A couple of months ago, I wrote a piece about the ISO 27001 certification that I felt we were being forced to undergo. The main part of my comment was that I thought it was a pointless exercise, mainly put in place to pacify clients and to support the companies in the ISO-certification sector. I also promised to describe my experiences in the whole process towards certification. I keep my promises.
Even though I thought we could get ready for the ISO audit ourselves, I invited three parties that are specialized to prepare us for the ISO audit. Three parties came by to present themselves and explain their services. Two of these told us that, with their ‘unique’ way of work, they would get us ready in no time. Extensive process schedules were shown and I felt less and less inclined to start this whole process. The third party had a different approach. They told us in clear words what we should expect and how they could help us to reach ISO certification. Needless to say, we choose them. (Molenaar en Plasman Solutions)
And then it begins…
Our consultants started with conversations with our decision makers. Later they followed these with conversations with several employees on the ‘workfloor’. These results were presented to us and very quickly we saw our processes being mapped out and our weaknesses becoming clear. Our big eye opener was that we used many processes, meetings and tools that weren’t always very clear, even to ourselves. These were results that got us into action immediately.
Going forward and digging deeper, I realized that we gained a lot from this ISO process. It is still an expensive exercise, but it gives you in incredible insight in your operations. Employees get included, and together we think of ways to work as efficiently and effectively as we can. What I also learned was that ISO focusses mainly on identifying risks and to determine solutions and actions for when things go wrong. Every business should have that ready!
Slowly but surely we’ve reached the point that we’re ready for the audit. We’re looking forward to crown our hard work with a certificate. And, we’re convinced now: next to the ISO 27001 process for Information security, we’ve already started the process for the ISO 9001 Quality management) process. For now, I can say with full conviction: ISO Yeah!