ISO What is really required for a small company

0333 577 6614

Contact Us / Log in

By Cindy Goulding | May 2018 | Achieving ISO 9001 Certification

MYTHS

One of the most common misunderstandings about ISO 9001 certification is what must be in place to get your quality management system certified. Many people ask, “What does it take to PASS an audit?” The problem with that question is that no one really passes or fails audits. I’ll explain.

Let’s say a certification auditor comes and reviews your system and finds 3 things wrong. That doesn’t mean you have failed the audit, it means you will fix those 3 things and then you get your certificate.

The first step in getting your quality management system certified is believing that you can and deciding to do it!

Granted, ISO 9001 has been around over 25+ years and has developed quite a reputation. Many people understand the benefits associated with certification. Some myths have developed too and some that are commonly heard include:

ISO 9001 is too hard for a small business
ISO 9001 is nothing more than added paperwork
Small companies must hire someone full time to implement ISO 9001
The question to ask is “Are these really true?”

Let’s take a closer look.

TRUTH

ISO 9001 is NOT too hard for small businesses. Every year, hundreds of small businesses are becoming ISO certified. The requirements can be hard to understand at first, but with perseverance, you too can learn how to satisfy each one. To stay competitive, many small companies are finding it more and more advantageous to become certified. Small business owners can do this!

ISO 9001 does NOT mean you have to add a bunch of paperwork to your system. The paperwork you have now may be all you need. ISO 9001 is better thought of as a structured improvement program. By implementing processes that are required, your company will be better run, customers are better served, and employees better understand what is expected. Life is just better.

Small companies do NOT need to hire someone full-time just to implement an ISO 9001 quality management system. Quality consultants are available from companies such as Compassrose and they can help you to understand and fulfill the requirements. A good question for any consulting firm is “Are you certified to ISO 9001?” You should get a consultant who practices what they preach.

ISO 9001:2015

With the 2015 revision of ISO 9001, small companies should be shouting for joy! There are several reasons for this.

1. The 9001:2015 standard is more focused on results and less focused on paperwork.

2. This revision is more flexible and easier to tailor to smaller companies and those in service-based industries.

3. It provides general guidelines that you apply to your organization rather than telling you how to run your company.

Many small companies are finding ISO 9001 simpler than they thought and much more helpful for realizing actual improvements that their customers can notice. Isn’t that the point, after all?

What is all boils down to is this: If you want your company to be ISO certified, then do it!

Decide to become certified, buy the standard and read it
Decide if you need a consultant
Yes- Select a consultant from an ISO 9001 certified firm
No- Assign the project to yourself or another capable individual
Compare each requirement to what you already do
Meets requirement- continue doing what you’re doing
Does not meet requirement- improve your system to meet the requirements
Select a certification body (or registrar)
ISO 9001 is not rocket science, but it will give your business a boost!

2018 has been and gone so by now you must have done 2 things:

1. You must update your Quality Management System to the new ISO 9001:2015 standard or,

2. It’s time to finally get ISO 9001 certified and level the playing field amongst your competitors.

In the previous version of ISO 9001, a lot of documents were written to show the auditor how awesome we were. Many times, the documents landed in a binder, not to be touched until the surveillance audit one year later. This phenomenon occurred because the standard used to be more prescriptive with lots of “shalls”, “wills” and directives telling us how to run our businesses.

Thank goodness the ISO Technical Committee took a long look at the standard and agreed that successful businesses, in general, already know what they are doing.

Most businesses just need some guidelines to help them demonstrate that they have embraced world class business practices and applied them to their organisation. Previous versions of the standard focused on the manufacturing industry and required a lot of adaptation to apply the principles to the service industry and organisations with intangible deliverables. The 2015 version allows for much more flexibility and options to demonstrate compliance.

So, now that we have a shiny, new ISO standard, you may be asking, what is actually required to transition or obtain registration for the first time? One of the first things that you may discover when discussing the new standard with quality professionals is that binders of documents, including the Quality Manual, are no longer required. This is a true statement, however allow us to clarify this concept and keep you out of trouble.

ISO 9001:2015 allows an organisation flexibility in the way it chooses to document its quality management system (QMS). This enables each individual organization to determine the correct amount of documented information needed to demonstrate the effective planning, operation and control of its processes and the implementation and continual improvement of the effectiveness of its QMS. Documented information can be used to communicate a message, provide evidence of what was planned has been done, or knowledge sharing. This was taken straight out of the ISO/TC 176 document, Guidance on the requirements for Documented Information of ISO 9001:2015.

Keep in mind that an organization can only be audited on two things:

• Documented information required by this International standard;

• Documented information determined by the organization as being necessary for the effectiveness of the quality management system.

Documented Information does not equal “piles of paper”. The standard allows documents to be in any form or type of medium, including, but not limited to paper, magnetic, electronic or optical computer disc, photograph, and master samples. Your team can determine what is appropriate for your organisation to demonstrate compliance to the standard and your own processes.

The documented information that organisations must maintain (plans, policies and documents that are subject to change) includes:

• The scope of the quality management system (4.3).

• Documented information necessary to support the operation of processes (4.4).

• The quality policy (5.2).

• The quality objectives (6.2).

The documented information that organizations must retain (records that are not changed after they are released) includes:

• Monitoring and measuring equipment calibration records* (7.1.5.1)

• Records of training, skills, experience and qualifications (7.2)

• Product/service requirements review records (8.2.3.2)

• Records about design and development (8.3)

• Product and Service requirements (8.5.1)

• Records about customer property (8.5.3)

• Change control records (8.5.6)

• Record of conformity of product/service with acceptance criteria (8.6)

• Record of nonconforming outputs (8.7.2)

• Results of the quality objective data that is monitored and measured (9.1.1)

• Internal audit reports (9.2)

• Management review meeting minutes (9.3)

• Results of corrective actions (10.1)

Whew! That seems like a lot, but we can almost guarantee that your organisation is already retaining these types of records. ISO 9001:2015 will simply guide your team to consistently collect and retain the required information.

Did you notice what was not on the list? Procedures. Your organisation can determine the best method of organising and communicating the methods of how you conduct business from the top executives of the organization to the people who affect how the business runs daily.

For mature organisations with standardised processes, cohesive teams and consistently delivered desired outputs, very little “paper” is required. For organisations new to the ISO standard, we recommend that you determine the minimum amount of “paper” required to ensure that your team understands what they are supposed to do and the desired outputs are achieved consistently. Remember, “paper” is just an example of how compliance can be demonstrated.

Another new concept in ISO 9001:2015 allow businesses to align the standard with strategic business goals instead of implementing a QMS as a separate, almost disjointed project. The context of the organization (4.1) encourages organizations to look at the strengths, weaknesses, opportunities, threats (SWOT) and risks in their industry that could jeopardize the business or allow it to outperform competitors.

Employee Awareness (7.3) ensures that everyone not only understand the Quality Policy, but also understands how their cog fits into the entire wheel of the organisation. Everyone must be aware that what they do or fail to do every day can positively or negatively influence business performance.

Lastly, gone are the days when the ISO Auditor and Management Representative sit sequestered in a conference room for several days and come out with an ISO certificate. Today’s ISO auditor is going to talk with the top executive first and work through the entire organisation to get proof that the QMS is a way of life and not just a row of neat binders on a shelf.

Compassrose is here to help you navigate through the standards and make your journey to certification surprisingly simple. (well we think so anyway)