What is ISO 9001? What is Required for Certification?

Introduction to the ISO 9001 Standard

What is ISO 9001?

ISO 9001 is a global quality standard focused on defining minimum best practices for the production and delivery of a company’s goods and/or services. It focuses on efficiency, customer satisfaction, and continuous improvement, and guides organizations to the development of a formal quality management system (QMS). The QMS comprises processes and documentation that control operations and ensure that requirements are met.

Who Wrote it?

The International Organization for Standardization (ISO) is made up of national standard bodies from more than 160 countries.

Who Uses it?

ISO 9001 can be implemented by any company of any size. Currently, there are more than a million organizations worldwide that are certified to the standard.

What are the Benefits?

Achieving certification to the ISO 9001 standard offers organizations many benefits, including the ability to constantly and consistently improve their processes, refine their deliverable, and grow their business.

Who Issues the Certificate?

A third-party registrar issues ISO 9001 certificates after an extensive audit of a company’s QMS. During the audit, they will evaluate compliance with the standard’s requirements. Surveillance audits must be repeated on an annual basis to maintain certification.

Who Needs to be Involved?

For truly successful ISO success, all members of the organization should be involved in the implementation of the new QMS.

Certification to ISO 9001 is achievable by any organization, regardless of industry or size. The internal team can implement the process, but some companies choose to utilize outside consulting resources to ensure they can appropriately translate the standard’s requirements to their business.

Is This the Only Certification?

ISO 9001 is the baseline standard that can catapult organizations into excellence in safety, environmental sustainability, information security, and more. By first certifying to the original quality standard (9001), companies position themselves for success through further standard pursuit and certification.

What is the Process Approach?

The ISO 9001 standard employs the Process Approach or how the processes and activities in a company work together to deliver quality products and/or services.

By examining and improving key business processes, organizations can directly impact how they serve their customer. By improving the way procedures are done, they are also able to improve the overall quality of their deliverable.

During the ISO 9001 certification process, you will evaluate and monitor six possible controls and checkpoints:

• Source of Inputs – the processes and policies of those who impact inputs
• Inputs – the physical materials, information, or resources acquired to produce products and/or services
• Activities – actions performed in the creation of goods and services
• Outputs – the quality of the final deliverable
• Receivers of Outputs – the processes of the businesses or individuals that use the final product or service

Hinging on the PDCA cycle (Plan, Do, Check, Act), the implementation of process improvements must be thoroughly thought through, documented, and monitored for continued success.

What’s Required?

“… the systematic definition and management of processes, and their interactions, to achieve the intended results by the quality policy and strategic direction of the organization. Management of the processes and the system as a whole can be achieved using the PDCA cycle (see 0.3.2) with an overall focus on risk-based thinking (see 0.3.3) aimed at taking advantage of opportunities and preventing undesirable results.” (0.3.1)

Things to Remember

• • • • A process is a set of work steps that transform parts, materials, or information (inputs) into a more complete form, such as assemblies, products, or reports with outputs based on specific requirements.
      • The output of one process can be the input of another process. All of your company’s processes interact and affect the final result.
      • Each process is assigned a process owner who is responsible for monitoring performance objectives and KPIs and for leading the improvement of the process.

What is Operational Risk Management?

Risk-based thinking is the driving factor of decisions made by organizations working to implement an ISO 9001 QMS. By identifying potential risks and rewards, the approach helps to shape the culture of the organization into one focused on proactive processes designed to mitigate potential risks and capitalize on improvements for reward.

A formal and documented risk management process is required for ISO 9001 certification.

What are the ISO 9001:2015 Risk-Based Thinking Requirements?

“To conform to the requirements of this International Standard, an organization needs to plan and implement actions to address risks and opportunities. Addressing both risks and opportunities establishes a basis for increasing the effectiveness of the quality management system, achieving improved results, and preventing negative effects.” (0.3.3)

Things to Remember

• • • • Looking for operational risks is everyone’s responsibility and affects every company process.
      • Operational risk management allows for better planning and improved results.
      • Risk assessment is required for operational activities such as product requirements review, contract negotiations, operations management, design and development, purchasing, work transfer, etc.

How the ISO 9001 standard applies to each business is based on the context of that specific organization, helping to define exactly how the QMS should be developed and implemented so that it directly impacts business needs and goals.

What’s Required?

“The organization shall determine external and internal issues that are relevant to its purpose and its strategic direction and that affect its ability to achieve the intended result(s) of its quality management system. “The organization shall monitor and review information about these external and internal issues.” (4.1)

Things to Remember

Defining the context of your organization will require a wide-reaching evaluation of all the ways your business is impacted by both internal and external factors:

• • • • • • Internal factors include: company culture and size, objectives and goals, product or process complexity
          • External factors include: customers and markets served, communities, industry trends, technology, regulations and requirements, and the greater economy

Why does Leadership need to be involved in ISO 9001 Certification?

Management involvement is crucial to the success of your QMS development and implementation. Through a series of required leadership meetings, the top executives at your company will drive the initiative from the top down. They must take full, hands-on ownership for the success of the standard certification and create a priority in the organization to adhere to processes, procedures, and requirements.

What’s Required?

“Top management shall demonstrate leadership and commitment with respect to the quality management system… Top management shall demonstrate leadership and commitment with respect to customer focus…” (5.1.1, 5.1.2)

Things to Remember

• • • • Leadership is responsible for creating the quality policy – the document that communicates the importance of meeting high quality standards.
      • Top management must define measurable quality objectives and KPIs for each process in order to provide benchmarks for improvement.
      • Roles, responsibilities, and authority need to be assigned appropriately to allow for delegation of tasks, decision-making, and accountability.
      • Routine management, process, and document reviews are necessary to ensure the effectiveness of the system.
      • Leadership is responsible for providing adequate resources to support the QMS, including workforce, equipment, infrastructure, and environment.

What’s Required?

“When planning for the quality management system, the organization shall consider the issues referred to in 4.1 (context) and the requirements referred to in 4.2 (expectations of interested parties) and determine the risks and opportunities that need to be addressed… The organization shall establish quality objectives at relevant functions, levels, and processes needed for the quality management system.” (6.1.1, 6.2.1)

Things to Remember

• • • • All actions should be proportionate to the risk they address and the impact that risk may have on product service or conformity.
      • All planning should be results-driven.
      • Planning is handled by managers and process owners on an ongoing basis.
      • Details of all actions, including tasks to be completed, needed resources, responsibilities, dates for completion, and evaluation of effectiveness must be documented.

Support & Resources

As mentioned before, the leadership team is responsible for ensuring that the proper resources and support are in place to provide a solid foundation on which to build and implement an effective QMS. This includes equipment and facilities that result in an effective work environment, up-to-date process documentation, and a sufficient workforce. Further, all equipment must be well-maintained and kept in order with regulations for function to ensure accuracy, proper calibration, safety, and producing the desired results.

What are the Support and Resources Requirements for ISO 9001?

“The organization shall determine and provide the resources needed for the establishment, implementation, maintenance, and continual improvement of the quality management system.” (7.1.1)

Things to Remember

People, competence, and knowledge

• • • • Provide sufficient human resources and ensure needed levels of competency through training and documentation.
      • Identify and maintain knowledge required by the business.

Open communication is key to success, as are the careful monitoring and measurement of quality levels and customer satisfaction.

What’s Required?

“The organization shall monitor customers’ perceptions of the degree to which their needs and expectations have been fulfilled. The organization shall determine the methods for obtaining, monitoring, and reviewing this information.” (9.1.2)

Things to Remember

• • • • Customer satisfaction starts with understanding their needs and requirements.
      • Your QMS should address customer, statutory, and regulatory requirements.
      • The entire workforce is responsible for keeping the focus of the QMS on customer satisfaction.
      • All planning, objectives, operational processes, and communication procedures should support customer satisfaction.
      • Processes should be established to protect customers from receiving nonconforming outputs.
      • Specific objectives for product quality and on-time delivery are required.
      • All feedback from customers should be utilized to determine customer satisfaction and to provide guidance on action items for improvement.

Operations Control

Operations is a blanket term covering all the activities that go into the creation of a product or service, from customer requirement review to post-shipment activities. Controls in the ISO 9001 Standard include requirements for products and services, design and development, external processes, products, and services, production and service provision, release of products and services, and control of nonconforming outputs.

What’s Required?

“The organization shall plan, implement, and control the processes (see 4.4) needed to meet the requirements for the provision of products and services, and to implement the actions determined in Clause 6… The output of this planning shall be suitable for the organization’s operations. “The organization shall control planned changes and review the consequences of unintended changes, taking action to mitigate any adverse effects, as necessary. “The organization shall ensure that outsourced processes are controlled (see 8.4).” (8.1)

Things to Remember

• • • • Controls are far-reaching in the QMS and must be carefully determined to affect each step of the production process.
      • If design and development are part of the company’s processes, special attention must be paid to the stages of design and resulting intellectual property.
      • Controls must help ensure that desired results are being achieved.
      • Controls work to ensure that externally provided resources, products, and services meet the needed requirement to uphold quality.
      • Controls should be put in place to protect processes from error.
      • Release of products and services should be carefully controlled to ensure that only top-quality deliverables are received by the customer.

Key Business Processes

Each process within your business that impacts the product life cycle must be controlled and improved. They are dependent on your specific organization and upon the nature of the product and/or service you provide.

What’s Required?

“The organization shall establish, implement, and maintain a design and development process that is appropriate to ensure the subsequent provision of products and services.” (8.3.1)

Things to Remember

Design and development

• • • • Control product development steps including planning, reviews, verification, and validation.
      • Ensure product changes are managed effectively.
      • Consider part/material obsolescence.

What’s Required?

“The organization shall determine and select opportunities for improvement and implement any necessary actions to meet customer requirements and enhance customer satisfaction.” (10.1)

Things to Remember

• • • • • Creating and implementing careful processes to monitor, measure, analyze, and evaluate your processes will help to ensure you are meeting operational goals and KPIs, and that you comply with ISO requirements.
        • Regular management reviews help maintain QMS effectiveness and alignment with strategic direction by focusing on improvement and addressing issues with inputs and outputs.
        • Trained, qualified internal auditors help to ensure compliance of your QMS to ISO standards, both before your first audit and to maintain certification.
        • Processes are required to handle all nonconforming outputs and nonconformities (defective products/services) through a series of corrective actions to address the root cause.
        • Focus on implementing new system processes and protocols that work toward continual improvement and system innovation.
        • All information related to customer satisfaction should be monitored and evaluated including quality, delivery performance, customer complaints, and requests for corrective action.