When you use it properly, ISO accreditation is a powerful tool for overhauling how your business operates.
And the modern ISO standard recognises that compliance can't happen in a vacuum. Quality management for you must also involve quality management for the suppliers who provide you with the materials and services that your business needs to function.
Tom Hodgson, Business Development Manager at Qualsys, looks at the top 3 ISO standards you can achieve to not only enhance your own operation, but strengthen your grip, slice risk and embed security throughout your supply chain.
1. ISO 22301
What would you do if a key supplier went bust tomorrow?
Or a crucial delivery was delayed past crunch time?
Or your power supply was suddenly cut off?
ISO 22301, the business continuity standard, is designed to ensure you have answers to those questions.
Accrediting to the standard means:
- Pinpointing the critical processes your business needs to continue functioning
- Assessing the key associated risks for each process with a Business Impact Analysis
- Building and testing a continuity plan to ensure your critical processes continue to operate
Assessing supply chain risk is a core element of ISO 22301.
An ISO 22301 auditor will expect to see that you've considered how to work around any event that disrupts your suppliers' ability to work for you, from transport disruption and natural disasters to financial collapse and technological faults.
So accrediting to the standard is a great way to give your business a more flexible, resilient approach to your suppliers and prevent an irreparable break in your supply chain. And bringing your suppliers into the loop with shared continuity plans and transparent risk assessments will only make your business continuity management system (BCMS) even stronger.
We spoke to two of our customers about ISO 22301 to explore the accreditation process, learn the key benefits of the standard and hear their 3 top audit tips.
2. ISO 27001
The longer, more complex and more international your supply chain, the weaker the security of information passing along it.
Which makes your business more vulnerable to cyber breaches, attacks and regulatory penalties.
A 2018 survey showed that 56% of organisations had suffered a breach of security caused by one of their vendors, and the average number of third parties with access to sensitive information was 471 per company.
That means potentially hundreds of cyber security threats within your supply chain - making an ISO 27001-certified information security management system crucial.
Hardware and software systems, particularly cloud-based, are a key risk factor to consider, since it's likely your business is supplied with them by at least one third party.
Tom recommends cementing good information security 'inside and out' by only working with 27001-accredited key suppliers while also pursuing certification for your own business.
Because Qualsys is a software provider for some of the world's largest businesses, it was absolutely crucial that we only worked with airtight third parties for our server and information management.
As well as only signing off on suppliers who could prove their ISO 27001 credentials, our senior leadership decided to take our information security to the maximum level by getting accredited ourselves - which we did, in May 2019.
- Tom Hodgson, Business Development Manager, Qualsys
3. ISO 14001
Businesses looking to lighten their environmental impact and carbon footprint can only make the strongest possible change by driving their supply chains into compliance with them.
Qualsys customer Unilever did exactly that, harnessing their massive purchasing power to restructure their supply chain towards more efficient, low-wastage suppliers and processes.
Along with the wider environmental benefits, Unilever reported a dramatic cost reduction as waste was sliced.
Several studies have shown that profitability and public benefit don't form a zero-sum game - 14001-accredited businesses with environmentally-conscious supply chains outperformed other businesses by around 10% on the stock market in 2018, according to Bloomberg.
Establishing common objectives and KPIs, maintaining performance with a Plan Do Check Act cycle and transparent reporting, implementing a shared improvement plan: these are all key ingredients for driving ISO 14001 compliance deep into your supply chain.
And thanks to the so-called 'green bullwhip effect', pushing for environmental sustainability tends to cause ripples of action beyond your immediate grasp, driving positive improvement far beyond your direct suppliers.
Download our free supplier management toolkit: