![]()
1
INTRODUCTION
What are the most costly mistakes you can make with ISO implementation? Why is preparation for ISO project important? And, is this book the right choice for you?
This book covers the preparation for any ISO management standard – ISO 9001, ISO 14001, ISO 27001, ISO 20000, ISO 13485, but also OHSAS 18001 and IATF 16949 (former ISO/TS 16949), so in the book I’ll refer to “ISO standard” or simply “standard” to cover any of these standards.
Also, instead of e.g. “QMS” for Quality Management System or “ISMS” for Information Security Management System”, I’ll simply use the phrase “management system”.
1.1 Five most common myths related to ISO standards / Why preparation is needed
There are many misconceptions about ISO standards that very often do not allow the standard to become a serious candidate for consideration, let alone for the actual implementation. In fact, we could call these myths the biggest enemy of ISO standards.
Here’s what I hear too often:
“We’ll let the administrator handle it.”
This is the management’s favorite – “We’ll give this ISO project to that administrator; he doesn’t cost us much anyway.” Well, the problem with this approach is that the project is never going to end –because this administrator doesn’t have enough knowledge for this kind of a project, he probably doesn’t have enough time, and he certainly doesn’t have enough authority.
“We’ll implement it in a couple of weeks”
You could implement your ISO standard in two or three weeks, but it won’t work – you would only get a bunch of policies and procedures no one cares about. Implementation of a management system means you have to implement changes, and it takes time for changes to be accepted by your employees.
Not to mention that you must implement only those controls or processes that are really needed, and the analysis of what is really needed takes time.
“This standard is all about documentation”
Documentation is an important part of implementation of any ISO standard, but the documentation is not an end in itself. The main point of ISO implementation is that the employees perform their activities in a defined way, and the documentation is here to help you do that. Also, the records that are produced will help you measure whether you achieve the objectives you have set for your management system and enable you to correct those activities that underperform.
So, you could consider the documentation to be a tool to handle your e.g. quality for ISO 9001, environment for ISO 14001, or security for ISO 27001, rather than considering it to be an overkill for your operations.
“The only benefit of the standard is for marketing purposes”
“We are doing this only to get the certificate, aren’t we?” This is (unfortunately) the way 80 percent of the companies think. I’m not trying to argue here that ISO standard shouldn’t be used in promotional and sales purposes, but you can also achieve other very important benefits – the main benefits are listed in section 2.1.
“We need a GRC tool to implement ISO standard”
Governance, risk, and compliance tools can indeed be helpful; however, they are by no means required for ISO implementation. You can host all your documentation on your existing server, or on some cloud service like Dropbox, or on your computer; automatic logs should be kept in the systems that created them – you’ll find more detailed guidance in section 3.9.
The point I’m making here is this – go through this book to see what is really needed and what is not, and then decide where to invest most of your time and money regarding your ISO project.
The main idea of this book is to help you avoid some costly mistakes – in other words, to prepare yourself for your ISO project instead of hastily rushing into it.
1.2 Who should read this book?
This book is written primarily for beginners in this field and for people with moderate knowledge about ISO implementation – I structured this book in such a way that someone with no prior experience or knowledge about ISO standards can quickly understand how to prepare for an implementation project. However, if you do have experience with the ISO implementation, but feel that you still have gaps in your knowledge, you’ll also find this book helpful.
So, if you are a production manager, engineer, compliance officer, information security professional, head of an IT department, executive, or a project manager tasked with implementing an ISO standard in a small or mid-sized company, this book is perfect for you.
This book provides examples of preparing for the implementation of ISO standard in smaller and medium-sized organizations (i.e., companies with up to 500 employees). All the principles described here are also applicable to larger organizations, so if you work for a larger company you might find this book useful; however, please be aware that in some cases the solutions will have to be more complex than the ones described in this book – for example, you might want to use a more complex project management structure than the one that is suggested in section 3.5 Setting up a project management structure.
To summarize, this book gives you a systematic picture of the activities you need to do and the decisions you need to make before you start implementing your ISO standard – by using this book you make sure that you don’t make some costly mistake at the very beginning.
1.3 What this book is not
This book is focused on the activities and decisions you need to consider before you start your ISO implementation project, but it doesn’t explain the actual implementation of any particular ISO standard. (In the next section you’ll find references for materials that will help you with the implementation.)
This book won't give you finished templates for all your policies, procedures, and plans; however, in appendices of this book you’ll find a couple of templates, for example the Project Plan.
This book is not a copy of any ISO standard – you cannot replace reading the standard by reading this book. So, please don't make the mistake of starting an implementation of a standard without actually reading it – I think you'll find this book and ISO standard to be the perfect combination for your future work. You can purchase the standard at the ISO official website.
1.4 Additional resources
Here are some resources that will help you, together with this book, to learn about various ISO standards:
- ISO online courses – free online trainings that will teach you how to implement ISO 9001, ISO 14001 and ISO 27001, including the tips on how to go for the certification
- ISO 27001 free downloads, ISO 9001 free downloads, ISO 14001 free downloads, OHSAS 18001 free downloads and ISO 20000 free downloads – collection of white papers, checklists, diagrams, templates, etc.
- Conformio – cloud-based document management system (DMS) and project management tool focused on ISO standards.
- ISO 9001 Documentation Toolkit – set of all the documentation templates that are required by ISO 9001, with included expert support that will take you step by step through the implementation; similar toolkits exist for other ISO standards.
- Official ISO webpage – here you can purchase an official version of any ISO standard.
![]()
2
GETTING THE BUY-IN FROM YOUR MANAGEMENT AND OTHER EMPLOYEES
There is actually one top reason that most ISO practitioners are emphasizing, that is responsible for the failure of their projects: lack of understanding from top management and, consequently, lack of their continuous support.
However, top management is not the only problem. Very ofte...
