Building business resilience with ISO 9001
When it comes to the certification process, there are certain things that the auditors are looking for. Kieron Rafferty, Head of Audit Resources at BM TRADA. He gives his top tips for making the process as straightforward as possible:
1. LEADERSHIP BUY-IN
One of the most essential things for BS 9997 is leadership buy-in. I look for top management involvement and how they endorse the FRMS. Without endorsement, colleagues working under these managers will be unlikely to take the process seriously. I specifically look for examples of leadership involvement, such as how they explain the benefits to staff and how they ensure the appropriate resources are available.
2. CULTURE CHANGE
What I look for on an audit, is how successfully BS 9997 and its procedures have been ingrained into the culture and everyday life within an organization. As part of this, I will talk to staff – often at random - and expect them to know the basic strategy, the rationale behind why they’re being audited, and how it applies to them. I don’t expect staff to know about every policy, but they should understand why best practice is important and why it is being certified. A sign of a weak system is when people don’t know why they’re doing something, and they just see it as an extra level of bureaucracy.
4. CREATE A GOOD PERCEPTION OF AUDITS WITHIN THE BUSINESS
Make sure that the audit is seen as an opportunity for enhancement of process, and that any actions raised are taken as learning opportunities. If the team perceives the audit as a chore and a negative task, you won’t get the same level of involvement or success. If the team sees that it’s a way to drive positive change in the business and really buys into it, it can make the process much easier.
3. ALLOCATE APPROPRIATE RESOURCE
The process can be a time-intensive one, but ideally everyone in the business should play a part. Some organizations will bring in consultants to support, but it doesn’t need to be costly and can be managed internally – in fact, doing it internally is often more beneficial, as it allows everyone to get involved in a standard that will impact them and aids understanding of the rationale.
I would recommend that businesses ensure sufficient resource is available, but that the load is spread throughout – a mixture of backgrounds and personalities can add significant value. Ideally it should be a diverse team with appropriate skill sets and the authority to influence and make change.
5. TAKE FINDINGS SERIOUSLY AND ACT ON THEM QUICKLY
It is worth ensuring the correct personnel are involved to direct and update information and communicate out to the wider business as soon as possible. Don’t let all the hard work go to waste – it undermines the process and demotivates the team, which in turn reinforces the negative perception of audits for the next time. Ensure that those working on the findings close out are given as much team assistance as possible - look to work collectively and collaboratively.
6. SHARE BEST PRACTICE AND POSITIVE OUTCOMES
Seeing the results and change borne from the process is the best way to motivate staff to keep it up and to appreciate the value. It’s also the reason why the work is done in the first place, so don’t forget to complete the circle and share the rewards.
Awareness of the responsibility organizations have to keep their property, operations and people safe from fire has never been higher. Legislative changes and industry reforms are on the way if not already in place in some jurisdictions, the demand for better compliance is well underway.
Any organization should be running some form of system to manage their fire risk, those who don’t have an exposure to risk that is not sustainable. Those who currently don’t operate sufficient systems through to those who do have mature operations, the advantages using such a comprehensive standard created with an internationally recognized model should be obvious.
Implementing now will have an immediate impact on any organization, saving resource, reducing the likelihood of an emergency and lessening the impact if there is. Achieving certification will reduce risk of poor implementation, secure existing relationships and open further opportunities.