Practical ISO implementation

As some of you know I used make diamond tools for a living.  This involved mixing not very sparkly diamonds in even less sparkly clay.  We would then make the mixture very hot and squeeze it very hard to make an “insert”.  And of course, we didn’t want our finger burnt so, we let the insert cool down before popping it out of the mould and attaching it with some quite strong glue to the relevant steel blank.

So, the key steps in the process were:


At this time the (9001) standard had something like 20 “clauses” each with a number of sub clauses.

And, rather foolishly, we thought the easiest way to “get ISO” was to squeeze our business into the standard, so we wrote 20 procedures each of which related directly to each of the clauses.  Job Done. Now the time these clauses were called things like:

  • Product identification and traceability
  • Process control
  • Contract review


Horrible unintelligible clause names.  We struggled long and hard to understand what these arcane phrases meant.  We knew exactly what to do to make our tools and make them well, but we were trying to force our lovely little company into an Ill-fitting standard.

The result was a jumbled mess, absolutely no good to man nor beast:

What are the lessons learnt?

  • You fit the standard into your business (not the other way round)
  • You use your terms and terminology.

So, how might you do this?  We think there are five key steps.

  1. Education and planning


This is about understanding why you’re embarking on the ISO journey and there are usually two reasons:

  • You want to smarten things up internally to make your products and processes and practises smarter and slicker; this what the standard was actually invented for.
  • You want to use the standard as a marketing tool, perhaps to help gain access to contracts and customers that would otherwise be sitting behind closed doors.


The above being the case there are two, distinct and not mutually exclusive, ways to think about getting a return on your ISO investment:

  • Reducing the “waste” in your organisation – when I was making diamond tools we made a profit of about 8%. The cost of scrap and re-work was an astonishing 21.9%!  Our scrap rate had a value of nearly three times our profitability!  Astonishing!
  • Access to new contracts if you’re a small firm, say 30-50 staff, and you think you might just win a new contract or customer worth say £100k, you’ll get payback from just one new contract or customer.


There is no right or wrong answer to how you determine your payback and build the business case, and it could conceivably be a blend of the two.

Once the case is made, you want to grab yourself a copy of the standard.  You can get this from the BSI shop.  We used to buy copies and give them away, but we can no longer do that because they are now watermarked to protect copyright.

Once you understand your objectives and how you’re going to get payback, your business case, it’s time to use the standard, and perhaps some of our excellent blogs, to educate your team and plan the route ahead.

2. Management system development

The second step, and actually the big one, is to develop the system.

ISO needs you to have objectives and targets, so the first activity is to understand your longer-term ambitions and make them SMART objectives, if you do this from the get go you’ll be aligning your ISO systems to your business objectives.  We don’t want the ISO tail wagging the business dog.

Once the objectives and targets are understood it’s then about aligning your processes and practises as shown in the diamond tool model above, to your objectives and targets.

At this point you need to link each process and procedure so that it follows the flow of work through the activities that you undertake – from the initial enquiry through to satisfied customer.  Ideally, you’ll also link these to key performance indicators for each process.

There are also a bundle of supporting processes that you may need to account for and document. For instance, the way you manage:

  • Recruitment induction and training
  • Suppliers and purchasing (although purchasing may be a key part of your day-to-day operational process – again the point is make it look like your business)
  • The process of learning from mistakes (still horribly called non conformance)
  • The process of regularly assessing the system to ensure its fit for purpose (sill horribly called auditing)


Also, if you are working on the environmental or health and safety standards, you would also need to understand and proceduralise the way you manage:

  • Your legal requirements
  • Health and safety hazards and risks
  • Environmental aspects and impacts


3. Management system implementation

Once the system has been developed, and it looks like your business, you will need to undertake two major activities:

  • A complete and thorough internal audit to ensure the system is working effectively
  • A review of the system and its component parts (objectives, targets, risks, suppliers, audits, training and a couple of other things) in a management review


Once done, you’ll be ready for the external (UKAS approved) assessment body.

4. Management system assessment

There are a whole raft of UKAS approved assessment agencies; BSI, Forefront, Lloyds, NQA, DNV, SGS, TUV and others.

A key point if you’re doing this because you want to gain access to doors that would otherwise remain closed, you absolutely need an UKAS approved certification body.  UKAS are the only organisation in the UK authorised by the UK government to give companies the right to award ISO certificates.

Be very wary… there are a number of what might by some be called “rogue” organisations out there that will tell you they are authorised by other accreditation agencies.  In some circles, relatives of Arthur Daley are alive and well.

If you do need to check use the UKAS web site.

5. Management system development and improvement

The world changes, people come and go, technologies advance all of which have an impact on the aims and ambitions of an organisation, and if the aims and ambitions change, it’s highly likely that the processes will change.  So, in reality ISO is not about creating a stultifying manual, it’s about a “book of best practise” that embeds an ongoing process of creative destruction.  At one assessment many years ago, the assessor said to a client following his recommendation for approval, “the 100-yard dash is over, let the marathon begin”.

I think this brilliantly encapsulates the idea behind ISO, it ought to be a tool for monitoring and managing continual improvement (and indeed breakthrough improvement although (interestingly) there is absolutely no mention of it in any standard!).


Traditionally, there are two ways to get payback from your ISO journey:

  • From getting new contracts and customers that use ISO as a tool to exclude suppliers
  • From smartening up internal processes and practices


The companies that get the most from their ISO systems are those that have created and properly embedded a culture of “creative destruction” where all products and processes are continually examined and improved… as well as win new work by doing so.


Related tools and ideas


Recommended references

Downloadable resources

More Insights