System quality and security certification in seven weeks: A multi-case study in Spanish SMEs

Every company wishes to improve its system quality and security, all the more so in these times of digital transformation, since having a good quality and security management system is essential to any company’s commercial survival. Such needs are even more pressing for small and medium-sized enterprises (SMEs), given their limited time and resources. To address these needs, a Spanish company, Proceso Social, has developed an innovative method called “SevenWeeks” to allow SMEs to create or improve their quality and security management systems in just seven weeks, with a view to obtaining one or both of the ISO 9001 and ISO/IEC 27001 certifications. We have evaluated the effectiveness and usefulness of SevenWeeks by carrying out a multi-case study of 26 Spanish companies, based on independent sources of evidence. This allowed us to corroborate that SevenWeeks was indeed effective for and perceived as useful by all the companies, as it enabled them to create their own quality and security management systems in only seven weeks and to obtain the necessary ISO certification. The interviewees found SevenWeeks to be an agile and intuitive method, easy to implement, which reduces costs and effort. We also include some recommendations to improve and further develop the method.