Tom Lewis, operations manager at Lolly, offers his tips on how to overcome the initial hurdles…
At the start of 2023, Lolly made the decision to pursue various ISO certifications that would enhance our customers trust through robust information security practices, drive better business efficiencies, and streamline our resource utilisation.
Fast forward to today and we are a few weeks away from completing our accreditation for ISO27001, an international standard to manage information security and ISO9001, international standard for creating a Quality Management Systems (QMS).
As operations manager, I was tasked with the planning and implementation of the ISO certification. It’s been an exciting journey that has challenged our way of thinking and delivered improvements to the way we approach our daily operations.
As rewarding as the whole process has been, it has been a huge learning curve so I wanted to share my thoughts and findings so far, which I hope could prove invaluable to anyone considering one of the ISO certifications for their business.
Building your knowledge – the power of asking the right questions!
Finding the right ISO certifications partner can be extremely daunting, it’s a big investment for the business and for many an area they have never been exposed to before.
Your initial search will no doubt deliver what feels like an infinite number of suppliers that offer a slightly different version of the certifications, confusing you even further and making you second guess if you have made the right decision.
To help overcome this flood of opportunity, lack of understanding and need for more valuable information, I found that preparing a list of questions for each supplier call with the intent to extract new questions for the next call drove a deeper understanding of what they had to offer, the overall certification process, and the possible timelines.
After a few weeks of research and many Zoom calls, we were happy to partner with The British Assessment Bureau (BAB), who are the only supplier in the UK that have the official ISO certifications – recognised by the UK Government.
This reinforced our decision as it would demonstrate and reassure our clients that we operate to the highest standards of the ISO certification.
Task lists paralysis – go after the quick wins and start with what you know
When you initially embark on the journey, it can seem like you are confronted with an endless list of policies, tasks, and processes that you haven’t had to previously deal with.
Honestly, it’s one of those moments that make you question where to even start, or where to even set about finding the relevant information.
I found the key to a strong start lies in good planning and building up the project momentum. It is essential to clearly define the scope of the project and prioritise your time by segment size, available resource, and overall importance.
This helped us to lay out a detailed plan for how and when we would tackle the different elements of the implementation.
Don’t, however, get lost in the planning. It is easy to become overwhelmed and experience total analyses paralysis. To avoid this, I would recommend starting with the areas you already cover in the day-to-day running of the business.
These small wins build up the confidence in the team and the results start to compound, building up a good momentum.
Utilising ISO certifications to improve processes
Not long after we started our journey, we understood that to complete the ISO certification we needed to focus on adapting and improving our current business processes.
It became apparent that we were practicing many of the areas required by the ISO standard, but we weren’t clearly documenting and tracking the work output the company was delivering.
Having this realisation was a turning point for us and a positive step forward. It helped us identify improvement opportunities, how to advance the quality of our suppliers and products, and how to build a more robust business that delivers sustainable future growth.
Adoption and clear communication – delegate, educate and communicate.
Given the size and complexities of the project, we were keen to avoid any negative impact on the teams within the business by introducing an entirely new way of working and the added pressure of additional work.
We overcame this by centralising all relevant information in one SharePoint folder. Within the folder we had an area for each department that had all the necessary templates, registers, and information.
Initially we had bi-weekly calls to support the teams as they figured out what they needed to complete, which of their current documents could be used for the standard and any queries they had relating to the ISO certifications.
We also have monthly management meetings where we review each departments documentation and consolidate all of these into the master document register.
If you want to deliver an ISO certifications process that operates all year round, then lean on the extensive experience already in the business, clearly delegate, continuously educate, and communicate frequently.
Set a date and create a realistic timeline
It’s important to set a date and stick to it.
Impactful business changes require wide adoption and you can easily find yourself with a slipping timeline as teams become busy and the ISO certification priorities drop down their list.
Once you have a target date, start to create a realistic timeline that works for you and the resource you have available. The certifications can be done in as little as three months but can easily take well over nine, it’s all boils down to how much resource you are willing to allocate.
To achieve certification within six months you will need to dedicate at least two people working four hours each per week on the project.
At Lolly, we focused on small incremental goals and utilised a Gantt chart for our timeline management.
The big win, however, was breaking down the tasks into bite size segments of work, allowing us to remain agile as we went through the busy summer period and continuing to deliver our weekly goals.
My overall conclusion, and to help support others starting out, would be to embrace the uncertainty, learn to thrive in the unknown and celebrate the small wins throughout your ISO certifications journey…