by -
Improving Your Root Cause Analysis -

When analyzing a problem and determining its root cause, you need to apply logical and critical thinking, analytical skills and calculations to fit pieces together like a puzzle to present a picture that makes sense to the beholder. When fixing a problem, it shouldn’t be enough to just use a band-aid solution – if you fix the symptoms only, the problem is more likely to occur again. You should want to determine the root cause of the problem to ensure that it never happens again. Determining a root cause can be an easy few questions and answers, but here at ISO Update, we want to help you improve your ISO 9001 Root Cause Analysis to ensure your organization is performing at its best.

Determining your Root Cause

A root cause analysis is a technique used to understand and solve a problem. It helps the observer to locate the cause and reason/factors that led to the problem in the first place. Simply put, by performing a root cause analysis you will identify the problem, find its cause and determine what measures should be taken to erase the problem to ensure it won’t happen again.

  • What is the problem?
  • What are the symptoms?
  • What circumstances prompted this problem to arise?
  • What caused the problem?
  • Are there other problems related to this problem?

Using open-ended questions and continuing to be curious will allow you to determine the actual problem, and its actual cause, not just your initial assumptions. It’s entirely possible your assumption is correct, but ensure you are properly investigating every aspect of the problem and its cause to ensure you are not providing band-aid solutions to problems that aren’t really a problem. The more you polish your ability to question your surroundings, the more your brain will grow its powers of analysis, cause detecting abilities, and potential abilities to root out any problem. Using frameworks and techniques like the 5 Whys – used in the Analyze phase of the Six Sigma DMAIC (Define, Measure, Analyze, Improve, Control) methodology – can help you organize your thoughts into a rational flow while digging deep into the root cause of a problem.

The 5 Whys & Its Benefits

The 5 Whys Methodology asks you to “Ask Why”. It’s an interview and questioning tactic meant to help in identifying the root cause problem quickly, and logically. Furthermore, it helps in determining the relationship between different root causes, it can be learned quickly and doesn’t require statistical analysis. The first rule of thumb for determining any cause of the problem is understanding the fundamental issue. It consists of identifying what exactly is the problem.

Let’s consider an example – Problem Statement: You are on your way to work and your car stops in the middle of the road.

1. Why did your car stop?

  • Because it ran out of gas.

2. Why did it run out of gas?

  • Because I didn’t buy any gas on my way to work.

3. Why didn’t you put gas in your car on your way to work?

  • Because I was running late

4. Why were you running late to work?

  • Because I over-slept

5. Why did you over-sleep?

  • Because I worked late last night working overtime.

6. Why did you work overtime

  • Because I need more money to afford XYZ

Interesting. Here we learnt that our employees are late to work and losing sleep because they feel they need to work overtime to afford something. What was an original assumption that a person was lazy or unreliable to work, is actually a person struggling and needing more money to enjoy their life outside of work. What may have been a management decision to discipline a late employee now becomes a discussion on employee work satisfaction, wages and overtime best practices. Do not restrict yourself to 5 Why’s, and sometimes 5 is too many, instead use this method to help find answers, ask more questions, and stop asking why when you are satisfied you have valid information to work from.

Why should companies embrace root cause? According to ERIC RIES of Harvard Business Review, there are four benefits

  1. It helps find the human problem.
  2. Determine the time to fix the problem.
  3. Prevent operational problems.
  4. Find your optimal pace of work.

Improving your Analysis

A good way to start expanding your analytical skills is through the power of the observation. The more you expose yourself to different ideas, the more you’ll increase your own cognitive abilities. Analysis is more of a learned skill, like Sherlock Holmes, a powerful observation could reveal to you the most deeply hidden secrets and faults. It’s about honing your skills, keeping your eyes open to the minor details and then filing them away one by one like puzzle pieces. Done properly all the data you store up in your brain will present itself to be sorted in order.

After completing your Root Cause Analysis and learning Why? the next step is figuring out How? How did your system allow this problem to happen? – How to place the data you have collected in its proper order? How to properly do things moving forward? Answering this will help determine the correct order and importance of the events you need to complete to correct your system. Improving your Root Cause Analysis with the 5 Why’s and finding the root of a problem and not just fixing a problem with a band-aid will help your overall business and most likely increase employee morale. Strive to constantly improve your analysis skills by practising your problem-solving skills. Ask questions of your employees and interested parties, and care about their answers. Collect information in the most simple ways – observe your everyday organization, their problems, their triumphs and collect data, categorize everything and then go deeper to the root of the problem to rule out all the symptoms that are causing the problems in the first place. Improve your root cause analysis by always staying curious.

by -
Becoming an ISO 9001 Auditor -

Are you interested in becoming an ISO 9001 auditor, either for your own organization as a quality specialist internal auditor or for a third-party Certification Body? The role of an ISO Auditor is described as: “responsible for ensuring that the production systems and processes of manufacturing firms comply with ISO standards. They must conduct surveillance and assessment of these firms and report any non-conformity in audit reports. ISO auditors also make necessary recommendations to help the system operate in compliance with required ISO standards.” – Source

You will need to take the necessary steps to train yourself and seek training on the various companion requirements, the standard, and its best practices. Becoming an auditor will take time and a detailed understanding of the ISO 9001:2015 standard.


To become an auditor, you will first need the necessary training. As an auditor, you need to demonstrate knowledge of ISO standards and comprehension of the standard you will audit against, along with its companion material and standards for proper auditing techniques and expectations. Consider taking introductory-level courses if you are brand new to ISO 9001 like an awareness course or introduction to the standard course. These courses are often low cost, and low time commitment and allow you to learn about the standard either in class or online. You will also need to take a Lead Auditor or Internal Auditor course to learn auditing techniques and requirements.

Looking for a training program? ISO Update can help!

Completing audits as an observer or auditor-in-training will help you meet requirements for audit experience and learn from experienced auditors.

Consider your work history and work experience too. Once you become an auditor, obtaining technical industry codes will help you with booking jobs. For example, if you have experience in construction, you can obtain that specific code which will allow you to audit for organizations with its respective IAF, SIC and NACE codes. Use your work history and experience to your advantage when you are becoming an auditor.


The amount of money an ISO auditor makes depends upon their experience and auditing skills. An auditor has an earning potential that ranges but is typically around $90,000 USD per year.


Due to the nature of certification, auditors do expose themselves to legal claims and liability that could be financially detrimental. It is important to recognize these risks, and properly prepare yourself for this with insurance and coverage. If you are working for a CB, they may demand a certain level or plan for you with their own insurance provider, or an industry-standard option in your region. If you are in the United States or Australia, consider looking into Exemplar Global options, found here.


As a Lead Auditor, you are responsible for leading the audit team, preparing the audit plans, delivering meetings and submitting the audit reports and findings at the end of each audit.  If you are part of the audit team, you report to the Lead Auditor who will assign you specific areas to audit and report on, and a timeline to submit your report. You will not be responsible to present during opening and closing meetings, and you will not be responsible for creating and submitting the final audit report.


  • Possess strong analytical and problem-solving abilities
  • Manage a team of auditors
  • Evaluate an organization’s processes for compliance with quality requirements
  • Develop audit plans and schedules
  • Participate in quality audits (and lead a team of quality auditors, when needed)
  • Identify processes, situations, etc., where an organization is meeting requirements, as well as identify opportunities for improvement
  • Develop audit reports and present to top management
  • Assist with follow-up audits, as required


To be a lead auditor you must have a varying minimum number of years of full-time general work experience and practical experience in applying ISO principles, procedures and techniques. You will need to seek out certification training from a personnel certification body and perform the required auditing time via shadowing other auditors. Lead auditor certification generally requires tertiary education plus two years of work experience as a lead auditor in training.

Auditors should also have strong interpersonal skills and be comfortable with public speaking, and proficient in the written and spoken language in which you will be auditing. Being proficient in Microsoft Office is also helpful as you will need to develop written reports and format appropriately for the organization you are working for.

Auditors should also be able to think outside the box to problem-solve if audit plans do not go according to plan. Whilst an auditor should be prepared well in advanced and aware of time management due to the interpretive nature of auditing an organization, the auditor should also be able to re-prioritize if circumstances out of their control change the plan.

by -
Big Data in Auditing -

Written by: Ken Lynch of Reciprocity Labs

Behind any pile of data is a story. Ideally, the data provides a well-outlined plot of the strengths, weaknesses, risks, and opportunities that your business faces. Unless your business can analyze this data, the story it tells remains hidden behind facts and figures.

Lucky for modern-day businesses, the conventional approach for auditing and data analytics has provided a baseline for firms to leverage the power of big data. Using these strategies, organizations can predict market patterns, investment opportunities, and business risks- all which influence the decision-making process.

Sadly, the precision at which these conventional strategies can predict the future isn’t enough. The good thing is that big data looks to fill the gaps that conventional approaches have, and revolutionize the entire auditing and analytics industry. As long as you can leverage big data, auditing for clients will be a walk in the park.

Read on to learn about the opportunities that big data presents your business and common challenges to its adoption:

The Perks Of Big Data

1.   Enhanced Audit Quality

Conventionally, auditors had to sample their client’s data to come up with useful insights. Though sampling has been effective for some time, it doesn’t provide enough precision. You typically have to ignore data anomalies a well as outliers, which can often help identify risks before they occur. Big data analytics systems will help you to analyze a wider scope of data, if not all the necessary data, to come up with more precise conclusions.

Also, it will allow you to analyze your client’s data early in the auditing process, making it easy to streamline the rest of the process. You can pick metrics for analysis early, identify problems, and know the kind of audit evidence to look for.

2.   Improving The Auditing Frequency

Other than being costly, data analysis can be quite time-consuming, especially if you lack the necessary analytics tools. This is why firms choose to analyze their data after every fiscal quarter or year- even though they know that frequent analysis will yield better results. Luckily big data streamlines the data analytics process, reducing auditing lead times.

As a result, businesses can enjoy more audits at a reduced cost. Not only does this continuous testing revolutionize risk identification, but it also paves the way for accurate control assessments as well as timely insights.

3.   Improved Client Service

As outlined above, big data helps shorten the auditing process as well as improve the results. Such factors can be quite helpful in the decision-making process by clients. Even better, this new approach to data analytics ensures that you can communicate time-sensitive threats and opportunities early enough, making the role of auditors in the business growth scene even more appreciated.

How Big Data Is Transforming The Audit

Auditors work in the interest of all stakeholders. They help with the quality assurance of businesses, from a financial to a security standpoint. They deliver insights that improve reporting, identify business risks, and even offer insights on tailored fields.

While conventional technology had played a significant role in supporting the task of the auditor, it limited their power. With big data and developments in the analytics field, everything changes for you as an auditor. You can now focus on an entire population of audit-relevant data instead of trying to fixate your judgment on a mere sample. It even allows you to tailor your auditing journey to deliver the right results.  

Algorithms For Data Analysis Make Big Data Even More Useful

Present-day auditing applications that are based on big data are designed with a series of algorithms. This provides a platform for both running checks for completeness and formatting analysis. At the very least, such algorithms help to streamlines a formerly manual process.

The applications will offer you, as an auditor, a dashboard-based information pool from which you can draw conclusions. It also becomes easy to check for anomalies and outliers, as well as pay attention to any red flags early. By combining them with the traditional approach to analysis and auditing, the extent to which such algorithms can change the business world is huge.

Auditors And Analysts Can Shift Their Focus Towards Risks

Ideally, data collection, processing, and checking are one of the most time-consuming tasks for auditors. These algorithms help reduce the role that you can play in the initial stages of data collection as well as the processing and checking the data. As the application does it all for you, you can shift your focus on the intricate details of auditing.

This allows for better performance benchmarking and the use of resources. The biggest benefit is that auditing and analysis oversight is enhanced. However, it will be essential to train people on the skills needed to use big data and related tools in auditing and analytics.

Threats To The Integration Of Big Data

There is a reason why big data hasn’t yet gained enough traction in the auditing field. The threats that slow down its integration are many, but they aren’t insurmountable. Here are some of them:

1.   Barriers To Capturing Company Data

As long as you can access client data, it can be pretty easy to use big data analytics in the auditing process. You could draw conclusions and even identify threats in a fraction of the time it would have taken you to do so if you were using conventional means. However, the fact that you have to access company data brings in the form of complexity.

Businesses spend years layering security tools to reduce the data security risks their data faces. To gain access to this data, auditors have to rely on a time-consuming approval process, with some businesses being reluctant in providing the data completely. Instead, they claim that they will be putting their data at risk, which is understandable.

2.   Data Extraction Isn’t An Auditing Competency

Businesses typically use a number of accounting systems to achieve their accounting needs. Since data extraction is not a core competency for auditors, and most businesses lack this competency, it adds a layer of complexity.

Ideally, you might have to go through a lot of back and forth between you and the organization you are auditing to capture the necessary data. Without enough insights into how data extraction works, this might seem like an uphill task.  

While conventional audits focused on the general ledger, you will need to obtain information from the sub-ledgers to truly enjoy the benefits of big data. Sadly, this also increases the complexity of integrating big data into auditing.

3.   Finding The Balance Between Auditor Judgment And Analytics

It is pretty easy to use descriptive analytics to pinpoint threats and opportunities that lie in the shadows. For instance, if a situation of fraud has been plaguing a business, you can easily point it out to your clients. Sadly, it is a little bit tougher to produce audit evidence trying to respond to the identified risks.

Big data mainly relies on the black box nature of analytics, whereby rules and algorithms are needed to transform the collected data into reports and visualizations. Once the data gets to this stage, auditors need to find a balance between relying on these analytics and using their judgment to make the necessary conclusions.

4.   Auditor Training Is Yet To Change

As outlined above, big data completely revolutionizes the auditing job. It requires you to have both analytics and IT skills as an auditor. This will allow you to know the kind of questions to ask the collected data and know how to use the analytical output to produce quality audit evidence. Simply put, the new skills make deriving business insights and drawing conclusions pretty easy.

However, the modern-day training for auditors hasn’t yet caught up with the demand for big data. The learning and development programs at the college level are mostly based on the conventional approach to auditing. This means that an auditor that comes from these levels will have a hard time adjusting to the new requirements.

Ideally, getting rid of this problem requires a ground-up approach to auditing training. Learning institutions need to incorporate the necessary big data skills into their training to arm auditors with the right skills.

The Changes That Big Data Brings Along

1.   Auditing And Analytics Standards Have To Adapt

Since time immemorial, the role of auditors has been governed by a specific set of standards. These standards have been governing what you can and cannot do as an auditor. They have control over how you communicate with clients and what tools you can use. However, they limit the use of big data tools in auditing and analytics.

The new tools disrupt data management, workflow management, as well as data interrogation. Without changes in these standards, some of these tools might never be used as effectively as they should be used. Ideally, the regulatory bodies that make such standards need to update them to pave the way for big data and related tools.

2.   Skillsets Need To Change

Ignorance can never be an excuse in the face of disruption. You need to be well versed with the latest analytics skills to remain competitive in the world of big data. Ideally, it starts at the college level. Sadly, a single issue has made it tough for the necessary skillsets in a world run by big data to gain traction.

Having not taught students about the recent developments in the different fields, learning institutions choose not to test such areas. On the other and, students fail to study those specific areas since they know they won’t be tested. The good thing is that institutions are slowly updating their courses to incorporate ad hoc changes, and online platforms are offering courses that can help arm you with these skills.

Regardless of whether you are working or a student, you need to access courses that can help you sharpen your skills for a world centered on big data. While training on the job is possible, go beyond this. The only way to be effectively competitive is to immerse yourself in the most recent developments. The good thing is that this will be straightforward as long as you have the conventional auditing practices as your baseline.

3.   Audits And Analysis Need To Dig Deeper

Big data provides more insights than before. It allows auditors to dig deeper into their client’s data environments and identify anomalies and risks that they previously couldn’t. Even better, it makes it easy to turn analytics and audits into a continuous process, offering businesses real-time insights throughout the year.

As an auditor, you need to have the necessary applications and tools to achieve both of these improvements. You should also change the way you describe your offering to clients to ensure that they understand that audit and analytics quality is better than before.

4.   Security Needs To Be Improved

Big data uses both structured and unstructured data to come up with business insights. Some of this data can range from communications with clients to financial data. The bad thing is that there is a looming threat of this data falling in the hands of cybercriminals. If this happens, not only could be the future of businesses in jeopardy, but their relationships with their clients and other stakeholders could also be at risk.

Ideally, businesses need to invest in security tools that fit right into their data environments without making big data analytics tough. On the other hand, you- as an auditor- should assess the tools you use for auditing with a lot of criticism. The last thing any auditor wants is to compromise the security of their client’s data when doing their job. This is why training in the latest developments in a world run by big data is essential.

Big data promises a lot of opportunities in the world of audits and analytics- from increasing analytics efficiency to improving the decision-making process. As long as the challenges behind the adoption of big data in analytics and auditing are eliminated, it will be much easier for businesses to grow and tackle risks. Be sure to up-skill and keep up with trends in the big data world to take advantage of it.

About the Author

Ken Lynch Reciprocity Labs -

Ken Lynch is an enterprise software startup veteran, who has always been fascinated about what drives workers to work and how to make work more engaging. Ken founded Reciprocity to pursue just that. He has propelled Reciprocity’s success with this mission-based goal of engaging employees with the governance, risk, and compliance goals of their company in order to create more socially minded corporate citizens. Ken earned his BS in Computer Science and Electrical Engineering from MIT.  Learn more at

by -
What is an ISO Management System -

The ISO 9001:2015 standard was designed by The International Organization for Standardization (ISO) to provide a framework for an effective system for organizations in any industry to demonstrate to their customers their commitment to quality and enhanced customer satisfaction. ISO 9001 was developed to facilitate international trade and allow organizations and consumers from all over the globe to understand that when they encounter an organization with an ISO 9001 certification, they can be confident in the quality of products and services they can expect. Subscribing to and becoming certified to an international standard like ISO 9001 means your system produces products and services of consistent and exceptional quality that consumers can rely on time and time again.

Before you can become certified to ISO 9001, you need to implement the management system effectively within your organization. The Standard includes base requirements like the needs and expectations of interested parties within the scope of the standard. The requirements are not industry-specific for ISO 9001, but certain industries like Aerospace do have a specific standard which includes ISO 9001 as the base model with specific industry requirements added for their industry needs.

The requirements of the standard must be met to fully implement an effective Quality Management System (QMS) that allows your organization to consistently produce products or provide services that not only meet your customers’ needs but also subscribe to its globally acclaimed regulatory requirements. If you are looking to become certified for the first time, give yourself adequate time to properly implement your system before you seek certification from a Certification Body, roughly 3 months should give your organization time to implement in house or with the help of a Consultant.

Find a Consultant in your area.

What is a Management System?
According to ISO, “A management system is the way in which an organization manages the inter-related parts of its business in order to achieve its objectives.”

In case that still sounds vague, a quality management system is just a detailed set of processes and policies that are incorporated in the core business area of an organization to ensure that it meets its organizational objectives like consistent service quality, environmental concerns, maximum operational efficiency, etc.

ISO 9001 is one of these Quality Management Systems, arguably the most comprehensive and acclaimed one, which can be applied to organizations in any industry.

What are the 7 Quality Management Principles?
ISO 9001:2015 is primarily guided by 7 principles, below we’ll give you a quick explanation on each of these and why there is focus on them specifically:

Customer focus: An organization can achieve sustained success when it focuses on customer needs and exceeding their expectations.
Leadership: Organizations maintain cohesiveness and internal engagement when they focus on establishing unity of purpose and direction in leaders at all levels.
Engagement of people: Enhanced capability to achieve set quality objectives is possible when employees at all levels are sufficiently informed and engaged.
Process approach: Consistency of quality services is achieved most efficiently when all activities and interrelated processes within the system are managed.
Improvement: Organizations can best maintain and surpass current performance levels by fostering an ongoing policy of continual improvement.
Evidence-based decision making: Organizations can make objectively better-informed decisions in regards to internal processes by analyzing and evaluating existing data and evidence.
Relationship management: Performance optimization is better achieved when organizations effectively manage relationships with supplier and partner networks that are existing/potential stakeholders towards sustained success.

Want to learn more about the 7 Quality Management Principles that Standards are Based on? Read the full article here.

ISO Certification

To fully reap the advantages of implementing an ISO standard you should investigate becoming certified to the standard by an accredited, third-party Certification Body (CB). What is involved in becoming certified to ISO 9001? You need to be able to demonstrate to a third-party auditor that your organization adheres to the requirements of the standard. The length and duration of your audit will depend on the size of your organization and the number of locations you have. When you contact a Certification Body for an estimate of cost, they will detail to you the number of days and auditors who will be present and explain to their rationale. Location of the auditor is also important as travel expenses, such as meals will be billable to your organization.

Certification audits happen in a 3-year cycle, year 1 being your first certification audit where the Certification Body auditor conducts a thorough audit of your system to determine if you are compliant with the requirements of the standard and meet the requirements for certification. Year 2 and 3 are “Surveillance Audits” where the CB auditor performs an audit of selected processes and requirements to ensure you are continuing to meet requirements and maintain your certification. By becoming ISO 9001 certified, you will be able to market your ISO certification to advertise your credibility and effective processes. Your company will become more credible to clients and offers you a substantial amount of competitive edge in the market which is especially beneficial when you’re on the lookout for business partners.

by -
Choosing the Right ISO Consultant - ISO Update

The current competitive marketplace is demanding for quality products and services that deliver exceptional customer experience. Getting globally recognized as a “quality first” brand can be the key to achieving a competitive edge in today’s growing global marketplace. If you are considering certification, choosing the right ISO Consultant is a critical decision that will determine how efficiently and seamlessly your certification process will take place. The right consultant can also change how fast you achieve certification.

In the whole process of ISO certification, your ISO consultant plays a pivotal role in terms of providing solutions for problems you may not have even realized. Hence your consultant must be knowledgeable on the process flows, required optimizations and compliance parameters.

Important note: An ISO consultant cannot give you an ISO certificate, that is the role of a Certification Body (CB). Your consultant is responsible for setting you up to be ISO compliant and passing the external quality audit performed by a third-party auditor from a CB. It is only after passing your external audit that your organization is issued the ISO Certificate. Consider your ISO consultant an extension of your organization, not a third party.

Parameters you should be assessing while choosing your ISO Consultants:

Relevant Knowledge and Expertise

When selecting a consultant for the implementation of a standard in your organization, consider their knowledge on the fundamentals of ISO Standards, specific requirements, common mistakes they have seen in their history as a consultant, documentation support, etc., because you will need to rely on them to be the expert on ISO so you can remain the expert on your organization. You should also consider the consultant’s history and track record for the number of certifications issued for their clients and their current client base. Consider this your initial product review, you may even want to check references and/or reviews as this will illuminate the efficiency of the consultant you are interested in.

Client Reference

Your ISO Consultants should be responsible for providing support for organizations across multiple disciplines and stages. They should be experts in advisory, consulting, management and internal auditing. When considering a consultant, the success rates, past projects, client satisfaction, diverse industry experience, client testimonials and case studies will help you in determining their credibility. Be sure to obtain honest, reliable and credible client references as they are an effective means to choose the right partner to initiate your ISO Certification process.

When finding client references, look for organizations in similar industries or niches to your own who have successfully obtained an ISO certificate as it will give you added confidence that this consultant is comfortable and familiar with your industry and the unique challenges it faces.

Communication and Building Rapport

You will be meeting your consultant for regular reviews, discussions, strategy formulation, internal audits, and other activities deemed necessary, so it is important to build a rapport and trust your consultant. You will be working together for the successful implementation of ISO Complaint processes, final certifications and for renewals each cycle of the certification process. Trusting your consultant to properly advise you is paramount. Ensure you set yourself and your team up for success with proper communication lines – consult your organization to determine if this consultant fits well into your organizational culture. You might want to consider using similar practices as to that of hiring for your own team, as your consultant should be viewed as an extension of your organization.

Customized Services

The ISO Consultants must be competent enough to deliver customized services for their clients as every client should begin with a clean slate. Each organization is different, even within the same industry as their other clients, so it’s important that they tailor every item to your specific needs and listen to your actual practices. It is important to remember that your processes that are written down, should be what you do or will do. When it comes time for your certification audit, the auditor will be checking and double-checking your processes, and if your consultant copied previous examples from their clients and it’s not something you do, you will be written up for a non-conformance. The accuracy and specificity must be detailed by your consultant to ensure your organization is set up for success. Standard implementation should be flexible enough for your needs and must align with the organizational goals while still being compliant with the ISO requirements.

Result Oriented

Being result-oriented is extremely important in the ISO industry. Your ISO consultant will outline an implementation timeline including the process improvements, general dates for internal audits, recommend necessary training, and other important KPI’s (key performance indicators), within the timelines and budgets discussed to ensure your organization will achieve certification. Process improvements and implementations should be selected carefully and strategically to utilize time and resources effectively within your organization to maximize your organization’s potential for future business growth and ensure the standard is a value-added system.

Pricing and Timelines

Proper ISO implementation and certification is a long-term investment and highly result-oriented, therefore, we recommend considering all other factors before you evaluate the dollar value of each consultant you are considering. While price should be a factor in your decision, it is important to know what is associated with the price tag including quality, experience, knowledge and all the factors we’ve already covered in this article.

Hence, while deciding on the pricing, have a detailed meeting and go through the service offerings and capabilities of the ISO Consultants. The quote you receive from your consultant will consider numerous factors like the timelines and turnaround of your certification, your organization’s size, industry, complexity, and if you’ve ever been certified before. If you are brand new to ISO standards, it will be a much more in-depth process to implement your system than if your consultant is simply reviewing and improving your system.

Your consultant must provide clear timelines with milestones and an estimated completion time of the ISO Certification process from the start to getting certified and the renewals when they provide you with a quote. Understand that this might not be exactly accurate to what will happen. As hidden costs and altered timelines might occur during implementation.

Your Checklist for choosing the right ISO Consultant

  • Do they have the required knowledge and expertise on the specific standard you are looking to get certified to?
  • What is their history within your industry? Can they provide you with client reviews and their client history within your industry?
  • Do you trust this consultant and does your organizational culture match with this individual or consulting team?
  • Does this consultant customize their services to meet your requirements and unique challenges?
  • Are they results-oriented and willing to outline specific KPI’s that will ensure your certification is a value-added process?
  • Do you believe the cost of their services is fair for the benefits you will receive?

When considering your ISO consultant, it is important to look at the bigger picture. Consider the time involved with your consultant, your trust and confidence in their work, and the value you believe their work will have in improving your operations. This is a lengthy process depending on your current status with the standard you wish to be certified to, so choosing the best consultant for your specific needs will make your time and investment well worth it in the end if you choose the right consultant for your organization.

About the Author

John Wick is an ISO Consultant working with Aurion ISO Consultants in Dubai. John likes to write on ISO Training, ISO Consulting, latest changes in ISO Standards, industry-wise benefits from getting ISO Certified. Reach out for expert consultation on any ISO related queries.

About Aurion

Aurion ISO Consultants, Dubai offers world-class ISO Services such as Training, Consulting, Certification, Implementation, and Audits in Dubai, UAE and Worldwide.

Aurion ISO Consultants is an Award-Winning Consultant firm in Dubai, UAE and one of the fastest-growing ISO Service provider in the UAE and GCC region. We have assisted 1800 clients across several countries globally.

We provide you with a Single-Window Solution with ISO Consulting, ISO Training, and ISO Implementation and ISO Audit Services. With our ISO Certification, you can transform your business into quality first one.

Contact Us: Aurion ISO Consultants | 0097142504150 | |#213&214,6E-A Dubai Airport Freezone, Dubai |

While you are planning to implement ISO Certification Standards for your organizations, to know more about the ISO Certification standards and all ISO related services from Aurion ISO Consultants, you call us right away!

by -
Developing an ISO 9001 Implementation Plan - ISO Update

Once companies have made the decision to implement a Quality Management System (QMS) like ISO 9001:2015, they are usually faced with a multitude of new considerations and issues to sort through. If you are currently running a successful business, chances are you are complying with a large percentage of the standard, it’s only a matter of being able to prove this to an auditor and document your processes effectively. By developing an implementation plan, you will give yourself goals and action points that will help you and your team efficiently tackle the objective of achieving certification. Working on a thorough implementation plan will not only help break the process down but will also give you a rough idea of the resources and time needed to start implementing the standard.

A bit of preplanning is also required. You will need to determine what your timeline and end goals are and whether they can reasonably be attained. Aim for realistic and practical goals and estimates and consider using generic checklists and “Gap Assessments” that will help you move in the right direction.

Team Approach

A supremely effective method of implementation of ISO 9001 for most companies, regardless of size or nature, happens to be the “Team Approach.” The sizes of these teams can vary from organization to organization, usually 1-2 people per team for smaller organizations vs 5-7 people per team for larger companies. The technique essentially utilizes the concepts of allocation of responsibility to more efficiently utilize resources like time and energy.

Amongst these teams there will be one Steering Team, this is the team chosen to lead the project. The make-up should consist of managers of relevant departments to ensure that the members have the appropriate knowledge and power to allocate further responsibilities within their respected departments. The steering team will be expected to meet regularly and discuss updates and plans. The steering team leader will be the project manager for the implementation and their responsibility will include scheduling meetings and preparing agendas etc.

The steering team will also be tasked with reviewing processes and monitoring the work of task teams. These task teams are expected to document required procedures, modify pre-existing processes and develop new ones according to the framework provided in the ISO standard. There is usually a task team for each system procedure that needs to be created and documented so that the work is efficiently allocated. If you are using a Gap Assessment checklist, it would be wise to indicate the responsible parties for each task on or beside each clause of the standard that they are responsible for. The steering team is also expected to choose a Certification Body for external audit purposes.

You can create any suitable number of task teams; just be sure they are well acquainted with already existing QMS procedures within the company and those outlined in ISO 9001. If this is not the case, consider looking into training courses specifically designed to give participants awareness into the specific standard you are looking to become certified to. Many organizations offer the option to bring their trainer into your office to have a whole team seminar or company-wide seminar to help your organization familiarize themselves with the standard and its purpose within your organization. It is important for your task teams to understand the standard because filling in any possible gaps and updating any outdated processes is a large part of their work. Some company processes will need to be tweaked or drastically changed in order to meet standard requirements; in addition to this, the task team will also be responsible for documenting these changes or any newly added procedures for the purpose of auditing for compliance.

Ideally, a task team will discuss any possible additions and changes during the first few meetings alongside the QMS procedure, any decisions will need to be recorded and sent for approval to the Steering Team.

Planning your ISO 9001 Planning Meetings

Overall, there are a few prime factors to consider before you start your meetings. The most important being to decide on desired procedure implementation according to project goals and setting time constraints for the entire process. Recall that the key to any effective meeting is preparation, this must be handled at both an individual and group level if you aim to see productive results.

by -
ISO 27001 - ISO Update

ISO 27001, is a framework for information security management systems (ISMS). An ISMS is meant to manage sensitive company information to ensure that it remains secure. These are meant to be inclusive of all policies pertaining to legal, technical and physical controls within a company’s information risk management processes.

Developed to “provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information security management system,”  ISO 27001 does this using an extensive 6 part approach or planning process. As the specification addresses a range of sections such as documentation, the need for internal audits, corrective action as well as stresses upon the universal ideal of continual improvement it inspires the need for a cooperative effort within an organization.

What are the requirements of ISO 27001?

According to IT Governance, the two most important activities when implementing ISO 27001 are:

  • Scoping your ISMS (clause 4.3), in which you define what information needs to be protected; and
  • Conducting a risk assessment and defining a risk treatment methodology (clause 6.1.3), in which you identify the threats to your information.

Organisations are also required to complete the following mandatory clauses:

  • Information security policy and objectives (clauses 5.2 and 6.2)
  • Information risk treatment process (clause 6.1.3)
  • Risk treatment plan (clauses 6.1.3 e and 6.2)
  • Risk assessment report (clause 8.2)
  • Records of training, skills, experience and qualifications (clause 7.2)
  • Monitoring and measurement of results (clause 9.1)
  • Internal audit programme (clause 9.2)
  • Results of internal audits (clause 9.2)
  • Results of the management review (clause 9.3)
  • Results of corrective actions (clause 10.1)

In her article, Melanie Watson and IT Governance details the requirements for certification, check it out here.

What are the benefits of ISO 27001?

Implementing an effective information security management system as outlined in the standard, protects your organization and minimizes any potential risks of security breaches which could have large-scale implications by implementing a system of policies to ensure security regardless of the format. The benefits of this include increased customer and business confidence, improved information management processes, and increased business resilience.

The format of any ISO standard and the emphasis on continual improvement also works to ensure the security processes will be updated and constantly improved upon so as to dismiss the possibility of outdated security measures.

If you have made the decision to implement ISO 27001 into your organization and reap the rewards of a robust information security management system, you need to start considering certification. Certification is proof to your interested parties of your conformity to the standard and provides a third-party, impartial assessment of your organization that is meant to be a means of improvement to your inner system to ensure it is working at its peak capacity. Certification is also a great way to motivate your team to work towards a goal and set stringent deadlines for achievement and improvement and give your organization a purpose and end goal for the management of your information security.

Because certification requires the stringent implementation of the procedures outlined in the standard as well as the production of all the mandatory documents and records, the process can be made simpler by having a detailed guide to follow or a checklist to reference.

Find our favourite checklist here.

Recommended references for ISMS

  • ISO/IEC 27001:2013 Information security management systems – Requirements
  • ISO/IEC 27002:2013 Code of practice for information security management
  • ISO/IEC 27004: 2016 Information security management – Measurement
  • ISO/IEC 27005:2018 Information security risk management

Implementation of ISO 27001 allows you to reap numerous benefits and advantages, but to assess whether certification makes sense for your organization you need to investigate what your security goals are and if the integration of ISO 27001 allows you to cover them. Other factors to consider are the experience and qualifications of your team and whether they will be able to implement the standard appropriately. If you do not think your team is capable, you should consider hiring the help of a new internal team member for your quality team, or search for an external consultant. ISO Update has a directory of highly qualified consultants and auditors for you to hire within your region.
A detailed evaluation of your goals and how closely they align with those of ISO 27001 will help your team or consultant help you properly implement the standard and effectively utilize it to ensure certification year after year and the safety of your system for your company’s future. If these are realistic, and you are certain you can incorporate the standard with reasonable efforts it is well worth the resources and work to seek certification to ISO 27001. Read more about ISO 27001 from IT Governance

Hire a Consultant or Auditor for Implementation of ISO 27001

Find a Certification Body

by -
What is Quality in ISO 9001?

The Concept of Quality in ISO 9001

Quality can be defined as “fitness for use,” “customer satisfaction,” “doing things right the first time,” or “zero defects.” Webster’s dictionary defines quality as “a degree of excellence” and “superiority in kind”.

Within an organization, quality is controlled and measured using a quality system – a mechanism that coordinates and maintains the activities of the organization needed to ensure that the characteristics of products, processes or services are within certain bounds. A proper quality system considers all interested parties – everyone directly or indirectly affected by these activities and is typically documented in a quality manual. The quality manual dictates the associated processes and documents that specify procedures and standards to achieve and maintain quality of goods, services and outputs of the company.

Basic Elements in a Quality System

There are three basic elements in a quality system: Quality Management, Quality Control, and Quality Assurance.

  • Quality Management being the means of implementing and carrying out the quality policy.
  • Quality Control being all the techniques and activities of an organization that continuously monitor and improve the conformance of products, processes or services to specifications.
  • Quality Assurance being all the planned and systematic actions necessary to assure that a product or service will satisfy the specified requirements.

As stated in an ANSI/ASQ standard: “Quality control has to do with making quality what it should be, and quality assurance has to do with making sure quality is what it should be.”

Quality Audits

How can an organization determine if their Quality System is effective? This is done through a quality audit – an independent assessment comparing the various management and quality activities to a specific standard.

An independent assessment implies that the person performing the audit is not associated with the activity being audited. In the past, the specific standard to which a quality system was compared was up to the business owners themselves. Be it customer satisfaction, internal approval or whatever was deemed acceptable to leave the factory. It wasn’t until 1987 that an ISO technical committee developed and published the ISO 9000 family of standards – quality standards that set the benchmark for the minimum requirements for an adequate quality system. – Source

What are Quality Standards?

Quality Standards can be defined as “documents that provide requirements, specifications, guidelines, or characteristics that can be used consistently to ensure that materials, products, processes, and services are fit for their purpose”. – Source

Advantage International Registrar - Request a Quote

Using standards, an organization can effectively share their goals, processes, procedures, and vocabulary needed to meet the expectations of their stakeholders. Standards provide organizations with an effective road map for the understanding, procedures, and vocabulary needed to meet the expectations of their stakeholders. Because standards provide descriptions and terminology, they allow for ease in international communication and help increase trust between international consumers, suppliers and trade.

One specific standard that is most well known and attributed to Quality is ISO 9001.

ISO 9001 is the internationally recognized QMS standard that was designed as a business improvement tool to help organizations of any size continually improve and streamline operations, reduce operating costs, satisfy more customers and win more business. 

Read more from ISO Update:

ISO 9001 helps organizations from the ground up, working to standardize their processes effectively to work towards the end goal of providing exceptional outputs to their customers. Your whole system should work in a way that it constantly measures and checks that you are working in such a way as to produce the highest quality output. This is not simply in measuring the weight or using the right material, but this also encompasses your hiring process, your training methods, and your day to day activities. ISO 9001 sets up the framework for how you can properly measure, monitor and improve your processes in such a way that sets you up for success in the short and long term. ISO 9001 is an internationally recognized and trusted standard, often required to do business internationally.

Want to learn more about ISO 9001? Are you considering certification? Ask an expert:

Advantage International Registrar - Request a Quote

by -
When Quality Fails - ISO Update

Standards function to provide the end-user with quality products and services, but they also protect the vitality and reputation of a business. Your system should be built in such a way that it is constantly putting measures and checkpoints in place that does not allow product to leave your hands until it is safe, and up to yours and your customers’ standards. So, how does a product of subpar quality leave your plant? Who is responsible? How did your management system allow this failure to happen? When your product fails, or worse, you must issue a recall and you want to assign blame. Who is to blame? Why did your system fail you?

Case Study – Toyota Unintended Acceleration Recall, 2009

If an auto manufacturer finds flaws in their cars and lists a product recall, the public’s perception of this company will suffer. No greater example of this exists than the 2009 recall of Toyota sedans.

Toyota issued a recall of 8.5 million of their sedans in 2009 due to unintended acceleration caused by floor mat issues, brake problems and “sticky” gas pedals. The recall was issued in response to accidental deaths and provides an example of the grave consequences that may arise from poor execution of a QMS. In this case study, findings suggest that Toyota ignored quality warnings when failures began to happen. This is not a problem that is exclusive to Toyota, but rather an industry, and worldwide, problem. Read the full case study here.

InfoTrend dives into the deteriorated public opinion of Toyota immediately following the recall from the period of 2009-2011 in the United States. They deeply investigated the effects the media had on the public’s opinion, and how the recall shaped their opinion of the brand, being pro-, con- or neutral about the brand.

In 2014, Simply Communicate discussed the strategy Toyota took to rebuild their company image, and their internal culture and morale after the damage took its toll on the company. The shift in the culture at Toyota was substantial, losing talent, working hard to keep talent, and striving to keep employees, even if it meant shifting their jobs, all without losing more profits.

The NHTSA has a handy recall check for those in North America to verify their VIN number against any product recall it may be involved in.

It’s not easy to bounce back from catastrophic product failure, and that is especially true for organizations without multi-millions of profits and bail-out opportunities. It is the goal of a properly implemented ISO 9001 QMS to prevent these failures from happening in the first place. How did my system allow this failure to happen?

How does Failure Occur, and who is to Blame for a Product Failure?

If, or when, a product failure occurs, your organization shouldn’t point fingers. The first question you need to ask is “how did my quality management system allow this failure to occur?”. A simple investigation tactic you may want to implement is “Root-Cause Analysis – 5 Whys”. This method prompts you to ask yourself and your organization “why” until you have a root-cause (this could take fewer or more than 5 “why’s”). The basic framework allows you to develop pathways for why a failure happened in the first place, and where you can identify areas for improvement.

Read more about the 5-Why’s Method and Root-Cause Analysis from ISixSigma

Failures should not be a cause for removal of your certification or attempted to be hidden from your auditor. Failures, especially those caught by your system, should be celebrated. Consider them an indication that your system is working if the problem is caught, and an area for improvement is identified. Feedback is essential for growth, and even negative feedback should be viewed in a positive light and mentality.

Why is Quality Important for My Business?

The aim of any business is to maintain quality to an acceptable standard and failure to do so can result in any number of serious consequences. Quality control is important to guarantee customer satisfaction and more importantly retention. Customers are only likely to be retained and return for another experience if previous services have lived up to their expectations of a certain quality. More importantly, quality also has an effect on company reputation which is paramount to attracting new customers and profits.

Perhaps to customers, the quality of goods or services is the most important aspect of your company, this role proves to be vitally important for the survival and growth of an organization. Maintaining consistent quality without incurring massive costs should then be a primary goal for any organization.

by -
The Cost of Quality Equation - ISO Update

The Cost of Quality operates on the premise that companies need to invest in upfront quality and prevention rather than suffer the grave consequences of failed services or product recall. “CoQ” Cost of Quality Equation is a methodology used to determine and consequently measure the number of resources that an organization is using for prevention activities to maintain the consistent quality of a product. Mathematically speaking, the calculation can be showcased as a simple equation where the Cost of Good Quality and the Cost of Poor Quality equals the total Cost of Quality.

CoQ = CoGQ + CoPQ

Effective use of this methodology allows for companies to accurately measure the costs of each factor which aids in identifying problematic sectors. Companies can then allocate resources to improve product and process quality in said areas. According to estimation, the cost of quality amounts to around 15-40% of total business costs; therefore, the methodology provides key information to management in order to maximize the quality of the finished goods/services as well as minimize overall costs. Any analysis done on these factors ensures easy identification of problem areas where there is room for improvement. – Source

Cost of Good Quality (CoGQ)

The first part of the equation, “CoGQ”, includes all the various costs accumulated from prevention steps such as quality planning, developing a Quality Management System, employee training, etc. It also includes costs incurred to maintain an acceptable quality standard, or “Appraisal Costs” which include routine inspections, quality audits, process controls and supplier assessments.

Cost of Poor Quality

The second part of the equation, “CoPQ”, includes both internal failures as well as external failures. Internal Failure costs are associated with defects in a product or service that are identified before it reaches the customer such as machine breakdown due to maintenance failure, re-work on service/product, excessive scrap of waste due to poor process, etc. External Failures, however, are found after the product has already been supplied to the market or customer, these may include repair costs, shipping damage, product returns, warranty claims or customer complaints.

Using this methodology allows your organization to determine the extent of resources used that allow your products to maintain high quality and expectations and allows your organization to determine your potential savings gained from the implementation of your systems. Once established, your quality cost equation should be dynamic, constantly revised and updated to reflect the dynamic nature of your business and its needs. The overall outcome of this evaluation should be positive with its impact not just on your business expenses and quality system, but on your organization’s core mission, values and objectives.