Introduction

ISO 9001 is an international standard for quality management systems (QMS). Although previous versions of the standard reflect its manufacturing origins the standard now mirrors the much wider application throughout private and public sector organisations. The standard is reviewed and revised every 6-8 years based upon feedback from users, the last major revision being in 2000 with a minor revision planned for late 2008.

Below is a description of the key requirements of ISO 9001. We have deliberately tried to remove all ‘quality speak’ from our description.

The Requirements

The ISO 9001 standard is not an easy read but, as it is based on good management practice, its principles are simple to grasp:

  • The basic aim of the standard is to ensure that a system meets regulatory requirements as well as the requirements of customers
  • It applies to all aspects of the organisation which impact customer satisfaction
  • Both products and services (including aftercare/warranty etc.) have to be part of the management system
  • The level of documentation is for each organisation to decide as the standard only requires a quality policy, quality objectives, a description of the organisation’s processes, 6 documented procedures and a range of records.
  • The standard places a great deal of emphasis on staff competence
  • A quality management system must include
    • Planning of the design and delivery of products and services
    • How to identify and prevent potential problems
    • How to deal with problems when they occur (and stop them happening again)
    • How to ensure staff are using the correct information at any time
  • The organisation’s top management must demonstrate that it is committed to continual improvement of the QMS by setting improvement objectives, allocating resources and formally reviewing the performance of the QMS at regular intervals.
  • Internal audits and the analysis of data generated by the organisation (including customer perceptions) should be used to improve QMS performance.

Gaining an ISO 9001 Certificate

It may come as a surprise to many people but anyone can issue an ISO 9001 certificate. There is no legal requirement to conform to the ISO 9001 standard and therefore there is only a limited regulation of the market for issuing ISO 9001 certificates. The majority of certificates issued come from internationally recognised organisations such as BSI, LRQA, BVQI etc., these organisations, known as certification bodies, being accredited by members of the IAF (International Accreditation Forum). In the UK the IAF recognised accreditation body is UKAS (United Kingdom Accreditation Service). All other countries have a similar arrangement, normally a single body accrediting certification bodies to be able to assess conformance to ISO 9001.

To gain an ISO 9001 certificate from a recognised certification body you have to demonstrate that your organisation meets all the requirements of ISO 9001. Certification is normally a 2 stage process; a document review followed by a compliance audit. Providing there are no major nonconformities then the organisation is placed on the certification body’s ISO 9001 register, the organisation then being referred to as an ‘ISO 9001 registered organisation’. To maintain registration the organisation will be subject to surveillance visits by the certification body at 6 monthly intervals with a full system audit every 3 years.

Organisations which are not accredited by UKAS (or other IAF member) normally provide both implementation support and ISO 9001 assessment, a practice not followed by UKAS accredited certification bodies. Most of these ‘non-accredited’ organisations guarantee a certificate in 30 days, seemingly regardless of the outcome of the assessment process! Most large organisations, including purchasing departments in the public sector, will only accept certificates from UKAS accredited certification bodies.

Typical Timescales to gain an ISO 9001 Certificate

The minimum period to gain an ISO 9001 certificate is determined by the evidence which has to be provided to the certification body to demonstrate the QMS is fully implemented, this normally being 3 months. Typically, implementation is 6 – 12 months with the major determining factors being:

  • Your start position – if you already have some systems in place this will greatly assist implementation
  • Resources available – designing and implementing systems need people resources and project management
  • The complexity of your QMS – the simpler the product/service range the easier the task
  • The bureaucracy you build into your QMS – documenting everything you do is resource hungry and may not provide business benefit

Implementation Steps

Put simply:

  1. Design the system (document)
  2. Implement the system
  3. Check the system works (internal audit)
  4. Review the system for improvement (management review)
  5. External assessment (certification body)