Why is choosing the right implementation partner so important?
Selecting the right ISO consulting partner is essential for successful implementation of ISO standards. In fact, Fendix is regularly called upon when an implementation by another party has failed. What we then find can vary from a non-user-friendly management system to an implementation that has to be completely redone, with thousands of euros wasted. Totally unnecessary in our opinion. An incorrect implementation partner can not only cost your organization a lot of money, it can also disrupt your daily operations and destroy support for the next implementation.
Criteria for evaluating an implementation partner
Making an informed choice for an ISO implementation partner is not easy, especially when you yourself have little knowledge of the standard to be implemented. Since we have done numerous implementations we know where implementations can go wrong and which factors make implementations successful.
So do you want to successfully go up for certification?
Then pay attention to the 7 criteria from this white paper when selecting your ISO implementation partner.
For each criterion, we explain what we mean by this, what you can expect if you were to partner with us, and provide a tip that will help you objectively test this criterion yourself.
Criterion 1
A standardized approach
What should you pay attention to?
The main reason organizations hire an ISO implementation partner is experience. This is because an experienced consultant has gone through the entire process, from baseline measurement to external audit, dozens of times. As a result, he knows (if all goes well) the best-practices and has templates at his disposal, which provides enormous efficiency benefits. At least, if the consulting party has standardized their method and project approach and shares knowledge internally.
Here's how we do it at Fendix
All consultants at Fendix work in ClickUp: a project management tool where the entire project structure is divided into tasks and subtasks, to which templates, work instructions and best-practices are linked. Every consultant at Fendix follows this standardized approach. We also improve this approach together in knowledge sessions. As a result, the efficiency and quality with which a consultant works no longer equates to his own knowledge and experience, but to the knowledge and experience of the entire organization together.
Our tip
During the sales process, ask how this party ensures efficiency and quality of implementation. In many cases, this answer includes the word "template. In fact, this demonstrates a structured approach and the right experience.
Criterion 2
Flexibility
What should you pay attention to?
A standardized approach ensures efficiency but should never interfere with flexibility. After all, ISO standards are free to be interpreted in many ways. That is, if you can substantiate why you set up a particular control the way you did, that's usually a good thing. Since a good ISO consultant knows how the audit goes and what the auditor will look for, he also knows where the standard should be followed as a rule and where there is more room for customization.
Here's how we do it at Fendix
At Fendix, we always say: can't doesn't exist. ISO should make your business processes better, but not less efficient. We therefore make every effort to ensure that after implementation you and your employees say, " This ISO implementation has truly made our organization more secure & professional.
Our tip
Read up briefly on the key security controls that ISO requires of your organization. Then pick one control that you suspect may rub off with
your way of working and ask the ISO implementation partner how they would handle it.
Criterion 3
The management system
What should you pay attention to?
The management system is the central player in any ISO implementation. This system contains the policy, the risks and control measures and the annual planning with safety controls. It is therefore crucial that this system has the functionalities of an effective management system and, above all, is user-friendly to manage. A management system that meets these requirements can usually be set up in three ways:
1. In one of your current systems
Many companies already work with several software packages and are therefore not waiting for yet another new (management) system. Fortunately, this is often not necessary. As long as your software has the necessary functionality, a management system can be built into it. This is often easy to find out during an initial meeting.
2. Specialized software
Many ISO consulting parties use software developed specifically as a management system. However, this comes at a price. Fortunately, there are better and cheaper alternatives. Most task management systems are in fact very suitable as management systems. And many companies already work with such systems.
3. Word and Excel
Although managing a management system in Word and Excel is not as easy as the above two options, it can be a great alternative when the above two options are not possible or desirable.
Here's how we do it at Fendix
At Fendix, we always build the management system in the way that best suits your organization. For example, we have a standardized setup in Word and Excel, a proprietary management system in ClickUp and Monday, but we have also built management systems in JIRA, ZoHo and SharePoint (Teams).
Wondering what that looks like?
We would be happy to give you a demo. Call us at 085 773 60 05 or email sales@fendix.nl
Our tip
Ask the ISO implementation party for advice on how to set up the management system. Then also ask for a demo of this system and be very skeptical if this is not possible.
Criterion 4
Communications
What should you pay attention to?
During an ISO implementation, the consultant must vet your entire organization and bring it into ISO thinking. Communication skills are therefore indispensable in a good consultant. Important here is that the consultant manages expectations, communicates clearly and responds appropriately to questions, requests or any concerns you may have.
Here's how we do it at Fendix
At Fendix, communication is one of our three core values. That means we both select and value our consultants based on their communication skills. In addition, we have built phases with milestones into our projects. At each milestone, we communicate its achievement to the client and explain what to expect in the next phase. This way we ensure that our clients are always well informed and that no misunderstandings occur.
Our tip
When talking to the consulting party (or requesting additional information), pay close attention. In fact, our experience has shown that if communication leaves something to be desired at this stage, it is likely to be the case during implementation as well. The opposite is just as true.
Criterion 5
Experience & track-record
What should you look out for?
People sometimes say, "Past results are no guarantee for the future." This is complete nonsense if you ask us. Nothing is more telling than a consultancy with a good track-record and happy clients.
This is how we do it at Fendix
Our goal is always to build long-term client relationships. We are therefore proud that 100% of our implementations are successfully completed and 98% of our clients purchase a maintenance package after implementation.
Our tip
Always check for reviews on an independent review website and pay particular attention to the comments that accompany them. If there are negative reviews, ask
what exactly happened here or contact the company that left a negative review.
Criterion 6
Price
What should you pay attention to?
Not unimportant of course: the price. Although the cost of an implementation depends entirely on the extent to which you want to be relieved of all concerns and the size of your organization, a company that does the implementation for you should be able to give you a good fixed price indication in advance.
Here's how we do it at Fendix
At Fendix, we can help you achieve your ISO standards in two ways:
1. Accompanying
In this process, we offer coaching and advice on implementation. We give you templates and best practices and you get to work with them. Through several sessions we take you through the process. In a first meeting we discuss how much guidance you need and then we give you a fixed price.
2. Unburdening
In this process, we take over the responsibility for a successful implementation from you completely. This allows your people to continue doing what they have always done
: running the business.
Our tip
Be sure to compare apples to apples. Ask carefully what exactly you are getting and what work will be performed. Some implementation partners offer
only templates, or templates and advice, and others take over the entire implementation. Therefore, always ask the question:
"How much time will my organization spend (collaborating) on the implementation?"
Criterion 7
Additional services
What should you pay attention to?
To maintain the certificate after implementation, the management system must be maintained. It is therefore nice if the consulting party in question offers this. Should you consider going for multiple ISO certifications at the same time, a combination implementation can often save you a lot of money.
This is how we do it at Fendix
At Fendix, we offer various maintenance packages for multiple standards, such as ISO 27001, ISO 9001, SOC 2 and ISAE 3402. We also offer Security Officers and Privacy Officers from 1 to 4 days a month. Finally, we conduct phishing awareness campaigns and have recently started researching the cyber dangers of AI (artificial intelligence). In short, we are your partner for everything in the field of quality and information security.
Our tip
Research carefully what other services the party in question offers in addition to the standardization you currently want to achieve. In our experience, organizations need an all-round knowledge partner after implementation to help them improve their organization's quality and information security.
An overview of all our services can be found on our website: fendix.co.uk/services
Choosing Fendix as an implementation partner. Have you become enthusiastic about our approach?
If so, we would love to hear from you. Check our contact page for more information or contact Kilian directly.
