Customer feedback gained as part of our ISO9001 certification has led to the development of popular new services including GDPR Critical Friend.
ISO Certification
Are you considering ISO certification but you're not sure where to start?
Perhaps you need to achieve compliance in a hurry, or you already have one ISO certification, but your clients are demanding more?
Whatever your situation, our friendly, down-to-earth and jargon-free consultants have the experience needed to make ISO accessible and achievable. We’ll help you create compliant processes and procedures that meet the needs of your organisation and its stakeholders, so compliance comes naturally.
You can find out more about our ISO process and our most popular ISO standards below.
We can help you achieve and maintain ISO standards
Our goal is to demystify ISO so you can approach your certification with confidence and reap the benefits of compliance all year round. Although we’ll customise our services to meet your particular requirements, our ISO certification process follows these four core steps:
1. Establishing your situation
2. Creating your plan
3. Testing the waters
4. Achieving certification
1. Establishing your situation
We’ll begin with a ‘scene setting’ discussion which will help us understand more about your organisation so we can tailor our advice to your needs. It’s our opportunity to listen and learn more about your business, how it operates and what makes it successful. Throughout the process, we aim to leverage what you already have in place – there’s no need to fix something that isn’t broken. We’ll also explore why you want an ISO standard, discuss the benefits it will deliver and address any concerns that you may have. If you’re going to implement more than one ISO standard, we’ll explain to you how an Integrated Management System works.
We’ll then conduct a gap analysis which outlines what needs to be done for your organisation to meet the requirements of your chosen standard/s.
This stage can be completed in person or via an online meeting.
2. Creating your plan
Having established your business’s areas of strength and weakness, your lead consultant will put together a step-by-step plan for you to follow. They’ll also help you make any existing processes and procedures ISO compliant and deliver training for your team. Support is always available – a quick phone call or email will often be enough to resolve any queries. During this stage, your consultant will share examples of best practice from other, similar organisations.
3. Testing the waters
We’ll conduct an internal audit to check that processes and procedures have been implemented correctly and your colleagues have the confidence to follow them. We’ll also host a management review for you, so that you and your leadership team can see how the benefits of the ISO management system can be realised. Then, we’ll work with you to iron out any final glitches before arranging your external ISO certification audit.
4. Achieving certification
Whether your audit is in person or remote, we’ll be on hand to ensure that it proceeds as smoothly as possible. Once you are certified, you can use our Promotion Power Pack to raise awareness of your achievement and the benefits it offers your clients. We’ll also ensure that you receive your certificate and logo, plus we’ll ask your certifying body to provide a testimonial for your own use (if required).
A consultant is for a project…not for life!
Once you’re certified, you should have the confidence and knowhow to run your management system effectively. However, we’ll always be here to provide a little extra support, if needed. So, if your internal ISO auditor leaves, you go through a period of intense growth or you amalgamate with another company, we’ll be delighted to help you keep your compliance on track.
You may also appreciate the everyday peace of mind Compliance as a Service brings by providing telephone and email support for ISO, GDPR, health & safety and Cyber Essentials.
Putting quality at the heart of your business with ISO9001
ISO9001, the Quality Management Standard, helps you generate new business by signalling to customers, prospects and employees that you take quality seriously. By developing robust processes and procedures your team will deliver more consistent products or services, boosting your reputation and ensuring that you maximise your opportunities.
Protecting your business from cybercriminals with ISO27001
ISO27001, the Information Security Management Standard, helps protect your business from cyberthreats and the financial repercussions of a successful breach. It also reassures potential clients that their data is safe in your hands, especially if implemented with ISO27701, the Privacy Information Management Standard.
Keeping your workforce fit for work with ISO45001
ISO45001, the Occupational Health & Safety Standard, helps to consistently protect your employees, visitors and customers from danger. By doing so, it also shields your business from adverse publicity and fines.
Minimising your environmental impact with ISO14001
ISO14001, the Environmental Management Standard, helps you achieve your business objectives whilst meeting the demand for greener, more ethical suppliers. Protecting the environment can also help you safeguard your reputation and save you money.
Safeguarding your data with ISO27701
ISO27701, the Privacy Information Management Standard, helps you to meet the requirements of the GDPR and the UK Data Protection Act (DPA). Safeguarding personal data reduces the risk of reputational damage, customer loss and financial penalties.
Overcoming life’s obstacles with ISO22301
ISO22301, the Business Continuity Standard, helps your team expect the unexpected and react quickly and confidently in case of an incident. By effectively monitoring risk, implementing best practice and rehearsing recovery procedures, you’ll be able to protect your operations, revenue and reputation.
need help identifying the right standard for your business?
Whether you are looking to find out more information, or are ready to take the next step, we’d love to talk to you. Contact us to book a free 30-minute Risk Discovery Call.
Contact Us01926 800710ISO FAQs
What is ISO and what does it mean to be ISO certified?
You currently have your own ways and means of running your business. To be ISO certified means that the way you do things has been externally audited against the requirements agreed by the International Organization for Standardization (ISO). ISO certifications are recognised internationally and are often seen as the ‘gold standard’.
There are over 21,000 ISO standards but the most popular are ISO9001 (Quality), ISO27001 (Information Security), ISO14001 (Environmental) and ISO45001 (Health & Safety).
The ISO recognises that you don’t run your business in silos so it has designed these four standards (and many others) to work together in what is known as an Integrated Management System.
Does ISO offer a ROI?
Each ISO standard offers different benefits. These can include reducing cost, improving productivity, increasing employee engagement and protecting your reputation. Having an ISO standard can also help you win new business and maximise new opportunities. Many tenders now require ISO certification or accreditation, especially within the public sector.
What’s the difference between ISO certification and ISO accreditation?
ISO certification requires an external audit by a specialist ISO company. These are called certification bodies. However how do you know that the assessment of one certification body is the same as another certification body? Are you comparing apples with apples? In the UK, the UK Accreditation Service (UKAS) audits the performance of the certification bodies to ensure that that they are performing in the same way as ISO expects – in other words, they audit the auditors! At Risk Evolves, we recommend that companies work with a UKAS certification body – we work closely with NQA and British Assessment Bureau, for example, and our own ISO management systems have been certified by NQA.
If you’re in any doubt about which path to take, please contact us for advice. Whilst there are cost differences between non-UKAS certification bodies and UKAS certification bodies, this could be a short-term saving as a number of companies will not accept non-UKAS certifications and you may need to do the work again. Confused? Don’t be! We’ll sort all of this out for you. Part of our service is to manage the relationship with the certification body so that you don’t have to.
Will Brexit impact the use of ISO standards?
With the UK leaving the EU, greater focus is being placed on the role of UKAS and the certification bodies. If you trade with Europe and will rely on an ISO certification in that market place, you should use a UKAS accredited certification body. Finally, UKAS is building a database of companies who have achieved certification. This will help prevent fake certificates and allow easier ‘look up’ facilities for companies wishing to check the validity and scope of a potential supplier’s certification.
As members of the Associate Partner Programme with certification body NQA and British Assessment Bureau, we’re working closely with them to understand the impact of any other changes and will share information with our clients as soon as we’re aware.
How long does it take to get ISO certified or accredited?
It depends on your current situation, resources and how much supporting information you already have within your organisation. On average, new clients achieve certification within twelve weeks.
Who needs to be involved?
ISO cannot be implemented by just one person at an organisation, it needs buy-in from everyone at every level. As part of the process, we’ll help you ensure that your colleagues understand the importance of your new ISO certification. This makes it easier for them to be compliant.
Can an individual be ISO certified or accredited?
No, certification is always for the business, not for the individual.
What’s the process for achieving ISO certification or accreditation?
We have a tried-and-tested four-stage process which includes a gap analysis, a step-by-step action plan and audits.
How can you help us retain ISO certification?
Once you are certified, we can provide the support you need to remain compliant every day. If you subscribe to Compliance as a Service, you’ll be able to contact an experienced ISO consultant with any queries. In addition, we can also provide regular internal audits to ensure that your management system is working well.
Our ISO audit is due and we’re unprepared, what can we do?
Find out how we help businesses approach audits with confidence and contact us so we can help you develop an action plan.
Can you supply a letter of intent?
Once you have embarked on the ISO certification process with us, we will work with the certification body who can supply you with a free letter of intent. This shows that you are committed to achieving certification and is usually valid for six months. You can use this in tenders and share it with your customers.
We’ve started ISO, but we’re now stuck. Can you help?
Of course! This is exactly what happened to Sam Wood, the MD of Transcription City. Find out how we helped Sam to achieve certification to ISO9001 and ISO27001 in just twelve weeks.
How much will it cost to achieve and maintain ISO certification?
It depends! Prices vary depending on the size and complexity of your organisation, the standard that you wish to certify to and how much you are able to do yourself. Give us a call and we will provide a price. Unlike other consultants, we don’t ask for the money up front. We are always happy to discuss spreading the cost of payments to make certifications more affordable. We can also liase with the external certification body to spread their costs.
Do we need to go on an ISO training course?
One of our experienced trainers will deliver some training as part of your package. However, should you require further training, we have a range of courses available including some free introductory courses.
Please contact us for details.
If you have any questions for the Risk Evolves team, contact us today.
What our clients say about us
Managing risk and compliance for our clients is its own reward. Our clients have said the following about working with our team. Due to the nature of our work, we are limited in what we can share of our clients.
Anonymous
Anonymous
We are in a safer place now than we were 12 months ago. Starting with two factor authentication. The culture of the organisation is in a better place and we were in a better place for lockdown too.
- Transcription City
- Sam Wood
- Director
It was more work than I’d expected. I soon realised I needed help to fully understand the requirements and embed the standards so they would work for my business. I approached British Assessment Bureau for help. They recommended Risk Evolves. Twelve weeks later, we passed our remote audit and achieved certification.
Anonymous
Helen represents the small business community effectively and with vigour as the Cyber Crime Ambassador for FSB Coventry and Warwickshire, working alongside local and national government to ensure small businesses have a voice.
Anonymous
GDPR compliance will increase our value to clients.
Anonymous
The internal audit and IASME application has been a positive experience for The Changing Education Group… made possible by the high quality support and guidance offered by the Risk Evolves team.
Anonymous
ISO9001 was an achievement, an even bigger deal was to raise the health and safety culture of the organisation.
Anonymous
Very quietly thrilled to bits to get our accreditation under the new standard without any issues. Helps the business with proposals to blue chip clients.
Anonymous
Our clients appreciate that we practice what we preach and can share real-life experience of running an ISO certified business. We’re certified to ISO9001 and were the first UK client of NQA to certify to both ISO27001 and ISO27701.
Anonymous
Friendly and informative.
- Jay's Logistics (South West) Ltd
Anonymous
Our ISO9001 certification has enabled us to deliver logistics services to Hinckley Point and to its suppliers as well as operating at a more efficient and safe level. The power station isn’t due for completion until 2025 so this contract has provided stability at a time of great for the logistics industry.
- SIS Systems (UK) Ltd
- Adam Middleton
- Managing Director
We do recommend Risk Evolves. Not only do they offer great service and value for money they have also imparted valuable knowledge, understanding and belief across the organisation. The net result is more business.
- Transcription City
- Sam Wood
- Director
It made a massive difference to have ISO explained in layman’s terms. It’s very easy to ask questions and you aren’t left understanding less! You just call or email and it’s in a way that’s simple to understand.
Anonymous
Cyber security is scary! Helen gave me the confidence to know we could… minimise these types of risks. She has given me peace of mind.