Easy and Simple ISO
There is a lot of talk about doing ISO right. What is right? Is “getting the certificate” wrong? Many people, especially ISO auditors and consultants, criticize organization for doing ISO because the customer needs it. While there are many problems that may arise from an ISO project that originates for these reasons, they are honest, realistic reasons that cannot be ignored. In fact they are probably the most common reasons for initiating an ISO project. The implication behind this concern is the assumption that management will establish a system that is designed only to get ISO and will miss the point of the standard. With a few simple rules, this can be avoided. It is possible to implement ISO in a minimalistic approach that does not just meet a standard, but provides a solid base for progress and improvement, but is low cost, low effort and will still get ISO certified.
The goal is a low cost, low effort ISO project that will achieve certification and still leave you in good shape for progress. The approach to take is to implement as little as possible and to change as little about how the organization operates. Ignore best practices for another day, just double check that things are running smoothly. If anything is broken or needs better control, then fix it, but only as much as is needed to ensure reliability in the way it operates. This applies for all of the processes that you are currently performing. These tend to be the value-stream processes because without them the organization does not provide products and services. So look at these key processes and ensure they are tidy and organized.
The situation is often a little more difficult with the supporting processes. Things like records, documents, training, corrective action, risks, opportunities, measurements and evaluation are typically less established in organizations. While not always the case, this is usually because these are supporting processes – they support the success of the other primary activities in the organization and thus they are not (by definition) value creating activities. Thus they tend to get less attention, less priority, less discipline and are often less reliably and repeatably operated. This is where more ISO findings occur and there is a tendency to over-implement ISO to protect against findings in these processes. But the same solution should be applied. Keep things simple, don’t change anything, strengthen existing processes, and don’t attempt to upgrade to best practices. Try not to read too much into what the ISO standard is requiring. The goal is not to avoid new or improved controls but to just rely on what exists if it will currently do the job. Add a form or two. Organize data into folders. Tidy up.
These approaches require the least effort to implement ISO but are applied in such a way that it is still successful in achieving certification. This provides three important points. Firstly the goals of management (to only achieve certification as inexpensively as possible) have been achieved. Resources spent have been minimal and people in the organization have not been asked to change what they do. They can have pride in the fact that their processes, services, and activities are good enough as they are to achieve ISO certification; a good reason to celebrate. Finally, and importantly, the post certification situation is one where improvement (changes) towards best practices and process improvements, is now probably easy – and there is no pressure to complete them before an ISO assessment. In fact and importantly, with the excuse that ISO requires improvement, process managers are likely to be more willing to look for improvements because this is no longer mandatory for ISO. In fact, you achieved your ISO certification so now all the developments and improvements are because you choose to do them. ISO was never a burden to anyone and now it’s over, everyone can focus on improving for the right reasons.
Many organizations simply go out to “get ISO”. This minimalistic approach keeps it cheap and easy and provides future benefit. By just recognizing that this approach exists should help ensure a successful and meaningful outcome. Cavendish Scott has been helping organizations establish, define, and implement management systems for over 25 years. We use many different approaches depending on the needs and circumstances of our customers but always guarantee successful certification and provide the opportunity for clients to improve themselves. For more information, please tell us about your project.