ISO certifications are part of everyday life. What are they? Are they really relevant and useful? To answer these questions in complete transparency, we went to meet Alexandre Patti, Compliance Officer at Infomaniak.
What is an ISO standard?
An ISO standard makes it possible to harmonise standards. It is a reference framework enabling companies to commit themselves to a process of continuous improvement in accordance with a specific standard. For example, the height of station platforms is subject to an ISO standard so that people can board trains easily in every country.
A standard is like a law. It is a text with which a company must comply. When the requirements are legal, the company is obliged to meet them. When it comes to improvements, it is up to the company to set the objectives it wants to achieve based on its current situation. The standard is therefore not the same for all companies; it is the company that defines its own objectives and actions to be implemented within the binding framework of the ISO standard.
The more a standard is shared, the more it is recognised. ISO (International Organization for Standardization) has become the global benchmark. As a reference point, it has more force than a private or local charter. Some organisations, both private and public, deal almost exclusively with ISO-certified providers.
What does an ISO standard actually provide for customers?
For the customer, ISO certification is an indicator of a company’s efforts to improve in a given area. For example, ISO 9001 recognises the diligence and the constant attention paid to quality within a company. The tangible result for customers is intuitive products, an effective support service and the peace of mind of being able to access their data securely at any time.
At Infomaniak, the ISO framework helps us to structure and do things with ever greater diligence. We list existing processes from which performance indicators are implemented. If we identify gaps, it may mean that the overall procedure which a particular process is part of is not sufficiently clear or effective, not followed or non-existent, meaning that something needs to be improved. In this way, we are able to intervene quickly and in a targeted manner.
Why get an ISO standard?
A company may want to be certified for many reasons: to improve, to create a competitive advantage, or simply to meet the demands of certain industries. At Infomaniak, this is part of a continuous improvement approach to satisfy customers in some of the most demanding sectors worldwide.
Is it difficult to get an ISO standard?
The certification process is not a difficult process in itself. You have to be able to gather a certain amount of documentation that already exists or needs to be created. This may take 6 months, depending on the progress of the company in the area concerned by the standard to be obtained.
What proves that the requirements of an ISO standard are met?
First of all, it is important to understand that an ISO standard is not the answer to everything. With declarations of intent, some companies end up taking the easy road. Fortunately, customers are becoming more and more experienced (notably thanks to critical media and social networks). They are developing the reflex of evaluating companies according to what they actually do, and not just what they say.
An ISO standard requires audits at least every year
Like all other ISO-certified bodies, Infomaniak is audited at least once a year in a 3-year cycle:
- Year 1: full “certification” audit that covers all the requirements of the standard. In the case of ISO 9001, the first action is to review all company documentation to verify that the quality system meets the standard. This step also includes on-site interviews with employees.
- Years 2 and 3: follow-up audits. The auditors return no later than 1 year afterwards to identify any non-conformities or areas for improvement. The company management is notified of these. An action plan is developed and implemented to address this.
- Attribution: the audits are referred back to the decision-making committee of the certifying body, which issues a certificate valid for 3 years reassessed by means of continuous audits and a renewal audit.
What is the objectivity of the certification process?
Infomaniak works with SGS or Afnor (previously). These are organisations accredited by the NGO ISO. They accompany us and must themselves meet certain specifications.
The auditors have a duty to be independent in the mandate granted them by the SGS and:
- Infomaniak does not pay them;
- they are not employed by the SGS either.
The auditors are thus strictly independent. This is a very important aspect.
Are ISO standards reserved for large companies?
Even a small structure can commit to ISO certification. What matters is the binding framework of the standard, not the size of the company. This again depends on the level of advancement of the company vis-à-vis the field it wants to certify.
The main challenge is to create precise documentation that serves the business directly. It is meticulous work which lays the foundations for the improvements to come.
The same standard, but not the same actions? Who sets the targets?
Not all companies meet the requirements of the standard in the same way. Certification applicants will all have to meet the respective requirements, but it is at the implementation level in terms of objectives and action plans that they will set their own course.
For example, for ISO 9001, the requirements of the standard relate to the organisation, management and processes of the company. The advantage of this standard is that it does not impose a way of doing things, that is, it is a binding framework defining what needs to be done, but it does not say how to do it. The company thus chooses the means of implementing its own quality action plan.
A distinction must therefore be made between the response to the requirements and objectives and the associated action plans, which are highly specific to each company. At any event, it is the process over time that leads to tangible improvements and consistent documentation.
ISO standards are not the answer to everything
A company needs agility and flexibility in order to grow and remain effective. Therefore, it is not necessarily essential to attempt to formalise all procedures. It’s a compromise to be found.
You have to choose the procedures that have the most impact in relation to your profession and focus on them. Some companies like Infomaniak want to improve specific points (such as the quality of interface translations). This is where the binding framework of a standard can help.
Find out more
Prioritising quality code : explanations and solutions for repaying the technical debt
Friday August 11th, 2023