Why is choosing the right implementation partner so important?

Selecting the right ISO consultancy partner is essential for a successful implementation of ISO standards. This is because Fendix is regularly deployed when an implementation by another party has failed. What we then find can range from a management system that is not user-friendly to a completely new implementation, which has wasted thousands of euros. We think it's completely unnecessary. An incorrect implementation partner can therefore not only cost your organization a lot of money, it can also significantly disrupt your daily operations and destroy support for a subsequent implementation.

Criteria for evaluating an implementation partner

Making an informed choice for an ISO implementation partner is not easy, especially when you have little knowledge of the standard to be implemented. Since we have already done numerous implementations, we know where implementations can go wrong and which factors make implementations successful.

‍

So do you want to successfully apply for certification?

Then pay attention to the 7 criteria in this white paper when selecting your ISO implementation partner. For each criterion, we explain what we mean by this, what you can expect if you were to work with us and give you a tip that helps you to objectively test this criterion yourself.

‍

Criterion 1 - A standardized approach

What should you pay attention to?

The main reason that organizations use an ISO implementation partner is experience. This is because an experienced consultant has gone through the entire process, from baseline measurement to external audit, dozens of times. As a result, (if all is well), he knows the best practices and has templates, which provides enormous efficiency benefits. At least, if the consultancy party has standardized their working method and project approach and shares knowledge internally.

‍

This is how we do it at Fendix

All Fendix consultants work in ClickUp: a project management tool where the entire project structure is divided into tasks and subtasks, linked to templates, work instructions and best practices. Every consultant at Fendix follows this standardized approach. We also improve this approach together in knowledge sessions. As a result, the efficiency and quality with which a consultant works no longer equals his own knowledge and experience, but with the knowledge and experience of the entire organization combined.

‍

Our tip

During the sales process, ask how this party guarantees the efficiency and quality of the implementation. In many of the cases, this answer includes the word “template”. This is because this shows a structured approach and the right experience.

Criterion 2 - Flexibility

What should you pay attention to?

A standardized approach ensures efficiency, but should never stand in the way of flexibility. Indeed, ISO standards are freely interpretable in many ways. That means, if you can substantiate why you set up a certain control the way you did, that's usually good. Since a good ISO consultant knows how the audit works and what the auditor will pay attention to, he also knows where to follow the standard and where there is more room for customization.

‍

This is how we do it at Fendix

At Fendix, we always say: There is no such thing as there is no such thing as Kan. ISO should make your business processes better, but not less efficient. That's why we do everything we can to ensure that you and your employees say after implementation: “This ISO implementation has really made our organization safer & more professional.

‍

Our tip
Read briefly about the most important safety controls that ISO requires of your organization. Then grab one control that you suspect can rub with
your way of working and ask the ISO implementation partner how they would approach this.

Criterion 3 - The Management System

What should you pay attention to?

The management system is the central player in every ISO implementation. This system contains the policy, risks and control measures and the annual planning with safety controls. It is therefore crucial that this system has the functionalities of an effective management system and, above all, is user-friendly in management. A management system that meets these requirements can usually be set up in three ways:

‍

1. In one of your current systems

Many companies are already working with multiple software packages and are therefore not waiting for another (management) system. Fortunately, that is often not necessary either. As long as your software has the necessary functionalities, a management system can also be built into it. This is often easy to find out during a first meeting.

‍

2. Specialized software

Many ISO consultancy parties use software that has been specially developed as a management system. However, this comes at a price. Fortunately, there are also better and cheaper alternatives. This is because most task management systems are very suitable as management systems. And many companies are already working with such systems.

‍

3. Word and Excel

Although managing a management system in Word and Excel is not as easy as the two options above, it can be a great alternative when the above two options are not possible or desirable.

‍

This is how we do it at Fendix

At Fendix, we always build the management system in the way that best suits your organization. For example, we have a standardized layout in Word and Excel, our own management system in ClickUp and Monday, but we have also built management systems in JIRA, ZoHo and SharePoint (Teams).

‍

Wondering what that looks like?

We'd love to give you a demo. Call us on 085 773 60 05 or mail to sales@fendix.nl

‍

Our tip
Ask the ISO implementation party for advice on how to set up the management system. Then also ask for a demo of this system and be very skeptical if this is not possible.

Criterion 4 - Communication

What should you pay attention to?

During an ISO implementation, the consultant must review your entire organization and include it in ISO thinking. Communication skills are therefore essential for a good consultant. It is important that the consultant manages expectations, communicates clearly and responds adequately to questions, requests or any concerns you have.

‍

This is how we do it at Fendix

At Fendix, communication is one of our three core values. This means that we both select and value our consultants based on their communication skills. In addition, we have built phases with milestones in our projects. At each milestone, we communicate how to achieve it to the customer and explain what they can expect in the next phase. In this way, we ensure that our customers are always well informed and that there are no misunderstandings.

‍

Our tip

Pay close attention when talking to the consultancy party (or when requesting additional information). Indeed, our experience has shown that if communication in this phase leaves much to be desired, this will probably also be the case during implementation. The opposite is just as true.

Criterion 5 - Experience & track record

What should you pay attention to?
People sometimes say: “Past results are no guarantee for the future.” This is complete nonsense if you ask us. Nothing is more telling than a consultancy company with a good track record and happy customers.

‍

This is how we do it at Fendix
Our goal is always to build a long-term customer relationship. We are therefore proud that 100% of our implementations have been completed successfully and 98% of our customers purchase a maintenance package after implementation.

‍

‍

Our tip
Always check for reviews on an independent review website and pay particular attention to the accompanying explanation. If there are any negative reviews here, ask what
This is exactly what happened or contact the company that left a negative review.

‍

Criterion 6 - Price

What should you pay attention to?
Not unimportant, of course: the price. Although the costs for an implementation depend entirely on how much you want to be taken care of and the size of your organization, a company that does the implementation for you must be able to provide a good fixed price indication in advance.

‍

This is how we do it at Fendix
At Fendix, we can help you achieve your ISO standards in two ways:

‍

1. Accompanying
In this process, we offer coaching and advice during implementation. We give you templates and best practices and you will get to work with them. On the basis of several sessions, we will take you through the process. In an initial meeting, we will discuss how much guidance you need and then give you a fixed price.

2. Caring
In this process, we fully take over the responsibility for a successful implementation from you. This allows your people to keep doing what they always do.
do: run the company.

‍

Our tip
Make sure you compare apples to apples. Ask carefully what exactly you get and what activities are being carried out. Some implementation partners offer
only templates, or templates and advice and other partners take over the entire implementation for you. So always ask the question:

‍
“How much time does my organization spend (participating) in the implementation?”

Criterion 7 - Additional services

What should you pay attention to?
To maintain the certificate after implementation, the management system must be maintained. It is therefore nice if the consultancy party in question offers this. If you are considering opting for multiple ISO certifications at the same time, a combination implementation can often save you a lot of money.

‍

This is how we do it at Fendix
At Fendix, we offer various maintenance packages for multiple standards, such as ISO 27001, ISO 9001, SOC 2 and ISAE 3402, and we also offer Security Officers and Privacy Officers from 1 to 4 days a month. Finally, we carry out phishing awareness campaigns and have recently also been researching the cyber dangers of AI (artificial intelligence). In short, we are your partner for everything in the field of quality and information security.

‍

Our tip
Research carefully what other services the party in question offers in addition to the standards you currently want to achieve. Indeed, our experience shows that even after implementation, organizations often need an all-round knowledge partner to make their organization resilient in the field of quality and information security.

‍

An overview of all our services can be found on our website: fendix.nl/services

Choosing Fendix as an implementation partner?‍

Are you enthusiastic about our approach? Then we would love to hear from you. Check out our contact page for more information or contact Kilian directly.

‍