The cost of ISO implementation
Implementing a formal management system with a view to certification comes at a cost.
And failure to effectively gauge that financial implication is reason why almost a third of organisations pull the plug on their best intentions during the planning phase.
Lack of resource (money, time, knowledge, competency...) will quickly have a negative impact on inclination and commitment, and the consequences for the project are inevitable.
Understandably, an organisation will want to know from the outset what 45001, 27001 or 14001 certification is going to cost, but any forecast before due diligence has been done will be fanciful at best.
A project manager will normally be tasked to oversee, which in itself means there is a degree of management commitment in place. But it is the project proposals generated that will test the extent of that support.
Will the organisation rely on internal resources and know-how to implement, hire an external consultant, or opt for a 'hybrid' of the two approaches?
Competence, training, cost, access to trade secrets and time will again determine your preferred path.
Thereafter size of organisation and its certification scope will have a massive bearing on budgets, as will the timetable for implementation, state of readiness (a gap analysis will be needed) and organisational risks and objectives.
Documents are inevitable during this process of evolution. Certain documents are mandatory in the standards detailed above, others are optional. But a greater number of documents or detail will inevitably incur greater cost.
It is only now that a realistic financial picture starts to develop, with risk treatments (such as physical, technical or operational controls) having been identified and their associated costs for implementation calculated, plus any further training requirements being factored in.
Reaching this landmark stage will probably account for 60-70% of the budget required, with the remaining costs being 'operational' and 'maintenance' liabilities once your management system is functioning.
Monitoring, measuring, analysing and evaluating the performance, suitability and effectiveness of the process adds to the bottom line, but it enables and drives continual improvement, so set aside another 20%.
The remaining portion is swallowed up by engaging a diligently sourced UKAS-accredited certification body to conduct the Stage 1 and Stage 2 external audits that, hopefully, lead to certification.
And thereafter there will be overheads for maintaining your management system, plus costs for re-certification (surveillance audits during your three-year certification cycle should be included at point of engaging the likes of BSi, Lloyds etc.
Regardless of activity, product or service you supply, the total cost of ISO certification has risen dramatically in recent years. For some businesses it affords a marketing edge, others it's compliance or you may simply want to establish/regain managerial control of your organisation.
Regardless of your driver, if you fail to plan you are planning to fail, and step one of that plan has to be buy the standard concerned and familiarise yourself with it. Do it right or don't bother at all...
I am an accredited Lead Implementer in 27001 and an Implementer in 45001. And a Lead Auditor in 27001, 45001 and 14001. If I can be of any assistance, my contact details are on the home page.