When embarking on your ISO journey, a crucial first step is evaluating your current level of compliance and identifying what gaps need to be filled to gain certification or fully align with a Standard. This is typically done by conducting a Gap Analysis.
This exercise sets the foundations for your ISO Implementation project, from setting key actions and objectives, to resourcing and establishing a project timeline.
In this episode, Ian Battersby dives into the purpose of a Gap Analysis, who should be involved in the exercise and what inputs and outputs you should expect to have from conducting a Gap Analysis.
You’ll learn
- What is a Gap Analysis?
- What is the aim of a Gap Analysis?
- What is the process of conducting a Gap Analysis?
- Who should be involved in a Gap Analysis?
- What inputs should be included in a Gap Analysis?
- What outputs can you expect from a Gap Analysis?
Resources
In this episode, we talk about:
[02:05] Episode Summary – Ian Battersby dives into the first step on any ISO Implementation journey, breaking down what a Gap Analysis is, it’s purpose and what you should expect to get out of conducting one.
[02:50] What is a Gap Analysis?: Simply put, it’s the start of the process.
It’s a key to understanding where an organisation is right now and establishing what it needs to do on its journey to ISO certification.
But it’s not just for certification, as certification isn’t always what people are trying to achieve. Many businesses opt to align themselves to a standard to ensure they’re doing the right thing, but may not go through with full certification.
[04:05] Who is the aim of a Gap Analysis? The objective of a Gap Analysis is to carry out a review of your organisation against the requirements of the respective standard.
This will help to establish the following:
- Areas where you conform to the standard, where you may have established the required processes, procedures, roles, responsibilities, systems, methods, documents
- Areas of nonconformity, where such things will need to be developed
- You may partly conform, so it’s important to understand that as well
From that understanding, you can build key actions, timescales and responsibilities for implementing an ISO Standard.
It’s also very useful to leadership; to clarify what’s needed, to look at priorities, to resource what’s required and to establish a timeline to your end goal.
[06:25] What is the process of conducting a Gap Analysis? It’s important to do this in a very structured manner. It’s also important to get access to existing documentation and personnel in key roles; they’ll be helpful during the gap analysis in providing understanding.
You’ll need to evaluate your current level of compliance against the following clauses within your desired ISO Standard(s):
4 Context: Understanding the world in which you operate, the people and organisations which are important to you. This is where you will determine the scope of your system (what to include, what parts of the standard are relevant).
5 Leadership: Top management’s commitment, how involved they are, their accountability and their commitment to resourcing, promoting, to giving people authority through clear roles and responsibilities.
6 Planning: This is about assessing risks and opportunities; understanding the uncertainty caused by your operating environment (context). It also involves setting objectives and then establishing meaningful plans to address the risks/opportunities and objectives; mitigations; establishing controls; operational processes.
7 Support: This is where you look at people, competence Infrastructure and environment (are your facilities/equipment appropriate to what you need to do). You will also need to identify what you need to monitor and measure to demonstrate the effectiveness of your ISO Management System.
Next, you need to cover awareness and communication, i.e. how do you make people aware of your system, policy, processes; what do you tell other interested parties?
Lastly, ensure you address how you control the documentation which supports your system.
8 Operation: This address the delivery of a product or service to the customer, including all the processes for doing so. For example, in ISO 9001 this clause defines what’s required when designing, developing, controlling externally provided products/services and controlling anything which goes wrong.
This is typically the clause that contains the largest difference between ISO Standard, with each one focusing requirements on it’s topic focus. For example, ISO 14001 includes requirements for emergency preparedness and response in the event of an environmental incident.
9 Performance evaluation: This is where you review and report on the results of the monitoring and measurement that you’ve put in place. For those familiar with ISO, this is where the internal audit and management review requirements sit.
10 Improvement: This clause states requirements for addressing any non-conformities that pop-up during your Internal Audits. It also encourages you to address opportunities for improvement to help drive continual improvement and innovation.
[13:50] Who should be involved in a Gap Analysis? One key myth that we’d like to clear up is that not everyone in the business needs to be involved in this process, however, we do recommend the following are included:
The person responsible for the day-to-day running of the Management System. This may not be known at this early stage, which is fine as the purpose of the Gap Analysis is to identify gaps such as this.
Leadership; someone in a senior role; responsible for resourcing the system, communicating its importance to the workforce; responsible for setting the strategic direction and objectives.
People who understand the context of the organisation; understanding interested parties (stakeholders); needs of customers and others; the regulatory environment
Those involved in risk management; operational, financial, commercial, regulatory, safety or environmental.
Someone with knowledge of the legal requirements and how they’re evaluated; relative to specific standard.
Anyone setting objectives related to the specific standard.
Those with knowledge of competence arrangements; not just those responsible for co-ordinating the Management System, but across the board, for delivering operational processes.
Those responsible for facilities and equipment; maintenance, service, test, inspection, etc.
People responsible for developing and delivering operational processes.
People with knowledge of how things are monitored or measured; possibly operations people, data analysis or those who report performance to management.
Those who control nonconformity and those who run improvement processes.
It can be quite a range of people!
However, in smaller organisations there may be quite a limited number who likely wear many hats. Again, that’s not a problem, as the Gap Analysis exists to discover that.
[21:55] What inputs should be included in a Gap Analysis? This can include a number of things, as not everything will necessarily be a document. Typically, we as consultants will look at:
- Management System manual or System Scope
- Organisational chart
- Mission, vision, values and culture
- SWOT/PESTLE and Interested Parties
- Policy relevant to the standard
- Job descriptions
- Risk and opportunities analysis; methodology
- Objectives
- Legislation register and methods of evaluation
- Competence arrangements, training records
- Management System awareness, training completion
- Details of version and document control in place
- Monitoring and measuring plans (KPIs, SLAs, internal performance metrics)
- Internal audit programme and audit reports
- Management review records
- Agendas for any regular management meetings
- Nonconformities, incident report and corrective action records
- Customer complaints/feedback
- Emergency Plans
- Process Documentation
- Examples of process documentation:
- Change control documentation
- Sales, tendering, order processing
- Procedures for the design and development of products and services
- Design and development records stating inputs, verification and validation activities, outputs, and approval of changes
- Procedures to approve products and services for release to customers including quality checks
- Supplier / third party evaluation and onboarding documents
- Non-conformity/complaint information
- Traceability documentation
[29:40] What is the output from a Gap Analysis? We look at all of this and compare it against the requirements of the Standard to see where you currently stand. In our case, we do this on a spreadsheet with a simple scoring system to give you an overview of what you already have in place and what needs to be addressed.
In many cases, businesses already have a lot of the required documentation, but don’t have it tied together in one cohesive system. So a large part of implementation is consolidating that existing documentation, process ect. Into an accessible and easily understood system.
The key thing to remember is that this is not an audit. The evidence required does not have to be as detailed as an audit; some things can be taken on trust or face value. At this stage we aren’t demonstrating anything to a certification body, and you are not being judged.
We are simply looking at what needs to be done to achieve full Implementation or certification.
If you’d like assistance with carrying out a Gap Analysis, get in contact with us, we’d be happy to help.
We’d love to hear your views and comments about the ISO Show, here’s how:
- Share the ISO Show on Twitter or Linkedin
- Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one.
Subscribe to keep up-to-date with our latest episodes:
Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List
We have over 17 years experience of implementing various ISO’s – and we’d like to share some insight into our proven methodology.
Our regular listeners may be familiar with the term ‘isology’ from previous episodes where we’ve highlighted our online platform – the isologyhub. But what is isology exactly?
Put simply, isology is our 7-step method for implementing any ISO Standard. Join Mel this week as she breaks down each of the 7 steps, including the planning, creation and review of an ISO Management System.
You’ll learn
- Our experience implementing ISO’s
- The origin of isology
- What is isology?
- The seven steps of isology
Resources
In this episode, we talk about:
[00:31] An overview of isology – a methodology for implementing any ISO. Find out more over on the isologyhub
[01:08] How the isology methodology was created – 17 years in the making with the help of our consultants.
[01:33] A brief overview of the 7 Steps of isology
[03:05] 1st Step – Plan: Get a copy of the Standard, determine your scope, timescales, leadership commitment, resources and selecting a Certification Body. Some choose to implement the system but leave out the badge. There are ISO’s that aren’t certifiable but good to have i.e. ISO 20400 Sustainable Procurement.
[05:38] 2nd Step – Discover: Time to understand what you have in place already and what you’re missing – this is done through a Gap Analysis.
[06:35] 3rd Step – Expose: This is where we look at risks and opportunities related to your desired Standard (both internally and externally). This is typically done through a SWOT and PESTLE. A Risk Register may be created to capture the findings to be addressed later. Companies are also encouraged to create a Legal Register to keep track of all their statutory, regulatory and contractual requirements.
[08:41] 4th Step – Create: Time to review the requirements of the Standard in terms of documentation – and create what’s needed. This includes capturing your way of working with documented Procedures – make sure you have the relevant staff involved in their creation.
[10:05] 5th Step – Launch: Once the Management System has found it’s home (usually an intranet or SharePoint) – you need to communicate it. Consider the type of launch you want and who will be involved. Make sure you encourage engagement with the Management System.
[11:18] 6th Step – Engage: There’s little point in having a Management System if people don’t know about it or have little interest in it. You should train your staff on the Management system, so that they are aware of your policies and procedures and where to find key documents. You must verify compliance through Internal Audits – this is a requirement of any ISO Standard.
[13:09] 7th Step – Review: Time to take a step back and look at what’s been achieved and what’s been highlighted as areas for improvement through your Internal Audits. There’s a set list of criteria in each ISO Standard to help you plan an agenda for the Review.
We’d love to hear your views and comments about the ISO Show, here’s how:
- Share the ISO Show on Twitter or Linkedin
- Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one.
Subscribe to keep up-to-date with our latest episodes:
Stitcher | Spotify | YouTube | iTunes | Soundcloud
Beyond certification, we take great pride in delivering ISO consultancy and support solutions. These solutions help our clients improve their productivity and profitability in a risk-controlled way.
We are your dedicated ISO consultants for all compliance matters from internal audits to updating Health, Safety and Environmental Legal compliance.
No matter what ISO certification you are hoping to achieve, we have a specialist ISO consultant ready to work with you and your organisation. Contact our team today to get started.
Our 7 Steps to Success
The Blackmores ISO Roadmap is a proven path to go from idea to launching your ISO Management System.
Whether you choose to work with one of our ISO Consultants, our isologists®, or work your own way through the process on our isology Hub, we’re certain you’ll achieve certification in no time!
We have a proven step by step process that our ISO Consultants implement as soon as our working relationship begins. We use our specialist skills and industry knowledge to determine what is already on track and where improvements can be made. We live and breathe ISO standards, we know the standards inside out so you don’t have to.
Our ISO Consultants can help you implement systems for any ISO Standard. See the full list for specialised standards here.
What our clients have to say
We engaged Blackmores to develop our ISO 9001, 14001, and 45001 management system from scratch. Throughout the creation and development stages of our ISO journey, Anju Punetha demonstrated remarkable patience, knowledge, and understanding as our dedicated consultant.
During our internal audit preparations, Ian Battersby’s meticulous attention to detail and thorough approach ensured we were well-prepared for our external audit, which we passed with flying colours. His guidance during the external audit was invaluable.
Based on our engagement and experience, I highly recommend the entire Blackmores team. If you’re considering pursuing ISO accreditations, Blackmores should be your first choice.
Graeme Adam
The support and advise I get from our assigned auditors is immense. Forward planning for the following year is great and they are flexible and always willing to help.
Kalil Vandi
“Blackmores have assisted us almost since the start of our adoption of the ISO 9001 quality standard. Their input has improved our processes since the start, and enabled our goal of continuous improvement to be achieved. The people are also extremely easy to get on with, and they really understand our business, giving us a great deal of confidence in their advice.”
David Gibson
“Blackmores are the perfect bridge between working on your ISO as an individual or company, to being audited each year. We find that any queries we have are covered and we feel sure that we have everything as needs be before going into an external audit.”
Mandy Welsby
“We have been extremely impressed with the service and support provided by Blackmores. There knowledge and assistance through out our ISO journey has been amazing!”
Philip Hannabuss
“Blackmores have really kept us on our toes with the broad scope and level of detail they apply to our internal audit schedule. They always stay abreast of ISO standard changes and help us to adapt our processes and documents to embrace these changes accordingly. Having Blackmores shadow our external audits provides invaluable confidence and peace of mind – would highly recommend their services!”
Phil Geens
“Our ISO 27001 certification project has gone so well, that there was no doubt in who we were going to ask to help us with our aspirations of becoming ISO 14001 certified. It’s been an absolute pleasure working with Blackmores, and we are really looking forward to working with them for the foreseeable future.”
Trusted by leading organisations across all sectors, we support companies of all sizes in any location.
Listen to our Podcast
Welcome to the ISO Show podcast, dispelling myths and sharing tips for success to improve your business with ISO Standards. Join us to hear interviews with successful business leaders as they share their ISO journey with you.
Get top tips via audio master classes “ISO Steps to Success” on the most popular ISO Standards.
