Frequently Asked Questions About ISO 9001:2000

It is a system that is used to manage quality. ISO (the International Organization for Standardization) definition is 'the management system to direct and control an organization with regard to quality'.

Think of it as the system a particular business uses to design, develop or make products. If you make or manufacture widgets, it's the system you use to make them. If you sell or distribute products that other companies make, it's the system you use to buy & sell them. Or if you are a service business, then it's the system you use to develop and deliver your services.

Your business quality system comprises your policies, processes, procedures, people, tools and equipment or other resources: all that is involved in producing your products or services, from planning them in the first place, through creation or design (if that applies), through development and finally delivery to your customers. But a quality management system goes beyond just 'producing product' to include how you manage yourself, making sure your people are competent, that you have the right equipment, tools or whatever else you need right through to checking your results, making sure what you planned to happen in fact did happen, and doing something sensible about that if not.

All the various elements work together (or should do!) to accomplish goods or services of consistent quality that meet their specifications.

Do you have a business now? Have you been in business for a year or more? Are you still in business? Still have customers buying from you? If you answer yes to these questions, you already have a quality system. It may not be an 'ISO 9001 quality system' yet, but you do have a quality management system. And you probably already have some kind of QA, perhaps also some QC.

What is ISO 9001?

ISO 9001 is an international Standard. It represents an international consensus on good management practices for quality. The aim is to ensure that your organisation can deliver the products or services that meet the quality requirements of your clients, time and time again. These agreed good practices have been distilled into a set of standardized requirements for a quality management system, no matter what your organization does, what its size, or whether it's in the private or public sector.

ISO 9001 is the most widely known and internationally accepted model for a quality management system, used by organisations across the globe for some highly effective quality systems. At the end of 2005 over 800,000 businesses were certified to it.

ISO 9001 is a generic Standard. (as is ISO 140001 for environmental management). Most other ISO Standards are specific. A generic Standard can be applied to any organisation in any industry or field in any country, regardless of the type of product or service, or the size of the organisation.

The more you follow this virtuous quality circle, the better your system becomes.

A continual improvement process as an important step to enhance the quality management system

Increased emphasis on the role of top management, which includes its commitment to the development and improvement of the quality management system, consideration of legal and regulatory requirements, and establishment of measurable objectives at relevant functions and levels.

The concept of “Application” of the standard has been introduced (in clause 1.2) as a way to cope with the wide spectrum of organizations and activities.

A requirement for the organization to monitor information on customer satisfaction as a measure of system performance. Significant reduction in the amount of required documentation.

Increased compatibility with the environmental management system standard ISO 14001

Addition of the concept of organizational self–assessment as a driver for improvement (ISO 9004:2000)

Quality is no accident, especially consistently high quality, Quality Management Systems are being developed to comply with current international directives, standards and practices. An effective Quality Management System in your company will enhance productivity, reduce costs and increase your opportunity to garner a solid position in the market for your products and services. Companies determined to keep their competitive edge now and in future are developing through comprehensive quality management systems. Benefits of installing a quality management system are enormous.

What is a Standard?

It is a published document that sets out specifications (and sometimes procedures) intended to ensure that a something is fit for purpose and consistently performs in the way it was intended, whether a material, product, method or service.

Standards establish a common language which defines quality and establishes safety criteria. They ensure quality and consistency. Some simple examples include:

What's in the Standart?

The requirements aren't impossible, arcane or even strange. Really, they are just sheer good practice, and sound business sense. Requirements are set out in these groups:

An important point: The requirements specify what must be done, but not how.

The requirements are generic. And because it can be applied to all kinds of businesses & organisations, you need skill and experience to apply it intelligently and effectively in your particular organisation and environment.

Which makes sense if you think about it, because you can't - or shouldn't! - just try to apply a 'one size fits all' approach to, say: a security firm, a property development company, an automotive parts manufacturer, a food-producing business, a nonprofit professional organisation, police stations, the Australian ATO, the USA's Federal Aviation Association or companies that develop, service or install software.

An ISO 9001 system must be both documented and auditable - that is, able to be audited.

On the down side, the Standard was written by a committee, and has the inherent weaknesses of multiple authorship. And the language it uses isn't always immediately accessible: it can be difficult to understand.

Why do ISO 9001? Why do ISO

That's a very important question. You should have at least one good reason to do it. And just 'having the certificate' alone is definitely not a good reason - it's one of the most common mistakes.

Some of the most frequent reasons given: greater client assurance, because it's the most widely known quality system model, it's internationally accepted, or to get benefits such as increased sales, improved processes, improved communication at all levels, greater business control, greater internal consistency and discipline, and reduced costs through doing things faster, better or cheaper and/or reducing errors or customer complaints.

Should everyone 'do ISO'? Not necessarily, but using it as a model for your quality system can benefit almost any organisation.

If you decide to apply for certification, then there is a cost involved, although too often people only focus on the 'cost of quality'.

Try turning that thinking around to consider the cost of not having quality. What's the real cost of business lost through failures in services or products? The cost of dissatisfied customers? Of repeating the same mistakes, duplicating work. Or of inefficient processes, when it's cheaper and more effective to do things once and get them right the first time (not the second, third or even fourth).

If you really can't achieve any extra satisfaction for your customers (eg, a welfare organisation with a 'captive market') then certification may not be valuable for you. If you're not sure, ask a certifier or consultant; any reputable one should be able to advise.

The quality management principles of ISO 9001:2000 are aligned with the philosophy and objectives of most quality award programs.

Can I do ISO 9001 myself?

Getting ISO 9001 certification does take time, effort and resources. You must know what the Standard says, identify your gaps, and work out how to fill them. You'll also need to know how to interpret the Standard and apply it to your business.

Do expect it to take you some time and effort to figure out what's involved, to perhaps take longer than using a consultant, and thus also to involve cost. A potential solution is using a good DIY kit.

What's a Certifier or Registrar?

A company with the authority to issue certificates is called a certifier or registrar. They supply the external auditors. Only companies who are accredited can award certificates, provided of course they agree you meet all the requirements at their audit.

Certifiers award the certificates: think of them as a bit like an examiner. They test (audit) your system, and if it meets requirements, give you the certificate. But they don't coach you, help prepare you, or tell you how to 'pass'. In fact they can't, because this would be a conflict of interest. But good certifiers will adopt a 'business partner' approach, not a dictatorial or inspector-like attitude.

How does it happen? You choose a certifier: & sign up with them, agree on the particular Standard (eg, ISO 9001) and the scope, pay the fees, and arrange a date for audit.

Are all certifiers the same? No. Contrary to widespread belief, they're not government bodies but are private companies: service providers. They all assess you against the same Standard, but of course there are differences. Choose the one you think will suit your business best.

What do consultants do?

Consultants help and advise. We assess your system against the requirements, do a gap analysis to establish your current position, advise, coach you through the process and how to meet the various requirements, and prepare you for audit. We do not certify (accredit) you.

A good consultant can be very valuable. We can speed up the process, make it easier and more efficient, so you save time and money. We make sure you avoid the most common mistakes. A good consultant will help you get a system that suits you, not just a certificate.

But ultimately only you can decide if it's worth it, because it's your company, your time and your money. Do take care selecting: How to choose a consultant.

What are the benefits of Quality Management?

Clients consistently report many benefits from gaining ISO 9001. These include: greater management control, greater clarity about what they do and how, improvements in customer satisfaction, having a 'much better handle' on what they are doing, increased employee satisfaction, reduced rework and frustration, and reduced maintenance effort.

Quality Manual - what is it?

The quality manual is an important part of your 'quality documentation'. It may be the main or even the only component.

ISO 9001 says your system must be documented. It also has specific requirements for you to include:

§ a quality policy - the position or approach that your organisation takes on policy

§ measurable objectives - what you plan to achieve, and how you will assess that

You add anything else needed in your organisation, which might be anything from checklists and flowcharts to IT systems or engineering drawings.

What does a Quality Manual look like?

Contrary to popular belief, there isn't a single acceptable format. And it isn't possible (fortunately!) to state definitively that it must always look like this, and always have certain exact headings. It really depends on what is needed. Think of a sports car, a delivery van or a SUV. While they're all vehicles, what's "right" in one situation won't be in another. A smallish business might only need a single manual, whereas a large company might require many.

The manual/s can be hardcopy (paper) or softcopy: online documents like web pages, help files, even internal IT systems. And they can be done in many ways, from easy to very hard.

The best way of understanding the 'quality manual' is to look at a good example, and preferably a couple.

Exemptions or 'We Don't Do Design'

When there were separate Standards, you had to choose the applicable Standard, and then meet all its requirements. But now, with the single Standard ISO 9001:2000, you may claim exemption from certain clauses but only in a single section: section 7.

Also, you must provide good reasoning when you claim exemption, and your exemption must not affect your ability or responsibility to provide product/services that meet requirements, either customer or applicable regulatory ones.

For example, if you just make the same things over and over again, and thus don't do any design-related activities, you could claim exemption for that clause (7.3) because it does not apply. If you don't use, acquire or hold any property of your customers (7.5.4), you could exclude that clause.

But you can't just choose to opt out and exclude a clause just because you want to. For example, an architectural practice simply could not reasonably argue that 'design' did not apply to their business activities. A business that includes repairs of products sold under warranty, which they take back from customers to fix, could not claim exemption from 7.5.4 'customer property' and so on.

Where does a standard come from?

Producing a Standard is a lengthy process of gaining consensus between national delegations representing all the stakeholders concerned - suppliers, users, government regulators and other interest groups, such as customers and consumers to agree on the specifications and criteria to be applied.

Accreditation is the means that an authoritative body (such as UKAS) uses to give formal recognition that an organization (such as a Registrar) is competent to carry out specific tasks. Accreditation, which is voluntary and strictly enforced by the accreditation body, provides assurance to a Registrar's customers that the Registrar operates according to internationally accepted criteria.

All quality management system registrations are issued for three year cycles, as required by the governing bodies. Your certificate will be issued with a “valid until” date three years beyond its issue. NQA will schedule your audits such that your new certificate will be issued prior to the expiration of the original certificate.

Internationally, the two terms are used interchangeably, as are the terms “Assessor” and “Auditor”.

“Customer satisfaction” is recognized as one of the driving criteria for any organization. In order to evaluate if the product meets customer needs and expectations, it is necessary to monitor the extent of customer satisfaction. Improvements can be made by taking action to address any identified issues and concerns.

ISO 9001:2000 is based on quality management principles that include the “process approach” and “customer focus”. The adoption of these principles should provide customers with a higher level of confidence that products will meet their needs and increases their satisfaction.

How Will The implementation of Iso 9001:2000 Help My Organization To İmprove its Efficiency?

ISO 9001:2000 aims at improving the effectiveness of the organization. For improved organizational efficiency, the best results can be obtained by using ISO 9004:2000 in conjunction with ISO 9001:2000. The guiding quality management principles are intended to assist an organization in continual improvement, which should lead to efficiency throughout the organization.

“Continual improvement” requires an organization to focus on continually increasing the effectiveness and/or efficiency of its processes, to fulfill its policies and objectives. Continual improvement (where “continual” highlights that an improvement process requires progressive consolidation steps) responds to the growing needs and expectations of customers and ensures a dynamic evolution of the quality management system.

While financial information may be used to demonstrate the effectiveness of certain aspects of a firm's quality management system, it is not addressed by the ISO 9001:2000 standard. Although the ISO 9004:2000 guidance standard emphasizes the financial resources needed for the implementation and improvement of a quality management system, ISO Registrars do not require or audit financial information. Additionally, any such information that may be disclosed in the course of an ISO audit is protected by strict confidentiality agreements signed by the Registrar and its Auditors.

The text of ISO 9001:2000 is more generic than the 1994 version in order to be applicable to different types of product and to organizations of different sizes. Due to this generic nature it may be that some industrial or commercial sectors will identify additional requirements to attend to their specific needs.

To assure consistency between the ISO 9001 requirements and sector requirements, a pilot study was conducted using the development of an automotive industry document as the test vehicle. The pilot project successfully achieved the publication of an ISO technical specification (ISO/TS 16949).

How can a small organization adapt to the requirements of ISO 9001:2000? What flexibility is allowed?

The requirements of ISO 9001:2000 are applicable to small, medium, and large organizations alike. ISO 9001:2000 provides some flexibility, through clause 1.2 “Application”, on the exclusion of certain requirements for specific processes (e.g. those covered by clause 7, such as design activities) that may not be performed by the organization. However, the individual organization still needs to demonstrate its capability to meet customer and applicable statutory or regulatory requirements for its products, and to consider this when determining the complexity of its quality management system.

It's no secret that registration under the international ISO 9001:2000 standard is a powerful marketing advantage that sets a company apart from its competitors and can help get new customers while retaining existing ones.

What some firms don't realize is that there are specific rules that apply to the use of ISO as a marketing tool. One common mistake is to claim that one's product is “ISO–registered”. Registration under ISO 9001:2000 applies only to your quality management system, not to your products or services. For this reason, marketing materials must never use ISO or Registrar logos or artwork in a way that could be misinterpreted to mean that products or services are ISO–certified or registered, and in fact the Registrar will withdraw a firm's registered status if it engages in such practices. It should also be noted that the International Organization for Standardization (ISO) forbids firms from using its copyrighted ISO logo. For specific guidance on this issue, ask your Registrar.

What does my organization need to do if it is registered to ISO 9001, ISO 9002 or ISO 9003:1994?

ISO 9001:2000 superseded ISO 9001, 2 and 3 as of December 15th, 2003, and registrations to the 1994 versions of ISO 9001, ISO 9002, and ISO 9003 are no longer valid. You will need to evaluate which specific requirements of ISO 9001:2000 are applicable to the nature of your business and the extent to which your present quality management system (QMS) meets those requirements. Provisions have been made to exclude non–applicable requirements within Section 7 of the standard through clause 1.2 “Application”. If, for example, the nature of your products does not require you to perform design activities or if your product is provided on the basis of established design, you will need to discuss and justify the exclusion of these requirements with your certification/registration body. (See also the ISO/TC 176/SC2 Introduction and Support Package: Guidance on ISO 9001:2000 Clause 1.2 Application.)

No. As ISO 9004:2000 is a guidance standard, it is not intended to be used for third party certification purposes. A key element in the new ISO 9004 is the ability to perform self–evaluation. Third party QMS certifications/registrations are performed to ISO 9001:2000, which has consolidated the previous ISO 9001, 9002, and 9003 standards.

If the system is appropriately implemented utilizing the eight Quality Management Principles, all interested parties will benefit from ISO 9004.

A Registrar (also known as a Certification/Registration Body or CRB) is a third–party company that is contracted to perform an impartial evaluation of an organization’s quality, environmental, or other management system's conformance to the requirements of the appropriate ISO standard, and to issue a registration certificate once conformance is verified.

Registration is performed by a Registrar organization (also known as a Certification/Registration Body, or CRB). It is accomplished through a series of document reviews and facility visits and audits. The Registrar's Auditors look at an organization's procedures, processes, and operations to determine their conformance to the requirements (elements) of the applicable quality system standard, and verify that the organization's operations conform to its’ internal documentation and procedures.

The Registrar looks at a variety of issues including but not limited to the applicant organizations administrative, design, and production processes; quality system documentation; personnel training records; management reviews; and internal audit processes. Preparation for registration can take anywhere from several weeks to more than a year, depending on the readiness of the organization applying for registration. The actual process of registration depends on factors such as the size of the organization, the scope of its activities, and the number of facilities being registered and their location. The document review typically takes one or two days, and the on–site Initial Assessment can take anywhere from two to as much as ten or more days, depending on the factors noted above.

Step 1: Complete the Questionaire and submit. A Quotation will be returned to you in less than 48 hours. If you would prefer to have the questionnaire mailed or emailed to you.

Step 2: Sign and return the Quotation and Registration Agreement with a purchaser order or check for the initial activity (the document review in most cases). You will then be assigned to a Customer Support Representative who will contact you to discuss the scheduling of your activities, including the Optional Pre-Assessment, as well as the auditor choices available to you.

Step 3: Quality Manual Review - The first step in the audit process will be a review of the Quality Manual and Level I and II Policies and Procedures. The Quality Manual and Procedures encompass or reference all of the documented quality system policies, procedures and work instructions that form the foundation for the overall planning and administration of activities affecting quality. This activity can be conducted at your facility, or the manuals can be forwarded to us for an off site review.

Step 4: Pre assessment Audit (Optional) - The pre-assessment is an optional service which can be tailored to meet the individual needs of the organization. Reports issued during the pre assessment will detail corrective action requests to be completed by the registration assessment. The pre assessment is not a guarantee of a pass or fail at the main registration assessment; however, it can be used as an indicator of the strength or weakness of the areas of the system sampled.

Step 5: Registration Assessment - The assessment is aimed establishing compliance of the company's with the applicable standard (supported by Briefing notes and guidance notes as appropriate) and establishing, by seeking objective evidence that the company is working in accordance with their DQS. The assessment includes an opening meeting between the Audit Team and the organizations representatives, the assessment itself, and a closing meeting at which the findings (if any) are given to the company in a report along with a recommendation for registration.

Step 6: Re-Assessment - Upon receipt of your registration, you will begin the Re-Assessment Cycle. The purpose of continued surveillance visits is to ensure continuing compliance with the standard. The program will ensure that over the three year period, all elements of the quality management system are assessed. The triennial cycle ends with a Re assessment audit, which may or may not increase the on site time required. The following topics will be covered in all surveillance visits: clearance of previous non-compliances, internal audits, management review, customer complaints, quality objectives, customer satisfaction, continual improvement, changes to the DQS, changes to the scope, use of the registration/certification mark, number of employees, and a sample of other components of the system.

14 Essential Questions To Ask Before You Choose Your Iso 9001 Consultant

If they do mind, they probably don’t want your business. And you don't want them.

But you do need to ask your questions at a reasonable time, and not just for price-shopping and 'tyre-kicking'. What's 'reasonable'? It might be when you meet. You should expect any good consultant to want to know something about your particular situation before offering either advice or an estimate. It isn’t reasonable to just phone out of the blue and expect a busy consultant (if we're good, we're usually busy) to stop whatever they are doing and take a lot of time answering your questions. Especially if you've never even met or spoken before.

2. How long have you been in the field of quality management? And as a consultant?

It's important to know something about their history and experience. What's their background. What have they achieved? How much experience do they have? In what fields? You really don't want to be the first client for someone who just got made redundant (or sacked even) and decided to become a consultant.

Their answer will give you some clues to their approach, their values and their priorities. Do these sound compatible? Is there any fit with your ideas, or are they completely different?

This will tell you if they've even taken the time to think about this, let alone develop their own definition. Can they explain what they mean by quality to you? Does it align with yours? Do their eyes light up or their voice fill with enthusiasm? Do they sound interesting? Do you understand what they say? Can you find any areas of agreement?

Some warning bells: if they spout a lot of incomprehensible ‘quality speak’ at this point, and/or quote the official ISO definition to you, rather than using their own words, or if they get very vague and ramble a lot, watch out. They are most unlikely to improve on further acquaintance.

5. What would you need from us? What can we do to make this project go smoothly, and minimise our costs and time?

You’re looking to see if the way you want to approach getting ISO 9001, and the way that they do it, are going to be compatible. Are they?
Caution: If they say something like 'Just stay out of my way, I'll do it all and make it all happen for you,' run a mile.

6. What’s been your best quality/ISO 9001 job? Why was that?

Listen for what's important to them and take note of their criteria. If they indicate the job where they earned the most or took the longest, probe further. If their main motivation appears to be fees or income, think twice if not three times. You should be able to work in partnership with a consultant, not feel they're out to rake in every last cent possible.

An experienced consultant will have had at least one difficult job. How did they respond? Do they lay blame or accept some responsibility? Did they learn anything ... or was it all the fault of the client?

Recruiters love to ask this kind of question, because the answer usually indicates how someone dealt with difficulties in the past, and thus what their approach is likely to be again in the future.

Partly you're just gathering information about their experience and history. But also, you're looking to see if they understand your field. Manufacturing ('making stuff') and services ('doing stuff') are relatively different.

If you are in a service field but the consultant only has experience in manufacturing or industrial businesses, I'd be cautious, and more inclined to seek one with experience in service sectors. Conversely, a consultant with experience only in service industries may lack understanding of manufacturing.

These will give you an idea of the kind of written style they have, and their skill (or lack) in presenting information or perhaps documenting processes. If they show you a manual that would double as a doorstopper, or documents that make your heart sink just to look at, let alone read, keep looking.

They probably can't show you a full set (we keep our clients' information confidential, remember), but any reputable consultant should be able to show you some samples. If they can't show you anything at all... why not?

10. Can I Contact Some Previous Clients Of Yours? Or Do You Have Written Referrals or testimonials from previous clients?

A good consultant would provide one or both of these. If you do follow up contact details, contact at least a couple of people. Were they happy with the services? And look for ones that are relatively recent, say within the last 18 months to 2 years. If references only refer to the old version of the standard (1994), the consultant is now way out of date.

Some fine consultants may not have written referrals or testimonials. Not everyone asks for them and also many companies have definite policies about not providing them in these litigation-prone days. But if you cannot at least get some feedback from past clients, be very cautious.

11. Will You Provide a Written Proposal?

Even for a relatively small project, you should expect to receive something in writing that sets out who is to do what, by when and for how much. You both need to be clear about what will be done, who is responsible for what, as well as the deliverables (ie, the services, documents, training sessions, or other artifacts that will be delivered), the timing and of course the costs and terms.

12. If we decide to use you, how will progress be tracked?

You must know how you will be kept informed. For example, do they provide written reports or are there scheduled meetings? If they have no plans to do this, how will you know how things are going?

Getting a quality system in place and achieving certification is a project - you need a consultant who understand at least the basic disciplines of project management. And if you don't want to know and think it's all entirely up to them (after all, that's what you pay them for), then please rethink, preferably right now! If there is any slippage or holdups, you risk not finding out that things are off the rails until you're some distance down the track. Which is usually expensive.

13. Are you willing to do some part of the project first, such as a gap analysis or a project plan to an agreed price?

This enables you to try them out without committing yourself further at this point. For example, the consultant might do something they call 'benchmarking', 'scoping' or a gap analysis. This is quite a common practice among professional services consultants.

Unprofessional or bad consultants won't like this suggestion. If they refuse or become agitated, say goodbye. Now.

14. If we use you and don’t get our certification first time, what will you do?

If you don't get through the external audit because you ignored the consultant’s advice to you (which should be written if it’s something important), then that’s your prerogative and the failure is down to you. But if not, why? You pay for the consultant’s advice and expertise not to "fail" the audit!

PS: If you get an answer like “Eat my hat”, then engage them, because you've found a consultant who not only has confidence and experience, but also a sense of humour. And in our opinion that's a wonderful thing to have at any time, not least in quality management.