Evidence of Management Systems Standards Value


Sustaining Edge Solutions, Inc. Newsletter

Performance Improvement Solutions for Your Business                              September 2011

This Month
* Evidence of Management Systems Value
* New ISO 27005 Standard Improves ISMS
* Special Processes Requirements
* In the News
* New Service Management Standard
* Training Courses

AZ Bio

Awards Dinner and EXPO October 13-14, 2011 Phoenix – See you there!
Quick Links…

Join Our Newsletter List!

Connect With Us
Our newsletters provide information on business management systems ISO 9001, AS9100 Aviation, Space and Defense, ISO/TS 16949 Automotive, ISO 27001 Information Security, ISO 13485 Medical Devices, ISO 14001 Environmental, and others.  This includes performance improvement methods such as Six Sigma, Lean Enterprise, and other topics of interest to our readers. 


If you have any questions regarding the content or have a topic of interest for a future newsletter, please let us know.



Evidence of Why Management Systems Standards Add Value

Quality Digest Magazine published a two-part article in August describing how implementing management systems and attaining third-party accredited certification can help businesses achieve success on many fronts.  The article title – It’s official: Companies get more revenue from using standards than they cost to implement.

For many years, various media have discussed anecdotal information concerning the value of third-party accredited certification to management systems. Sound, documented evidence from academic studies now confirms the value of third-party accredited certification of management systems.

The most noteworthy studies about management system standards in the last 20 years have dealt with the two most popular standards: ISO 9001 (quality management systems) and ISO 14001 (environmental management systems). Most articles on this topic have been positive, but not many have been based on hard data. We’ve now reached the time to clearly communicate the data associated with the benefits of adopting management system standards.

Here are a few conclusions of recent studies (additional benefits and the specific data will follow):

  • Management systems standards return a bottom-line financial value larger than any investment or time incurred.
  • Adopters of management system standards have higher rates of corporate survival than non-adopters.Adopters of management system standards have higher sales than non-adopters.
  • Small businesses achieve proportionally more benefits than larger organizations.

A 2008-2010 detailed study published by the Harvard Business School provides real data, gathered by external means, which emphasize the value of management system standards and the accredited certification process. The study documents compelling evidence regarding standards from the International Organization for Standardization (ISO) stating that “ISO adopters have higher rates of corporate survival, sales, employment growth, and wage increases than a matched group of non-adopters.” The study also finds that “annual earnings per employee grew substantially more rapidly, post-ISO certification, than organizations that did not adopt ISO.”

The study demonstrates broad and unexpected improvements from adoption of and certification to management system standards, derived from a matched sample of nearly 1,000 ISO 9001 adopters, as compared with non-adopters.

Organizations that adopt and certify to the quality management systems standard, ISO 9001, improved corporate survival and profit. The Harvard study indicates sales increases of nearly 9 percent after certification, as compared with non-adopters. Adopters also had a 10-percent higher increase in the number of employees than non-adopters while at the same time increasing profit. Total payroll in firms certified to ISO management systems standards grew 17.7 percent more than non-adopters. ISO 9001 adoption required a higher level of employee competence. The data shows an annual wage increase for the workers of 7.7 percent.

Conclusions from a 2007 Wharton Risk Management and Decision Processes Center study relate to the adoption of and certification to ISO 14001, the environmental management systems standard. Organizations were much more likely to achieve performance gains from ISO 14001 certification when they targeted a specific environmental aspect:

  • 96.7 percent of respondents indicated a reduction in waste,
  • 90.0 percent indicated a reduction in environmental incidents98.3 percent indicated an improvement in emergency preparedness,
  • 96.5 percent indicated a contribution to improved environmental performance of their product.

The Wharton publication also highlighted the range of costs and savings associated with the implementation of ISO 14001. For example, 65 percent of facilities that estimated their first-year cost savings indicated savings of up to $25,000, with 27 percent reporting savings of up to $100,000. Another 57 percent estimated maximum continued savings of up to $25,000 annually, while 28 percent reported savings of up to $100,000 annually, and 15 percent reported savings of more than $100,000 annually. Some 40 percent found a very high correlation between ISO 14001 certification and easier relationships with the government and a more positive perception by the public.

Points to consider from these studies include:

  • Management systems standards provide benefits across a broad front and affect all stakeholders, business owners, and employees.
  • Management system certification is not just for large organizations. In fact, benefits to small organizations outpace those achieved by larger organizations.
  • Development and use of management systems standards is expanding.Proven benefits to organizations, customers, and other stakeholders drive expansion and use of management systems.
  • Management systems deliver results.

The conclusions are clear: Certification to management systems results in benefits to the organization and its employees; businesses become more profitable, and they pay their employees more. The Harvard study also indicates that “the benefits achieved with implementation of ISO 9001 were statistically higher in smaller organizations than in larger organizations.”

Read the Quality Digest full article.  For all your ISO 9001 and 14001 EMS needs, Contact Us.


New ISO/IEC 27005 Standard Improves Protection

Information security risks pose a considerable threat to businesses due to the possibility of financial loss or damage, loss of essential network services, or loss of reputation and customer confidence. Risk management is one of the key elements in preventing online fraud, identity theft, damage to Web sites, loss of personal data and many other information security incidents. Without a solid risk management framework, organizations expose themselves to many types of cyber threats.

The International Standard ISO/IEC 27005:2011 gives managers and staff in IT departments a framework for implementing a risk management approach to assist them in managing their information security management system (ISMS) risks.

It describes the information security risk management process and associated actions, and supports the general concepts specified in ISO/IEC 27001:2005,Information technology – Security techniques – Information security management systems – Requirements.

Knowledge of the concepts, models, processes and terminologies described in ISO/IEC 27001 and ISO/IEC 27002: 2005, Information technology – Security techniques – Code of practice for information security management, is important for a complete understanding of this International Standard. The information security risk management process consists of:

  • Context establishment
  • Risk assessment
  • Risk treatment
  • Risk acceptance
  • Risk communication, and
  • Risk monitoring and review.


However, ISO/IEC 27005:2011 does not provide any specific methodology for information security risk management but a generic approach. It is up to the organization to define its approach to risk management, depending, for example, on the scope of the information security management system, based on the context of risk management, or the industry sector.


Purchase ISO/IEC 27005:2011 at the ISO Website.


Special Processes Requirements

Some organizations are unsure if ISO 9001:2008, and AS9100:2009 clause 7.5.2, is applicable to their quality management system. For a production process, if its resulting output cannot be verified by subsequent monitoring or measurement and, as a consequence, deficiencies only become apparent after the product or service is in use, the process must be validated.

The Aviation, Space and Defense Standard on audit requirements, AS9101:2010, states in clause, that when special processes are identified in the audit plan, the audit team must evaluate the process validation, as well as, the monitoring, measuring, and control of these processes.

To verify the validation of special processes, the process records must be reviewed for each audited special process, including a comparison of the actual and planned results.

To verify the monitoring, measurement, and control of special processes, the audit team must identify the process requirements, including customer requirements, for the special processes. For the sampled processes, the audit team must assess the monitoring and measuring equipment used (e.g., calibration, accuracy) and the method for recording results. If required, the traceability between the process (e.g., batch or load charge identification) and the resulting products are to be verified.

For outsourced special processes, the audit team must verify the organization’s supplier control process addresses these items. In addition, the audit team must review the use of customer-designated sources, as required. This means that if you outsource any special processes, you must identify those and ensure you receive the proper documentation or certification for validation. Your purchasing processes can be used to identify the controls necessary.


AS9101:2010 includes a Note that states special processes are managed by using personnel qualified as required by the organization and/or customer requirements, and by controlling physical or chemical process characteristics, e.g., temperature, time (process duration), pressure, chemical composition of product or process treatment material (surface treatment solution).

If you are interested in training for ISO 9001:2008, or aerospace industry sector schemes based on AS9100 series, click on our courses in this newsletter below.

In the News

AS9100C Blog from SAI Global


SAI Global, a Certification Body (CB) has announced a new blog for the aerospace AS9100 sector. SAI Global traditionally aims to offer the best customer experience and valuable knowledge. The AS9100 blog is intended to provide aerospace professionals with recent industry updates, expert tips, new documents released, engaging case studies, and advice. SAI Global’s product manager and industry technical expert for AS9100-series of standards, Roger Ritterbeck, manages the blog and is ready to answer any questions or concerns.

Pharmaceutical QMS Auditor Certification

The International Register of Certificated Auditors (IRCA) has launched a new Pharmaceutical Quality Management Systems (PQMS) Auditor certification scheme (ICH Q10), to support the assurance of global supply-chain integrity.

Within this context the IRCA PQMS Auditor certification scheme is designed to provide confidence that auditors in the pharmaceutical and biotech industries have the training and experience required to provide an accurate assessment of organizations’ ongoing capability to deliver products that meet the requirements of patients, health care professionals, regulatory authorities, and internal and external customers throughout the product life cycle.

View more information about certification as a PQMS auditor.



ISO 27001/IEC 20000-1:2011 Service Management

ISO/IEC 20000-1:2011 Service Management System Requirements, has been issued as the new 2nd Edition.  The new revision specifies requirements for a service provider to plan, establish, implement, operate, monitor, review, maintain and improve a service management system (SMS).   The requirements include the design, transition, delivery and improvement of services to fulfill agreed service requirements.

The types of companies that may find this standard helpful are:

  • organizations seeking services from service providers and requiring assurance that their service requirements will be fulfilled;
  • organizations requiring a consistent approach by all service providers, including those in a supply chain;
  • service providers intending to demonstrate capability for the design, transition, delivery and improvement of services that fulfill service requirements;
  • service providers needing to monitor, measure and review service management processes and services;
  • service providers wishing to improve the design, transition, delivery and improvement of services through the effective implementation and operation of the SMS;

This is another standard that reflects the growing trend towards the development of management standards, aimed at providing a framework for business management processes.


Training Courses

To see the course description, schedule, and on-line registration click on the course title below. We deliver onsite training for these courses and customized training to fit your specific needs.  We offer group discounts.

View all our Courses


View Our Web Based E-Training Courses


ISO 9001 Quality Management


Understanding and Implementing ISO9001:2008

ISO 9001:2008 Process Based Internal Auditor

Documenting Your Management System


AS9100 Aviation, Space and Defense


Understanding and Implementing AS9100C (9110 &9120) Aviation, Space and Defense

AS9100C:2009 Process Based Internal Auditor

Documenting Your Management System


ISO/TS 16949 Automotive


Understanding and Implementing ISO/TS16949:2009 Automotive

ISO/TS16949:2009 Process Based Internal Auditor
Documenting Your Management System


ISO 14001 Environmental

Understanding and Implementing ISO14001:2004 Environmental
ISO14001:2004 Process Based Internal Auditor

Lean Enterprise and CI

5S Five Pillars of a Lean Workplace Organization
Continuous Process Improvement
Lean Six Sigma
8 Disciplines (8D) of Problem Solving


ISO 13485 Medical Devices


Understanding and Implementing ISO 13485:2003 Medical Devices
ISO 13485 Process Based Internal Auditor


ISO 27001 Information Security


Understanding and Implementing ISO 27001:2005 Information Security
ISO 27001 Process Based Internal Auditor


All courses can be delivered at your company. Don’t see a course, location, or date that fits your needs?

Contact Us



Phone: 888-572-9642 toll free

Leave a Reply