Authors Posts by

ISO Update aims to provide information, resources, and updates around the Standards and Certification industry. We believe that organizational standards can help businesses of all shapes and sizes become more efficient and successful on a local, federal, or global scale.

by -
Climate Change & ISO Solutions -

The International Organization for Standardization (ISO) has a number of standards that work towards monitoring climate change, quantifying greenhouse gas emissions and promoting good practices in environmental management.

One such guide is ISO/DGuide 84, which sets guidelines for addressing climate change in standards. You can learn more about the guide here. ISO has also set goals for their contribution to the UN’s initiatives for sustainable development “By supporting our members to maximize the benefits of international standardization and ensure the uptake of ISO standards, we’re helping to meet the United Nations Sustainable Development Goals (SDGs).” – Source

In this article, we will focus on ISO’s goal of “Climate Action – Take urgent action to combat climate change and its impacts”, and on the ISO 14000 family of standards, which focus on environmental management systems (EMS).

First, to understand the need for standards, we should investigate the effects we have on the environment, and what we can do to change. Every one of us has an impact on the environment, but arguably, organizations have a larger, more reaching effect on the environment. Consider the footprint of each item you manufacture; where it came before you, where it will go after it leaves you, and the ripple effect that follows. Therefore, companies have a duty to consider each stage of their product or services journey, and its effect on the environment. This is also applicable to your suppliers and the processes they use to provide you with a product or service.

One major impact to consider from your organization, and the world-leading cause of climate change is greenhouse gases.

Greenhouse Gases

The United States Environmental Protection Agency defines Greenhouse Gases as “gases that trap heat in the atmosphere”. The name ‘greenhouse gases’ references the greenhouse effect. Greenhouse gases allow the sun’s light to shine onto Earth’s surface, and then the gases, such as ozone, trap the heat that reflects back from the surface inside the Earth’s atmosphere. The gases act like the glass walls of a greenhouse—thus the name, greenhouse gas. The more GHG’s present, the less heat that can leave the atmosphere, thereby increasing the overall temperature of the Earth and shifting the balance of the weather cycle, and global environmental patterns. –Source

Types of Greenhouse Gases

Carbon dioxide: Created by the burning of fossil fuels like coal, natural gas, oil, and biological materials like trees; the reaction of certain chemicals like the manufacture of cement.

Methane: Emitted during the production and transport of coal, natural gas and oil; the result of livestock and agricultural practices; decay of organic materials in landfills.

Nitrous oxide: Emitted during agricultural and industrial activities; combustion of fossil fuels and solid waste; during treatment of wastewater.

Fluorinated gases: Hydrofluorocarbons, perfluorocarbons, sulfur hexafluoride, and nitrogen trifluoride are synthetic, powerful greenhouse gases that are emitted from a variety of industrial processes. Fluorinated gases are sometimes used as substitutes for stratospheric ozone-depleting substances (e.g., chlorofluorocarbons, hydrochlorofluorocarbons, and halons). These gases are typically emitted in smaller quantities, but because they are potent greenhouse gases, they are sometimes referred to as High Global Warming Potential gases (“High GWP gases”).

Learn more from the United States Environmental Protection Agency about GHG Greenhouse Gases

Depending on your industry, you may not have a direct reaction to these gases, nor how they relate to how you change. However, relating back to your environmental footprint, consider how you receive the raw goods you utilize to create your end product, how are they manufactured? Do you ship products across the globe – how are you ensuring the organization you hire to ship these goods is not dumping their garbage in the ocean or polluting the air with toxic chemicals?

ISO Solutions

This is where utilizing industry best practices and international standards is essential. By putting in the work to comply with an international standard, you can be sure your management system will not allow you to hire a supplier who harms the environment. While this is just a small example, it illustrates just how ISO Standards and proper utilization can help.

ISO 14001 is the standard for environmental management systems (EMS) which you as an organization can become certified to. This standard was developed as a guideline for organizations to follow to ensure their business processes are conducted in a way that is sustainable and environmentally conscious.

ISO 14001 was developed as guidance for organizations to better their processes from the inside out with their environmental impact at the core of each decision made. Compliance with ISO 14001 provides a systematic and strategic approach to dealing with your company’s effect on the environment and its solutions to decrease your impact.

Organizations with certification to ISO 14001 benefit from industry best practices for sustainability, internal and external audits and validation, constant feedback and improvement measures, and confidence in your measurements of effectiveness. Because of the lifecycle of ISO Certification, your processes will be evaluated internally and externally over a three-year cycle, with certain major and critical processes being evaluated yearly. With this cycle, you can be assured that your organization is operating at its best potential with regards to environmental management systems, and processes that are not effective will be evaluated, altered, and monitored on a consistent basis to ensure their improvement and success.

With the new revision to the standard, ISO 14001:2015, like ISO 9001:2015, an emphasis has been placed on Leadership commitment. In previous versions of the standards, management commitment was not a requirement. With the new revision, there is no such thing as a management representative, now everyone is required to commit to the promotion of the EMS. Also, in previous versions of the standard, ISO 14001 required a commitment to reducing negative environmental impacts. Now, organizations much also commit to having a positive impact and improving environmental conditions.

If all organizations and corporations utilized these ISO requirements and best practices, imagine the positive effect on the environment!

Part of the ISO 14000 family of standards includes guides and requirement documents that help organizations with proper protocol and standard best practices for audits, communications, labelling and life cycle analysis, as well as environmental challenges such as climate change. ISO 14064 is one guide with a specific focus on quantification and reporting of greenhouses emissions and their removal. ISO has a full list of standards created to help with the climate crisis, you can learn more about the ISO 14000 Family here.

by -
Align Your Audits -

Written by: My Audit Spot

Over the past year, My Audit Spot has been uploading a variety of templates covering all aspects of the audit process. The templates are a way to share audit knowledge, skills, and templates; whilst also providing an opportunity to help other auditors become more diligent and efficient while meeting the requirements of the IIA’s International Standards for the Professional Practice of Internal Auditing (Standards).

It is important to note, that without an independent assessment, My Audit Spot cannot say that these templates conform to the Standards. Similarly, anyone using these templates in a review cannot state in their final report that the audit has been conducted in accordance with the Standards without an independent assessment. However, the templates have been built off best practice from across the industry, with particular attention paid to requirements of both the Internal Audit standards and Auditing Standard – ASA 230 – Audit Documentation.

The My Audit Spot audit overview shows how each template can be linked to the audit standards. Snippets of our audit process and how it links to the audit standards are included below.

The Standards

The Global Institute of Internal Auditors (IIA) has put together standards aimed at guiding adherence with the mandatory components of the International Professional Practices Framework (IPPF) for performing audits, establishing a basis for evaluation and, encouraging improved business processes and operations.

As the IIA states, “The Standards are a set of principles-based mandatory requirements…”. These should form the minimum of all your workpapers.


Your audit will only be as good as your planning. Failure to appropriately plan and scope the review could result in risks not appropriately reviewed, or business improvement opportunities not identified.

The Standards reflect how important the planning phase is, with the Standards considering everything from current risks and governance processes, through to current control frameworks within the business, and even the objectives of the review. The templates My Audit Spot has developed will help guide you throughout the planning process and help your organization consider parts of the Standards.

Be sure to consult the Standards yourself to ensure you’ve considered all the minimum components.

My Audit Spot planning templates can be accessed here.


This is the guts of it. By now, you have done all the planning, worked out what your risk areas are, and now built a Work Program around how you are going to test and address each of the identified risks.

Throughout the fieldwork phase, it’s important to ensure your work is appropriately documented. If it’s not documented, it’s not done. At a minimum, each workpaper should include:

  • Scope area being addressed
  • Purpose/objective of the workpaper
  • Methodology – how we have performed the work
  • Tests
  • Outcome / conclusion

My Audit Spot fieldwork templates can be accessed here.


Not only is the audit report phase one major output of your work, but it is also a direct reflection of the effort and attention to detail which has been undertaken during the audit.

An audit report also has the potential to value add by identifying opportunities or future considerations which may not have otherwise been surfaced.

It is important that reports are communicated to the relevant stakeholders and appropriate management. Additionally, reports should be clear and concise as they will be constantly referred to for the action tracking/audit follow up process.

My Audit Spot reporting templates can be accessed here.

About My Audit Spot

My Audit Spot Logo ISO Update

My Audit Spot is a space to share audit tools, knowledge and resources. Our mission is to encourage collaboration across internal auditors through the sharing of tools, knowledge and resources; ensuring audit remains a trusted and respected profession.

Follow My Audit Spot on Facebook, Twitter, and LinkedIn.

by -
Ethics in Auditing -

Ethics and Integrity is the choice between what’s convenient and what’s right. Reinforcing good execution and behavior of any organization relies on an auditor to confront poor execution and behavior and endorse proper and conforming behavior, and not simply “look the other way” when pressured from above or by budget. If you wish to perform a value-added service with your audits and report, you have a duty to utilize ethical practices in your audits, for the good of your own reputation, and the good of the company paying you to audit their work.

Ethics is a personal choice, it’s a personal compass that dictates right from wrong but unfortunately, it’s not always common sense. Being an auditor, you may face scenarios where you can’t always tell which choice is right, which choice is easy, and which choice will let you keep your clients happy. The issue stems from a bias in the industry that is hard to avoid. The people you audit are paying you, and therefore hold power over you as an auditor or a Certification Body to produce favorable results or they will jump ship to another provider. While this is an industry norm, it still produces scenarios where the potential for “letting something slide” is easily allowed. This, however, is not ethical and tarnishes the whole perceived image of certified entities.

Auditors can understand different business needs, the requirements of the standard, and the best possible person to rely on to ensure a company is running an effective business according to the standard. To fill these criteria, an auditor must be honest and have integrity. They must be fair and trustworthy, and willing to be “the bad guy”. They must have the ability to push through difficult situations and then work with people in a constructive manner.

Qualities of an Ethical Auditor


Being honest should be any professional’s main building block. Being honest is the foundation of any working professional that will help foster trust between you and a client, supplier, or in any relationship, professional, or not. Consider the consumer pipeline, and you as an auditor are the “product” to be sold to a customer. A customer must first learn of you and an option to “purchase”, they have a need of an auditor. Perhaps they learn about you from an online directory like ISOUpdate, or from a Google search and find your website or referral. They must first trust that what you say is true, i.e., your experience level, your industry codes, etc. This is where your honesty as a business professional will shine. What is said about you in customer referrals, testimonials, and word of mouth statements is often out of your control. But honesty is in your control. By providing a service that is honest – from what you charge, to what you provide, and if you follow through on the claims you make – you will cause customers to be delighted by your services and offer your praises to others.

To elaborate on a point above, to ensure you are honest is to follow through on the claims you make. Following through on promises is an essential way to prove your honesty. The cliché to consider here is “under-promise, over-deliver”. While we do not encourage using this approach every time, as it can set unreasonable expectations in the long run, we do encourage you to be mindful of your capabilities. Be honest with your clients, and they will have more respect and trust in you.


A good auditor will always look thoroughly into the matter before forming any opinion, clearing any biases and not allowing experience to cloud judgment. While all bias cannot be removed due to the transactional relationship between auditor and auditee, it can be neutralized. If you are an internal auditor, that is an auditor who works within the organization and with your peers on a daily basis, consider how you can make the audit process easier and less stressful. Leading up to the audit, inform your peers of the dates that they will be audited, and inform them of what to expect. You are preparing them for the certification audit, which will be conducted by a third-party auditor who won’t be you, so tell them what to expect, and most importantly, not to worry or hide information. By alleviating some of the stress of being audited, and having everyone prepared, you will be able to audit more successfully and without resistance, allowing for an accurate picture of the organization, its shortcomings, and its successes.

This is where companies will truly see the value-add to the audit and certification process. If the organization isn’t showcasing the true nature of their shortcomings, you are not going to be able to get to the root of their system, and they will continue to falter. Here is where it is also helpful to have a relationship built on trust and honesty, allowing you to do your job to the best of your abilities.


As an auditor, you have been commissioned to evaluate a company’s systems against a specific standard. You only have a limited time to sample the largest picture possible and evaluate if the organization is successfully following the requirements of the standard, is aware of and working towards improving aspects of their system that aren’t compliant, and is striving towards improvement. You might be a single auditor or part of a team of auditors, but regardless, it is not possible to see the whole system in one day. This is where pre-planning your audit objectives and sticking to those objectives is essential. Each audit will start with the scope of the audit being set and reviewed in the opening meeting. Do not stray from these objectives unless unforeseen circumstances arise. Sticking to your plan will help foster trust and create a much-needed sense of security between you and the organization.


Timeliness also falls within the qualities of honesty and objectivity. Promptness, punctuality, and professionalism are the 3 major ”Ps” that perfectly encapsulate the qualities of a good auditor.  Set your objectives, be mindful of the time you have available, be prompt and punctual with the time you promised, and be professional with every interaction you have. You are being paid to conduct an audit and provide an accurate report; follow through with your objectives and return your report within a reasonable time so the organization can begin to make changes based on it.


If you bring clarity to a situation, you help people see what really happened by clearing up misunderstandings and providing explanations. You may hear this a lot, but use plain language whenever possible. You may be speaking to veterans in the standards industry or you may be speaking with someone who’s never heard of ISO before, regardless, you should be treating every room with the same expectations. Speak to be understood, not to seem superior or knowledgeable. There is no harm in asking the people you audit their knowledge level if you do it with respect.

Expanding on the above qualities, be clear about your objectives and provide an Audit Plan that is clear and transparent about your audit goals and your expectations. You may also want to start off each new relationship within an organization with a meeting that states your auditing style, reviews the audit process, outlines when they can expect reports and final documents, and how you will present findings. By clearing up any initial questions or concerns a client or auditee may have from the beginning of the process, you can foster a relationship of trust and respect.


Keep your word…. it takes a strong character to keep your word, even more so when someone treats you poorly.  Do not let biases or circumstances outside of the client’s control affect what you promised. If the need occurs, be honest and ask for their understanding, but deliver what you promised within a reasonable timeframe. Delivering on what you promised shows integrity and trustworthiness. Not delivering on promises showcases a lack of organization, time management skills, and a personal lack of ethics. Keeping your word is one of the smallest yet most impactful things you can do to build trust in your audit. If you want to establish a solid reputation you must deliver on your promises.

Keep Commitments

When you make a commitment you create hope, and when you keep it you create trust. An ethical auditor stays loyal to what they promise to deliver. Nothing in the world says more about your work ethic than your commitment to your work. Stay true to your objectives, your schedule, and your timelines and you will reap the benefits of happy customers.

Pay Attention the Environment

To be at the top of your game you must be vigilant and observant and must have a tight grip on your environment. Sometimes the answer is right there in front of your eyes, all you must do is pay attention and heed what you perceive. As an auditor, this may be second nature within an audit, but this also applies to auditing yourself, your shortcomings, and your ethical practices within your own work. Hold yourself to the same standard you audit against, evaluate your processes, your review processes, and your improvement needs and objectives. You may have been doing this for years, and you may have found the perfect way to do things, but change is the only constant, and there is always room to grow, even within yourself.

by -
7 Steps to Quality Excellence -

ISO Certifications are always in demand due to its relevance in the competitive business world. The ISO Standards gets their periodic revisions once in every 5 years. Each revision is in line with the latest market trends, and have changes in policies and processes that are apt to the modern business scenario.

The ISO certification process might seem like a tiresome and lengthy process in the first go. Choosing the right consultant is the key to success.

To know more, you can read our blog on How to Choose the right ISO Consultant here.

The ISO Certification journey follows 6 basic steps that are:

1. Choosing the right Standard

The ISO 9001 Quality Management System is the most popular one to start with. It helps in building a consistent level of quality and customer satisfaction. Based on the industry and business requirements, there are various ISO Standards to choose from.

Aurion ISO Consultants will help you choose the right Standard based on your business activity and guide you through the implementation and certification works.

Other popular Standards include ISO 27001 (Information Security), ISO 14001 (Environmental) and the ISO 45001 (Occupational Health and Safety).

2. Choose the right Consultant for your business

Ensure the Consultant works in alignment with your organizational goals. The success of the ISO Certification depends on your Consultant.

Ensure the ISO Consultants are knowledgeable about the recent revisions of ISO Standards, policies & compliance requirements, documentation support, etc. Also, building a good rapport with the consultant from the beginning is essential.

For checking the authenticity of the Certification Body and the Consultant’s accreditation, you can visit the concerned ISO Authorization body’s website and request for sample Certifications from the Consultants.

3. Onboarding and Conduct Gap Analysis

Once you finalize a Consultant, the next step is onboarding the Consultant to your team. Fix up a meeting to discuss the Certification journey. The Consultant will conduct a Gap Analysis to identify the current business operations, processes followed and suggest process improvements.

Onboarding and conducting a Gap Analysis is a critical step in the ISO Certification process. As it is the starting phase, and the action plan is drawn out from the initial meeting and business process assessments. The required process improvements are to be initiated to develop a Quality Management System that is compliant with ISO 9001:2015 requirements.

4. Document Preparation

The new ISO 9001 Standard is focused on process optimization and less on documentation. Still, the documentation of the process improvements and related policies must be maintained for streamlined implementation of the ISO 9001:2015 Standard.

The ISO Standard indicates that the documentation needs to be created at instances where it adds value to the work process. The main aim of ISO 9001:2015 Standard is to maintain quality first process/services and enhance customer satisfaction.

5. Developing the Quality Management System

Develop a Quality Management System based on the recommendations from the Gap analysis. A Management System is a set of documents that outlines your business processes. The Quality Management System Implementation is a vital step in the ISO Certification process.

The Quality Management System consists of industry best practices, quality principles, methodologies to implement effective business processes to enhance product quality, deliver positive customer experience, etc. The Quality Management System must be in place before the inspection by the third party (Accredited Certification Body) is conducted.

Once the implementation of the Quality Management System is complete, organizations can undergo an internal audit to ensure all the process implementations are in compliant with the ISO Standard.

The Internal Audit is conducted by the ISO Consultants and they interview the employees, look at sample work reports, observe the business operations and suggest corrective actions as required.

6.  Conduct the ISO Certification Audit

Along with your ISO consultants, select the certification body for the external certification and submit your Quality Management System documentation for review to the external body. The external body will be an accredited Certification body that will issue the ISO Certification based on the compliance requirements after conducting an audit.

The external audit will be conducted by the accredited certification body on your premises by reviewing the business operations. Any non- conformance to the ISO requirements will result in an extension of the certification issuance. On mutual agreements, a revised timeline will be given to incorporate the changes so that the processes comply with the ISO Standard requirements, and results in successful issuance of ISO Certificate.

7. Certification

Once all the requirements are in place; the certification will be issued by the certification body. The ISO Certifications are valid for 3 years. Re-audit will be conducted for the new certificate issuance to ensure that the policies are in place and the business processes are ISO compliant.

Aurion ISO Consultants are one of the pioneers in ISO Consultation, Training, Implementation, and Audit services in the UAE and globally. For all your queries on ISO Standards related Services, feel free to reach out to us!

About the Author

John Wick is an ISO Consultant working with Aurion ISO Consultants in Dubai. John likes to write on ISO Training, ISO Consulting, latest changes in ISO Standards, industry-wise benefits from getting ISO Certified. Reach out for expert consultation on any ISO related queries.

About Aurion

Aurion ISO Consultants, Dubai offers world-class ISO Services such as Training, Consulting, Certification, Implementation, and Audits in Dubai, UAE and Worldwide.

Aurion ISO Consultants is an Award-Winning Consultant firm in Dubai, UAE and one of the fastest-growing ISO Service provider in the UAE and GCC region. We have assisted 1800 clients across several countries globally.

We provide you with a Single-Window Solution with ISO Consulting, ISO Training, and ISO Implementation and ISO Audit Services. With our ISO Certification, you can transform your business into quality first one.

Contact Us: Aurion ISO Consultants | 0097142504150 | |#213&214,6E-A Dubai Airport Freezone, Dubai |

While you are planning to implement ISO Certification Standards for your organizations, to know more about the ISO Certification standards and all ISO related services from Aurion ISO Consultants, you call us right away!

by -
What is ISO Certification -

What does it mean to be ISO Certified?

Even if you’re relatively new to the quality business, you might have heard of “ISO” being frequently namedropped especially in the context of quality management. Far from a simple buzzword, it’s quite a big deal in the marketplace and as an aspiring new business, a business person looking to grow your business, or even an entrepreneur looking to set your business up for long-term success, you need to be informed about ISO Standards and standardization.

ISO Certification

ISO is the International Organization for Standardization – It’s an independent, international organization that produces various standards spanning throughout the business sector that help improve and ensure quality, efficiency, consistency, and safety of operations and their consequent products and services.

Relevant business sectors include health and safety, information security, energy management, environmental management, aerospace and defense, medical devices, and many more. The standards are deliberately made to be both comprehensive yet generic enough to be incorporated into any business regardless of size, sector or context.

It is important to note here that ISO cannot certify you themselves. ISO develops the standards, but the certification process is performed by external certification bodies and ISO cannot certify a company or organization directly.  Despite this, their committee on conformity assessment (CASCO) has produced a set of guidelines and standards that these external certification bodies are expected to use as a reference to help adequately measure conformance and quality during the certification process.

ISO 9001 is an internationally recognized and trusted quality management system that has been adopted by companies all over the world to help achieve standardization and quality assurance. The first step to ISO 9001 Certification is to understand the standard. You will want to download the standard document first to get familiar with the requirements of certification. The ISO 9001 standard is basically a rule book stating what you need to have or do. The standard is generic in nature, allowing any organization in any industry to benefit from it. ISO 9001:2015 is currently the most recent version of the standard and is the version you should be using to develop your quality management system.

By following these requirements you are “compliant with the ISO 9001 Standard and therefore can be recommended for certification by your Certification Body.

Purchase the ISO 9001:2015 Standard Here

When choosing a Certification Body (CB) to provide certification and auditing services to your company, verify that they are accredited. This simply means the CB is compliant with their own set of standards for being a CB, specifically ISO 17021. Check out our video on “requirements for certification bodies” to learn more.

Complying to ISO 17021 means the demands of the standard are assessed by an external agency called an Accreditation Body that is a member of the IAF-MLA in the CB’s region. Consider this a license to issue certificates or a degree to do a certain job, without which you are not qualified. To issue a certification of compliance to ISO 9001:2015, your CB should be accredited to ISO 17021.

What does it mean to be ISO Certified?

Being ISO 9001 Certified means your organization has a quality management system in place that utilizes international best practices to standardize your processes and system using the ISO 9001:2015 standard to ensure you consistently produce products and services that meet and exceed your customer’s expectations.

Since the guidelines of ISO 9001 are quite comprehensive and the process of implementing a system, having multiple audits, and maintaining compliance is quite stringent, achieving certification is recognized as an impressive feat and speaks volumes about your company’s commitment to providing your customers with high-quality service.

What Next?

If you are considering ISO 9001 certification, but do not have relevant experience, check out these resources to help you get started:

What is ISO 9001?

Tips for Implementing the Standard

Choosing a Certification Body – Choosing the best Certification Body for your Business

Tips for Audits:

by -

More organizations are looking to upscale their business and benefit from the implementation of international standards. To determine the factors that play an important role in the growth of an organization we must determine the disruptive forces that affect the organization’s growth directly or indirectly. There are four major trends which ISO deemed crucial disruptive factors for organizations and their interested parties, which were highlighted by the ISO General Assembly:

  • Economic and trade uncertainty
  • Changing societal expectations
  • The impact of climate change
  • The digital transformation

In this article, we will shed light on each of the above points which were discussed during ISO Week 2019 held in Cape Town, South Africa on 16-20 September 2019.

Jodi Sholtz, Group Chief Operation Officer, from the South African Department of Trade and Industry, said, “Without appropriate standards, it will be impossible to address multiple challenges at a global and national level. Standardization provides the tools to achieve sustainable development, to counter the immediate threat posed by climate change and, amongst other things, secure gender equality and optimal health.”


Today, organizations develop international influence and operate on a global scale which helps bring economic growth but also brings about trade uncertainty. To combat uncertainty, inclusive economic growth is essential through standardization and the use of internationally recognized standards to minimize the growing inequality, economic concentration and marginalization of many developing countries. 

As ISO President John Walter explained, “The economy is obviously one of the most important drivers of change and there is an unquestionable role for us to play in restoring faith in the values of free trade and multilateralism.”


New models like the “sharing economy” bring new challenges for regulators and policymakers who must adapt and problem solve through standardization.

Standards are crucial in a sharing economy because of the disruptive nature of these evolutions. As with any other changing factor, adaptation is key to many problems.

“Those who stand to lose in the sharing economy are traditional industries that refuse to adapt and those using conventional business models that refuse to evolve,” said Tarryn Daniels from the Consumer Goods Council of South Africa.


Climate change is affecting every aspect of human life globally, and its impact on trade may affect your business. Unpredictable weather will greatly impact industries throughout the world.

“International trade depends critically on well-functioning transport links. Environmental challenges such as extreme storms, floods, changes in temperature, humidity or precipitation and rising sea levels will have significant impacts on transportation infrastructure such as ports,” according to Regina Asariotis of the United Nations Conference on Trade and Development (UNCTAD). Better risk assessment and preparation will help ensure successful adaptation to climate change.


Speakers looked at what the rapid evolution and adoption of digital technologies could mean for businesses and society. For example, what does digital transformation mean for businesses? How are digital technologies changing what and how we trade? And how are digital technologies driving entrepreneurial growth and innovation? Technology brings about many positive changes from providing efficiency and accuracy to facilitating speed and ease. Life without digital interference seems to be unfeasible now. The rapid evolution and adoption of digital technologies is more vital now than ever before for organizations who wish to stay relevant and efficient in their industry.


The objective of the ISO General Assembly is to develop International Standards in response to market needs. Innovation is not just about change or a few bright ideas; it’s about filling the void between old and new, it’s about finding solutions to the problems that have already arisen and that have yet to come through mindful analysis, and it’s about addressing crises internationally and providing improved solutions through standardization. Together, these four trends – economic and trade uncertainty, changing societal expectations, the urgency for sustainability, and digital transformation – make up the disruptive forces that will shape the direction of ISO’s future strategy on the path to 2030. As a first step, ISO is developing a new series of International Standards on innovation management. Stay tuned to ISO Update to learn more about new and updated standards as they are released.

by -
Importance of Audits - ISOUpdate

Audits, specifically those done to prove compliance with an ISO standard, are on-site verifications which include inspections and thorough examinations of your organization’s systems that verify their compliance with a certain ISO standard. This is done to ensure sufficient compliance with the requirements of the management system(s) and to track and improve the efficiency of your operational processes. There are various types of audits depending on what they are meant to audit or who your auditors are, each with their own range of unique benefits. We will talk about the different types of audits you will experience in each cycle of your certification, some of the requirements of each type of audit, their purpose and goals, how they will help you as an organization, and the overall importance of auditing to the growth of your company.

Types of Audits

The classification of audit types is based primarily on the relationships between the participants and the examiners. ISO audits have 2 main types, Internal and External Audits.

Internal Audits

These are performed by internal auditors who are employed by the organization being audited and are also known as first-party audits. They’re performed within a company to verify the efficiency of their own adopted procedures and check for conformance to international standards and possible shortcomings. An internal auditor typically has a working knowledge of your organization and knows “what makes your company tick”. Internal audits are meant to dive deeply into your processes and uncover anything and everything that could or might be a non-conformance to the External Auditor. It is during Internal Audits that you want to find, report, and later act on these findings to help improve your organization.

When conducted by an audit team comprising of employees from a different department, you can maintain impartiality and ensure less conflict of personal interest. If provided with the appropriate training, these teams of internal auditors can offer objective insight with the added advantage of knowing the context of the organization inside out by virtue of working there and offering more specific feedback in view of it.

Internal audits allow you to inspect your company and ensure compliance with laws and regulations in a more casual environment with lower stakes. Because the internal auditor is typical a colleague, you should feel much more at ease when the auditor is around. The Internal Auditor is your friend! As with any audit, you do not want to hide information or mislead the auditor to make the audit go by quicker; you should view these audits as an opportunity to learn and grow from shortcomings and prove to your external auditor that you are working towards constant improvement. They operate as an essential tool in preparing you for your next external audit.

Most international standards include internal audits as an important part of the ongoing process towards continual improvement for an organization because they allow you the opportunity to constantly monitor and review the efficiency of your processes. Internal Audits give your organization an opportunity to identify potential risks and gaps in your system and design corrective actions before they start costing the company. They also help you track and document changes that are important to present to external auditors when seeking certification.

Internal Audits are typically held at least once per year and before external auditors are brought in. Internal audit findings will not put your certification in jeopardy and help to prove to the external or third-party auditor of your compliance with the standard.

External Audits

Also called “third-party” audits, external audits are performed by impartial auditors and can be called objective assessments of company procedures and provide transparency and confidence to interested parties that your organization is truly running an effective and compliant management system. Objective assessments and their feedback allow these interested parties to be better informed about your organization. With most ISO standards, you are not required to disclose audit results, but if you receive favorable feedback from your audits, you may be inclined to promote that with permission.

External Auditors are typically contracted by your accredited Certification Body and assigned to audit your processes during your 3-year certification cycle. The auditor will come to your site for a set period to prove compliance with an ISO Standard resulting in the certification approval or approval pending corrective action. It is important to note that external, or third-party, audit length is determined based on requirements published by the International Accreditation Forum (IAF) that apply to all accredited Certification Bodies.

Corrective actions must be taken if the external auditor finds a non-conformance in your system that will be detailed in their closing meeting with you and in their report. External Audits are necessary if you wish to hold an accredited ISO Certification, and are a great way to help your organization with impartial evaluation and reports, international certification and recognition.


Audits are a stressful time for most organizations. They can be seen by employees as head office spying on them and they may feel their jobs are at risk. It’s important to explain the role of audits for the greater good of the organization and to reassure your people that this is meant to show how the company can improve, and not an opportunity to point fingers and blame.

Internal audits should be a chance for employees to speak up, have their voices heard and shed light on aspects of their processes that could be improved. The internal auditor should be someone who understands your organization but can remain objective. It is during the internal audit that your organization wants to find areas for improvement, so don’t hide things or avoid things to make your job easier.

External audits are typically stressful because there is a lot more at “stake”. Don’t worry, the auditor does not want to take away your certification, they want to prove why you should achieve it. An external audit cycle is 3-years with Year 1 granting certification and Years 2 and 3 providing surveillance to ensure your certification can be maintained. External audits are typically more formal but should still be viewed as a learning and growth opportunity. Do not hide or avoid topics with your auditor and be sure you are prepared to report on the findings from your internal audit and how you are making the changes and improvements from those audits. Third-party audits should add value to your organization, and provide a chance to demonstrate you are running an effective and successful business.

What to Do If you Feel Your Audits or Certification Isn’t Effective

If you feel your audits are not adding value to your organization, before you drop your certification, consider if your audits are effective. You may want to bring in a consultant or expert to help your organization truly understand just how helpful ISO Certification is and how important audits are to the continual improvement of your organization.

If you are unhappy with your current audits or auditor, do not feel trapped. Talk to your Certification Body, they should be more than willing to accommodate an auditor change depending on your location, auditor availability and certification cycle. Consider the cost-benefit here. If you are not seeing the value of audits with your current auditor, a slight change in cost for a new one who might have a higher travel cost may be more cost-effective for your organization than simply accepting a lower quality audit. If your CB will not accommodate your change request, know that you are never obligated to remain with a CB. You may want to consider transferring your certificate and understand the cost-benefit from transfer fees to better service or higher satisfaction. When searching for a new CB, express your current troubles and expect an answer for how this new CB will rectify the issues.

by -
SMART Goals for Internal Audits - ISOUpdate

Despite how important and often necessary internal audits are for the growth of a company, very rarely does most management take the time out to concisely list their expectations and objectives for them.
To make the most of your internal audit and reap maximum benefits from them, having precise and smart goals is essential. Not only do they save precious time for your company, but they also ensure that your audit goes smoothly and prepares you for the future.

What is a SMART Goal?

Setting strategic and attainable goals is a vital part of growing your business as they provide you with a target to work towards. Goals function as a means of motivation and help you focus on a specific task rather than a vague concept of betterment. Since they’re so important, it’s also prudent to spend time to ensure the goals you set are SMART.

Here SMART is an acronym that stands for:

Specific: The goal needs to be clear and precise. Specific goals have a higher likelihood of being accomplished than generic ones. To check if your goal is specific enough, see if it answers a few questions like “What needs to be done?” “Who will work on the documentation process?” and “What apparatus will the work involve?” These will provide you with a sense of direction regarding your goal and take the guesswork out of the process for better efficiency in your operations.

Measurable: You need to create a scale that helps measure your progress towards your goal. Having measurable goals provides an opportunity for positive feedback on the progress you have made and a source of motivation to achieve your objectives. Additionally, having well-defined goals and a means to measure them accordingly helps you identify possible setbacks and trends so you can work on these problems proactively for the future. Ask yourself questions like: “How will I know if my goal has been achieved?” “In the meantime, what are some progress indicators to look out for?”

Achievable: Needs to be within the realm of possibility to achieve. If a goal is too difficult it will quickly demotivate anyone set out to accomplish it; similarly, if a goal is too easy it’s prone to fall into a procrastination pile for the same reasons. Because of this, a smart goal must be both challenging yet achievable.

Realistic: Goals should be realistic within the set time frame. You need to give yourself enough resources to ensure the goal is achievable. Ask yourself if you’re able to commit to the goal and if it’s one that has previously been accomplished within similar parameters.

Timely: Specify a timeline that includes a set starting and ending date to complete your project. You need to remember to allow yourself ample room for error or delay while also setting reasonable time frames to create a sense of urgency so you’re more likely to start on it.

Smart Goals and Objectives for Internal Audits

When setting out to create objectives for internal audits, it’s a good idea to include a list of benefits for successfully completing the audit to help remind you of why you’re doing this. Personal goals and ambitions can be tied in with the company’s objectives here to help lend it a more personalized touch.

Prior to setting out your plan of action, brainstorm on topics such as availability of possible mentors during the process, connections and previously encountered obstacles. These may come in handy during the auditing process and help you to better understand your options.

A good general action plan may look like this:

  1. Interview management, decide audit scope while setting parameters, decide on suitable audit procedures.
  2. Test out and experiment in reference to scope decisions to ensure these are fair parameters.
  3. Study and document various systems or operations in perspective of the audit.
  4.  Identification of potential risks in operations as well as suggested changes.
  5. Communicate with management regarding the previous phase and finalize changes.
  6. Finish documentation and include findings of the audit.
  7. Include a safety buffer of timing in case of unexpected delays in the previous procedures.
  8. Successful completion of the Audit.

by -
Improving Your Root Cause Analysis -

When analyzing a problem and determining its root cause, you need to apply logical and critical thinking, analytical skills and calculations to fit pieces together like a puzzle to present a picture that makes sense to the beholder. When fixing a problem, it shouldn’t be enough to just use a band-aid solution – if you fix the symptoms only, the problem is more likely to occur again. You should want to determine the root cause of the problem to ensure that it never happens again. Determining a root cause can be an easy few questions and answers, but here at ISO Update, we want to help you improve your ISO 9001 Root Cause Analysis to ensure your organization is performing at its best.

Determining your Root Cause

A root cause analysis is a technique used to understand and solve a problem. It helps the observer to locate the cause and reason/factors that led to the problem in the first place. Simply put, by performing a root cause analysis you will identify the problem, find its cause and determine what measures should be taken to erase the problem to ensure it won’t happen again.

  • What is the problem?
  • What are the symptoms?
  • What circumstances prompted this problem to arise?
  • What caused the problem?
  • Are there other problems related to this problem?

Using open-ended questions and continuing to be curious will allow you to determine the actual problem, and its actual cause, not just your initial assumptions. It’s entirely possible your assumption is correct, but ensure you are properly investigating every aspect of the problem and its cause to ensure you are not providing band-aid solutions to problems that aren’t really a problem. The more you polish your ability to question your surroundings, the more your brain will grow its powers of analysis, cause detecting abilities, and potential abilities to root out any problem. Using frameworks and techniques like the 5 Whys – used in the Analyze phase of the Six Sigma DMAIC (Define, Measure, Analyze, Improve, Control) methodology – can help you organize your thoughts into a rational flow while digging deep into the root cause of a problem.

The 5 Whys & Its Benefits

The 5 Whys Methodology asks you to “Ask Why”. It’s an interview and questioning tactic meant to help in identifying the root cause problem quickly, and logically. Furthermore, it helps in determining the relationship between different root causes, it can be learned quickly and doesn’t require statistical analysis. The first rule of thumb for determining any cause of the problem is understanding the fundamental issue. It consists of identifying what exactly is the problem.

Let’s consider an example – Problem Statement: You are on your way to work and your car stops in the middle of the road.

1. Why did your car stop?

  • Because it ran out of gas.

2. Why did it run out of gas?

  • Because I didn’t buy any gas on my way to work.

3. Why didn’t you put gas in your car on your way to work?

  • Because I was running late

4. Why were you running late to work?

  • Because I over-slept

5. Why did you over-sleep?

  • Because I worked late last night working overtime.

6. Why did you work overtime

  • Because I need more money to afford XYZ

Interesting. Here we learnt that our employees are late to work and losing sleep because they feel they need to work overtime to afford something. What was an original assumption that a person was lazy or unreliable to work, is actually a person struggling and needing more money to enjoy their life outside of work. What may have been a management decision to discipline a late employee now becomes a discussion on employee work satisfaction, wages and overtime best practices. Do not restrict yourself to 5 Why’s, and sometimes 5 is too many, instead use this method to help find answers, ask more questions, and stop asking why when you are satisfied you have valid information to work from.

Why should companies embrace root cause? According to ERIC RIES of Harvard Business Review, there are four benefits

  1. It helps find the human problem.
  2. Determine the time to fix the problem.
  3. Prevent operational problems.
  4. Find your optimal pace of work.

Improving your Analysis

A good way to start expanding your analytical skills is through the power of the observation. The more you expose yourself to different ideas, the more you’ll increase your own cognitive abilities. Analysis is more of a learned skill, like Sherlock Holmes, a powerful observation could reveal to you the most deeply hidden secrets and faults. It’s about honing your skills, keeping your eyes open to the minor details and then filing them away one by one like puzzle pieces. Done properly all the data you store up in your brain will present itself to be sorted in order.

After completing your Root Cause Analysis and learning Why? the next step is figuring out How? How did your system allow this problem to happen? – How to place the data you have collected in its proper order? How to properly do things moving forward? Answering this will help determine the correct order and importance of the events you need to complete to correct your system. Improving your Root Cause Analysis with the 5 Why’s and finding the root of a problem and not just fixing a problem with a band-aid will help your overall business and most likely increase employee morale. Strive to constantly improve your analysis skills by practising your problem-solving skills. Ask questions of your employees and interested parties, and care about their answers. Collect information in the most simple ways – observe your everyday organization, their problems, their triumphs and collect data, categorize everything and then go deeper to the root of the problem to rule out all the symptoms that are causing the problems in the first place. Improve your root cause analysis by always staying curious.

by -
Becoming an ISO 9001 Auditor -

Are you interested in becoming an ISO 9001 auditor, either for your own organization as a quality specialist internal auditor or for a third-party Certification Body? The role of an ISO Auditor is described as: “responsible for ensuring that the production systems and processes of manufacturing firms comply with ISO standards. They must conduct surveillance and assessment of these firms and report any non-conformity in audit reports. ISO auditors also make necessary recommendations to help the system operate in compliance with required ISO standards.” – Source

You will need to take the necessary steps to train yourself and seek training on the various companion requirements, the standard, and its best practices. Becoming an auditor will take time and a detailed understanding of the ISO 9001:2015 standard.


To become an auditor, you will first need the necessary training. As an auditor, you need to demonstrate knowledge of ISO standards and comprehension of the standard you will audit against, along with its companion material and standards for proper auditing techniques and expectations. Consider taking introductory-level courses if you are brand new to ISO 9001 like an awareness course or introduction to the standard course. These courses are often low cost, and low time commitment and allow you to learn about the standard either in class or online. You will also need to take a Lead Auditor or Internal Auditor course to learn auditing techniques and requirements.

Looking for a training program? ISO Update can help!

Completing audits as an observer or auditor-in-training will help you meet requirements for audit experience and learn from experienced auditors.

Consider your work history and work experience too. Once you become an auditor, obtaining technical industry codes will help you with booking jobs. For example, if you have experience in construction, you can obtain that specific code which will allow you to audit for organizations with its respective IAF, SIC and NACE codes. Use your work history and experience to your advantage when you are becoming an auditor.


The amount of money an ISO auditor makes depends upon their experience and auditing skills. An auditor has an earning potential that ranges but is typically around $90,000 USD per year.


Due to the nature of certification, auditors do expose themselves to legal claims and liability that could be financially detrimental. It is important to recognize these risks, and properly prepare yourself for this with insurance and coverage. If you are working for a CB, they may demand a certain level or plan for you with their own insurance provider, or an industry-standard option in your region. If you are in the United States or Australia, consider looking into Exemplar Global options, found here.


As a Lead Auditor, you are responsible for leading the audit team, preparing the audit plans, delivering meetings and submitting the audit reports and findings at the end of each audit.  If you are part of the audit team, you report to the Lead Auditor who will assign you specific areas to audit and report on, and a timeline to submit your report. You will not be responsible to present during opening and closing meetings, and you will not be responsible for creating and submitting the final audit report.


  • Possess strong analytical and problem-solving abilities
  • Manage a team of auditors
  • Evaluate an organization’s processes for compliance with quality requirements
  • Develop audit plans and schedules
  • Participate in quality audits (and lead a team of quality auditors, when needed)
  • Identify processes, situations, etc., where an organization is meeting requirements, as well as identify opportunities for improvement
  • Develop audit reports and present to top management
  • Assist with follow-up audits, as required


To be a lead auditor you must have a varying minimum number of years of full-time general work experience and practical experience in applying ISO principles, procedures and techniques. You will need to seek out certification training from a personnel certification body and perform the required auditing time via shadowing other auditors. Lead auditor certification generally requires tertiary education plus two years of work experience as a lead auditor in training.

Auditors should also have strong interpersonal skills and be comfortable with public speaking, and proficient in the written and spoken language in which you will be auditing. Being proficient in Microsoft Office is also helpful as you will need to develop written reports and format appropriately for the organization you are working for.

Auditors should also be able to think outside the box to problem-solve if audit plans do not go according to plan. Whilst an auditor should be prepared well in advanced and aware of time management due to the interpretive nature of auditing an organization, the auditor should also be able to re-prioritize if circumstances out of their control change the plan.