How ISO Certification Helps Bid Qualification
Industry recognised standards certification is increasingly important and is often mandatory when bidding. Certification provides buyers with assurance that your business has robust management systems in place and evidences your consistent delivery of high-quality services. Annual audits to retain certification assess timely identification of non-conformities and tracks that they are resolved.
In the bid process, holding relevant accreditation can automatically secure vital scores, bypassing lengthy additional questions and avoiding the need to supply extra supporting materials such as policies, procedures and processes.
A Management System is a set of rules, policies, processes and procedures that ensure your product/service meets or exceeds customer expectations.
International Organization for Standardisation (ISO) is the world’s largest developer of voluntary internationally recognised Quality Management Systems (QMS). The most common areas for accreditation are: Quality, Environment, Health & Safety and Information Management. Industry specific standards are provided for sectors such as: Aerospace, Food & Beverage, Automotive, Cosmetic and Medical.
ISO accreditation is based on seven main principles and an underlying directive:
1. Customer – ensuring customers are at the heart of your business
2. Leadership – top level management drives policy and direction
3. Engagement – empower employees to optimise effectiveness
4. Process – deliver consistent and predictable outcomes
5. Improvement – continuous development and enhancement
6. Evidence – proof of quality and that decisions are based on facts, insight and data
7. Relationships – manage internal and external interested parties
Plan, Do, Check, Act – ensure you say what you are going to do, do it, check you have done it, then assess and improve what you do.
ISO 9001 – Quality Management System
ISO 9001 is a powerful business improvement tool for resilient and sustainable business. Focus areas are to satisfy customers, win more business, evidence corporate governance, work well with stakeholders and suppliers, streamline operations, manage costs, continuously monitor quality and improve overall. Key focus areas are:
• Context – what do you want to achieve?
• Needs – of the business and interested parties
• Scope – the systems required
• Leadership – to define policies, roles and responsibilities
• Planning – risks and opportunities
• Support – resources, competencies and communications
• Operational Ability – design, develop and deliver products/services and manage suppliers
• Performance Evaluation Framework – customer feedback, internal audits, annual and ongoing reviews
• Improvement Process – identify non-conformance and take effective remedial action
ISO 14001 – Environmental Management System
Minimising environmental impact and ensuring a sustainable supply chain is crucial to your business and is increasingly demanded by customers. ISO 14001 is the most widely used environmental management systems providing guidelines for improving your business while reducing waste, cost and risk. Key areas include:
• Risk Assessment – likelihood of issues, their impact and frequency
• Prioritisation – review risks and apply criteria and scoring
• Legal Compliance – meeting statutory and regulatory requirements
• Waste Reduction – manage resources/impacts including carbon footprint
• Proof – evidence your green credentials
ISO 45001 – Occupational Health and Safety System
ISO 45001 is designed to prevent work-related injury and provide a safe and healthy workplace. Key differences to other health and safety schemes include:
• More emphasis on the health and wellbeing of employees
• Focus on workforce consultation and participation
• Clear communication internally and externally
• Demonstration of change management
• Strong control of outsourcing
• Requiring emergency response schemes
• Built-in continuous improvement
ISO 27001 – Information Security Management System
Cyber security and brand protection are increasingly vital areas for your business and customers, especially in the public sector.
Often as suppliers you conduct business representing your clients and have access to their brand image, client information and other sensitive data. A breach can have catastrophic effects on their credibility, reputation and customer relationships.
ISO 27001 provides a framework for the confidentiality, availability and integrity of information in both electronic and paper formats. This standard assesses how information is stored, accessed and has relevant legal compliances applied.
Implementation can be complex with a typical timescale of six months to achieve a full asset register and a range of risk assessments. There are over 100 potential security controls to be assessed, a statement of applicability to be produced and control measures needed for all those relevant to the business.
Cyber Essentials or Cyber Essentials Plus are already mandatory in many sectors and ISO 27001 is rapidly becoming expected so it is worth considering before not having it limits your business opportunities.
Auditing Is Essential
Maintaining standards requires a commitment to ongoing assessment internally and externally.
Internal Auditing – Establish an annual cycle for internal monitoring and train someone as your internal auditor. Their skill set should include:
• Analytical thinking to work with data
• Report production
• Being fair and impartial as the role covers all aspects of the business
• Consistent at following up and chasing required information
• Diplomatic to manage improvements/issues involving colleagues
External Auditing – carried out in two stages:
• Stage 1 Assessment – assesses how well prepared for Stage 2 you are. This includes: reviewing manuals, checking key elements and processes are in place, evaluating planned cycles of internal audits and that all statutory and regulatory requirements are in place. Observations are produced outlining areas of concern and anything that needs addressed.
• Stage 2 Assessment – a full system audit, checking compliance in all areas. This includes: objectives setting, performance monitoring, internal audits, annual management reviews, processes, operational controls, resources and skills. Non-compliances need corrected and evidenced to the certification body for certification to be awarded.
• Minor – small areas such as missing training records or unapproved Purchase Orders.
• Major – more significant process breakdowns such as: failure to address key requirements or a large number of Minor issues across the business.
Certification is an investment but also saves your business time and money by improving your business efficiency which improves your top line and delivers more to the bottom line through:
• Improved Procedures – more efficiency
• Improved Ordering Processes – fewer errors or returns
• Reliable Supply Chains – consistent and timely
• Customer retention – high service and satisfaction levels
• Opens new markets – standards are often prerequisites
• Increased turnover – increased business opportunity
• Business savings – e.g. H&S can reduce insurance premiums and claims, environmental improvements can lower waste and energy costs
There are a number of ways to implement Standards:
• Do it yourself – could be cost-effective but can be hard work and hit internal knowledge and skills limitations.
• Employ a Quality Manager – an internal role for someone with specific skills and experience to manage the implementation and ongoing auditing.
• Hire a specialist consultancy – check the practitioner is industry qualified, has knowledge of your sector, follows the ISO implementation guide and will work well with you and your business.
Using Specialist Consultants
From full implementation services to areas of focused support such as specialised analysis and training. Costs will depend on a range of factors including the applicable Standard, number of sites and employees, volume of processes and how complex your business is.
Savings can be made with a simultaneous implementation of a number of Standards. There are many topics and clauses in common so efficiencies can be achieved with a combined programme of works.
As securing certifications takes time plan now for the investment needed to set up and implement Standards across your business. Consider, revise and renew applicable credentials to improve your business efficiency and compliance which for a competitive edge in winning bids.
With thanks to Ken Neill, ISO Certification specialist with IMSM