Ask yourself the following questions about your business:
If you answered yes to any of the above, then you should really look at putting a Quality Management System in place.
The purpose of a quality management system is to ensure every time a process is performed, the same information, methods, skills and controls are used and applied in a consistent manner. If there are process issues or opportunities, this is then fed into the quality management system to ensure continuous improvement.
The fact is that ISO 9001 ticks two major boxes when it comes to choosing a QMS - it’s simple yet effective.
It’s based on a plan-do-check-act methodology and provides a process-oriented approach to reviewing the structure, responsibilities, and procedures needed to achieve effective quality management in any organisation.
The standard requires that there is a quality management system in place with certain control mechanisms that guarantee quality of provision. These can be generally broken down into:
A big part of ISO 9001:2015 is about how to plan to continually improve your organisation, and one of the areas you’ll have to look at will be an assessment of the context of your organisation.
Among other things, a context assessment is really about ‘getting under the skin’ of looking at (bluntly) ‘why people buy’ - at least, buy from you. Buying a product or service can be seen as a problem-solving or desire-satisfying process, in which customers seek to match its attributes with their needs or wants. In this process, they look at the available products or services to see which is most likely to offer the benefits they seek.
There are five elements that customers take into account when considering quality. They can be thought of as five questions:
Specification: ‘What can I expect when I buy or use the product or service?’ The specification should enable potential customers to determine whether the product is likely to meet their needs.
Conformance: ‘Will it do what I expect?’ Any shortfall in conformance to the specification or customer requirement is bound to lead to dissatisfaction.
Reliability: ‘Will it continue to do what I expect?’ Clearly, customers will value a car that always starts first time.
Delivery: ‘When can I have it?’ It is important to distinguish between two aspects of delivery: availability and dependability. Availability is about when something will be ready for a customer. Dependability is concerned with the adherence to a delivery or attendance time once that is agreed.
Cost: ‘How much do I have to pay?’ A purchase is as an exchange, in which a customer obtains goods or services by offering something of value in return. Customers will be satisfied if the price they pay, whether in money or in some other form, equates to the value they place on the goods or service.
Next week we’ll explore how we look at these help people to judge what ‘quality’ means to them…
A core but often misunderstood clause of the main ISO standards is the area of ‘Leadership’. This is a term which means different things to different people, but what does it mean in terms of management systems?
Although there are a lot of different definitions of leadership, there is a common thread that runs through many of them: the notion that leadership involves influencing others to follow a particular direction or aim for a particular goal.
This really the thread that runs through ISO - leadership is about tackling the important or core issues that face the organisation, which will usually fall into one of three categories:
Therefore Top Management (as ISO standards label senior management within an organisation) must ensure that the requirements of the management system, including the policies and objectives, are consistent with the strategic context and direction of the organisation, and that the policies and objectives are established whilst ensuring that the human and financial resources needed for implementing the management system are available.
The standards insists that Top Management should take a ‘hands-on’ approach to the management system which will be audited during interviews and whilst recording compliance to other requirements e.g. determining organisational context, policies, objectives, management review minutes, provision of resources etc.
This process view of leadership is designed to look at how leadership tackles the ‘ends’ and ‘means’ core problems which requires some knowledge of the wider environment and an understanding of how it is likely to affect the organisation.
To exercise leadership in these areas, Top Management must be prepared to keep in touch with and understand these wider events. Being a successful leader depends not just on what a person does within a group, as is suggested by ‘style’ theories of leadership, but also on what that person does outside the group. Effective networking and being a good ambassador are important leadership skills; they help the leader to understand the threats and opportunities that may face an organisation and to mobilise resources and support.
It’s against this backdrop that management system auditors will want to determine the following issues amongst the organisation’s Top Management:
The principal is fairly simple: without solid management commitment, you will not have a successful management system. This is not a commitment in words, it is the continuous and active demonstration to everyone in the organisation that the need to meet customers’ expectations is vital.
The huge impact on businesses due to the COVID-19 pandemic has forced many businesses to come up with other revenue-raising ways.
This has sparked a ‘revolution in innovation’ as businesses either deliver their products or services differently or pivot to something completely new.
But businesses don’t have to wait for the next ‘big shock’ to find out whether they have the innovative nous to survive. Adopting a management system now can ensure that moving over to new business practices becomes a seamless process.
The link between business management systems is a strong bond. ISO systems are not just about continual improvement, they are also inherently linked to innovation. And in the current- and post-COVID economy, that’s something we’re going to need more than a small slice of.
Running a business along ISO management system lines means you’re looking for improvement by involving a whole range of stakeholders, from every employee to your clients, customers, suppliers and any other key person or group you’ve identified. You’re always after their views; you’re always gathering market information; you’re a very ‘switched on’ company. You marshal your resources in a way which makes you able to look for improvement and innovation at every level.
Let’s look at the figures: the failure of new products is well documented. For example, the retail and grocery sector sees an 85% failure of new products in the first year. The computer games industry sees around 50% of its sales generated by only 10% of releases.
The failure rate in the music industry is spectacular, with approximately 80-90% of new releases being duds. In the online magazine publishing industry, a massive 80% of new publications fail to last more than 12 issues, and book publishing is a notoriously difficult nut to crack where only a tiny proportion of new releases generate any kind of profit.
Genuine business improvements and new ideas as a result of them are actually very difficult to come across. Just look at confectionary manufacturers and the way they incessantly bring out bigger/smaller/special edition versions of 60-year-old snacks. This tired old formula has now become the template of product and service development in industries right across the board. There is, of course, one fundamental flaw with this process: the vast majority of things created by it fail.
But business improvement and innovation is so important because we are facing a number of key challenges. Globalisation, technological and knowledge revolutions, cultural debate and climate change are issues that face us all at some level. They mean that as well as wanting to improve and innovate in order to improve a process or product and add value, we also have to improve and innovate because there is an overwhelming imperative to do so.
The knowledge-driven economy brings new challenges for business. Markets are becoming more global with new competitors, product lifecycles are shortening, customers are more demanding and the complexity of technology is increasing.
So while the knowledge economy represents new opportunities, certain actions are needed to support and take advantage of these developments.
In the knowledge-driven economy, improvement and innovation have become central to achievement in the business world. With this growth in importance, organisations large and small have begun to re-evaluate their products, their services, even their corporate culture in the attempt to maintain their competitiveness in the global markets of today. The more forward-thinking organisations have recognised that only through such root and branch reform can they hope to survive in the face of increasing competition.
This is why the use of ISOs is so important. A successful business today understands the value of both improvement and innovation, and it knows that while these terms may have different meanings, they are equally critical for long-term business success. Organisations that embrace both methods of increasing business value are the ones that will not only survive, but thrive in today’s competitive marketplace.
Improvements are small, incremental changes that make a business’s goods or services better in some way, whether by reducing cost, increasing value, improving safety, or enhancing quality or satisfaction. They’re typically low-cost, low-risk ideas that can be implemented by the people doing the work all day, every day. Improvements start with examining a current process and asking the question: “How can I do this better?”
The trick is to couple this with innovation, which starts with the status quo and asks: “How can I do this in a whole new way, to achieve significantly better results?” Innovative ideas are ground-breaking, far-reaching, significant changes to business processes that serve the purpose of improving the organisation in wide swathes. But you have to have your business processes functioning properly in the first place.
Food for thought before the next economic shock rumbles inevitably towards us.
“Should I get ISO certification?” - this is a question only you can answer, and really only when you’ve answer the question “why do I need ISO certification”?
It might be that you need it because a client has said it won’t deal with you until you do; or you want to get onto a supply chain list; or your competitors have it so you need to get it to compete.
While there’s nothing at all wrong with any of these reasons, the trouble is they drive a ‘tick box’ industry when it comes to certification. Certification just becomes an end in itself, and simply a side project that achieves certification by ticking off a series of actions in preparation for an audit then ignored as soon as the auditor walks back out of the door and other priorities take over.
Then its back to battling through self-inflicted mistakes and complaints for another 11 months before starting to look at fabricating evidence to show the auditor again in a month’s time. This is an all-too-familiar story.
The main reason you should want ISO certification is the reason they were developed in the first place - to improve your organisation.
The quality standard - ISO 9001 - is used by over one million companies across the world and is revered by large corporations and small firms alike. If it’s applied properly and diligently, then organisations reap the benefits over time.
The only problem with it is that it’s a seriously underused system, mainly because of all of the unnecessary bureaucracy, costs and generally poor implementation which have become associated with the certification of them. But this does not have to be the case. If done correctly it can be, simply put, the most effective way of improving your business.
If you strip away all of the rigmarole surrounding certification, then it can be the level-best way to continually improve your business from your customer’s point of view.
So when trying to gauge if it’s worth it, then this is a really important thing to frame it against.
Due to the nature of ISOs, it can be difficult to work out whether it’s cost-effective - many of the costs fall into the ‘it depends’ category (it depends on your company size, sector, risks, etc) and the benefits will depend on many things so can only be estimated.
“Is ISO worth it?” might be one of those million dollar questions, but in reality it’s more of a “work in, work out” answer. The benefits that are gained will vary greatly on the ISO standard that you implement and the amount of effort you put into improving the management system.
Some of the benefits are not as obvious as they can be harder to quantify. For example, when implementing ISO 9001 we would be looking at your processes and identifying streamlining opportunities, often reducing time and paperwork. Unless you are doing time and motion studies then it will be hard to obtain the cost benefits from these improvements. But you can certainly estimate how much time and money you have saved and see the value from that perspective.
The more focus you place on process improvements the more benefit you will gain - the ISO 9001 standard, as we’ve discussed, is all about continual improvement.
The ISO 14001 standard on the other hand could be easier to justify from a money perspective as you will need to monitor your waste and utilities usages. It is very easy to save money from both with this environmental standard. It is not uncommon for businesses to save at least 10% year-on-year through improvements and just focusing on those areas such as energy reductions.
It’s possibly harder to demonstrate cost benefits with the ISO 45001 standard but there are some businesses that will see the value of this more than others, especially when you analyse time off work through sickness or accidents. If you reduce these and improve the wellbeing of personnel then this will return monetary savings.
Likewise, ISO 27001 enables organisations to avoid the potentially devastating financial losses caused by data breaches. The global average cost of a data breach has skyrocketed to £3.13 million (a 6.4% increase from 2017), according to the Ponemon Institute.
The standard is also designed to ensure the selection of adequate and proportionate security controls that help to protect information in line with increasingly rigid regulatory requirements such as the EU General Data Protection Regulation (GDPR) and other associated laws.
When you’re looking at costs there’s a lot to take into account, such as implementation costs, employee hours costs and Certification Body costs (IF you want to be certified - you don’t HAVE to be certified).
The Ideas Distillery’s spent a lot time putting together a rough-and-ready spreadsheet calculator - our Cost Benefit Analysis (CBA) tool - to address the main areas of installing an ISO management system, including becoming certified.
The idea is, at the end of the process, you can see the overall costs and compare these with the overall benefits, in the context of both one-off and ongoing costs and benefits, and how ISOs might benefit you (or not) in the long term.
The downloadable CBA tool and accompanying guides (there’s one for ISO 9001, 14001 and 45001 then a separate one for ISO 27001) will quickly get you underway allowing you to work out a good indication of how much your chosen path is going to cost. Just click here for our CBA tool and guides.
The story of the COVID-19 pandemic is far from over. But even though it will, in all probability, end, the ‘new normal’ it has been responsible for could last for months, years, or indefinitely. What is beyond doubt, however, is that businesses will have to start planning for the affects of pandemics in a way they’ve never done before.
You won’t have failed to notice that, although there’s been some dramatic losers over the past few months (think hospitality, airlines, high street retail), there’s also been some big winners (think technology companies, especially videoconferencing ones, online shops and supermarkets, healthcare suppliers).
At The Ideas Distillery we help companies put in place management systems such as ISO 9001 (quality), ISO 14001 (environment), ISO 45001 (health and safety) and ISO 27001 (information security). Even though these are quite differing and disparate disciplines, all four have one important thing in common.
They are all classed as ‘risk based’ standards, which is to say that they all require you to assess the risks to your business and build your system accordingly. Recognising risk and putting measures in place to control and mitigate these risks are central tenets.
But what is most interesting about this risk assessment process is that it also, simultaneously, gets you to consider any opportunities associated with the risk.
You see, ISO management systems consider that risks also have a positive side - opportunities. That’s because within every risk lies an opportunity.
So when lockdown made everyone stay indoors, the watch-word for business was ‘pivot’ - how could a business adjust what it did in normal times to fulfil a need in, well, frankly, very abnormal times. Some did it successfully, others less so - either the perceived need wasn’t there, or the business didn’t have the necessary infrastructure, funding, competence, (fill your own diagnosis in here), etc to carry it off.
But, of course, if they had a properly-research plan with the necessary contingencies that they could have put into action almost immediately, using a finely-honed management system, then things might have been different.
I know this may sound like sage advice once the horse has bolted and run far away over the hills, but a pandemic is just one business risk that has the ability to close even the best-run company overnight (indeed a pandemic hasn’t been a far-fetched scenario in business risk circles for quite a few years given the swine flu, bird flu and SARS scares of recent years).
Let’s just take a look at two immediate risks in the wake of the pandemic (which is, of course, still going on):
Both are clearly the worst type of business risk. But are there opportunities? Can you be a market disruptor? Can you make use of existing current resources - your people and their skills, any intellectual property, systems and technology, or capital you might have?
Just some tips - a quick scan of trends using Google finds that anything to do with wellbeing - from vitamin supplements to exercise equipment - is big business as people start to value their health. Distance learning (or e-learning) is also becoming a juggernaut!
But the big takeaway is to take a risk-based approach to your business planning. There’s still much that can happen (don’t forget there were many businesses still recovering from flooding right before the COVID outbreak), and we’re still living in a climate-changing world with resources getting ever-scarcer.
You could do much worse than to look at adopting an ISO standard and using some tools to really get you thinking about how you might more effectively ‘pivot’ when the next crisis hits. Hopefully it won’t be for a long time yet, but then you never know…
Here you'll find the latest blog articles on all things compliance, particularly focussed on quality, environment, health & safety and information security.
Get a completely free, no obligation, totally tailored ISO Gap Analysis for your business...