Frequently asked questions

Quality is defined by ISO as: "The totality of features and characteristics of a product or service that bear on its ability to satisfy stated or implied needs". In other words, a product or service has quality when it fully complies with the requirements of the client. When used within a service industry, quality can be defined as the delivery of reliable information within an agreed span of time under agreed conditions, at agreed costs, and with necessary aftercare. Quality Management is the management of all activities aimed at ensuring Quality within an organisation.

l Why do I need to implement correct Quality Management?

The best reason to implement Quality Management is to show that your organisation is consistently capable of providing products and services that meet your clients requirements and comply with all relevant statutory and regulatory requirements. You will demonstrate that your organisation can enhance client satisfaction because it is consistently capable of continually improving both its products and services and its practices and processes. You will also gain significant productivity and efficiency benefits from implementing Quality Management.

l What are the implementation costs for a compliant QMS?

This is impossible to quantify as every compliant QMS is bespoke to the organisation that uses it. However there are some pre-requisites to implementation that can be costed. At its simplest, any organisation desiring to implement a Quality Management System must have the IT system capable of hosting that QMS, and the QMS must be available to all members of the organisation. Objectives for the use of Quality Management within the organisation, a Quality Policy should be written that encompasses these objectives, and a Quality Plan composed that defines how they are used within the organisation. Finally, all processes and procedures used by the organisation will require documentation and peer review prior to upload to the QMS.

l What are the ongoing running costs of a compliant QMS?

Again, this depends on the size and scope of the organisation, but it should be noted that any costs incurred should be more than offset by the savings due to increases in productivity and efficiency. Obviously, if an organisation decides to seek certification then the costs of external audits by a Certification Body will need to be factored in to the ongoing running costs of the QMS.

l Should I obtain certification for my QMS?

This is a decision that can only be made by the organisation. Unless there are contractual reasons why a client may insist on certification (many public sector bodies in the UK ask for this) there is no over-riding reason why certification must be sought. It is perfectly possible to be fully compliant with ISO 9001:2015 without incurring the additional expense of engaging a Certification Body to regularly carry out external audits. The only loss will be that evidence of compliance with the standard will not be demonstrable to clients.

Information Security Management and ISO 27000

l What is Information Security?

Information Security is the control of all information and intellectual property held by an organisation. Control is in place to protect the information from loss, compromise, unauthorised distribution, or any other action that is not in the best interests of the organisation or its clients. Information may be electronic (email, computer data of any form), physical (buildings, IT equipment, printed and written material) or anecdotal (spoken).

l Why do I need to implement correct Information Security Management?

An organisation's failure to protect its own information, or a client's information in the organisation's possession, will at the least seriously compromise the effectiveness of the organisation in a competitive market place, and at worst open the organisation up to accusations of negligence, unprofessional behaviour and potential contractual or legal liability.

l What are the implementation costs for a compliant ISMS?

This is impossible to quantify as every compliant ISMS is bespoke to the organisation that uses it. However there are some pre-requisites to implementation that can be costed. At its simplest, any organisation desiring to implement a information Security Management System must be prepared to put security measures in place that protect the organisation and its client's data. Risk Management and Disaster Recovery Planning are also central to a compliant ISMS and these must be documented and regularly reviewed.

l What are the ongoing running costs of a compliant ISMS?

Obviously, if an organisation decides to seek certification then the costs of external audits by a Certification Body will need to be factored in to the ongoing running costs of the ISMS.

l Should I obtain certification for my ISMS?

This is a decision that can only be made by the organisation. Unless there are contractual reasons why a client may insist on certification (many public sector bodies in the UK ask for this) there is no over-riding reason why certification must be sought. It is perfectly possible to be fully compliant with ISO 27001:2022 without incurring the additional expense of engaging a Certification Body to regularly carry out external audits. The only loss will be that evidence of compliance with the standard will not be demonstrable to clients.

Training

l Why do I need to have training in either managing my QMS or my ISMS?

Quality Management and Information Security Management both involve a full and complete "buy in" from everybody within the organisation. For this culture to be in place, it follows that everybody in the organisation must understand the aims of the organisation in promoting a culture of Quality Management or Information Security Management. They must also understand their individual responsibilities and the responsibilities of their leaders in maintaining the QMS or ISMS.

l Can I use my own trainers to train my staff?

Yes. Given that it is a requirement of both ISO 9001:2015 and ISO 27001:2022 that the organisation creates "champions" to promote working practices that support a culture within the organisation compatible with the standards, it then stands to reason that those champions also undertake knowledge transfer within the organisation to support that culture. BURDIKIN.COM will happily undertake "train the trainer" exercises to ensure that your in house trainers are fully equipped to provide all members of your organisation with the knowledge needed to ensure ongoing compliance with either standard (whether or not the organisation seeks certification).

Compliance and Certification

l Why seek certification?

Certification visibly demonstrates to clients that your organisation complies with the standard certified. This gives existing and prospective clients confidence that your organisation undertakes all activities in a controlled and managed manner, invests in people, and fosters a culture off innovation and continuous improvement.

l Who will provide my certification?

Certification can be provided (on completion of a successful audit) by any Certification Body. Certification Bodies can be found easily by searching the internet

l How do I know that a Certification Authority is professional and reputable?

A good indication of a Certification Body's credibility is their accreditation by an Accreditation Authority such as UKAS. It should be noted though that accreditation is not mandatory for a Certification Body.

l How much will certification cost?

This will depend on the standard to which certification is being sought and the Certification Body used to conduct that certification.

l How often does my certification require renewal?

This depends on the standard being certified to. For example, ISO 9001:2015 currently requires renewal of certification every three years at the most.

If you have any question that is not answered on this page, please contact BURDIKIN.COM for more information.

Return to top Home