The expense and effort of achieving ISO certification is sometimes regarded as excessive and onerous by SMEs - who often decide to decline the challenge. But avoiding going down this route altogether, may result in missed opportunities.
What is ISO certification?
ISO (the International Organisation for Standardisation) was founded in the 1940s with the intent to break down global trading barriers at a time when the world economy was faltering. Since then the body has published nearly 25,000 International Standards covering almost all aspects of technology and business. Today, companies that apply these standards in their business are able to give their customers and regulators assurance that their products and services are safe, reliable and of consistent quality. ISO sets the standards, but it is not the certifying body. Instead, this is the responsibility of specialist agencies across the world, who inspect, audit and certify companies against the standard. At a cost.
To ISO or not ISO - that is the question
For agile and entrepreneurial SMEs this presents a dilemma. They don’t want to get bogged down in expensive, long-winded and bureaucratic exercises. However, the modern supply chain represents unprecedented opportunities for them to work with (and compete against) big players in many sectors. Often, gaining ISO certifications is the best way to demonstrate a commitment to specific standards and the ability to deliver quality products; a doorway into lucrative new sectors and supplier relationships.
But it’s not just the ability to demonstrate this commitment that can give a competitive edge to ISO certified companies, but instead the change in ‘organisational thinking’ that it entails.
Commercial benefits of gaining ISO certification
The ISO standards consist of requirements, specifications and guidelines that help businesses:
- Improve the quality and safety of end products through a focus on customer satisfaction
- Protect the environment - an increasing theme in many of ISO’s evolving standards and business regulation
- Provide greater safeguards against commercial and product failure through more efficient and effective processes
- Pursue continuous improvement for an entire organisation
Even so, many smaller and leaner companies still ask themselves whether gaining ISO certification is worth it - or even possible to attain without significant commercial disruption.
ISO can be valuable for every size of business
While ISO standards might once have been designed with big businesses in mind, the latest standards such as ISO 9001:2015 encourage a scalable approach to meeting standards through a process of risk-based thinking and continuous improvement. Much of their emphasis is on improving the quality of products and services through greater efficiencies and clarity of process. This is achieved with a constant customer focus designed to decrease the risk of product failure and potential harm to individuals.
In this way, the standards themselves are increasingly not just a badge of compliance or consistency that other businesses and customers can rely on, but an opportunity for companies to develop systems that are more resilient, efficient and productive.
Three ISO standards - three opportunities to improve commercial performance
ISO 9001:2015 – Quality Management
ISO 9001:2015 is a formalised system that documents processes, procedures and responsibilities for achieving quality policies and objectives. The benefits of compliance with the ISO 9001 standard have been covered elsewhere in this blog but include the following:
- Developing best practices for consistently high quality, safe and effective products.
- Creating cycles of continuous improvement for standards within a business
- Taking a scalable, risk based approach to implementing and maintaining standards
- Building trust and loyalty through positive customer experiences
And these can quickly translate into tangible ‘bottom line’ benefits. For example, the BSI say that half of the businesses who gained certification through them, reported measurable improvements in the delivery and sales of their products and services.
The ISO 27001:2013 standard contains guidelines specific to data privacy and security. It encompasses the implementation, management and continuous improvement of an organisation’s information security management system (ISMS).
Compliance with ISO 27001 indicates an organisation has implemented processes and procedures that protect customers at every point of contact. This holistic approach to information security protects against dangerous and expensive breaches - and should be a company wide initiative.
- Secure information in all its forms.
- Cross organisational training foregrounds continual improvements
- Increase its resilience to cyberattacks.
- Rapidly adapt to evolving security threats.
- Reduce information security-related costs.
In the modern tech sector highly sensitive personal data is routinely collected by even the smallest companies via a range of digital channels, platforms and hardware. Knowing that the highest standards are always being applied to its secure handling can give unrivalled confidence to customers, partners and potential investors. It can represent a real competitive advantage for a company with ambitious plans to expand the way they collect, use and store data over time.
ISO 14001:2015 – Environmental Management
ISO 14001:2015 is intended for organisations to set up, improve or maintain an environmental management system to conform with established environmental policies. It helps companies develop policies to:
- Improve operational efficiencies
- Reduce waste
- Drive down costs
- Provide assurance that environmental impact is being measured to hit regulatory targets
- Gain competitive advantage in supply chain design
- Increase new business opportunities through reliable credentials
ISO standards - implementing best practices
ISO standards like the ones above are designed to help companies develop a road map to achieve and maintain their business objectives.
And its the processes that drive the adoption of these standards and their expected outcomes that are key here. They often hinge around Plan Do Check Act (PDCA) cycles, that aim to create measurable and continuous improvements in specific aspects of a company’s operations.
They are frameworks for gaining competitive advantage that many businesses can benefit from, regardless of whether they are actively seeking ISO certification.
Gain and maintain the competitive edge with the “PDCA” cycle
The PDCA cycle is an iterative approach for achieving a particular objective. The model involves specific tasks that need to be planned, tested and then analysed for effectiveness. This is how new processes and procedures can be conceived, implemented and become part of the way your organisation works:
- Plan – The planning phase is the most important part of the cycle as it will impact other phases and the measurable success of its desired outcomes.
- Do – This phase involves clarifying the scope of the plan, completing the tasks and resolving any unexpected issues along the way.
- Check – This phase involves assessing the outcomes. Did you achieve the expected results? What changes, if any, will be required to ensure success going forward?
- Act – Employees will need to be trained and retrained to apply the improved policies and procedures that have been developed. The objective is to embed them in your organisational thinking.
With opportunities for proper planning and review, a PDCA cycle enables businesses to continually benchmark their achievements against their competitors, as well as their internal goals.
The ability to document and then implement these kind of improvement cycles will make all the difference when it comes to discovering ways of working that deliver better results.
Setting up a flexible, process driven, Quality Management System underpinned by robust document control tools is one way you can begin to plan, implement and measure the impact of new initiatives in the way described above. Adopting this kind of software early on could help you achieve many of the behavioural changes in your organisation that will drive efficiencies and continual improvement. This maybe a requirement of many of the ISO standards, but it's also a sensible and scalable approach to gaining and maintaining a competitive edge.
There are many advantages to gaining an ISO certification. These include:
- Increasing customer satisfaction
- Providing a competitive differentiator
- Establishing a culture of continuous improvement.
- Fostering shared company values and a proactive mindset across the organisation
But there’s no doubt it’s an enormous commitment that requires buy-in and participation from every person working at all levels in an organisation, especially executive management.
ISO certifications might be useful credentials for winning business, but it’s the mindset, processes and procedures that the standards require which will lend the real competitive edge to your operations. And if you’ve adopted that mindset early on, aided by the right digital tools, it’ll be a natural progression to achieve the certification that will prove it to the world.