In short, ISO 9001 is a voluntary Quality Management System standard that helps organizations ensure they are meeting customer requirements. Note that the key word in the title is "Management." The intent of the 9001 standard is to implement systems that Management can use to better run the business.
ISO 9000 indicates the overall series of the Quality Management System standards. ISO 9001 is the number of the actual standard to which a company achieves certification. Both terms are often used synonymously to refer to the certification. The year of the current revision of the standard appears in the title, such as ISO 9001.
The International Organization for Standardization decided not to use an acronym for their organization, because it would be different in different languages. Instead, they used the word "ISO," which is derived from the Greek word "isos" meaning "equal." The standards act as an equalizer for companies doing business across global boundaries.
Apart from the Quality Management System standards, there are many other standards that are maintained by the International Organization for Standardization located in Geneva, Switzerland, and their 158 member countries
Apart from the obvious benefit of opening up market opportunities where ISO 9001 certification is a requirement, the biggest benefits stem from having a structure to improve your processes. Because the standard is really based on best practices for organizations, it provides management with the tools to objectively decide where things are working well, and where to best apply resources to make things run more smoothly. So - ideally, ISO 9000 helps your management team maximize the effectiveness of your business, thereby enhancing growth and reducing cost. From your customers' perspective, it gives them confidence that you have an organization that can consistently meet their needs.
Absolutely. We've worked with companies of one or two people who decided to get certified. The processes that you'll put in place would have the same intent as a much larger company; it's just that the implementation will be simpler. We work with organizations to assist them in balancing the appropriate level of documentation with what's necessary to meet requirements
The answer depends on a number of factors. There are costs to implement, cost related to the Registrar and costs to maintain. In terms of costs to implement, if you choose a full do-it-yourself approach, the only real costs will be in the time for resources dedicated to the implementation process and in time spent writing documents and training your staff. If you have little experience with ISO 9000, or have limited internal resources, you might choose to get some outside professional help or a consulting company like us.
Costs of registration are dependent on the size of your organization as well. Most registrars charge a certain rate per day to be on-site at your facilityTo maintain your certification, the Registrar must return at least annually to audit a portion of your system. Those costs will be less than the original visit, since the time spent will be shorter. Once every three years, the Registrar returns to audit your entire system.
The ISO 9000 standards are general enough to apply to any industry. We have clients in industries ranging from manufacturing to government and defense contractors; from education to call center operations to software development and they can all apply the standard to their business model.
Many companies choose to attain ISO certification on their own, so having a consultant is not a mandatory but highly advisable. We do believe that having access to a consultant's knowledge and expertise can be very helpful as you try to sort out how to apply ISO in your business. And if you have an urgent need to attain certification and limited resources, using a consultant is often the most practical approach. We provide several flexible options to meet most needs
The process model is based on the idea that an organization is a system of interlinked processes. The ISO 9001:2000 Standard is designed to manage and improve those processes. First, you identify your key processes. Second, you define quality standards for those processes. Third, you decide how process quality will be measured. Fourth, you document your approach to achieving the desired quality, as determined by your measurements. Fifth, you evaluate your quality and continuously improve.
Flow charts are not specifically required, but more than likely expected by your registrar. The standard requires that you identify your processes and determine the sequence and interaction of the processes. This is most easily accomplished by preparing flow charts of your product realization processes
The standard specifically requires six procedures:
That may not be enough: the standard also asks that you prepare any other documents you need to for planning, operation and control of your processes. The standard also asks that you have available the work instructions you feel are necessary. The answer to how many procedures or work instructions are required: you must decide this
The standard specifically requires records for the following items:
There is no specific requirement for frequency of management review meetings. We recommend quarterly meetings. This allows you to stay on top of upcoming issues and yet collect data between meetings that is meaningful. We have found annual meetings are not acceptable to all registrars. With annual meetings you may not be able to prevent issues or resolves issues in a timely manner. Management Review
No, there is no requirement for job descriptions. You are required to do two related tasks: define responsibility and authority and define competency in terms of education, experience, skills and training. Job descriptions are one way of accomplishing this. There are other ways including preparing organizational, job responsibility lists, and competency matrices.
Recently we have been receiving questions regarding process auditing and what it means. If you are auditing your quality management system by area or department and then auditing all the applicable ISO elements while in that department, you are doing process auditing. If you are auditing your quality system by ISO elements throughout the organization you are not set up currently for process auditing. Process Auditing.
There is no specific requirement for audit frequency. The audit schedule should be based on the importance of the area and on what previous audits have uncovered. In a new system, you will want to audit frequently, perhaps monthly, to make sure everything is implemented and working. In a mature, audits can be performed much less frequently. For a mature system (in place for several years) we recommend every six months to one year. Taper down your audits over time. If you start at monthly, try quarterly for awhile and see if it is working. Do not audit less than annually.
Of course this depends upon several factors such as: how large your organization is; how complex your processes are; what procedures you may have in place already, etc. For a smaller company (less than 100 employees) an implementation can take 4-8 months; for a larger company (more than 100 employees) the process can take 12-18 months. The process also depends on the time and resources your company can apply to implementation.
One note about the timeframe - once you have met the requirements, there is some time needed for your systems to mature and to produce records that show evidence the systems are working. Most registrars prefer to see 2-3 months worth of records after you've implemented everything. That time needs to be figured in your overall timeline upfront, especially if you have to meet a deadline for registration.
Many people are hesitant to begin the certification process, because they incorrectly believe that they will need mounds of paperwork to comply. In fact, the ISO standard only requires a quality manual and six written procedures: Control of Documents, Control of Records, Internal Auditing, Control of Nonconforming Product, Corrective Action, and Preventive Action. Beyond those requirements, it's really up to you how much additional documentation you need to plan, operate and control your business effectively. Some companies find the need to add extra controls they didn't have previously; some use the process to delete older documents that are redundant or not worthwhile to maintain
You can certainly be ISO certified in as little as 4 months. It requires focused attention on your part and often the help from an experienced outside consulting resource. Another option to speed up your ISO project would be to utilize a template-based documentation package like we provide on the 9000World website.
There are several factors that dictate how much time to dedicate to the Quality System. Factors such as size of the organization, complexity of the process, manual administrative systems verses automated or electronic systems (ex: Document Control) all have a role in determining if there is a need for a full-time person. Of course, during the set-up of the Quality Management System there is more of a time commitment than after you are certified. For most small companies, it is a part time role.
In addition to these if you are looking at answers to the following questions, get in touch with us for the answers.