The ISO9001 standard is recognised worldwide as probably the foremost quality framework, with around a million organisations certified to it globally. Adopted by organisations small and large across a wide variety of industries, certification to ISO9001 is increasingly seen as a defacto requirement in competitive tendering situations, and as an assurance to stakeholders that the quality of an organisation’s products and services is taken seriously.
Implementing the ISO9001 framework can be a complex process, especially if you’re new to the world of ISO management systems, so as a starting point we’ve put together 10 key steps to a successful ISO9001 certification.
1. Implementation Project
Starting right is the first step to success, ensure you have management buy-in and an idea of how you’re going to complete the project with what resources and tools. Perform an initial gap analysis to identify your starting point and begin to get familiar with the structure and content of the standard.
2. Scope, Context and Interested Parties
Define what needs to be in the “scope” of the management system and have this documented. Identify your interested parties, both internal and external. Think about the context of the QMS in terms of what your organisation does and how it is affected by internal and external factors such as the economy, technology and legislation.
3. QMS Policy, and Roles and Responsibilities
Create a QMS Policy and get it approved and published internally. Define the roles in your management system and what they are expected to do. Identify who will fulfil the roles and any immediate training needs for those people.
4. QMS Risk, Opportunities and Objectives
Define a risk assessment process and get the right people involved to carry it out to produce an action plan to address your risks. Don’t forget to consider opportunities too, which may be thought of as “good risks”. Set your objectives for the QMS so that you’ll be able to tell if it’s having the desired effect.
5. Competence, Awareness and Communication
Evaluate any competency gaps for the people involved in your QMS and how they might be filled using methods such as training, on the job learning or recruitment. Put in place an awareness training programme, particularly for employees, and define how you will communicate to interested parties about the QMS.
6. Documented Information
Decide how documented information will be created and controlled within the QMS. Develop a set of ISO9001 policies, procedures and other relevant documents to support the QMS and its operation. Make sure your version control and approval methods are fit for purpose and that everyone has access to the documents they need.
7. Operational
Ensure you have the QMS processes in place, for areas such as requirements, design and development, and production and service provision, and that the interactions between them are fully understood. Manage your risk action plan to ensure it is delivering results. Run the QMS to work towards achieving your objectives, whilst accumulating records that will act as evidence for your certification audit.
8. Performance Review
Make sure you have independent auditing resources in place and put an internal audit programme in place to cover all aspects of the QMS. Define how nonconformities raised during audit will be addressed and managed through to completion. Hold a management review to assess how your QMS is performing so far.
9. Update Gap Assessment Plans and Actions
Revisit the gap assessment to see what still needs to be done, and by whom. Check that you have all of the necessary documentation in place and that your QMS processes are working as intended. Address any remaining areas of nonconformity in preparation for ISO 9001 certification.
10. Plan Your Certification Needs
Choose a certification body to carry out your audits, arrange your Stage One assessment, and check that everything is prepared for their visit. If the certification auditor agrees you’re ready, proceed with Stage Two and achieve certification, addressing any nonconformities raised as soon as possible after the audit.
