for?
There is time and effort required to obtain a certification, along with the cost of the certification itself and ongoing maintenance. Unless there is a specific industry or contractual reason, organisations under 15 staff would not ordinarily go through certification. There is, however, benefit to any organisation to work to the principles of the standard.
What does working with an organisation that has an ISO Standard mean?
Organisations with an ISO certification work to a prescribed set of requirements. They will have processes, procedures and policies that will create an environment to produce a consistent set of outputs and have mechanisms to deal with issues where those outputs are not expected. The Standard is a framework advising on what an organisation should have in place, but it does not advise how to achieve that outcome.
Compliance with the standard is independently audited and certification awarded only if all criteria have been complied with. This gives companies confidence when purchasing products or services from an organisation with one of these certifications that they have considered and comply with all requirements. This allows for fair comparisons between suppliers that have the same accreditation.
Organisations may feel they have an advantage when competing for work over other suppliers that are not certified because of the confidence in their products and services that ISO can demonstrate.
ISO sounds great. Can I buy a certification?
This question has caused great debate and has some polarised viewpoints. There are providers out there that will offer software packages that claim to give you everything you need in a box and certification in the fastest time possible.
Beware of companies that are awarding ISO certifications. UKAS (United Kingdom Accreditation Service) are the only recognised awarding body in the UK. Certification bodies must be registered with UKAS. If they do not show the UK tick mark in their logo, they are not recognised.
Having an ISO certification should not be seen as a tick in the box or certificate on a wall. It should be seen as a tool to help your organisation produce better services to your customers and become a vehicle for growth.
The best organisations with certifications are great companies first, and almost as a side note, have certification second. It is a validation that you have good controls and understands how your organisation works.
To gain certification, not only do you need to have your processes, procedures and policies defined, but they need to be relevant to your organisation and the way you work.
If I can’t just buy a certification, what is involved in getting set up?
For a successful ISO implementation, regardless of the standard you are looking to achieve, you need to consider the following:
- Motivation and ownership – to have a successful implementation, it must be driven from the top – right up to the CEO. There needs to be ownership and accountability for getting tasks done. It should be a standing topic on the agenda of the Senior Leadership Team regular meetings.
- Time – you will need to allocate appropriate resource to the set-up, certification and maintenance of your processes and procedures. For an organisation with no formal documentation, the project will need to be broken down into phases. Most implementations will not have a dedicated resource allocated to them and will have to schedule around existing day-to-day tasks. Having a project plan and milestones set will break the project into manageable actions.
- Storage of information – The management of documents and records is an essential aspect of a good company setup. Consistency is key. Knowing where to find documented information and if it is up to date will help any business become more efficient with less time searching and more time finding. You may wish to look at using a specific set of tools to manage your processes and procedure, along with a formal document management system or CRM (Customer Relationship Management) tool.
What does certification cost?
This is the eternal question of how long a piece of string is. It depends on the organisation’s size and the scope of the certification to be obtained. If you are looking at multiple certifications, ISO has now started to bring their own clauses into symmetry, meaning if you comply with one clause from ISO 9001 for 10.3 Continual improvements, this same clause will appear in 14001 and 45001, but broadly speaking, you need to consider the following categories:
- Staff or consultancy costs to
- Conduct a gap analysis of the materials you already have in place and if they are suitable for use in an ISO environment.
- Create or update materials required.
- Brief and train staff if new ways of working are to be implemented.
- Ongoing auditing of processes and procedures
- Software costs to:
- Manage processes, procedures, and policies.
- Manage documents and records.
- Certification costs:
- Initial full certification audit
- Maintenance or ‘surveillance’ audits
Getting ready for ISO
To help you get ready for ISO, you will find the following resources helpful:
- Please find out more about the individual popular standards by reading our article ‘Understanding ISO Standards’
- Use our project readiness checklist.
The next steps
Still unsure where to start, our Consultants can provide you with guidance or full implementation support services for selected standards.
If you feel ISO is not right for you but would like to control your processes better, we can support you with facilitated workshops that will reveal the processes, leaving you with a clear set of process maps to support your business.
If you would like to discuss ISO or processes further, please complete our Contact Form.