Questions around ISO

ISO is an abbreviation of the International Standards Organisation.  As their name suggests it is an international organisation, based in Geneva, who are responsible for coordinating the setting of standards globally.

Various ISO standards committees exists with representatives from standards bodies throughout the world.  In the UK typically, although not exclusively, the British Standards Institute (BSi).  Each technical committee focuses on a different area and there are many more product standards than there are management standards.

The archetypal management standards are:

• ISO 9001 – quality management systems
• ISO 14001 – environmental management systems
• ISO 27001 – information security management systems
• ISO 45001 – health and safety management systems

… But there are many others.

Possibly, one of the oddest standards is BS ISO 3103 originally published in 1980 and updated in 2019.  This standard sets out how to make a cup of tea!  It defines the size, material and shape of the teapot, the proportion of water, the time of infusion and the ratio of milk. And should you be interested in a copy it’s available at the BSI shop!

The desire, and indeed the need, to make things consistently and repeatably has been around for centuries.  It can almost certainly be traced back to the Egyptians and the making of the pyramids and it can certainly be traced back to Sir Mark Brunel, father to the more famous Isambard Kingdom Brunel, when he was standardising how his craftsmen made winches and pulleys for the Royal Navy.

More modern applications arose with the first world war when women were first drafted into factories to make munitions. Bombs were going off in the factories, rather than on the front line, so we needed to be confident that the munitions were safe to produce and of the correct size and specification to fit the weapons they were being made for!

After the war there was a meeting in London in 1946 at which delegates from 25 countries and 67 technical committees met to create a new International Standards Organisation.  The goal was to ensure products were safe, reliable and of good quality.  The organisation took off in earnest the following year and it’s first publication was ISO/R 1 published in 1951 which set out a “Standard reference temperature for the specification of geometrical and dimensional properties”.  After many revisions the standard still exists today as ISO 1:2022.

The development of modern standards were then driven by the military and manufacturing sectors who pioneered a range of methods for making things consistently and repeatedly, and for then improving them.  This was originally undertaken via various defence and manufacturing standards, but by 1979 the need for a standard with wider remit was required and a range of manufacturing and service organisations, including organisations like Which? The Consumer Association asked the UK’s British Standards Institute to write a standard for a quality company.   BS 5750:1979 was the result.

Less than ten years later in 1987, the International Organization for Standardization (ISO) based its ISO 9000 family of standards on BS 5750. These standards have subsequently been adopted throughout Europe and internationally. 

ISO is now based in Geneva with members from 167 countries and there are over 3,000 technical committees responsible for developing a vast range standards that assist with the free flow of trade the world over.

Incidentally, the name ISO is derived from the Greek word “isos,” meaning equal.

The drive to define robust and consistent international standards is intimately linked to the growth in international trade. As products and services become more international there is a need to ensure parity between goods and services produced by different companies and countries.

When products are made or services delivered to different standards there is a real risk that a items produced in one country won’t meet the standards in another. This raises the risk of buying goods from suppliers around the world and therefore hinders trade.

A management system is a set of policies, processes, procedures, work instructions and guidance notes used by a company to ensure that it can fulfil the activities necessary to achieve its objectives.

As might be expected, these objectives will cover a range of disciplines, obviously, financial success but also operational success, risk management, product and service delivery, product quality, client relationships, safe and environmentally sound operations and compliance with legislative and regulatory requirements.  These are just a few of the issues covered by management systems.

Different management systems are focused on different disciplines within the organisation, however, they can easily be combined to create an integrated management system.  The most common management system standards, potentially applicable to any organisation or company, include:

• ISO 9001 which focuses on quality and is essentially aimed at improving organisational performance
• ISO 14001 that seeks to help organisations to reduce their environmental footprint
• ISO 27001 is a framework for ensuring both hard copy and digital information remains confidential, accessible and secure
• ISO 45001 which concentrates on ensuring the safety, health and well-being of an organisations people, customers and, where relevant, subcontractors

The United Kingdom Accreditation Service (UKAS) is the national accreditation body for the United Kingdom.  UKAS is the body appointed by government to assess the organisations that then provide certification, testing, inspection and calibration services to companies in the UK.

UKAS are the only body in the UK that are approved by the UK Government to do this.

However, in order to create the desired level playing field across the world there are “mutual recognition agreements” between different national governments.  So, sometimes companies may have their accredited certification body endorsed by a foreign equivalent of UKAS.

These foreign equivalents include:

• ANSI – ANSI National Accreditation body – America
• DAkkS – Germany
• JAB – Japan
• JAS-ANZ – Australia & New Zealand

At time of writing, there are 77 members of the international accreditation body club where the aim is to harmonise accreditation and conformity assessment activities around the globe thereby removing technical barriers to trade and improving global competitiveness.

Registration to one or more of these formal management systems is increasingly being made mandatory by major blue-chip companies, local and central government departments and indeed trade bodies.   Major companies and organisations are increasingly insisting that their suppliers have a UKAS accredited ISO certification when they are putting out tenders.

However, only those certification bodies rigorously and independently assessed by UKAS can award the coveted ‘tick and crown’ denoting both “government” and “approval”.

The non-UKAS equivalent simply won’t cut it.

In reality anyone can provide an ISO Certificate, whilst UKAS and others may legitimately object, it is not illegal for anyone to do so!  However, as noted above, it is only those certification bodies rigorously and independently assessed by UKAS that can award the internationally respected ‘tick and crown’.

Some of the non-accredited bodies would argue that they are endorsed by bodies other than UKAS, but if that is the case (we are not convinced it is!) there is rarely the same degree of rigour applied to the accreditation process as there would be with a UKAS assessment.

The companies that are able to legitimately award ISO certificates are “accredited” by UKAS, The United Kingdom Accreditation Service.

Companies that hold registration to a particular ISO standard are “registered” or “certified”.  As such, a company with an ISO badge from a UKAS recognised accreditation company would be “certified by a UKAS accredited company”.

There are many benefits to certification and specific benefits would depend on the standard to which the company is registered.  And whilst the standards were originally focused on improving the efficiency and effectiveness of internal company processes, many companies now find themselves excluded from government and blue chip tenders and commercial opportunities as registration to these standards is used as a barrier to entry.  In some instances Trade Associations are also making registration a condition of membership.

In an attempt to quantify the benefits of ISO registration there have been a number of studies undertaken over the years; some of the more prestigious and notable studies have been undertaken by; Manchester Business School, MORI and Research International all of which have identified, to a greater or lesser extent, the following benefits:

Customers and users benefit by receiving the products and services that:

• Meet their requirements
• Are dependable and reliable
• Are available when needed
• Are maintainable

People in the organisation benefit from:

• Improved visibility of objectives and targets
• Better working conditions
• Increased job satisfaction and job security
• Improved morale
• Improved health and safety

The company, owners and investors benefit from:

• Increased access to more commercial opportunities – better chances of winning new contracts and clients
• Increased efficiency and consistency in business practises
• Reduced waste and costs
• Increased return on investment
• Improved operational results
• Increased market share
• Better management control
• Reduced product or service problems
• Increased profits

Society benefits through:

• A higher tax take and better public services – improved company efficiency and effectiveness results in improved profits
• Confidence in the organisations ability to fulfil its legal and regulatory requirements
• Improved health and safety – reduced accidents and incidents
• Reduced environmental impact

In our view, regardless of the focus of the standard, any management system initiative should start with the aim of continually improving company processes and practises.

As might be expected, UKAS publish a full list of their accredited certification agencies.

There are half a dozen large certification bodies providing a fully comprehensive service, some of which include:

• British Standards Institute
• Bureau Veritas Group
• Det Norske Veritas
• Lloyds Register of Quality Assurance
• National Quality Assurance
• SGS
• TUV Nord

All of these companies, and others, will offer the full range of ISO management systems certification.

However, there are also a small number of highly specific certification bodies which may also be relevant depending on your company’s activities, for instance:

• Lift Cert
• The Insulation Assurance Authority
• Water Research Center

Neither of the above lists is exhaustive!

The benefits for developing a management system are many but, in our experience, the key drivers arise from senior managers and leaders of companies wanting to:

• Codify, and improve, the way in which their activities are undertaken; to improve the way in which their work works – which is what these standards were originally invented for
• Comply with customer requirements; increasingly, as a result of the benefits obtained, government departments and blue chip companies are making registration a condition of doing business
• Comply with trade body or other legislative requirements

The short answer is you needn’t hire an ISO consultant.  Certainly, the first time many of us embarked on the development of a system for the first time, working for others, before we became consultants, we didn’t have one!  And I think each of us would agree it would have been better if we had!

A few of the reasons you might consider using an ISO consultant include:

• We’ve been there, done it and got the tee shirt! This means that it’s likely that the implementation process will be significantly quicker and easier.  We have previous experience
• We’ll build on what you’ve got. This means we would seek first to understand your existing processes and practises and build on those.
• We’ll use your terms and terminology. This means we provide a filter between some of the standards terms and terminology and your own
• We’ll keep the systems simple. This means that many new to ISO standards have a tendency to unnecessarily overcomplicate and over document systems and processes

In short, using a consultant will typically deliver a simpler, speedier, easier and indeed better result.

We can undertake as little or as much of the ISO work as you want us to, for the most part there are two roles we typically adopt:

• Hands on ISO consultant
• Facilitative ISO consultant

Given that most people in most organisations are already busy undertaking their “day job”, the most popular approach is by far the “hands on” approach, where we effectively become one of your team.  We ‘interview’ your people and then create the required documents and systems for you, using your terms and terminology and building the system around your existing processes and practises.

The facilitative approach is where we would act as “guide”, facilitating the implementation of the management system usually through a series of workshops where a team of your people would be “coached” in the various requirements and then tasked with creating the relevant documentation and systems themselves.

With either approach we would be looking at challenging, in the nicest possible way, your existing processes and practises and in doing so seeking to improve processes and practises as we progress through the initiative.

We think there are a number of reasons you might use us and they have been set out in the tables below:

All of the following are “very rough” budget prices and can be confirmed with the completion of the questionnaire, and a short discussion, but we’d suggest consultancy and certification costs for the three most common standards; 9001, 14001, 27001 would, per standard, be as follows for different size companies:


Small company

• Consultancy costs £4-£10k
• Certification costs £1-2k

Medium company

• Consultancy costs £6-£14k
• Certification costs £2-3k

Large company

• Consultancy costs £10-£20k
• Certification costs £4-5k

Obviously, there is an economy of scale given more than one standard is implemented at the same time. So, again a general rule would be if you did all three of the common standards together the likelihood is you’d only pay the price of two.

Finally, some of the more specialist standards are much less easy to provide a budget price for as a result if you could complete the questionnaire we’d be happy to call you back and have a chat.

There are a number of excellent competitors, in fact, we have a list of about 200!  The majority of these companies are one man bands and usually operate within a specific geographic region.

A few of the good ones, who if you don’t use us, we would feel very happy to recommend include:

• Avitar
• Jeff Ayres & Associates
• John Jeffery & Associates
• M-Tek UK Ltd

The organisation responsible for ensuring that only bone fide assessment agencies award legitimate certificates is UKAS (United Kingdom Accreditation Service).  Their logo sits alongside the logo of your chosen assessment agency advertising the fact that you are registered to the standard by a UKAS accredited certification agency.

• Stage 1 of the assessment reviews the documented system to ensure that all the relevant parts of the standard have been fully covered
• Stage 2 of the assessment, and the ongoing surveillance visits, reviews your system against the practises employed and looks at examples of the activities you undertake

Each of the above stages will result in a report which details:

• Deviations from your documented practises or the standard; what the assessors would call a non-conformance
• Things to think about, these might be ideas for changes or improvements; what the assessors would call observations or opportunities for improvements

In turn, the report will have one of three outcomes:

• Passed clean sheet of paper no non-conformances no observations – happy days! (this does happen, but as you might imagine, very rarely)
• Major non-conformance where a critical item of the standard has been missed in the documentation or is not being complied with in practise. (This also does happen, but has never happened with any of our consultants.)

  
  These are the two extremes

• More usually the outcome is “recommended for registration”. Which means there are few minor issues to address before the certificate is awarded

In most instances any issues can be addressed by post and once the invoice has been paid the certificate will be sent!  At which point, you will be a registered company to your chosen standard or standards.

Congratulations! Well done! It’s party time!

At one successful assessment many years ago, the assessor turned to the MD of the company and said “So, the 100 yards dash is over … let the marathon begin”.

We think this comment beautifully encapsulates the idea that any management system should be a tool used to continually improve and ratchet up performance over time.  Forever.  So, after certification you need then need to:

• Continue to plan, set and (ideally) meet your objectives
• Improve your systems and processes
• Check regularly that:
  • Things are working as you want them to (processes are being undertaken as you expect them to be)
  • You are improving performance over time
    • This is a process that goes by the horrible name of “auditing”
  • Have your chosen certification body visit you, typically annually, to check that you are on the right track

Should you wish us to, we can also provide a service where we can effectively become your quality, environmental, health and safety or information security manager.