Skip to main content

Emma Ross explains where to begin with quality management standards and why

Good systems are crucial to business survival in tough times. They can also help you avoid tough times altogether. Certain standards specify proven business systems and are used the world over. Which ones? Sometimes it helps just to have somebody point you in the direction of where to start.

Emma Ross, Standards New Zealand's Senior Advisor Quality Management Systems

Emma Ross, Standards New Zealand's Senior Advisor Quality Management Systems

Emma Ross, Standards New Zealand’s Senior Advisor Quality Management Systems, talks us through some of her recommended standards you should know to be more efficient, resilient, and robust, from her decades of experience working with some of the world’s most popular standards.

‘First of all, I want to acknowledge that for most people the standards I’ll recommend seem like common sense. But validating that common sense and knowing it’s the shared view of world experts means you’re not making assumptions.’

Document, document, document with ISO 9001

‘I’ll start with ISO 9001 series, which includes some of ISO’s best-known standards designed to help improve the quality of products and services. The series provides a good framework for business practices and allows you to scale what you do according to the size of the business. The same principles apply you just change the degree of how you do things to match your business size. There are some in the series that help set up the handling of customer complaints, others to help with continuous improvement.

‘It’s helpful to look at some real-life examples of where standards like ISO 9001 can help. Documenting what people in your business do and how they do it is a good start. In both small businesses and large businesses there can be inherent risk in organisational knowledge being locked away in people’s heads or lost when a person leaves. Documenting the knowledge doesn't devalue the person who knows it, but it does protect the value of that knowledge to the business continuity in the event of something happening to that person.

‘Documenting also helps transition between personnel to maintain continuity and quality service. Remind yourself of a time you might have started a new job and had to find out lots of information. I imagine good documentation and process mapping would have been a massive help.’

Manage your high, medium and low risks with ISO 31000

‘What goes alongside this is the risk management standard ISO 31000 of which the 2009 version is cited in various areas of New Zealand legislation. Every business should have a risk management framework, where you rank your high, medium and low risks and document how you have reduced them to an acceptable level. This is sensible business management and as the pandemic showed us, you never know what might be around the corner. While few could have foreseen the level of global disruption, especially to supply chains, that the pandemic led to, those that may have considered disruption under a business continuity plan would have been one step ahead. Nowadays every business, no matter your size or industry, should have a robust business continuity plan and risk management plan – if you don’t, I strongly recommend making a start with ISO 31000 to guide the way.’

Information security begins with ISO 27001

‘ISO 27001 provides the framework for establishing information security with the rest of the 27000 series offering a suite of supporting documentation. Some key documents, including the recently revised AS/NZS ISO/IEC 27002:2022 Information security, cybersecurity and privacy protection standard, are available as an online collection and are a must-have for anyone handling customer or client information. If you’ve got someone’s data, then you’ve also got responsibility. At the extreme end of information security would be those handling sensitive patient information, but whatever the information these standards advise on practices to keep it safe including simple considerations such as access to that data.

‘Some businesses need to balance protection of data with access to the appropriate people and integrity so the data cannot be changed without correct authority. For a small business think about how you handle the information. Is sensitive information kept on an Excel spreadsheet on a server on site or is it backed up to the cloud with firewalls in place to protect against cyberattacks?

‘Good practice information security doesn’t need to be high tech or complicated. A simple example might be a mammography unit where the patient information may be printed by the receptionist and needs to be collected by the mammographer as the patient is called into the mammography room. How can those handling this information keep it safe? Keeping it face down is a simple measure that can prevent viewing of confidential information by others on site or passing by in corridors. A clear desk policy means information isn’t mixed up or thrown away. Having ‘follow me’ printing in large offices so information cannot be printed and left.

‘The standards might largely be seen as common sense but having a formal approach gives customers and clients confidence that you run your business well and handle their information responsibly. It offers a degree of assurance and it’s not hard to implement.’

Quality and happy customers with ISO 10000 series

‘The ISO 10000 series would be a recommendation. These provide further explanation on how best to meet the requirements of ISO 9001 particularly around customers satisfaction, dispute resolution and monitoring and measuring. In a small country like New Zealand, a business’s reputation relies on good customer satisfaction, but how do you know people are satisfied unless you measure and monitor.

‘The ISO 10000 series can also help establish quality plans. You use quality plans if you are doing a project and need to ask yourself “what do you want to get out of it?”, “what does good results look like and how are you going to make sure you get there?” To illustrate let’s look at a simple example every New Zealander can relate to – a barista making a good cup of coffee. A quality plan would detail that you need good beans, certain milks, good clean water, and crockery. All these might be under the restriction of your business, so it’s just about making sure you provide the best quality you can. This would be a specific plan rather than the quality management framework.’

ISO 14001 for the environment

‘Finally let’s not forget the environment. Environmental management does not need to only align with government policy or what is expected of you through regulation. Good environmental management, which can include simple environmental reporting to tell your customers, clients and even suppliers what you are doing and why, can actually provide competitive edge, especially where customers are motivated by businesses that act responsibly. ISO 14001 is the global standard to help you plan for better environmental practice, better transparency or even accreditation.’

Top recommendations

‘These are my top recommendations for everyone in general. Standards will not give you all the detail on how to implement changes. But they do give you a steer on what you need to think about to reach a particular objective or improvement. And they also prescribe areas of consideration that you can get accredited against to not only be better but demonstrate it to all those you do business with. There’s a reason why these standards are used across the world and have endured for decades. They are designed to help do things better.’

If you’ve got your own recommendations we’d love to hear from you. Drop us a note to to tell us why you use the standards you do.

Many of these standards and more have been collated into handy online collections available 24/7. You can subscribe here: 

Online library collections