Get 4 FREE months of Conformio to implement ISO 27001

How to stay ISO 9001 compliant with remote workers

Lately, more organizations have employees working from home, and this requires some thought to ensure compliance with your ISO 9001:2015 Quality Management System (QMS). How will your organization make sure that the right infrastructure for working, communication, and meeting is set up, has enough capacity to function, and is protected? Fortunately, ISO 9001 has several requirements to be met regarding infrastructure, working environment, and communication, which will help you consider what needs to be put in place for business continuity in this scenario.

Relevant ISO 9001 clauses for remote workers
  • Clause 7.1.3 – Infrastructure
  • Clause 7.1.4 – Working environment
  • Clause 7.4 – Communication

Clause 7.1.3 – Infrastructure

Infrastructure is a key consideration with remote working, and it concerns the physical buildings, equipment, and information technology needed to provide products and services. When everyone is co-located in one building this is much easier to manage, but when you are dealing with a remote working situation you will want to think about the impact to your infrastructure by people being at home.

One of the first things that you need to think about, when it comes to people working from home, is the possibility of issues and risks with information technology (IT) infrastructure and cybersecurity. If it is a considerable concern for you, then investigating the needs for an Information Security Management System (ISMS) might be necessary, and for this there is also an ISO standard: ISO 27001. However, even if a full ISMS is not necessary for you, there are some IT infrastructure risks you should consider.

For IT, you will want to ensure that people have the hardware needed to do their jobs. For instance, where you had computers and a secure company internet connection, these will no longer be accessible, so you will need to ensure that these needs are filled. Along with this, consider if people have the right software to do their work, including additional software such as teleconferencing software or a virtual private network (VPN) for internet security. Additionally, are cloud services adequate to share the necessary information between employees, or do you need something different to make your work happen, such as a secured drive at your company with VPN access?


Other infrastructure concerns may also be unique to your situation, but some will have more of an effect on the environment for operation of processes (which is also called the working environment). For instance, are there physical resources needed for employees to set up their home offices, such as desks or chairs?

To manage your IT security risks to safeguard your business, you can read about how to integrate an ISMS into your QMS in this article: How to integrate ISO 9001 and ISO 27001.

ISO 9001 & work from home: How to stay compliant

Clause 7.1.4 – Working environment

Along with infrastructure, you should consider the home working environment. As stated in ISO 9001, a suitable environment includes a combination of both physical and human factors, including social and psychological aspects of the work. Like infrastructure, this will change greatly when workers are working remotely.

While it may be impossible to control the physical factors when people are not in your building, such as temperature, airflow, and hygiene, you can certainly educate workers on setting up an ergonomically safe workspace. The same can be said for social factors, by allowing and encouraging employees to continue interacting with other workers even in their secluded state.

When it comes to human factors, this is possibly one of the biggest concerns of employees working from home and can be one of the most difficult to address. Consider how you will support employees in stress reduction, burnout prevention, and emotional protection while they continue to work for you in isolation. Solutions may range from education support on psychological concerns, to providing further communication and support for workers struggling with their seclusion. It is important to realize that some work may take longer, and some employees may seek psychological help to deal with no longer being in the office. You need to find the right ways to support employees’ mental well-being, as this may become a key priority for your business continuity.

Clause 7.4 – Communication

After infrastructure, one of the biggest considerations for remote work is to ensure that communication is in place for this new reality. Communication and education were already mentioned in the infrastructure and working environment sections of this article. For instance, you may need to consider implementing software for remote communication or developing tutorials and training people on the use of new infrastructure.

Additionally, when it is not possible to just stop by a worker’s desk to instruct or clarify work tasks, finding new channels of communication is critical. Establishing routine alignment calls may be necessary to ensure the flow of communication and remove uncertainty about the entire situation of working from home. Communication will need to include considerations for worker-to-worker communication, manager-to-worker communication, senior management-to-company communication, and additional communication with customers and suppliers.

Don’t ignore your compliance with ISO 9001 or other ISO standards

It is critical during a change to remote working that you utilize every means possible to ensure your continuity of operations. Utilizing ISO standards can help, as has been outlined in the article How to use ISO standards to address a pandemic. It is important to remember that the purpose of ISO standards is not to add complications and overhead costs, but rather to help organizations address issues that arise. A shift to working from home is an issue that needs to be addressed, and the ISO standards can help with ensuring that you do this through best practices.

To learn more about ISO 9001 requirements and remote operations during the pandemic, see this free webinar: How to use ISO 9001:2015 to address a pandemic (free webinar on demand).

Advisera Mark Hammar
Author
Mark Hammar
Mark Hammar is a Certified Manager of Quality / Organizational Excellence through the American Society for Quality and has been a Quality Professional since 1994. Mark has experience in auditing, improving processes, and writing procedures for Quality, Environmental, and Occupational Health & Safety Management Systems, and is certified as a Lead Auditor for ISO 9001, AS9100, and ISO 14001.