Here are answers to some of our most frequently asked questions.
Q. I've heard there is a new version of ISO 9001 to be published soon. Does this mean our certificate won't be valid any more?
A. Standards are reviewed every few years and, if there is a need for changes to be made, a new version is published. Your certification body will keep you informed of the 'transition period' during which you may need to make changes to your management system and achieve certification to the new version. The 2015 version of ISO 9001 focuses on risk management and increases the requirements on top management, and makes it much more business-focussed. We would be delighted to help you through the period of transition to the new standard.
Q. How much would an initial fact-finding meeting with Edworthy Business Management Consultants cost?
A. No cost, and we are often able to provide you with some free-of-charge consultancy at the same time. Providing the journey time is less than two hours each way we make no charge. For greater distances, a small charge will be negotiated and agreed with you.
Please contact us for a meeting - we're waiting to hear from you.
Q. How long would it take for my organisation to achieve certification of our management system?
A. As with any journey, it all depends where you are starting from (and what type of management system you are implementing). For a small organisation with a straightforward business model and some basic management controls already in place, our experience has shown that it is possible to achieve ISO 9001 (Quality Management) certification in less than 3 months.
Organisations with larger or more complex businesses and/or starting without existing systems will take longer. Many organisations find that 6 to 9 months allows them to bed-in their systems, train their workforce and experience the benefits before independent assessment and certification.
Where an organisation already has a good quality management system in place, adding environmental or information security or business continuity management systems is much easier and quicker, time-scales of 2 to 4 months being typical.
Please contact us for a meeting to discover how quickly you could achieve certification - we're waiting to hear from you.
Q. Do we have to have a perfect environmental record to achieve ISO 14001 Environmental Management certification?
A. To achieve ISO 14001 certification your organisation has to demonstrate that it has a robust system of assessing your organisation's environmental impacts (positive and negative), understanding the legal and regulatory environmental requirements applicable to your organisation, and then reducing negative impacts to an extent that meets these regulations and, importantly, is financially acceptable for your business.
It is up to you to determine the environmental performance you are seeking each year, and it is expected that you will be making continual improvements to that performance as time goes on. But you are not expected to go bust trying to achieve ISO 14001!
Please contact us for a meeting to discover how easy it is to achieve this internationally-recognised environmental management certification - we're waiting to hear from you.
Q. Our business data are stored on dual-redundant servers with dedicated power systems in an underground bunker that has bomb-proof locks. What more do we need to do to achieve ISO 27001 Information Security Management certification?
A. First, you will need to broaden your definition of 'information' to include all items of information for which your organisation is responsible. This includes information; stored on computers, transmitted across networks, printed or written on paper, sent by fax, stored on tapes or disk, spoken in conversations (including wired or mobile telephone), sent via e-mail, stored on databases, held on films or microfiche, presented by overhead projector, and any other methods used to convey knowledge and ideas.
Once all your organisation's 'information assets' have been identified, the risks to them must be assessed in terms of the business impact should they become unavailable, corrupted, or their confidentiality is breached.
With the risks understood, your organisation will need to put controls in place to reduce the risks to a level that is acceptable to your organisation and to any regulatory body to whose regulations you have to meet, and train all your workforce to comply with the controls.
It is only when you have such a management system in place, and you can demonstrate that it works and is continually improving, that you are ready for assessment against ISO 27001.
Please contact us for a meeting to discover how we can guide you through this process to successful certification of your Information Security Management System - we're waiting to hear from you.