Business success with ISO 9001
Q: If an organization wants to implement ISO 9001 for the first time, what is the first step?
A: Use the organization’s purpose as a starting point. Too often, organizations try to appease or conquer requirements as if the end-goal is to satisfy those requirements.
Not staying true to the organization’s primary purpose (for example, to make money through the product or service offered or to effectively use the available resources to promote educational excellence) means the organization may create a competition between the requirements, such as those in ISO 9001, and its organizational purpose.
Using who you are as a business as the reference point for implementing requirements will help the organization stay focused on what is important without getting lost in the euphoria of becoming certified to ISO 9001.
Q: How do you determine what is necessary for a business to continue to be successful in the future? How can ISO 9001:2015 be helpful in doing this?
A: Start by considering what it takes to function as a business (organization) to make money or receive funding today. After you understand this, you can evaluate the true cost of sustaining this.
While some costs are obvious, such as facilities, materials and labor to produce your product or service, don’t forget about less-frequent expenses, such as maintenance costs, licenses or certifications required to do business, and any other costs related to sustaining the organization. Often, organizations don’t account for these costs because they are less likely to get caught by a regulatory body. This isn’t a sustainable business practice, however, because when it comes time to pay for one of these expenses, the money needed hasn’t been accounted for in the budget or pricing structure.
After you have accounted for everything to run your business, think in terms of planning to succeed. Risk-based thinking, management review and data analysis are great for this because they are intended to help you assess actions already taken to determine whether further action is needed. In essence, the organization is either already suitably established, adequately addresses all requirements, and is effectively driving behavior, or it has the information and action plan to get there.
Q: How should an organization approach ISO 9001:2015 to make it work for its business?
A: Look at the standard through the eyes of the business instead of trying to make the business fit the standard. In other words, many organizations usually take the standard and go through it clause by clause. To see the standard from a business perspective, lay out the organization as it functions, and plug in the standard’s clauses where they apply to the organization.
This may mean a clause is accounted for in more than one place in the documented system. That is actually a good thing because you are dealing with the organization’s reality instead of simply appeasing the standard.
President, Practical Perspectives
Selecting consultants, registrars
Q: What are the qualities to look for when selecting an ISO 9001 consultant and registrar?
A: This question is timely because the ISO 9001 and ISO 14001 revisions are scheduled to be released in September 2015. Many organizations planning to use external-expert help in implementing their management systems and that are planning to find a registrar to register their management systems will find this answer useful. This is an important question because choosing the right consultant is critical to accomplishing organizational objectives on time and on budget. Choosing the right registrar is even more important because you likely will stay with the same registrar for several years to come.
Choosing a consultant
ISO 10019:2005 defines a quality management system (QMS) consultant as a "person who assists the organization on QMS realization, giving advice or information."1 This standard further recommends the following attributes be considered when selecting QMS consultants:
Ethics. Among the many personal attributes recommended by the standard, being ethical is a key attribute. An unethical consultant can cause more damage to the organization than an incompetent consultant. Organizations should check the consultant’s past projects with clients to ensure there isn’t any unfavorable feedback. Other personal attributes to look for include: observant, perceptive, versatile, tenacious, decisive, self-reliant, communicative, practical, accountable and facilitative.
Experience. The consultant should be able to understand the organization’s context and situation and provide creative solutions. This comes from experience in working with different-sized organizations, in various industry segments and geographic locations, and on projects with varying complexity such as providing low- cost, high-value solutions for resource- constrained small business clients.
Education and knowledge. The consultant should not only have the right level of education, he or she also should have the necessary skills to understand products and services. They should have knowledge of all the relevant management systems standards and other international standards required to implement the system well. Examples include sector-specific, accreditation and product standards, as well as safety-related standards.
The consultant should have expertise or working-level experience in project management and quality management principles, methods and techniques. Implementing the project may require the use of quality engineering tools, statistical techniques, problem solving, risk management and change management.
Other aspects to consider are industry knowledge and overall work experience, including previous roles in quality and operations management.
Choosing a registrar
Organizations do not frequently change registrars, so selecting one requires a careful review. Knowledgeable customers care about who issued your QMS certification, so it is important to consider the registrar’s reputation. Reputation of an organization is often an indirect measure of the quality of its products and services over time.
If your organization has several locations in a country or around the world, ensure that the registrar has branches and a global presence to support your needs. If your organization plans to become certified to additional management systems standards, such as ISO 14001, OHSAS 18001 or industry standards, ensure that the registrar carries these certifications and that the auditors are qualified to audit to multiple standards. This will allow you to conduct an integrated management systems audit with the help of a single registrar.
The registrar’s accreditation body also matters. Find out if the accreditation body is recognized in the regions where your organization operates and your customer prefers. Most importantly, your registrar should have local auditors who have solid industry knowledge and experience in addition to proven audit experience. If they must send auditors to you from other regions and geographies to meet auditor skill requirements, it will cost the organization hefty travel and administrative expenses year after year.
Ask customer references about the quality of the registrar’s audit and the value added to the organization.
Finally, consider overall audit cost. Ask for the cost breakdown to understand the typical estimated cost for an audit cycle (typically three years). This should include details such as the audit fee, annual file maintenance, audit cancellation fee, annual escalation fee and auditor travel expenses.
The registrar should be responsive to the client’s needs and provide flexibility with scheduling audits. It may be a good idea to ask the shortlisted registrar to conduct a pre-assessment to verify its capability before committing to a long-term relationship.
Senior director, global quality management systems
San Jose, CA
- International Organization for Standardization, ISO 10019:2005—Guidelines for the selection of quality management system consultants and use of their services.