What is ISO?
“ISO” is a prefix, which means equal. The ISO 9001 Standard is the most fundamental of the Quality Management System Standards. It is a business management system standard that applies equally to any type of service or manufacturing organization. Over 130 countries support ISO.
What is ISO 9001:2015?
ISO 9001:2015 is a quality management system standard that requires the organization to define its key business processes, their interaction and control, and to define and measure goals and objectives to assure continued conformity and effectiveness. This process management system stresses the importance of identifying customer needs and expectations prior to accepting order requirements or carrying out service delivery; and then delivering the agreed upon services or products. The guidance to management offered in this International Standard is based on seven quality management principles:
- Customer Focus
- Engagement of People
- Process Approach
- Evidence-based Decision Making
- Relationship Making
As required by the ISO Standard, the organization’s quality management system must address not only the ISO requirements but also any and all customer or regulatory requirements. In other words, the Quality Management Model must adhere to all local, state and national law, rules, regulations, ordinances or any and all accreditation standards.
What is ANAB?
The ANSI-ASQ National Accreditation Board (ANAB) is the U.S. accreditation body for management systems. ANAB accredits certification bodies for ISO 9001 quality management systems and ISO 14001 environmental management systems, as well as a number of industry-specific requirements documents based on ISO 9001.
What is a Certification Body (Registrar)?
A Certification Body or Registrar is the external auditor that would audit your quality/environmental management system to ensure it conforms to the ISO applicable Standard. In order for a Certifying Body to achieve industry-specific accreditation, the Certifying Body would be required to assemble an audit team including a certified lead auditor with industry-specific expertise. The Certifying Body must provide training to their auditors to ensure appropriate, on-going qualifications and must provide periodic evaluation of continued competence, including on-site witnessing of auditors.
What is the Process for Certification to the ISO 9001:2015 Standard?
After the organization obtains management commitment, a gap analysis should be performed. Many successful organizations have many of the components of the ISO Standard in place. The organization must define the scope of its Business Management System (e.g. products/services, locations). The organization would then develop the appropriate documentation (define and document its business processes and define their sequence and interaction). The organization would then implement its defined and documented business processes and monitor/measure them for effectiveness. Where processes do not achieve desired outcomes, actions are required to be implemented. Once an organization feels its system has been successfully implemented a pre-assessment should be conducted. If successful, the organization would invite the Registrar (external auditors) in for an audit. The Registrar would then assess the organization’s documented system to ensure adequacy against the imposed requirements, and then come on-site to audit the documented system for conformance and effectiveness.
How Much Does the Certification Audit Cost?
Pricing of the certification audit (by the registrar) is dependent on the number of audit days required to be spent at the facility(ies). The number of audit days is based on the number of employees and identified business processes (complexity of your organization).
ISO certification will save your organization not only money but also other resources such as time spent in redoing a task, or performing unnecessary or duplicate tasks. ISO is unique in that it relies on the individual organization to “establish, document, maintain and improve its processes”. It is a quality management tool that can help organizations streamline processes and remove any unnecessary steps.
By defining your business management system and capturing any and all applicable requirements (e.g. customer, regulatory) and best practices; you essentially have positioned yourself to sustain performance improvements and adherence to any and all applicable requirements imposed on your organization.
How Often Must an Organization be Re-Audited to Maintain its Certification?
The organization is surveyed on a triennial cycle with surveillance audits occurring either every six months or every year as chosen by the organization. The Management Review, Internal Audit and Corrective Action Processes will always be audited, along with a review of any changes made to the system; and progress against improvement objectives. The audits are planned/scheduled with the Certification Body (Registrar).
What happens if the external auditors (registrar) find nonconformances or opportunities for improvement? A nonconformance is a failure to meet a specified requirement. Nonconformities (Minor or Major) identified during the audit must be resolved and closed within the designated time frame (following the on-site audit). Formal responses are required. Generally the Registrar provides a corresponding Corrective Action Request based upon the severity of the nonconformance, the registrar may close out the nonconformance off-line or on-site.
The auditors provide opportunities for improvement observed during the audit. These observations may prove beneficial toward making the system more effective. Formal, written responses are not required; however, if you concur, effective actions should be applied. It is the Lead Auditor’s discretion as to which, if any, OFIs will be reviewed at the next surveillance.
How Long will it take the Organization to Become Certified?
Most organizations take between one to three years in order to become certified to the applicable Standard. The timeline should be based upon the scope of the system, required efforts, and available resources. By carefully defining and designing your quality/environmental management system, your organization will benefit tremendously from laying the groundwork correctly and not consume wasted resources in having to redefine processes.
Will I need more people to help the Organization Become Certified?
Many organizations already have a quality manager(s), risk manager(s), documentation controllers and/or other support persons located in their organization. By making the commitment to become certified to the ISO Standard, this will become a priority focus in your organization. Most organizations do not add additional personal; but rather re-allocate responsibilities. If additional resources are required, however, they usually amount to 1-2 FTE’s.
What other Resources are Needed?
In defining and developing their quality/environmental system, many organizations have defined best practices and system wide standard approaches. Some organizations have invested capital resources in standardizing equipment, and electronic document systems. Also internal auditors must be selected and trained. In most organizations the internal auditors are existing employees. It is critical, however, that some portion of their time be allocated for performing these audits.
Is Training for the Management Team and Employees needed?
The organization will appoint a person or person(s) that is responsible for overall coordination of the system’s design, development, implementation, and improvement efforts; as well as reporting on the performance of the system to management. These individuals need training.
ISO requires the organization to perform audits on each identified business process. Each process must be audited once per year with additional audits scheduled based upon “status” of the processes and importance. A consulting company could perform these audits or you may elect to have identified individuals in the organization trained to be internal auditors. The typical training is two days.
The Executive Management Team will need training on the ISO Standard, their roles and responsibilities, and the Organization’s Business Management System specifically the Internal Audit process, Corrective and Preventive Action processes and Management Review process.
The Middle Management Team should have training on the ISO Standard, the Organization’s Business Management System specifically the Internal Audit process, Corrective and Preventive Action processes, Document Control process and Record Control process; as well as the processes they support.
Employees will require training on the organization’s quality/enviornmental management system, areas they impact, the importance of their role in supporting the system, and the effects of noncompliance.
What are the Benefits of Certification?
- If an organization is certified to any standard, any other survey or audit process will be less costly in regards to time, effort, and dollars.
- Documentation of “Best Practice” processes, with reference to supporting documentation.
- Systemic breakdowns are recognized and addressed.
- Reduced errors associated with “hand-offs”.
- Improved documentation and records.
- Improved understanding of roles and responsibilities.
- Strengthened customer confidence and relationships.
- Alignment of organization wide, Departments, Individual objectives.
- Foundation for on-going improvement initiatives (e.g. Lean, Six Sigma).