“Should I get ISO certification?” - this is a question only you can answer, and really only when you’ve answer the question “why do I need ISO certification”?
It might be that you need it because a client has said it won’t deal with you until you do; or you want to get onto a supply chain list; or your competitors have it so you need to get it to compete.
While there’s nothing at all wrong with any of these reasons, the trouble is they drive a ‘tick box’ industry when it comes to certification. Certification just becomes an end in itself, and simply a side project that achieves certification by ticking off a series of actions in preparation for an audit then ignored as soon as the auditor walks back out of the door and other priorities take over.
Then its back to battling through self-inflicted mistakes and complaints for another 11 months before starting to look at fabricating evidence to show the auditor again in a month’s time. This is an all-too-familiar story.
The main reason you should want ISO certification is the reason they were developed in the first place - to improve your organisation.
The quality standard - ISO 9001 - is used by over one million companies across the world and is revered by large corporations and small firms alike. If it’s applied properly and diligently, then organisations reap the benefits over time.
The only problem with it is that it’s a seriously underused system, mainly because of all of the unnecessary bureaucracy, costs and generally poor implementation which have become associated with the certification of them. But this does not have to be the case. If done correctly it can be, simply put, the most effective way of improving your business.
If you strip away all of the rigmarole surrounding certification, then it can be the level-best way to continually improve your business from your customer’s point of view.
So when trying to gauge if it’s worth it, then this is a really important thing to frame it against.
Due to the nature of ISOs, it can be difficult to work out whether it’s cost-effective - many of the costs fall into the ‘it depends’ category (it depends on your company size, sector, risks, etc) and the benefits will depend on many things so can only be estimated.
“Is ISO worth it?” might be one of those million dollar questions, but in reality it’s more of a “work in, work out” answer. The benefits that are gained will vary greatly on the ISO standard that you implement and the amount of effort you put into improving the management system.
Some of the benefits are not as obvious as they can be harder to quantify. For example, when implementing ISO 9001 we would be looking at your processes and identifying streamlining opportunities, often reducing time and paperwork. Unless you are doing time and motion studies then it will be hard to obtain the cost benefits from these improvements. But you can certainly estimate how much time and money you have saved and see the value from that perspective.
The more focus you place on process improvements the more benefit you will gain - the ISO 9001 standard, as we’ve discussed, is all about continual improvement.
The ISO 14001 standard on the other hand could be easier to justify from a money perspective as you will need to monitor your waste and utilities usages. It is very easy to save money from both with this environmental standard. It is not uncommon for businesses to save at least 10% year-on-year through improvements and just focusing on those areas such as energy reductions.
It’s possibly harder to demonstrate cost benefits with the ISO 45001 standard but there are some businesses that will see the value of this more than others, especially when you analyse time off work through sickness or accidents. If you reduce these and improve the wellbeing of personnel then this will return monetary savings.
Likewise, ISO 27001 enables organisations to avoid the potentially devastating financial losses caused by data breaches. The global average cost of a data breach has skyrocketed to £3.13 million (a 6.4% increase from 2017), according to the Ponemon Institute.
The standard is also designed to ensure the selection of adequate and proportionate security controls that help to protect information in line with increasingly rigid regulatory requirements such as the EU General Data Protection Regulation (GDPR) and other associated laws.
When you’re looking at costs there’s a lot to take into account, such as implementation costs, employee hours costs and Certification Body costs (IF you want to be certified - you don’t HAVE to be certified).
The Ideas Distillery’s spent a lot time putting together a rough-and-ready spreadsheet calculator - our Cost Benefit Analysis (CBA) tool - to address the main areas of installing an ISO management system, including becoming certified.
The idea is, at the end of the process, you can see the overall costs and compare these with the overall benefits, in the context of both one-off and ongoing costs and benefits, and how ISOs might benefit you (or not) in the long term.
The downloadable CBA tool and accompanying guides (there’s one for ISO 9001, 14001 and 45001 then a separate one for ISO 27001) will quickly get you underway allowing you to work out a good indication of how much your chosen path is going to cost. Just click here for our CBA tool and guides.
Here you'll find the latest blog articles on all things compliance, particularly focussed on quality, environment, health & safety and information security.
Get a completely free, no obligation, totally tailored ISO Gap Analysis for your business...