In short, ISO 9001 is a voluntary Quality Management System (QMS) standard that helps organizations ensure they are meeting customer requirements. Note that the key word in the title is "Management." The intent of the 9001 standard is to implement systems that Management can use to better run the business.
Many companies have portions of these best practices in place currently or they wouldn't be able to stay in business. However, the standard offers a more structured approach for processes such as how customer requirements are reviewed and met; how products or services are actually produced and delivered; how employees are hired and considered to be competent; how documents are controlled to ensure they are current; how management itself periodically reviews the processes they have implemented; and how data is used in decision making. In fact, the 23 page standard provides guidance in all areas of the business. Its process approach to organizational improvement can be applied to any business - no matter the industry or size.
The ISO 9000 standards are internationally recognized management concepts, principles and practices that have been formalized into a set of standardized requirements for a quality management system (QMS). These standardized requirements define controls that focus on improving an organization’s ability to deliver products or services that:
Consistently meet customer’s quality requirements
Meet applicable regulatory requirements
Enhance customer satisfaction
Achieve continual improvement of its performance in pursuit of these objectives.
The ISO 9001 standard focuses on improving an organization’s management sytem and processes. It does not specify any requirements for product or service quality. Customers typically set product and service quality requirements. However, the expectation is that an organization with an effective ISO 9001 based QMS will indeed improve it’s ability to meet customer and regulatory requirements.
ISO 9001requirements are complementary to contractual and applicable regulatory requirements. Those implementing a QMS conforming to ISO 9001 must ensure that the specific requirements of their customers and regulatory agencies are met.
ISO 9000:2005 Quality management systems - Fundamentals and vocabulary.
This is a guidance document that defines the concepts, principles, terms, definitions and relationships that form the basis for quality management.
ISO 9001:2008 Quality management systems - Requirements.
This document is the standard that defines a generic set of requirements for organizations wishing to develop a quality management system.This is the only standard to which an organization may obtain certification. Because requirements are generic and not specific, organizations have flexibility in tailoring their quality management systems to fit their business, culture and risks. To get an in-depth understanding of this key standard, read this free eBookUnderstanding ISO 9001:2000.
ISO 9004:2000 Quality management systems - Guidelines for performance improvements.
As the title indicates, this is a guidance document for organizations wishing to move beyond the requirements of ISO 9001, in pursuit of continual improvement of overall business performance. Its use is not intended for certification or contractual purposes.
The standard covers five broad categories or clauses, each of which include several sub-clauses. The five categories are:
Quality Management System - sets requirements to identify, plan, document, operate and control an organization’s QMS processes and to continually improve QMS effectiveness.
Management Responsibility - sets requirements for top management to demonstrate its leadership and commitment to develop, implement and continually improve the QMS.
Resource Management - sets requirements to determine, provide and control the various resources needed to operate and manage QMS processes; to continually improve QMS effectiveness; and to enhance customer satisfaction by meeting customer requirements
Product Realization - sets requirements to plan, operate and control the specific QMS processes that determine, design, produceand deliver an organization’s product and services.
Measurement, Analysis and Improvement - sets requirements to plan, measure, analyze and improve processes that demonstrate product and QMS conformity and continually improve QMS effectiveness.
When you purchase products or services from a supplier, you have two risks to consider:
The risk in the quality of the product or service you are purchasing
The risk in the supplier’s ability to consistently provide the quality desired.
For the first risk - as the customer, you must specify criteria and quality objectives for the product. Through the use of your own QMS, you then verify that delivered product conforms to your specifications.
For the second risk - you may want the supplier to have management system controls. How much control? To answer this, you need to consider the following questions:
What specific products (goods or services) do you wish to purchase?
What impact do these products have on the products you make?
What are the risks to your business if you experience problems with these products?
What do you know about the reputation and past performance of your supplier?
ISO 9001:2008 provides requirements for the purchasing process that your organization can implement, to develop and improve relationships with suppliers. These requirements relate to:
Establishing criteria and quality objectives for the specific products or services you wish to purchase
And QMS controls that you may want your supplier to develop.
The standard allows flexibility in the nature and scope of product and system controls you wish to impose on each supplier.
The above considerations help you in establishing appropriate supplier selection and approval ranging from selective ISO 9001 controls being imposed to full third party certification. This is in addition to initially establishing criteria and quality objectives for the product or services you wish to buy.
There are various ways in which your supplier can claim that its quality management system meets the requirements of ISO 9001:2008.
Supplier’s declaration of conformity:
Your supplier makes a declaration affirming that its QMS meets ISO 9001:2008 requirements, usually supported by legally-binding signatures. This declaration can be based on your supplier’s internal audit system, or on second party or third party audits;
Second party assessment:
Your supplier is audited directly by its customer (e.g., by you, or by another customer, whose reputation you respect) to check if its QMS meets ISO 9001:2008 requirements and your own requirements - sometimes used in contractual “business-to-business” transactions;
Third party certification:
Your supplier uses an accredited Certification Body (Registrar) to audit and verify it’s conformity to ISO 9001:2008 requirements. This third party then issues a certificate to your supplier describing the scope of its QMS, and confirming that it conforms to ISO 9001:2008.
When an organization is certified to ISO 9001:2008,this means that the Certification Body (CB) has verified the organizations QMS’s conformity to ISO 9001 requirements. The objective is to provide the organization’s management and its customers, confidence that it is in control of its operations. While this confidence logically extends to the products and services provided,ISO 9001:2008 does not define product-specific requirements. Therefore, QMS certification does not translate into a product guarantee.
The onus remains on an organization to verify product quality. Work with your suppliers to improve their QMS and consequently leading to improved product quality performance. In the meantime, you may have to perform some verification of purchased product based on past history of the suppliers performance.
Notify your supplier through your QMS corrective action process of the specific issues underlying your complaint. Work with them in getting a speedy resolution to the complaint. Your supplier is obliged to investigate your complaint, and should take appropriate actions to avoid or reduce the chances of it reoccurring.
If, however, your supplier continues to provide non-conforming products, does not address your complaint, or does not take appropriate corrective actions, then this may be an indication of problems with their quality management system. Work with their quality management representative in resolving the complaint and QMS issues.
If you are still not satisfied with your suppliers response, and if they are certified, notify their Certification Body (CB) of your complaint. You can find the certification body’s name by looking at your supplier’s certificate. The CB will investigate the problems during their surveillance audits of your supplier’s QMS, or, in critical cases, may decide to carry out an additional specific investigation.
If you do not receive a satisfactory response from the CB, and if it is accredited, you should complain to the relevant accreditation body. Details of any such accreditation will appear on your supplier’s ISO 9001:2008 certificate. If you have difficulty in getting this information, you can consult the list of accreditation bodies who are members of the International Accreditation Forum on the IAF website.
Note that as a purchaser, you can take legal action against your supplier concurrently with the above actions.
Remember that whenever possible, you should consider having alternative suppliers as part of your risk management or contingency planning. Then if all else fails with your specific complaint, the use of an alternative supplier is your safety net.
Before the actual certification audit, a CB auditor makes a preliminary visit of your facilities, briefly reviews your QMS documentation and conduct an informal check of the QMS implementation. In essence, this preliminary audit intended to uncover areas in your QMS that might need special attention. During the initial visit the audit scope and audit program is agreed upon, as well.
A Pre-assessment is an optional activity. It adds value in that it provides an organization with a clear view of the gaps in its state of readiness, a few months prior to the formal certification audit. More and more organizations now prefer experienced consultant auditors to do the Pre-assessments as they not just identify the gaps, but also provide solutions to correcting them. CB auditors may only report on the gaps, but are not allowed to provide solutions.
The ISO organization is responsible for developing, maintaining and publishing the ISO 9000 and other families of standards. The ISO organization does not audit or issue certificates for conformity to any ISO standard.
The auditing and certification of QMS’s is carried out (independently of the ISO organization) by hundreds of certification bodies (CB’s) around the world. These CB’s issue ISO 9001:2008 certificates under their own responsibility and ISO does not control the activities of CB’s.
CB’s may in turn be accredited by Accreditation Bodies (AB’s). AB’s may in some countries, be the national standards institutes that make up ISO’s membership. AB’s carry out accreditation assessments, either on behalf of their respective governments, or as a business operation. The ISO organization has no authority to control such accreditation activities.
Note: Not all CB’s are accredited.
However, ISO’s Committee on conformity assessment, ISO/CASCO, develops standards and guidelines covering various aspects of accreditation/certification/conformity assessment activities for AB’s and CB’s. The voluntary criteria contained in these standards and guides represent an international consensus on what constitutes good practice. Their use contributes to the consistency and coherence of conformity assessment worldwide and so facilitates trade across borders.
The following is an overview of the key steps:
1. Get a copy of the ISO 9001:2008 and ISO 9004:2000 standards
Familiarize yourself with the requirements and determine if certification to this standard makes good business sense for your organization.
2. Educate yourself
There is a variety of training courses available to gain deeper insight into the requirements for system development, implementation and auditing. Also read up on the subject matter. The more you read, the more informed you will be in making choices and developing your QMS.
3. Review consultant options
Experienced and expert consultants can fast track your QMS program development and implementation with realistic and effective strategies and solutions in a cost effective and timely manner. We have the expertise to assist you.
4. Do a ‘Gap Assessment”
A gap assessment is an audit of your current management system practices, controls and documentation, to determine the extent to which it conforms to those required by the ISO 9001 standard. While a trained in-house quality practitioner can do this, it is best done by an consultant (ex CB auditor), with the experience of hundreds of such audits. The audit findings are presented in an audit report along with recommendations to address the gaps. The Gap Assessment is the starting point for planning your management system development.
5. Plan - strategy, resources and project
The adoption of an QMS is a strategic decision for the organization. It is vital that your top management provides leadership, resources, involvement and support. In addition, you need to assemble a team to develop and implement your QMS. You also need to plan your implementation steps, time line, responsibilities and resources needed.
6. Determine training needs
Training will be needed at various levels of the organization. The nature and scope of training will vary according to each level. There are a wide range of courses, workshops, and seminars available designed to meet these needs. We provide a number of these training courses.
7. Develop a QMS manual
Your QMS manual should describe the QMS policies and processes and their interaction. Through the manual, you will provide an accurate description of the organization and the best practice adopted to consistently satisfy customer expectations.
8. Develop procedures and needed documentation
Procedures describe the processes and activities of your organization, and the best practice for effective planning, operation and control of these processes.
9. Implement your QMS
Work to your implementation project plan. Communication and training are key to a successful implementation. Monitor progress and get management support to overcome hurdles along the way.
10. Consider a pre-assessment
Consider having a preliminary evaluation of the QMS documentation and implementation by a Consultant or certification body. The purpose of this is to identify areas of non-conformity and allow you to correct these areas before you begin the formal certification process.
11. Select a certification body
Your business relationship with the certification body will be in place for many years, as your certification has to be maintained.
AS9100 is the quality management system (QMS) standard specific to the aerospace industry. The current version, AS9100 Rev B published in 2004, includes the ISO 9001:2000 standard verbatim and adds supplementary requirements that apply to the aerospace industry.
These supplementary requirements emphasize areas that impact on process and service safety, quality and reliability for aerospace products. It is designed to meet the complex and unique demands of the aerospace industry, from commercial aviation to defence and include several additional requirements to ISO 9001 that participating aerospace OEM companies felt were necessary to clearly define their expectations for aerospace suppliers.
The requirements within AS9100 are complementary to contractual and applicable regulations. Those implementing a QMS conforming to AS9100 must ensure that the specific requirements of their customers, country regulatory agencies (such as the FAA and the JAA) and local, state and national laws are also referenced within the system's documentation.
First published in May 1997 by the SAE (Society of Automotive Engineers) as AS9000, the AS standard has evolved to AS9100:2004 Rev. B and is recognized by all major Aerospace OEMs. It combines and harmonizes requirements defined by the SAE in the Americas and the European Association of Aerospace Industries in Europe,
The aircraft and aerospace industries have recognized AS9100 as a means for continually improving quality and on-time delivery within their supply chain. Most of the major aircraft engine manufacturers, such as General Electric's Aircraft Engine division (GEAE), Boeing, Rolls-Royce Allison and Pratt & Whitney, are requiring their suppliers to be certified to AS9100.
The AS 9100 QMS family comprise the following three standards:
1. AS 9100 Quality Management System - Aerospace requirements - for details see above
2. AS 9110 - Quality Maintenance Systems - Aerospace - Requirements for Maintenance Organizations. AS9110 focuses on the maintenance, repair and overhaul aspects of the aerospace business. Aircraft are designed to perform for 50 years or longer, but properly maintaining them is essential for the product's total life cycle and continued safe operation. AS9110 is used to complement the expanded use of ISO 9001 by major aerospace repair stations worldwide.
3. AS 9120 - Quality Management Systems - Aerospace - Requirements for Stockist Distributors. AS9120 focuses on organizations that deal directly with OEMs and accumulate aerospace materials and products for resale. These distributors or stockists while providing a useful service, can affect product performance if they fail to handle parts and materials correctly or lose a part's chain of custody from the OEM to the customer.
AS9120 complements AS9100 and may be used by OEMs or others in the aerospace supply chain. This standard applies to "pass through" distributors (i.e., businesses that accumulate and distribute parts and materials rather than add value or work on the products themselves). Value-added distributors are subject to the appropriate requirements of AS9100.
4.In addition, there are a number of supplementary documents and tools that are referenced for use in conjunction with these primary standards. These documents amplify specific AS 9100 clause requirements and in some case prescribe a defined methodology for addressing it. Please refer to the International Aerospace Quality Group website for details -
AS 9100 certification provides the following benefits:
- Provides access to the best practices of the aerospace industry
- Demonstrates your commitment to deliver quality products and services to your customers
- Brings your quality management system to level with the global standard adopted by the aerospace industry
- Improves your new market / new customer prospects on a worldwide basis
- Reduces multiple expectations and number of 2nd and 3rd party audits
- Creates independent feedback to foster continual improvement
- Improved customer satisfaction
- Reduces organizational waste, inefficiencies, and defects
- Facilitates continual improvement in business processes and customer satisfaction
- Improves process consistency and stability
AS9100 certification can be used throughout the entire aerospace supply chain including the design and manufacture of airport and airline operations, replacement parts, supply and maintenance, cargo handling, overhaul and repair depots and flight operations.
ISO 9000 indicates the overall series of the Quality Management System standards. ISO 9001 is the number of the actual standard to which a company achieves certification. Both terms are often used synonymously to refer to the certification. The year of the current revision of the standard appears in the title, such as ISO 9001.
Prior to the 2000 revision of the ISO standard, there were also ISO 9002 for companies who didn't design any products, and ISO 9003 for companies who just did distribution. ISO 9002 and 9003 have been discontinued. Now, there is just the one standard, and if certain sections don't apply, organizations can take an "exclusion" for those sections. ISO 9004 is a guidance document that helps explain the requirements of the 9001 standard. ISO 9000 itself is also a supporting document related to fundamentals and vocabulary.
The International Organization for Standardization decided not to use an acronym for their organization, because it would be different in different languages. Instead, they used the word "ISO," which is derived from the Greek word "isos" meaning "equal." The standards act as an equalizer for companies doing business across global boundaries.
Apart from the Quality Management System standards, there are many other standards that are maintained by the International Organization for Standardization located in Geneva, Switzerland, and their 158 member countries.
Apart from the obvious benefit of opening up market9001 certification is a requirement, the biggest benefits stem from having a structure to improve your processes. Because the standard is really based on best practices for organizations, it provides management with the tools to objectively decide where things are working well, and where to best apply resources to make things run more smoothly. So - ideally, ISO 9000 helps your management team maximize the effectiveness of your business, thereby enhancing growth and reducing cost. From your customers' perspective, it gives them confidence that you have an organization that can consistently meet their needs.
Absolutely. We've worked with companies of one or two people who decided to get ISO certified. The processes that you'll put in place would have the same intent as a much larger company; it's just that the implementation will be simpler. We work with organizations to assist them in balancing the appropriate level of documentation with what's necessary to meet requirements.
In fact often times the process of achieving ISO 9001 is much simpler with smaller companies due to the lack of complexities in process as well as simple and straight forward business processes.
The answer depends on a number of factors. There are costs to implement, cost related to the Registrar and costs to maintain. In terms of costs to implement, if you choose a full do-it-yourself approach, the only real costs will be in the time for resources dedicated to the implementation process and in time spent writing documents and training your staff. If you have little experience with ISO 9001, or have limited internal resources, you might choose to get some outside professional help.
Costs of registration are dependent on the size of your organization as well. Registrars establish day-rates which are dictated by the total number of personnel within the company, so typical company of less than 5 people are allotted 1 day. Most registrars charge a certain rate per day to be on-site at your facility. Currently the rate is around $1,100 - $1,500 per day per auditor. Smaller companies could expect one auditor on site for 2-3 days; larger companies may require several auditors for an extended site visit. There are also processing fees for the audit report and certificate.
To maintain your certification, the Registrar must return at least annually to audit a portion of your system.
Those costs will be less than the original visit, since the time spent will be shorter. Once every three years, the Registrar returns to audit your entire system.
The ISO 9000 standards are general enough to apply to any industry. We have clients in industries ranging from manufacturing to government and defense contractors; from education to call center operations to software development and they can all apply the standard to their business model.
The ISO standard can be purchased in various languages through the International Organization for Standardization website. In America, the standard (officially, "ANSI/ISO/ASQ Q9001-2008: Quality Management Systems Requirements") can be purchased through the American Society for Quality website. The Standards Council of Canada also has the standard available for purchase on their website.
An amendment to the ISO 9001 standard was released in November 2008. The changes primarily clarify wording, and don't add any new requirements. However, certified companies will need to review their documentation in light of the changes, and revise accordingly. If you are currently certified, you will have two years to transition to these modified requirements. If you aren't certified yet, you will have to understand the intent of the requirements, implement systems that comply with the amendment, and then be audited to the new standard. In either case, you will have to purchase a copy of the ISO 9001:2008 standard which can be found at the International Organization for Standardization website or through the American Society for Quality site in the U.S.
If the products are manufactured in a segregated area or separate building, then you may be able to limit the scope of the certification to those products. Generally it is not possible to do so if these products are built using the same manufacturing process as other products.
That being said, the work to implement ISO 9001 for these two products is probably nearly equivalent with certifying the entire facility so it might be more trouble than it's worth to try to keep everything separate.
Exclusions to ISO 9001 can be taken to requirements in section 7.0 that are not part of the company's operations. It's not related to the size of the company but the type of business you are in.
Incidentally, what IS critical in a micro-business like your's is to keep the documentation simple. We regularly work with companies as small as a 1-man shop to get ISO certified. It's important to tailor the documentation approach to not make your system overly cumbersome that only raises the ongoing costs of certification and often results in more audit findings.
The ISO standard offers best practices that can be used to implement a quality system in any organization. Many organizations who attempt to implement improvement efforts find the efforts can be disjointed without a structure such as ISO 9001. ISO provides a way to focus the management team on what they need to do to successfully implement change in ways that satisfy customers.
Yes. Your Quality System is based on the requirements of the ISO Standard, and so you need to ensure that you have a copy of the most current version to show evidence that you fully understand those requirements. Most Registrars do ask to see that you have a copy available and that it is controlled appropriately as an external document in your Document Control.
Many companies choose get ISO certified by their own, so having a consultant is not a requirement.
We do believe that having access to a consultant's knowledge and expertise can be very helpful as you try to sort out how to apply ISO in your business. One of the key factors in implementation of the ISO 9001 requirements is how and to what degree do we implement the requirements into our existing business processes, also the management of resources to support those business processes. Using a qualified consultant can save your company tremendous time and resources.
And if you have an urgent need to attain certification and limited resources, using a consultant is often the most practical approach.
Of course this depends upon several factors such as: how large your organization is; how complex your processes are; what procedures you may have in place already, etc. For a smaller company (less than 100 employees) an implementation can take 4-8 months; for a larger company (more than 100 employees) the process can take 12-18 months. The process also depends on the time and resources your company can apply to implementation.
One note about the timeframe - once you have met the requirements, there is some time needed for your systems to mature and to produce records that show evidence the systems are working. Most registrars prefer to see 2-3 months worth of records after you've implemented everything. That time needs to be figured in your overall timeline upfront, especially if you have to meet a deadline for registration. How many documents will I need?
Many people are hesitant to begin the certification process, because they incorrectly believe that they will need mounds of paperwork to comply. In fact, the ISO standard only requires a quality manual and six written procedures: Control of Documents, Control of Records, Internal Auditing, Control of Nonconforming Product, Corrective Action, and Preventive Action. Beyond those requirements, it's really up to you how much additional documentation you need to plan, operate and control your business effectively. Some companies find the need to add extra controls they didn't have previously; some use the process to delete older documents that are redundant or not worthwhile to maintain.
You can certainly be ISO certified in as little as 4 months. It requires focused attention on your part and often the help from an experienced outside consulting resource. At Paradigm Consulting we are quite experienced in this area and work diligently with our clients to achieve is a realistic time-frame.
The best way to start is to gain an understanding of the requirements and the process.
Call our office at any time to answer any questions you might have in terms of implementation of requirements and achieving certification success.
We can be reached at 905-764-0749.
A gap analysis is a process used to assess your organization's readiness for ISO 9000. The analysis can be done to review what you currently have in place versus the requirements of the ISO standard. Any differences are the "gaps" that need to be addressed. This process can be conducted by internal staff or can be done by an external consulting firm and should occur in the beginning stage of your implementation.
There needs to be an individual appointed by top management who is responsible for ensuring compliance with the ISO standards and internal procedures. This individual, the Management Representative, usually drives the initial implementation and certification project. After implementation, the Management Rep. has some specific duties relative to the Quality Management System as outlined in the ISO standard. This person needs to have some broad authority to drive change and to relate customer requirements, so the Management Rep. needs to be respected in the organization.
Internal auditors are people internal to your business - your employees or a sub-contractor - who are trained to audit your company's quality management system. In many organizations, auditors are drawn from their full time jobs periodically (usually annually) to perform "audit duties" on a part-time basis. One stipulation is that auditors are not allowed to audit the areas where they work in their full-time capacity. Even in small companies, this can be accomplished by having at least two auditors assigned. The smallest of companies might consider sharing resources within another local ISO certified company or hiring outside help.
The documentation needed to get any organization certified (be it logistics, or manufacturing, or service) is really the same. There is a quality manual needed, which is a policy level document that shows how you address all the ISO requirements.
There are six procedure level documents required: Control of Documents; Control of Records; Internal Audit; Control of Non-conforming Product; Corrective Action; and Preventive Action.
And then there are other documents that you deem necessary to run your business. The need for these documents is really your call in terms of what you need in place to control and operate your organization.
If there are sections of the ISO standard that aren't applicable - for example, if you don't design products or services - you can write an "exclusion" in your quality manual to exempt you from that section.
We provide several packages that can get you started with the quality manual, procedures and other helpful tools. They can all be modified to suit your company.
Verification is an evaluation of your final design results to ensure that they meet specified requirements for the product that were developed before the design effort began. Validation is an evaluation of your product's capability to meet the needs of your customer's application or use. In other words, verification asks, "Does our design meet the requirements?" and validation asks, "Does our designed product work for what the customer needs?"
An interesting question. In our view, an ISO-based QMS is a system of processes that are established and managed by the top management of the company. Employee "compliance" with procedures and processes is achieved with a balance between good process design and employee involvement. Both are necessary and, in our opinion, both are the responsibility of management.
A good process design is one that is easier to do "right" than to do "wrong" so that employees will more often do the "right" thing and errors are immediately made visible to the employee so that a quick correction can be made. If a process is hard to do right, or easy to do wrong, it will be done wrong sometimes simply due to human error, in spite of best effort by employees and management.
Employee involvement is achieved by the creation of a company culture that encourages identification and removal of obstacles in the process. If "real world" obstacles are hidden or ignored, it violates the rule for good process design mentioned above. Most often, obstacles are hidden or ignored because management has not made it "safe" to report problems.
That being said, there are times when an occasional employee will not want to participate and support the change. I've often said that these are the easiest problems management can solve because the appropriate action is clear.
In summary, I guess I'd more support your latter suggestion over the former one.
Metrics are critical because they provide a way to gauge the effectiveness of the processes that have been implemented. More importantly, measures tell an organization how well they are doing in meeting the elements of their quality policy. Most organizations measure several high level objectives related to speed, delivery, quality, reliability, customer satisfaction, etc. Ideally, departmental measures are then designed to support the organization's measures. For example, on-time performance can be measured not only for the business as a whole, but within each department or even at individual work areas. It's really about alignment and focus for going forward as much as knowing where the organization is currently.
As with anything worthwhile, there is some ongoing effort required to maintain ISO 9000 so that it returns real value to your organization. It is possible to implement ISO only to satisfy the auditors and to "check the certification box". But, in many cases only an extra half-step of effort is required to make the certification really pay for itself with increased quality and efficiency. Certainly there are some resources needed to maintain the processes you implement. However, most companies feel this cost is offset by the business benefits realized in terms of more efficient processes.
The ISO 9001 process does impact every employee in a certified company. Generally, the continual improvement of your company processes and procedures involves employees in helping to make changes to the ways in which work gets done, thereby making things work more smoothly. This emphasis on continual improvement is the primary purpose of the ISO certification.
The ISO 9001 standard requires that you define your processes, the sequence, and the interaction between them. Many companies develop flow charts to meet this requirement. In fact, some Registrars prefer to see a flow chart as evidence that you understand the key processes of the business. It's also a way to explain the business processes to new employees.
While it is technically possible to attain certification that quickly, it would imply a very simple process and a very small company. Most organizations take four to six months to attain certification. Also, in order to achieve any business value through the certification process, it should take some thought and planning, which takes a bit longer.
There are several factors that dictate how much time to dedicate to the Quality System. Factors such as size of the organization, complexity of the process, manual administrative systems verses automated or electronic systems (ex: Document Control) all have a role in determining if there is a need for a full-time person. Of course, during the set-up of the Quality Management System there is more of a time commitment than after you are certified. For most small companies, it is a part time role.
First, your organization has to understand the requirements of the standard and implement processes and procedures that meet those requirements. Once you have implemented the requirements you contract an outside party (sometimes known as a "third party"), called a Registrar, to come to your organization and conduct an audit. If they find you have successfully complied with the ISO standard, they will issue a certificate to your company.
When there are areas of your quality system that don't comply with the ISO standard, the Registrar may choose to write what's called a "nonconformance." It's a document that details the discrepancy and the area of the Standard to which it applies. These "findings" need to be addressed by your organization in the form of a Corrective Action plan. Periodically (once or twice a year depending on the schedule you set up) the Registrar will return to audit portions of your quality system. When they return they will ensure that their previous findings have been addressed. Typically, every three years they return for a full system audit.
Obviously, it's best to fully utilize the systems you put in place as part of how you operate the business. Not only will you realize many more benefits from your efforts, but also the Registrar's audit will become second nature and not a big "housekeeping event" where you rush to get things updated before the audit.
The terms are used in different countries to mean the same thing - so there is no real difference. Both terms indicate that your company's Quality Management System (QMS) is being recognized by a Registrar for meeting requirements of the written ISO 9001 standard.
The process doesn't quite work that way. We are a consulting firm, and we are not able to certify companies. We focus on helping you to prepare for the Registrar's certification audit. Conversely, Registrars, who do certify companies, are not allowed to consult. That objectivity on the Registrar's part is necessary for them to fairly evaluate organizations. However, we can help you find a Registrar that suits your business needs and knows your industry.
Many companies choose to implement the requirements of the ISO standard, and not undergo the certification process. That's fine for providing some confidence to their customers that they can meet necessary requirements. What they are missing is the benefit of having an outside party view their company and offer ways to improve their management systems. Having another party conduct a scheduled look at the organization can also make your company more accountable than if it were on its own. You'll also gain the extra credential to show your customers.
There are a number of Registrars who can certify your company's Quality Management System. There are several key factors that you should review as you enter the selection process. The Registrar should be accredited by a body that has international credibility, such as the ANAB (ANSI-ASQ National Accreditation Board) in America or the SCC (Standards Council of Canada) in Canada. This gives your certification more credibility. You should also choose a Registrar that has experience in your particular industry or sector. Certainly the Registrar is there to look for compliance, but they should also highlight areas to improve. This is easier to accomplish if the Registrar has a context for understanding your business. Of course cost should be a factor, though not always the most important when looking at ongoing services they can provide. One thing to remember up-front is that you are the customer. Since ISO 9001 is a voluntary standard, you have the right to choose whichever Registrar best suits your requirements. Most Registrars encourage calls to them with the issues mentioned above and are glad to quote a specific engagement for you. Part of the service we provide at 9000World is to find the best Registrar to fit your requirements.
You can certainly challenge findings from the Registrar, within a professional context. Perhaps the auditor didn't fully understand the background related to an answer given or didn't have all the information available when they made the assessment. Certainly, anything they find should not come as a surprise to you. If you are the Management Representative or even an internal auditor, it's in your best interest to accompany the Registrar's auditor throughout your facility. That way, you can learn through them, and help clarify any terms that may not be clear between them and your employees. Through that process, you can also be apprised of discrepancies the auditor is finding. They auditor should also be showing you where those discrepancies are found in the ISO standard. If you do find yourself at odds with the auditor at the end of the audit, the Registrar should have an appeal process in place that you could pursue. Again, you are the customer. If you find the auditor isn't a good fit for your organization, it's your prerogative to ask the Registrar to change auditors or even more drastically to change Registrars altogether.
No. The certification is for a company's quality management system. So - individuals can't be certified, though they can have their company's systems certified. Individuals can become a Certified Lead Auditor through appropriate training and subsequent auditing, but a person cannot be "certified to ISO 9001."
No. The certification is for a company's quality management system. So - products can't be certified, though you can have your company's systems certified, and give credibility to the processes that produced the product.
The certification is typically "site specific," meaning that in corporations, each location would be certified individually. Companies can tie together locations under one certificate if they have the same quality system process and same quality manual in place. Usually, each site gets audited to ensure they are complying with the standard and their internal procedures. For companies who want to certify a portion of their business (Engineering Services for example) the process can be done relative to that one department. Most companies see the benefits of applying the standard to all departments, however, and choose to get the entire site certified.
Many companies have discrepancies in the area of document control, especially during their initial audit. Findings include problems with inconsistent or missing documentation or documents that are not current. It's vital to have not only good documentation, but also a document control process in place that addresses these issues along with ensuring access for your employees.
Other common "findings" stem from issues with Corrective Action processes, Training, and Internal Auditing. We have several articles that discuss these issues and several solutions that can help you avoid these problems.
When an auditor from a registrar finds a discrepancy between the ISO standard and the company procedure or process, or between the company procedure and the actual implementation, they write their "finding" in the form of a nonconformance. Often, the auditor will make a distinction between a "major" and "minor" nonconformance - major being much more serious.
A major nonconformance typically indicates that the management system has not been implemented properly. For example, if you tried to get certified without an internal audit program.
A minor finding/nonconformance is usually indicative of an incident being discrepant instead of a system-wide problem. For example, if you had a problem with one internal audit file. If there are multiple instances of the same (or similar) minor nonconformance, the auditor may choose to tag the finding as major, since this indicates that the process itself has not been effectively implemented.
With a major finding, certification will not be granted until after the discrepancy is handled and possibly re-audited. With minor nonconformances, registrars will usually issue a "conditional approval" which means that you can respond to the finding with a plan and still get certified. Registrars vary as to what findings they define as major and minor and their actions vary as well. It is best to ask them to articulate the distinction upfront as you enter into an agreement with them.
What it really depends upon is the size of your company and the complexity of your process. For a smaller company, (less than 100 employees) most Registrars will be on site for 1 - 2 days. For larger companies Registrars can spend a week or bring in several auditors. Typically, they charge $1,100-$1,500 per man day plus travel plus some processing fees. So - for smaller companies you are looking at $3,000-$5,000. If larger, the cost could be $10,000-$20,000.
The Registration cost is one piece of the total cost. The cost to implement, whether you use in-house resources or bring in help, adds to the picture. There are also ongoing costs for the Registrar to conduct an annual 'surveillance audit' on a portion of your Quality Management System.
Part of the service we provide to clients is to get quotes from several Registrars local to you that we can help you assess. Of course, we also help with the documentation of your system, through tools we have available on our www.9000world.com site or through an on-site engagement.
The ISO 9001 document provides the standard for Quality Management Systems. The ISO 9004 document contains not only the ISO 9001 standard requirements, but also guidelines for performance improvements. While it's not a requirement of registration to have both documents, it's certainly helpful to obtain the ISO 9004 document to get guidance for implementing each section.
The governing body for the ISO standard itself is the International Organization for Standardization in Geneva. In terms of accrediting Registrars, the body in the US is ANAB (ANSI-ASQ National Accreditation Board.) Other countries have other bodies that certify their Registrars.
Typically all divisions of a company operate under one single certification. In this case, the divisions all share a common quality management system and a single quality manual and commons administrative procedures would be implemented. In addition, each division may have their own individual procedures for their own processes.
In some cases, it is possible to certify a single division of a company, if that division provides its own products or services to customers.
The ISO 9001 certification applies to a business, not a specific process such as handling of a specific part number. The focus of the certification is the company's "quality management system" that includes everything from how your management planning is done, acceptance of contracts and orders, fulfilling orders and customer support.
During a formal ISO audit, findings by an auditor are commonly categorized as either a "nonconformance" or an "observation". A nonconformance, whether major or minor, is a clear discrepancy between a requirement (ISO 9001 standard or company procedure) and company practice (work methods, records, etc.). Nonconformances always require formal corrective action to resolve.
An observation can be noted by an auditor for less significant issues, potential nonconformances and improvement suggestions. While generally no formal action is required in response to audit observations, many Registrar auditors will document observations that will likely become nonconformances in future audits unless addressed. Therefore, you should carefully review all audit observations to see if you can avoid a larger problem in the future by addressing a small problem now.
No outside party can "guarantee" your certification. However, with proper focus on your part, and our assistance, we won't let you go through the certification process without being ready. For the clients we have worked with directly - either through on-site consulting or phone coaching, we maintain 100% success rate for first-time certifications.
A Registrar is a private firm (not associated with the government) that you contract to conduct your audit. They provide an objective "third-party" review of your system. They are also audited to an ISO standard by independent organizations. In the US, the ANAB (ANSI-ASQ National Accreditation Board) independently ensures the quality of the Registrars processes. So - for US Registrars, you should ensure they are accredited by this body or by other country's oversight bodies outside the US.
Consultants focus on helping you to prepare for the Registrar's certification audit. Conversely, Registrars, who do certify companies, are not allowed to consult. That objectivity on the Registrar's part is necessary for them to fairly evaluate organizations. However, we can help you find a Registrar that suits your business needs and knows your industry.
A pre-assessment is an optional step in the process where the Registrar visits your company and reviews your processes and procedures "off-the-record". While it does give you an opportunity to see the areas that the particular auditor may focus on, it is definitely not required. Working with any reliable consultant gives you the same level of objective review of your process as a Registrar pre-assessment.