ISO 9001:2015 is the most widespread standard for managing quality, with over 1 million organisations worldwide having certification. ISO 9001 is an internationally agreed framework, outlining all the elements of best practice an organisation should employ. Its purpose is to:
a) help businesses to build strong quality management systems
b) create a benchmark against which the performance of companies can be judged
c) help businesses satisfy customers through improved products and services
There are a number of benefits to having a well implemented ISO 9001 Quality Management System:
It strengthens your image and credibility, helping you to win projects
Without a doubt, the ability to show clients that you have a certified quality management system in your business is one of the most powerful arguments for achieving certification. Having an independent third party verify your organisations processes sends a strong message to clients and prospective clients that you mean business and will deliver time after time.
It aids the repeatability of processes
Having standardised ways of working is essential when you are looking to provide the same quality of service or product time after time. Avoiding variation is essential in any organisation, particularly when you are either looking to scale up or are already at a good size. Standardisation should occur to the level that is beneficial. Where creativity or flexibility is a key element, this should be recognised by writing processes that allow room for creativity but still define inputs and outputs.
It is an enabler of scalability
If you are looking to grow the business, at some point it becomes essential to start documenting how processes work. ISO 9001 gives a framework for this, and helps you to think about both the key operational processes that generate your product and service, but also the critical support processes like HR and supplier management.
It can help you save money
Running a good quality management system does require financial outlay, however if implemented correctly your business will make a net saving. A quality management system ensures that you have competent staff to do the work, defined processes to prevent errors and a framework in place to catch errors when they do occur and prevent them occurring again. We have seen a good quality management system reduce costs associated with errors by over £100,000 in a business with a turnover of £10m.
It's the basis for creating a quality culture
The process of implementing and maintaining a good quality management system will engage all staff. It is easy to overlook the significant impact that a workforce united to producing quality work can have. If every member of your team takes accountability for their work and actively looks for ways to improve how things are done, the ability of your business to learn and improve will set it above and beyond the reach of your competitors.
When you first look at the standard, the layout and terminology can be confusing. However, as you understand further how the ISO 9001 standard is structured the logic starts to appear.
The 10 Clauses
The ISO 9001:2015 standard is written around 10 clauses. Of the ten clauses, it is clauses 4-10 that are audited. Clause 1-3 are used to set the scene of the standard but are less important when it comes to your ISO 9001 implementation.
Clause 4 - Context of the Organisation
Your organisation must identify, monitor and review external and internal issues that are relevant to your business and its strategic direction, especially those that will impact quality. You can use tools like PESTLE, SWOT and Porters 5 Forces to consider all the factors shaping your business. You should document your findings and review them regularly. This clause also asks you to document all the interested parties who have needs and expectations of your business. Finally, this is the clause that suggests that you should have documented processes and procedures. How you document these processes and procedures is up to you, however typical ways include swimlane diagrams, turtle diagrams, standard operating procedures, or simply writing down how each process in your business occurs.
Clause 5 - Leadership
Leadership involvement is a critical component in making a quality management system work, and for this reason the standard makes it a requirement. Leadership are required to create your Quality Policy, set quality objectives, be present in the quality reviews and communicate the importance of quality throughout the organisation. Some of the ways leaders are involved will be tangible, e.g. the writing of the quality policy, but in other ways their involvement will be intangible, e.g. by acting in a way that positively promotes a quality culture.
Clause 6 - Planning
In Clause 6 of ISO 9001:2015 you need to demonstrate that actions to ensure quality are planned and do not occur by chance. The standard asks you to document the major risks facing your organisation and any business opportunities you believe that you have. These risks & opportunities should be linked to the contextual issues and expectations of your interested parties (Clause 4). This clause also requires you to set and document quality objectives, and to have a way to plan for changes in your business that may impact the quality of your output.
Clause 7 - Support
This section of the standard is about all the pieces of a management system that act like the oil, allowing everything else to run smoothly. We are talking about making sure you have the right people in place, the right infrastructure (physical and digital), a good working environment and sufficient knowledge (both individual knowledge and organisational). You are also required to have a way to monitor how well your organisation and the processes are working, e.g. with KPIs. If you have machinery or equipment that needs to be calibrated this also needs to be done regularly and documented.
Clause 8 - Operations
This is both the longest clause in the standard and the clause which can be the hardest to neatly define. It requires your organisation to carry out your operations in a controlled manner, applying the factors you have identified in clauses 4 to 7. You need to consider aspects such as; how you communicate with customers; determining the customer and legal requirements for your products and services; how you design and develop a product and service; how you control suppliers; how you follow up after delivering products and services; and what you do if there are issues during production, delivery or use. Evidencing this clause to an assessor is usually done through a walk through your workspace, observation of a job or project from end-to-end and interviews with staff.
Clause 9 - Performance evaluation
There are three main components of performance evaluation. Firstly you will need to demonstrate how you get feedback from customers and ideally have a way of documenting this feedback. Secondly is the important business of internal auditing - you will need to demonstrate that you regularly audit all the key components of the management system to review performance. Lastly, you will need to hold periodic 'management reviews' in which the person responsible for the daily running of the management systems reports back to the leadership team against a set agenda.
Clause 10 - Improvement
The key mechanism for continual improvement is a 'nonconformance process'. Although this sounds a bit foreboding, it is actually a constructive way to review your systems when something goes wrong and address the root cause of the issue. It is not about finding fault with individuals, rather the focus is on understanding why a process has broken down. The other half of improvement is the general way in which your business continually improves how it operates, either through small incremental changes or larger step changes.
Our experienced consultants are available to support you through the process. We can help you perform a gap analysis to understand where your strengths and weaknesses are, host educational sessions to talk you through the requirements of the standard or help you with a full implementation.
Gain confidence that you will deliver to specification time after time
Streamline their own due diligence & tender process if you are certified
Will receive goods and services which are continually improved
Streamlined tendering processes and point of competitive advantage
Cost savings from reduced wastage and returns by getting it right first time
Sense of pride that you run your business to international best practice
An analysis of the internal and external issues that can impact your business
A well utilised risk management process
Documented and communicated business processes
A well deployed process for training staff
Utilisation of well chosen indicators (KPIs) to monitor business performance
A process for managing the relationship with suppliers
A process for addressing errors, complaints and unexpected circumstances
Consistent approach to calibration and equipment maintenance
Checks on product output/service delivery to check you have met your product & customer requirements
Internal audits to check processes are working as intended
Documented management meetings to make key quality and business decisions
ISO 9001 is based upon a 'Plan-Do-Check-Act' Cycle to drive continual improvements
Here are what we consider to be the key ingredients to make a really strong quality management system. It is also important to recognise that ISO is a journey and no company will have a perfect system in the first few years. It takes learning and continual improvement to embed quality in the business:
Senior manager involvement
Senior management must be involved to give legitimacy to the quality system, ensure the team buy in & provide the resources needed
Engagement of staff
Staff should be asked to help write the processes in the first instance and then be actively approached to make suggestions for improvements as the system matures
Thirst for continual improvement
Ideally the whole organisation, or at least a number of influential members must have a real desire to push the business to continually improve, learning from mistakes and seeking suggestions from all team members for improvements
Consistency & discipline
A QMS should not be a consideration once a year just before the auditors come in - instead work should be carried out on the management system little and often (e.g. spreading the internal audits throughout the year; or arranging quarterly quality meetings)
Collaboration with suppliers
The role suppliers play in your success shouldn't be underestimated - the best companies develop strong mutually beneficial relationships with suppliers and speak regularly with them to see how both parties can make improvements to their relationship
The certification process can be confusing when you first research it.
Here, we will throw light on how the process works.
Firstly, you will need to have implemented or be in the process of implementing the Quality Management System. You don’t need to have fully implemented the system before contacting the certification bodies, however having made a start or knowing how far you have to go can help set a date to aim for.
The next step is to contact one or more certification bodies to ask for quotes. You will be required to provide information about your business (i.e. nature of your work, number of employees and the roles they do, number of sites) so the certification body can make a good approximation about how many days it will take an assessor to audit your business.
We recommend contacting at least two certification bodies since the price and number of days they expect the audit to take can vary.
Based upon the quotes received, you will need to decide the most appropriate body to certify your business and set a fixed date for your Stage 1 and Stage 2 audits.
Before the external audits you must fully implement your management system. This includes organising processes, creating policies, conducting internal audits, holding a management review and putting in place other mechanisms. A good consultant can help you put in place a management system with maximum efficiency.
On the agreed dates, you will receive two rounds of audits, a Stage 1 and Stage 2 audit, usually 4 - 6 weeks apart. On successful completion of these audits, you will receive the certificate
The Stage 1 Audit
A Stage 1 audit is an initial visit from the assessor in which they aim to; get a feeling for your business and the processes involved; check your readiness for the full Stage 2 audit; and see if there are any major gaps that need to be filled before Stage 2
This is an important step as if anything is missing it can be resolved before the full audit. You cannot ‘fail’ a Stage 1 audit however you should have your management system as fully implemented as possible. If your system is particularly weak at Stage 1, the Stage 2 audit may be postponed and you may need another Stage 1 audit to determine readiness at a later date. A good consultancy like 2SB will help you be ready for your Stage 1 so nothing major is missing from your system and that you can move on smoothly to the Stage 2 audit.
The Stage 2 Audit
At Stage 2 the assessor will take a much deeper look into your business processes. They will be walking around, speaking to staff in the organisation, looking at whether your own processes are well implemented, and checking to see if the systems meet the requirements of the ISO standard. The auditor will typically take a job, project or process and look at it from start to finish to understand how you initiate, deliver and then follow up projects, or produce products.
The Stage 2 audit will give one of three results:
i. Your system is well implemented and meets the requirements of the standard. There may be some recommendations for improvements but there are no nonconformances. You will receive your certificate.
ii. There have been minor nonconformances observed, and these need to resolved. You will receive a report giving you details of the minor nonconformance(s) and a timeframe to address them within. Once you have submitted proof that the nonconformance(s) has been addressed you will receive your certificate.
iii. There is a major nonconformance observed. In this case it is likely you will have to resolve the issue and undergo another audit to confirm it has been addressed. Generally, major nonconformances will be prevented by the Stage 1 audit which should highlight any major gaps in the system.
Once gained, the certificate is valid for three years, with the UKAS requirement that surveillance audits carried out annually and re-certification audits every third year.
What are surveillance audits?
Once you have gained your initial certification, you will be required to have annual surveillance audits to ensure that your system is still functioning as intended.
Surveillance audits are ‘lighter’ audits than the initial certification audit and will generally focus on higher risk/more critical business functions and on areas that nonconformances have been previously observed. If a minor nonconformance is raised during a surveillance audit, you will be required to address this before the next annual audit. If a major nonconformance is raised, this will need to be addressed and proof submitted or further audits carried out to ensure the system has been repaired.
What is a re-certification audit?
The re-certification audit forms the final part of the certification cycle. It is more in depth than the surveillance audits and successfully passing it will give a renewed certificate for a further three year cycle (with annual surveillance audits).
The role of the Management Representative is to manage your ISO certified system, to ensure that it is effectively implemented and to prepare it for the annual surveillance visits.
The most recent versions of the standards no longer require a Management Representative, with these responsibilities now transfered to the "top management", this is to ensure that they are fully aware that they are responsible for the effectiveness of the organisation's management system. Thry may also oversee internal audits to ensure the ISO management system is performing as required.
2SB's recommendation is that the "top management" delegate these responsibilities for the management system to a committed member of staff with "top management" still actively involved.