Here are answers to some of our most frequently asked questions.
Q. How much would an initial fact-finding meeting with Edworthy Business Management Consultants cost?
A. No cost, and we are often able to provide you with some free-of-charge consultancy at the same time. Providing the journey time is less than two hours each way we make no charge. For greater distances, a small charge will be negotiated and agreed with you.
Please contact us for a meeting - we're waiting to hear from you.
Q. I've heard of ISO 9000, 9001, 9002 and 9003. Which one do I need?
A. ISO 9000 is a guidance document providing you with a background to quality management and a glossary of 'quality-ese'. Your management system cannot be assessed against this guidance document.
Prior to the turn of the century (pre-2000) there were three versions of quality management standard against which your management system could be assessed. Depending on the nature of your business (and very much reflecting the standards' manufacturing origins) they were; ISO 9001 for organisations that designed, manufactured, tested and maintained products or services; ISO 9002 for organisations that only manufactured tested and maintained; and ISO 9003 for organisations doing test and maintenance only.
There is now one standard only, ISO 9001, and it covers all aspects of an organisation's quality management activities allowing exclusions for those parts that are (genuinely) not applicable. The standard has been re-written to make it applicable to any organisation from charities to catering, and tree-surgeons to hi-tech manufacturing.
If your organisation is involved in the design of software you may also be interested in ISO 90003, the standard for how ISO 9001 is applied to software quality management.
There are also industry-specific quality management standards such as AS9100 for the aviation industry.
If you are unsure which standard is right for you, please feel free to contact us for straightforward, no obligation advice.
Q. How long would it take for my organisation to achieve certification of our management system?
A. As with any journey, it all depends where you are starting from (and what type of management system you are implementing). For a small organisation with a straightforward business model and some basic management controls already in place, our experience has shown that it is possible to achieve ISO 9001 (Quality Management) certification in less than 3 months.
Organisations with larger or more complex businesses and/or starting without existing systems will take longer. Many organisations find that 6 to 9 months allows them to bed-in their systems, train their workforce and experience the benefits before independent assessment and certification.
Where an organisation already has a good quality management system in place, adding environmental or information security or business continuity management systems is much easier and quicker, time-scales of 2 to 4 months being typical.
Please contact us for a meeting to discover how quickly you could achieve certification - we're waiting to hear from you.
Q. Do we have to have a perfect environmental record to achieve ISO 14001 Environmental Management certification?
A. To achieve ISO 14001 certification your organisation has to demonstrate that it has a robust system of assessing your organisation's environmental impacts (positive and negative), understanding the legal and regulatory environmental requirements applicable to your organisation, and then reducing negative impacts to an extent that meets these regulations and, importantly, is financially acceptable for your business.
It is up to you to determine the environmental performance you are seeking each year, and it is expected that you will be making continual improvements to that performance as time goes on. But you are not expected to go bust trying to achieve ISO 14001!
Please contact us for a meeting to discover how easy it is to achieve this internationally-recognised environmental management certification - we're waiting to hear from you.
Q. Our business data are stored on dual-redundant servers with dedicated power systems in an underground bunker that has bomb-proof locks. What more do we need to do to achieve ISO 27001 Information Security Management certification?
A. First, you will need to broaden your definition of 'information' to include all items of information for which your organisation is responsible. This includes information; stored on computers, transmitted across networks, printed or written on paper, sent by fax, stored on tapes or disk, spoken in conversations (including wired or mobile telephone), sent via e-mail, stored on databases, held on films or microfiche, presented by overhead projector, and any other methods used to convey knowledge and ideas.
Once all your organisation's 'information assets' have been identified, the risks to them must be assessed in terms of the business impact should they become unavailable, corrupted, or their confidentiality is breached.
With the risks understood, your organisation will need to put controls in place to reduce the risks to a level that is acceptable to your organisation and to any regulatory body to whose regulations you have to meet, and train all your workforce to comply with the controls.
It is only when you have such a management system in place, and you can demonstrate that it works and is continually improving, that you are ready for assessment against ISO 27001.
Please contact us for a meeting to discover how we can guide you through this process to successful certification of your Information Security Management System - we're waiting to hear from you.
Q. I've heard there is a new version of ISO 9001 to be published soon. Does this mean our certificate won't be valid any more?
A. Standards are reviewed approximately every 6 years and, if there is a need for changes to be made, a new version is published. Your certification body will keep you informed of the 'transition period' during which you may need to make changes to your management system and achieve certification to the new version. However, some changes are so slight that no significant changes to management systems are required. For example; the changes from ISO 9001:2000 to ISO 9001:2008 were chiefly those to do with making the document easier to translate into other languages - there were no substantial changes to the requirements of the standard, and the vast majority of certificate holders needed to make only one change - substituting occurrences of "ISO 9001:2000" in their documentation with "ISO 9001:2008".