QMUK 17yrs Today – Growing Business by Growing Businesses! & thanks to all the businesses we have worked & grown with over the last 17 years – Orion (Computer Consumables Distributor) who we guided through ISO 9001 & 14001 in 2004, bought in 2005 by Westcoast Wstore (IT Reseller) who we guided through ISO 9001 & 14001 in 2009 – bought by Misco/Symantex in 2009 who we also helped through ISO 14001 in the same year Optevia (Microsoft Cloud based CRM Systems) who we guided through ISO 9001 & 27001 in 2014 – bought by IBM Global Business Services Division 2016 Blue Chip (Managed IT Services & Cloud Hosting) who we guided through ISO 9001 & 27001 in 2014 – bought out by GCI in 2017 who we also helped through ISO 9001, 27001 & 14001 in 2013 EPS Research (Clinical Data Analysis) who we guided through ISO 9001 & 27001 in 2014 also – bought out by IQVIA in 2017 Current Clients: MLL Telecom Grown from 55 to 130 staff in just over 2 years, CTS (Combined Tech Serv) Grown 30% in 2 years, Wilkinson Eyre Grown 50%, secured Battersea Power St Project and with the challenges of GDPR The Telecom Marketing Company continue to grow & prosper…. Find out how we can work with you & help YOUR business Grow
From our experience businesses pursuing ISO 9001, ISO 27001, ISO 14001 or OHSAS 18001 do it for one of 3 reasons: • To fulfil tender or customer requirements and win new work • To drive Business or Process improvement • Both of the above I would guestimate from our experience 20% of businesses pursue certification to solely fulfil tender or customer requirements and win new work. A similar percentage would use their certification project to focus mainly on driving Business or Process improvement. The bulk of businesses want the certification to win new work but engage with the process of attaining certification, to benefit from both Business & process improvements. For any Business considering implementing the standards we would always ask that they consider Return on Investment. Firstly obtain a costing for the certification route you think could best help you improve in your operations & best serve a positive outcome in gaining your chosen certification. See previous post for various methods of attaining certification. The main financial benefit will be the additional tenders it qualifies you for & the extra work it may bring in – ask your potential clients if it could give you a more favourable outcome when bidding for work. Benefits outside of this most obvious financial reward are normally found in the project phase & can be – ISO 9001 Project Phase • Enables you to examine your current operating processes & identify areas for improvement • Pushes you to rationalise & define systematic processes that ensures all are “singing off the same hymn sheet” within the business • Clearly defined business processes support company growth “before things get out of control” ISO 27001 Project Phase • Ensures you identify all information stored within the company & it’s importance to your business • Systematically guides you through risk assessing the threats & vulnerabilities to the information you hold • Ensures you put in adequate controls to protect your information and ultimately your business ISO 14001 Project Phase • Identifies any aspect of your business that can impact the environment • Makes you evaluate the impacts your business could have on the environment & identifies the controls needed to reduce the likelihood or prevent such impacts • Ensures an awareness of Environmental Legislation & avoids any unnecessary & “crippling” fines OHSAS 18001 Project Phase • Identifies any Hazards within your business that could impact Human Health or cause Accidents • Makes you evaluate the Risks associated with these Hazards & identifies the controls needed to reduce the likelihood of accidents or affects on Human Health • Ensures an awareness of Health and Safety Legislation, avoids any unnecessary “crippling” fines & most importantly protects both your employees and anybody else who can be affected by your work These are just a few bullet points on some of the ways certification can help your business, there are many more. So if you want any further info just get in touch. email@example.com
“Quality” being defined as the ability to deliver to pre-defined requirements – can an SEO (Search Engine Optimisation) company ever really deliver quality, with so many variables & the output being so unpredictable? At QM.UK we have tried 3 different SEO companies over the years; all at least guaranteeing they would improve our website positioning on the major search engines. Alas none delivered, but actually dropped our site in the ratings. So can an SEO Company ever achieve ISO 9001 Certification – YES, it can…. I often advise that ISO 9001 is certification of your Management System, not your product or service. Certification to the standard confirms your Management System has achieved a standard that can ensure consistency of process & quality of output. If the requirement is a Ford Fiesta you consistently deliver a Ford Fiesta, same if it is a Rolls Royce. Trouble with SEO is, even with a system in place, the output still varies! I therefore have had to change my view that ISO 9001 Certifies a company’s ability to deliver to pre-defined requirements – it can only “maximize likelihood” of a pre-defined output. For an SEO company to achieve ISO 9001 it would have to demonstrate consistency of processes and that it has the necessary tools in place to measure against planned results and make improvements where possible. It is similar for Telemarketing firms for whom we have delivered ISO 9001 UKAS Certifications. So personally I would still recommend selecting an SEO company that has ISO 9001 Certification, as it does demonstrate in a sector open to such change and variables – they at least have certified systems to measure & maximize performance, increasing the “Likelihood” of your desired outcome – ROI. Or just type SEO into Google and see how well they have optimized their own website 🙂 QM.UK
So just how much of a Benchmark is it – How Credible is ISO Certification? ISO 9001 ISO 9001 is the Quality Standard but as such the most open to controversy. This is because there is often confusion as to what “Quality” actually is. If one company produced a Ford Focus & another a Ferrari, most would regard the later as having produced the highest Quality Product. However “Quality” is defined as the ability to deliver to pre-defined requirements. Therefore if the requirements were a roomy car that did 40 mpg & could be retailed at less than £20k, the production of a Ferrari would be a very poor Quality Output. It should also be noted that ISO 9001 is certification of your Management System, not your product or service. Certification to the standard confirms your Management System has achieved a standard that can ensure consistency of product or service. What level a company sets itself to deliver is up to them and in fact Ford and Ferrari could operate to the very same Quality Management System – they just produce to different specifications. So before you right off an ISO 9001 company you have to ask, are they consistently delivering to their (or your) specification – not everybody can afford a Ferrari. ISO 27001 The Information Security Standard. This is the most current & in demand as Cyber Attacks become more frequent & companies become more aware of their vulnerabilities and the need to secure services from companies that can safeguard their information. This standard is the most reliable measure of a company’s credentials, as Information Security is more measurable and less subjective than Quality. There are 2 main parts to ISO 27001. A company has to identify all of its Information Assets, Risk Assess & Control. The other main part of ISO 27001 is a detailed list of “Control Objectives” (requirements) for which, if applicable – you must put a control in place. This makes 27001 the most measurable & auditable of standards, therefore Certification does ensure a high level of Information Security. ISO 14001 The Environmental Standard. This is a reliable measure that a company has systematic control over any possible environmental impact and has plans in place for continual improvement. A large part of this is similar to 27001 in that a company has to identify all of its Environmental Aspects rather than Information Assets, but still Risk Assesses & Controls. Environmental Objectives must also be established to where possible, continually improve environmental performance. If you feel a company claiming to be holding one of these standards is poorly performing, don’t take it on face value. Check it is a credible Certification, or that it is a certification at all. If it is a UKAS Approved Certification Body ask for their name or take it off a displayed logo and contact them asking if the company is actually ISO Registered with them. If it is in the UK and not a UKAS Certification, it’s best not taking it as verification of anything…… firstname.lastname@example.org
The International Organization for Standardization (ISO) is an international standard-setting body composed of representatives from various national standards organizations. Founded on 23 February 1947, the organization promotes worldwide proprietary, industrial and commercial standards. It is headquartered in Geneva, Switzerland and as of 2013 worked in 164 countries. There is only one National Standards Body recognised from each country and they in turn must be recognised by their Government. UKAS is the only ISO recognised Body in the UK. The United Kingdom Accreditation Service (UKAS) is the national accreditation body for the United Kingdom, appointed by government, to assess organizations that provide certification, testing, inspection and calibration services. There are many UKAS Approved ISO Certification Bodies, the most commonly recognized being BSI & Lloyds, but there is a full list on their website Gaining UKAS Certification to an ISO Standard demonstrates a company or organization has achieved and operates to a certain standard, been verified by an independent & recognized body. Ongoing audits by the Certification Body evidences they consistently meet these standards. ISO 9001 is the internationally recognized Quality Standard. It defines the elements of organization required by a company to systematically deliver quality products, services or advice. ISO 9001 Certification is verification that you systematically deliver quality services or products. It is a benchmark for potential customers & helps you review and fine tune your own operations ongoing. ISO 27001 is the internationally recognized Information Security Management Standard. It defines the elements of control required by a company to protect all information it holds. In an ever increasing age of security awareness & media exposure of careless information handling, the protection of data is critical. Sectors such as finance, health, public and IT have become particularly sensitive. Hence, certification to the standard is increasingly winning both confidence & new contracts. ISO 14001 is the internationally recognized Environmental Standard. It defines the elements of organization required by a company to control the impact of their activities, products or services on the environment. 14001 Certification demonstrates to an increasingly aware public & business community – a commitment to minimize your impact on their environment. It gives confidence that customer’s environmental credentials & good names won’t be tarnished by their suppliers operations In general companies & organisations that can demonstrate their operational standards are UKAS certified, gain more confidence in the Market Place.
ISO 9001, ISO 27001 & ISO 14001 (Based solely on the communications we receive) Currently ISO 27001 is still growing & by far the most popular of the standards. With the ever increasing publicity & awareness surrounding Cyber Attacks & now the potential of Terrorist Cyber Attacks it is no wonder. Add to this the much publicised information losses from Big Names such as Morissons, Home Depot, eBay, T Mobile, Experian etc & the trend looks to continue. ISO 9001 & ISO 14001 seem to be a little on hold as people hesitate over whether to go for the old or the newly released standards. As most UKAS Approved Cert Bodies will not be able to certify against the new standards until mid 2016 this is set to continue a little longer. For ISO 14001 it has been quiet for a while. Have our environmental consciences dampened as we concentrate on Information Security concerns? Or is the current 27001 more commercially attractive? Companies currently trending towards certification are from the IT, NHS, Banking & Insurance Sectors…. www.qmuk.co.uk
In 1994 BS 5750 was replaced by ISO 9001, not a huge leap – still a standard very much driven by procedures & many would say Bureaucracy. In 2000 the ISO 9001 standard had its biggest change, became less prescriptive & more Process Driven. This was seen by the majority as a breath of fresh air! For previous standards if you wrote a procedure & created a form for everything you did – you could easily be certified to the standards. This often made it bureaucratic, onerous, said little of how you actually managed your business & contributed even less to improving your exisisting systems. Along no doubt with many other consultancies, we have spent years convincing potential clients that the new 9001 process based systems need no longer by onerous & should not only be integral to normal good management practises, but provide a serious tool for improvement. It therefore came as a bit of a shock when I received the below email – “Do you have previous working experience of the BS5750 standards, assuming you would be the auditor, if we decided to go ahead? My manager has concerns about how slack ISO 9001 appears compared to BS5750. BS5750 is the level of standard he is looking for.” “Horses for Courses” – The difference with the new 9001 standard is that you can choose how ridged your processes need to be, the amount of procedural content that would benefit you & how much paperwork you need to generate. With BS 5750 bureaucracy was almost inevitable….current 9001 gives you both Choice & Flexibility. So although a surprise the email raised a valid point – ensure your Consultant or Quality Representative understands the level of control & flexibility your business requires.
You should consider which standard/s could help improve your business against which standard/s would most impress your potential client base – ISO 9001 helps you monitor & improve both your processes & client perception. It also gives you the discipline to ensure you don’t miss critical details in pursuit of profits & deadlines. ISO 27001 makes you have a closer look at the information you hold &the security of it – protects against info loss that could publicly damage your brand. ISO 14001 ensures you minimize your impact on the environment – gives you a clear conscience, green credentials & can impress potential clients. OHSAS 18001 ensures you minimize risk to all personnel or anyone else affected by your activities – shows due diligence if in the unfortunate event, you have an accident or incident. Ultimately it can boil down to “Return on Investment” Ask: Will implementing these standards increase profits through improvement in internal operations or by helping you meet client & tender requirements?
“Risk management is a new and welcome addition to ISO 9001.” I don’t think so, certainly for some companies but not as a requirement to achieve Certification of your Quality Management System. This has taken the standard back to pre 1994 and the days of BS5750. BS5750 was originally derived from the Military Standards & was based around manufacturing. As the decades have passed, UK manufacturing has dwindled while Service Companies have come to the fore. This is largely why the Process Model adopted for ISO 9001:2000 was introduced & embraced as a welcome change. ISO 9001 in my opinion should provide an adequate framework for a company to consistently deliver its services or goods. It should not enforce practices that add bureaucracy or paperwork while not necessarily impacting quality in any way. The bulk of our ISO9001 clients, as with the bulk of companies in the UK are non-manufacturers – this has therefore been written by dinosaurs for the few remaining bastions of manufacture & does not reflect the elements required to quality manage modern day services. QM.UK’s immediate task will be to address this element with minimalism for those where it serves little purpose…. Grant QM.UK