The Seven Step Process to ISO 9001 Certification
So you have decided you need to become ISO 9001 Certified, largely because you have heard from your customers that you need to show that you are ISO Certified, or maybe you are going to respond to a large tender and in the Tender document there is a question about your ISO Certification, or maybe you have done some research and found out that ISO 9001 Quality Management Certification is what over 1.5 million companies around the world have done and it has helped these companies to be the most successful and sustainable Companies today.
The question is how do you do this, where to start, how can I find out what I need and importantly what is this going to cost? Here at Apliso we can assist in answering all these questions and more importantly show you how this can be achieved, in a shorter time than you think. Here is a guideline for you.
Step 1 – Define your business context
Here you need to answer a few simple questions and record these in what is called the Context of the Organisation Document. This is like your Business Profile statement, just a little more detailed. The first question is who are you? If you were an Electrical supply company it would be something like, we are a company that specialises in the provision of quality electrical equipment and services to the commercial and residential market. Next question you need to answer is where do we operate? Again using our Electrical Supply Company example, we would say that our business is based in South Africa, with our Head office and main supply centre being Cape Town. We have smaller branch offices in the main centres of Durban, Johannesburg, Bloemfontein and Port Elizabeth. We have a number of approved agents in the smaller areas around South Africa. Next you need to identify who are all the interested parties in what you do and how you do it. For example, the interested parties will be your customers, your staff, your suppliers, your bankers, your landlord (if you don’t own your property), your local municipality etc. All these parties have an interest in what you do and how you do it and you need to make sure you have identified this and recorded the information. It would then be a very good idea to record your strengths, weaknesses, opportunities and threats – this SWOT analysis then becomes your check-in point to see that you are able to build on your strengths and opportunities while eliminating the weaknesses and threats. This Context of the Organisation document then becomes your “stake in the ground” and provides you with means to regularly check back and make sure you are who you say you are.
Step 2 – Define your Quality Policy and Objectives
Now that you know who you are and are confident that this reflects what you do, you now need to look at setting some objectives of where you want to go and this needs to be aligned to an overall Quality Policy. Your Quality Policy states that you want to deliver a quality product and service to your chosen market (identified in your Context of the Organisation Document). Furthermore, you want to achieve this through a process of continual improvement in the business by providing your people with the skills, technology and tools to deliver your product and service. At the same time your intention is to achieve this by aligning your business to the ISO 9001:2015 Standard.
Your Quality Objectives are a statement of measurable goals or KPI’s across the business (all departments) that allows you to continuously measure if you are achieving the results you intend. These need to be reviewed regularly and action plan put together to show what you will implement to achieve the objectives. It is important to remember to communicate both your policy and objectives to all in your company so they know what they need to achieve.
Step 3 – Define the required ISO Processes
ISO requires that we define and document certain processes and procedures in the business. These processes and procedures are there to ensure that your business can in a controlled and consistent way deliver against your defined Quality Policy and Objectives and against your identified business context. Here is a summary and simple explanation of those processes required:
- Control of documented information – your company policies, processes and procedures are what is called documented information. These need to be effectively controlled so that everyone knows that they are using the correct document (version, date issued etc.) Also we need to ensure company records like supplier information, training details are correctly recorded to provide information to allow for effective decisions and continual improvement.
- Internal Audit – how will you know if your Quality Management System (QMS) which is made up of all the policies, processes, procedures and records of the company are working they way they should work? The answer lies in having an internal audit process and then appointing internal auditors to test and report back on the results on a regular basis. This is like your ongoing internal assessment of your business.
- Non-conformance – what do you do if things go wrong? What if people don’t follow the process, what if your product fails to meet the quality criteria you or your customer have set? What if your customer complains about your service or product? All of these are what ISO terms Non-conformances, and we need to record these events, and then importantly find a way to fix them (Corrective Action). The more information we gather from these non-conformances, the more we have the opportunity to continually improve our business and product or service to our customers.
- Corrective Action – we agreed that things will go wrong. Nobody and no business works perfectly all the time. So when these things go wrong (non-conformances) we need to ensure we fix them quickly and efficiently. This is called Corrective Action. However corrective action on its own is only half the job done. We need to analysis why it went wrong and ensure we put in place measures to prevent it from going wrong again, thus continually improving the business.
- Risk Management – we continually have to look at the risks that affect our business and then come up with the tools or processes and the ability to mitigate these risks. Risk can be both internal, i.e. our processes not delivering what is required or external as in business risk from external sources. We need to be able to record these and have a process for eliminating risk.
Step 4 – Company Processes and records
So how do you do what you say you should do? This is not a trick question, but is a fundamental question to be answered. Let’s look at this by way of an example. Assume for this example you are a bakery and you bake cakes. The question is how do you bake a cake? Fairly easy I hear you say, you have some ingredients, you have a recipe, you have some equipment and then you use the ingredients in the correct quantities by following the recipe and bake the cake for the correct time in the oven (equipment). Well that in ISO speak is a process. You have a number of inputs (could be people, equipment, materials or other processes) that go into a process and at the end of the line generate an output. For your QMS you need to document and define your processes that represent what you do. These processes, like in the example above are the recipes of your business and your staff need to follow these to deliver your product or service.
Over an above the processes that define what and how you do things, you need to keep accurate records of results, so you can check that your processes are working correctly and in the event of a non-conformance you can identify the flaws or errors in the process.
Step 5 – Implementation, risk review and training
So now you have defined who you are (Context), what you do (Context), how you want to do it (Quality Policy, Objectives and Processes), who will do it (Context and Processes), you now need to implement all this into a Management System. A Management System is nothing more than the collection of processes, policies, procedures, technologies and people that work together to deliver your product or service. You need to ensure all your staff are trained and understand this Management System and can work according to what has been defined. This training is important as ultimately your team is responsible for delivering the end results (products or services) to your customer. If you look at a Formula 1 racing team, they train on their pit stop process continually to ensure that when the driver comes in for new tires or repairs, the pit crew know exactly what to do, who is doing it and make sure the car is back on track in the shortest possible time. Is this not what we need in our business. Your QMS is the Pit crew training manual.
While you are doing the implementation you will need to do an internal assessment of the management system by testing for weaknesses and risks. Record these and make sure your team can prevent these risks from occurring and causing the business to stumble.
Step 6 – Internal Audit and Management Review
Your QMS is defined, your staff are trained, you are operating according to the defined processes and you are delivering your product and or service to your customer, right? Well so you think, have you really stepped back, taken a critical look at your processes with an eye for what they should be doing? Have you checked that you have defined everything required by the ISO 9001:2015 Quality Management Standard? This is where your internal audit function is so important. You need to have someone either internal to the company who is not involved with the process or who has a good understanding of the ISO Standard to come and do a critical evaluation of the QMS. They must identify where your processes are not performing correctly or the way they were defined, they must check that per the ISO Standard, you have all the correct documents and records. Then prepare a report to present to Management who must now perform their review of the Audit results, the risk information, the non-conformances and the policies and processes and be satisfied the QMS and all the above are delivering the value and results intended.
Step 7 – Final ISO Certification
You have now reached the final stage and are ready to be ISO 9001 Certified. You will need to contact a registered ISO Certification Body and contract them to come and complete your ISO Certification process. The Certification is a 3-part process, starting with a review of your documentation. Here the ISO Auditors are going to do a sample test of your QMS Documentation and make sure it meets the requirements of the ISO Standard and all other applicable legal requirements. If this is all satisfactory, they will then move to stage two being the audit of the processes. Here again by way of sample testing the auditors want to be satisfied that your processes accurately reflect what is being done in the business. If there are no issues or identified non-conformances, then the auditors hand over their report and information to the ISO Review Board who will assess that the audit has been completed correctly and in terms of ISO Requirements. Assuming all is in order, you will then be issued with your ISO 9001:2015 Certificate and this is valid for three years. Congratulations, you now become a member of the top companies worldwide who have completed and achieved the certification for quality management. Wear the badge with pride, but more importantly use the QMS to continually drive your business forward to bigger and better things.
We hope you find this seven step process useful and it points you in the right direction. Here at Apliso we pride ourselves in making this process as smooth and easy as possible for our clients. We work with you to complete these seven steps quickly, efficiently and cost effectively so you can get on with delivering your quality product or service to your customers.
ISO 9001 Certification is not simply for big business, we have clients who are small, I mean really small, as in 3 staff members and then we have clients who are big, really big with over 4000 staff. We have a solution and process that will work for you.
We know form experience that most of our customers come to us to assist in this process because not only do we understand what the ISO requirements are, but we are able to match these to your business and develop a QMS that is unique to you, built and designed with you for your team. If you would like our help, why not contact us at email@example.com or call on +27 87 150 5559.