Let’s be honest, there are plenty of times when organisations might want to get ISO 9001 certification to tender for a contract, or to get on a supply chain list.
Government, local authorities and larger organisations sometimes require certification before they will consider a tender from a supplier. Even if certification is not a mandatory requirement for a customer, it will give them an advantage over their competitors.
In far too many of these cases certification just becomes an end in itself, rather than a genuine desire to improve the way the organisation operates.
However, even in these cases, many companies are pleasantly surprised by the benefits that a Quality Management System does offer, even if that’s not the focus they originally started out with.
What are the true benefits of Quality Management System?
Quality management adopts the perspective that all parts of an organisation and all its employees can have an impact on quality. Although the errors of those in direct contact with its customers may be more instantly recognisable, the errors made by those who have only an indirect role also detract from quality.
For example, the poor design of a product may dissatisfy customers, or a clerical error may result in an angry customer if it leads to their being invoiced incorrectly. Quality management takes a truly systemic approach to organisations; it is based on the belief that quality will come about only if all employees and all activities of an organisation are involved:
To see quality through the eyes of customers and exceed their expectations, an organisation must first know what its customers want. Building a relationship with, and getting closer to, its customers is essential if it is to gain a thorough understanding of their expectations.
Quality management highlights the important role played by all those who deal directly with its customers, those providing services, sales and marketing staff, and so on. Such staff have an invaluable opportunity to obtain vital information about the perceptions that customers have about the organisation and its products and services, and can gauge any changes in customers’ expectations and any indications of their future requirements.
Everyone must commit to quality
But what about those who operate well away from their customers? Quality management addresses this with the concept of a chain - in this chain everyone in an organisation, no matter where they work in it, is considered a link, and the chain eventually leads to an external customer.
Put simply, if quality is maximised as a product or service moves along this chain, then ultimately the external customer will be satisfied. Changes in customers’ requirements can also be communicated backwards along the chain. These chains stretch back to suppliers who are themselves external to the organisation.
For this concept to work in practice, good communications throughout an organisation are essential. This leaves no place for the inter-departmental barriers and ‘turf wars’ that can characterise so much of organisational life and hamper effective communications within the organisation. Quality management simply cannot work within an atmosphere of ‘them and us’.
Quality should always be at the top of the management agenda and be an issue that requires leadership from the very top of an organisation. Senior managers’ lack of commitment is recognised as the most significant barrier to achieving the successful implementation of quality management. This is why senior managers need to develop a quality strategy for their organisation that will:
You must demonstrate your commitment to quality
Fine words are never likely to be enough, however. Managers need to demonstrate their commitment to quality management by their actions. As well as setting the framework for quality management by putting into place appropriate quality systems and procedures, supportive performance measurement systems and reward schemes, managers also need to demonstrate a personal commitment to quality management by, for example, fully participating in all quality improvement programmes.
There are three factors which are common to all approaches to Quality Management Systems:
The successful implementation of a Quality Management System requires a supportive organisational culture - a culture of quality. There is a strong sense of learning from mistakes and avoiding the apportionment of blame. In this culture, everyone takes responsibility for achieving quality improvements, but such an environment can only be built on mutual trust, with a management style that does not depend on blame or fear.
A core but often misunderstood clause of the main ISO standards is the area of ‘Leadership’. This is a term which means different things to different people, but what does it mean in terms of management systems?
Although there are a lot of different definitions of leadership, there is a common thread that runs through many of them: the notion that leadership involves influencing others to follow a particular direction or aim for a particular goal.
This really the thread that runs through ISO - leadership is about tackling the important or core issues that face the organisation, which will usually fall into one of three categories:
Therefore Top Management (as ISO standards label senior management within an organisation) must ensure that the requirements of the management system, including the policies and objectives, are consistent with the strategic context and direction of the organisation, and that the policies and objectives are established whilst ensuring that the human and financial resources needed for implementing the management system are available.
The standards insists that Top Management should take a ‘hands-on’ approach to the management system which will be audited during interviews and whilst recording compliance to other requirements e.g. determining organisational context, policies, objectives, management review minutes, provision of resources etc.
This process view of leadership is designed to look at how leadership tackles the ‘ends’ and ‘means’ core problems which requires some knowledge of the wider environment and an understanding of how it is likely to affect the organisation.
To exercise leadership in these areas, Top Management must be prepared to keep in touch with and understand these wider events. Being a successful leader depends not just on what a person does within a group, as is suggested by ‘style’ theories of leadership, but also on what that person does outside the group. Effective networking and being a good ambassador are important leadership skills; they help the leader to understand the threats and opportunities that may face an organisation and to mobilise resources and support.
It’s against this backdrop that management system auditors will want to determine the following issues amongst the organisation’s Top Management:
The principal is fairly simple: without solid management commitment, you will not have a successful management system. This is not a commitment in words, it is the continuous and active demonstration to everyone in the organisation that the need to meet customers’ expectations is vital.
"How do I get ISO certification?" is a question often asked by organisations, and when thrown into Google means you’ll get hit with a myriad of ads and organic posts by consultancy companies and certification bodies.
It’s at this point many organisations find the whole thing a bit too confusing and the task goes back down the ‘to-do’ list to be looked at another time.
So we’ve come up with the following pathway to make things a bit clearer when you’re looking to get ISO certification (e.g. ISO 9001, ISO 14001, ISO 45001 or ISO 27001):
So there’s a few things to consider as you progress through the journey. Firstly, how do you decide the best way to put in a management system? And how much does it cost?
Well, implementation and consulting costs for a management system in any organisation can vary greatly. The range of prices that you're likely to hear is anything from £500 to £40,000+. The actual price depends on the size and complexity of your organisation and on what you're trying to achieve. It also depends on the level and type of service you're looking for.
On the low end of the scale, you can purchase an “ISO in a box” documentation package for around £500 (some run even less). This approach will provide you with a set of generic text-based documents that you will then have to edit to make them somewhat representative of your company’s operations. You will still need to have some training for your general staff, management, and internal auditors. Generally, most mass market, low cost, do-it-yourself ISO products are designed for companies that manufacture/produce some kind of product.
In the lower-middle of the range are providers of “hybrid” services that merge the generic “canned” documentation approach with some hands-on (on-site) training and some coaching. In general, these approaches do not differ that much from the “canned” products. The resulting management system is typically compliance-orientated and of limited (if any) business value, but the results are generally better and faster than with a purely “canned” product. Customers also feel a bit better about the outcome because they receive some hand-holding.
Then there are companies such as ours who are ISO consultants that work directly with companies to implement standards in a way that is specific to your company. The objective and expertise of our consultants is to achieve registration by developing a custom system that meets the requirements of the applicable standard(s), but also uses this as a platform for genuine business improvement.
Then we get into the whole ‘ISO certification’ or ‘ISO accreditation’ thing. When it comes to ISO, the words ‘certification’ and ‘accreditation’ seem to be used interchangeably, but there is actually a difference. Certification represents a written assurance by a third party of the conformity of a product, process or service to specified requirements (‘specified requirements’ could be, for example, the ISO 9001 standard).
Accreditation, on the other hand, is a ‘type’ of certification, in that the third party doing the certifying has been accredited by a suitable body - in our world, this would mean that a Certification Body has been accredited by UKAS (the United Kingdom Accreditation Service). So if you have been certified by a UKAS-approved Certification Body for the ISO standard you’ve chosen, you have gained accredited certification.
When you install a management system in your business, and it’s been operating for at least three months, then you CAN (please note that you DO NOT have to) get it certified. A Certification Body will audit you (i.e. they check that you, as a business, comply with the requirements of the standard or standards you are implementing). If you pass this audit then you will be awarded certification. Referring to above, if the Certification Body is accredited, then you will be awarded accredited certification.
Some certification bodies specialise in certain industries, some have international reputations, and some are more competitively priced than others. There are around 100 certification bodies who are accredited by UKAS and it is up to your business who you ask to assess your ISO system. All certification bodies should do a similar job - however, as with anything, the type of service given can vary.
The costs of a Certification Body are usually calculated on a ‘day rate’ basis. The rate depends entirely upon the Certification Body which you choose. This is where it's useful to get quotations as prices can vary anywhere between £600 - £1,200 per day. Again, the number of days depends on the size and complexity of your company, and it's also important to take into account something called the ‘certification cycle’ (you can find out more about this in our FAQs section).
But to get your initial certification, as well as the size and complexity of your organisation, there is the consideration of how many standards you are asking them to audit. One standard could be as few as two days, and then would increase to three days for two standards, then four days for three standards, etc.
But if you just want some advice on starting your journey - whichever route you want to go down - then we’re always happy to help, just get in touch.
There’s no getting away from it - whichever ISO standard you look at, whether it’s the one for quality, the environment, health & safety, information security, etc - controlling your own supply chain is a major part of the requirements.
And with good reason. In all standards the delivery of your objectives, whatever they are, will undoubtedly rely on the competence, expertise and/or professionalism of a supplier somewhere along the line, from outsourced couriers to accountants.
Quality management, for example, addresses this with the concept of a chain - in this chain everyone in an organisation, no matter where they work in it, is considered a link, and the chain eventually leads to an external customer.
Put simply, if quality is maximised as a product or service moves along this chain, then ultimately the external customer will be satisfied. Changes in customers’ requirements should also be able to be communicated effectively backwards along the chain. These chains stretch back to suppliers, making their role key to the whole outcome of quality for an organisation.
So tor this concept to work in practice, good communications throughout an organisation - and its suppliers - are essential.
Another factor is that, as companies improve their own quality performance as a result of implementing a management system, attention will, eventually, naturally turn to its supply chain a source of ‘variation’ and therefore an opportunity for improvement (notwithstanding the fact that ISO 9001 mandates that organisations shall “determine and apply criteria for the evaluation, selection, monitoring of performance and re-evaluation” of suppliers). So how should this be done?
A practical approach to assuring quality in supply chains is one based on risk. That is, companies assess their supply base according to the risk they present to their end product or service, and apply resources accordingly.
In this scenario, critical suppliers warrant the deepest evaluation (e.g. strategy, processes, systems), monitoring (e.g. tailored key performance indicators) and the most focus on giving those suppliers support for their own improvement. At the other end of the spectrum, transactional suppliers (e.g. cleaners, bookkeepers, etc) only require high-level evaluation, exception monitoring and almost no improvement support.
The first stage to guarantee quality in your supply chain is to assess and approve suppliers on their capability to supply to requirements consistently. Yes, the first step in this stage is for procurement to accept the price range offered by the potential supplier - but then they should be subjected to a supplier qualification assessment. This should be assessing whether the potential supplier has the capability to supply to your requirements.
As an organisation you should consider several criteria when conducting the assessment depending on what it is you deliver to your own customers or clients and what their requirements are. Only through doing it this way do you know if you’ve got a ‘close fit’.
The second stage is the monitoring and improvement of key suppliers. It is always better to plan and prioritise visits to key suppliers, spending more time with the ones that need more monitoring and development. It is also important to let the supplier’s management know what the monitoring and development consists of and how the supplier partnership should be conducted.
The best approach is to work with your suppliers to identify any weaknesses they might have, making sure that they understand and accept your findings, and to assist them in developing possible solutions for improvement.
In addition to better quality of outcomes, you’ll also find that you’ll get an improvement in productivity. This increase in productivity, efficiency and effectiveness will enable the supplier to offer competitive prices to you - so a win-win situation for both! You’ll find that those key suppliers that performed well will be rewarded with some of your increased share of the pie (so more purchase order for them).
And finally, a word about skills and competency in your supply chain. It’s worth noting that more established (usually larger) suppliers will have the resources to hire better staff and also send them out for training and development. Smaller suppliers are not always able to do this.
However, the flip side is that you can often work more easily with smaller suppliers to identify weaknesses and indicate where they need improvement. If you can find a smaller supply who genuinely wants to work with you in a true partnership, this can be worth its weight in gold (so to speak).
What are ISO standards, and what is their benefit to organisations? That's the million dollar question, and one worth exploring before you to the time and effort of implementing them!
ISO the organisation administers over twenty thousand standards in all areas and sectors of industry. But by far the most widely used are these three:
…and this one is becoming more and more popular in the current climate:
The year after the colon is simply a reference to the last time they were updated. All ISO standards are reviewed every six to eight years and at this point they may or may not be updated. The version of ISO 9001 before the current one was 2008 (hence the designation you may have seen ISO 9001:2008). The one before this was ISO 9001:2000. So the actual period of time between a change in standards can vary. There are currently no plans to update the ISO 9001:2015 standard.
When a standard is updated, there is always a lengthy transition period to make any changes. The latest ISO 9001:2015 revision was introduced in September 2015, and companies certified under the previous version (ISO 9001:2008) were told that they had three years to transition. The deadline for ISO 9001:2015 transition was 15 September 2018, which gave companies plenty of time to prepare.
How popular are they?
There are over one million companies and organisations in over 170 countries certified to ISO 9001. There are more than 300,000 certifications to ISO 14001 to be found in 171 countries. Note that these figures are just ones who are certified, there may be many companies operating to these standards but not certified, or who are in the process of getting certification.
ISO 45001:2018 is a new standard, but with a long history. It is set to replace OHSAS 18001 - this was a British Standard for occupational health and safety management systems and compliance with it enabled organisations to demonstrate that they had a system in place for occupational health and safety.
It was born out of a time when organisations worldwide recognised the need to control and improve health and safety performance with an occupational health and safety management systems (OHSMS), however, before 1999 there was an increase of national standards and proprietary certification schemes to choose from. This caused confusion and fragmentation in the market and undermined the credibility of individual schemes.
Recognising this deficit, an international collaboration called the Occupational Health and Safety Assessment Series (OHSAS) Project Group was formed to create a single unified approach. The Group comprised representatives from national standards bodies, academic bodies, accreditation bodies, certification bodies and occupational safety and health institutions, with the UK’s national standards body, BSI Group, providing the secretariat.
Drawing on the best of existing standards and schemes, the OHSAS Project Group published the OHSAS 18000 Series in 1999. The Series consisted of two specifications: 18001 provided requirements for an OHS management system and 18002 gave implementation guidelines.
These requirements were used in many companies around the world, however, they did not have the worldwide recognition that comes with a standard released by ISO, so a new ISO standard was voted upon and agreed by over 100 member nations from around the world. After a justification study the decision was made to release an OHSMS requirements standard from ISO.
In October 2013 the ISO 45001 standard was proposed, and a technical committee was formed, and worked until December 2015. From 2015 to 2017 a first draft failed to gain approval, but a second draft was approved. The finalised standard was published in March 2018.
After this point companies have three years - until March 2021 - to transition over to ISO 45001 if they have an OHSMS in place to the OHSAS 18001:2007 standard, at which point BSI will formally withdraw OSHAS 18001.
So at present it’s difficult to find definitive numbers on how many companies are certified due to the crossover from a British Standard to an ISO, but it’s particularly popular in manufacturing companies and any firms operating in the built environment. Indeed, it’s often a prerequisite to get on the supply chain lists of many large building firms.
Finally, there are around 34,000 ISO 27001 certifications issued worldwide, although this grew by a whopping 20% from 2018-2019 so as a standard it’s really starting to catch up.
So these are the standards we focus on as the key to improving your business.
Here you'll find the latest blog articles on all things compliance, particularly focussed on quality, environment, health & safety and information security.
Get a completely free, no obligation, totally tailored ISO Gap Analysis for your business...