The huge impact on businesses due to the COVID-19 pandemic has forced many businesses to come up with other revenue-raising ways.
This has sparked a ‘revolution in innovation’ as businesses either deliver their products or services differently or pivot to something completely new.
But businesses don’t have to wait for the next ‘big shock’ to find out whether they have the innovative nous to survive. Adopting a management system now can ensure that moving over to new business practices becomes a seamless process.
The link between business management systems is a strong bond. ISO systems are not just about continual improvement, they are also inherently linked to innovation. And in the current- and post-COVID economy, that’s something we’re going to need more than a small slice of.
Running a business along ISO management system lines means you’re looking for improvement by involving a whole range of stakeholders, from every employee to your clients, customers, suppliers and any other key person or group you’ve identified. You’re always after their views; you’re always gathering market information; you’re a very ‘switched on’ company. You marshal your resources in a way which makes you able to look for improvement and innovation at every level.
Let’s look at the figures: the failure of new products is well documented. For example, the retail and grocery sector sees an 85% failure of new products in the first year. The computer games industry sees around 50% of its sales generated by only 10% of releases.
The failure rate in the music industry is spectacular, with approximately 80-90% of new releases being duds. In the online magazine publishing industry, a massive 80% of new publications fail to last more than 12 issues, and book publishing is a notoriously difficult nut to crack where only a tiny proportion of new releases generate any kind of profit.
Genuine business improvements and new ideas as a result of them are actually very difficult to come across. Just look at confectionary manufacturers and the way they incessantly bring out bigger/smaller/special edition versions of 60-year-old snacks. This tired old formula has now become the template of product and service development in industries right across the board. There is, of course, one fundamental flaw with this process: the vast majority of things created by it fail.
But business improvement and innovation is so important because we are facing a number of key challenges. Globalisation, technological and knowledge revolutions, cultural debate and climate change are issues that face us all at some level. They mean that as well as wanting to improve and innovate in order to improve a process or product and add value, we also have to improve and innovate because there is an overwhelming imperative to do so.
The knowledge-driven economy brings new challenges for business. Markets are becoming more global with new competitors, product lifecycles are shortening, customers are more demanding and the complexity of technology is increasing.
So while the knowledge economy represents new opportunities, certain actions are needed to support and take advantage of these developments.
In the knowledge-driven economy, improvement and innovation have become central to achievement in the business world. With this growth in importance, organisations large and small have begun to re-evaluate their products, their services, even their corporate culture in the attempt to maintain their competitiveness in the global markets of today. The more forward-thinking organisations have recognised that only through such root and branch reform can they hope to survive in the face of increasing competition.
This is why the use of ISOs is so important. A successful business today understands the value of both improvement and innovation, and it knows that while these terms may have different meanings, they are equally critical for long-term business success. Organisations that embrace both methods of increasing business value are the ones that will not only survive, but thrive in today’s competitive marketplace.
Improvements are small, incremental changes that make a business’s goods or services better in some way, whether by reducing cost, increasing value, improving safety, or enhancing quality or satisfaction. They’re typically low-cost, low-risk ideas that can be implemented by the people doing the work all day, every day. Improvements start with examining a current process and asking the question: “How can I do this better?”
The trick is to couple this with innovation, which starts with the status quo and asks: “How can I do this in a whole new way, to achieve significantly better results?” Innovative ideas are ground-breaking, far-reaching, significant changes to business processes that serve the purpose of improving the organisation in wide swathes. But you have to have your business processes functioning properly in the first place.
Food for thought before the next economic shock rumbles inevitably towards us.
“Should I get ISO certification?” - this is a question only you can answer, and really only when you’ve answer the question “why do I need ISO certification”?
It might be that you need it because a client has said it won’t deal with you until you do; or you want to get onto a supply chain list; or your competitors have it so you need to get it to compete.
While there’s nothing at all wrong with any of these reasons, the trouble is they drive a ‘tick box’ industry when it comes to certification. Certification just becomes an end in itself, and simply a side project that achieves certification by ticking off a series of actions in preparation for an audit then ignored as soon as the auditor walks back out of the door and other priorities take over.
Then its back to battling through self-inflicted mistakes and complaints for another 11 months before starting to look at fabricating evidence to show the auditor again in a month’s time. This is an all-too-familiar story.
The main reason you should want ISO certification is the reason they were developed in the first place - to improve your organisation.
The quality standard - ISO 9001 - is used by over one million companies across the world and is revered by large corporations and small firms alike. If it’s applied properly and diligently, then organisations reap the benefits over time.
The only problem with it is that it’s a seriously underused system, mainly because of all of the unnecessary bureaucracy, costs and generally poor implementation which have become associated with the certification of them. But this does not have to be the case. If done correctly it can be, simply put, the most effective way of improving your business.
If you strip away all of the rigmarole surrounding certification, then it can be the level-best way to continually improve your business from your customer’s point of view.
So when trying to gauge if it’s worth it, then this is a really important thing to frame it against.
Due to the nature of ISOs, it can be difficult to work out whether it’s cost-effective - many of the costs fall into the ‘it depends’ category (it depends on your company size, sector, risks, etc) and the benefits will depend on many things so can only be estimated.
“Is ISO worth it?” might be one of those million dollar questions, but in reality it’s more of a “work in, work out” answer. The benefits that are gained will vary greatly on the ISO standard that you implement and the amount of effort you put into improving the management system.
Some of the benefits are not as obvious as they can be harder to quantify. For example, when implementing ISO 9001 we would be looking at your processes and identifying streamlining opportunities, often reducing time and paperwork. Unless you are doing time and motion studies then it will be hard to obtain the cost benefits from these improvements. But you can certainly estimate how much time and money you have saved and see the value from that perspective.
The more focus you place on process improvements the more benefit you will gain - the ISO 9001 standard, as we’ve discussed, is all about continual improvement.
The ISO 14001 standard on the other hand could be easier to justify from a money perspective as you will need to monitor your waste and utilities usages. It is very easy to save money from both with this environmental standard. It is not uncommon for businesses to save at least 10% year-on-year through improvements and just focusing on those areas such as energy reductions.
It’s possibly harder to demonstrate cost benefits with the ISO 45001 standard but there are some businesses that will see the value of this more than others, especially when you analyse time off work through sickness or accidents. If you reduce these and improve the wellbeing of personnel then this will return monetary savings.
Likewise, ISO 27001 enables organisations to avoid the potentially devastating financial losses caused by data breaches. The global average cost of a data breach has skyrocketed to £3.13 million (a 6.4% increase from 2017), according to the Ponemon Institute.
The standard is also designed to ensure the selection of adequate and proportionate security controls that help to protect information in line with increasingly rigid regulatory requirements such as the EU General Data Protection Regulation (GDPR) and other associated laws.
When you’re looking at costs there’s a lot to take into account, such as implementation costs, employee hours costs and Certification Body costs (IF you want to be certified - you don’t HAVE to be certified).
The Ideas Distillery’s spent a lot time putting together a rough-and-ready spreadsheet calculator - our Cost Benefit Analysis (CBA) tool - to address the main areas of installing an ISO management system, including becoming certified.
The idea is, at the end of the process, you can see the overall costs and compare these with the overall benefits, in the context of both one-off and ongoing costs and benefits, and how ISOs might benefit you (or not) in the long term.
The downloadable CBA tool and accompanying guides (there’s one for ISO 9001, 14001 and 45001 then a separate one for ISO 27001) will quickly get you underway allowing you to work out a good indication of how much your chosen path is going to cost. Just click here for our CBA tool and guides.
When future history books are written, the pandemic of 2020 may well go down as the time when the way we live and work changed fundamentally.
The workplace of the future could look markedly different from the ones we were using in 2019, from flexible working spaces to plasma ventilation systems, body temperature sensors, desk screens, and the many other things which may become commonplace.
Undoubtedly many things will change because they will have to, in order to remain relevant and useful to our current plight. And ISO standards will be no different.
There are current elements of ISO standards which have already become more prominent and important to the organisations that use them. Hopefully this will also spur others to see the value they can bring in a Covid and (hopefully, and soon) post-Covid world.
Our first example will be ISO 9001, which is the standard that deals with the management of quality systems, and its focus on disaster recovery and business continuity.
With this standard you have to look at your risks and document them, along with the controls you’ll use to minimise any adverse affects this would have. Typical risks have traditionally been identified as extreme weather events affecting property, transport and power supplies (which can also have an impact on global supply chains); cyber-attacks and disruption to IT systems; changes to regulations and the political landscape; an loss of customer confidence due to negative publicity.
The idea is that you’ll manage disruption and limit the effects of these events to ensure business gets back to normal as quickly as possible.
Now, we’ve seen many a Business Continuity Plan that has also listed ‘pandemic’ as a scenario, but one that has probably never been envisaged as coming to pass. However, this is without doubt going to change, and how a business weathers a ‘virus event’ will become a hot topic for discussion across management teams up and down the country for years to come.
Another big area of significance will be attached to ISO 45001 - the standard addressing health & safety - and how assessing the risk of Covid in the workplace will become a primary concern.
In the UK, this falls under general management of health and safety in the workplace regulations, and all employers have to take reasonable steps to protect workers and others from the virus. A Covid-19 risk assessment is seen as a key part of this.
Guidance from the Health and Safety Executive, itself using guidance from Public Health England, drew up a series of issues an employers need to take into account when undertaking this assessment, such as identifying what work activity or situations might cause transmission of the virus; who could be at risk; how likely it was that someone could be exposed; and how they would act to remove the activity or situation, or if this wasn’t possible, control the risk.
In addition, some groups of people could be at more risk of being infected and/or an adverse outcome if infected, and this also need to be considered in the risk assessment.
So having a properly set up health & safety management system with a defined way of carrying out risk assessment using all of the available guidance definitely made life easier for organisations that had the ISO 45001 standard, and will continue to do so.
And finally, a nod to the importance of the ISO 27001 information security standard - organisations that had an information security management system in place found it so much easier to handle setting up staff working from home.
Organisations with the standard already had a suite of policies for working from home, along with risk assessments already completed, controls in place to combat unauthorised remote access, logging access to networks traced in the event of an incident, along with processes in place to close down any incidents as quickly as possible.
So as we change our ways of working, many elements of the most popular ISO standards are there to make it as easy as possible.
And the reason? Because they are all ‘risk-based’ standards. This means that they help you to focus your resources toward things that present a higher risk to you and your customers and clients. And these days, that means a lot.
The story of the COVID-19 pandemic is far from over. But even though it will, in all probability, end, the ‘new normal’ it has been responsible for could last for months, years, or indefinitely. What is beyond doubt, however, is that businesses will have to start planning for the affects of pandemics in a way they’ve never done before.
You won’t have failed to notice that, although there’s been some dramatic losers over the past few months (think hospitality, airlines, high street retail), there’s also been some big winners (think technology companies, especially videoconferencing ones, online shops and supermarkets, healthcare suppliers).
At The Ideas Distillery we help companies put in place management systems such as ISO 9001 (quality), ISO 14001 (environment), ISO 45001 (health and safety) and ISO 27001 (information security). Even though these are quite differing and disparate disciplines, all four have one important thing in common.
They are all classed as ‘risk based’ standards, which is to say that they all require you to assess the risks to your business and build your system accordingly. Recognising risk and putting measures in place to control and mitigate these risks are central tenets.
But what is most interesting about this risk assessment process is that it also, simultaneously, gets you to consider any opportunities associated with the risk.
You see, ISO management systems consider that risks also have a positive side - opportunities. That’s because within every risk lies an opportunity.
So when lockdown made everyone stay indoors, the watch-word for business was ‘pivot’ - how could a business adjust what it did in normal times to fulfil a need in, well, frankly, very abnormal times. Some did it successfully, others less so - either the perceived need wasn’t there, or the business didn’t have the necessary infrastructure, funding, competence, (fill your own diagnosis in here), etc to carry it off.
But, of course, if they had a properly-research plan with the necessary contingencies that they could have put into action almost immediately, using a finely-honed management system, then things might have been different.
I know this may sound like sage advice once the horse has bolted and run far away over the hills, but a pandemic is just one business risk that has the ability to close even the best-run company overnight (indeed a pandemic hasn’t been a far-fetched scenario in business risk circles for quite a few years given the swine flu, bird flu and SARS scares of recent years).
Let’s just take a look at two immediate risks in the wake of the pandemic (which is, of course, still going on):
Both are clearly the worst type of business risk. But are there opportunities? Can you be a market disruptor? Can you make use of existing current resources - your people and their skills, any intellectual property, systems and technology, or capital you might have?
Just some tips - a quick scan of trends using Google finds that anything to do with wellbeing - from vitamin supplements to exercise equipment - is big business as people start to value their health. Distance learning (or e-learning) is also becoming a juggernaut!
But the big takeaway is to take a risk-based approach to your business planning. There’s still much that can happen (don’t forget there were many businesses still recovering from flooding right before the COVID outbreak), and we’re still living in a climate-changing world with resources getting ever-scarcer.
You could do much worse than to look at adopting an ISO standard and using some tools to really get you thinking about how you might more effectively ‘pivot’ when the next crisis hits. Hopefully it won’t be for a long time yet, but then you never know…
The world has only until 2030 to stem catastrophic climate change - but can companies be part of the solution? And, if so, how?
A report published by the UN Intergovernmental Panel on Climate Change said that “rapid, far-reaching and unprecedented changes in all aspects of society” are needed to avoid disastrous levels of global warming.
Whilst often seen as culprits, businesses can actually set a positive example.
What is ISO 14001:2015?
ISO 14001 enables companies to put in place an effective environmental management system, and is designed to address the balance between a company’s environmental impacts while maintaining profitability.
Environmental issues are growing in prominence; energy efficiency, environmental compliance, environmental impact, and carbon footprint are widely discussed. In implementing an environmental management system, companies can effectively control these issues, and ensure that they are fully compliant with environmental legislation.
They also join in the fight against climate change. Being ISO 14001 certified proves to stakeholders, customers, suppliers etc. that you are environmentally credible.
So what’s the link between ISO 14001 and climate change?
One of the major challenges that face us all is that of mitigating and adapting to climate change. Internationally, work has progressed from the formation of United Nations Convention on Climate Change (UNFCCC) to the Paris Agreement which came into force on 4 November 2016.
Under the Paris Agreement countries agree to hold the global temperature increase due to increase in greenhouse gas (GHG) emissions, to below 2 °C, aiming at 1.5 °C. This commitment is realised through a commitment at national level to reduce national GHG emissions. Additionally, countries agreed to support action to adapt to the consequences of climate change.
For users of ISO 14001 the question is 'How does ISO 14001 help organisation to mitigate and adapt to climate change?' The diagram below shows the link between key clauses in ISO 14001:2015 and climate change mitigation and adaption. It shows that users of ISO 14001 CAN address climate change challenges through their management system:
ISO 14001 deals with the need to adapt to any change in environmental conditions and hence include matters such as the need to adapt to other environmental consequences which are not due to climate change, for example loss of ecosystem services and biodiversity.
Additionally ISO 14007 and ISO 14008 help companies provide a ‘value’ and ‘determine the costs’ for the GHG they emit and to ‘determine the cost benefit’ in their company for any action they take to adapt to climate change.
So UN Sustainable Development Goals - can ISO standards help? Yes!
Eight out 17 UN SDGs directly link to the focus of ISO 14001, such as those related to clean water and sanitation; affordable and clean energy; decent work and economic growth; industry, innovation and infrastructure; responsible consumption and production; climate action; life below water; and life on land.
The UN SDGs cover both mitigation of environmental impacts and adaptation to changes in the environment – both topics are covered by ISO 14001.
Four out of 17 UN SDGs – while relating to human and social issues – are areas where ISO 14001 by, among others, reducing harmful emissions reduces the impact on human health as exemplified by the goal on zero hunger and no poverty.
Which UN SDGs and targets may be considered by a company using ISO 14001 will depend on many and diverse factors such as what the organisation does, its resources and its overall business aims.
How does ISO 14001:2015 support achievement of UN SDGs?
ISO 14001 in relation to environmental matters cover issues such as:
Protecting the environment
commit to proactive initiatives to protect the environment from harm and degradation;
protect the environment can include prevention of pollution, sustainable resource use, climate change mitigation and adaptation, protection of biodiversity and ecosystems, etc.
continual improvement focus on improving environmental performance
extend its control and influence to the environmental impacts associated with product use and end-of-life treatment or disposal
Strategic Environmental Management
increased focus on environmental management within your company’s strategic planning processes and understanding your context focus:
If you run a business and care about climate change and - more importantly - want to do something about it, then getting and effectively operating ISO 14001 is definitely for you!
Here you'll find the latest blog articles on all things compliance, particularly focussed on quality, environment, health & safety and information security.
Get a completely free, no obligation, totally tailored ISO Gap Analysis for your business...