“Quality” being defined as the ability to deliver to pre-defined requirements – can an SEO (Search Engine Optimisation) company ever really deliver quality, with so many variables & the output being so unpredictable? At QM.UK we have tried 3 different SEO companies over the years; all at least guaranteeing they would improve our website positioning on the major search engines. Alas none delivered, but actually dropped our site in the ratings. So can an SEO Company ever achieve ISO 9001 Certification – YES, it can…. I often advise that ISO 9001 is certification of your Management System, not your product or service. Certification to the standard confirms your Management System has achieved a standard that can ensure consistency of process & quality of output. If the requirement is a Ford Fiesta you consistently deliver a Ford Fiesta, same if it is a Rolls Royce. Trouble with SEO is, even with a system in place, the output still varies! I therefore have had to change my view that ISO 9001 Certifies a company’s ability to deliver to pre-defined requirements – it can only “maximize likelihood” of a pre-defined output. For an SEO company to achieve ISO 9001 it would have to demonstrate consistency of processes and that it has the necessary tools in place to measure against planned results and make improvements where possible. It is similar for Telemarketing firms for whom we have delivered ISO 9001 UKAS Certifications. So personally I would still recommend selecting an SEO company that has ISO 9001 Certification, as it does demonstrate in a sector open to such change and variables – they at least have certified systems to measure & maximize performance, increasing the “Likelihood” of your desired outcome – ROI. Or just type SEO into Google and see how well they have optimized their own website 🙂 QM.UK
So just how much of a Benchmark is it – How Credible is ISO Certification? ISO 9001 ISO 9001 is the Quality Standard but as such the most open to controversy. This is because there is often confusion as to what “Quality” actually is. If one company produced a Ford Focus & another a Ferrari, most would regard the later as having produced the highest Quality Product. However “Quality” is defined as the ability to deliver to pre-defined requirements. Therefore if the requirements were a roomy car that did 40 mpg & could be retailed at less than £20k, the production of a Ferrari would be a very poor Quality Output. It should also be noted that ISO 9001 is certification of your Management System, not your product or service. Certification to the standard confirms your Management System has achieved a standard that can ensure consistency of product or service. What level a company sets itself to deliver is up to them and in fact Ford and Ferrari could operate to the very same Quality Management System – they just produce to different specifications. So before you right off an ISO 9001 company you have to ask, are they consistently delivering to their (or your) specification – not everybody can afford a Ferrari. ISO 27001 The Information Security Standard. This is the most current & in demand as Cyber Attacks become more frequent & companies become more aware of their vulnerabilities and the need to secure services from companies that can safeguard their information. This standard is the most reliable measure of a company’s credentials, as Information Security is more measurable and less subjective than Quality. There are 2 main parts to ISO 27001. A company has to identify all of its Information Assets, Risk Assess & Control. The other main part of ISO 27001 is a detailed list of “Control Objectives” (requirements) for which, if applicable – you must put a control in place. This makes 27001 the most measurable & auditable of standards, therefore Certification does ensure a high level of Information Security. ISO 14001 The Environmental Standard. This is a reliable measure that a company has systematic control over any possible environmental impact and has plans in place for continual improvement. A large part of this is similar to 27001 in that a company has to identify all of its Environmental Aspects rather than Information Assets, but still Risk Assesses & Controls. Environmental Objectives must also be established to where possible, continually improve environmental performance. If you feel a company claiming to be holding one of these standards is poorly performing, don’t take it on face value. Check it is a credible Certification, or that it is a certification at all. If it is a UKAS Approved Certification Body ask for their name or take it off a displayed logo and contact them asking if the company is actually ISO Registered with them. If it is in the UK and not a UKAS Certification, it’s best not taking it as verification of anything…… email@example.com
Time Scale varies greatly for the various ISO offerings in the Market Place, as does client requirements & expectations. The time to Certification depends on Internal Expertise, External Help, Management Commitment, Internal Resource & the Route you chose. As independent UKAS Certification is the only certification recognised by ISO & the British Government, if you choose any other route – pay your money and demand it right away. Don’t be surprised though if it costs business rather than creates. 3 main routes to UKAS Certification: 1. Internal Expertise If you have an internal member of your team who has been through the process before or is a relevant practising Quality, Information Security, Environmental or Health & Safety Mgr, he will probably be able to successfully guide you through the process. Timeframe will depend on how much experience they have of taking organisations through the process & how much commitment they get from their colleagues. Being internal the most frequent downfall is that chargeable work often tends to take priority & ISO is often put on the back burner – or seen as almost the sole responsibility of that Manager & is hard to integrate. 2. Training If you wish to proceed without an external consultant but do not have the full internal expertise to proceed, there are training courses available. We would recommend you seek UKAS Certification Bodies for these courses. The trouble is these courses are very generic & we would only recommend this route if you have a Manager or person who may just fall short. We would recommend them as refresher or top-up courses, rather than a one-stop shop to ISO Certification. Timeframe raises same concerns as previous route, only a less experienced person is likely to attract less internal commitment & their aptitude for training is less predictable. The less experienced the person is, the more likely they are to go “Belt & Braces” with their systems to ensure conformance to all the clauses. This often produces cumbersome systems costly & time consuming to maintain ongoing. 3. External Consultancy External Consultants who have several years experience of implementing systems & gaining ISO Certification should give a more predictable outcome. “Buyers Beware” – consultants can promise to meet your fast-track timeframes, but it is still less than predictable. To successfully implement a system & be able to demonstrate full integration into your working practices, there still requires internal commitment & resource. While an external consultant can produce a lean, dynamic system & guarantee a positive outcome – timeframe will still rely heavily on Internal Commitment. While at QM.UK we offer the third option, we recommend you explore all options before making a decision. QM.UK UKAS ISO 9001. ISO 27001, ISO 14001 & OHSAS 18001 Consultants
The International Organization for Standardization (ISO) is an international standard-setting body composed of representatives from various national standards organizations. Founded on 23 February 1947, the organization promotes worldwide proprietary, industrial and commercial standards. It is headquartered in Geneva, Switzerland and as of 2013 worked in 164 countries. There is only one National Standards Body recognised from each country and they in turn must be recognised by their Government. UKAS is the only ISO recognised Body in the UK. The United Kingdom Accreditation Service (UKAS) is the national accreditation body for the United Kingdom, appointed by government, to assess organizations that provide certification, testing, inspection and calibration services. There are many UKAS Approved ISO Certification Bodies, the most commonly recognized being BSI & Lloyds, but there is a full list on their website Gaining UKAS Certification to an ISO Standard demonstrates a company or organization has achieved and operates to a certain standard, been verified by an independent & recognized body. Ongoing audits by the Certification Body evidences they consistently meet these standards. ISO 9001 is the internationally recognized Quality Standard. It defines the elements of organization required by a company to systematically deliver quality products, services or advice. ISO 9001 Certification is verification that you systematically deliver quality services or products. It is a benchmark for potential customers & helps you review and fine tune your own operations ongoing. ISO 27001 is the internationally recognized Information Security Management Standard. It defines the elements of control required by a company to protect all information it holds. In an ever increasing age of security awareness & media exposure of careless information handling, the protection of data is critical. Sectors such as finance, health, public and IT have become particularly sensitive. Hence, certification to the standard is increasingly winning both confidence & new contracts. ISO 14001 is the internationally recognized Environmental Standard. It defines the elements of organization required by a company to control the impact of their activities, products or services on the environment. 14001 Certification demonstrates to an increasingly aware public & business community – a commitment to minimize your impact on their environment. It gives confidence that customer’s environmental credentials & good names won’t be tarnished by their suppliers operations In general companies & organisations that can demonstrate their operational standards are UKAS certified, gain more confidence in the Market Place.
Our first 2 clients operating in the Banking & Software Sectors engaging our fast track – UKAS ISO 9001 & ISO 27001 Certification in 60 Days, completed this week – Redline Application Services: Provides software and services to lenders to support the full end to end credit lifecycle from origination, through scoring, decision making, document production or e-signing, into account management and on to debt collection. http://www.redlineapplicationservices.com Reference for our Fast-Track Process can be obtained from Steve Toms (Managing Director) @ firstname.lastname@example.org Bonafidee: Specialises in real time, anti-fraud technology solutions which can be accessed instantly via the web or provided as an integrated solution. http://www.bonafidee.com Reference for our Fast-Track Process can be obtained from Francis Lang (Head of Development) @ email@example.com Part of a small group, both companies proceeded simultaneously, which enabled us to fully utilise consultancy days & minimise costs. The full process from initial visit on 29th October, until conclusion of successful Assessment by a UKAS Approved Certification Body on 15th December took 49 days. Proceeding at such pace took full commitment & dedication by Senior Personnel & wouldn’t have had the positive outcome otherwise. Without that commitment we wouldn’t advise such pace…. firstname.lastname@example.org
ISO 27001 is the internationally recognized Information Security Management Standard. It defines the elements of control required by a company to protect all information it holds In an ever increasing age of security awareness & media exposure of careless information handling, the protection of data is critical. Sectors such as finance, health, public and IT have become particularly sensitive. Hence, certification to the standard is increasingly winning both confidence & new contracts Our service is to a structured process, but can be adapted to meet individual requirements. Providing you fully accept our guidance we GUARANTEE Certification. Our comprehensive process delivered by a dedicated consultant includes, but is not restricted to: Initial meeting to instruct on identifying Information Assets, conducting a full Risk Assessment & completing a Statement of Applicability – all documents provided Full online & telephone support to progress these documents Produce bespoke documented System Manual & Policy Templates Next meeting to explain remaining elements of System Implementation Full online support to complete documents & fully implement System Visit/Pre-UKAS Audit of your system & operations Visit/Remedial Action Support/UKAS Preparation Visit/Representation & Support during UKAS Assessment For an SME you will need to appoint an Information Security Representative to liaise & be trained by us. This will take 12-20 days of their time, dependent on their background Fixed Cost £4 300 QM.UK + £1130 UKAS Cert Fees = £5430 Total Note: Most consultancies don’t quote UKAS Fees or their attendance to support – this is normally an unexpected “add-on”, raising costs by about 60% These costs cover up to around 30 employees operating out of one location – for a full quote regardless of business size, just use the form or give us a ring – ENQUIRIES For pre-Xmas Delivery, orders must be placed before 20th October 2015 🙂
You should consider which standard/s could help improve your business against which standard/s would most impress your potential client base – ISO 9001 helps you monitor & improve both your processes & client perception. It also gives you the discipline to ensure you don’t miss critical details in pursuit of profits & deadlines. ISO 27001 makes you have a closer look at the information you hold &the security of it – protects against info loss that could publicly damage your brand. ISO 14001 ensures you minimize your impact on the environment – gives you a clear conscience, green credentials & can impress potential clients. OHSAS 18001 ensures you minimize risk to all personnel or anyone else affected by your activities – shows due diligence if in the unfortunate event, you have an accident or incident. Ultimately it can boil down to “Return on Investment” Ask: Will implementing these standards increase profits through improvement in internal operations or by helping you meet client & tender requirements?
No! By the time these standards are finally approved & the UKAS Certification Bodies are approved to assess against them, it will likely be the middle of next year before you will be able to receive a Certificate. Like all new standards they will be open to interpretation by not only the various UKAS Certification Bodies, but by individual auditors as well. My advice would be the same for a new piece of Software or Windows10 in particular – let others sort out the bugs! If certified to the current standards, you will then have up to 3 years to then change to the revised requirements. You will also have the commercial advantage of being certified up to a year earlier. Grant www.qmuk.co.uk
Posted on 11th September 2015 – I am just about to ask BSI & ISO if they are aware they are displaying their logos? Apparently we were one of many to report this company claiming to be “Internationally Recognised” for displaying the ISO logo –
Hi, A month ago, we had sent you a request to remove our logo on your webpage at: http://www.cdl-group.co.uk/services/certified-online-management-system/ It seems that today, the same page is still running, and that no actions have been taken. As mentioned below, the use of ISO logo by your consultancy business has not been authorized. Furthermore, using our logo in connection with certification would give the false impression that it is ISO that has carried out the certification or has approved it. We once again request that you immediately remove our ISO logo from your page and any other material where you may have used it without authorization. We look forward to your confirmation that this has been done. Regards, cristina ughi legal services | iso central secretariat