π Executive Summary
Build Outhaus into the most comprehensively ISO-certified modular building company in Australia. Seven international management system standards implemented in a single Integrated Management System (IMS), pursued through formal third-party certification from a JAS-ANZ accredited body.
Most construction companies stumble through certification one standard at a time, creating siloed systems that duplicate effort and confuse staff. Outhaus will do this right from the start: one integrated system, one management review cycle, one audit program, and one document control framework that satisfies all seven standards simultaneously.
Because Outhaus is pre-revenue, this is the ideal moment. Building the IMS now means no retrofitting, no retrofitted procedures, and no "we've always done it this way" resistance. Every sale, every build, and every customer interaction will flow through a world-class management system from day one.
Standards Summary
| Standard | Topic | Certifiable? | Priority | Target Cert |
|---|---|---|---|---|
| ISO 9001:2015 | Quality Management | Yes | P1 - Foundation | Month 12 |
| ISO 45001:2018 | Occupational Health & Safety | Yes | P1 - Legal obligation | Month 12 |
| ISO 14001:2015 | Environmental Management | Yes | P1 - Brand asset | Month 12 |
| ISO 50001:2018 | Energy Management | Yes | P2 - SIPs story | Month 18 |
| ISO 27001:2022 | Information Security | Yes | P2 - Enterprise clients | Month 24 |
| ISO 10002:2018 | Customer Satisfaction/Complaints | Guideline | P2 - Integrates with 9001 | Month 15 |
| ISO 31000:2018 | Risk Management | Framework | P1 - Underpins all others | N/A (framework) |
π‘ Why ISO Certification
For a modular home company building toward scale, ISO certification is not a bureaucratic exercise. It is a competitive weapon, a risk management tool, and a proof-of-quality story that no competitor can fake.
Most certification costs are internal time, not fees. The biggest expense is documentation and procedure development, which Outhaus's AI management layer can produce at a fraction of the cost of a traditional management consultant. The real investment is Jeremy's review time and the certification audit fees.
π All Standards - Detail
9001
:2015
What it covers: The complete framework for how Outhaus manages quality across every process - from design and procurement through production, delivery, installation, and post-sale. Requires documented processes, customer focus, leadership commitment, risk-based thinking, and a continual improvement cycle.
Outhaus relevance: Every module that leaves the factory, every delivery, every installation is a quality event. A certified QMS means documented build specifications, signed-off inspection checkpoints, supplier qualification criteria, customer satisfaction tracking, and a non-conformance process that catches problems before they reach the client.
Key clauses for construction: Design & development (8.3), Externally provided processes/products/services (8.4 - supplier management), Production and service provision (8.5), Release of products and services (8.6), Control of nonconforming outputs (8.7).
45001
:2018
What it covers: Systematic identification and control of hazards, worker participation and consultation, legal compliance (QLD Work Health and Safety Act 2011, Building Act 1975), incident investigation, emergency preparedness, and contractor safety management.
Outhaus relevance: Factory construction (off-site), transport and logistics (crane lifts, pilot vehicles, oversized loads), on-site installation (footings, crane drops, connection work), and subcontractor management all carry significant safety risk. ISO 45001 builds the system that manages it. Also directly aligned with QBCC licensing obligations.
Key outputs: Hazard Identification and Risk Assessment (HIRA) register, Safe Work Method Statements (SWMS) for all high-risk construction work, emergency response plan, contractor induction framework, incident/near-miss reporting system.
14001
:2015
What it covers: Environmental aspects and impacts of all operations, legal compliance (QLD Environmental Protection Act 1994), waste management, energy and water use, chemical handling, carbon footprint, and a commitment to environmental continual improvement.
Outhaus relevance: SIPs construction is quantifiably lower-impact than traditional build methods - less waste, superior thermal performance (ACH 2.03 vs typical 15-30), EPS core is 98% air, Super Graphite upgrade improves performance 30%. ISO 14001 certification puts independent verification behind these claims. SIPs environmental story becomes a certified marketing statement, not a marketing claim.
Key outputs: Environmental Aspects and Impacts Register, carbon footprint baseline (Scope 1 + 2), waste diversion rate tracking, SIPs vs conventional build environmental comparison (certified), environmental legal register (EPA 1994, NCC energy provisions).
50001
:2018
What it covers: Energy baseline, significant energy uses (SEUs), energy performance indicators (EnPIs), targets and action plans for continuous energy improvement. Applies to Outhaus factory operations and can extend to the energy performance of delivered homes.
Outhaus relevance: The ACH 2.03 airtightness rating, the Super Graphite EPS core performance data, and the NCC energy compliance of SIPs panels all feed directly into an ISO 50001 certified energy story. This standard lets Outhaus certify not just that their homes are energy efficient, but quantify by how much, and commit to improving that number over time.
27001
:2022
What it covers: Protection of all information assets - customer data, financial records, intellectual property, AI systems, CRM data, cloud infrastructure. Requires a formal risk assessment against 93 security controls defined in Annex A, with a Statement of Applicability documenting which controls apply and why.
Outhaus relevance: 2,400+ customer records in GHL, AI management layer with 12 scheduled tasks accessing real business data, Outlook integration with customer correspondence, Facebook Ad account, Google Ads, and financial data. As Outhaus scales and pursues government contracts, ISO 27001 will be required. Building it now means the architecture is correct from the start.
10002
:2018
What it covers: Formal customer complaints handling process - acknowledgement, investigation, resolution, escalation, and pattern analysis. While not independently certifiable, ISO 10002 compliance significantly strengthens an ISO 9001 certification and is verifiable by auditors.
Outhaus relevance: High-value, low-frequency purchases (homes) require an airtight complaints process. A client with a $200K build issue handled badly becomes a very expensive reputation problem. ISO 10002 ensures every complaint is logged, investigated, resolved within defined timeframes, and fed back into continual improvement.
31000
:2018
What it covers: Universal principles and guidelines for risk management that apply to every management system standard. Provides the methodology for risk identification, analysis, evaluation, treatment, and monitoring that underpins ISO 9001 clause 6.1, ISO 45001 clauses 6.1.2-6.1.4, ISO 14001 clause 6.1, and ISO 27001's risk assessment requirement.
Outhaus relevance: One risk register methodology for the entire IMS. Business risks, quality risks, safety risks, environmental risks, and information security risks all managed under a single, consistent framework. Eliminates duplication and ensures risks are escalated appropriately.
ποΈ IMS Architecture - One System, All Standards
Every modern ISO management system standard (9001, 45001, 14001, 50001, 27001) shares the same High Level Structure (HLS) - also called Annex SL. This is deliberate. ISO designed them to integrate.
Instead of 5 separate quality manuals, 5 separate audit programs, and 5 separate management reviews, Outhaus builds ONE Integrated Management System with shared infrastructure. All standards share a common policy framework, a common document control system, a common internal audit program, and a common management review. Standard-specific requirements are added as modules on top of this shared foundation.
High Level Structure - 10 Clauses (Shared by All Standards)
| Clause | Topic | Outhaus IMS Response |
|---|---|---|
| 4 | Context of the Organisation | Single stakeholder register, single scope statement, single SWOT and PESTLE for all standards. External issues: QLD housing market, NCC changes, climate regulation. Internal issues: pre-revenue stage, SIPs supply chain, QBCC requirements. |
| 5 | Leadership | IMS Policy (covers quality, safety, environment, energy, security commitments in one document). Roles and responsibilities matrix (RACI). Management commitment statement signed by Jeremy as MD. |
| 6 | Planning | Single risk register (stratified by category: quality, safety, environment, security). Integrated objectives and targets. ISO 31000 methodology applied across all risk categories. |
| 7 | Support | One document control system (master document register, version control, access control). One training and competence register. One communications plan. One awareness program. |
| 8 | Operation | Standard-specific procedures for quality (build specs, inspections), safety (HIRA, SWMS), environment (waste plans, spill response), energy (EnPIs, SEU monitoring), security (access control, incident response). |
| 9 | Performance Evaluation | One internal audit program (combined audits covering all applicable standards). One KPI dashboard. One management review agenda template. One customer satisfaction measurement process. |
| 10 | Improvement | One non-conformance and corrective action system. One continual improvement register. One management of change process. All standards feed into the same improvement loop. |
IMS Document Hierarchy
π Current State Assessment
Outhaus already has significant assets that map to ISO requirements. The gap is formalisation, documentation, and integration into a controlled system - not starting from zero.
| ISO Element | What Outhaus Already Has | Gap Status |
|---|---|---|
| Organisational Context | CLAUDE.md strategy, company overview, tech stack, advisors | Partial |
| Quality Policy | Brand values documented; no formal quality policy | Gap |
| Process Map | Sales process (7 stages), CRM workflows, build batches documented | Partial |
| Supplier Management | SipForm KB, Rocket BA profile, HPC Town Planning, Apex CE profiles | Partial |
| Product Specifications | Models KB, SIP panels KB, SIP performance KB, design drawings | Strong |
| Safety Management | 48 building code PDFs audited; no formal OHSMS | Gap |
| Environmental Management | SIPs environmental data (ACH, EPS, thermal); no formal EMS | Partial |
| Competence Records | QBCC licence confirmed; no staff competence register | Gap |
| Customer Satisfaction | GHL CRM tracks leads; no formal satisfaction measurement | Gap |
| Risk Management | Advisory board stress tests; no formal risk register | Partial |
| Document Control | Naming conventions, CLAUDE.md index, KB frontmatter | Partial |
| Information Security | Wordfence on website; no ISMS | Gap |
| Internal Audit Program | KB audit scheduled task (Rachel); no formal IMS audit program | Gap |
| Non-Conformance System | None documented | Gap |
| Management Review | Advisory board Q2 reviews; no formal management review | Partial |
| Legal Register | 48 building code PDFs; no consolidated legal obligations register | Partial |
| Energy Baseline | SipForm ACH and thermal performance data | Partial |
Outhaus's existing knowledge architecture (02-knowledge/), operating system (CLAUDE.md), supplier profiles, product KB files, and AI management layer give it a substantial head start. Many ISO documents can be derived directly from existing KB content. Estimate: 30-40% of required documentation already exists in some form.
π Master Document Register
Every document that must be created, maintained, and controlled in the Outhaus IMS. This section contains two views: (A) the detailed clause-by-clause register with document IDs, descriptions, and build status for the triple certification (9001 + 45001 + 14001), and (B) a summary view organised by document level across all seven standards.
Part A: Clause-by-Clause Document Register (Triple Certification)
Part B: Summary by Document Level (All Seven Standards)
The full IMS across all seven standards requires approximately 250 controlled documents. The clause-by-clause register above covers the 67 documents needed for the triple certification (9001 + 45001 + 14001). Below is the summary view across all levels and all standards.
Total controlled documents: approximately 250 across all levels. This sounds large but most are 1-4 pages each. The AI management layer can generate first drafts of 80%+ of these documents from existing KB content. Each document then requires Jeremy's review and approval before it becomes controlled.
πΊοΈ Implementation Roadmap - 8 Phases
Build the shared infrastructure that all standards sit on top of.
- IMS Manual v1.0 (scope, policy, framework)
- Integrated IMS Policy signed by Jeremy
- Organisational context analysis (stakeholders, issues, SWOT)
- Master Document Register (document control system)
- Roles and Responsibilities RACI
- ISO 31000 risk register methodology and template
- Integrated Risk Register (framework populated)
- Legal and Regulatory Obligations Register
- Competence and Training Register template
- IMS folder structure in workspace
Build the core quality system - processes, inspection protocols, supplier controls, customer satisfaction.
- Process map (all core Outhaus processes end-to-end)
- Customer requirements review procedure
- Design and development procedure
- Supplier evaluation and approved supplier register
- Production and service provision procedure (factory build stages)
- Factory build stage inspection forms
- Pre-delivery and site installation checklists
- Non-conformance and corrective action procedure + register
- Customer satisfaction measurement procedure (ISO 10002 aligned)
- Internal audit procedure and schedule template
- Management review procedure and agenda template
Build the safety system. Factory, transport, and site installation each carry distinct hazard profiles. Run in parallel with Phase 2.
- HIRA procedure and master hazard register
- SWMS - Crane and module lift operations
- SWMS - Oversized load transport
- SWMS - Electrical connection, plumbing connection
- SWMS - Working at heights, confined spaces
- Contractor and visitor induction program
- Site emergency response plan
- Incident and near-miss reporting system
- PPE matrix (by task and location)
- Workers consultation mechanism
- Return to work procedure
Formalise and quantify the environmental story that SIPs construction already tells.
- Environmental aspects and impacts register
- SIPs environmental performance baseline
- Carbon footprint baseline - Scope 1, 2, 3
- Waste management procedure and tracking system
- Chemical register (all chemicals used in production)
- Environmental legal register (EPA 1994, NCC energy provisions)
- Water use management procedure
- Environmental monitoring KPIs
- Spill prevention and response procedure
Operate the system for a full cycle, then internally audit and fix gaps before the external auditor arrives.
- First full internal audit (all three standards, combined)
- First formal management review
- Non-conformance register populated and corrective actions closed
- First customer satisfaction data collected and analysed
- Certification body selected and engaged (SAI Global recommended)
- Stage 1 audit (document review) - typically 1 day remote
- Gap report from Stage 1 addressed
- Stage 2 audit (on-site) - evidence and interviews
Outhaus holds three ISO certifications simultaneously. This is the construction industry standard package. Press release. Website badges. Tender register updated. Supplier communication. QBCC notification. Investor update.
Extend the certified EMS into a formal energy management system. The SIPs thermal performance data is the centrepiece.
- Energy review and baseline (factory energy use 12-month baseline)
- Significant Energy Uses (SEUs) identified
- Energy Performance Indicators (EnPIs) defined and tracked
- SIPs panel energy performance: ACH 2.03 vs 15-30 typical
- Super Graphite insulation performance quantification
- Energy action plans (factory solar feasibility, LED lighting, equipment efficiency)
- ISO 50001 internal audit and management review
- Stage 1 and Stage 2 certification audit
The most complex standard. Requires a full information asset inventory, risk assessment against 93 Annex A controls, and a Statement of Applicability.
- Information asset register (GHL, Outlook, Drive, AI systems, financial records)
- ISMS scope definition
- Information security risk assessment
- Risk treatment plan
- Statement of Applicability - all 93 Annex A controls assessed
- Access control policy and user management procedure
- Data classification scheme
- Incident response plan (data breach, system outage, ransomware)
- Business continuity plan
- Supplier security assessments
- Penetration test (before certification)
- Stage 1 and Stage 2 certification audit
ISO 9001 + ISO 45001 + ISO 14001 + ISO 50001 + ISO 27001. Outhaus becomes the most comprehensively ISO-certified modular building company in Australia. Surveillance audits annually. Three-year recertification cycle begins.
Maintaining certification requires annual surveillance audits and a demonstrated culture of improvement.
- Annual surveillance audits (all standards - combined)
- Quarterly management reviews
- Monthly KPI dashboard updates (AI-generated)
- Continual improvement register - minimum 4 improvements per year per standard
- Annual IMS policy and objectives review
- Three-year recertification cycle (full re-audit)
- Advisory board integration - Tom, Ben, Daniel, Rachel own IMS domains
- New staff onboarding includes IMS awareness training
π Project Breakdown - Executable Units
The IMS is delivered through 6 discrete projects. Each is a self-contained session series with clear inputs, outputs, and acceptance criteria.
Creates the shared infrastructure. Everything else depends on this being done correctly.
The largest documentation project. Quality procedures, inspection forms, supplier controls, customer satisfaction system.
Safety and environmental combined because their operational procedures overlap significantly.
Operating the system, running internal audits, and managing the external certification process.
Quantify the energy story. SIPs thermal performance data becomes a certified claim.
The full information security management system. 93 controls, statement of applicability, penetration test.
π Certification Pathway
Recommended Sequence
Why Certify 9001 + 45001 + 14001 Together?
The three standards share the same High Level Structure, which means a combined Stage 1 and Stage 2 audit covers all three simultaneously. A single auditor spends 2-3 days on-site reviewing all three. This reduces audit cost by roughly 50% compared to three separate audits. Almost all construction companies that pursue all three do them in one combined engagement.
Surveillance and Recertification
| Activity | Frequency | Cost (estimate) |
|---|---|---|
| Surveillance Audit (combined, all certified standards) | Annual (Years 1 and 2) | $3,000-6,000/year |
| Recertification Audit (full re-audit) | Every 3 years | ~80% of initial audit cost |
| Internal Audit (AI-managed) | Quarterly | Internal time only |
| Management Review | Quarterly (annual minimum for ISO) | Internal time only |
π’ Certification Bodies
Only use a certification body accredited by JAS-ANZ (Joint Accreditation System of Australia and New Zealand). Certificates from non-JAS-ANZ bodies are not recognised for government tenders, insurance purposes, or international trade. Always verify accreditation at jas-anz.org before engaging.
| Body | Origin | Outhaus Fit | Notes |
|---|---|---|---|
| SAI Global | Australian | Recommended | Largest Australian-owned certification body. Strong in construction. Local auditors who understand QLD building industry. Competitive pricing. |
| BSI Group | UK (global) | Strong option | ISO's founding body. Strong global recognition. Good for ISO 27001 (their speciality). Slightly more expensive but strong brand. |
| Bureau Veritas | French (global) | Good option | Very strong in environmental and energy standards. Good choice if 14001/50001 are prioritised. |
| SGS Australia | Swiss (global) | Alternative | Largest testing and inspection company globally. Strong in supply chain and product standards. Less construction focus locally. |
Recommended approach: Request quotes from SAI Global and BSI Group for the combined ISO 9001 + 45001 + 14001 engagement. Compare audit day rates and auditor construction experience. SAI Global will likely win on price and local knowledge.
π° Budget & Investment
Traditional ISO implementation uses external management consultants at $150-300/hour. With Outhaus's AI management layer generating first drafts of all documentation, the consultant cost drops to near zero. The main investment is Jeremy's review time and the certification body audit fees.
β‘ Quick Wins - Start This Week
These actions can start immediately, before any project is formally kicked off. Each one creates an artefact that becomes part of the IMS.
When ready to start, say "Let's do IMS P1" and the complete foundation package will be built: IMS Manual, Integrated Policy, Organisational Context, Master Document Register, RACI, Risk Register framework, and Legal Register in a single focused session.