The COVID-19 pandemic saw two thirds of Australians move to work from home out of necessity.
Now many office workers are continuing to work from home a few days a week, with some even working remotely for the entire work week.
While some employers are keen to get employees back in the office full time, after seeing the benefits of hybrid and remote work firsthand others are supportive of a more flexible approach to work.
Greater flexibility gives employees the ability to better manage a work-life balance, avoid long commute times and save money in the process. In addition, employers can save on office costs, attract and retain top talent and improve productivity. For instance, of those partaking in the Gartner 2021 Digital Worker Experience Survey 43% said that flexible working hours helped them achieve greater productivity.
However, this shift towards hybrid and remote work also brings new challenges for employers. Remote employees can work from a whole range of locations and unlike the office employers have little to no control over these work environments. This can give rise to a new set of challenges, such as how ISO 9001 compliance is maintained.
ISO 9001 and the move to remote working
When employees travel into the office every day their employer provides their working environment. It can be set up and monitored by the business to ensure quality and safety precautions are in place and compliance is upheld.
But the rise of working from home has meant that employers have far less control over the environment employees work from and the variables that can contribute to whether or not they stay ISO compliant.
Companies that have embraced the shift towards flexible work options therefore need to pivot their approach to suit their new circumstances. An important aspect of this is reassessing whether remote employees have access to the infrastructure, working environment and level of communication needed to continue performing their role while meeting compliance requirements.
The ISO 9001 guidelines can – in many ways – point you in the right direction and bring structure to the process of reviewing and adjusting your systems. The result is that you can not only best support employees who are working from home but also maintain your certified status.
The purpose of these guidelines isn’t to add complications and costs, but rather to help you build lean, low-burden and agile systems. With strong systems governing all business operations, whether they take place in the office or remotely, you can more effectively address and overcome emerging problems through best practices.
ISO 9001 clauses relevant to working from home
There are various instances where ISO 9001 requirements relate to working from home. If your workplace is providing employees with the opportunity to follow a hybrid or remote work model, it’s important to ensure you’re across these clauses and understand how to continue meeting your quality compliance obligations when employees work from home.
Clause 7.1.3: Infrastructure
Physical buildings, equipment and the information technology needed to provide products and services all falls under infrastructure.
This is one aspect of quality compliance that is much easier to manage when all employees are working from the office. When employees are on-site employers can ensure they have access to the equipment and physical resources needed, such as desks or chairs. But when employees set up their home offices, they won’t necessarily have all of these resources available. Some employees may need to purchase new equipment, so it’s worth clearly documenting whether they are eligible for any reimbursements from the company, for instance in a work-from-home policy.
Another aspect of this clause is IT and cyber security, which involves making sure employees have the right hardware and software needed to do their job remotely. For example, employees need access to the cloud, which makes it fast and easy to find the company documents or information needed for their role.
Remote employees also need access to secure and fast internet connection, so they can efficiently and securely complete tasks online. With many businesses storing sensitive data online and cybercrime posing an ongoing threat, ensuring employees have secure internet and are taking expected precautions online to avoid falling victim to cyber criminals is crucial.
Strategies for improving cybersecurity include:
- Provide employees with cyber security training and ensure they’re aware of phishing scams. As a general rule, staff need to be cautious of suspicious links and attachments in emails from unknown senders, pop-up windows and emails requesting personal or company information;
- Ensure passwords are regularly changed and include a mix of uppercase, lowercase, numbers and symbols. This is a simple but effective way to quickly strengthen information security;
- Multi-factor authentication makes it harder for hackers to infiltrate sensitive networks by adding another barrier between them and your company’s confidential data;
- Implement reliable authentication processes. For example, email authentication technology blocks malicious emails from making it into employees’ inboxes;
- Install the latest anti-virus, malware, firewalls and spyware on company computers and mobile devices;
- Introduce encryption software to protect customer information and online transactions;
- Ensure employees are using the latest operating systems and keeping software updated, manufacturers will often strengthen security systems over time;
- Introduce an information security management system to proactively monitor and manage threats.
For more information about information security see our articles on cybersecurity best practices and tips for protecting your small business from information security threats.
Clause 7.1.4: Working environment
This clause looks at the work environment itself, more specifically how a suitable working from home environment must satisfy both physical and human factors.
Physical factors are the products that employees need to complete their jobs, such as a desk or chair. From a compliance standpoint, employers need to ensure their workers have an ergonomically safe workspace. When employees work remotely their environment and the products they use need to be appropriate to fit their job requirements and personal capabilities.
Strategies for ensuring employees have their own equipment that’s set up correctly could include:
- Provide clear guidelines to staff that meet OHS requirements;
- Seek specialist advice from an ergonomic assessor;
- Remind employees to take breaks away from their screen throughout the day;
- Allow staff to borrow ergonomic equipment from the office or assist them with purchasing new equipment to use from home, such as a sit stand desk.
Alternatively, human factors involve the social and psychological aspects of the work. For example, a company with employees working remotely may introduce measures that are designed to help with stress reduction, burnout prevention and emotional protection. As remote employees are working in isolation, rather than being surrounded by peers in a social office environment, it can be beneficial to encourage, support and organise opportunities for employees to interact with other workers through regular check-ins, team catch-ups and similar. Another option for organisations with an Employee Assistance Program (EAP) is reminding employees that this free, confidential service is available to them and making the process for accessing it as clear as possible.
Clause 7.4: Communication
When employees are working remotely, it’s easy for communication with other workers to become more infrequent. There are no chats at the coffee machine, catch-ups over lunch and passing conversations.
For hybrid and remote work models, employees need access to software that supports seamless communication with their team. Importantly, all employees need to also feel confident using this technology.
Setting up times for socialising, teambuilding and speaking with other employees is an effective way for businesses to make sure staff aren’t being isolated in their partially or completely remote roles. An example is organising regular meetings and teambuilding activities to ensure employees make time for socialisation.
Are your ISO 9001 systems up to scratch?
If you’ve recently had employees transition to working from home, whether that’s a few days a week or full time, it can be worth reviewing your ISO 9001 certification to ensure you’re still compliant. This is done by conducting an ISO 9001 internal audit, which is an analysis of your quality systems against the standard guidelines.
ISO 9001 internal audits act as a systematic self-check mechanism. The audit will tell you if there are any areas you’re falling short, so you can develop a realistic and targeted plan to make required improvements.
An ISO 9001 internal audit usually includes two main stages, which are document review and process review.
- Document review: The internal auditor checks and confirms whether you have the documentation to back up your processes.
- Process review: The internal auditor looks at the quality management system itself and how it has been implemented. This is the main part of an ISO 9001 internal audit, where your company’s activities are assessed against relevant documentation and the standard guidelines.
While ISO internal audits can be completed in-house, if you’re going to take this route it’s important to ensure you have the resources and experienced personnel to do so effectively and in a reasonable timeframe.
Not all companies have the means the appoint a full-time auditor or audit team to complete their internal audit, but another great option is outsourcing this service. An auditor from outside the business can offer unbiased appraisal, an outside perspective and specialist knowledge. In addition, they can provide greater staffing flexibility and highlight opportunities for cost reduction.
At Integrated Compliance Solutions our auditors have successfully conducted ISO internal audits remotely for many years. If you have staff members working online, we can seamlessly complete your audit online to help you stay quality compliant.
Why maintain ISO 9001 certification?
Getting and staying ISO 9001 certified can take some time and effort, is it really worth the investment? The short answer is – yes. Here are a few reasons why:
- Nearly half of all ISO 9001 compliant companies win new business through being certified to it;
- Through quality compliance businesses can reduce waste and the associated costs;
- ISO 9001 quality management systems improve consistency across processes, as quality can be effectively managed and monitored in all business locations, including both interstate and international;
- Establishing a commitment to quality compliance can improve a business’s reputation and lead to customers having more confidence in their products and services;
- Through compliance with ISO 9001 businesses can improve their operational performance and alleviate inefficiencies without compromising on quality. This can, in turn, boost employee productivity, which often translates into financial gain;
- Compliant companies operate under the assurance that they adequately satisfy relevant legislative requirements;
- After achieving ISO 9001 certification businesses can monitor ongoing progress towards goals and compliance with ease.
Speak with an ISO 9001 consultant
Get in touch with our ISO 9001 consultants to find out more about maintaining certification with hybrid and remote work models. We’re experts in compliance, and can help you reach your compliance goals quickly and effectively.
We’ve been successfully conducting remote consulting for our regional clients for many years. If you have team members working remotely, we can use a range of technologies to conduct audits and develop systems online.
Alternatively, ask about our compliance software, legislative updates, ISO gap analysis or integrated management system development services.