|Q & A|
It means that the company has been issued a certificate of conformance to that international standard, regarding the structure, content and implementation of its quality management system. Further, because the current version of ISO 9001 includes requirements for product design control, they conform to the requirements for designing and developing products.[Back to Top]
Since ISO 9001:2000 replaced the old ISO 9002:1994 standard there should no longer be any organisations registered to it. Before ISO 9001:2000 companies had the opportunity to opt for ISO 9001 or ISO 9002. So it used to mean that the organisation had not been certified as conforming to all 20 elements of the standard series requirements. Specifically, the elements for those who develop products may be missing or non conforming. Typically sub contractors who only fabricate products, or only perform partial processing (such as heat treating) of products, to requirements specified by their customers opted for ISO 9002:1994.[Back to Top]
The old ISO 9000:1994 was updated to ISO 9001 :2000. All organisations that were once registered to ISO 9001:1994 should by now have upgraded to ISO 9001:2000. It is intended that all standards be revised every five years or so, if only to keep pace with modern techniques. In reality standards tend to be revised more frequently if they are widely used.[Back to Top]
There are reasons why an organisation should want to be registered to ISO 9001:2000:
They may have major customers requiring certification of their suppliers.
In some industries, it may be for the purpose of reducing the number of external quality audits to which they must be subjected. (Most customers will accept certification in lieu of their own audits.)
Certification may be 'expected' in their industry (matching the competition).
They may feel that the prestige, corporate image or marketing edge justifies certification.
The ISO 9000 standard "levels the playing field" for business management and quality systems, and is being accepted for this purpose throughout the world.
It is only a matter of time until most organizations involved with making or processing any industrial (perhaps even consumer) products will be compelled to be certified, or risk losing serious market share.
It may be a matter of public relations or image for them but in many cases it can be used to show both their existing customers and any potential customers that they operate their business in an internationally recognised way.[Back to Top]
A certification logo belongs to the certification body which assesses your quality management system. When Your organisation has been assessed by a registration body such as BSI, Lloyds, SGS, UL etc and found to be compliant with the assessment standard. You will be allowed to display their logo on your organisations paperwork. Each certification body has its own rules about where and when its logo can be displayed.[Back to Top]
When your business management intelligence sources or customers make it clear that you are soon going to start losing significant business without it. Or, when your liability insurance company makes it clear that they expect it.[Back to Top]
Consultancies offer a pre-assessment visit before the full-blown registrars certification assessment. It is usually a 1-2 day visit, dependent on the size of your organisation. It is always advisable to have a pre-assessment audit as it provides a chance for the assessor to take a preliminary overview look at your systems, and to point out any glaring problems that will have to be fixed before the certification assessment.[Back to Top]
Different registrar's have different rules for length of certification validity. The maximum period that they can issue an ISO 9001 certificate for is 3 years, and they are required to perform follow-up maintenance assessments. This means there will be typically two 1-2 man/day visits from your registrar annually at a fee of around £500 each, and a re-assessment at the expiration of the certificate at a fee of up to the cost of the original assessment. However, certain registration bodies have certificates which do not expire but rely on covering all clauses of the standard over a two year period along with a performance review audit. Generally the costs work out about the same with most certification bodies.[Back to Top]
ISO 9001 standards and spin-off 'sister' standards contain functional embodiments of Total Quality Management concepts within their requirements. You might think of it as a re-packaging issue. One could say that by managing an organization by a very well conforming ISO 9001 quality management system, you are practicing a form of TQM... whether you call it that or not.[Back to Top]
No: Some companies choose to adopt the principles of ISO 9001:2000 because it is an internationally recognised way to run a business. One on Driso's books has been using the ISO 9000 series standards for almost ten years and has never sought registration. The executive management of the company are delighted with the performance benefits ISO 9001 brought to their business. However, as the organisation only have one customer who has never asked for formal ISO 9001 registration they have opted not to seek registration.[Back to Top]
No: There are now well over 100 accredited certification bodies in the UK. Extreme care should be taken when choosing your certification body as certification from the wrong one will not be worth the paper it is written on. Firstly you must ensure they are accredited with a recognised Government organisation, secondly you must ensure that the scope of their accreditation covers your industry sector. You should find out from your accountant which "SIC" code your business is lodged under for taxation purposes, then ask the certification body if their accreditation covers that code.[Back to Top]
The amount of time it takes to gain successful registration will vary with each organisation as no
two businesses are the same. A recent survey suggested that most businesses take between 6-18 months
to prepare for ISO 9001:2000 certification. The cost to the businesses ranged from about £12,000 for
a small well organised company to £100,000 for a multi-sited organization, starting from scratch,
this is total cost for training, consultant, in-house man-hours, and registration body fees.
Often employing a consultant can save significant amounts of money and man-hours as the consultant
will have had previous experience of introducing ISO 9001:2000 registration and will be able to give
you practical advise,know exactly what to do and when.
Before a registration body agrees to assess your organisation for ISO 9001:2000 compliance it will usually require a minimum of 60-90 days of records as evidence that the systems are established and working before they perform their assessment. If you are successful in the registration of your organisation it usually takes about 6 weeks for the registration body to process the documentation and issue the certificate.
A Gap analysis audit is where an auditor compares the way you do things in your business to what is required by the standard you want to be assessed against. If you are considering ISO 9001:2000 for your business you would be strongly advised to have a gap analysis audit before you start to do anything. Many businesses spend months working towards what they believe is required by the ISO 9001:2000 standard, only to find out that all their effort has been wasted. A good gap analysis audit will set your business on the right path from the outset and the auditor will provide you with a list of things that need doing to make your processes compliant with ISO 9001:2000.[Back to Top]
A Kitemark license is a Product license issued by the British Standards Institution and is very different to ISO 9001:2000. A kitemark License is issued against a particular product, that product has to be tested and it must reach a certain standard of performance. ISO 9001:2000 is a quality management standard against which a certificate is issued if the management of your business compiles.[Back to Top]
Yes: As long as what your business does is legal in the country you operate and you can find a certification body to carry out the certification process then no company is excluded from gaining ISO 9001:2000 registration.[Back to Top]
BS 7799 (ISO 17799) define methods for managing information security in a systematic way within
your business. BS 7799 has two sections Parts 1 & 2.
BS 7799 part 1 is a guidance document to help any business with the security of its information. The document has over a hundred simple security measures that you can implement.
BS 7799 part 2 is a management system standard that uses the guidance of part 1 and translates it into a formal standard which can be assessed in a systematic way.
Yes and very many businesses use a consultant to save their business time and money on set-up
So many companies embark on the ISO 9001 registration process only to find later that they have been spending money and utilising resources on areas, which have little or no bearing on the registration process.
A good consultant is really worth his weight in gold as he will have been through the ISO 9001 2000 registration many times before and will know the pit-falls, areas to avoid and where best to invest your money and resources.
If you were about to have an operation in your local hospital would you really try to carry out the operation yourself?
Of course not! Then why would you want to carry out a major change to the way you operate your business without an expert to hand?
ISO 9001:2000 is a Quality Management Standard which can be used by any business, there is no law
or mandate which states that if you use the standard you must at some time or other become registered.
The ISO 9001:2000 standard offers the methodology of best business practice, which has been built up
by many world class organisations over a number of years.
If you want to Implement this best practice Quality Management System Standard without being registered then that's just fine.
However, it would seem rather a pity to implement good business practice without seeking recognition from a registration body.
Although the ISO 9001 2000 standard mentions training, procedures, some of which are mandatory, there is no specific requirement for work instructions. Some businesses opt for multiple levels of documentation and training depending on the complexity of their processes. In a complex process it might be necessary to have a procedure to describe how a process is performed then have a complimentary work instruction describing how the tasks in that process are performed. However, in a small business with simple processes a procedure will suffice, as long as you can demonstrate t hat process operatives have been sufficiently trained or educated in the operation of that process.[Back to Top]
This is the answer to the question.]A record is generally the evidence that a particular task
has been carried out in accordance with instruction(s).
For example: If your internal audit procedure states that you close completed audits in your audit database by flagging the "audit closed" check box. The checked "audit closed" box in the audit database becomes a record of that particular audit being closed. This particular example deals with computer based records but the scenario is still applicable if you were to use a book, form or other method to record the completed audit.
In general a work instruction dictates how a task is to be carried out, though there is no specific restriction placed upon what can or can not be put into a work instruction. A work instruction will for example describe the way in which an item is assembled whereas a procedure will state "the item is assembled".[Back to Top]
Uh-ha, I've been waiting for this one. The ISO 9001 2000 standard is about the way in which
your business operates its Quality Management System and not a spelling or grammar examination.
However, one really has to look at the importance of the task being carried out, for example: Would you want to sign up to an insurance policy which states it "might", "should", "may" or "sometimes" pays out? One has to be realistic, look at how important the task is then determine how prescriptive you have to be and then, as is so said, cut the cloth accordingly. I try wherever possible to avoid words like might, should, can, may and sometimes etc because it removes ambiguity and possible confusion by the reader.
If you stick to the old: Who, what, where, when, why and how in your written instructions you will not go too far wrong.
A business that wishes to become certified it seeks certification from an accreditation body such as BSI or NQA. Certification bodies such as BSI or NQA seek accreditation from a government department so that they can certify businesses.[Back to Top]
Both non-certified and certified businesses can claim compliance with ISO 9001:2000.
For example: A non-certified business may state in their marketing literature that they operate their Quality Management System in accordance with ISO 9001:2000. This is okay but it is then up to you as a purchaser of their products or services to satisfy yourself that their claim is legitimate. For the purposes of legitimacy most businesses opt to become ISO 9001:2000 registered, this proves to perspective customers that their declaration of ISO 9001:2000 compliance in their marketing or other literature has been validated by a reputable third party organisation. A spin off benefit from being ISO 9001:2000 certified is that it can assure your potential customers that you are operating legitimate business systems without them having to first audit your business.
Conversely, potential customers may be sceptical about self-declarations of ISO 9001:2000 compliance.
Look no further; [Click Here][Back to Top]
Preventive action addresses prospective business process problems.
For example: During the re-design of a product it is realised that it might fail to meet its specified performance level in certain circumstances (outside of the design input test criteria). The business raises a preventive action to design out the potential failure mode(s) as the business feels that even though the failure mode falls outside of the design criteria it would be bad publicity should one of their products fail.
Another example of preventive action: A business identifies from it first quarter sales trend analysis chart that sales for a certain product are reducing by 2% a quarter. It also identifies that if this trend continues into the third quarter that the product will become un-economic to manufacture. The business initiates preventive by carrying out a survey on the merits of running an advertisement campaign to boost sales or to cease production of the product before it becomes uneconomic. Preventive action is about changing a business process to prevent a foreseen problem.
Corrective action is about dealing with a business process, which has failed.
The following non-compliance report was raised during an external audit and requires corrective action
to, among other things, re-call products containing Sudan 1 food dye.
The business had:
Released several products for human consumption containing the ban carcinogenic food dye Sudan 1.
Failed to carry out checks on its suppliers to ensure that all constituent parts of their products were fit for human consumption as required by procedure ASP069/A/2,
Failed to follow procedure ASP0123/B/5 by not validating certificates of compliance received from its suppliers to demonstrate that their suppliers' claims of compliance with "food for human consumption regulations" were legitimate.
Not implement its product recall procedure within the maximum time period stated in procedure ASP007/A/4 on discovering its products contained the ban food dye Sudan 1.
Corrective action is about dealing with the "clean-up operation" after a business process has failed.
Your Design validation process is the way in which your business examines the products from your design process to ensure they meet both your and your customer's expectations when in use. You will need to collect and collate data on the products that you have designed to ensure they are functioning as expected in the environment in which they are used.[Back to Top]
Design verification is the process that your business has adopted to check its design outputs against its design inputs. You will need to keep records of any product or process testing to demonstrate that your business is in fact carrying out these checks. You will also have to demonstrate that your business has in fact achieved its own design aspirations.[Back to Top]
There have been many articles published over the years about whether or not ISO 9000 is a
cost-effective option for a business.
In my years as an auditor I have seen companies benefit greatly from ISO 9000 registration. I have seen small, medium and large companies turn themselves around from being a disorganised mess to world class players in the field of commerce.
Quite simply put: Its okay doing things your own way until you want to interact with someone who operates differently. Where would we be now if we did not have standards for railway tracks or standards for household plug sockets or even computers or television broadcasts? ISO 9001:2000 is the standardised way of doing business and if you want to move ahead then you have to play by the same rules.
Of the many articles that I have read stated that many businesses which had adopted and achieved ISO 9001:2000 registration saw increased sales, productivity cost control and improved financial performance.
The ISO Organisation does not issue certificates of registration against any of its standards. The ISO organisation develops International Standards in conjunction with various state governments and interested bodies.[Back to Top]
You are entitled to apply for ISO 9001:2000 registration if you are operating a business that is legal within the country of operation and you can find a certification body to certify you.[Back to Top]
This model is similar to the ISO standard in many ways but focuses on results measurement and analysis. Some say that it is better than ISO 9001:2000 because it includes financial, society and people requirements. Others, myself included, say it is too focused on certain areas. To my mind ISO 9001:2000 covers processes which of course could include financial and society processes for a business, should a business decide to make these part of its goals and objectives.[Back to Top]
ISO 9001:2000 really states the minimum requirements to run a controlled business so if you are having
problems maintaining these then there is something very wrong.
The Quality system associated with ISO 9001:2000 is to help you manage your business and must be an integral part of its day to day operation. ISO 9001:2000 is your business management system and it must not be something that is separate and additional to what the business does.
There are a number of options available to your business dependent upon what you perceive to be the root cause of finding yourself in this predicament.
If you are having difficulty understanding the ISO 9001 2000 standard or are unsure what is required it may be worth calling in a consultant to help you out in the short term. A good consultant will help to guide and educate you. Click [HERE] to view the consultancy page.
If on the other hand your ISO 9001 2000 system is old or paper based why not try some of the computer based systems, such as the one we use here "Easy ISO 9001 2000® Software."
Visit the "Easy ISO 9001 2000®" software page [HERE]. This excelent software controls your documents, audits, suppliers, calibration, maintenance, training, corrective actions, preventive actions, quality manual and procedures. It comes with a free quality manual and example procedures. The Workload reports will save you hours of wading through paperwork and keep your quality management system fully up to date with minimal input from you.
Look no further; visit our [ISO 9001 2000 Software] section [HERE][Back to Top]
Yes you do. The quality manual is central to an ISO 9001:2000 Quality Management System and is the central document from which all other documents and records emanate.[Back to Top]
Note to Registration Bodies: Please don't ask, I will not be bribed to put the name of your
certification body here.
There are now hundreds of registration bodies out there, many of which specialise in particular fields of registration. I will say that bigger does not necessarily mean better, many of the smaller certification bodies may be more familiar with your industry or service sector and can offer a personalised service.
However, before employing a certification body to carry out the certification of your business there are certain things that you must check.
|Make sure that the certification bodies ISO 9001:2000 certificates are recognised and accepted in your industry and by your customers.|
|Find out whether a recognised accreditation body has formally accredited your certification body and that their accreditation covers your industry or service sector.|
|The frequency and cost of surveillance audits.|
|Total costs for certification cycle i.e. annual management fees, surveillance visits, auditor travel and accommodation fees etc.|
|Confirm how much the certification body will charge to apply for registration and to maintain your registration. How much it will cost for the initial assessment, for the certification audit, and for future surveillance audits and reassessments where applicable.|
The above is intended a guidance only there may be other specific requirements related to your business or industry sector.[Back to Top]
ISO 9001:2000 has very specific requirements about management involvement in the Quality Management System, in particular clause five. Education, education, education, it is a clearly defined within the standard that management is to be involved in the development and deployment of the Quality Management System within your business.
Your top management will have to be instrumental in:
|Setting a Quality policy for your business.|
|Making sure the necessary resources are available for the correct functioning of the Quality System.|
|Setting Quality objectives for the business.|
|Holding management reviews.|
|Ensuring that the requirements of ISO 9001:2000 are met.|
|Communicating the importance of meeting customer requirements.|
Often the benefit of adopting an ISO 9001:2000 system has literally to be sold to the top management within the business. You will find many articles on this web site to help with this task. If you are unsure how to do this it may be worth contacting a consultant who will have all the necessary information and may do the job for you.
You can always visit our ISO 9001 2000 training services page to arrange for one of our consultant trainers to visit your organisation to educate your managers. Click [HERE][Back to Top]
At the time of writing this answer the figure world-wide stands at about 500,000 across 160 countries.[Back to Top]
Yes, you can use any documentation that already exists in your business, for example training manuals, specification manuals etc. The main point to remember here is to include them in your document control system.[Back to Top]
There is no definitive method that must be used, all the ISO 9001:2000 standard requires is that you
must be able to demonstrate control of your documents. Your business must document a procedure for the
control the your ISO 9001:2000 Quality Management System documents.
You can try and keep control of your documents using the old fashioned method of pen, paper and physical storage of changes to documents or use some ISO 9001 2000 Quality Management System software such as, Easy ISO 9001 2000®, that will do all the hard work for you.
For your business to be customer focused it will have to be responsive to its customer's current and future needs. Customer loyalty is often built on trust and their belief that you are willing to help them achieve their goal(s). To be frank most businesses lose customers because they fail to meet there needs be it on delivery times, cost or adherence to specification(s) or faulty product. A business that is customer focused tends to try and anticipate its customers needs in advance, after all who wants last years designer jeans or shoes? Being customer focused can often bring financial benefits to a business in the form customer loyalty, repeat business and tolerance of minor errors on behalf of your business.[Back to Top]
The ISO organisation will not permit your business to use their name on your company literature even
if your business has been certified as conforming to ISO 9001 2000.
ISO believe that use of its name by businesses may mislead third parties into believing that your business is in some way approved by or acts on behalf of ISO.
Good question. There are many quality management systems where businesses have documented everything they do to such an extent that they cannot move for the bureaucracy they have created. There isn't a special clause in ISO 9001 2000 that states that you must have thick documented procedures and work instructions with mass form filling. If you want to create this then so be it, but it is just not required or necessary.[Back to Top]
The information on this page is provided in good faith and at no expense to you. We can not be held responsible for any individuals misinterpretation of the content contained therein.