As businesses look towards another year filled with significant challenges and opportunities, putting in place a certified ISO management system could be one of the best ways to ensure your company continues to thrive. Frances Stones, Lead IMS Auditor at Mayer Environmental Ltd, with 20 years experience as a 3rd party certification auditor, tells us more.
Management systems help ensure your business is effective, efficient and protected from potential risks. While it is possible to operate a management system without following International Organization for Standardization (ISO) standards, a certified ISO management system provides confidence to customers and other stakeholders that your company is meeting and has been audited against externally recognised benchmarks.
Following the last recession, statistics were released, which showed companies using an externally-certified ISO 9001 quality management system were more likely to survive an economic downturn. In a report from 2015, commissioned by BSI, The Centre for Economic Business Research calculated that the UK’s world-leading standards regime actually boosted sales of UK products and services, averaging 3.2% of annual exports or £6.2 billion each year.
Over the last 10 years, the ISO management systems have been ‘refreshed’ to reflect a risk-based approach and to consider the ‘context’ of your organisation. This requires a greater understanding of the needs of your stakeholders (interested parties) and your wider business risks, threats, strengths and opportunities. This is sustainability in its broader meaning – supporting the continued success of your business through increased resilience and constant evolution.
Another benefit of the ISO management systems is that they encourage a process of continual improvement. It is a thread that runs through all of the ISO standards via the Plan-Do-Check-Act (PDCA) cycle.
By planning, doing, checking your effectiveness and then acting on any strengths or weaknesses highlighted, firms who follow ISO standards can make tangible improvements to their operations. This can then inform your future planning, and the PDCA cycle begins again. The old adage is true, “if you’re not moving forward, you’re moving backwards.”
Although the ISO framework covers a vast range of areas, these are the most common ISO standards:
- Quality Management (ISO 9001:2015)
This helps an organisation to maintain the consistency and quality of their products or services. It aims to enhance customer satisfaction by meeting the requirements and expectations of customers and any statutory or regulatory requirements.
- Environmental Management (ISO 14001:2015)
This standard focuses on the prevention of pollution and being compliant with the growing number of regulations driving protection of the environment. For most permitted organisations there will be a legal requirement to have an environmental management system, such as ISO 14001:2015, in place.
- Occupational Health and Safety (ISO 45001:2018 / ISO 45001:2023)
Based on a previous British Standard (OHSAS 18001), this management system centres around the protection of employees and other workers – keeping everyone safe whilst at work. It also focuses on longer term health risks, such as potential hearing loss, respiratory illnesses and includes mental health, wellbeing and welfare.
- Energy Management (ISO 50001:2018)
The UK’s Energy Savings Opportunity Scheme (ESOS) requires organisations to conduct an ESOS Assessment by June this year, but ISO 50001:2018 certification is an alternative way to remain compliant. Organisations of all kinds face rising energy costs, and there are direct financial savings to be gained from having this energy-focussed management system in place.
- Information Security, Cybersecurity and Privacy Protection (ISO 27001:2022)
This recently-updated ISO management system tackles the growing risks associated with cybersecurity, holding large amounts of customer data and even the physical security of a business’s operations. Those companies already operating under the previous version have until October 2025 to meet the requirements of the new standard.
Knowing where to start can be daunting, and many organisations find it beneficial to use independent consultants to support their company through the process of implementing or updating their ISO management systems. However, you should try to avoid the pitfalls of an ‘off the shelf’ or ‘one size fits all’ approach. An effective ISO management system will be bespoke to you – designed to suit your unique operations and business requirements. In addition, consideration should be given to integrating the requirements of different ISO standards into one integrated management system (IMS) to maximise efficiency and minimise duplication.
ISO management systems can play a vital role in the long-term health of your organisation, and as you look ahead to another busy year, why not make 2024 the one in which you implement an ISO management system and unlock these benefits for your business?
About the Author:
Frances Stones BSc, LLM, CEnv, MIEMA, IEMA Registered Principal Auditor, ESOS Lead Assessor, Sub-contract 3rd Party Auditor