When future history books are written, the pandemic of 2020 may well go down as the time when the way we live and work changed fundamentally.
The workplace of the future could look markedly different from the ones we were using in 2019, from flexible working spaces to plasma ventilation systems, body temperature sensors, desk screens, and the many other things which may become commonplace.
Undoubtedly many things will change because they will have to, in order to remain relevant and useful to our current plight. And ISO standards will be no different.
There are current elements of ISO standards which have already become more prominent and important to the organisations that use them. Hopefully this will also spur others to see the value they can bring in a Covid and (hopefully, and soon) post-Covid world.
Our first example will be ISO 9001, which is the standard that deals with the management of quality systems, and its focus on disaster recovery and business continuity.
With this standard you have to look at your risks and document them, along with the controls you’ll use to minimise any adverse affects this would have. Typical risks have traditionally been identified as extreme weather events affecting property, transport and power supplies (which can also have an impact on global supply chains); cyber-attacks and disruption to IT systems; changes to regulations and the political landscape; an loss of customer confidence due to negative publicity.
The idea is that you’ll manage disruption and limit the effects of these events to ensure business gets back to normal as quickly as possible.
Now, we’ve seen many a Business Continuity Plan that has also listed ‘pandemic’ as a scenario, but one that has probably never been envisaged as coming to pass. However, this is without doubt going to change, and how a business weathers a ‘virus event’ will become a hot topic for discussion across management teams up and down the country for years to come.
Another big area of significance will be attached to ISO 45001 - the standard addressing health & safety - and how assessing the risk of Covid in the workplace will become a primary concern.
In the UK, this falls under general management of health and safety in the workplace regulations, and all employers have to take reasonable steps to protect workers and others from the virus. A Covid-19 risk assessment is seen as a key part of this.
Guidance from the Health and Safety Executive, itself using guidance from Public Health England, drew up a series of issues an employers need to take into account when undertaking this assessment, such as identifying what work activity or situations might cause transmission of the virus; who could be at risk; how likely it was that someone could be exposed; and how they would act to remove the activity or situation, or if this wasn’t possible, control the risk.
In addition, some groups of people could be at more risk of being infected and/or an adverse outcome if infected, and this also need to be considered in the risk assessment.
So having a properly set up health & safety management system with a defined way of carrying out risk assessment using all of the available guidance definitely made life easier for organisations that had the ISO 45001 standard, and will continue to do so.
And finally, a nod to the importance of the ISO 27001 information security standard - organisations that had an information security management system in place found it so much easier to handle setting up staff working from home.
Organisations with the standard already had a suite of policies for working from home, along with risk assessments already completed, controls in place to combat unauthorised remote access, logging access to networks traced in the event of an incident, along with processes in place to close down any incidents as quickly as possible.
So as we change our ways of working, many elements of the most popular ISO standards are there to make it as easy as possible.
And the reason? Because they are all ‘risk-based’ standards. This means that they help you to focus your resources toward things that present a higher risk to you and your customers and clients. And these days, that means a lot.
Millions of people around the world have lost their jobs amid the current Covid-19 crisis - it is a crisis within a crisis. The long-term economic impact is yet unknown but will surely be deep.
What is not in doubt is that the economic strain on companies of all sizes across the UK and the rest of the world will be here for the foreseeable future. Manufacturers have closed plants, stores are shut, and consumer demand has collapsed in many sectors.
Research by the Institute for Social and Economic Research at the University of Essex has found that more than 6.5 million jobs could be lost due to the economic fallout from the UK’s coronavirus lockdown, about a quarter of the UK’s total jobs.
A simply staggering number of companies have plunged into administration, from stalwart high street brands to major travel agents, as well as a whole raft of businesses in sectors such as construction. The true toll is only just beginning to be understood.
So it’s no surprise that companies which are still managing to keep their heads above water will be starting to look at deep cost-cutting measures in the short- and medium-term. With profit centres being hit like never before, cost centres such as ISO compliance will undoubtedly have fewer resources until the economy turns around.
What does this mean for the ISO compliance functions of companies that are struggling?
In practical terms, they will have to make risk-based decisions about how to allocate the limited resources that they have. And one important thing to think about is how you can use the expertise of companies such as The Ideas Distillery to outsource your compliance tasks cost-effectively with little overhead.
Certification Bodies have recognised, for the moment at least, that the world has changed significantly. Just about all have turned to ‘remote auditing’ as a way to still service clients while still respecting the lockdown. There has also been the option of postponing for up to six months in many circumstances, although this option is now starting to wind down.
Any company’s priority will simply be to put themselves in a position to survive the crisis. So when dealing with budget constraints and limited compliance resources, flexibility and creativity will be key.
For our part, when we are helping businesses in these scenarios, we always assess risk and conduct a review with the aim of identifying core ISO compliance requirements. This often entails a historic review of internal procedures and controls to identify past activities or other problems to determine where the biggest risks reside.
External industry risks such as enforcement actions brought against competitors should be considered as well, along with identifying low-risk areas where there have been few incidents or problems.
But more significantly, we help companies to determine if new, immediate significant risks have arisen due to the pandemic. Another emerging risk may exist in a company’s sales department, for example, perhaps due to the pressures of bringing in new business. This may be an area that leads to an increase in customer complaints as things are missed.
The crisis may have caused companies to find new suppliers that have not been fully vetted due to time pressures. Likewise, the pandemic may have caused substantial risks to employee safety associated with reopening businesses. This emerging risk will likely call for the development of new policies and procedures that will require close oversight by senior management.
For more information - and to see how we can help - just get in touch with us in any number of ways using on our Contact page.
When a company is said to be ISO 9001 certified, it means that the company has passed a physical certification audit which ensures the quality management of that business.
The major benefits which companies hold ISO 9001:2015 certification are:
The key things that you'll need to look at - things that we can help you with - would be:
Because of our knowledge, skills and experience, we can guide you and shorten the whole process, and make your quality system work more effectively and efficiently.
We'll save you time and money and make sure you avoid the most common mistakes. We’ll also make sure you get a system that suits you, not just impose something on you ‘to get ISO 9001 certified’.
A quality car, education, prison service or holiday will mean something different according to whether it dates from 1950, 2000 or 2050. Likewise, it will be perceived differently in New Delhi, Glasgow and Los Angeles.
Quality is a subjective term whose meaning depends on the expectations people have of a service or product. But the important thing is to consider quality in terms of customers' expectations, recognising that customers can include those who pay for, use or otherwise benefit from a service or product.
If we accept that the purpose of most organisations is to provide services and/or products that satisfy people's expectations of them, then quality is central to the work of all staff, especially managers.
So, the management of quality starts with the customers. If they are satisfied, or better still delighted, they will come back for more, or at least feel that their needs have been met. In either case they are likely to talk about their experience and recommend the supplying organisation to others.
If they are dissatisfied, they will not recommend it, or will disparage it. It is not enough for organisations to identify what factors, behaviours and activities will create value for their customers - they then have to deliver their products or services in a way that is considered acceptable by the customers. In other words, organisations have to develop quality as an integral part of the way they carry out their business.
Over the last 60 years quality has emerged as a dominant theme in management thinking, and many organisations think seriously about how to ensure that all aspects of their processes and systems are designed and managed to deliver high quality to their customers. This is why the ISO 9001 standard is so important.
Quality has become a powerful tool in the marketing arsenals of many companies, which have understood that the benefits resulting from quality are linked to a particular service, product or group of products.
It has become almost a cliché that quality is important to customers and therefore to organisations and their staff. Quality management is about more than identifying those factors, behaviours and activities that make customers happy. It needs to recognise the relation between quality and customer orientation.
What quality means to an organisation is important if you are to make informed and credible interventions in the quality processes in your organisation.
High-quality products and services obviously benefit the customers who pay for, consume or use them, but they also have advantages for the organisation that produces them. High quality can have a twofold benefit for the organisation: it can increase revenue and decrease costs.
A reputation for high quality can help a company attract and retain customers, thus generating a higher volume of sales.
High quality may also enable it to spend less on advertising, as there is nothing more powerful than recommendations from satisfied customers. However, customers are more likely to pass on negative sentiments than positive ones - thus poor quality leads to lower sales.
Whereas customers who buy on the basis of quality are less likely to be sensitive to prices for products that they perceive to be of higher quality. It is often remarked that quality is remembered long after the price is forgotten.
Here you'll find the latest blog articles on all things compliance, particularly focussed on quality, environment, health & safety and information security.
Get a completely free, no obligation, totally tailored ISO Gap Analysis for your business...