What is ISO Certification? Corporate Responsibility and You

“What is ISO Certification?” More importantly, why seek ISO certification? Simple. Corporate responsibility. It appears in court cases, headlines, and the sleepless nights of CEOs. Thus, regarding ISO standards, the issue is simple. It’s not “can you afford to comply”, but rather “can you afford not to?”

A Surprise! You Are Probably Doing This Already

A case study: A company employs 30 staff. They vary from highly reliable and fully committed to “why did I employ him/her?” However, you have to let them talk to hard-won customers. They manage expensive machines and control hazardous processes. Directors carry “corporate responsibility”. Thus, if an employees does something stupid, it’s the director’s fault, not theirs. They may lose their home. They could gain a new one, albeit very secure, at Her Majesty’s Pleasure.

Why do I take these risks? What can I do to reduce them?

Here’s the surprise. You already use ISO principles elsewhere in your business. You’ve been financially responsible for the business for some time. You have addressed that responsibility with some safeguards:

1

You employ a knowledgeable and reliable professional to oversee the finances. Full time or part time depending on your situation.

2

You establish good financial controls and make sure everybody sticks to them.

3

You review the financial position regularly.

Voila! The basic principles of an ISO Standard. What is ISO Certification? Verification of a system of “best practice”

What is ISO Certification? (Standards for (Just About) Everything)

The following will cover 95% of your business’s core activity:

ISO 9001

Quality Management

ISO 14001

Environmental Management

ISO 27001

Information Security Management

ISO 45001

Health and Safety Management

Badly handled, each of these business activities covered by the standards can cost you dearly. However, as in my finance example, you have already introduced best practice. Thus, even if something goes hugely wrong, at least you can give proof of managing risk.

In-House or Buy-In?

Employing an in-house expert would be the ideal option. Alternatively, a consultancy who have staff with expert level knowledge and experience. Therefore, they could quickly put in place systems to meet these standards. Furthermore, they would train your own staff to maintain them in house. (We know a very good consultancy, by the way…) Employing a specialist can give you huge benefits; for a relatively small investment you should be able to gain access to years of study and experience.

Risk Need Not Be Risky

ISO Standards are far from “fixed”; they contain the tools you need to manage arising risks. Simply manage their implementation. Then, when necessary, encourage your staff that they need to be followed. A good consultant will customise each standards’ requirements to your business needs in a few days.

Beyond Compliance – ISO Standard as Marketing Tool.

Having an independently issued ISO certificate can help win additional orders and in some industries is essential in tendering situations.

Beyond A Certificate – Improvement Through Monitoring

A correctly implemented ISO management system standard includes the need for a periodic review of how the system is working. You can leave the system for the staff to implement on a day to day basis. Finally, review periodically to ensure they are going in the direction you want them. Set objectives you set to measure the success of the system are being met.

Do You Have An Alternative?

Failures in any one of these four disciplines, Quality, Environment, Health and Safety and Information Security can lead to enormous fines for your business and you personally. Implementing the relevant ISO based management system helps to standardise the way your business operates and addresses risks . Therefore, compliance with legal and regulatory issues becomes just “the way we do things”.