Understanding ISO: Who needs them?

Totem Sustainability are taking new approaches to enable organisations to achieve their aspirations through ISO management systems. Founder and CEO Ian Dodd tells us about some recent discussions he’s had about QMS and explains how ISO standards can help all organisations.

Recently I was talking to some business owners based with me at the BTC in Stevenage. Both were discussing organisational challenges they were having with suppliers and subcontractors.

The first was having trouble with an international courier “They should have picked up my product last month” explained the owner. “But my supplier told me, when they turned up to collect my products they were not what they were expecting. Instead of calling to discuss, they just left without taking anything. Now I’ve got clients waiting for products but my delivery probably won’t arrive until next month now”.

“How did you choose your courier?” I asked.

“They were the cheapest I could find, but now it’s probably going to lose me orders.”

“Did you check any of their certifications or send them any instructions about how you expect them to operate?”

“No, they are a courier, they should know how to do their job! All they have to do is pick up products in one place and drop them off in another.”

The second was having trouble with subcontractors “They are an experienced wizard* and I’ve explained what I want them to do, but they just aren’t doing it the way I want them to.”

“Have you written down how you expect them to work for you, or given them any training?”

“No, they should know what they need to do, they are a qualified wizard*, I shouldn’t have to explain, but I guess it might be worth giving them some training.”

I asked if they knew what a quality management system was and both explained they had heard of them, and had noticed other organisations with ISO logos, but had not considered them as something that would benefit their business. However, they both admitted they didn’t really understand what a Quality Management System (QMS) did.

I probably shouldn’t have been surprised because lots of business owners without any ISO certifications are very dismissive of ISO 9001 (the standard which specifies the requirements for quality management systems), and ISO standards in general. If they did have an QMS they probably would have already trained their subcontractors and would not have opted for the cheapest courier. This is because the standard prompts you to consider the implications of using external providers and how best to control them.

Here are some more of the most common responses I hear from organisations without any ISO certifications:

“I don’t need a standard to tell me how to run my business!”
“We’ve been in business for 20 years and we done fine without any certifications!”
“We’re so small, our environmental impacts are almost nothing!”
“Our IT manager has been with us for 40 years, I’m sure they have our information security under control”

Sound familiar? These may all be true, but they demonstrate a misunderstanding of what ISO certification can do for a business. Here’s my summary:

  • ISO standards don’t tell you how to run your organisation, they set a framework around which you can build best practices to enable your organisation to be the best version of itself.
  • It’s not all about the organisation that holds the certification, it’s about demonstrating to clients that your organisation meets internationally recognised standards, so they can trust you to do a great job.
  • The standards set requirements that help you think about things that you may not have otherwise considered, helping you to be proactive rather than reactive.

What other ISO standards are there?

ISO 9001 Quality Management and ISO 14001 Environmental Management are the two most common ISO certifications by far. Some organisations decide to gain further certifications depending on their industry, these include:

  • ISO 45001 Occupational Health and Safety – very common in construction, utilities and some manufacturing.
  • ISO 27001 Information Security – most common in IT companies and data centres, though interest is increasing based upon recent legal updates, such as GDPR.
  • ISO 50001 Energy Management – Mostly adopted by large organisations who are required to comply with CRC, ESOS or EU ETS, though more organisations are using the standard to gain a competitive advantage.
  • ISO 22301 Business Continuity – Similarly to ISO 27001 this is most popular for organisations handling large amounts of data.


One of the perceived barriers to getting ISO certification is the cost. Yes, it takes time to read through the standard, understand it, maybe attend some training and then set up your system. But once it is up and running, you should see benefits almost immediately. If you don’t have the time to do this yourself there are plenty of consultants who can help you (we’re one of them). However, just because you have a compliant with the standard does not necessarily mean your system is most appropriate for your organisation. We are happy to work on a day rate or agree a fixed price contract. Give us a call for a detailed quote.

What’s your experience of ISO standards? Has this perspective given you new insight into getting certified or asking your supply chain about their certifications?

* Job role has been changed to protect the business.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.