Case Studies
Adding ISO standards to an existing system

At one time getting an ISO 9000 Certificate made you stand out from the crowd and satisfied most customers. But business has moved on, legislation and customer’s demands have changed and now multiple approvals are often necessary – but they can be expensive.

ISO standards overlap, so if you need to gain approval against a new standard you need to make sure that the design of the system takes advantage of that overlap, and that the new system doesn’t repeat those elements already covered in the original system. Certification bodies also need to be “managed” to make sure that the cost benefits of dual approvals are maximised.

We have managed and designed many Integrated and Dual Approval Systems, including coordinating with the certification bodies to ensure you get the best overall deal. The companies below have benefitted from using us to bring their systems together, so why not contact us and see how we can help you. These companies did, and already have their multiple approvals in place.

Biowood Recycling

ISO 9001, Quality Management

What was the key driver in seeking ISO Certification?

We work closely with a major multi-national and are aware that their other suppliers hold ISO Certification. We needed it to safeguard our competitive edge. Also, as a marketing tool, it’s powerful – it shows that we operate up to an internationally agreed standard, a vital differentiator in our industry, recycling, where compliance is not optional.

Why didn’t you attempt to do the work in-house and via readily-obtainable templates?

We already held ISO 9001, but the quality management system was becoming increasingly less-relevant to our daily operations. My key area of focus is compliance and as recycling activities are closely-regulated by The Environment Agency, this was an area where we needed the help of an experienced professional. It was time to make a fresh start, building on what we had, but creating something bespoke to our daily business activities. This couldn’t be achieved by filling in a few generic templates.

What was the biggest challenge to you and your team during the process?

As I mentioned, we already held ISO 9001. However, the key challenge was taking the best bits from that and transforming something generic to a genuinely bespoke system that was accessible and encouraged buy-in (hence compliance!). This was going to be an interesting experience! The old system had been neglected, had a puzzling structure and had not reflected the changes in our business. It was clearly generic and didn’t address how we worked. Furthermore, it was packed full of jargon and needed translating from consultant-speak into laypersons terms. Thereby providing a system that all could understand and use. Colin Brown of ISO Consultants was able to make the difficult and remote, simple and accessible.

What surprised you the most about the whole experience?

Continuing from what I’ve said just said, it was a delight to find how the standard and its needs could be simplified, but without compromising its effectiveness! Colin Brown was skilled at translation and application, along with being very patient with us!

How did the actual audit process go? How did Colin help?

It was a two-day process, but relatively uneventful, as the Quality Management System had been designed carefully. The assessor looked quite deeply into our business, but only a couple of minor changes were required to achieve certification.

How has certification improved your real-life day-to-day business activities?

It has added a structure and accessibility to our previous good practice. For example, as part of the QMS, I’m currently involved with an audit of both customer and suppliers in respect of their required accreditations. This has created a database within the company which is proving extremely useful, as well as ensuring compliance with the Environment Agency requirements. Furthermore, it’s strengthened not only customer relations but our own status and credibility in the market.

Worktribe

ISO 27001 – Information Security Management

Worktribe create and support software, described as “Agile, modern management tools for Universities” They had contemplated ISO 27001 approval for a number of years. “We were broadly compliant, but had an increasing number of customers and potential customers asking us about it” said Director Matt Eris.

Many companies attempt to gain certification via use of downloaded templates, and ISO Consultants often come to their rescue when things go wrong.

In the case of Worktribe, they knew enough about the requirements of ISO 27001 to avoid an abortive do-it-yourself attempt. It was time to engage a consultant who would be able to steer them through the copious documents associated with Information Security Management System (ISMS) that forms the core of ISO 27001.

Due to the innovative “”virtual office” approach to work place environment at Worktribe, some modification of certain aspects of the ISMS was required, ISO27001 being primarily designed around the classic “head office and branch office” situation. Colin Brown of ISO Consultants was able to adapt the system specifically for Worktribe’s distinct requirements.

“Colin made it all go very smoothly” said Matt, “so much so that I often thought we’d missed something. In fact, the actual auditor’s visit was quite uneventful!”

Worktribe already had a number of good practices in place regarding IT security. What ISO 27001 achieved for them was a structure, procedures, improved records, and a formal recognition of these as part of an internationally-recognised standard.

“ISO 27001 approval was certainly a milestone in our company’s development” said Matt.

Does your company need a current ISO Standard?

We offer three routes for businesses wanting to renew their certification or accreditation. The same routes are open to new businesses who would like to implement changes and policies, making them ready for inspection.