This overview guide provides information on the ISO9001 standard and the main steps when implementing a Quality Management System.
What is ISO9001?
The ISO9001 international standard for a Quality Management System (QMS) was published by the ISO in 2015 and is based upon the original British standard BS5750. It details the requirement for certification to the standard.
ISO9001 specifies the requirements that your QMS will need to meet in order for your organisation to become certified to the standard. The requirements in ISO9001 are supplemented by guidance contained in ISO9000 and ISO9004 which were published in 2015 and 2018 respectively. ISO9004 is well worth reading as it fills in some of the gaps in understanding how the requirements in ISO9001 should be met and gives more clues about what the auditor may be looking for.
How does implementing a Quality Management System benefit an organisation?
There are several benefits of implementing a QMS to small and large organisations. It can help enormously in focusing attention on objectives and being able to base decisions on measured data, rather than rough perceptions.
Other benefits could include:
Increased customer trust
Continual business improvement
Increased business sustainability
Understanding critical processes and how they contribute to quality and customer needs
What is a Quality Management System?
When looking at quality management the emphasis is usually on the processes used to define requirements, design products and services, and provide the things that the organisation regards as its core business. These processes tell everyone what to do to deliver products and services to the customer and satisfy requirements.
The latest version of the standard also introduced the concept of “Risk based thinking”.
Risk-based thinking enables an organisation to determine the factors that could cause its processes and its quality management system to deviate from the planned results, and gets you to think about a number of sources for potential risk such as:
External parties – such as customers, investors, suppliers
Internal parties – such as staff
Economic factors – changes in local & global markets, government investments & funding etc
Once you’ve identified the risks to the business, and ultimately the QMS, the standard requires you put in place preventive controls to minimise negative effects and to make maximum use of opportunities as they arise.
The ISO9001 standard proposes that we don’t just need a set of processes; we need a Quality Management System. The function of the QMS is to wrap itself around the processes and ensure (among other things) that:
We know what the processes are supposed to achieve (objectives).
We have thought about what could go wrong (risk and opportunity assessment).
Everyone knows their part in operating the processes (roles, responsibilities and authorities).
It is clear that this is the way we do things (leadership and commitment).
We update the processes when things change (management review).
The processes get better over time (continual improvement).
What are the contents of the ISO9001 standard?
The ISO9001 standard consists of major headings which are common across other standards:
Scope
Normative references
Terms and definitions
Context of the organisation
Leadership
Planning
Support
Operation
Performance evaluation
Improvement
Sections 1 to 3 don’t contain any requirements and so an organisation wouldn’t be audited against these. We do recommend reading through them as they provide useful background to what the standard is about and how it should be interpreted. Section 0 is the introduction to the standard.
It is sections 4 to 10 that set out the requirements of the standard. These are the compulsory requirements that must be met by an organisation to be compliant to the standard in order to achieve certification. If any of these sections within the standard aren’t met, then your business could face a nonconformity raised by the auditor and the organisation will need to address it to gain or keep their certification to the standard.
How to become certified to ISO9001
There’s no obligation to go for certification to ISO9001 and many organisations choose to simply use the standard as a set of good practice principles to guide them along the way to running their organisation.
For certification, the steps to are similar of all the ISO standards, and involve:
Implementing procedures and methods as requirements of the standard.
Perform an internal audit to highlight any nonconformities before the external audit. We advise an internal audit to be completed by an independent third-party auditor or an impartial qualified auditor within your organisation.
The final external audit to achieve certification is by an accredited Registered Certification Body (RCB). This is in two stages. Stage one is basically a review of how ready you are for the stage two certification audit. You may pick up a few pointers for improvement (known as nonconformities) at stage two but, if these aren’t too serious, your organisation will become certified and can advertise the fact to anyone with an interest.
Once certified, you will then have an annual surveillance audit to confirm your compliance, and then every three years there will be a re-certification audit, which is when you will be re-audited against all areas of the standard and recommended for continued certification.
How can CertiKit help?
ISO9001 is recommended for organisations of any size and industry that want to ensure continual improvement. CertiKit’s ISO9001 toolkit includes a comprehensive set of template documents and guides with an expert support package included. Written by a QMS auditor, the toolkit will help you align to Quality Management System best practise fast and effectively.
We also offer ISO9001 consultancy and internal auditing services to organisations in the UK, EU and +/- five hours of the UK time zone. So if you need a bit of extra help with implementation, or your internal audit requirements need meeting, click the links to see how we can help.
