​Let’s be honest, there are plenty of times when organisations might want to get ISO 9001 certification to tender for a contract, or to get on a supply chain list.

Government, local authorities and larger organisations sometimes require certification before they will consider a tender from a supplier. Even if certification is not a mandatory requirement for a customer, it will give them an advantage over their competitors.

In far too many of these cases certification just becomes an end in itself, rather than a genuine desire to improve the way the organisation operates.

However, even in these cases, many companies are pleasantly surprised by the benefits that a Quality Management System does offer, even if that’s not the focus they originally started out with.

What are the true benefits of Quality Management System?

Quality management adopts the perspective that all parts of an organisation and all its employees can have an impact on quality. Although the errors of those in direct contact with its customers may be more instantly recognisable, the errors made by those who have only an indirect role also detract from quality.

For example, the poor design of a product may dissatisfy customers, or a clerical error may result in an angry customer if it leads to their being invoiced incorrectly. Quality management takes a truly systemic approach to organisations; it is based on the belief that quality will come about only if all employees and all activities of an organisation are involved:

• An organisation is viewed as a system of interconnected people.
• Any action taken anywhere can have an impact on quality.
• Suppliers are part of this system, and in a spirit of partnership are included in improvement activities.
• Quality is viewed from the customers’ or end-users’ perspective.

To see quality through the eyes of customers and exceed their expectations, an organisation must first know what its customers want. Building a relationship with, and getting closer to, its customers is essential if it is to gain a thorough understanding of their expectations.

Quality management highlights the important role played by all those who deal directly with its customers, those providing services, sales and marketing staff, and so on. Such staff have an invaluable opportunity to obtain vital information about the perceptions that customers have about the organisation and its products and services, and can gauge any changes in customers’ expectations and any indications of their future requirements.

Everyone must commit to quality

But what about those who operate well away from their customers? Quality management addresses this with the concept of a chain - in this chain everyone in an organisation, no matter where they work in it, is considered a link, and the chain eventually leads to an external customer.

Put simply, if quality is maximised as a product or service moves along this chain, then ultimately the external customer will be satisfied. Changes in customers’ requirements can also be communicated backwards along the chain. These chains stretch back to suppliers who are themselves external to the organisation.

For this concept to work in practice, good communications throughout an organisation are essential. This leaves no place for the inter-departmental barriers and ‘turf wars’ that can characterise so much of organisational life and hamper effective communications within the organisation. Quality management simply cannot work within an atmosphere of ‘them and us’.

Quality should always be at the top of the management agenda and be an issue that requires leadership from the very top of an organisation. Senior managers’ lack of commitment is recognised as the most significant barrier to achieving the successful implementation of quality management. This is why senior managers need to develop a quality strategy for their organisation that will:

• make clear the broad aims and long-term goals of its Quality Management System (QMS);
• define how quality management fits into its corporate objectives and strategy;
• describe the actions needed to implement QMS;
• indicate the resources needed for its implementation.

You must demonstrate your commitment to quality

Fine words are never likely to be enough, however. Managers need to demonstrate their commitment to quality management by their actions. As well as setting the framework for quality management by putting into place appropriate quality systems and procedures, supportive performance measurement systems and reward schemes, managers also need to demonstrate a personal commitment to quality management by, for example, fully participating in all quality improvement programmes.

There are three factors which are common to all approaches to Quality Management Systems:
​

• management commitment and quality policy;
• the use of tools that constantly and quantitatively monitor and compare performance results;
• teamwork.

The successful implementation of a Quality Management System requires a supportive organisational culture - a culture of quality. There is a strong sense of learning from mistakes and avoiding the apportionment of blame. In this culture, everyone takes responsibility for achieving quality improvements, but such an environment can only be built on mutual trust, with a management style that does not depend on blame or fear.

​A core but often misunderstood clause of the main ISO standards is the area of ‘Leadership’. This is a term which means different things to different people, but what does it mean in terms of management systems?

Although there are a lot of different definitions of leadership, there is a common thread that runs through many of them: the notion that leadership involves influencing others to follow a particular direction or aim for a particular goal. 

This really the thread that runs through ISO - leadership is about tackling the important or core issues that face the organisation, which will usually fall into one of three categories:

1. Strategic issues: the ‘ends’ or results the organisation seeks. In what direction should we go in a changing environment, correctly identifying opportunities and avoiding threats?
2. Task issues: the ‘means’ of achieving the organisation's desired results. How can these tasks best be performed? Is there a tension between ends and means? 
3. The people or maintenance problem. Leadership is largely about the relationship between leaders and followers. Therefore a central task for leaders is to build and maintain a solid relationship with others. How can a leader maintain the morale, cohesion and commitment of individuals while pursuing the organisation’s aims? 

Therefore Top Management (as ISO standards label senior management within an organisation) must ensure that the requirements of the management system, including the policies and objectives, are consistent with the strategic context and direction of the organisation, and that the policies and objectives are established whilst ensuring that the human and financial resources needed for implementing the management system are available.

The standards insists that Top Management should take a ‘hands-on’ approach to the management system which will be audited during interviews and whilst recording compliance to other requirements e.g. determining organisational context, policies, objectives, management review minutes, provision of resources etc.

This process view of leadership is designed to look at how leadership tackles the ‘ends’ and ‘means’ core problems which requires some knowledge of the wider environment and an understanding of how it is likely to affect the organisation. 

To exercise leadership in these areas, Top Management must be prepared to keep in touch with and understand these wider events. Being a successful leader depends not just on what a person does within a group, as is suggested by ‘style’ theories of leadership, but also on what that person does outside the group. Effective networking and being a good ambassador are important leadership skills; they help the leader to understand the threats and opportunities that may face an organisation and to mobilise resources and support. 

It’s against this backdrop that management system auditors will want to determine the following issues amongst the organisation’s Top Management:

• How have policies and objectives been established?
• Do they align with the strategic direction and the organisational context?
• How are policies and objectives communicated within the organisation?
• Can you demonstrate how policies are understood and applied?
• How are the requirements of the Management System integrated into the business processes?
• How is awareness of the process approach promoted?
• How are resources determined?
• How do you communicate the importance of effective Management System management, and conforming to Management System requirements?
• How do you ensure that the Management System achieves its intended results?
• How do you engage, direct and support people who contribute to the effectiveness of the Management System?
• How is continual improvement promoted?
• How are other relevant management roles supported to demonstrate leadership in their areas of responsibility?

​
The principal is fairly simple: without solid management commitment, you will not have a successful management system. This is not a commitment in words, it is the continuous and active demonstration to everyone in the organisation that the need to meet customers’ expectations is vital.

"How do I get ISO certification?" is a question often asked by organisations, and when thrown into Google means you’ll get hit with a myriad of ads and organic posts by consultancy companies and certification bodies.

It’s at this point many organisations find the whole thing a bit too confusing and the task goes back down the ‘to-do’ list to be looked at another time.

So we’ve come up with the following pathway to make things a bit clearer when you’re looking to get ISO certification (e.g. ISO 9001, ISO 14001, ISO 45001 or ISO 27001):

1. Choose the standard or standards that you want.
2. Put in a management system which meets all the requirements of your chosen standard or standards - it’s at this point you may want to employ the services of a consultancy company to help.
3. Figure on between 3 to 6 months, depending on your organisation’s size and complexity, before you’ll be ready for the next step.
4. Decide if you want UKAS accredited certification - this will dictate which type of Certification Body you’ll look for.
5. Choose a Certification Body - these are are organisations that provide an assessment based around your chosen standard(s). If you want UKAS accredited certification, you’ll need to pick a Certification Body which is UKAS accredited for your standard(s).
6. The Certification Body will perform two audits - a Stage 1 where they look at the ‘bones’ of your management system, then a Stage 2 where they look at the way you operate in detail.
7. Pass these audits and you get your certification. Congratulations! 

So there’s a few things to consider as you progress through the journey. Firstly, how do you decide the best way to put in a management system? And how much does it cost?
​

​There’s no getting away from it - whichever ISO standard you look at, whether it’s the one for quality, the environment, health & safety, information security, etc - controlling your own supply chain is a major part of the requirements.

And with good reason. In all standards the delivery of your objectives, whatever they are, will undoubtedly rely on the competence, expertise and/or professionalism of a supplier somewhere along the line, from outsourced couriers to accountants.

Quality management, for example, addresses this with the concept of a chain - in this chain everyone in an organisation, no matter where they work in it, is considered a link, and the chain eventually leads to an external customer.

Put simply, if quality is maximised as a product or service moves along this chain, then ultimately the external customer will be satisfied. Changes in customers’ requirements should also be able to be communicated effectively backwards along the chain. These chains stretch back to suppliers, making their role key to the whole outcome of quality for an organisation.

So tor this concept to work in practice, good communications throughout an organisation - and its suppliers - are essential.

Another factor is that, as companies improve their own quality performance as a result of implementing a management system, attention will, eventually, naturally turn to its supply chain a source of ‘variation’ and therefore an opportunity for improvement (notwithstanding the fact that ISO 9001 mandates that organisations shall “determine and apply criteria for the evaluation, selection, monitoring of performance and re-evaluation” of suppliers). So how should this be done?

A practical approach to assuring quality in supply chains is one based on risk. That is, companies assess their supply base according to the risk they present to their end product or service, and apply resources accordingly.

In this scenario, critical suppliers warrant the deepest evaluation (e.g. strategy, processes, systems), monitoring (e.g. tailored key performance indicators) and the most focus on giving those suppliers support for their own improvement. At the other end of the spectrum, transactional suppliers (e.g. cleaners, bookkeepers, etc) only require high-level evaluation, exception monitoring and almost no improvement support.

The first stage to guarantee quality in your supply chain is to assess and approve suppliers on their capability to supply to requirements consistently. Yes, the first step in this stage is for procurement to accept the price range offered by the potential supplier - but then they should be subjected to a supplier qualification assessment. This should be assessing whether the potential supplier has the capability to supply to your requirements.

As an organisation you should consider several criteria when conducting the assessment depending on what it is you deliver to your own customers or clients and what their requirements are. Only through doing it this way do you know if you’ve got a ‘close fit’. 

The second stage is the monitoring and improvement of key suppliers. It is always better to plan and prioritise visits to key suppliers, spending more time with the ones that need more monitoring and development. It is also important to let the supplier’s management know what the monitoring and development consists of and how the supplier partnership should be conducted.

The best approach is to work with your suppliers to identify any weaknesses they might have, making sure that they understand and accept your findings, and to assist them in developing possible solutions for improvement.

In addition to better quality of outcomes, you’ll also find that you’ll get an improvement in productivity. This increase in productivity, efficiency and effectiveness will enable the supplier to offer competitive prices to you - so a win-win situation for both! You’ll find that those key suppliers that performed well will be rewarded with some of your increased share of the pie (so more purchase order for them).

And finally, a word about skills and competency in your supply chain. It’s worth noting that more established (usually larger) suppliers will have the resources to hire better staff and also send them out for training and development. Smaller suppliers are not always able to do this. 

However, the flip side is that you can often work more easily with smaller suppliers to identify weaknesses and indicate where they need improvement. If you can find a smaller supply who genuinely wants to work with you in a true partnership, this can be worth its weight in gold (so to speak).

What are ISO standards, and what is their benefit to organisations? That's the million dollar question, and one worth exploring before you to the time and effort of implementing them!
​
ISO the organisation administers over twenty thousand standards in all areas and sectors of industry. But by far the most widely used are these three:

• ISO 9001:2015 (quality)
• ISO 14001:2015 (environment)
• ISO 45001:2018 (health and safety)

…and this one is becoming more and more popular in the current climate:

• ISO 27001:2013 (information security)

The year after the colon is simply a reference to the last time they were updated. All ISO standards are reviewed every six to eight years and at this point they may or may not be updated. The version of ISO 9001 before the current one was 2008 (hence the designation you may have seen ISO 9001:2008). The one before this was ISO 9001:2000. So the actual period of time between a change in standards can vary. There are currently no plans to update the ISO 9001:2015 standard.

When a standard is updated, there is always a lengthy transition period to make any changes. The latest ISO 9001:2015 revision was introduced in September 2015, and companies certified under the previous version (ISO 9001:2008) were told that they had three years to transition. The deadline for ISO 9001:2015 transition was 15 September 2018, which gave companies plenty of time to prepare.

How popular are they?

There are over one million companies and organisations in over 170 countries certified to ISO 9001. There are more than 300,000 certifications to ISO 14001 to be found in 171 countries. Note that these figures are just ones who are certified, there may be many companies operating to these standards but not certified, or who are in the process of getting certification.

ISO 45001:2018 is a new standard, but with a long history. It is set to replace OHSAS 18001 - this was a British Standard for occupational health and safety management systems and compliance with it enabled organisations to demonstrate that they had a system in place for occupational health and safety.

It was born out of a time when organisations worldwide recognised the need to control and improve health and safety performance with an occupational health and safety management systems (OHSMS), however, before 1999 there was an increase of national standards and proprietary certification schemes to choose from. This caused confusion and fragmentation in the market and undermined the credibility of individual schemes.

Recognising this deficit, an international collaboration called the Occupational Health and Safety Assessment Series (OHSAS) Project Group was formed to create a single unified approach. The Group comprised representatives from national standards bodies, academic bodies, accreditation bodies, certification bodies and occupational safety and health institutions, with the UK’s national standards body, BSI Group, providing the secretariat. 

Drawing on the best of existing standards and schemes, the OHSAS Project Group published the OHSAS 18000 Series in 1999. The Series consisted of two specifications: 18001 provided requirements for an OHS management system and 18002 gave implementation guidelines.

These requirements were used in many companies around the world, however, they did not have the worldwide recognition that comes with a standard released by ISO, so a new ISO standard was voted upon and agreed by over 100 member nations from around the world. After a justification study the decision was made to release an OHSMS requirements standard from ISO.

In October 2013 the ISO 45001 standard was proposed, and a technical committee was formed, and worked until December 2015. From 2015 to 2017 a first draft failed to gain approval, but a second draft was approved. The finalised standard was published in March 2018.

After this point companies have three years - until March 2021 - to transition over to ISO 45001 if they have an OHSMS in place to the OHSAS 18001:2007 standard, at which point BSI will formally withdraw OSHAS 18001.

So at present it’s difficult to find definitive numbers on how many companies are certified due to the crossover from a British Standard to an ISO, but it’s particularly popular in manufacturing companies and any firms operating in the built environment. Indeed, it’s often a prerequisite to get on the supply chain lists of many large building firms.

Finally, there are around 34,000 ISO 27001 certifications issued worldwide, although this grew by a whopping 20% from 2018-2019 so as a standard it’s really starting to catch up.

So these are the standards we focus on as the key to improving your business.