In a global and increasingly digital and automated landscape, companies are facing growing demands for HSE, quality, information security, traceability and operational control. Customers expect consistent delivery performance and high quality, while regulators and business partners are placing stricter requirements on security, documentation and compliance.

We spoke with Robert Almås, Global Director of Quality and HSE at Q-Free about why ISO 9001 and ISO 27001 have become essential standards for industrial organizations, and why a global management system with local adaptation and multi-site certifications are now considered a strategic necessity.

First of all, Robert, for those new to the topic why have ISO standards become so important for modern industrial companies?

For industrial companies delivering digital services, connected products, remote support solutions or cloud-based platforms, this has become increasingly important. Many global customers now expect ISO 27001 certification as part of supplier qualification requirements. Ultimately, this is about trust and being able to prove that a company has effective controls for security, availability and data management, and that sensitive data is kept safe.

How does the work with ISO engage internal managers and employees across the organization?

Successful ISO implementation depends heavily on engagement across the business, especially from operational managers and subject matter experts. While I own the management system architecture in Q-Free, called Q-Free Way, the actual operational content is built collaboratively with business units through Business Process Owners and Business Process Managers, providing the expertise that makes the system truly valuable. I support with ensuring alignment with ISO requirements, coordinate audits and with the overall compliance and improvement process.

The employees and managers working closes to the operations understand the processes best, meaning that the IT team, for example, understands digital system risks and IT-security controls, while our logistics team understands our supply chain dependencies. Having our critical processes and flows gathered into one system helps us ensure and continuously improve reliability and create a culture focused on quality and improvement. It is also important not to treat ISO certification as a checklist exercises.

One of the most valuable contribution my colleagues can make is to foster a culture that is open to feedback and actively encourages the reporting of non-conformities and deviations when they occur.

This enables continuous improvement by addressing relevant issues at the earliest possible stage. Then it´s is much my responsibility to ensure that such feedback is taken seriously, managed in a systematic manner, and that employees have confidence their input will be properly addressed.

Over the past years, you have worked a lot with expanding our multi-site certifications, why have you done that and what is it?

We have moved from having separate ISO certifications at different locations into having one multi-site certificate where certified standards and their scopes are tailored to the individual location’s needs. The main benefit is that the 3rd party audits can support our continuous improvement work as we have the same external auditors auditing the certified locations, another benefit is the cost reduction as this setup does not require all locations to be audited every year.

We have integrated multiple ISO standards into one global management system. Instead of separate management systems for Quality (ISO 9001), Information Security (ISO 27001), Environment (ISO 14001) and Occupational Health and Safety (ISO 45001), these are integrated into a single framework with shared processes for audits, risk management, document control, leadership review and much more. This help reduce duplication, simplify audits and gain a much clearer overview of risk across the organization.

For a company like Q-Free, with offices in 13 countries and operations worldwide, an integrated system enables a more holistic and efficient way of managing the business.

Over the past years we have certified or expanded or renewed ISO-certifications in Norway, US, Australia, Slovenia and The Netherlands to mention a few.

Going forward, you will work even more with sustainability. What is your focus here?

Yes, my focus will be on further embedding sustainability into our processes and workflows, ensuring it is consistently reflected in how we operate day to day.

In practical terms, this means strengthening our systems and checklists so that sustainability considerations are built into decision-making across all areas of the business. For example, new products need to be designed with a life cycle perspective and when establishing new offices, we should view them as more than just physical workspaces.

We need to take a holistic approach, including how employees travel to and from work, the energy sources of the building, the agreements in place with landlords and suppliers, and the surrounding infrastructure and transport options. Not every location will meet all ideal criteria, but the key is that decisions are made consciously, based on a structured assessment where sustainability factors are always considered.

If you were only allowed to say one sentence about your work that you want to stick with people, what would that be?

I would say that it is about much more than compliance.

To expand on that, modern integrated management systems also integrating ISO 27001 and sustainability requirements provide stronger operational control, improved quality, better security, and greater scalability, while also strengthening trust among customers, shareholders, and business partners and enable to participate in business sales and growth.

I believe that the companies that will succeed in the future are not necessarily those with the most procedures, but those that build a culture where quality, security, sustainability and continuous improvement are naturally embedded in everyday operation, supported by global standards.