We have over 18 years’ experience of implementing various ISO’s, covering a wide range of topics such as Quality, Sustainability, Information Security and Risk.
With a 100% success rate, we’re confident in our consistent approach to implementing ISO’s, so much so that we’ve coined our own unique methodology.
Our regular listeners may be familiar with the term ‘isology’ from previous episodes referencing our online platform – the isologyhub. But what is isology exactly?
Put simply, isology is our 7-step method for implementing any ISO Standard. Join Mel this week as she breaks down each of the 7 steps, including the planning, creation and review of an ISO Management System.
- Our experience implementing ISO’s
- The origin of isology
- What is isology?
- The seven steps of isology
In this episode, we talk about:
[00:25] Episode Summary – Mel Blackmore will be explaining our world leading methodology to implement any ISO Standard, which we’ve affectionately named ‘Isology’.
[00:45] The creation of isology: We’ve been implementing ISO Standards for 18 years, starting with ISO 9001 and have since expanded our repertoire to over 20 ISO Standards covering risk, sustainability, quality and Information Security.
The creation of the isology methodology has been a team effort from all of the consultants who have worked with Blackmores over the years, and is primarily built on best practice.
[01:35] Step 1: Plan – Get a copy of the Standard, determine your scope, timescales, leadership commitment, resources and selecting a Certification Body.
Timescales: This is typically around 6 months, but could be longer or shorter depending on your specific requirements.
Resources: As an example, if you were looking to obtain ISO 14001 certification, you may need to appoint a sustainability champion. For ISO 27001 you’ll need a representative from the IT department.
Selecting a Certification Body: Ensure whichever Certification Body you choose is UKAS accredited. You can check this on the UKAS website. International listeners will need to verify on your country’s national accreditation body website.
[03:45] Step 2: Discover – Time to understand what you have in place already and what you’re missing – this is done through a Gap Analysis.
This will often involve an initial meeting with the leadership team to establish what you already have in place, i.e. relevant policies and procedures or any relevant objectives.
We break this down step-by-step and document it all in a Gap Analysis, which will deduce your current level of compliance. From this an action plan can be created to indicate what needs to be done to become fully compliant, including assigning roles to assist with the Implementation.
[05:30] Step 3: Expose – This is where we look at risks and opportunities related to your desired Standard (both internally and externally). This is typically done through a SWOT (Strengths, Weaknesses, Opportunities and Threats) and PESTLE (Policital, Economic, Social, Technological, Legal and Ethical).
In this stage you will also need to understand the key requirements of any relevant stakeholders, so this can include clients, subcontractors, regulatory bodies ect.
A Risk Register may be created to capture the findings to be addressed later. Some ISO’s require a Risk Register, others don’t, but in our experience it’s beneficial to have one regardless.
Companies are also encouraged to create a Legal Register to keep track of all their statutory, regulatory and contractual requirements.
[07:50] Step 4: Create – Time to review the requirements of the Standard in terms of documentation – and create what’s needed. This includes capturing your way of working with documented Procedures, so make sure you have the relevant staff involved in their creation.
Something to remember, you can have additional policy statements that aren’t required by the Standard. If they are important to you, add them in!
We’re in a modern age now, gone are the days of paper manuals gathering dust on an office shelf. Software and applications may be where the bulk of your Management System documentation lives. For example, at Blackmores we use a combination of Monday.com and SharePoint to manage all of our day-to-day activities, including our own ISO 9001 compliant Management System.
The key here is to make your Management System accessible for everyone.
[10:20] Step 5: Launch – Once the Management System has found its home, you need to communicate it. Consider the type of launch you want and who will be involved. Make sure you encourage engagement with the Management System.
Why should you Launch your Management System? Quite simply, there isn’t much point in having controls in your business if no one knows about them!
We have 2 key ways of supporting you with the launch of your Management system:
- We can run an awareness session on your Management System either in person or via Teams. It can then be recorded and used as refresher / induction training.
- Get access to the isologyhub – out online platform with a suite of over 200 ISO courses, training, tools and templates.
[12:15] Step 6: Engage – After the launch you want to ensure that employees are fully engaged and they actually not only are aware of the policies and procedures that you’ve got in place, but they’re actively using them.
The only way to verify this is through Internal Audits – that’s not just our opinion, that’s a mandatory requirement of any ISO Standard.
We can assist with conducting these Internal Audits, which double up as a dummy run ahead of your assessment visits. These audits are essentially a show and tell exercise to gather evidence that you’re doing what you say your doing.
[13:55] Step 7: Review – Time to take a step back and look at what’s been achieved and what’s been highlighted as areas for improvement through your Internal Audits. This is done at what we call a Management Review.
These are typically conducted as meetings, but they don’t have to be a meeting specifically. We’ve done a podcast covering other ways to conduct this review.
At this Management Review you will collate data on the performance of your business in relation to the ISO Standard. The minutes must be recorded, as your Assessor will expect to see these as it’s a mandatory requirement of any ISO Standard.
If you’d like to learn more about what’s involved with a Stage 1 and 2 Assessment, go back and listen to a previous episode.
We’d love to hear your views and comments about the ISO Show, here’s how:
- Share the ISO Show on Twitter or Linkedin
- Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one.
Subscribe to keep up-to-date with our latest episodes: