ISO 27001 and change management. Whether you are considering implementing ISO 27001 or ISO 9001 in your organisation it is about implementing change and one extremely important aspect of any such project is to make sure you are managing that change.

 

Information security or quality management is a mixture of various parameters such as product, policies, risk, process and PEOPLE. In fact I would argue that people is the most critical element for both information security and quality.

According to CIPD:
Change management matters because, although change is taking place at an ever-increasing pace, there is evidence that suggests that most change initiatives fail. For example, CIPD research suggests that less than 60% of re-organisations met their stated objectives which are usually bottom line improvement.

Luckily there is a lot of theory and research that can help you in these kind of projects; Lewin, Bullock and Batten, Kotter, Adkar, Beckhard and Harris and Kubler-Ross to mention a few. Personally I like to use a combination of Lewin, Kotter and Kubler-Ross. I like Kotter and the 8 steps as a checklist I always try to build into project plans. I also use Lewin because it is quite simple and easy to explain. And Kubler-Ross five stages of grief is important to help appreciate what stages employees of the organisation is going through when they are first faced with major changes
From this perspective, involvement of the employees in the project is extremely important, not only because of change management but also perhaps more importantly because these are the real experts in the organisations processes and they have the knowledge you need to improve those processes. In fact we often get asked if we can create and implement the whole ISO system and our answer is always that you get far superior results by involving people from the organisation as otherwise the system would not be fit for purpose and would never be adopted by the people of the organisation. Hence why we typically help create system documentation through a facilitation and review process.

In addition by having a strong communication plan and by involving as many people as possible all the way through the project often means that you step through the Kubler-Ross curve much quicker and you come out the other end with the buy in of the organisation and the people in that organisation.

This is how you then suddenly have a great platform to further improve your business from.