We have over 18 years’ experience of implementing various ISO’s, covering a wide range of topics such as Quality, Sustainability, Information Security and Risk.
With a 100% success rate, we’re confident in our consistent approach to implementing ISO’s, so much so that we’ve coined our own unique methodology.
Our regular listeners may be familiar with the term ‘isology’ from previous episodes referencing our online platform – the isologyhub. But what is isology exactly?
Put simply, isology is our 7-step method for implementing any ISO Standard. Join Mel this week as she breaks down each of the 7 steps, including the planning, creation and review of an ISO Management System.
You’ll learn
- Our experience implementing ISO’s
- The origin of isology
- What is isology?
- The seven steps of isology
Resources
In this episode, we talk about:
[00:25] Episode Summary – Mel Blackmore will be explaining our world leading methodology to implement any ISO Standard, which we’ve affectionately named ‘Isology’.
[00:45] The creation of isology: We’ve been implementing ISO Standards for 18 years, starting with ISO 9001 and have since expanded our repertoire to over 20 ISO Standards covering risk, sustainability, quality and Information Security.
The creation of the isology methodology has been a team effort from all of the consultants who have worked with Blackmores over the years, and is primarily built on best practice.
[01:35] Step 1: Plan – Get a copy of the Standard, determine your scope, timescales, leadership commitment, resources and selecting a Certification Body.
Timescales: This is typically around 6 months, but could be longer or shorter depending on your specific requirements.
Resources: As an example, if you were looking to obtain ISO 14001 certification, you may need to appoint a sustainability champion. For ISO 27001 you’ll need a representative from the IT department.
Selecting a Certification Body: Ensure whichever Certification Body you choose is UKAS accredited. You can check this on the UKAS website. International listeners will need to verify on your country’s national accreditation body website.
[03:45] Step 2: Discover – Time to understand what you have in place already and what you’re missing – this is done through a Gap Analysis.
This will often involve an initial meeting with the leadership team to establish what you already have in place, i.e. relevant policies and procedures or any relevant objectives.
We break this down step-by-step and document it all in a Gap Analysis, which will deduce your current level of compliance. From this an action plan can be created to indicate what needs to be done to become fully compliant, including assigning roles to assist with the Implementation.
[05:30] Step 3: Expose – This is where we look at risks and opportunities related to your desired Standard (both internally and externally). This is typically done through a SWOT (Strengths, Weaknesses, Opportunities and Threats) and PESTLE (Policital, Economic, Social, Technological, Legal and Ethical).
In this stage you will also need to understand the key requirements of any relevant stakeholders, so this can include clients, subcontractors, regulatory bodies ect.
A Risk Register may be created to capture the findings to be addressed later. Some ISO’s require a Risk Register, others don’t, but in our experience it’s beneficial to have one regardless.
Companies are also encouraged to create a Legal Register to keep track of all their statutory, regulatory and contractual requirements.
[07:50] Step 4: Create – Time to review the requirements of the Standard in terms of documentation – and create what’s needed. This includes capturing your way of working with documented Procedures, so make sure you have the relevant staff involved in their creation.
Something to remember, you can have additional policy statements that aren’t required by the Standard. If they are important to you, add them in!
We’re in a modern age now, gone are the days of paper manuals gathering dust on an office shelf. Software and applications may be where the bulk of your Management System documentation lives. For example, at Blackmores we use a combination of Monday.com and SharePoint to manage all of our day-to-day activities, including our own ISO 9001 compliant Management System.
The key here is to make your Management System accessible for everyone.
[10:20] Step 5: Launch – Once the Management System has found its home, you need to communicate it. Consider the type of launch you want and who will be involved. Make sure you encourage engagement with the Management System.
Why should you Launch your Management System? Quite simply, there isn’t much point in having controls in your business if no one knows about them!
We have 2 key ways of supporting you with the launch of your Management system:
- We can run an awareness session on your Management System either in person or via Teams. It can then be recorded and used as refresher / induction training.
- Get access to the isologyhub – out online platform with a suite of over 200 ISO courses, training, tools and templates.
[12:15] Step 6: Engage – After the launch you want to ensure that employees are fully engaged and they actually not only are aware of the policies and procedures that you’ve got in place, but they’re actively using them.
The only way to verify this is through Internal Audits – that’s not just our opinion, that’s a mandatory requirement of any ISO Standard.
We can assist with conducting these Internal Audits, which double up as a dummy run ahead of your assessment visits. These audits are essentially a show and tell exercise to gather evidence that you’re doing what you say your doing.
[13:55] Step 7: Review – Time to take a step back and look at what’s been achieved and what’s been highlighted as areas for improvement through your Internal Audits. This is done at what we call a Management Review.
These are typically conducted as meetings, but they don’t have to be a meeting specifically. We’ve done a podcast covering other ways to conduct this review.
At this Management Review you will collate data on the performance of your business in relation to the ISO Standard. The minutes must be recorded, as your Assessor will expect to see these as it’s a mandatory requirement of any ISO Standard.
If you’d like to learn more about what’s involved with a Stage 1 and 2 Assessment, go back and listen to a previous episode.
If you’d like to book a demo for the isologyhub, simply contact us and we’d be happy to give you a tour.
We’d love to hear your views and comments about the ISO Show, here’s how:
- Share the ISO Show on Twitter or Linkedin
- Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one.
Subscribe to keep up-to-date with our latest episodes:
Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List
The deadline is looming over the horizon as October 2025 marks end of the validity of ISO 27001:2013 certificates.
Have you made a start on your transition journey? If not, you really should make a start in 2024 to ensure you’re all set well before that final deadline. The first step is to decide if you want to do it yourself or enlist the help of a professional consultant.
For those that want to tackle it yourselves, you’re in luck! As we have just the tool to help: The ISO 27001:2022 Transition Gameplan.
In this weeks’ episode, Steph Churchman, Communications Manager at Blackmores, explains why you need to transition to the 2022 version of the Standard and outlines the 7-step ISO 27001:2022 Transition Gameplan available on the isologyhub.
You’ll learn
- Why do you need to transition to ISO 27001:2022?
- What happens if you don’t transition?
- What is the ISO 27001:2022 Transition Gameplan?
- An overview of the 7-step Gameplan
Resources
In this episode, we talk about:
[00:25] A different host – Steph Churchman, Communications Manager at Blackmores, steps in to cover today’s episode. She’s heavily involved with the development and updating of the isologyhub, and will be explaining one of the latest Gameplan’s: The ISO 27001:2022 Transition Gameplan
[01:15] Why do you need to transition to ISO 27001:2022? The October 2025 deadline is fast approaching, so you really should be making a start in 2024 if you’ve not already.
[01:45] Who needs to transition to ISO 27001:2022? – Basically, anyone who is currently certified under ISO 27001:2013 will have to transition to the updated Standard.
One of the main reasons why we recommend getting a head start on this is , Certification Bodies will undoubtedly have a large demand for transition audits in 2025, when everyone’s rushing to get it done last minute. This results in a shortage of resources from the CB’s, and you may end up struggling to get booked in time.
[02:35] What happens if you don’t transition in time? – The harsh truth is you will lose your ISO 27001 certification.
This then means you’ll be required to go through another Stage 1 and 2 Assessment against the latest version of ISO 27001, which can be costly.
Another key reason is the latest version of ISO 27001 also considers a lot of new technologies that weren’t around back when the last version was published. You can imagine now that there are a lot more cybersecurity risks to consider with all the latest technology that has been released in that time. Put simply, it’s for the benefit of your Information Security to ensure you are adhering to the most recent best practice Standards.
[03:40] What is the ISO 27001:2022 Transition Gameplan? This Gameplan will walk you through the stages of transition, which align to our proven isology® approach. Isology being our methodology for implementing any ISO Standard, based on our 18+ years of experience.
In this Gameplan we provide training videos on the changes to ISO 27001, along with specific training videos covering each of the new Annex A controls that you will need to be familiar with, along with templates and workbooks to take you through the process from beginning to end.
[04:20] Step 1: Plan – Before you begin on your journey, it’s advised to understand the main changes to the standard. We’ve summarised the high-level changes in a previous podcast, and included a quick summary in the first step of the Gameplan.
In this first step, you’ll also find guidance on how to prepare for your Certification Body visit. You really do need to do this early on to help establish a realistic timeline to complete your transition work.
[04:55] Step 2: Discover – At this stage, you need to get to grips with the changes to the Standard. There have been a number of controls changed, and 11 completely new ones added. We did cover a select few of these new controls in a few previous podcasts: #111, #112, #113, #114
In this Discover step we provide a number of awareness videos to explore these new controls and changes in detail, including how they may apply to your business.
We’ve also included a downloadable PDF guide to these changes, in case you’d like to share this information internally.
[05:40] Step 3: Expose – In this step we’ve included an ISO 27001:2022 transition workbook, which will act as a guide for all your transition activities. The first being the conducting of a Gap Analysis against the latest version of the Standard.
After completing this, you will have a much better idea of where your main gaps and vulnerabilities are, so you can start putting the necessary controls in place to ensure compliance with ISO 27001:2022.
We’ve also included a summary of the main Management System documentation that will need to be updated ahead of your transition visit.
[06:20] Step 4: Create – This is the step where you will be implementing those changes as a result of your Gap Analysis. This will also be guided by that workbook, and we have provided some additional templates and resources to aid you.
These include:
- A Statement of Applicability Template
- Annex A Control Mapping
- ISO 27001 Management Review Template
[07:15] Step 5: Launch – It’s not just about updating your documentation, you will obviously need to communicate these changes to the wider business.
In this step we go over a few options for your launch plan – including guidance for both a soft launch and an all-in launch.
To help you decide which one would be the best fit for you, we’ve included a full summary of each method in addition to a pro’s and con’s list for each.
[08:30] Step 6: Engage – The last stages are all about gathering evidence of compliance against new and updated clauses and controls.
In this step we provide some insight into what’s required from your Internal Audits and Management Review ahead of your transition visit.
If you wanted to get some more tips on carrying out internal Audits within your business – we also offer a full Internal Auditor course on the hub that covers the core skills needed to complete those. If you become a member of the hub, you’ll get access to our whole library of resources – which includes a wealth of ISO related tools, templates and training videos.
[09:20] Step 7: Review – This last step will help you prepare for the transition visit with your certification body.
We touch on what you should expect from your Certification Body ahead of the transition visit, and include guidance on carrying out a final Document and evidence check to make sure you’re all good to go.
If you’d like to book a demo for the isologyhub, simply contact us and we’d be happy to give you a tour.
We’d love to hear your views and comments about the ISO Show, here’s how:
- Share the ISO Show on Twitter or Linkedin
- Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one.
Subscribe to keep up-to-date with our latest episode’s:
Stitcher | Spotify | YouTube | iTunes | Soundcloud | Mailing List
Quality and environmental management are top priorities for many organisations, backed up by the increasing number of ISO 9001 and ISO 14001 certificates being issued every year.
Aside from being a popular requirement on tenders, ISO 9001 and ISO 14001 provide a robust framework for businesses to ensure they follow Best Practice, enhance their businesses performance and put measures in place to reduce their environmental impact. We often see these two Standards being implemented in tandem, as is the case with todays’ guest, Asynt.
Asynt is a global provider of world leading technologies and services for scientific research, developed by chemists for chemists, their laboratory equipment responds to the real demands of industry and academia across the globe.
Today we welcome Siobhan Ellwood, Sales Support at Asynt, as she explains their journey towards ISO 9001 Implementation, and how they embedded ISO 14001 along the way using our online learning platform – the isologyhub.
You’ll learn
- Who are Asynt?
- How did Siobhan get involved with ISO Standards?
- What was Asynt’s main driver for obtaining ISO 9001 and ISO 14001?
- What did Asynt learn while implementing ISO 9001 and ISO 14001?
- Siobhan’s experience using the isologyhub to implement ISO 14001
Resources
In this episode, we talk about:
[00:55] An Introduction to Asynt – A global provider of world leading technologies and services for scientific research. Based just outside of Ely in Cambridgeshire, they just celebrated 20 years in business!
[02:10] Siobhan’s role and how she got involved with ISO Standards: Siobhan is the Sales Support Manager for Asynt, she assist with raising quotations, managing sales orders and providing support for the warehouse.
In January 2023, 3 members of the Asynt Team were tasked with researching and obtaining ISO 9001, with a view to adopt ISO 14001 later on. Siobhan had experience working with Quality Standards thanks to her previous work in aviation and automotive companies, and had even previously implemented the Standard. Naturally, she was a perfect fit to head the ISO 9001 and ISO 14001 project at Asynt.
[05:40] What did Siobhan enjoy most about Implementing ISO Standards? Initially, realising that she had a lot more knowledge about ISO than she gave herself credit for. Also, making use of the 5 Why’s to identify where something has gone wrong, implement a solution and preventing it from recurring.
[06:40] What were the main drivers behind Implementing ISO 9001 and ISO 14001?: For ISO 9001 – Top Management saw the need to have proper procedures in place, to ensure that everything was written down and could be communicated and conducted by other staff if needed. Ultimately, they wanted a cohesive system where everything, included roles and responsibilities, were documented and managed.
For ISO 14001 – Customers often ask for ISO 9001, but ISO 14001 was also starting to pop up in conversation more. Top Management at Asynt wanted to get ahead of the curve and make the move towards becoming more environmentally friendly. It was also seen as a stepping stone towards being in a position to calculate their Carbon Footprint and make further improvements.
[09:50] The ISO 14001 Coaching Programme – Asynt were one of the first companies to go through our ISO Coaching Programme, hosted via the isologyhub. This programme combined the DIY digital platform with group coaching sessions, allowing all participants to work collaboratively towards creating their own Environmental Management System.
[10:20] Siobhan’s experience with the ISO 14001 Coaching Programme: Overall Siobhan had a very positive experience in the coaching programme, a few highlights include:
Sharing ideas: Other participants come from a wide range of industries, and each brought their own unique ideas to the table, encouraging others to look at things from many different points of view.
Support: If another participant is struggling with something, there is a group of people to support and provide possible solutions. Siobhan gave an example of where she provided an Excel guide to another member who was looking for a solution.
Resources: Siobhan had previous experience with implementing ISO Standards, so she was aware of what type of documentation was required. She found the resources on the hub useful to refer to outside of coaching sessions, to enhance Asynt’s own ISO Standard Implementation.
[12:20] What was the biggest Gap identified during Asynt’s Gap Analysis? Mostly it was the lack of documentation, which required a lot of work to get everything written down in cohesive processes and procedures.
For ISO 14001, Asynt are fortunate enough to own the buildings that they operate in. So, gathering the initial information required where potential energy and environmental improvements could be made was fairly easy.
[15:00] What differences did Asynt see after addressing the identified gaps? For ISO 14001 – Some elements were already in place (recycling waste ect), but weren’t being monitored in any meaningful way. Now Siobhan has got processes in place to ensure the recycling is being separated correctly and weighed so they can properly gauge their impact.
For ISO 9001 – It was the introduction of the 5 Why’s, which Asynt have used to great effect to identify problems and implement solutions. An example of this can be found in their warehouse, lanes and shelves weren’t labelled, causing confusion. It was a quick fix that could have been implemented years ago, but the 5 Why’s forced a much needed change.
[18:00] What did Siobhan learn from the experience of Implementing ISO 9001 and ISO 14001? Integrating a Management System can save on a lot of paperwork! Initially the plan was to have just an ISO 9001 System, with ISO 14001 implemented at a later date. Going through the process of Implementing them as the same time highlighted how much easier it would be to combine them, thanks in part to how many elements overlap between the two.
It also makes the system a lot easier to interact with, having everything in one place rather than spread between two separate systems means staff don’t have to waste time digging for policies and Procedures.
[20:00] Certification plans: Asynt are well on their way towards ISO 9001 and ISO 14001 certification with their Stage 1 in October and Stage 2 in November 2023. With just under 2 months before the Stage 1, Siobhan plans to continue working through some opportunities for Improvement, raised by Blackmores in some recent Internal Audits.
[21:41] Siobhan’s top tip: Trust in the process and make sure that you have the right person in your business to lead the ISO project.
Also being open to change, being honest with yourself about where the gaps are and trying to get those closed but also manage expectations within the business.
[23:50] Siobhan’s book recommendation: Salt path by Raynor Winn.
[26:05] Siobhan’s favorite quote: “Personal growth is not a matter of learning new information, but unlearning old limits” – Alan Cohen
If you’d like to learn more about Asynt check out their website!
We’d love to hear your views and comments about the ISO Show, here’s how:
- Share the ISO Show on Twitter or Linkedin
- Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one.
Subscribe to keep up-to-date with our latest episode’s:
Stitcher | Spotify |YouTube | iTunes | Soundcloud |
We have over 17 years experience of implementing various ISO’s – and we’d like to share some insight into our proven methodology.
Our regular listeners may be familiar with the term ‘isology’ from previous episodes where we’ve highlighted our online platform – the isologyhub. But what is isology exactly?
Put simply, isology is our 7-step method for implementing any ISO Standard. Join Mel this week as she breaks down each of the 7 steps, including the planning, creation and review of an ISO Management System.
You’ll learn
- Our experience implementing ISO’s
- The origin of isology
- What is isology?
- The seven steps of isology
Resources
In this episode, we talk about:
[00:31] An overview of isology – a methodology for implementing any ISO. Find out more over on the isologyhub
[01:08] How the isology methodology was created – 17 years in the making with the help of our consultants.
[01:33] A brief overview of the 7 Steps of isology
[03:05] 1st Step – Plan: Get a copy of the Standard, determine your scope, timescales, leadership commitment, resources and selecting a Certification Body. Some choose to implement the system but leave out the badge. There are ISO’s that aren’t certifiable but good to have i.e. ISO 20400 Sustainable Procurement.
[05:38] 2nd Step – Discover: Time to understand what you have in place already and what you’re missing – this is done through a Gap Analysis.
[06:35] 3rd Step – Expose: This is where we look at risks and opportunities related to your desired Standard (both internally and externally). This is typically done through a SWOT and PESTLE. A Risk Register may be created to capture the findings to be addressed later. Companies are also encouraged to create a Legal Register to keep track of all their statutory, regulatory and contractual requirements.
[08:41] 4th Step – Create: Time to review the requirements of the Standard in terms of documentation – and create what’s needed. This includes capturing your way of working with documented Procedures – make sure you have the relevant staff involved in their creation.
[10:05] 5th Step – Launch: Once the Management System has found it’s home (usually an intranet or SharePoint) – you need to communicate it. Consider the type of launch you want and who will be involved. Make sure you encourage engagement with the Management System.
[11:18] 6th Step – Engage: There’s little point in having a Management System if people don’t know about it or have little interest in it. You should train your staff on the Management system, so that they are aware of your policies and procedures and where to find key documents. You must verify compliance through Internal Audits – this is a requirement of any ISO Standard.
[13:09] 7th Step – Review: Time to take a step back and look at what’s been achieved and what’s been highlighted as areas for improvement through your Internal Audits. There’s a set list of criteria in each ISO Standard to help you plan an agenda for the Review.
We’d love to hear your views and comments about the ISO Show, here’s how:
- Share the ISO Show on Twitter or Linkedin
- Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one.
Subscribe to keep up-to-date with our latest episodes:
Stitcher | Spotify | YouTube | iTunes | Soundcloud
Our 7 Steps to Success
The Blackmores ISO Roadmap is a proven path to go from idea to launching your ISO Management System.
Whether you choose to work with one of our ISO Consultants, our isologists, or work your own way through the process on our isology Hub, we’re certain you’ll achieve certification in no time!
We have a proven step by step process that our ISO Consultants implement as soon as our working relationship begins. We use our specialist skills and industry knowledge to determine what is already on track and where improvements can be made. We live and breathe ISO standards, we know the standards inside out so you don’t have to.
Our ISO Consultants can help you implement systems for any ISO Standard. See the full list for specialised standards here.
What our clients have to say
Trusted by leading organisations across all sectors, we support companies of all sizes in any location.
Listen to our Podcast
Welcome to the ISO Show podcast, dispelling myths and sharing tips for success to improve your business with ISO Standards. Join us to hear interviews with successful business leaders as they share their ISO journey with you.
Get top tips via audio master classes “ISO Steps to Success” on the most popular ISO Standards.