Avoid these 10 Pitfalls when Implementing an ISO Management System

pitfalls when implementing an ISO Management System

Misconceptions about ISO

Earlier versions of all ISO standards placed a greater emphasis on documentation. As a result, in the past, ISO standards pushed firms to focus on having as many processes as possible, which did not supply much value to the organization.

However, in recent revisions of the standard, the standard has been altered to be much more like a business plan that genuinely responds to the firm’s needs. Moreover, in recent versions of ISO Management Systems, a risk-based approach has started to be adopted.

Implementing an ISO management system can be challenging, and it is important to be aware of potential pitfalls to avoid them. Here are ten common pitfalls when implementing an ISO Management System.

Pitfall #1 | Misconceptions about ISO

The first misconception is that ISO standards were generally perceived as being filled with bureaucracies and that the primary focus should be on documentation. Unfortunately, in the past, standards required organizations to have as many procedures as possible, which was only sometimes the best course of action.

However, in recent years, ISO standards have changed to be much more in line with the needs of the organizations – almost as if the standard was like the company’s own business plan. This is mainly attributed to the risk-based approach that started being implemented, with the organizations focusing on management systems that reaped the most benefits.

Pitfall #2 | Overdoing it with Documentation

The second misconception is overdoing it with the requirements and documentation. As previously explained, earlier versions of ISO standards focused on having as many procedures as possible, but that requirement is no longer present.

Companies may do some work before hiring a consultant, which generally results in overcomplicating requirements with many forms and bureaucracies.

If a non-ISO expert interprets the standard as it is, he or she will create a system for each and every one of the requirements. Therefore, ending up with multiple methods that prove to be inefficient. When working with an expert in ISO management systems, you will have systems capable of meeting different requirements simultaneously.

Remember, we have to ensure that we are implementing a system that will help our business improve its quality and efficiency rather than one based on bureaucracy.

Pitfall #3 | Overcomplicating Procedures

Sadly, this is one of the most common pitfalls when implementing an ISO Management System. So pay extra attention!

When creating company procedures, it is possible to overcomplicate the systems unnecessarily. It is essential to keep in mind that these procedures make the company what it is. The company generally has a number of core activities that most procedures will cater to. When creating or modifying processes, we typically cater to the 80% deemed as the core activities. The other 20% of activities generally require more procedures than the 80% of activities. Nevertheless, they are still part of the company’s key procedures.

When you first begin your implementation process of any ISO management system, you should focus on the 80% of core activities within your organization, and you should work with those to ensure that you are creating a manageable system.

Always keep in mind that if having hundreds or tens of procedures is going to be overwhelming, it’s best to have a few processes that make it realistic for everyone in the business to follow, and procedures should be practical and genuinely useful for the people by giving them a step-by-step approach of how to tackle the most common circumstances within the organization.

Pitfall #4 | Mindset of Continual Improvement 

There is no such thing as a flawless management system, and no matter how hard one tries, creating one with such conditions is impossible. As a result, it should be accepted that perfection is never the target for a management system. 

When getting certified as a company, the main aim must be to build a management system that revolves around continuous improvement. Such continual improvement should be data-driven. Data will be the main source of decision-making rather than personal experience ad intuition.

Furthermore, you cannot go from having no processes to having an overabundance of bureaucratic procedures; The delicate line between having no procedures and having far too many procedures must be respected. ISO Management Systems will aid you in finding this delicate balance.

Pitfall #5 | Not Having Involvement of Top Management to Allocate Resources (Time & Money)

The fifth issue that may be met when trying to implement a management system within an organization is a lack of top management involvement in the implementation process. This is an issue because, as you can imagine, the top management of any organization is the people who will be able to allocate the resources required for any project to succeed. If ISO as a project is endorsed by the management team, it is easier to allocate sufficient time and money to successfully drive the project forward.

With strong support from top management, gaining the necessary resources and commitment from other organization members can be easier.

Having an ISO certification could sometimes be a requirement of a client or a supplier. Unfortunately, more often than not, companies that use this as the sole motivator to get ISO do not see the benefit of continuous improvement. As a result, they will either fail during the implementation process else the implementation team may be significantly hindered by not having the resources required to implement the management system within your organization.

Therefore, this is a significant roadblock for any company trying to implement an ISO management system without the full commitment of the management team. Top management with the wrong mindset will not distribute the resources that are needed, both in terms of time and money, to ensure that the company achieves the full benefit of implementation.


Whether you’re after ISO Certification, internal audits, or results-oriented consultancy, Luke has the plan for you. Reach out to him and start your journey today.
ISO Consultant in Malta


Luke has a plan for you whether you want ISO certification, internal audits, or results-oriented consulting. Contact him immediately to begin your adventure.

Pitfall #6 | Doing Things “for ISO” rather than to Improve the Management of the Processes

Suppose you have to implement ISO 9001 or any other ISO management system in your organization. In that case, you must view it as a project that will improve your organization. Certain suppliers and customers tend to only work with ISO-certified companies. Hence, specific criteria must be met prior to working with such entities. Now getting certification just to solely work with such entities is truly a shame since ISO may well and truly be the key to success that an organization may have been seeking.

It’s critical to remember that you should not do things for ISO’s sake but rather do things that will ultimately help you improve the management system within your organization. For example, getting customer feedback is one such thing that is specified by ISO. When done correctly, an organization can truly understand what customers require. This gives critical information regarding where to put the efforts and resources to improve the management system.

Suppose you view your business as a series of activities that meet your client’s needs and combine your day-to-day operations with the standard’s requirements. In that case, you will notice that there is significant overlap and that the standard is asking you to consider things that make sense for your business and that you are probably already doing most of the things required by the standard.

If the benefits of having such a certification are truly understood, no company will suffer from this misconception.

Pitfall #7 | Having Unrealistic Timeframes for Implementation

Unfortunately, some customers recognize a demand, such as from a new customer or a new tender, and desire to get certified relatively at once. This is rather impossible since you are setting up a management system that will touch everything and affect your organization’s day-to-day operations.

Typically, around six months are needed to implement the management system, and while six months is not a long time, it is enough time for you to have the right mindset and the proper focus that is required for your organization to consider all the critical elements that are relevant for your management system.

Suppose you decide to implement the full management system overnight and create all the procedures and systems within a couple of weeks. In that case, the certification body will still be unavailable to come to an audit the next day or the next week, so it is recommended that you allow enough time to contact the certification body and that you allocate around a month from the day that you contact them to the day that he audit is done.

For smaller organizations, six months are generally enough; however, for larger companies, more time is usually required. This is dependent on many factors, mainly the complexity of the processes that make up the company’s operations.

Pitfall #8 | Working with a Non-Accredited Certification Body

How are certification bodies involved in all this? Learn more about the different audits in the ISO implementation process here.

Now, what is an accredited certification body, might one ask?

Primarily, ISO, the International Organization for Standardization, issues accreditation to an accreditation body available in every country around the world.

A certification body that decides to offer certification services must be certified by the national accrediting authority of the country where the certification body is based. For example, suppose a certification body wishes to begin operations in Malta. In that case, they will need to engage with NAB, the National Accrediting Body, to get the accreditation required as a certification body to supply authorized ISO certificates. If the certification body is not accredited to provide ISO certifications, the certificate issued has no value.

It is critical that you work with an accredited certification body such as Lloyd’s, Bureau Veritas, SGS or any other certification body because these certification bodies can provide your organization with an accredited certification and only an accredited certification will add value to your organization. Don’t fall victim to one of these pitfalls when implementing an ISO Management System!

Pitfall #9 | Employee Resistance & Culture Change

The next obstacle that one may meet when trying to implement ISO within any organization is employee resistance and culture change. This is one of the most common pitfalls when implementing an ISO Management System.

It is critical that you involve the people as early as possible in the ISO implementation process.

First and foremost, the people who actually do the day-to-day work have hands-on experience and practical knowledge of how things are done within the organization. Therefore, when mapping out key processes, it would be ideal to speak with people who do the actual work on a day-to-day basis and allow them to give feedback on how a particular process must be done.

Secondly, suppose you are attempting to implement a system and notice that some processes will need to be changed. By listening to the people involved in that process’s operations and implementing their suggestions for improvements, in that case, they will own their own ideas.

On the contrary, if the new processes for ISO certification were to be discussed in some office far away from where the work is actually being done, people would be more likely to resist change because change is difficult.

Pitfall #10 | Working with the Wrong Advisors & Consultants

The last obstacle that an organization might face when implementing an ISO certification is collaborating with the wrong advisors or consultants.

The mentality that your workers or teams will have while adopting ISO will be strongly influenced by the person who teaches your employees about the real needs of the standard, whether this is done via a consultant, online training, or any other means of learning. Ultimately, your employees will need to learn the actual requirements of the standard, and where you get that information is critical for the success of your certification. If the trainer or consultant that you choose to work with likes to overcomplicate things, the organization will undoubtedly end up with an overly bureaucratic and complex system.

It is critical that you conduct background checks on the mentor, trainer, or consultant with whom you will be working and that you determine whether they are the ideal partner for your organization, assisting you in implementing small changes in your organization that will have a significant impact on your management system.

EAGER TO LEARN MORE ABOUT various other pitfalls when implementing an ISO Management System?

As an ISO management system consultant Luke Desira will make it his personal mission to put your company on a class above all others! Read more and uncover the benefits of ISO 9001 certification and discover the striking differences between ISO 15189 and ISO 17025. Learn and don’t fall victim to one of these pitfalls when implementing an ISO Management System!

All management systems based on ISO Standards that are implemented should pertain directly to the organization’s objectives. This may be an easy stumbling block if you are unaware. Have a look at the ISO Certification specialised by Industry to understand which ISO certifications and accreditations your organization can benefit from.

Luke offers a variety of ISO certification services that puts him as the leading ISO Certification consultant in Malta. He can efficiently help you achieve ISO accreditation. When ready, just call Luke Desira – he’ll be waiting to provide a helping hand.

Don’t forget to follow us on our Facebook and LinkedIn profiles, and subscribe to our Youtube Channel for more great content.

Book a Free 15 minute discovery call

Select a date and time to schedule a free 15 minute discovery call with Luke Desira.

Message Luke through an email


Give Luke a call

+356 7920 6686

Related Articles

High Level Structure

Breakdown of the High Level Structure of ISO Standards

If you take a look at all the ISO standards that have been published after 2015, you may notice a pattern in their structure. You see, ISO 9001, ISO 45001, ISO 14001 and the latest ISO 27001, amongst others, have adopted a high level structure. What this effectively means is that every one of these

Read More »
Preparing for a Stage 1 Audit for an ISO Standard - Stage 1 Audit

Preparing for a Stage 1 Audit for an ISO Standard 

In this blog, we are going to discuss the audit objectives and steps of the Stage 1 Audit. It also includes information on how to prepare for and conduct on-site activities, together with an introduction into the types of documented information to be reviewed during the stage 1 audit.  Objectives for a Stage 1 audit

Read More »
certification bodies

Certification Bodies and What to Look Out for

When getting ISO certified, one of the most important steps is found at the end of the process, that of choosing a certification body. You see, when you implement an ISO standard in an organization, you have to get certified. This has to be done through an accredited certification body. In this blog, you can

Read More »
Scroll to Top