ISO certification is more than just earning a certificate, and it requires continuous maintenance to both retain certification and drive effective improvements.

Over the course of your 3-year certification cycle, you will need to ensure your Management System is regularly updated and reviewed so that it remains relevant to the way you’re currently working. That in addition to annual tasks such as internal auditing and management review, it can be a lot to keep on top of.

Which is why some turn to external ISO Support.

In this episode, Steph Churchman explains what ISO Support is, the challenges of managing ISO internally and the benefits of external support.

You’ll learn

·      What is ISO Support?

·      What tasks can you outsource

·      Challenges of managing ISO internally

·      What are the benefits of ISO Support?

Resources

·      Isologyhub

·      ISO Support Plan

In this episode, we talk about:

[02:05] Episode Summary – Steph explains what is meant by ISO Support, explains the challenges with managing ISO internally and the benefits of engaging in external support.  

[02:20] What is ISO Support? ISO certification involves a 3-year cycle, where you will be subjected to an annual Surveillance audit by your certification body. On year 3, you will need to undertake a recertification audit, which will determine if you can keep your ISO certification.

During that cycle, you will be required to complete annual tasks such as internal auditing, documentation updates and management review to ensure that your management system is effective in driving continual improvement.

ISO Support is a service provided by an external party to help facilitate the management of these annual tasks, usually undertaken by a dedicated ISO consultancy.

[03:40] What tasks can be outsourced? To learn about what tasks can be outsourced, check out a previous episode.

[03:55] ISO Management Challenge #1: Internal auditors not being comfortable about auditing their peers - It may be the case that certain individuals do no get on, however if someone manages a key process or area of the business, they still need to be audited.

There’s also the chance for auditors to be misunderstood, or have trouble getting the answers they need from auditees. Auditing requires the ability to effectively communicate and make yourself understood. It’s quite common for auditees to ask for further clarification on questions asked, so you need to be able to work with them so that they understand what you’re really asking.

[04:45] ISO Management Challenge #2: Internal auditors not being particularly objective or impartial when auditing leadership – It can be hard to be impartial towards leadership, even if it is ultimately in their best interest! These dynamics can be habitual, but by not pointing out genuine issues or opportunities for improvement, you dimmish the purpose of the exercise.

This also involves any leadership being receptive to feedback given. If this hasn’t been taken well in the past, it’s understandable for individuals to be hesitant doing so again, even if it’s a necessary part of the process.

[05:35] ISO Management Challenge #3: Fed up with paying for training for a high turnover of internal auditors - Internal Auditing will require a qualification, which will cost money. It’s not a tremendous amount for these courses, but it would be an extra thing to budget for, and then there’s factoring the time to complete the course which takes away from that individuals other responsibilities.

It can also be frustrating when your only Internal Auditor moves on and so you have to train another. Depending on the business, this could happen quite frequently and so ends up being a repetitive expense.

You will also need to ensure any current auditors are competent to audit against any new ISO Standards that you may add along the way.

[06:35] ISO Management Challenge #4: Managers not having time to update processes - Your Management system is likely owned by either just 1 individual or by a small team within the business. Those involved will already have their plates full with day-to-day operations, and anything ISO related is just another task to add onto that pile. In the eyes of many, they may seem unimportant in comparison, and will continually get shuffled down the priority list until it’s time for a Surveillance Audit.

There will also be a certain amount of documentation to review and update on a regular basis. Even those with mature systems can experience trouble with duplicated processes, or confusion with old versions, and finding the time to sit and refresh all of that is often hard to accomplish.

[07:30] ISO Management Challenge #5: Managers not aware of their legal, regulatory or ISO Standards requirements - As ISO Standards lay out best practice, they do require businesses to be aware of and adhere to relevant legislation and regulations. Managers will likely not be an expert in ISO Standards or legislation, so it can be easy for things to get missed if they’ve not had sufficient training beforehand.

It will take time for relevant individuals within a business to be trained, or complete CPD to be fully competent to ensure full ISO and legal compliance.

[08:25] ISO Management Challenge #6: Not updating key information i.e. Risk Register, BCP’s, environmental/energy metrics - Monitoring and measuring is a big part of ISO Management. You need to document certain metrics if you want to track them effectively.

You will also need to update key documentation, as nothing stays the same forever. Major business changes may prompt updates to key policies and procedures. You may have opportunities to improve that fall out of audits that require certain documentation to be updated. Or correcting things where non-conformities have been raised.

These updates are necessary to keep the momentum of a management system going. It needs to grow with you, which it will fail to do if everything documented is only applicable to how your business operated a few years ago.

[09:15] ISO Management Challenge #7: Not reviewing key information i.e. Objectives, Environmental/H & S/Data Security trends - Objectives is another key metric that should be reviewed on a regular basis. To not only establish if you are making progress with them, but also to possibly adjust if the original plans were too lofty. They should still be a challenge to obtain, but we’re all only human and sometimes our first estimates about what’s achievable might be a tad too ambitious.

There is also a need to review audit results to see if there’s any trends in areas such as info sec, sustainability and risk. This could be opportunities for improvement or some reoccurring issues that need to be addressed.

All of this monitoring is going to require dedicated time from relevant personal, including feeding back results and following through with further actions.

[10:55] ISO Support Benefit #1: Expertise and Specialisation - Dedicated ISO consultants will keep you up-to-date with the latest standard revisions, interpretations, and best practices. This includes their experience with helping businesses to plan and conduct annual maintenance.

They are there as a guiding hand and can be a great sounding board for you if you have questions surrounding ideas or actions that you’re unsure about.

 Their help ensures your system is maintained effectively and most importantly, compliantly.

[11:40] ISO Support Benefit #2: Cost Savings - While there's a fee for outsourcing, it’s often more cost-effective than maintaining an in-house team or dedicating significant internal resources.

As mentioned earlier, you would need qualified internal auditors at the very least, this will require training costs. You also need to consider the time taken out of individual’s typical working schedule to be able to conduct annual ISO maintenance, this will take away from their day-to-day tasks.

We took this into consideration when creating our ISO Support Plan option, which is a 3-year contract that allows you to stay at a fixed rate for those 3-years. It’s a set it and forget it approach to ISO Support, which is flexible on both the number of days required annually in addition to the tasks you’d like support with.

[12:35] ISO Support Benefit #3: Reduced Workload for Internal Staff - It’s often the case that Individuals, especially in SMEs, often wear many hats. Adding ISO maintenance onto that will impact on their day-to-day activities. Outsourcing frees up their time and resources, allowing them to focus on core business activities rather than the complexities of ISO maintenance.

A lot of people don’t take training into consideration for people who get handed the task of maintaining a management system.

It’s a lot of unnecessary stress when they’ve likely already got enough on their plate. Outsourcing will take a lot of that burden away, and give them a chance to lean on consultant guidance and be able to learn how to manage the tasks without fear of jeopardising the company’s certification. 

[13:30] ISO Support Benefit #4: Impartiality and Objectivity - An external consultant can offer an unbiased perspective on your management system's performance, identifying areas for improvement that might be overlooked by internal staff due to familiarity, bias or ingrained practices.

A fresh pair of eyes can provide a lot of valuable insight, in addition to their lessons learned from other clients. It also helps to have another unbiased voice on your side if you have suggestions for improvement that need presenting to leadership.

It should also be noted that impartial audits are a requirement of ISO Standards, this is so you’re not marking your own homework all the time. It’s another level of assurance that you are doing what you say you’re doing.

[14:20] ISO Support Benefit #5: Continuity and Risk Mitigation - Employee turnover can disrupt internal ISO maintenance.

Outsourcing provides continuity, as any external provider will be available for the duration of an agreed contract, there’s no ambiguity on how long you have their support for. They will help you plan out what needs to be done, and facilitate this with the relevant individuals within your business.

[15:00] ISO Support Benefit #6: Improved Efficiency and Effectiveness - External specialists will have the experience to help streamline processes and tools for maintenance activities. Making the system and it’s running more efficient, leaving you with more time to implement worthwhile changes that reap tangible results.

Having their guidance from the start means you’ll be hitting the ground running. At Blackmores, we ensure that annual activities are planned out in advance so everyone can be prepared and work on a consistent schedule.

[15:40] ISO Support Benefit #7: Enhanced Compliance and Audit Readiness - Outsourced consultants are going to be more adept at ensuring the system remains fully compliant with ISO standards. As they can proactively identify and address non-conformities that could easily be missed by those with significantly less auditing experience.

There is a level of experience that is tricky to achieve if you do not regularly conduct internal audits. Consultants know what to look for, and will often have significant industry experience to know what stones to unturn to find issues and opportunities.

Afterall, that is the purpose of internal audits, to not only check that process, policies and procedures are being followed, but to seek out where you can be doing better, or fixing issues as your business changes and adapts.

[16:40] ISO Support Benefit #8: Focus on Core Business Activities - By offloading the burden of ISO maintenance, you can re-allocate your focus and resources to core business activities and strategic initiatives. ISO Consultants can take a lot of the mental burden of managing ISO systems away.

There will still be homework to do on your side, as ultimately, you know how your business works best, but a consultant will guide you through what needs to be done.

We know that many of you tasked with ISO compliance in your business have another primary role that requires a lot more of your attention. So make it easier on yourselves with the help of an expert, so you can get on and do what you need to do with minimal interruption.

[17:30] ISO Support Benefit #9: Potential for Scalability and Flexibility - Outsourced services can often be scaled up or down based on the business's needs, offering flexibility that an internal team might not be able to provide, especially during periods of growth, crisis or during large projects.

ISO Consultants can help either pick up the slack or give you more of the rope to handle annual ISO maintenance depending on what you need or want.

At Blackmores, we have an ISO Support Plan that can be tailored to your exact needs, including the options to complete tasks such as:-

·      Conducting impartial internal audits

·      Providing surveillance support

·      Updating legal registers

·      Documentation updates

·      Conducting annual management reviews

With 3 levels of support available, we have no issue with you increasing or decreasing days required each year, or varying the tasks depending on where you need the most support.

If you’d like any assistance with ISO Support, feel free to get in touch with us, we’d be happy to help.

We’d love to hear your views and comments about the ISO Show, here’s how:

●     Share the ISO Show on Twitter or Linkedin

●     Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one.

Subscribe to keep up-to-date with our latest episodes:

Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List