For those of you that read our blog, you will recall that my last entry was written on the eve of our ACS Stage 1 assessment; more written to settle my mind than anything, but also as an insight to any company who are considering adding a recognised standard to their quality system - whatever your industry.
Last Monday at 09:50, myself and our MD took up our places in the meeting room and waited for our CCAS assessor to dial in to the call. Sam brought in the coffees, and like all good learners we had our notepads at the ready, along with the master copy of our quality manual and a laptop, should we need to cross reference anything (and this to me was exactly that, it was an opportunity to learn what we need to do to make the standard and how to finesse what we already have and do). As with most things at the moment, the assessment was carried out remotely which made for very easy covid safety to be applied. At dead on 10:00 Zoom beeped as David, who was to be our assessor dialled in and joined the call. As the lead on our ACS/ISO accreditation, I'd already had a conversation with David and had a brief understanding of how the day would go. The call started with some friendly introductions which were followed up by a brief interview to check that we understood what we were applying for, and for David to understand a little about our roles within the business and what we hoped to achieve from the accreditation. After this, David rung off and went away to do his voodoo with the copy of our quality system and procedure manual that he'd been provided with as we sat and stared at each other, wondering if we were ready and if the documents we've spend many years writing to describe the processes and policies of the business would pass muster.
When David called back in the afternoon, he started the conversation with "your quality system is very good and your procedures are excellent"... Great, I thought, he's going to go for the sh*t sandwich approach to giving feedback, so with this I braced. David continued "I have identified some areas of concern that will need to be addressed"... here it comes, this is where the fact we're not to standard comes in?. "In total there's 5 areas of concern, and they're mostly to do with the technicalities of the ISO side of things, and there are two opportunities for improvement that I've identified" WHAT?? FIVE? ONLY FIVE? And yes, as David went through the five areas of concern with me, it became clear that it was mostly wordings that had been missed out that we needed to add and the fact that our internal audits didn't make clear the targets for each metric we assess ourselves against. Add to this the fact that our monthly audit didn't look at our suppliers, and that was it! I was genuinely in shock. On the one hand, I was relieved that we'd got this far and not only been complimented on the standard of our documents, but had virtually made the grade for stage 1 on the first pass. I felt vindicated for my insistence on writing the procedures from scratch rather than buying an external system or hiring in consultants; two things that friends in the industry had told me I was mad not to do, but it's not for me. I don't want to be in charge of one of those security companies that only run by the manual for the three days of the year they're being assessed and have to frantically create missing documents in the week leading up to each audit. The flip side to the relief was frustration. Frustration that I'd held off on assessment for so long and allowed us as a business to drag our heels whilst all along the system we really do run our business by was there or there-about ready for both ISO 9001 and the coveted SIA ACS (Approved Contractor Scheme) accreditation.
Along with the areas of concern that were identified on our audit, there were some areas we've identified that internally we felt should be improved prior to our stage 2 audit - things that would probably pass the next stage but we'd rather future proof them; this has led to some procedures being further improved since the initial audit, and some hardware such as our vehicle keysafes, control room PCs and even our office doors being replaced; future proofing us for years to come.
We've got our Stage 2 booked in, both for ISO and ACS where we'll be assessed in further detail, the company finances will be checked at this stage and interviews with both clients and staff will be set up as we get one step closer to the accreditation being awarded.
Regardless of your industry, if you're in the position that you're weighing up whether it's worth going for accreditation and like me, you've been put off by the vibe that assessment is about catching you out, that's really not how any of this has felt. I couldn't be happier with the way the assessment has been handled so far and I'd say in hindsight that most of my apprehension was unjustified. Yes, it's a long process, and No, it doesn't come cheap... But if you're at the stage that when you read through the standards you sit nodding your head saying "we do that"; when you see a competitor that you know you outperform obtain a contract that you weren't allowed to even tender for, then maybe it's time to look at accreditation. I'll update after our Stage 2 audit with how it went and what final steps we have to take to be compliant, but I've gone from being sceptical of the whole process to actually enjoying the feeling or pride as I see our team effort paying off.
If anyone is in the same boat we were and would like to chat them through, you're welcome to drop me an email and I'm happy to help where I can