Why ISO9001?
- Background
We are all customers and we all know how great quality makes us feel. ISO9001 is simply about making customers feel like that every day and having mechanisms in place to fix it when they don’t. As a growing company, we needed to ensure that our expanding team delivered a consistent level of service and continued to build strong long-term relationships with our clients. - ClientRisk Evolves
- CategoryISO Standards
- TagsISO Standards
Company background
One of our guiding principles is that we’ll never ask our clients to do anything that we wouldn’t do ourselves, including complying with challenging standards. In 2015, when Risk Evolves was first founded, our founder, Helen, invested in IASME Governance and Cyber Essentials certifications. Within three years, we’d increased our turnover tenfold and developed into an award-winning consultancy servicing over 100 retained clients across a variety of sectors.
The need
By 2018, Helen faced a problem common to many small business owners – growth. Having increased our turnover tenfold in three years, she had already begun to build a network of highly qualified consultants to help her deliver projects. As her time spent managing the team grew, Helen was required to relinquish some of her hands-on client management responsibilities.
Keen to ensure the expanding team continued to deliver the level of service she would expect from one of Risk Evolves’ suppliers, she began asking herself a number of questions. Helen comments, “Finding a new consultant is relatively easy. The tricky part is paving the way for them to deliver the same combination of practical support and jargon-free advice that your business is already known for. When you have a growing team of geographically disparate, highly experienced professionals, coupled with a slight tendency to be ‘a bit of a control freak’ yourself, you find yourself faced with some interesting questions, such as:
- How can I keep service levels consistent whilst avoiding micromanagement?
- How can I help develop strong long-term relationships between clients and consultants that would weather the loss of a key contact on either side?
- How can I stay in touch with clients’ changing needs?
- How can ensure that the team identify and share opportunities for further growth or improvement?
- How can we continue to drive referral business?”
A quality mindset
Fortunately, Helen knew enough about ISO9001, the Quality Management System, to know that it would help drive consistency and service excellence. She comments, “I’d first come across ISO9001 on my third day of managing a troubled project at IBM. I was already pushed for time when I was surprised with an internal ISO audit. My first thought was that this was going to be a badly timed, ‘bamboo under the fingernails’ experience, but I had to take it all back. Rather than holding me up, the three days I spent with the ISO auditor were invaluable for helping me identify challenges and prioritise actions. It was a crash course in the value of ISO.”
She continues, “When I founded Risk Evolves, I was determined to help smaller business achieve the same benefits from ISO9001 compliance as a corporate. Although I had no prior experience of implementing ISO9001 into a SME, the project I’d worked on was akin to running a small business. The lessons I’d learned had stayed with me, especially that ISO is there to support a business, not to derail it. I believe we provide the same level of collaborative, practical advice to our clients during internal audits as I enjoyed on my very first audit experience. When it came to improving my own business, I had no doubt that ISO9001 was the answer. It was definitely a case of ‘physician heal thyself!’”
Onboarding new consultants
We are all customers and we all know how great quality makes us feel. ISO9001 is simply about making customers feel like that every day and having mechanisms in place to fix it when they don’t. Of course, as a business grows it’s important that the company’s unique way of ‘doing things’ is documented so new employees can hit the ground running and deliver consistent levels of excellent service.
Documenting the ‘Risk Evolves’ way of doing things was a key part of the ISO9001 process and one which Helen had supported other businesses with since 2016. Our processes and procedures, coupled with an openness about the Risk Evolves’ vision and what quality ‘looks and feels’ to our clients, enable new consultants to quickly understand our ethos and help us deliver what customers expect and need.
Reading clients' minds
Prior to ISO9001, customer feedback was collated during conversations and filed away in Helen’s brain for later use. This unstructured approach meant that critical feedback or trends could easily be overlooked.
As part of ISO9001, we made a commitment to gathering client feedback in a structured way and reviewing it regularly. This allows Helen to check that standards are being maintained and react quickly to opportunities for new products or services. Recognising that some clients may be uncomfortable sharing their views openly with a member of our team, we now use a specialised local agency, Glued, to conduct an annual client survey.
New services implemented as a result of client feedback have been extremely popular. The origins of our phishing service, GDPR Critical Friend service and Keeping the Human Cyber Safe course can all be traced back to customer comments. Feedback also helps to boost team morale and ensure that any learning opportunities are identified and acted upon.
Benchmarking performance
Data gathered from customers is fed into key performance indicators (KPIs) relating to customer satisfaction. This and other KPI’s underpin a series of other objectives that support the business strategy. This helps Helen to check that her high standards are being maintained by the whole team. Examples of objectives include:
- All training courses are to achieve a customer satisfaction score of at least four out of five
- Zero customer complaints
Seeing results
The ISO certification process, training and companywide commitment to customer satisfaction enabled us to meet or exceed our own performance targets almost immediately. Since then, we have gone from strength to strength.
Additional consultants and support resources allow us to support clients across a variety of sectors, including logistics, manufacturing, software development, professional services, education and training. As per Helen’s original vision, we are now predominately engaged as a long-term extension to our clients’ teams, flexing the services we deliver in accordance with their changing needs, wherever they are in the UK. Best of all, clients continue to recommend us!
Next steps
Find out how and why we became the first company certified by NQA to ISO27001 (Information Security) and ISO27701 (Data Privacy) or explore how gathering customer feedback has helped us grow our business.
SIS Systems (UK) Ltd
We do recommend Risk Evolves. Not only do they offer great service and value for money they have also imparted
Anonymous Submission
The internal audit and IASME application has been a positive experience for The Changing Education Group… made possible by the
Anonymous Submission
Helen represents the small business community effectively and with vigour as the Cyber Crime Ambassador for FSB Coventry and Warwickshire,