The ISO 9001 accreditation is part of the International Organization for Standardization 9000 standards. They are awarded to businesses for quality. The ISO 9001 is recognized worldwide as an award for a company’s internal quality management or actions that the company takes to ensure the product or service they provide is of the highest quality. Customer satisfaction is a major factor in whether a company will be awarded an ISO 9001 accreditation. The International Organization for Standardization in Geneva, Switzerland publishes thousands of international standards to help companies throughout the world more efficiently do business with one another. The 27 page ISO 9001 standard is focused on defining minimum business practices for the production and delivery of a company’s products and services through the implementation of a formal “quality management system”, or QMS. An ISO QMS is made up of certain processes, documentation and other formal practices that control internal company operations to ensure customer requirements are consistently met. To pass an audit, an organization must follow these guidelines: Develop a Quality Management System (QMS) manual. Develop the procedures required by the ISO 9001 Standard. Determine the additional processes and procedures that are needed by the organization to perform work and satisfy the requirements in the ISO Standard. Operate in accordance with the organization’s documented QMS. Provide evidence that the organization is operating according to the QMS. The achievement of an ISO 9001 certification is a milestone in demonstrating to your customers that you have implemented a reliable system of producing and delivering your products and services. The focus of this “system” is twofold: providing consistent products and services; and continual improvement in your processes leading to better results. The ISO 9001 certification is granted by a third-party auditing firm called a Registrar who specializes in quality system auditing. There are a wide variety of Registrars located in every ISO participating country. Some firms have offices internationally; others have a more regional focus. The selection of your Registrar is one of the more important decisions you will make to ensure the best alignment with your type of business, your location(s) and overall cost of maintaining the certification. The initial certification audit is conducted in two parts. The Stage 1 audit is a general review of your QMS documentation to ensure you have addressed all of the requirements of the ISO 9001 standard. Depending upon the size of your business, this can be conducted in a one to two day visit to your facility or virtually via phone. Any discrepancies noted during the Stage 1 audit will be documented in a formal report and must be corrected before the Stage 2 audit. The main part of the ISO audit is the Stage 2 audit which is always conducted onsite at your location(s) and will be focused on the implementation and effectiveness of your QMS. During this audit which can take 1 day (for very small companies) to several days, the auditor(s) will tour your company, speak to managers and employees, and review documentation and records (along with any Stage 1 discrepancies) to ensure that your system is fully implemented. If nonconformances are found, they will be documented in a formal report for correction. Following the Stage 2 audit, you are generally given thirty (30) days to submit corrective action plans for all audit nonconformances. Once corrective actions are received, your certification is complete and your certificate is issued. In order to maintain the certification, you will participate in an annual surveillance audit from your Registrar where they confirm that you are maintaining your QMS. Every third year, a more comprehensive re-certification audit is conducted, similar to the initial certification audit.
ISO 9000 family of standards and SMEs
The ISO 9000 quality management system is generic in nature and applicable to all companies, regardless of the type and size of the business, including small and medium enterprises (SMEs), and they are applicable to all categories of products, whether hardware, software, processed materials or services. ISO 9001:2008 specifies what is required to be done by an organization but does not indicate how it should be done, thus giving the enterprise a lot of flexibility to run its business.
It is simple to use, clear in language and easily understandable. The new standard is also appropriate for small companies, as it does not demand the type of paper bureaucracy needed for the implementation of the 1994 version. Only six documented procedures are now required and need for other procedures/documents can be decided by the company. Companies will, however, be required to provide objective evidence that the QMS has been effectively implemented. A small company may find it appropriate to include the description of its entire QMS within a single Quality Manual, including all the documented procedures required by the standard.
The process-based approach given in the new standard will tend to ensure that systems are documented and implemented in a manner that suits a SME’s own way of doing business. This approach makes it easier for SMEs to implement, instead of just taking over an artificial structure of QMS imposed from outside. It will also be easier for SMEs managed by their owners to demonstrate “top management commitment” towards QMS. Furthermore, in a SME, it is easier to ensure effective internal communication, better utilization of resources, people clearly understanding their roles and responsibilities, etc.
The new standard has included a provision for deciding on the applicability of
certain product realization processes included in section 7 of the standard. For example, if the SME has no responsibility for the design and development of the product it provides, the SME may say so, giving the reasoning behind it, in the Quality Manual; the certification body, being satisfied that this corresponds, would then award it certification to ISO 9001:2008. Similarly, other product realization processes such as purchasing, product identification and traceability, control of measuring devices may also be excluded if these are not applicable for the type of products or services being provided by the company.
It is also possible that SMEs may not have adequate in-house expertise or there may be other constraints to perform all processes on their own. In such cases, the new standard also permits the outsourcing of any of the QMS processes, providing the company has control over such processes. The nature of this control will depend on the nature of the outsourced or subcontracted processes and the risk involved. For example, the design and development process may be subcontracted to an expert or a specialized agency, inspection/verification of goods purchased may be subcontracted to an inspection agency, internal audit of QMS can be outsourced, etc. However, overall responsibility for ensuring control on all outsourced processes as per requirements of the standard would remain with the company’s management.