ISO 27001 accreditation
Discussion
I think the biggest factor is the culture at the company already, i.e. how used to management systems the company already is. If all employees live and breathe ISO9001 already, and have been passing audits for years, then adding ISO27001 will be achievable with minimal help. It'll be focused on putting in place the basics, and creating risk assessments and plans to implement the rest, just like any other area of the business.
If, however, you try to drag a company out of the dark ages and into the world of ISO management systems, while changing the culture at the same time, you should probably give up before you start, or pay somebody a lot of money to do it for you, because it's near impossible. The plans will be rubbish, they won't be implemented, the risk assessments won't be updated etc etc.
So, step 1, in my very humble opinion, is have a look at how many people in the company understand what's involved. If it's the majority, you'll be fine. If you're the only one and it's your job to make it happen, walk away now.
If, however, you try to drag a company out of the dark ages and into the world of ISO management systems, while changing the culture at the same time, you should probably give up before you start, or pay somebody a lot of money to do it for you, because it's near impossible. The plans will be rubbish, they won't be implemented, the risk assessments won't be updated etc etc.
So, step 1, in my very humble opinion, is have a look at how many people in the company understand what's involved. If it's the majority, you'll be fine. If you're the only one and it's your job to make it happen, walk away now.
Agree totally with Fishlegs, I've done this recently, ISO9001 in 2019 in a small team as part of a business unit of 100ish personnel (1800 personnel company).
We did it in-house with additional contractors who have implemented this type of thing before, but it was a lot of work. I think it depends on the size of your business and how robust your current business management system is, plus, your timescales for such implementation. My business unit essentially started from zero so there was a lot to do. We achieved it in about 4-5 months.
Now the base quality with 9001 has been established and the wider team familiar with the processes, other accreditations 14001, 27001 etc are not so difficult to get over the line, as the solid base already exists.
We did it in-house with additional contractors who have implemented this type of thing before, but it was a lot of work. I think it depends on the size of your business and how robust your current business management system is, plus, your timescales for such implementation. My business unit essentially started from zero so there was a lot to do. We achieved it in about 4-5 months.
Now the base quality with 9001 has been established and the wider team familiar with the processes, other accreditations 14001, 27001 etc are not so difficult to get over the line, as the solid base already exists.
Fishlegs said:
If, however, you try to drag a company out of the dark ages and into the world of ISO management systems
I think that is a bit unfair. I have experience of ISO9001 and wouldn't bother with it unless clients require it. I appreciate other more technical assurance type systems are necessary but 9001 for managing office work is just an exercise in paper pushing and felt a lot more like the dark ages to me than not doing it.If you have to go for it and don't have any ISO systems in place now don't underestimate how much time it can eat and problems it can cause in its own right.
trickywoo said:
Fishlegs said:
If, however, you try to drag a company out of the dark ages and into the world of ISO management systems
I think that is a bit unfair. I have experience of ISO9001 and wouldn't bother with it unless clients require it. I appreciate other more technical assurance type systems are necessary but 9001 for managing office work is just an exercise in paper pushing and felt a lot more like the dark ages to me than not doing it.If you have to go for it and don't have any ISO systems in place now don't underestimate how much time it can eat and problems it can cause in its own right.
Gassing Station | Business | Top of Page | What's New | My Stuff