As part of Assent’s mission to champion the consultancy industry, Jess from Assent Risk Management has been interviewing experts from all sectors of the consulting profession. In this interview, Jess talks to Kathy Clements a Lead Auditor in ISO 9001 Quality Management and ISO 14001 Environmental Management about ISO for small businesses.

Can small businesses be ISO Certified? 

Yes, absolutely. So it’s always been the case that a business of any size or any industry can go for an ISO. However, since the 2015 version of the ISO 9001 standard came out, they’ve particularly made it easier for everyone to be able to get an ISO certification and ISO 9001 in particular is a great starting point. 

A lot of businesses go for that first to get them kind of used to ISO, as well as because quality tends to be the first thing people think of when it comes to improving what their customers get. Every business is in some way focused on a customer, regardless of the industry. 

So, no, there is no minimum size, because I have clients that’s one person on their own and they’re doing everything, they’re running the business, they’re sorting out the sales, they’re doing the ordering of stuff and the organising and they’re an ISO representative as well. 

There’s no minimum and anyone can join in, especially if you get sort of somebody in to help take some of the weight, like a consultant who can get you through it quicker, so you’re not sat there stressing about what it all means.

What are the benefits for small businesses to gain an ISO Certification?

It’s difficult to categorise them into strictly benefit categories because it’s an overall thing. What you’re looking to do is improve the company as a whole by improving each part. So the first thing for me that I notice, particularly for small companies, is efficiency. Because what we’re doing by putting in an ISO system is we’re saying, let’s look at exactly what you do as a business and exactly how you do it, and then I find if there are bits we can improve or make more efficient. So particularly for small businesses, efficiency is wonderful. ISO takes out the duplication and it means that you can make sure you are covering every aspect that you would need to cover. 

It’s also great for clarifying your processes. It makes you ask questions like ‘What am I doing with that?’ and ‘What does that mean?’ and say, oh, I see. This is what I’m supposed to be doing and this is how we can do it, but I’m already doing that somewhere else. And then you spot things and you can really compact it and make it quicker and easier. And that’s why when it comes to having things like tenders, it’s quicker because you’ve got everything there.

A lot of companies, they go to tender and they have all these questions, do you have this policy? What do you do about that? What’s your process for this? Having an ISO system means you will be able to show all of this quicker. 

As a consultant, I would come in and that’s what I like to do. This is how I handle it with small companies because it is a very organic thing. This is your company and this is what you do. How can we make that really good so that A, it saves you time and B, it’s really clear than for other companies, it shows you’re taking this seriously.

How are ISOs implemented and audited differently for small businesses?

It’s not necessarily about size, necessarily, because you can have a really huge company that has one process and that’s all they do, and therefore there’s less paperwork. You can have a small business that does 62 different things and you have to organise all of them. 

So the way it tends to work with the smaller business is there are less people involved. You’re often talking to the same person for several different processes and you’ll often find that they combine bits of those processes. So when you make your system and let’s say there are 15 documents in your ISO system, well, in a small business, 15 documents might become 10 because 5 of them might be compacted actually into 3 documents or 2 documents instead of 5.

Because there can be that sort of crossover that people go, oh yeah, I do this, but because it’s also me, I don’t have to put it here on this shelf and then have someone come and check it that I’ve done it and then have it moved. You can go, well, I do the thing and then I do the next thing. 

So you can combine things, including your documents, and you often find that it doesn’t necessarily correlate with the size of the company, number of processes, or number of documents, is not necessarily a thing. 

What ISO would you recommend for small businesses?

I would always start with ISO 9001 Quality Management because for me it’s a great starter, it’s a great introduction, it’s almost like a practice because all ISO 9001 is asking you to do is to look at what you’re already doing. You’re not really adding things, only the odd thing here and there. 

Maybe you don’t have a specific non-conformance process for when things go wrong. Well, okay, fine, you’re doing something or your company wouldn’t still be running. You don’t necessarily have a customer feedback process. Well, okay, they’re soon going to tell you if they’re not happy with something. But all we’ve got to do is put a process in place that tells people how to deal with it. 

So for me, it’s one of the smaller standards. In particular, if you compare it to ISO 14001 Environmental Management, which has legal aspects or ISO 27001 Information Security, that’s also got legal aspects and it’s got technical aspects. And the other standards tend to have bits that you can tack on if you’ve already done most of the work with ISO 9001.

Why is using a consultant beneficial for small businesses?

The most obvious thing is time. If you’ve got a consultant coming in and you can say, here’s my stuff, I’ve got to go do something, and the consultant can sit here and can go,  that would make an excellent nonconformance process, look at that risk assessment, we can extend that. 

If you’re doing it yourself, you’ve not only got to get through the terms of the standard, which at first reading can be really just mind-blowing. You get Assent in, we already know the process, we already know what these terms mean, and we kind of see the shortcuts. 

On top of that, a consultant can also be a buffer during the audit section where you’ve got the certification body coming in. You’ve got somebody there who can help the auditor, they know exactly what they will be asking for. Whereas a client is trying to think about so many other things as well because on audit days, you’re not stopping the company to do the audit. The company is running, and often they’re running at a very high capacity, and they’ve got to get an audit done, and they’ve got to try and remember everything we’ve done in the last however many months we’ve been working together. On that day my only job is to make sure people get through their audits.

There is obviously a cost involved in using a consultant, but obviously, it then saves time and so you’re looking at time management, so what’s going to cost more your time or getting someone else to make it more concise for you? 

And that outlay can actually save money in the long run, because if you go to an audit and something happens and then they find a major, you’ve got to have the audit again, you have to pay for the audit again. And that can be as much as just hiring a consultant for that time because that auditing time is of a certain price and you can get however many days of consultancy for the same cost.