Blackmores ISO Consultancy Service: The creators of isology®

With a growing number of threats and risks facing businesses every day, it’s never been more crucial to have a proper system in place to mitigate and manage issues when they crop up.

A variety of ISO Standards can help businesses to do just that! And we’re seeing an ever-increasing trend of requests for Integrated Management Systems, which combine multiple ISO certifications to cover every aspect of their business. Such is the case with today’s guest, Todd Research.

Todd Research have been in the business of designing, manufacturing and supplying X-ray scanners for 70 years. They have since expanded their product range to include other solutions, all designed to detect suspect devices.

We’re joined by Caroline Banks, Support Manager at Todd Research, to learn about why they decided to implement ISO 9001 (Quality Management) and ISO 27001 (Information Security), including an insight into their experience with our ISO 14001 coaching programme, hosted on the isologyhub.

You’ll learn

• Who are Todd Research?
• Why did they choose to Implement ISO 9001 and ISO 27001?
• What challenges did they face?
• The benefits of ISO 9001 and ISO 27001
• Their experience with our ISO 14001 coaching Programme

Resources

• Todd Research
• isologyhub
• ISO 9001
• ISO 27001  

In this episode, we talk about:

[00:37] An introduction to Todd Research and Caroline Banks’ role as Support Manager there.

[01:20] What is something not many people know about Caroline? She’s taken up running and started with the couch to 5K. She later completed a half-marathon in the same year, and has since gone on to finish 21 more half-marathons and 2 full ones!  

[02:27] Who are Todd Research? They were founded in 1950, designing, manufacturing and supplying X-ray scanning equipment. They also provide service and maintenance for their devices worldwide.

[03:11] What Standards are they certified to? ISO 9001 (Quality Management, inherited from a previous company) and ISO 27001 (Information Security Management)

[03:48] What was the main driver for achieving ISO 9001 and ISO 27001? – For ISO 9001 – As a manufacturing company, they want to ensure that they can provide the best quality in terms of product and service. For ISO 27001 – This was more sales driven and was being requested in a lot of tenders, particularly Government tenders.

[04:35] How did Caroline manage an inherited Quality Management System? – Caroline completely revamped the inherited Management System, making it their own and adapting it to suit how they currently run their business. It involved a lot of review and removal of unnecessary documentation, with the end result of streamlining the whole system. They also appreciated a 3^rd party coming into review and assist with the process. After moving to a new premises, they are still continually Improving system year on year.

[06:25] How long did it take to achieve certification to ISO 27001? – They started in April 2021 with a Gap Analysis and gained certification in September 2021 (6 months in total). As they already held ISO 9001, they made the decision early on to integrate the two Standards into a Business Management System.

[07:50] What was the biggest gap found after the initial ISO 27001 Gap Analysis? – The biggest challenge for Todd Research was carrying out the Risks Assessments. Getting Directors involved in the review of Standards and agreeing what risks applied to them took the most time in the early stages.

[09:00] Caroline’s experience with ISO 27001 – While she had experience with ISO 9001, ISO 27001 was a whole new ball game. There are a lot of risks associated with Information Security including, phishing, malware, risks to hardware ect. This was all new territory for Caroline, but she adapted and learned a lot along the way.

[09:50] What difference has the Management System made to the business? – It’s unique to them and their way of working, especially as a result of integrating the two Standards into a single Management System. The whole process gave them a chance to look at the business with a new perspective, which in turn helped them to streamline a lot of processes.

[10:20] What lessons have they learned from Implementing ISO 9001 and ISO 27001? – Caroline now has a better understanding of how the business works from all angles, from manufacturing to finance. Her experience with having Blackmore assist with Internal Audits highlighted the need and importance of impartiality.

[11:20] What are the main benefits? – For them, it’s having an Integrated Management System, as a lot of aspects of various ISO Standards share similarities, and it just makes sense to combine them to save on doubling up on documented information. Caroline also highlights the Corrective Actions Log as her key tool for managing actions following on from Internal Audits, allowing for a proactive approach for business improvement on a weekly basis. 

[12:50] What is the ENE / ISO 14001 Coaching programme? – Blackmores secured some European funding to support 7 businesses in the East of England to raise awareness of environmental issues and implement some practical tools for Environmental Management. We opted for an ISO 14001 focus and utilized our online membership portal, the isologyhub, as the host with additional coaching from one of our experienced consultants.

[13:25] What was Caroline’s experience with the isologyhub and the ISO 14001 coaching programme – Todd Research made the decision early on not to go for ISO 14001 certification. The experience gave Caroline a good insight into what the requirements are for the Environmental Management Standard in preparation for potentially certifying in future.

Caroline highlights the wealth of information available in the hub, including documentation which supplemented the coaching sessions. Her 1-2-1 coaching sessions resulted in deeper analysis of what their business can act on to improve their impact, for example putting in place a scrap metal policy for X-ray scanners and equipment that needs to be disposed of. They have also streamlined their Engineer’s service visits, by making the most of them while in any given area to reduce the carbon impact of travel.

[17:00] What was the most useful resource in the isologyhub? – The training provided for carrying out Risk Assessments, with a focus on their environmental risks.

[18:05] What was the main benefit of achieving certification to ISO 9001 and ISO 27001? – Having both standards sets them aside from their competitors, as many have ISO 9001 but not many have ISO 27001. It also brings a sense of continuity to the business.

[18:55] Caroline’s top tips – Use an independent company (such as Blackmores) to assist with Implementation. Having a helping experienced hand will make the journey run a lot more smoothly and will give you piece of mind, especially as you have your own day job to worry about!

[19:30] A reminder that the ISO 27001 Transition Gameplan is available on the isologyhub – ISO 27001 recently updated, and those certified with need to update to the latest 2022 version of the Standard. Our Transition Gameplan will guide you through the changes and what needs to be done to update your Management System. 

[21:17] Caroline’s book recommendation – ‘Menopausing’ by Davina McCall

[22:17] Caroline’s favorite quote – ‘It’s not so much that I began to run, it’s that I continued’

You can find out more about Todd Research via their website!

We’d love to hear your views and comments about the ISO Show, here’s how:

• Share the ISO Show on Twitter or Linkedin
• Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one.

Subscribe to keep up-to-date with our latest episodes:

Stitcher | Spotify | YouTube | iTunes | Soundcloud

Currently, there are around 1,077,884 valid ISO 9001 certificates globally – which beats the second runner, ISO 14001, by over 600,000!

There is no doubt that the Quality Management Standard, ISO 9001, is still the most widely adopted ISO Standard – and for good reason!

ISO 9001 is basically a model for running a successful and profitable business. It provides a common framework for things that all businesses should have in place, including defining your companies unique ‘way of working’.

In addition to being a blueprint for a business’s operation, there are many other benefits to be gained from implementing ISO 9001. Today, Mel explains a few of these benefits in greater detail.

You’ll learn

• What is ISO 9001?  
• Why Implement ISO 9001?  
• The benefits of ISO 9001

Resources

• What is ISO 9001?
• Isologyhub

In this episode, we talk about:

[00:30] Why talk about ISO 9001 benefits? Often times, Mel gets asked for benefits of ISO 9001 so a business case can be put forward.

[01:00] What is ISO 9001? For a detailed break down of the Standard, go back and watch ‘Episode 36 – What is ISO 9001?’

[01:45] For those that have Implemented ISO 9001, what are the benefits? We’d love to hear from you! If you have some stories to share – feel free to leave a comment on which ever media player you’re listening on – or email us. We’d love to share some of your experiences in a future episode.   

[02:09] Benefit #1: Win new business – From a sales and marketing perspective, ISO 9001 is essentially a passport to trade. It demonstrates credibility to Stakeholders as it’s a mark of quality.

[02:55] Benefit #2: A framework that can fit any business – This can be for any industry sector and business size. It helps businesses figure out what is working well and what’s not working so well.

[03:10] Benefit #3: Identify opportunities for Improvement – It helps businesses figure out what is working well and what’s not working so well. It can help identify issues such as: Bottlenecks in processes, resourcing and external factors.

[04:05] ISO 9001 helps you to look at your business – warts and all. It does no one any good to bury their head in the sand and ignore issues, especially as Stakeholders and clients will see through this.

[04:40] Benefit #4: Put quality controls in place to mitigate risk and raise your standards – If you have complaints or need to do a product recall – you need processes in place to handle this. ISO 9001 gives you the tools to do so, creating an effective framework everyone can follow.

[05:40] Benefit #5: Improve efficiency – ISO 9001 helps you identify the best way of working and pushes you to optimise that. That could include eliminating aspects of you business that waste time, or create burdens.

[06:05] Benefit #6: Creating a unique Blueprint – ISO 9001 isn’t an out of the box solution – it can be tailored to your way of working. It helps to establish relevant Policies and Procedures that improve your business operations.   

[06:24] Benefit #7: Enhancing customer satisfaction and employee retention – Good quality business practices will inevitably help you to keep ahold of good clients – and good employees too! This can be achieved by having clear roles and responsibilities in addition to vision and goals for the business.

[07:20] Benefit #8: Increase profitability – Businesses often look at the cost of poor quality – where is your business leaking money? Addressing those issues is a direct cost saving.

[08:21] Businesses who have grown through acquisition often find ISO 9001 a great tool to help standardise their way of working, so they can easily integrate other businesses and services.  

We’d love to hear your views and comments about the ISO Show, here’s how:

• Share the ISO Show on Twitter or Linkedin
• Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one.

Subscribe to keep up-to-date with our latest episodes:

Stitcher | Spotify | YouTube | iTunes | Soundcloud

What is the future for ISO 9001? It only seems like yesterday that the latest version of ISO 9001 and ISO 14001 was released, even though this was back in November 2015.  How time flies as they say! All organisations have now transitioned to the latest version, however, standards, the same as businesses can never afford to be left to stand still.  In true Deming fashion (Plan, do, check, act), the time has come for the next review and revision.  Next year, in 2020 the review process begins again…….

I was delighted to be joined on the ISO Show this week by Paul Simpson, Chair of the ISO 9001 Technical Committee in the UK (TC 176) and Director of Strategy to Action. 

In the ISO Show this week Paul explains:-

• How Annex L supersedes Annex SL
• What is the role of TC 176 and what they are currently doing in relation to ISO 9001?
• The future concepts for ISO 9001
• Views on whether ISO 9001 could change much following the review which begins in 2020

If you would like to find out more about Paul Simpson and his company, Strategy to Action, Action to Success, click HERE.

If you would like to find further information about the ISO 9001 Quality Technical Committee, click HERE.

Need assistance with ISO 9001? We’d be happy to help, simply Contact Us.

To help out the ISO Show:

• Share the ISO Show on twitter or Linkedin
• Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and I read each one.

This is the second of a series of blogs, relating to Clause 8 of the new ISO 20000-1:2018, designed to unpack the requirements of the standard and remove that air of mystery that can so often form around standards. This week we’ll continue to look at clause 8.2 of the standard.

Service catalogue management

The Service Catalogue is often undervalued in service management systems, but it has a critical part to play in communicating to customers exactly what you can provide, and, above all, it should be used by Sales when selling services to a customer. If anyone sells anything that is not in the catalogue it is not the responsibility of your organisation to bend your processes to meet that service agreement. First, Sales should go back to the customer and advise them that the service cannot be delivered and second, the proposal put forward by Sales could be passed through the Design, Build and Transition process to produce a new service.

Sometimes it helps to see that Service Catalogue as something like an ‘Argos’ catalogue where all the wares for sale are recorded, but the customer doesn’t have to buy everything; they may choose to just by Incident Management or Service Request Management, but the catalogue will show them clearly how they might develop that service in the future.

The catalogue does not have to have the service prices printed in it as this will be part of the Sales discussion. One way of making the catalogue available to all interested parties is to put in on the company website or in a ‘customers only’ area of the website.

Asset management

Don’t look at Asset Management as purely being related to customer assets as the standard clearly states that ‘the organization shall ensure that assets used to deliver services are managed…’ So, a good asset management system can help here (if you are certified to ISO55001, much of the work will have been completed). What are the assets that should be considered?

–              Service Desk tools (Service Now etc)

–              Vehicles to get engineers and equipment to a customer site

–              Spares

–              IT equipment

–              Staff

This isn’t by any means an exhaustive list but just listing 4 items can show how broad this small clause can be. But don’t run away with the idea that you need to create a new job role to manage assets, instead look for where these are managed naturally in the business; staff by HR; Vehicles by facilities; Service Desk tools and IT equipment by the IT department; Spares by Procurement and Logistics. All these teams might be providing reports to the Service Delivery Manager/Director about the availability of the assets in their control.

Configuration management

Focus on Customer Assets takes place here. First, we need to understand what is meant by a Configuration Item (CI) – a CI is an asset that makes up part of the service.

The service itself could be a Configuration Item and all the assets used to deliver that service could all be classed as configuration items; but the main point of configuration management is to ensure that your organisation only services equipment under contract.

For every service established it is key to understand the exact equipment to be serviced; this can be determined through Model Numbers, Serial Numbers and or Asset Numbers (see below). This will enable the Service Desk staff to know what equipment is under contract and which equipment should be subject to a Service Charge. Without this you will end up servicing equipment that is not under contract

The standard is quite specific about what information should be recorded for each Configuration Item:

–              Unique identification (serial number, asset number)

–              Type of CI (the item or model number)

–              Description of the CI (detailed description of the item)

–              Relationship with other CIs (does this CI have any dependencies on or for other items; if changes are made will other CIs be affected?)

–              Status (is the CI still live or obsoleted in the service contract).

A configuration management list will be produced for each customer, but it is important that the list is reviewed at planned intervals (add this to the audit schedule) and audited to ensure that changes to the configuration estate have been captured. It is useful to ensure that a step in the Change Management process includes a review of the customer’s configuration list.

Need assistance with ISO 20000-1? We’d be happy to help, simply contact us at: enquiries@blackmoresuk.com

This is the first of a series of blogs, relating to Clause 8 of the new ISO 20000-1:2018, designed to unpack the requirements of the standard and remove that air of mystery that can so often form around standards.

8.1 Operational Planning and Control

Clause 8.1 of the standard relates to Operational planning and control. At first glance, it appears to be a copy of the requirements of ISO 9001:2015, but further reading shows that it is different.

If you are setting up your Service Management System in the order that the standard has been written, you will have arrived at clause 8 of the standard with risks, opportunities and objectives that need to be considered when establishing the Service Management System. Without this knowledge to hand you could develop and management system that does not address these risks and opportunities or enables the setting objectives.

The standard requires us to ‘establish performance criteria for the processes based on requirements’ or, in other words, what performance measures are needed to determine the effectiveness of processes in the service management system. These might include, performance against targets; numbers of incidents and problems; lost and gained services; volumes against Supply and Demand; Security breaches; customer satisfaction and complaints… plus much more. These measures must be appropriate to each individual business; don’t measure and monitor things that do not bring service improvement or customer satisfaction.

Once you understand the measurement criteria you can begin to build the Service Management system to meet these requirements; ‘implementing control of the processes in accordance with established performance criteria’, performance criteria communicated through SLAs, OLAs and KPIs.

A good management system doesn’t stop there as it will have determined what documented information needs to be kept, to demonstrate achievement of measures and compliance to the standard.

The control of planned changes and the review of the consequences of unintended changes leaves many with a challenge. We all understand planned changes, especially if we have an effective Change Management Process in place which will naturally control planned changes. However, the consequences of unintended change are a little vaguer, probably because it covers a broad subject; so, let’s unpack this further.

Unintended change might result from process creep where a process has been developed and moved away from its agreed path, without consultation with other departments that might be affected, and the consequence is the unintended change brought upon other processes which rely on the initial process that has been changed.

Other areas where the consequences of unintended change may be found are related to impacts of Incidents; Problems and Non-conformities where the errors have repercussions that are either unexpected or unintended and need further attention.

Another example in relation to this standard is ‘service creep’ where items of equipment owned by a customer and outside the contracted service agreement are swallowed up in the service contract because of poor asset management and configuration management, and you are effectively end up servicing equipment for free.

If these types of things occur it is important that the actions are investigated through to the root cause level to prevent their recurrence.

The final line ins 8.1 is about outsourced processes – one line that is very important to ensure compliance to the standard. In this standard, if any process is outsourced to a third party the organisation has a responsibility to ensure that the outsourced process is effective through setting appropriate SLAs or OLAs; and agreed service review meetings should be set up.

By implementing the rest of clause 8 of this standard then compliance to 8.1 will be achieved naturally.

If you would like to learn more about what Blackmores has to offer – contact us today!