Risk Evolves Logo Need help now?

So why bother with certifications?

HomeBusiness Process and StandardsSo why bother with certifications?

For anyone that’s met me, they’ll know that I’m passionate about the value of certifications and standards. Whether it’s Cyber Essentials, ISO9001, OHSAS18001, Safe Contractor, FORS – all have a value to a business.

Some are international standard applicable across any industry, others are industry specific. Some may be a requirement in order to enter a supply chain and will be adopted grudgingly by an organisation. For organisations who just need the ‘certificate on the wall’, there is likelihood that they are not realising the full benefits that adoption of a standard may bring.

For Risk Evolves, I took the decision that we should adopt some of the standards that are a cornerstone to any organisation :

  • ISO9001 – the worlds leading standard on quality management,
  • Cyber Essentials – to make sure that the information that we hold on our clients and employees is kept securely,
  • and IASME, aligned to ISO27001, the information security standard and now with an assessment on GDPR compliance.

So why did we do this? We’re a small business and for many this would be seen as a burden, both financially and in time. Taking ISO9001 as an example, the reasons are simple.

  1. They drive efficiency. We’re a process-based organisation. Sounds scary but all it means is that we follow the same steps repeatedly. Whether it’s customer engagement, implementing ISO9001 for a client or even invoicing, we do the same thing time and time again. And that reduces the risk of mistakes. Mistakes typically cost money.
  2. We meet the requirements of our Clients. By understanding what our Clients want before we start work, we’re likely to meet, or exceed, their expectations. If you don’t understand what your client is expected you to do, then it costs to put it right
  3. When we do get it wrong (and we’re proud that those instances are small in number), we understand why we got it wrong. And fix it to ensure that it doesn’t happen again.
  4. We check that our clients are satisfied. Happy Clients tell others, which is all good for business.

ISO9001 was revised in 2015 and has really ‘come of age’. It’s moved away from being heavy on documentation, has become very much more services based and ensures that ‘Top Management’ are involved in the process.

For those organisations who have yet to transition from the 2008 version of the standard, you have less than 2 months to do so. The 2008 version of the standard expires at the end of September, as will your certificate. Call us and we’ll take you through the transition process.

Oh .. and if you find all the letters and numbers confusing, then don’t panic. Over the next few weeks we’ll be explaining the standards in easy to read, jargon free posts that will also explain how some of them interlock with each other together with a summary of the benefits.

280 Views
Share :
Tags :,   ,   ,   ,   ,   

MD for Risk Evolves, Helen has worked in the IT industry since 1986. Helen is a leader in the areas of risk management and operational improvement, and works with companies in senior governance, risk and compliance roles. She is a member of the British Standards Institute and is a member of the BSI Committee creating a new guidance standard to assist organisations on how to become cyber resilient. Helen and the team at Risk Evolves work with organisations to improve their resilience through stronger process implementation and better communication and education of staff.

Related Post
  • 28 September 2023

Horizon Bias in Risk Management

  • 22 September 2022

A Cautionary Tale about the Pitfalls of Doing

  • 9 April 2021

How we’ve helped a SaaS business protect its

  • 27 November 2020

Who’s who in GDPR?

  • 27 November 2020

Who does what in GDPR?

Leave a Reply