What is ISO 9001?

ISO 9001 is the internationally recognized standard for Quality Management Systems (QMS).  ISO 9001:2008 is the current version.  It provides your company with a framework and set of principles to ensure a common sense approach to the management of your business activities and to consistently achieve higher customer satisfaction.

The ISO 9000 series of standards

ISO 9001 is one of a series of quality management system standards. It can help bring out the best in your organization by enabling you to understand your processes for delivering your products/services to your customers. The ISO 9001 series of standards consist of:

• ISO 9000 – Fundamentals and Vocabulary: this introduces the user to the concepts behind the management systems and specifies the terminology used.

• ISO 9001 – Requirements: this sets out the criteria you will need to meet if you wish to operate in accordance with the standard and gain certification.

• ISO 9004 – Guidelines for performance improvement: based upon the eight quality management principles, these are designed to be used by senior management as a framework to guide their organizations towards improved performance by considering the needs of all interested parties, not just customers.

You will need a copy of ISO 9001 in order to get registered, ISO 9004 is not required, but highly recommended and ISO 9000 is quite useful.  These can be ordered from ASQ (www.asq.org) or ANSI (www.webstore.ansi.org).

Who is ISO 9001:2008 applicable to?

Any organization can benefit from implementing ISO 9001:2008 as its requirements are based upon eight management principles:

• a customer focused organization
• leadership
• the involvement of people
• ensuring a process approach
• a systematic approach to management
• a factual approach to decision making
• mutually beneficial supplier relations
• continuous improvement

There are nearly one million companies worldwide registered to ISO 9001 and nearly that many registered to one of the industry specific variants (i.e., AS9100 in aerospace, TS16949 in automotive, etc) or compliant but not registered. 

There are companies with one or two employees that are registered to ISO 9001, and there are companies with thousands of employees, and everything in between.

At one time ISO 9001 was thought of as applying primarily to manufacturing companies, but now there is a wide range of service organizations (hospitals, law firms, lodging companies, etc.) that are registered.

ISO 9001 is suitable for any organization looking to improve the way it is operated and managed, regardless of size or sector. However, the best returns on investment come from those companies that are prepared to implement it throughout their organization rather than at particular sites, departments or divisions.

In addition, ISO 9001 is designed to be compatible with other management systems standards and specifications, such as the OHSAS 18001 Occupational Health and Safety standard and the ISO 14001 Environmental standard. They can be integrated seamlessly through Integrated Management. They share many principles so choosing an integrated management system can offer excellent value for money.

What are the benefits of registration?

• Customer satisfaction - through delivery of products that consistently meet customer requirements customers satisfaction is increased
• Reduced operating costs - through continual improvement of processes and resulting operational efficiencies
• Improved stakeholder relationships - including rmployees, customers and suppliers
• Legal compliance - by understanding how statutory and regulatory requirements impact on the organization and its your customers
• Improved risk management - through greater consistency and traceability of products and services
• Proven business credentials - through independent verification against recognized standards
• Ability to win more business - particularly where procurement specifications require certification as a condition to supply

How do you start to implement ISO 9001? What is involved?

• Purchase the standard and get very familiar with it.
• Identify the requirements of ISO 9001 and how they apply to your business.
• Establish quality objectives and how they fit in to the operation of the business.
• Produce a documented quality policy indicating how these requirements are satisfied.
• Communicate them throughout your organization.  The quality policy must be understood by all employees, including temps.
• Evaluate the quality policy, its stated objectives and then priorities requirements to ensure they are met.
• Identify the boundaries of the management system and produce documented procedures as required (ISO 9001 requires at least six documented procedures).
• Ensure these procedures are suitable and adhered to.
• Once developed, internal audits are needed to ensure the system carries on working.
• Conduct a management review to evaluate how the system is working.

How long will it take?

In general, few companies are ready for registration is less than six months and most companies take less than 12 months. How long it will take depends mostly on the complexity of your company’s processes and the availability of internal resources. 

Many companies try to save time and money by buying a manual and procedures or using someone else’s manual and procedures.  In the end, they typically spend more time modifying someone else’s procedures than creating their own.

Keep in mind, most of the registrars require that your system be done and in place for 45 days before they come out for the registration audit.

Do we need a consultant to get registered?

No, there are many companies that have gotten registered without outside help.  The right consultant should be able to help you create a quality management system with appropriate documentation, that will get you registered without major nonconformances, and do at a lower overall cost than doing it by yourself, and it less time than doing it by yourself.  It does depend on getting the right consultant though.

The Initial Certification Audit

The assessment process for achieving certification consists of a two stage Initial Certification Audit:

Stage 1 - the purpose of this visit is to confirm the readiness of the organization for full assessment. The auditor will:

• confirm that the quality manual conforms to the requirements of ISO 9001:2008
• confirm its implementation status
• confirm the scope of certification
• check legislative compliance
• produce a report that identifies any non-compliance or potential for non-compliance and agree a corrective action plan if required.
• produce an assessment plan and confirm a date for the Stage 2 assessment visit.

During the Stage 1 audit, only a few employees will be interviewed.

If there are no significant problems, the stage two audit will typically follow in 30-45 days.

If there are significant problems, the auditor may suggest waiting 90 to 120 days for the stage 2 audit.

Stage 2 - the purpose of this visit is to confirm that the quality management system fully conforms to the requirements of ISO 9001:2008 in practice. The auditor will:

• undertake sample audits of the processes and activities defined in the scope of assessment
• document how the system complies with the standard
• document how the system complies with the organization’s manual and procedures
• report any non-compliances or potential for non-compliance
• produce a surveillance plan and confirm a date for the first surveillance visit

During the Stage 2 audit, a number of employees will be interviewed. If the auditor identifies any major non-conformance, the organization cannot be certified until corrective action is taken and verified.  This means the auditor has to come back out for an onsite verification visit.

If there are no major non-conformances, then the certificate is typically sent out within 30-45 days after the Stage 2 audit.