By Bruce Weber, President/Founder of QMS Global Group

Most business owners and heads of major corporations have a list of things that keep them awake at night.

Perhaps the most typical is assessing potential risk and the damage it can do to businesses of all sizes. Some naively hope these devastating things just don’t happen. Others prepare for the unexpected. These companies are also the ones which tend to focus on quality through ISO certification. It’s called “risked-based thinking” and makes up a portion of ISO 9001:2015 certification which is essential for achieving an effective quality management system. By securing ISO certification companies gain valuable marketing opportunities and customer confidence in their industry sectors.

This type of objective, third-party evaluation has become critical as companies strive to penetrate and increase domestic and international markets in virtually every industry. In short, globalization has resulted in an ever-lengthening supply chain that has created greater risks in every business process. Those which secure ISO certification are making a statement to clients, customers, and suppliers that they have policies in place that will minimize risk. Risk-based thinking makes preventive action part of strategic operational planning.

These companies immediately gain the recognition and confidence of a worldwide market with this important designation, which shows that the organization has policies, procedures, and a culture that acknowledges that risk prevention must be part of an ongoing, flexible management system.

Think you’re immune? Think again. A day doesn’t go by where there aren’t reports of cyber-security threats. Personal information is compromised, records are stolen, and confidence is lost among those whose IT departments haven’t planned accordingly. Recent “ransomware” threats have also paralyzed organizations. While hacking and cyber-terrorism are inevitable, the ISO certification provides a level of security, reinforcing that the organization is doing everything at its disposal to keep its IT systems secure.  Many organizations only implement these strategies after an emergency occurs. At that point it’s too little too late. It has happened to major retailers and financial institutions which have suffered as clients’ records and Social   Security numbers have been stolen and sold to identity thieves.

While emergencies can’t be predicted (that’s why they’re called emergencies), companies can anticipate them and actually create new opportunities through this risk-based thinking. Consider some of the following situations that have threatened businesses over the years.

  • Several years ago a volcano erupted in Iceland and paralyzed worldwide travel for weeks. Risk-based thinking results in contingency plans in the event of a situation like this.
  • Logistics & transportation companies – large and small – face new challenges as they ship goods to friendly and unfriendly ports. Are they able to track shipments and accurately project deliveries? Those with systems and policies in place gain confidence among clients.
  • Are you meeting local health and safety standards?
  • Are pharmaceutical companies providing customers with consistent, high-quality products for the purpose intended as well as meeting legal and regulatory criteria?

ISO certification crosses all industries. They demonstrate a commitment to quality and also to taking steps to minimize risk. And while it doesn’t necessarily apply to specific situations it does reflect a comprehensive management system that addresses both risks and opportunities. Risk-based thinking among companies displays:

  • Commitment of leadership
  • Concern for employees, suppliers and customers/clients
  • Ability to measure risks and develop preventative strategies
  • Ability to trace potential problems before they occur. This demonstrates an acute awareness of possible risks coupled with systems to minimize them

ISO certification provides organizations with a different way of looking at risk:

  • Carrying out preventative action to eliminate potential non-conformities
  • Once non-conformities are determined, steps are taken to prevent re-occurrence
  • Addressing both risks and opportunities establishes a basis for increasing the effectiveness of quality management systems, thereby achieving improved results and preventing negative impacts

By taking these steps, organizations realize many new opportunities such as attracting new customers, developing new products and services, reducing waste and improving productivity. Companies that are ISO certified send a powerful message to the marketplace that reflects customer focus, leadership, process approach, commitment to improvement, and evidence-based decision making.

Bruce Weber is President/Founder of QMS Global Group, an accredited worldwide ISO certification body headquartered in Florida with regional offices in the Dominican Republic servicing the Latin American market and Dubai servicing Asia and the Middle East. Founded in 1996, QMS Global Group has a diverse portfolio of companies that have achieved a wide range of ISO certifications under the direction of the firm’s auditors and trainers. For more information, visit