12 October 2021

What is ISO and how does it help your organisation?

What is ISO?

This is a question that I have been asked many times. The more relevant question is Who are the ISO?

The ISO – the international Organisation for Standardisation, is an international body based in Switzerland that develops and publishes a substantial catalogue of industrial and commercial international standards across the globe.

These standards are compiled by technical experts an external stakeholders,  who collaborate using their shared knowledge and experiences to produce consensus based standards that meet the needs of society and the requirements of the business sector. A standard can be described as a set of rules that enable an organisation to complete a set of tasks in an efficient and systematic way.

The most popular standards are :

What is the ISO9001:2015 Quality Management standard?

This standard sets out the requirements for a quality management system. A quality management system is a method of defining how an organisation can meet the requirements of its customers and other stakeholders affected by its activities.

Some key requirements of the ISO 9001:2015 standard include the following elements:

  • Focus on customer service and continual improvement of the quality of the products and services provided by the organisation.
  • Enhanced leadership involvement in the quality management system, stronger focus on stakeholders and the wider context of an organisation to fit the evolving needs of any business.
  • Delivery of a systematic process approach to the quality management system.
  • Identifying and managing the key risks and opportunities within the business.
  • Creating a set of objectives to mitigate the risks and maximise the business opportunities.
  • Setting benchmarking targets to improve competitiveness.
  • Continuously evaluating the performance and effectiveness of the QMS via it’s process monitoring mechanisms and via the Issue, Risk and Objective Management processes and reviews

ISO 9001:2015 Clause 4.4 Quality management system and its processes

The standard states that an organisation must implement a QMS including the processes needed to demonstrate compliance with ISO 9001:2015. The implementation of the process approach is an effective tool that enhances customer satisfaction by implementing customer specifications.

A QMS is a collection of business processes focused on consistently meeting customer requirements and enhancing their satisfaction. A process based QMS enables an organisation to identify, measure, control and improve the fundamental business processes that will enable improved business performance. This process approach enables an organisation to plan the interaction of its processes from one step of a process to another.

The standard is not explicit in detailing what form the processes should take. However the following requirements are mandatory.

  • The inputs required to the processes and who supplies them.
  • The sequence and interaction of the processes.
  • The activities undertaken within the processes.
  • The outputs from the processes and who receives them.
  • The monitoring undertaken to ensure conformity of the processes

One examples we use is the SIPOC model. A SIPOC is a tool used to identify all relevant elements of a process by defining the inputs and outputs of one or more processes in table form.  SIPOC stands for suppliers, inputs, process, outputs, and customers which form the columns of the SIPOC table.

The control and management of the processes within an organisation can be facilitated using the Plan-Do-Check-Act (PDCA) cycle which promotes the focus on risk based thinking which can result in the mitigation of business risks and the promotion and delivery of business opportunities.

ISO 9001:2015 Risk based thinking

The organisation is responsible for the application of risk based thinking when determining the actions required to address risks and opportunities.

A organisation is required to identify the top risks to the business and implement strategies to mitigate the threats and maximise the opportunities to ensure it meets its business objectives. The ISO standard states that there is no formal requirement to document business risk strategies or risk processes. Organisations can decide on a strategy that best suits their needs based on the level of risk and other guidance standards. One popular method is the development and maintenance of a risk log. This log encompasses the outputs of the Organisational Context Review and all other risks identified through other QMS processes. All risks are prioritised and have response strategies intended to:

  • Ensure that the QMS can achieve its intended results.
  • Enhance desirable effects.
  • Prevent, or reduce, undesired effects.
  • Achieve improvement.

 How can an ISO Quality Management System help an organisation.

  • Enables an organisation to improve the quality of its goods and services.
  • Assists an organisation to drive growth, cut costs and increase profits.
  • Can enhance your reputation, attracting new customers and open up export markets for your goods and services.
  • Put your customers first, making sure you consistently meet their needs and enhance their satisfaction. This can lead to more repeat business, new clients and increased activity for your organisation.
  • Work in a more efficient way that will sharpen your business processes and increase efficiency.
  • Help your organisation to comply with statutory and regulatory requirements.
  • Gives your business a competitive edge. Essential for e-tender contracts. Preferred for health service, government and county council contracts.
  • Enhance your credibility and secure customer confidence
  • Helps address organizational risks and opportunities in a structured manner




































Paul McDonell