At j‑labs, we have successfully completed the implementation and certification processes for the ISO 9001:2015 Quality Management System and the ISO/IEC 27001:2013 Information Security Management System. Why? To send a clear message to our clients that we are trustworthy and offer top quality services. [Want to know more? Check our text: https://www.j-labs.pl/en/business-blog/secure-information/] The road wasn’t bumpy. We had already been using procedures that reflect these standards. However, the entire process took half a year, affecting all of our employees to a smaller or greater degree. It’s time to sum it all up.

Operating in the IT sector, we are aware of the importance of information security management. Consequently, our priority for this year was to implement and certify the ISO/IEC 27001 standard. We wanted for our clients to know from day one that our approach to data security is serious and holistic. Considering certain overlapping elements and the possibility of non-invasive simultaneous implementation, we also decided to implement ISO 9001:2015, which concerns Quality Management Systems (QMS). Today, we are talking about the process with Natalia Derenda-Sieniawska, who managed this projects, Monika Liberek, and Maciej Orzechowski.

Cleaning up and new clients

ISO implementation and certification means a lot of benefits not only for the clients, but also for the company itself. [Want to know more? Click: https://www.j-labs.pl/en/business-blog/why-do-companies-and-customers-need-iso/] The main ones include boosting operational efficiency, improving cost effectiveness, getting a competitive edge, and building the company’s image. However, the implementation of ISO standards may also be appreciated by the company’s employees. Why? For instance, ISO standards help define specific duties for specific positions, facilitate the flow of information, and limit the number of documents that are generated. So, in the opinion of j‑labs people, what other benefits has the certification had?

From the engineers’ point of view, it has opened us to new clients and interesting projects that are accessible to few companies. The Sales Department no longer needs to convince the client about our quality; all they need to do is present the certificate. Thanks to simpler processes and procedures, all employees can navigate them more easily. In turn, the back office is now more integrated since the individual departments are able to better understand how their activities come together – Natalia explains.

Hello, can you hear me?

Both of the norms implemented at j‑labs—the quality-related one and the technical one—concern, in specific areas, internal and external communication. ISO 9001 focuses on creating an efficient system of communication between employees. In the case of ISO/IEC 27001, efficient functioning of the information security system largely depends on conscious actions in terms of reporting and transmitting information within the organization and outside of it, to stakeholders. Has certification in terms of both standards produced major changes in this respect? It has not modified the methods of communication within the company in a substantial way since j‑labs had already been operating based on procedures that reflect ISO standards.

This was not a revolution, but an evolution. However, there is definitely more awareness now of why we do certain things in a specific way and what the goal of developing unified processes is. It has made interdepartmental cooperation easier. Decisions are also being made faster since they are no longer arbitrary, but have to be in line with the standards. – Monika says.

A smooth ride

Usually, the time between making the decision to implement management systems and getting certified is several months. On the way, several milestones have to be reached. At j‑labs, it started with the Management Board taking up the challenge and appointing an implementation team, which worked with a professional external consultant. The next tasks were a feasibility study based on a verification of the offers received from certifying bodies, the development of a schedule of works, and internal audits. Finally, we had to undergo a certification audit and get the certificates. How much time did it take to go through all of these steps and how many people were actually involved in the process?
Maciej explains:

It was half a year of intensive work on the system. However, most of the implementation had already been done as part of our day to day evolution.

The certification process covered mainly documentation and the necessary adjustments to the existing processes and procedures. The entire company was involved.

We put lots of emphasis on internal communication and employee training in this respect.The core of the implementation team was made of the representatives of all departments, ensuring that every aspect of the company’s operations was properly taken care of in the process – Natalia adds.

Teamwork

The main and most frequent error made by companies in the course of ISO certification, mainly 9001:2015 , is the lack of involvement on the part of the employees. Why? Their indifference or even disdain could significantly hinder the implementation of the changes that are necessary to get certified. At j‑labs, in spite of the lengthiness of the implementation and certification processes, we were able to prevent it. How?

From the very beginning, we assumed full involvement of all j‑labs personnel since we wanted the system to actually work – Monika emphasizes.

Consequently, one of the first actions was to develop a plan of internal communication. The functioning of the systems that were being implemented, the course of the certification process, and the resulting benefits were explained to employees in a clear and regular way.

We also asked the people involved in the actions for feedback. This information was especially valuable since it allowed for adjusting the system to the needs of the individual departments – Maciej adds.

As a result, there were no restrictions imposed top-down; instead, the departments developed principles of correct functioning on their own.

Communication was also supported with webinars available to all j‑labs employees. They provided useful knowledge in an easy-to-understand way – Natalia says.

The certification process has been completed, and it would not have been possible without the involvement of all j‑labs people. Thank you! We believe that the changes related to ISO certification will not only have a positive impact on how our clients see us, but will also facilitate our work. After all, “Code matters, you more!”