Supply chain 4 March 2016

International standards: Taking small businesses to the next level

Accreditation could provide the boost small firms have been after
Writing for Business Advice, managing director for both Shredall and SDS the UK’s largest independent shredding, document storage and scanning companies Lucy Shipley, discusses how small businesses most stand to benefit from accreditations from international standards agencies.

What are International Standards?

it’s essential that small companies make the most of the resources that are out there to help reach potential. The international standards provided by the International Standards Organisation (ISO) are one such resource that, if correctly made use of, can do wonders for your business.

ISO pools together the expertise of members to form these international standards, and businesses can gain accreditations to demonstrate to a market that they are meeting those standards. These accreditations, which include ISO 26000 (social responsibility) and ISO 27001 (information security management), can help your business prove to clients and shareholders alike that you are providing the highest quality of products and services.

Why is this kind of accreditation important?

There are a number of reasons why these accreditations, awarded by independent organisations such as the global certification body NQA, are beneficial. In fact, ISO provides its own document listing ten of these reasons. The biggest single benefit to meeting these standards, which encapsulates what ISO is trying to say by listing ten reasons, is that getting these accreditations will show the world that your business is the real deal. Whatever product or service it is that a business specialises in, having the relevant accreditations will reassure existing customers that their money is in good hands, will be a hook for potential customers as they see that your business is one they can trust, and will help your whole organisation to become a more efficient, profitable machine that is always in line with legal requirements.

Case Study: How to obtain ISO 27001 accreditation

To make all of this clearer, I want to focus on a specific accreditation: ISO 27001. This accreditation, which recognises information security management, is an ongoing process. It starts with an initial audit to see where your business’s strengths and weaknesses lie when it comes to information and data security, and then helps your business to implement and information security management system (ISMS), which ensures that you can continue to meet the global standard.

Accreditation process

The accreditation process starts with the filling out of a quote request form, which helps an accrediting body to assess your business’s situation. From here your company is helped to set up the ISMS. The implementation of this system is then assessed over two visits, over the course of which you demonstrate that you’ve been successfully using the system – covering people, processes and IT – for at least 3 months. After this initial process, a combination of annual surveillance and three-yearly re-certification ensures that your company goes on meeting the industry standards.

Benefits of this accreditation

don’t be put off if all that sounds gruelling; the benefits of the accreditation are worth it. Attaining ISO 27001 has all the benefits mentioned above, as well as more specific upsides. For example, if your company is involved in handling sensitive customer data, this accreditation will minimise the risk of threats such as viral attacks and cybercrime, and show shareholders and customers that you are serious about protecting their information. The system ensures that there is a focus on security throughout the company, not just at the senior level, and that you are able to comply with regulations such as the Data Protection Act at all times. Put all of this together, and you get a package which shows the world that your SME is good at what they do, and that you are able to keep the promises that you make regarding data and information security.

Why does this matter to your small business?