Is audit anxiety holding your company back from ISO 9001 compliance? While it may seem like a daunting task, many businesses are closer to certification (and re-certification) than they realize.
Join us in conversation with ISO Expert, Brian Buss, on the third episode of The Voices of Manufacturing. Brian has a knack for simplifying ISO requirements and easing audit anxiety.
Despite being widely adopted, many companies are intimidated by the ISO 9001:2015 certification process.ISO 9001:2015 is the most widely adopted ISO standard but many companies are intimidated by the process of certification. In this episode, Brian shares how successful companies are likely already following many quality management best practices and how certification can significantly improve your business.
A full transcript along with additional resources are listed below.
Additional Resources
Episode 3: The Voices of Manufacturing
Brian Sallee: I'm your host, Brian Sallee, and joining me today is Brian Buss. Brian runs a consulting firm called Cambio services. His firm is focused on helping businesses simplify compliance. Welcome to the podcast, Brian.
Brian Buss: Good morning, Brian. Thank you.
Brian Sallee: Let's dive right into our topic today. I think it's going to be a fun one. It's "ISO 9001 is Closer Than You Think." And I love this title because it really challenges the perception I think most of us hold which is, ISO certification is often seen as this difficult certification to achieve. It comes with substantial cost and it's really going to significantly change the way you run your business. I think most people probably aren't wrong in having that perception. You mentioned this to me, you know, somewhat of a myth, so kind of give us some insight. Why do you think that's a myth?
Brian Buss: Yeah, that's true. A lot of businesses, when they're considering certification, they really think that there's more involved than there is. I've been doing this for 20 years now - having started off in automotive as a supplier quality engineer, working in aerospace, electronics. I have some cosmetic clients now as well. So what I've learned is that it doesn't really matter what the product is about. It's all about management systems and is about how you run your business. So just like every challenge of setting up a good management team, ISO can be a challenge when you have weaknesses, but when you are already working on building a strong management foundation, you're already working on getting ISO 9001; whether you realize that or not.
Brian Sallee: So the idea is that you're already doing a lot of things that are required for ISO certification and it's just formalizing a lot of that.
Brian Buss: Yeah. If you read the title of ISO 9001, it says 'Quality Management Systems,' right? So everybody kind of skips over the 'management system,' part of that, and they skip right to quality and they think, oh, this is quality for our quality department to do. And I always remind them that no, this is business best practices for your management team. So it starts with, "Top management shall...," right?
That's basically the first part. You have to understand what your business is, where does it fit in the context of your team, what are their responsibilities? And then you start going into the nuts and bolts of, how to build a product or build a service, a process, that's gonna be 9001 compliant. So it's not forms, it's not folders, and it's not just a bunch of checklists. It's really about setting up the right management structures, which most growing companies are doing already.
Brian Sallee: Yeah. And actually, maybe just to take a second step back here, cause I know we've got a lot of listeners who are considering ISO certification and still trying to wrap their arms around what exactly it is. I think you've mentioned this before. I've heard it from other people. It's really a set of rules. It's a rule book. And is that kind of the way that you would describe it?
Brian Buss: Yeah. So ISO 9001 is a document. That's the document title. It comes from the International Standards Organization, which is ISO. And ISO as a global organization publishes all sorts of documents, which you can think of as best practice manuals. There are ones for how to run a data center if you have an IT company. There are ones on safety and environmental. There are, I would say hundreds of ISO published documents and they get very minute. I can't think of an example of now, but also very high level to like management systems, and ISO 9001 is probably the most widely adopted.
There's over a million companies worldwide that are certified to 9001. And as I said it's a best practice manual for your business. It's not just a quality thing. And customers, or subscribers, customers have realized this, right? So it's a set of guidelines. And then you get certified to it. So you read the standard, read the document. You implement it within your company. And then when the word certification comes into play is when you hire a third-party company to come in and certify you.
So just like any statement in manufacturing, you can say my product is organic, for example, right? But to get certified organic. Is like an independent verification of that claim. So you could say, Hey, we have a quality management system. You could provide great service and great products and never have to get certified. But when you're providing products or services to major companies, whether it be automotive, industrial, aerospace, oil, and gas, they want that third party to say no, you're a certified company. Think of 9001 as like a set of rules.
I don't know if you play, basketball, but if you head over to your park this weekend and just join a pickup game of basketball, imagine someone joins the game and they don't know what a foul is. Everybody agrees what a foul is. Everybody knows the rules of basketball. But imagine playing with someone who didn't know the rules, how would that change the dynamic?
So when your customer says, get ISO 9001 certified, they're basically telling you we, "We manufacture and we provide services to a common set of rules." And you need to understand that. So when we ask you, "Hey, what's your traceability?" "Hey, can you write us a formal corrective action?" Because you shipped a bad part. They're expecting you to know what a corrective action is and they expect you to know what traceability means. And that's what ISO 9001 gives you.
Brian Sallee: I really liked the way you broke that down there. It's essentially, you're playing by this set of rules and then the certification is basically someone coming in and verifying that you actually are playing by the same set of rules as everybody else.
When it comes to some of the benefits of ISO, I know for a lot of companies that I've worked with in the past, oftentimes they're trying to expand into maybe other industry segments in other regions of the world that they want to sell their products into.... What are some of the reasons that you're commonly seeing companies seek out ISO certification?
Brian Buss: So the most common reasons are that a customer or a contract that you're trying to sign requires it. So when I say contract, typically you're talking about a government or a state organization. So a lot of nations in the world in order to be a contractor or to be taken seriously, say, "Hey, you need to get ISO 9001 certified." As well as private industry. So as I said, I started off in the automotive industry. Aerospace electronics.
Really. If you have a product that you're manufacturing or a B2B service and you want to sell into the top OEMs, whether that's automotive, aerospace, and their tier-one suppliers, right? The first chain below them, you have to get ISO 9,100. You'll see that most commonly in the purchasing contracts, they will require that sometimes I call it like the ticket to the dance where you don't get in. I
f you're not certified or they'll at least hold you to a very firm timeline to get certified if you have a new product or service that they absolutely need. And you're the only one providing it, but typically for new companies and small companies, you're probably not the only one with a product that a major company like Ford or Boeing needs.
So you want to be part of the supply chain, you gotta get ISO 9001 certified. And you'll see that in your contracts when you talk to the buyers.
Brian Sallee: Got it. So for our audience then, there are folks who are considering seeking out ISO certification. Maybe they've like you're saying here, they've got some contracts they're trying to win. The idea around this episode today is ISO certification, it's closer than you think, so let's start diving into that. What do we mean by it's "closer" than you think? And I think you've said this earlier, you're already doing a lot of the things that are required for ISO certification.
So let's start with, when you come into an organization as an internal auditor, what are you usually looking at as you try to evaluate where this company is at when it comes to how close are they to be able to comply with ISO certification?
Brian Buss: Yeah, so companies hire Cambio and myself to help them get certified. And when I come in, the first thing I try to establish is, what are you already doing that you can count towards ISO 9001? I'm working with a company now, they have the longevity of more than 10 years and they're already providing a product. Their primary customer is a world-class OEM, Original Equipment Manufacturer, meaning the top of the food chain.
So I already know that for 10 years they've been providing a service and product to this customer and that's and I know the world, I know the customer and I know they have clear flow downs and they wouldn't have kept this supplier on for 10 years if they weren't performing. So that's going to be easy because they're probably already doing 80% of what ISO 9001 requires. The first thing I look for is what are you already doing? What can we, what can you take credit for in terms of what I, so 9001 is expecting? And then you do, what's called a gap analysis, which is, or what are you just simply not doing? Or what do we need to formalize? So let's take an example.
So one of the parts of ISO 9001 is called management review. And a lot of people think if you read the standard, it says 'management shall meet at least annually to discuss the performance of the business'. So what some companies do that don't quite understand, they'll schedule an annual meeting, right? If it only has to be done annually, let's just do it once a year. Why do it any more often? And they'll have a meeting and they'll discuss the performance of the business. There's 10 slides on the ISO 9001 topics that they want you to go over. Like customer satisfaction, quality, delivery, audit status, and things.
So they schedule this meeting and it's like a once-in-a-year thing, and then they discuss things, and then that's it. And then they don't meet again for a whole year. That's not very effective. So for using that as an example, I simply ask the top manager or a team. "When do you guys get together as a team?" And they'll say, "Oh we meet every week as a staff or, once a month, at least maybe you were remote, so we meet regularly." And I'll say, "Okay, what do you discuss in those meetings?" There's always a firefight going on. It's usually about the customer or product quality. So check, you've discussed customer satisfaction, you have discussed product quality. What else do you talk about?" " We talk about growth. We talk about new products and our pipeline." So all of those things are covered as part of the management review.
So I simply say, "Don't just meet once a year. If you're already meeting monthly or quarterly, all you have to do is take credit for that." Keep a few records, which are probably already booked on your calendar. So there's your record. You may or may not have an agenda. Try to create an agenda because that's just a good, best practice for effective meetings. And you've got your record of management review. Then just make sure there are a couple of oddball ones like discussing internal audit status. We'll just put that on the agenda. Say two or three times a year and you.
Brian Sallee: Got it. So this is a great example of a company you're already doing these things. And what you're saying here is just add a little more structure oftentimes to it, like the agenda.
What about meeting notes, things like that? Does it need to go to that level to where you have evidence of what was discussed during the meeting outside of just, what was proposed in the agenda?
Brian Buss: Yeah, so this touches on an interesting thing. A few years ago, in 2015, ISO 9001, there was a revision to it. And it's now called ISO 9001: 2015 Revision. Before that, the prior revision was in 2008. And before that it was around the year 2000. So in 2008, they just fixed a couple of words, clarified a few sets of terms. A lot of the ISO 9001 principles that people thought of traditionally were actually written in the year 2000.
So think about how much business has changed. In the year 2000, we were probably given a copy of Microsoft office, like on a disc. And our it company said, "Here you go, these are the commercial computing tools that you have available in Word, Excel, PowerPoint." Now we have SAS tools for every department in your company. We have a digital exhaust of video and records and recordings and transcription tools. So the new version of ISO 9001 accepts all of that. They call it "documented information," right? So that's databases, recordings, video, work instructions digital work instructions,
such as you guys provide at Dozuki.
It's no longer, pen and paper, like who was in the meeting? You have an outlook or a Google invite that says who was in the meeting. Cause there's a green check box. So it's much simpler. But again, this is how I help companies navigate. Take the tools you already use. You already have a record of who was in the meeting because you recorded it or you videotaped it or you have a zoom session or something, and that's the documented information that you can show your auditor. So it's much simpler.
Brian Sallee: Got it. And is that a big shift from the 2008 standard where , now it's more I don't know if this is the right term, but more of a risk-based approach where you, as the company, you get to decide how much documentation is really required or necessary for each of the components of ISO certification?
Brian Buss: That's true. Yeah. So going back to the 2000 edition, which was just simply a few simple modifications in 2008, so the 2000 edition was you shall have these procedures. And typically people picture like the quality manager, which with a bunch of binders on the shelf behind her or his desk, right? Here are all the procedures and everybody needs to read them and, sign off that they understand them. The new version says, it's your business. You determine what is necessary.
So another example, you create a purchase order. Most companies have some sort of software that helps them manage their purchase orders. There's a form they fill out. It's a web-based form or maybe a local database. It's a validated form. So you can't put a text field where the date is required and you can't put a date where the price and quantity are required on the purchase order. In the past, when you were filling out POs manually, if you had a team of five buyers, you probably would need a procedure that said here's how to create a purchase order because all five of you need to do that consistently. So you have to write a procedure.
Now that you have software that basically forces you to put dates in the date field, quantities, and integers in the quantity field, and describes the product from another drop-down list, you don't need a procedure because
your software defines the process.
Brian Sallee: This is really interesting. Cause I believe that a lot of people still are under the impression that ISO certification is this list of things you have to do. And you've got to just, have your templates that you go in and you get from your, ISO internal ISO auditor, and you customize them to your company. And then that's how you're gonna achieve ISO certification. What you're talking about now with these new standards, it's really up to you to decide, like in this case of the purchasing software, the PO software you don't need a process cause the software makes it so you can't make a mistake, essentially. Everyone just follows the software workflow. Does that make it more challenging though for companies? Because sometimes when it's up to the company to decide what they need to document, what they need to have processes around. That can almost be the ambiguity is it can be really challenging to do you see that? Or is that really where an internal auditor comes in, comes into play?
Brian Buss: Yeah, you're right. You point out a good message there. So in the past, you would just get a bunch of templates and, change the name and change the logo. And you're like, these are done. Now the onus is on the organization to say what is required.
So the simple thing is you can do it both ways, right? But you're going to have better long-term success if you approach it as we want to keep it as lean and mean as possible, meaning the, let's create flow charts instead of procedure like written procedures, let's document basically how we do things and in what sequence. And not tie us down with a bunch of "We shall do this and we shall do that." If you take the time to really look at your process and you have your team work with a coach or somebody who's been through an ISO process before. You'll get a longer-term benefit if you keep it simple and flexible.
Brian Sallee: Excellent, yeah. And I guess to go back and get to more of the, we were talking about some of the practical things. So we were talking about that management and in leadership review you've already talked about the supplier control around the PO software.
What are some other components of certification that most companies are already doing? And it's just a matter of maybe formalizing it, maybe having to document some of those processes. Contract review was one of them. There was something around the control of product realization or just some other examples.
Brian Buss: Yeah. So contract review, that's a big word for taking an order and making sure that it's going to turn out successfully. So every business, they get a call from the customer, or they get an email, "Hey, we'd like to order a 100 widgets from your team and we need them by this date. And we'd like to discuss pricing and schedule with you." Okay. That's very standard. So you're like of course we'd do that, right? We want the customer to get their product on time, at a price that's agreeable, and we always make sure that it's feasible for us to accept the order. So every business already does that.
So then ISO 9001 simply says, okay, do you have records of that? Sure. We do most things. Here's an example of a meeting that we had, our salesperson drove out to discuss, contentious scheduling issue or there was some negotiation on price. Okay. Yeah. Here's the meeting right here in our calendar. And I talked to the salesperson. What did you discuss in that meeting? We negotiated price and schedule. Okay. That's contract, did they send you an RFQ? Did they provide you a specification on what they're looking for? Did you send them a drawing? Did you send them a statement of work? Did somebody sign a document such as a statement of work, to electronically sign a contract? Something that says, "This is what I agreed to provide you." The timing, the cost and the quantity. And of course that exists everywhere. That's contract review.
Brian Sallee: Got it. And so for you know, when you are seeking certification that third-party auditors coming in, they're going to want to see this evidence. Are they also going to need to see some sort of documented policy on, what does contract review look like? Do they need to see it at that high level?
Brian Buss: So most, so that time you'll create some sort of flow chart that establishes the sequence of your business. And I would always recommend that there's some structure. So if you think about, the skeleton of our bodies it's pretty consistent, but what happens within our bodies is very unique, right? So the flow chart and a basic sequence establishes the structure of your business. So we take customer requirements, we consider them, we respond with a quote for the contractor. Once accepted, we may have to design the product or develop it.
If it's new or we adapt existing service or technology, design and development, then we do manufacturing in a planned manner, we just, we have a schedule and things. So those, that kind of sequence of operations is definitely what I would recommend the finding, but the. To create a procedure that says we negotiate suitable pricing, schedule the time and quantity with our customers. No, you don't need a procedure that says that because you can demonstrate that with evidence.
Brian Sallee: Got it. And so practically speaking, having that high-level flow chart is enough to satisfy the requirements of that ISO auditor that's going to come in. But when it comes to businesses, and I've heard you mentioned this before, you're not just seeking ISO certification to seek ISO certification; there's oftentimes benefits to your business as well. Do you recommend your clients do document some of these procedures so that everybody's on the same page with how things are supposed to be done, and it's less word of mouth?
Brian Buss: Yeah. So the point where you want to start documenting things is determined a little bit based on your size and then your risk, right? So going back to the purchasing example of a buyer. So you don't need a procedure with how to fill out a purchase order because you're using the software.
Let's say that you have two buyers in your business that are doing the majority of the purchasing. They're using the software. They're probably pretty consistent on how that's done. Now, let's say that your purchasing team continues to grow to 10 buyers. Okay. At this point, you start to see. One buyer does it slightly differently, right? They negotiate a little differently, you're hearing, "Oh, we called the buyer and they verbally gave us an agreement to do something.
This is where you start to seeing inconsistency.
So as your team grows and you say at what point will the personal spend, so to speak, start to impact my process, that might be. Yeah. So it might have to do with the size of your organization. The other point is when do you want to document is when the knowledge or the information is so critical that you feel that it only exists within one key person's mind. And if that person wins the lottery tomorrow and says, "Thanks for the good job, but I'm out of here." How much
knowledge and experience also is going to leave our organization with that person?
We want to know how that key job and that key function is accomplished. So let's document the process. So that one, if we ever lose that resource where we're prepared. And two, that when we hire people and that key process needs to get transferred in terms of knowledge, we can train that second, third, fourth person to follow the best practices of that first individual who did it.
Brian Sallee: Understood. Yeah. And I think that makes a ton of sense. The point you brought about brought up about the size of the organization, right? As you're trying to expand and grow your company, and you need to hire new people, you need to bring them in. You need to be able to train them to some sort of standard. And having that process document is a great way to do that. Moving on here, you've mentioned several areas where companies are already doing a lot of this, a lot of things necessary to meet ISO compliance and just formalizing it a little bit more. What's an area though that, companies typically maybe aren't already doing these things? What's an area where companies actually have to work really hard to meet the requirements of ISO?
Brian Buss: If I walk into an existing organization, probably the biggest gaps I see most frequently, Would be in objective measurements and probably training. An objective measurement would be something like on-time delivery. Ok, you have this perception that your customers are happy, right. That you're providing the orders to them, but you've never really written down and looked at your, customer said, I would like a thousand units on July 15th.
So most companies don't really measure, "Did those thousand units go out on July 15th?" They have a sense, right? "I think those went out on time, or I don't remember the customer complaining, so they probably did." But if you stack all your orders up and you use a simple spreadsheet or some sort of inventory or shipping software. And you run a report every month and you say, "What was the promised date or expected date? And when did we actually ship it?" That's called an objective. Some people call it a key process indicator, KPI. And you run that report and you realize, "huh, 88% of my orders went out on time."
Now your customers aren't screaming and upset, but that 12% that went out late, they probably got shipped under expedite. The truck was probably a special truck, right? It wasn't the cheap large-scale shipping that you had planned on. You probably paid some overtime right to get those orders out. So that 12% is not just a few potentially unsatisfied customers. It's also cost. If you shipped regularly on time at 98%. Then, your processes working, you're probably not paying a large amount of expedite fees and overtime and things to meet that 98%. So it's a measurable of the process. In this case, it would be a measurable of your manufacturing process and how well your planning department planned out that, that ship date.
So defining key objectives is one, and then the second one is training. So a lot of people say, are you a people competent to do the jobs that you've assigned them? And you say, "Yeah, they're all great. They came in with great skills. We hired them with experience. Or as soon as they got here we taught them what they need to know. We had them shadow our senior engineer or senior product manager, and they shadow that person for two weeks and they learned." That's fine. Except the standard requires that training is documented.
So again, it's not necessarily pen and paper, but it basically says, "How much time was this person trained, who trained them, and what was the topic? And again, it goes back to scalability, right? Because your customers want to know, as you grow what's it going to take to make sure your people can build the products that they're used to getting consistently.
Brian Sallee: Yeah. And to go back to the, objective measurement, there's key measureables, you're mentioning. Like how many key measureables are you required to have? And is it really up to the company to decide that you could say, "Hey, we've got two objective measurements. One is, did we deliver on time? The other one is, did we meet the customer's requirements?" Is it really up to the company to decide that? Or how do you usually guide companies in that area?
Brian Buss: It is absolutely up to the company. ISO 9001 does not prescribe measurables. It does not say that you have to track this and this. So again, it comes into having the maturity to ask your team, "Hey, what should we measure?" And sometimes you measure the wrong thing and you change your mind. Now some of the standards, like the more industry-specific standards, such as like aerospace, for example, which is built on ISO 9001, it's called AS 9100. At that point, because the aerospace industry is so driven by quality and delivery, it actually does prescribe. It says, "At a minimum, your KPIs shall include on-time delivery and product quality." But that's, as you get into more specific. ISO 9001 does not.
It's up to the company as well. To define those measurables. And you, sometimes you, you measure them for a couple of weeks or months, and then you say, are we getting any action? Is there something we can improve here based on this measurable? And sometimes the answer is no, it's not really useful information. So let's try measuring something differently. But a lot of times just measuring something, you'll learn a lot about your process.
Brian Sallee: Yeah, and it seems like I know for me, as, if I was running my own company and trying to achieve ISO certification, I have a lot of comfort knowing that I get to decide these things versus them being prescribed upon me. That flexibility seems like this is a standard that again, it's much more approachable.
Brian Buss: Yeah, it's very flexible. I would say, going back. So in the past maybe companies that would just say, oh, we'll just get the, we'll just copy what our customer does. Or I have a friend who works in a similar industry and we'll just follow what they do, that those days are over because you really want to make it fit your business. And this is why there's such a, there's really great resources and coaches out there that help you do that. And it's important. For example, the "Objectives," a lot of people say, "Oh that's a lot of work." But when you actually measure things, your team is happier because when you say this is what we're going to measure in a company, it's this is what the president or the CEO cares about.
When people get up in the morning, if they know what's important and what their manager and the manager of their manager wants to see. Then they can say, "Yeah, I'm doing what I'm supposed to do here. I see that when I take a few extra minutes to pack a customer's box, I see the result in the customer satisfaction scores, so that's a good practice." When you have no measurable, everybody just comes to work and they hope that they're doing and spending time on the right thing.
Brian Sallee: Yeah. I'm really curious then, you come in as a consultant, so you get to see these companies before they've achieved ISO certification. Do they bring you back later on as well, when they're trying to prepare for their next audit or recertification do they bring you back in?
Brian Buss: Yeah. The relationship you have with an ISO 9001 consultant or coach is important. So typically we help them define their process. And then once you've defined your business and your management system, the standard says you should try to objectively evaluate how it's doing on a plan frequency. So that could be, once a month, we're going to audit a certain department or once every six months, whatever you. Before it in terms of time and resources. So we're going to go into purchasing and we're going to look at how are they flowing down information to our suppliers, and we're going to go over to production and say, are they following their work instructions? And are they following, the packaging requirements and the cleanliness requirements and things like that. So that's called an internal audit and you have the choice of training people inside your organization to conduct those.
Or you can also hire an internal auditor and that's a lot of what we do. And so yeah, when you're, when you hire someone to build your system, oftentimes they'll come back and audit the system. So you'll build the system, you'll get certified to ISO 9001, and then you'll have that same person come back and say, Hey, it's been six months. It's been nine, 12 months. Come back and evaluate if we're still following the processes that we defined, are we still measuring those KPIs? If the KPIs are low, are we taking some sort of action to raise them? If they're meeting objective, great. Should we be measuring something else or should we just be fine tuning the process of. Yeah they can come back and do an objective internal audit.
And I always recommend that in small to mid-sized companies, because one it's very difficult to train an internal team. People are busy. They're moving within the organization and it's hard to audit your colleagues and friends.
Brian Sallee: Yeah that would be the tough part, I think. To be able to tell your colleague that, "Hey, you're not doing this properly. You need to change the way you're doing it."
Brian Buss: Yeah. Cause then when you write that down on the audit report, they think that you're issuing them a ticket. It's no, don't write me up. It's no, this is just an audit. Oh yeah. But if you write it down, then everybody knows I did it wrong. It's yeah. So when an auditor comes in and ends objective and professional, then it's much smoother.
Brian Sallee: Yeah. And I'm really curious, you get to come back, you see these companies and the progression they make. What do you typically see? I mean, Are you seeing companies that, once they are ISO certified, they are a better company after that? They're operating in a more disciplined manner, after that? Or do companies tend to fall back to their old habits until their next, recertification?
Brian Buss: I've never had a company come back and say we really regretted getting ISO 9001 certification. So that's never happened. Usually what I hear is, and it comes from the individual managers and. Leaders, they say, wow it's really nice to have something defined. I now have a structure for what I want to do in the engineering group or in the customer service team.
And then I was just talking to somebody yesterday and she said, I didn't get any training when I started here. And this is a smart individual, college educated. And maybe the assumption was, "What training do you need? Do you have a college degree in supply chain management and that's the job we hired you for?" Yeah. But again, it comes down to when you train someone, you're telling them this is what we want you to focus on. So when you can define your processes and measure them, everybody's usually happier.
Brian Sallee: I mean it, to me, it just seems, and I, I've seen a lot of businesses, especially in manufacturing, that aren't ISO certified and it goes to the point you mentioned earlier, what are we trying to achieve as a company? What are our objectives and our goals? And oftentimes that's missing because the structure that the management team has put in place is really lacking. There are no objective measurables or anything like that.
What I'm hearing from you is, ISO certification, it is, you're trying to comply with this, the standard, which I think a lot of people oftentimes, they get deterred when they hear compliance and things like that. But really this is just to help your business operate in a way that you know, is more structured.
It is just like the point you mentioned about training. People come into the organization and they need to be trained a certain way. We need to follow our processes in a certain way. So it really seems if you're going to do this, there are big benefits to the business in the long run that oftentimes maybe are overlooked because you're hearing the word 'compliance' and 'certification' and that's that seems like a kind of a dirty word sometimes.
Brian Buss: And, if you're, let's say that your business is already considering bringing in an accountability coach or a consultant. A lot of times when I hear that, I'll say what's the goal? What are they promising to give you? I mean, personally like a small anecdote, my five-year-old is learning to swim.
So we're pricing out swimming tutors, right? And I asked my wife, "Well what do they promise?" So for my $900 this summer, is there a promise? And she says they promise that if, if my five-year-old falls in the pool, that she can get to the side. And that's pretty good.
At least there's that understanding that I'm paying you for some development and we're focused on the end goal. So if you're hiring a coach or you have a business process consultant or something who's not specifically quality, ask them, say "Hey, could we get towards ISO 9001 compliance with the eventual goal of getting certified? Because if you follow that path, you're going to still talk about, management systems and measurables.
There are lots of books and strategies that are basically sections of ISO 9001, turned into a 200-page book, and that's great, but maybe consider for some of the organizations that are out there that are already working with coaches, say, "Hey could we work towards checking off all these practices towards an eventual ISO 9001 compliance? And once you're compliant, then you say "What's the cost to get certified?" Because then we've got the piece of paper. Our customers recognize it. I
t's like the diploma versus just attending class. And one more point, I know, of course cost is a big thing. ISO 9001, the cost of certification is typically based on the number of employees that you have. So if you're a growing company there's no better or more economical time than right now to get certified because as you grow it, the expense will scale with it.
And the people that are on your team now, let's say you're a 15 or 20 person company, are the leaders of your 100 person company, five years from now. So those are the people that you want to start practicing those best practices now, because they're the future managers and leaders of your organization.
Brian Sallee: That's a great point. That's really interesting then to know that, as the company scales, these people that you have right now are going to be promoted. And the habits and the discipline you established now is going to carry on with them. If you do develop those good habits and discipline.
Brian Buss: Yeah, absolutely. And you're providing a valuable service to your team because, realistically let's say you're 20 people now. Okay. Some of those people will leave your company. If you're interested in their well-being, and as professionals and not just whether they work for you or not, you're training them in skills that are applicable wherever they work. So one of the best things I didn't realize at the time of working at Ford when I was 23, I'm 24 as a supplier quality engineers, all the training that they gave me was applicable to the entire industry of manufacturing.
They didn't just teach me to one procedure that Ford wrote. They taught me how to develop a manufacturing process, whether it was aerospace, electronics, boat, building cosmetics products. It wasn't just automotive. So I think your team will see, "Wow, these are great skills." While they plan to stay with the company and grow, obviously that's not always the case, but they'll invest the time to really understand them because it's something that they can use throughout their careers. And it's not just something we do here at Acme Corporation.
Brian Sallee: I was going to say, I've known some companies that have achieved ISO certification and getting buy-in from the employees is often one of the biggest challenges they bring up. And it sounds like what you're saying here is the kind of, "What's in it for me?" "How is this gonna help me as an employee here at this company?" And then there's this other benefit you're saying that you're gaining experience that you're going to take with you throughout your career that's going to make you more valuable, potentially.
Brian Buss: Absolutely. And it's going to teach you how product and service organizations function. Just going way back to our basketball analogy. When you were in fourth grade or whenever third grade, and you started learning the rules of basketball. Did you ever think, "Oh, it's great that I know how to play softball because now I can, have a recreational activity with my coworkers and neighbors"? You know, on the inter-company league.
But as opposed to learning some little game that the PE coach in fourth grade thought you should know, no, teach them the common language of recreation and sports, right? So the common language of product and services. Organizations is management systems and ISO 9001 is definitely a, an investment for everybody in the organization to really understand.
Brian Sallee: Yeah. Brian, this has been great. I think I've learned a lot and I think our audience, it has as well. With this idea that ISO certification is intimidating and a daunting task, I think you've helped us realize that it actually is not as daunting as it seems. You're already doing a lot of the things that are required for ISO certification. And you even already have the evidence to prove it out. I think this, hopefully for our audience, for companies considering ISO certification, this'll be motivating for them to hear and encouraging so they can take that next step.
Brian Buss: Whatever path they take, take the words "ISO 9001 Quality Management System" and replace the phrase "Quality Management System" with just "the way we do things around here." And if you already have a coach leading your improvement, just say, "Hey, can we make it so that the way we do things around here is compliant to ISO 9001?"
You shouldn't have to change if your business is successful, to get ISO certified. The people that wrote it, that was their specific intent. It's not, "Here's how we want you to run your business." It's, "Hey, these are the rules, the common understandings, and the expectations of your customers for you to have the business the way you want, but still produce a great product and service that your customers can have."
Brian Sallee: Excellent. Brian, as we wrap up here, I do have a couple of questions unrelated to ISO certification for you. I did want to ask you, this is something that we ask every guest that comes on the podcast. What's your favorite industry or business quote, if you have one?
Brian Buss: Well as I said, I have an engineering background and I have a minor in communications. Luckily it was a great experience and. It's a quote. It was introduced to me in one of those comm classes way back when, but it definitely applies. And it's something I hear myself quoting and saying a lot is that "Miscommunication is the rule, not the exception."
So most of the time when you're building your systems or communicating with your colleagues, most of the time there'll be a miscommunication. So if you sent them an email, maybe it didn't get received. Maybe they haven't read it yet. A lot of people assume, so I love that. It definitely comes into practice and it changes the way you think about interpersonal and company communication. Miscommunication is the rule, not the exception.
Brian Sallee: Yeah. That's a great assumption to always make when you're communicating. And then last thing you've already left us with a ton of tactical advice today. But based on what we talked about, is any like one piece of advice that you just think is maybe more important than anything else for a company that is considering an ISO certification?
Brian Buss: Yeah. In terms of something if they just want to get started today, think about your team and ask yourselves, "Are we at the point where I trust those key members of my team to start to define how they want to run their portion of the business?" So if you have a sales leader, do you delegate and you trust them to define the sales process? If you're a product manufacturer or a service manager, do you trust that person to define it?
If the answer is "Yeah, I trust those people and I have the confidence that they know how to run the purchasing, the customer service, the design, the manufacturing parts of our business." Then you're ready for ISO 9001, because all it is, is giving those people permission to define it simply and to execute it. If you're not at that point, then, still making a product yourself and you have, you're finding it very difficult to scale and you don't have the resources to invest in an organization build-out then it's a little too soon, right? You don't want to certify when you have three employees because you don't have the accountability and the responsibility. Framework yet to start delegating entire portions of the business.
So it's not based on size and it's not, and it's not too big or it's not too late. It's about can do you can those people that own the pieces of the business, are they responsible and accountable to run it? And can they start making, the promises and could they start measuring that portion of the visit?
Brian Sallee: Got it. So it's really about the maturity of your management team and structure then.
Brian Buss: Yeah. And I think most companies would answer that question. "Yeah, I've got a good team. It's clear what their individual or departmental kind of focuses are." And "Yes, I trust them to run it. I'm already trusting them. We trust each other." So as I said, then you're ready for ISO 9001
Brian Sallee: Excellent. Brian, I really appreciate all the knowledge you shared with us today. This, again, is very practical advice and things for people to consider as they're considering ISO 9001 certification. I do want to give you a small plug for your company,
Cambio Services. You guys do consulting services for companies that are seeking ISO 9001 and AS 9100 certification? Is that right?
Brian Buss: Yeah. We help companies in a wide variety of industries. My specific experiences, automotive, aerospace, electronics, and ISO 9001. But yeah, we have all the tools, whether it be the subject matter expertise, some software products, supply chain products, to really simplify compliance. And we like to say we're the shortest path to ISO 9001. And we stand with our clients the whole way.
Brian Sallee: Excellent.
Cambio Services, I'll mention that again. If anybody wants to reach out to Brian to pick his brain or get some help. It is Cambio Services. And Brian Buss, appreciate you joining us for the podcast today. Thank you for your time.
Brian Buss: Thanks, Brian. It was a good chat and I enjoyed it.
Brian Sallee: Awesome. Take care.