Planning your ISO 9001:2015 Certification Journey
Anyone reading this might think that we’ve gone back to square one with this post, but not everyone starts at the same point in their journey to ISO 9001 certification. Hence, there’s a reason for the discussion that follows.
“Why” should be established first
The first question to consider before “how” do we get ISO certified, is to make sure that everyone involved has a good understanding of “why” - Why do we need or want ISO certification? This question is important - it’s going to take work, its going to take resources and it’s going to take commitment.
One of the responsibilities of Top Management is communication. An understanding of “why” goes a long way towards clarifying the importance and the urgency for the organization to achieve ISO certification. A clear sense of purpose will unify and will align the organization towards achieving this goal; ambiguous platitudes about the benefits of ISO will do nothing of value, and may create the perception that ISO certification is less important, and has less priority, than other work activities.
“How” should include milestones and dates
Over a decade ago, here on the outskirts of Houston TX, we came up with 4-step approach to getting ISO certified. I know of other consultants that have their own, similar approach. I even know of some cases where our approach has been directly copied. Someone is always trying to create a better mouse-trap with their name on it.
1. Document your system
2. Implement your system
3. Verify your system
4. Get ISO certified!
These four steps are established in the order shown, as this approach is both logical and systematic. In fact, this is the actual process model upon which our own company’s ISO 9001 certification is based. You can’t implement a system until its been documented; you can’t verify a system until it’s been implemented; and finally, a system can’t be certified until everything is complete.
When I’m planning for certification, I’m starting with an end-date in mind, then working backwards, configuring my plans against the deadline that’s been established. Regardless if the timeline is 1 year, 6 months or 3 months, the work is essentially the same, as the requirements don’t change; only the duration does. The dates for any deliverables can then be aligned to correspond with the overall project calendar.
Milestones and dates should be tracked religiously
Over the course of preparing for certification, there’s roughly 300+ requirements that must be met. Depending upon the company, some of these requirements will already be in place, and some of these requirements will be new to the organization. With a set start date, a set end date, and a set number of requirements, getting prepared for certification really is a matter of scheduling.
While very much an oversimplification, here’s the easiest example: If we have 32 weeks (8 months) to get ISO certified, and have 320 requirements (tasks), we’d then we’d need to meet 10 requirements per week (320/32 = 10).
If we accomplish 12 tasks per week, it will put us well ahead of schedule; if we’re only able to complete 7 tasks per week, we’ll miss our target date by almost two months.
It sounds simple doesn’t it?
Simple is a relative term; getting ISO certified is simpler than learning brain surgery. Getting ISO certified is likely simpler than preparing your own taxes. It is probably not going be as simple as ordering a pizza, or pumping a tank of gas. Company size, age, the number of employees, complexity of the business, internal cooperation, internal coordination and institutionalized bad habits all play a factor.
All else being equal, what’s your personal experience and understanding of ISO 9001 Quality Management Systems? Do you have a background in QA / QC? Do you have a degree in Management?
Getting ISO 9001 certified should be considered 1/3 understanding, 1/3 planning and 1/3 execution. We’ve been asked to fix many certification efforts that have failed; most often the cause is a lack of planning and execution, not a lack of technical understanding of ISO 9001.
ISO 9001:2015 Risk Examples
As part of each client engagement, we go through a process of brainstorming what risks and opportunities should be considered as part of their Quality Management System (QMS). This activity begins with determining the organization's context, which includes defining the QMS and its processes. With these processes defined, and corresponding inputs / outputs identified, we can then begin to associate "what could go wrong" with each.
A few QMS risk examples are shown below, for an imaginary company created solely for this illustration, that I'll just call "XYZ Corporation". As it happens, "XYZ" has a fairly straightforward ISO 9001:2015 Quality Management System, developed around the manufacturing of everyday widgets...
Sales Risk Examples:
Customer Requirements Unclear
Purchasing Risk Examples:
Wrong Product Delivered
Substandard or Defective Materials
Production Risk Examples:
Wrong material used
Manufactured to obsolete drawing
Inspection Risk Examples:
Reject good product
Accept bad product
Miss inspection point
Unable to perform inspection
Delivery Risk Examples:
Lost in shipment
Damaged in shipment
Delivered to incorrect location
Identifying QMS risk doesn't have to be particularly difficult, and many different companies share similar risks, although each one will likely have different views on the corresponding impact. Just take your time, give a little thought, and start out by making a simple list. Also note that some occurrences are merely beyond our control, and there is no reasonable effort that would mitigate an impact on our QMS (e.g., meteor strikes, global war, plague and the zombie apocalypse).
Hope the risk examples above were helpful. Since ISO 9001 requires us to consider both risks and opportunities related to our QMS, we'll follow up with some additional examples shortly, as part of another post.
ISO 9001:2015 - Frequently Asked Questions
We're constantly getting questions about all things ISO 9001, and ISO 9001-related. We've decided to share some of the best questions we've been asked on our blog.
What is ISO 9001?
ISO 9001 is an international standard developed by the International Organization for Standardization for Quality Management Systems. "ISO" is not an acronym as would be expected; it is from the Ancient Greek isos, or "equal". The "9001" refers to the standard (Quality Management Systems), with "2015" referring to the year published.
Why do I need ISO 9001?
When talking about the "need" for ISO 9001, a true need would typically result from the requirements of a customer or other interested party, or as the result of a compliance obligation. However, many organizations do aspire to be ISO compliant, due to the potential benefits of improved performance, standardization, market recognition, etc.
What's the difference between being ISO 9001 compliant and ISO 9001 certified?
Compliance is a matter of meeting specified requirements. Certification refers to a written confirmation that specified requirements have been met, through a process of review by an external party. To be ISO 9001 certified therefore, it can be assumed that you've been audited by a third party and found compliant, with a written statement to that effect issued. With regards to ISO 9001, this written testimony is usually issued by an ISO Certifying Body or Registrar, which is accredited for such purpose.
What’s the difference between ISO 9001:2008 and ISO 9001:2015?
Any technical differences aside, ISO 9001:2015 is the replacement standard for ISO 9001:2008. It was issued in September of 2015, with a three year implementation window; as a result, ISO 9001:2008 will no longer be valid after September 2018.
ISO 9001 has a reputation for requiring a lot of documents. Do we still need to "document everything that we do"?
ISO 9001:2015 makes only a few references to documented information that must be "maintained" by an organization's Quality Management System; however, the new ISO 9001 standard does require that the organization ensure the effective operation and control of its processes. There is no longer a requirement for a quality manual, and there is no minimum number of procedures.
The minimum requirement for documented information that must be maintained includes: the Scope of the Quality Management System (4.4), Quality Policy (5.2) and Quality Objectives (6.2).
I plan to upgrade from ISO 9001:2008 to ISO 9001:2015. Can I keep my existing work instructions?
From our experience, aside from some reorganization, there's little changed between ISO 9001:2008 (7.0, Product Realization) and its replacement, ISO 9001:2015 (8.0, Operation). Assuming that day-to-day work operations are not impacted by the ISO 9001 upgrade, there shouldn't be any affect on existing work instructions.
Do I need to hire an ISO consultant to get ISO 9001 certified?
There's no ISO 9001 requirement for a consultant to be involved with your ISO 9001 certification efforts. You should consider a consultant if either your organization does not have sufficient resources or capacity to handle this task themselves, or alternatively, your organization lacks the technical skill and/or experience.
How long should ISO 9001 certification take?
How long it takes for a company to become compliant is an internal issue, which must take into account the number of employees, the complexity of the work performed, the stability and control of existing work processes, and the resources which will be allocated to support compliance efforts. Assuming no consultant involvement and limited experience, 1-2 years is not an unreasonable amount of time. Hiring a good consultant may be able to reduce this duration to a few months.
The amount of time to complete the actual process of certification would be in addition to any time spent on initial compliance efforts. Once the certification process is initiated with the Certifying Body, it is typically completed within 90-120 days.
How much should an ISO 9001 consultant cost?
This is the magic question asked by almost every organization. Pricing varies due to a range of factors, including company size, range of products, geographic location, etc., as well as the expertise, experience and reputation of the consultant themselves. We always recommend getting multiple quotes prior to making a decision.
Our ISO 9001 Blog
Information, thoughts and periodic updates from MAS Solutions' QMS Consulting Group.
Please Like or Share this page if you find the content useful, so we'll know to keep posting. Enjoy!