The International Organization for Standardization defines and oversees a vast catalogue of ‘ISO standards’. The individual standards are internationally recognised as a common and measurable way of conducting a function, so that no matter where a function takes place, it should achieve a safer, more consistent end result.
Achieving certification can yield enormous benefits for organisations, from several aspects, including improved outputs, greater efficiency and managing risk. And, financially, where obtaining relevant ISO certification can be a key factor in applying or tendering for lucrative contracts with other organisations.
The cost and effort to obtain and retain an ISO standard certification can be far exceeded by the financial benefits.
ISO recognition is therefore, highly prized. But, the task list of preparing for or sustaining certification is complex and resource-hungry, and can take many months to realise a successful outcome.
This is where we come in.
How we can help you:
Our ISO specialist team provides direct support to organisations at all stages of preparing and sustaining ISO certification. Recently, this has included pivotal support with the following standards:
- ISO27001; information security management
- ISO9001; quality systems
- ISO22301; business continuity management
- ISO14001; environmental systems
What are the stages of achieving and maintaining ISO certification?
Milestone: Stage One Audit
The first significant milestone within the ISO certification process is to undertake a Stage One Audit, which is sometimes referred to as an ‘assessment’. It’s an opportunity for the independent, approved auditor to measure the compliance and management of your organisation’s proposed scope of services and the targets the organisation has set within its ‘management system’.
A ‘management system’ is a set of policies, procedures and processes that support and govern an organisation to achieve the objectives against which it is aligning itself against an ISO standard.
The outcome of the assessment includes a report from the auditor, which will describe aspects requiring of improvement within the organisation’s management system necessary to be ready for a Stage Two Audit.
Milestone: Stage Two Audit
The Stage Two Audit might be conducted within 3-6 months following the Stage One Audit.
This includes a deep drill into the organisation’s relevant documents, conducting interviews and measuring performance of the controls intended to meet the objectives.
In a nutshell, the Stage Two Audit presents one of two outcomes:
- Recommendation for ISO certification, or,
- Spotlighting areas that require further attention to be able to be audited again in the future in pursuance of certification.
Ongoing reviews and monitoring: Surveillance Audits
ISO certified organisations must strive for continual improvement. To measure and monitor this, annual surveillance audits are conducted annually, by an auditor.
During the surveillance audit, all the elements covered in the original Stage Two Audit are assessed again, to verify that all of the controls are operating consistently and as specified, with the correct outcomes being achieved.
An ISO certificate is valid for three years and is subject to successful outcomes in the Annual Surveillance Audits. A Recertification Audit is conducted at the end of the third year and is as penetrating and encompassing as the Stage Two Audit.
The Rectification Audit trails and measures your organisation’s relevant controls and systems, from end to end, and examines evidence of pursuance of continual improvement.
The auditor will provide a report and feedback, with two possible outcomes:
- Recommendation for ISO certification, or,
- Spotlighting areas that require further attention or correction which must be resolved so that another three years of certification might be awarded.
Is it necessary to get help?
In keeping with its standing, commercial value, and international recognition, ISO certification is a huge undertaking.
Resource, perseverance and especially time, are critical factors that need to be invested in order to be successful with ISO.
Because of the complexity and pervasiveness of ISO, working towards or sustaining certification is almost always going to need to be overseen by very senior members of an organisation’s team. Buy-in from the Board is essential; without drive and governance at that level, organisations simply will not achieve and then sustain ISO certification.
As often as not, the senior persons tasked with obtaining or sustaining ISO certification also have ‘day jobs’ so that the many hours of work required for ISO can add enormous pressure to their already busy schedules. In addition, senior individuals who might also earn fees for the organisation will be taken away from fee earning, for extended periods for many weeks if not months, in order to prepare for ISO.
It’s not surprising then, that some organisations start on the road to ISO certification, but do not complete the journey, perhaps wasting hundreds of hours of time that could otherwise have been spent fee earning.
An alternative route therefore, is to obtain help from an external organisation that has the expertise, time and resource to sit alongside your own senior team, to pave the way towards ISO certification. Organisations will still need to invest time and effort on the journey, but with external help you will know that it is being invested efficiently and effectively, and so that you can measure progress.
A testimonial from one of our clients
From Ed Husband, Partner and COLP at law firm Veale Wasbrough Vizards LLP
What did Databasix do that was especially helpful to the firm in planning/designing the structure and scheduling of the Project so as to make it manageable?
“Databasix were involved in the project from an early stage and applied their expertise and experience to ensure we were ultimately able to meet a challenging project timetable. They did this by leading the project where appropriate whilst also working alongside and encouraging the VWV team.”
How did Databasix support, pivot and guide the relevant teams to navigate the challenges of the Project?
“Databasix showed a real understanding of the competing pressures on the lawyers and management team involved in the project at VWV. They showed patience when those involved prioritised other things, while ensuring that key deadlines were met. They did this by communicating clearly, working closely on a day to day basis with the team and ensuring that key dates were highlighted in advance and any concerns escalated at an early stage.”
What were the benefits of working with Databasix; were there any particular highlights?
“Databasix have a wealth of experience and were critical in achieving our accreditations on time. They were pragmatic in highlighting what we already had in place and what we needed to improve. They were able to introduce us to Paul Hill (who we now employ) and Cathy Brode showed patience and good humour throughout.”
How does the Databasix ISO Support service work?
We provide support and guidance at every stage of your ISO journey. We’re on your side.
Some of our client organisations are already partway along their ISO journey by the time they speak with us. Others are at the very outset or contemplating commencing that journey. And, others have perhaps been through audits and either need support to maintain their certification or want to expand upon their existing ISO portfolio.
The Databasix team can be brought in at any time and at any stage, and in all cases the very first thing we do is to conduct a review of your organisation’s current position versus the intended ISO mark. The outcome of the review enables us to chart what needs to be done and critically, to be able to discuss the situation with you so that a plan and schedule can be put in place that you will recognise and feel comfortable with in pursuance of achieving ISO accreditation.
The importance of obtaining or considering support as early as possible on the pathway towards ISO certification cannot be overestimated. The following ‘menu’ of tasks is indicative of the ISO support work that we conduct for client organisations; which items on the menu are adopted by our client organisations typically depends upon how far along the journey they might be.
These items are in approximate chronological order for an organisation that is starting almost from scratch towards ISO:
- Consultation to support consideration as to the application and integration of ISO as part of the organisation’s strategy.
- Gap analysis and verification of current status, including controls, documents and teams.
- Preparation of a formal project plan and timeline, including defining tasks and items/controls to be prepared, interdependencies, ownerships, viewpoints and Audit
- Support setting up project teams in the client organisation to tackle specific tasks to support the plan and timeline.
- Consultation to select an appropriate auditing/assessing body.
- Consultation to select an appropriate information management system.
- Drafting of documents, policies, forms, risk assessments and other materials add assets.
- Conducting/chairing working groups.
- Interim progress checking and reporting to the organisation/it’s Board.
- Mock audits in preparation for the Stage One Audit.
- Support with any remedial or preparatory items spotlighted by the auditor during the Stage One Audit, in preparation for the Stage Two Audit.
- Support with any remedial work required by the auditor following the Stage Two Audit.
- (Post-ISO certificate award) onward and ongoing advice and monitoring to support the organisation with its controls, management and monitoring as is required to sustain ISO certification and in preparation for future Surveillance Audits and Rectification Audits.
Why work with Databasix on your ISO project?
- Our team has a wealth of auditing and auditing support experience, spanning literally decades.
- In addition to ISO, this includes Lexcel, SQM, GQM Investors in People, CQS and WIQS, to name but a few.
- Our team also consults on key regulation, including the GDPR and anti-money-laundering, as well as other industry/sector regulation.
- Our clients are from a range of sectors, including: national/international law firms, the franchise sector, manufacturing, healthcare/well-being organisations and educational establishments/providers.
- In a nutshell, we understand as to how different standards and their associated controls align with one another, across different sectors, and with a keen eye for supporting strategy, commercial interests and operational growth/enhancement.
In addition, and this is something that we are very proud of, you will always work with members of our senior team.
- We will match the needs of your organisation with the appropriate skills and experience from within our team, including our directors and specialists.
- In all cases, at least one of our directors will be actively oversee your project, including at least bi-weekly update meetings with your own senior project team.
- And, at least one of our Lead Consultants will conduct the day-to-day work. And, they will monitor the project plan, to ensure that reporting is timely and gaps or concerns are rapidly addressed.
Contact us today for a conversation about your ISO project.