Your Questions Answered


  1. What does "ISO 9001:2000 Certified mean?

  2. Why do some companies have ISO 9002 certification?

  3. What's this new version of ISO 9001?

  4. My competitors are getting ISO 9001 certified!

  5. Why advertise ISO 9001:2000 certification?

  6. What is a certification logo?

  7. When should I think about getting ISO 9001 certified?

  8. What is a "pre-assessment"?

  9. How long does my registration last for?

  10. What happened to Total Quality Management?

  11. Do I have to be registered to use ISO 9001?

  12. Are all ISO 9001 registration bodies the same?

  13. How long will it take to get ISO 9000 certified?

  14. What is a "gap analysis audit?

  15. What is a "Kitemark License"?

  16. Can any company get ISO 9001:2000?

  17. What is BS 7799 Information Security about?

  18. Can a consultant achieve ISO 9001 for my business?

  19. Do we have to get ISO 9000 registered if we use ISO 9001?

  20. Why have procedures, work instructions and training?

  21. What is a record? (ISO 9001:2000)

  22. What is a work instruction? (ISO 9001:2000)

  23. Should I use the word "should" in my ISO 9001 documents?

  24. What's the difference between certified and accredited?

  25. What's does being ISO 9001 compliant mean?

  26. Where can I find an ISO 9001 2000 Consultant?

  27. What is preventive action?

  28. What is corrective action?

  29. What does design validation mean?

  30. What does design verification mean?

  31. Is ISO 9001:2000 cost effective?

  32. Can I get an ISO 9001 certificate from the ISO Organisation?

  33. Is it true that some businesses cannot apply for ISO 9001?

  34. What is the "excellence model"?

  35. I have insufficient time to manage my ISO 9001:2000.

  36. Where can I find ISO 9001 2000 System Software?

  37. Do I have to have a Quality Manual for ISO 9001 2000?

  38. Which is the best Registration body for ISO 9001 2000?

  39. How do I get my top management involved with ISO 9001?

  40. How Many ISO 9000 Certificates have been issued?

  41. Can I use existing documentation for our ISO 9001 2000?

  42. How do I address ISO 9001 2000 document control?

  43. What does being customer focused mean?

  44. Can I use the ISO name in my literature?

  45. How detailed do our ISO 9001 2000 documents have to be?



    What does "ISO 9001:2000 Certified mean"?

It means that the company has been issued a certificate of conformance to that international standard, regarding the structure, content and implementation of its quality management system. Further, because the current version of ISO 9001 includes requirements for product design control, they conform to the requirements for designing and developing products.

    [Back to Top]


    Why do some companies have ISO 9002 certification?

Since ISO 9001:2000 replaced the old ISO 9002:1994 standard there should no longer be any organisations registered to it. Before ISO 9001:2000 companies had the opportunity to opt for ISO 9001 or ISO 9002. So it used to mean that the organisation had not been certified as conforming to all 20 elements of the standard series requirements. Specifically, the elements for those who develop products may be missing or non conforming. Typically sub contractors who only fabricate products, or only perform partial processing (such as heat treating) of products, to requirements specified by their customers opted for ISO 9002:1994.

    [Back to Top]


    What's this new version of ISO 9001?

The old ISO 9000:1994 was updated to ISO 9001 :2000. All organisations that were once registered to ISO 9001:1994 should by now have upgraded to ISO 9001:2000. It is intended that all standards be revised every five years or so, if only to keep pace with modern techniques. In reality standards tend to be revised more frequently if they are widely used.

    [Back to Top]


    Why are some of my competitors getting ISO 9000 certified?

There are reasons why an organisation should want to be registered to ISO 9001:2000:
They may have major customers requiring certification of their suppliers.
In some industries, it may be for the purpose of reducing the number of external quality audits to which they must be subjected. (Most customers will accept certification in lieu of their own audits.)
Certification may be 'expected' in their industry (matching the competition).
They may feel that the prestige, corporate image or marketing edge justifies certification.
The ISO 9000 standard "levels the playing field" for business management and quality systems, and is being accepted for this purpose throughout the world.
It is only a matter of time until most organizations involved with making or processing any industrial (perhaps even consumer) products will be compelled to be certified, or risk losing serious market share.

    [Back to Top]


     Why do companies advertise their ISO 9001:2000 certification?

It may be a matter of public relations or image for them but in many cases it can be used to show both their existing customers and any potential customers that they operate their business in an internationally recognised way.

    [Back to Top]


     What is a certification logo?

A certification logo belongs to the certification body which assesses your quality management system. When Your organisation has been assessed by a registration body such as BSI, Lloyds, SGS, UL etc and found to be compliant with the assessment standard. You will be allowed to display their logo on your organisations paperwork. Each certification body has its own rules about where and when its logo can be displayed.

    [Back to Top]


     When should I think about getting ISO 9001 certified?

When your business management intelligence sources or customers make it clear that you are soon going to start losing significant business without it. Or, when your liability insurance company makes it clear that they expect it.

    [Back to Top]


     What is a "pre-assessment"?

Consultancies offer a pre-assessment visit before the full-blown registrars certification assessment. It is usually a 1-2 day visit, dependent on the size of your organisation. It is always advisable to have a pre-assessment audit as it provides a chance for the assessor to take a preliminary overview look at your systems, and to point out any glaring problems that will have to be fixed before the certification assessment.

    [Back to Top]


     How long does my registration last for?

Different registrar's have different rules for length of certification validity. The maximum period that they can issue an ISO 9001 certificate for is 3 years, and they are required to perform follow-up maintenance assessments. This means there will be typically two 1-2 man/day visits from your registrar annually at a fee of around 500 each, and a re-assessment at the expiration of the certificate at a fee of up to the cost of the original assessment. However, certain registration bodies have certificates which do not expire but rely on covering all clauses of the standard over a two year period along with a performance review audit. Generally the costs work out about the same with most certification bodies.

    [Back to Top]


    What happened to Total Quality Management?

ISO 9001 standards and spin-off 'sister' standards contain functional embodiments of Total Quality Management concepts within their requirements. You might think of it as a re-packaging issue. One could say that by managing an organization by a very well conforming ISO 9001 quality management system, you are practicing a form of TQM... whether you call it that or not.

    [Back to Top]


     Do I have to be registered to use ISO 9001?

No: Some companies choose to adopt the principles of ISO 9001:2000 because it is an internationally recognised way to run a business. One on Driso's books has been using the ISO 9000 series standards for almost ten years and has never sought registration. The executive management of the company are delighted with the performance benefits ISO 9001 brought to their business. However, as the organisation only have one customer who has never asked for formal ISO 9001 registration they have opted not to seek registration.

    [Back to Top]


     Are all ISO 9001 registration bodies the same?

No: There are now well over 100 accredited certification bodies in the UK. Extreme care should be taken when choosing your certification body as certification from the wrong one will not be worth the paper it is written on. Firstly you must ensure they are accredited with a recognised Government organisation, secondly you must ensure that the scope of their accreditation covers your industry sector. You should find out from your accountant which "SIC" code your business is lodged under for taxation purposes, then ask the certification body if their accreditation covers that code.

    [Back to Top]


     How long will it take to get ISO 9000 certified?

The amount of time it takes to gain successful registration will vary with each organisation as no two businesses are the same. A recent survey suggested that most businesses take between 6-18 months to prepare for ISO 9001:2000 certification. The cost to the businesses ranged from about 12,000 for a small well organised company to 100,000 for a multi-sited organization, starting from scratch, this is total cost for training, consultant, in-house man-hours, and registration body fees. Often employing a consultant can save significant amounts of money and man-hours as the consultant will have had previous experience of introducing ISO 9001:2000 registration and will be able to give you practical advise,know exactly what to do and when.
Before a registration body agrees to assess your organisation for ISO 9001:2000 compliance it will usually require a minimum of 60-90 days of records as evidence that the systems are established and working before they perform their assessment. If you are successful in the registration of your organisation it usually takes about 6 weeks for the registration body to process the documentation and issue the certificate.

    [Back to Top]


    What is a "gap analysis audit?

A Gap analysis audit is where an auditor compares the way you do things in your business to what is required by the standard you want to be assessed against. If you are considering ISO 9001:2000 for your business you would be strongly advised to have a gap analysis audit before you start to do anything. Many businesses spend months working towards what they believe is required by the ISO 9001:2000 standard, only to find out that all their effort has been wasted. A good gap analysis audit will set your business on the right path from the outset and the auditor will provide you with a list of things that need doing to make your processes compliant with ISO 9001:2000.

    [Back to Top]


    What is a "Kitemark Licence"?

A Kitemark license is a Product license issued by the British Standards Institution and is very different to ISO 9001:2000. A kitemark License is issued against a particular product, that product has to be tested and it must reach a certain standard of performance. ISO 9001:2000 is a quality management standard against which a certificate is issued if the management of your business compiles.

    [Back to Top]


    Can any company get ISO 9001:2000?

Yes: As long as what your business does is legal in the country you operate and you can find a certification body to carry out the certification process then no company is excluded from gaining ISO 9001:2000 registration.

    [Back to Top]


    What is BS 7799 Information Security about?

BS 7799 (ISO 17799) define methods for managing information security in a systematic way within your business. BS 7799 has two sections Parts 1 & 2.
BS 7799 part 1 is a guidance document to help any business with the security of its information. The document has over a hundred simple security measures that you can implement.
BS 7799 part 2 is a management system standard that uses the guidance of part 1 and translates it into a formal standard which can be assessed in a systematic way.

    [Back to Top]


     Can a consultant achieve ISO 9001 for my business?

Yes and very many businesses use a consultant to save their business time and money on set-up costs.
So many companies embark on the ISO 9001 registration process only to find later that they have been spending money and utilising resources on areas, which have little or no bearing on the registration process.
A good consultant is really worth his weight in gold as he will have been through the ISO 9001 2000 registration many times before and will know the pit-falls, areas to avoid and where best to invest your money and resources.
If you were about to have an operation in your local hospital would you really try to carry out the operation yourself?
Of course not! Then why would you want to carry out a major change to the way you operate your business without an expert to hand?

    [Back to Top]


     Do we have to get ISO 9000 registered if we use ISO 9001?

ISO 9001:2000 is a Quality Management Standard which can be used by any business, there is no law or mandate which states that if you use the standard you must at some time or other become registered. The ISO 9001:2000 standard offers the methodology of best business practice, which has been built up by many world class organisations over a number of years.
If you want to Implement this best practice Quality Management System Standard without being registered then that's just fine.
However, it would seem rather a pity to implement good business practice without seeking recognition from a registration body.

    [Back to Top]


     Why have procedures, work instructions and training?

Although the ISO 9001 2000 standard mentions training, procedures, some of which are mandatory, there is no specific requirement for work instructions. Some businesses opt for multiple levels of documentation and training depending on the complexity of their processes. In a complex process it might be necessary to have a procedure to describe how a process is performed then have a complimentary work instruction describing how the tasks in that process are performed. However, in a small business with simple processes a procedure will suffice, as long as you can demonstrate t hat process operatives have been sufficiently trained or educated in the operation of that process.

    [Back to Top]


     What is a record? (ISO 9001:2000)

This is the answer to the question.]A record is generally the evidence that a particular task has been carried out in accordance with instruction(s).
For example: If your internal audit procedure states that you close completed audits in your audit database by flagging the "audit closed" check box. The checked "audit closed" box in the audit database becomes a record of that particular audit being closed. This particular example deals with computer based records but the scenario is still applicable if you were to use a book, form or other method to record the completed audit.

    [Back to Top]


    What is a work instruction? (ISO 9001:2000)

In general a work instruction dictates how a task is to be carried out, though there is no specific restriction placed upon what can or can not be put into a work instruction. A work instruction will for example describe the way in which an item is assembled whereas a procedure will state "the item is assembled".

    [Back to Top]


    Should I use the word "should" in my ISO 9001 documents?

Uh-ha, I've been waiting for this one. The ISO 9001 2000 standard is about the way in which your business operates its Quality Management System and not a spelling or grammar examination.
However, one really has to look at the importance of the task being carried out, for example: Would you want to sign up to an insurance policy which states it "might", "should", "may" or "sometimes" pays out? One has to be realistic, look at how important the task is then determine how prescriptive you have to be and then, as is so said, cut the cloth accordingly. I try wherever possible to avoid words like might, should, can, may and sometimes etc because it removes ambiguity and possible confusion by the reader.
If you stick to the old: Who, what, where, when, why and how in your written instructions you will not go too far wrong.

    [Back to Top]


    What's the difference between certified and accredited?

A business that wishes to become certified it seeks certification from an accreditation body such as BSI or NQA. Certification bodies such as BSI or NQA seek accreditation from a government department so that they can certify businesses.

    [Back to Top]


    What's does being ISO 9001 compliant mean?

Both non-certified and certified businesses can claim compliance with ISO 9001:2000.
For example: A non-certified business may state in their marketing literature that they operate their Quality Management System in accordance with ISO 9001:2000. This is okay but it is then up to you as a purchaser of their products or services to satisfy yourself that their claim is legitimate. For the purposes of legitimacy most businesses opt to become ISO 9001:2000 registered, this proves to perspective customers that their declaration of ISO 9001:2000 compliance in their marketing or other literature has been validated by a reputable third party organisation. A spin off benefit from being ISO 9001:2000 certified is that it can assure your potential customers that you are operating legitimate business systems without them having to first audit your business.
Conversely, potential customers may be sceptical about self-declarations of ISO 9001:2000 compliance.

    [Back to Top]


    Where can I find an ISO 9001 2000 Consultant?

Look no further; [Click Here]

    [Back to Top]


    What is preventive action?

Preventive action addresses prospective business process problems.
For example: During the re-design of a product it is realised that it might fail to meet its specified performance level in certain circumstances (outside of the design input test criteria). The business raises a preventive action to design out the potential failure mode(s) as the business feels that even though the failure mode falls outside of the design criteria it would be bad publicity should one of their products fail.
Another example of preventive action: A business identifies from it first quarter sales trend analysis chart that sales for a certain product are reducing by 2% a quarter. It also identifies that if this trend continues into the third quarter that the product will become un-economic to manufacture. The business initiates preventive by carrying out a survey on the merits of running an advertisement campaign to boost sales or to cease production of the product before it becomes uneconomic. Preventive action is about changing a business process to prevent a foreseen problem.

    [Back to Top]


    What is corrective action?

Corrective action is about dealing with a business process, which has failed. The following non-compliance report was raised during an external audit and requires corrective action to, among other things, re-call products containing Sudan 1 food dye.

The business had:

Released several products for human consumption containing the ban carcinogenic food dye Sudan 1.

Failed to carry out checks on its suppliers to ensure that all constituent parts of their products were fit for human consumption as required by procedure ASP069/A/2,

Failed to follow procedure ASP0123/B/5 by not validating certificates of compliance received from its suppliers to demonstrate that their suppliers' claims of compliance with "food for human consumption regulations" were legitimate.

Not implement its product recall procedure within the maximum time period stated in procedure ASP007/A/4 on discovering its products contained the ban food dye Sudan 1.

Corrective action is about dealing with the "clean-up operation" after a business process has failed.

    [Back to Top]


    What does design validation mean?

Your Design validation process is the way in which your business examines the products from your design process to ensure they meet both your and your customer's expectations when in use. You will need to collect and collate data on the products that you have designed to ensure they are functioning as expected in the environment in which they are used.

    [Back to Top]


    What does design verification mean?

Design verification is the process that your business has adopted to check its design outputs against its design inputs. You will need to keep records of any product or process testing to demonstrate that your business is in fact carrying out these checks. You will also have to demonstrate that your business has in fact achieved its own design aspirations.

    [Back to Top]


    Is ISO 9001:2000 cost effective?

There have been many articles published over the years about whether or not ISO 9000 is a cost-effective option for a business.
In my years as an auditor I have seen companies benefit greatly from ISO 9000 registration. I have seen small, medium and large companies turn themselves around from being a disorganised mess to world class players in the field of commerce.
Quite simply put: Its okay doing things your own way until you want to interact with someone who operates differently. Where would we be now if we did not have standards for railway tracks or standards for household plug sockets or even computers or television broadcasts? ISO 9001:2000 is the standardised way of doing business and if you want to move ahead then you have to play by the same rules.
Of the many articles that I have read stated that many businesses which had adopted and achieved ISO 9001:2000 registration saw increased sales, productivity cost control and improved financial performance.

    [Back to Top]


    Can I get an ISO 9001 certificate from the ISO Organisation?

The ISO Organisation does not issue certificates of registration against any of its standards. The ISO organisation develops International Standards in conjunction with various state governments and interested bodies.

    [Back to Top]


    Is it true that some businesses cannot apply for ISO 9001?

You are entitled to apply for ISO 9001:2000 registration if you are operating a business that is legal within the country of operation and you can find a certification body to certify you.

    [Back to Top]


    What is the "excellence model"?

This model is similar to the ISO standard in many ways but focuses on results measurement and analysis. Some say that it is better than ISO 9001:2000 because it includes financial, society and people requirements. Others, myself included, say it is too focused on certain areas. To my mind ISO 9001:2000 covers processes which of course could include financial and society processes for a business, should a business decide to make these part of its goals and objectives.

    [Back to Top]


    I have insufficient time to manage my ISO 9001 2000.

ISO 9001:2000 really states the minimum requirements to run a controlled business so if you are having problems maintaining these then there is something very wrong.
The Quality system associated with ISO 9001:2000 is to help you manage your business and must be an integral part of its day to day operation. ISO 9001:2000 is your business management system and it must not be something that is separate and additional to what the business does.
There are a number of options available to your business dependent upon what you perceive to be the root cause of finding yourself in this predicament.
If you are having difficulty understanding the ISO 9001 2000 standard or are unsure what is required it may be worth calling in a consultant to help you out in the short term. A good consultant will help to guide and educate you. Click [HERE] to view the consultancy page.
If on the other hand your ISO 9001 2000 system is old or paper based why not try some of the computer based systems, such as the one we use here "Easy ISO 9001 2000® Software."
Visit the "Easy ISO 9001 2000®" software page [HERE]. This excelent software controls your documents, audits, suppliers, calibration, maintenance, training, corrective actions, preventive actions, quality manual and procedures. It comes with a free quality manual and example procedures. The Workload reports will save you hours of wading through paperwork and keep your quality management system fully up to date with minimal input from you.

    [Back to Top]


    Where can I find ISO 9001 2000 System Software?

Look no further; visit our [ISO 9001 2000 Software] section [HERE]

    [Back to Top]


    Do I have to have a Quality Manual for ISO 9001 2000

Yes you do. The quality manual is central to an ISO 9001:2000 Quality Management System and is the central document from which all other documents and records emanate.

    [Back to Top]


    Which is the best Registration body for ISO 9001 2000?

Note to Registration Bodies: Please don't ask, I will not be bribed to put the name of your certification body here.

There are now hundreds of registration bodies out there, many of which specialise in particular fields of registration. I will say that bigger does not necessarily mean better, many of the smaller certification bodies may be more familiar with your industry or service sector and can offer a personalised service.
However, before employing a certification body to carry out the certification of your business there are certain things that you must check.

  • Make sure that the certification bodies ISO 9001:2000 certificates are recognised and accepted in your industry and by your customers.
  • Find out whether a recognised accreditation body has formally accredited your certification body and that their accreditation covers your industry or service sector.
  • The frequency and cost of surveillance audits.
  • Total costs for certification cycle i.e. annual management fees, surveillance visits, auditor travel and accommodation fees etc.
  • Confirm how much the certification body will charge to apply for registration and to maintain your registration. How much it will cost for the initial assessment, for the certification audit, and for future surveillance audits and reassessments where applicable.

    The above is intended a guidance only there may be other specific requirements related to your business or industry sector.

        [Back to Top]


        How do I get my top management involved with ISO 9001?

    ISO 9001:2000 has very specific requirements about management involvement in the Quality Management System, in particular clause five. Education, education, education, it is a clearly defined within the standard that management is to be involved in the development and deployment of the Quality Management System within your business.

    Your top management will have to be instrumental in:

  • Setting a Quality policy for your business.
  • Making sure the necessary resources are available for the correct functioning of the Quality System.
  • Setting Quality objectives for the business.
  • Holding management reviews.
  • Ensuring that the requirements of ISO 9001:2000 are met.
  • Communicating the importance of meeting customer requirements.

    Often the benefit of adopting an ISO 9001:2000 system has literally to be sold to the top management within the business. You will find many articles on this web site to help with this task. If you are unsure how to do this it may be worth contacting a consultant who will have all the necessary information and may do the job for you.

    You can always visit our ISO 9001 2000 training services page to arrange for one of our consultant trainers to visit your organisation to educate your managers. Click [HERE]

        [Back to Top]


        How Many ISO 9000 Certificates have been issued?

    At the time of writing this answer the figure world-wide stands at about 500,000 across 160 countries.

        [Back to Top]


        Can I use existing documentation for ISO 9001 2000?

    Yes, you can use any documentation that already exists in your business, for example training manuals, specification manuals etc. The main point to remember here is to include them in your document control system.

        [Back to Top]


        How do I address ISO 9001 2000 document control?

    There is no definitive method that must be used, all the ISO 9001:2000 standard requires is that you must be able to demonstrate control of your documents. Your business must document a procedure for the control the your ISO 9001:2000 Quality Management System documents.
    You can try and keep control of your documents using the old fashioned method of pen, paper and physical storage of changes to documents or use some ISO 9001 2000 Quality Management System software such as, Easy ISO 9001 2000®, that will do all the hard work for you.

        [Back to Top]


        What does being customer focused mean?

    For your business to be customer focused it will have to be responsive to its customer's current and future needs. Customer loyalty is often built on trust and their belief that you are willing to help them achieve their goal(s). To be frank most businesses lose customers because they fail to meet there needs be it on delivery times, cost or adherence to specification(s) or faulty product. A business that is customer focused tends to try and anticipate its customers needs in advance, after all who wants last years designer jeans or shoes? Being customer focused can often bring financial benefits to a business in the form customer loyalty, repeat business and tolerance of minor errors on behalf of your business.

        [Back to Top]


        Can I use the ISO name in my literature?

    The ISO organisation will not permit your business to use their name on your company literature even if your business has been certified as conforming to ISO 9001 2000.
    ISO believe that use of its name by businesses may mislead third parties into believing that your business is in some way approved by or acts on behalf of ISO.

        [Back to Top]


        How detailed do our ISO 9001 2000 documents have to be?

    Good question. There are many quality management systems where businesses have documented everything they do to such an extent that they cannot move for the bureaucracy they have created. There isn't a special clause in ISO 9001 2000 that states that you must have thick documented procedures and work instructions with mass form filling. If you want to create this then so be it, but it is just not required or necessary.

        [Back to Top]


























    The information on this page is provided in good faith and at no expense to you. We can not be held responsible for any individuals misinterpretation of the content contained therein.


    Copyright © Driso Ltd. (2005)