The Quality Hub Podcast
Listen Below. Learn More.
ISO Certification and Government Contracting Part 2
Episode 5 – ISO Certification and Government Contracting – Part 2
See Part 1 Here
ISO and Government Contracts Part 2
In Part 2 of ISO Certification and Government Contracting, host Xavier Francis engages with Renee Ferry and Kevin Metz from Core Business Solutions. They address common misconceptions about ISO standards in government contracts, emphasizing the ongoing nature of certification and the risks associated with losing it. The conversation emphasizes the importance of starting the certification process early, especially for small businesses with limited resources. Success stories are shared, illustrating how ISO certification has facilitated growth and success for businesses in addition to helping in securing government contracts.
Core Business Solutions publishes ISO Certification podcast episodes weekly. You can find more episodes here.
Episode 5 – ISO and Government Contracts Podcast – Part 2
Government Contracting and ISO Certification Part 2
Hello, everyone, and thanks for listening to the Quality Hub chatting with ISO experts. I’m your host, Xavier Francis. Today I’m here again with Rene Ferri. Customer Success Manager, and Kevin Metz, sales and business development manager here at CORE. Glad to have you again.
Thanks for having us.
Yeah, thank you. A pleasure to be here.
So glad you’re with us. Now, this week’s podcast is part two of ISO Certification and Government Contracting. Let’s continue our discussion with Renee and Kevin. And let’s start with Renee. So, Rene, what are some misconceptions or myths surrounding ISO standards and their role in government contracting that you’ve encountered?
You know, essentially, it’s not too much of a complicated structure. Based upon the fact that the government has put in minimum requirements for customers to be eligible. Doesn’t generate a lot of misconceptions or myths in and of itself. One of the most common misconceptions is that obtaining ISO certification is just to put a piece of paper on the wall.
Or in the contract.
Or. Exactly. Exactly. But those who enter the process with that in mind will be very surprised. ISO certification has built within its requirements that prevent that. So even though you’re going to obtain your certification, it’s not a once-and-done process. Every single year you’re going to have to be you’re going to have to go through an audit and perform processes such as management review, internal audit, corrective action process, and supplier evaluation processes to ensure that you’re continuing to follow the structure that you have put in place and then you’re not putting your certification in jeopardy.
Absolutely. I mean, it’s so true that it’s not a once-and-done for a piece of paper. And most of the time I know Suzanne Weber Smatko is a huge proponent of what ISO does for a company. You know, you gain you won’t grow. You’re not going to gain the true benefits for your business just from these standards for a piece of paper. They can help. Now, do you find if you’re not keeping your subscription, and your certification up to date, does that put you in danger of perhaps losing the contract you got?
Yes, absolutely. We get calls a lot about folks who have gone through the process once, have obtained their certification, and then lost it. They haven’t kept it up there. They didn’t pass their audit. And so, they lost their certification. We do a lot of education, as Kevin indicated, not only through his team that does a lot of education on the upfront but even, you know, on an ongoing basis to try to educate customers about what they should be doing to kind of keep that in place. But we help customers, no matter what their situation is.
So, we’ve helped quite a few customers that were in that situation, and they’ve bounced back, and we’ve gotten them to where they needed to be and then, you know, offered them some additional assistance that helps them to maintain it moving forward. We work with small businesses and there’s either a limited budget, but there’s limited resources and time. You know, I don’t believe that any of our customers are just sitting there saying, forget it, I don’t want to do this. It’s that they’ve run out of time and resources.
Yeah, business happens.
Exactly. And where they thought that they were going to have time to do the stuff they didn’t and caught up to them kind of too quickly.
One thing to emphasize there is that, you know, you ask the question, can they put you at risk of losing your contract? The government doesn’t play around. Right. You know, they are there immediately, once they get notified that you no longer have that certificate, they will boot you off the contract. So, you need to be smart about what you’re doing. And that’s why, you know, to Renee’s point, we’re very focused on building a system that works for our customers that should be with anything you’re doing for the government. You need to make sure it’s ingrained into who you are as a company and focus on making that your identity.
Yeah. Yeah, absolutely.
I do have an example. I have a customer who hired a new chief technology officer who I had met at an event, and they were certified to all the standards. They were certified to nine CMMI, 27, and 20. And he had just he was just new to the organization. And they had all those things in place. And he reached out to me probably within weeks of meeting me to let me know that once he had gotten in and started to dig through. This goes back to what Kevin referenced earlier.
He discovered that the registrar that they had used was outside of the country and was not valid. And so, they were, and they live in that government contracting space. And so, they very quickly needed to get valid certifications for all those standards. Our teams work together very diligently and in as quick a period as possible, kind of moved them through that process to get everything set up in place. He knew that they were not going to be able to continue to participate in that government space in that situation.
Yeah, I can understand that. So, Kevin, how can smaller businesses or startups with limited resources pursue ISO certification to enhance their chances of getting a government contract?
Okay, so bear with me because this will sound like the wrong answer. So, spending money on, you know, consulting services and with companies like us is probably the most effective way for small businesses, startups, you know, companies with limited resources to go about it. And the reason for that is because, one, that’s what we do, right? That’s our focus. That’s our business. We live in this space, and we understand it.
But two, you know, you’re looking at it from the time saving and the money saving that you’re going to have because of what resources you’re going to have to allocate to doing it internally. For, you know, the time that you’re taking people away from their day-to-day jobs, what kind of money you’re losing from them, not focusing on their, you know, their tier A position requirements. So that’s why it might sound like the wrong answer but is a valid answer to that question.
You know, this isn’t a heavy, heavy lift, but it’s a lift. And if you don’t have the people in place to do it is one thing. But if you don’t have anybody that understands how to do it is another. These things are very kind of nebulous. What’s it telling me to do? We’re sort of like there to translate that and say, this is what it means, and this is what auditors look for. And this was what it meant in your business space.
Great point.
Well as Kevin mentioned earlier. The heavier lift comes when you’re going to try to seek certification to numerous standards at the same time. And we assist our customers in doing that. They can become heavier of a lift and require additional resources and time from the company and our programs have tools in place to be able to assist them through that.
Yeah. And to your point, Xavier, making sure this is done right because of a lot of the let’s just call it interpretation of these standards is another place where you potentially save money because if you implement yourself, you have no one to help you when you go through that certification audit, you have no one to, you know, fight the fight for you when your interpretation is considered wrong. And so that could also be another place where you lose money if you go through implementing yourself, go through the certification audit, and they try to fail you and have no one to back you up with the interpretation understanding.
So really, I mean, that kind of leads into my next point, which is why working with a consulting firm like CORE is always the best way for a company to find themselves in the right position to pursue this kind of work. We encourage you to explore your options as anybody would. But in the government contracting space, everything moves very fast, and implementing ISO internally normally takes 2 to 3 times longer. I mean, there’s no guarantee. You know, when you go through it by yourself, it’s just a headache.
And you might focus on the wrong thing.
Yeah, absolutely.
I know that. You know, we’ve had consultants talk about what I’ve talked to on the podcast. It’s like, you know, people prep before they reach us, and they have more documentation than they need, and they weren’t working on the right thing to help us. And we’re like, that’s way too much. You don’t need all that we kind of need to be focused on over here. So, helping hands are important.
Even in the sales process, we get those packets of information and sometimes the files are too big to open in an email.
Yeah, true story.
But yeah, I’ll just, you know, say one last time that, you know, Core has put itself in a position where we understand this space well and we invest a lot of time into reading about it, going to all the different town halls, the different sessions that they have for different contracts, vehicles. And, you know, we’ve put a lot of time and effort into making sure that we understand it so that way our customers understand it if they choose to work with us.
Absolutely. So, Renee, what advice would you give a business aiming to establish a strong presence in government contracting through compliance with ISO standards?
My first piece of advice is to start as early as possible. Kevin already mentioned the fact that you know, government contracting provides a very truncated period for you to obtain certification. And so compared to the duration of our standard ISO certification programs, now, we’ve become very good at being more efficient. For government contracts, being able to start as early as possible provides the company with some breathing room. Rather than having to feel like you’re being shoved up against the wall.
The other piece of advice that I do have is really to have a plan for what resources internally you’re going to use for the project. In the seven years that I’ve been here, I think one of the biggest issues I’ve seen kind of present challenges as far as timeline goes, is with the number of individuals involved in the project. So, you know, larger groups with representation from all the different departments generate great discussion and it generates a lot of great brainstorming. Unfortunately, what happens sometimes is that it’s difficult to just land on a decision, and so progress is hard to make.
Another point to that is don’t feel like you must weed the herd by yourself. That’s part of what our consultants can help with, which is to help you understand who the best fits are for your management team.
Right. And back to Renee’s point, too, about, you know, having too many. The one thing about primarily ISO 9001, it puts in place that you have employee engagement.
So, a lot of those voices aren’t going to be lost. It’s just in a different place in a more formal setting and a more formal way of when you’re going to get those ideas. So, you’re not going to lose that, those great ideas, that synergy that you may gain. It’s just at the initial point, you don’t need to have so many cooks in the kitchen.
Our programs are designed to assist with that. So as our consultant starts to understand the structure and organization of the company, they’ll have suggestions and recommendations about who to involve in the weekly calls and the development of the management system. It does not mean that you’re not going to bring other folks in throughout the process.
But those that will meet weekly will be a different group. And then your consultants going to advise you when you should invite somebody to the next meeting to either review documents that you’ve put together to be sure that it’s reflecting the process properly or whether you want to run some other thoughts or ideas by those folks. So, we have created a very efficient process in which our consulting team is great at directing that journey.
Absolutely. Trying to balance all these needs in a truncated timeframe can certainly be a challenge. Are there any specific ISO standards that you see hold more weight or importance in the realm of government contracting? I know we mentioned 9001 and CMMI. A lot of times they get more points. Anything else might come to mind?
We’ve seen contract vehicles that team up 27001 to 20000-1 and we’ve seen others. That team went up 14 001 and 45001. Now, for those that are not familiar with all those standards, you know, 27001 is the cyber security standard and 20000-1 is the service delivery standard. Those are two standards that work very closely together. Okay. And so, it makes a lot of sense that if you’re going to do one that and you have and you have your eye on another, that you do those together. And the same with 14001 and 45001.
The environment and occupational health and safety are another set of standards that work extremely well together. And you create a lot of efficiencies doing both at the same time rather than doing them as separate certification programs. But we don’t always drive what the government is, the government’s going to put together standards. We’ve seen those together and those make sense to us. But it doesn’t mean tomorrow we’re not going to get a government contract that comes up with a bunch that may not work as well together.
Have you seen anything bizarre, like 27001 and 13485 or, you know,
No.
Not yet.
Not yet. But you never know. With the government who knows, right?
That’s right.
Here’s the big teaser. Just be ready. CMMC.
CMMC.
There you go. That’s right. That’ll be another podcast.
Yeah. Yeah, absolutely. Well, we have talked about that ad nauseam for the last three years. I know. That’s another one we’ve been on there. But we’ll see how that fleshes out if it ever does.
It’s way too far ahead of a spoiler.
Yes, way too far ahead. Spoiler Yes, I’m involved in a lot of those podcasts that are out in the podcast webinars and you know, it’s like, my gosh, you know, when is it going to end? What are we going to know what it is? It’s very frustrating for a lot of people here and I’m sure businesses. So, can each of you do either one of you or both of you have a success story where you’ve found that people really can leverage their certifications to win the government contracts they’re looking for?
Yeah. So, I have one that comes straight to the top of my mind. I’ll just use the initials of the company. To keep them secret. Okay. But yeah,
Unless it’s like KFC or, you know,
Not far from KPC.
Yeah, that’s right.
There you go.
So KPC has been one of our customers since the late 2010s. I worked with them to get them on board. However, there are small government contracting consulting firms. They were looking to break into bigger contracts. They were new on the scene, so to speak. And so, we advise them to achieve ISO 9001. And this was a one-person company. So just keep that in mind as it applies to any size. But you know, fast forward, you know, a few years now here in 2024 almost said 2023.
Now not that far along on.
We you know we have worked with them on multiple different standards. They’ve been achieving work from the government at a high rate. They’ve grown at least revenue-wise, at least four or five times. So, we’ve seen a lot of success come from that story. And, you know, they’ve been very transparent about where success comes from. And a lot of that is from the point getting from setting themselves up to be properly competent to bid on those contracts. They’re not wasting time bidding on things that they know they can’t get. They went out and achieved what they needed to do to win that business.
And how many, if you can say how many standards are they certified to at this point?
I want to say at least three. But it could be it could be four.
It could be four. I think it is four. Yep.
Do you have anything, Renee?
I do. You know, my interaction with customers is slightly different. And I know exactly the customer that Kevin is talking with, and we’ve all worked with them for quite some time. But I’ve got several customers that start, like Kevin said, with a 9001 or CMMI, and they’ve kind of spread out the standards over time. So, they keep coming back because they’re working in that government contracting space and saying, okay, now I want to add the next certification, now I want to add the next standard. Now I want to act, and this is fabulous for us because our goal has never been to just start and end the project.
It’s always our goal to be our customer’s partner on their journey to certifications. And so that spans over a long period. We have customers that we’ve worked with for almost 20 years over time in different programs and services throughout the year that they need like Kevin mentioned, you know, resources and time. Sometimes a lot of our companies don’t have time for internal audits. We go in and we’ll system with those types of services. But the success that I’ve seen is that these customers continue to come back and build into their certifications, their standard certification portfolio. And to me, that’s a great success.
Yeah, absolutely success.
I also say that it is a success for not just us, but for the customers.
Absolutely.
Because they now have a partner that they trust to go through this process with. They have somebody to turn to when there’s something new that they need to do to best position themselves. So, it’s a win-win. And I always like to highlight that, you know, we’re very focused on the win-win.
Yes, we’re a company there, but there was a reason that we won the 16th best places to work in Pennsylvania, and we do apply that to our customers where we just want to help people. We want to help them get certified. We want to keep them growing, give them what they need, and anyway, we can help them, you know, within the space that we with the way we live. And it’s true.
As you know.
Go ahead.
I think you were going to say the same thing I did. As you know, we have our core values here. Core and the first one for C is
Customer focused.
Customer-focused, and we want to focus on their needs, and what helps them, because at the end of the day, that’s what helps us achieve the goals that we have by seeing their success.
Absolutely.
And our mission has always been to help small businesses become successful. That’s been from the start. We then we’ve been doing this for 23 years and a lot of the things that we get into, I know it’s, you know when Kevin mentioned CMMC, you know, this is not exciting for us, but we identified very, very early on that it was going to impact a large amount of our customer base because we have so many customers that work on government contracts. And so, you know, that’s always been our mission. It continues to be. And for us that’s the best success is when we’re able to help these small businesses show up in spaces like this and be successful.
Absolutely.
Scott likes to say that people like Renee and I are the first consultants that, you know, you speak to at Core and prove to that is that there’s probably plenty of nights where Renee or I have both fallen asleep with, you know, CMMC material on our face. But we’re constantly learning, even in our sales department, we’re focused on learning these things. So that way when someone comes in that door and says, hey, I need help with something we’re super focused on, how can we inform them? Not just the sales process. It’s consultative. So, I always like to highlight that.
And this podcast is part of that. One of the reasons we do this is to try to inform our customers, I mean, people that aren’t our customers as well. But that’s why,
Absolutely.
We give a lot of free information away in this podcast.
Absolutely.
Well, it was this has been a great pleasure for me. I appreciate your information here, both Renee and Kevin.
Anytime. It’s our pleasure.
Yeah, thanks. Happy to be here.
We want to thank everyone for listening to our podcast today. We hope it’s been informative for you. If you’re looking for more information about Core Business Solutions that we can help you with ISO certifications like we talked about today, cybersecurity, or even customized training, please email us at info@thecoresolution.com. You can also visit our website at www.thecoresolution.com. And if you haven’t already followed us on your favorite podcast platform or YouTube, be sure to do so that we won’t miss the next quality podcast when it’s released next week. Have a great day.