1. What is ISO 9001?

In short, ISO 9001 is a voluntary Quality Management System standard that helps organizations ensure they are meeting customer requirements. Note that the key word in the title is "Management." The intent of the 9001 standard is to implement systems that Management can use to better run the business. Many companies have portions of these best practices in place currently or they wouldn't be able to stay in business. However, the standard offers a more structured approach for processes such as how customer requirements are reviewed and met; how products or services are actually produced and delivered; how employees are hired and considered to be competent; how documents are controlled to ensure they are current; how management itself periodically reviews the processes they have implemented; and how data is used in decision making. In fact, the 23 page standard provides guidance in all areas of the business. Its process approach to organizational improvement can be applied to any business - no matter the industry or size. 2. What is the difference between ISO 9000, ISO 9001, ISO 9002, ISO 9003, and ISO 9004? ISO 9000 indicates the overall series of the Quality Management System standards. ISO 9001 is the number of the actual standard to which a company achieves certification. Both terms are often used synonymously to refer to the certification. The year of the current revision of the standard appears in the title, such as ISO 9001. Prior to the 2000 revision of the ISO standard, there were also ISO 9002 for companies who didn't design any products, and ISO 9003 for companies who just did distribution. ISO 9002 and 9003 have been discontinued. Now, there is just the one standard, and if certain sections don't apply, organizations can take an "exclusion" for those sections. ISO 9004 is a guidance document that helps explain the requirements of the 9001 standard. ISO 9000 itself is also a supporting document related to fundamentals and vocabulary. 3. What does ISO stand for? The International Organization for Standardization decided not to use an acronym for their organization, because it would be different in different languages. Instead, they used the word "ISO," which is derived from the Greek word "isos" meaning "equal." The standards act as an equalizer for companies doing business across global boundaries. Apart from the Quality Management System standards, there are many other standards that are maintained by the International Organization for Standardization located in Geneva, Switzerland, and their 158 member countries. 4. What are the benefits of certification? Apart from the obvious benefit of opening up market opportunities where ISO 9001 certification is a requirement, the biggest benefits stem from having a structure to improve your processes. Because the standard is really based on best practices for organizations, it provides management with the tools to objectively decide where things are working well, and where to best apply resources to make things run more smoothly. So - ideally, ISO 9000 helps your management team maximize the effectiveness of your business, thereby enhancing growth and reducing cost. From your customers' perspective, it gives them confidence that you have an organization that can consistently meet their needs. 5. My company is very small. Can I get certified? Absolutely. We've worked with companies of one or two people who decided to get certified. The processes that you'll put in place would have the same intent as a much larger

company; it's just that the implementation will be simpler. We work with organizations to assist them in balancing the appropriate level of documentation with what's necessary to meet requirements. 6. How much will this cost? The answer depends on a number of factors. There are costs to implement, cost related to the Registrar and costs to maintain. In terms of costs to implement, if you choose a full doit-yourself approach, the only real costs will be in the time for resources dedicated to the implementation process and in time spent writing documents and training your staff. If you have little experience with ISO 9000, or have limited internal resources, you might choose to get some outside professional help. Costs of registration are dependent on the size of your organization as well. Most registrars charge a certain rate per day to be onsite at your facility. Currently the rate is around $1,100 - $1,500 per day per auditor. Smaller companies could expect one auditor on site for 2-3 days; larger companies may require several auditors for an extended site visit. There are also processing fees for the audit report and certificate. To maintain your certification, the Registrar must return at least annually to audit a portion of your system. Those costs will be less than the original visit, since the time spent will be shorter. Once every three years, the Registrar returns to audit your entire system. 7. Does ISO apply to my industry? The ISO 9000 standards are general enough to apply to any industry. We have clients in industries ranging from manufacturing to government and defense contractors; from education to call center operations to software development and they can all apply the standard to their business model. 8. Where can I buy the standard? The ISO standard can be purchased in various languages through the International Organization for Standardization website. In America, the standard (officially, "ANSI/ISO/ASQ Q9001-2008: Quality Management Systems Requirements") can be purchased through the American Society for Quality website. The Standards Council of Canada also has the standard available for purchase on their website. 9. What do recent changes in the ISO standard mean to my company? An amendment to the ISO 9001 standard was released in November 2008. The changes primarily clarify wording, and don't add any new requirements. However, certified companies will need to review their documentation in light of the changes, and revise accordingly. If you are currently certified, you will have two years to transition to these modified requirements. If you aren't certified yet, you will have to understand the intent of the requirements, implement systems that comply with the amendment, and then be audited to the new standard. In either case, you will have to purchase a copy of the ISO 9001:2008 standard which can be found at the International Organization for Standardization website or through the American Society for Quality site in the U.S. 10. We build 2 products for a customer who is requiring ISO 9001 certification. Can we attain certification on a product level? If the products are manufactured in a segregated area or separate building, then you may be able to limit the scope of the certification to those products. Generally it is not possible to do so if these products are built using the same manufacturing process as other products.

That being said, the work to implement ISO 9001 for these two products is probably nearly equivalent with certifying the entire facility so it might be more trouble than it's worth to try to keep everything separate. 11. Which requirement(s) don't apply in an organization with two people? Exclusions to ISO 9001 can be taken to requirements in section 7.0 that are not part of the company's operations. It's not related to the size of the company but the type of business you are in. Incidentally, what IS critical in a micro-business like your's is to keep the documentation simple. We regularly work with companies as small as a 1-man shop to get ISO certified. It's important to tailor the documentation approach to not make your system overly cumbersome that only raises the ongoing costs of certification and often results in more audit findings. 12. Where does ISO fit into the organization's quality management system? The ISO standard offers best practices that can be used to implement a quality system in any organization. Many organizations who attempt to implement improvement efforts find the efforts can be disjointed without a structure such as ISO 9001. ISO provides a way to focus the management team on what they need to do to successfully implement change in ways that satisfy customers. 13. Do I need to own a copy of the ISO 9001 Standard in order to get certified? Yes. Your Quality System is based on the requirements of the ISO Standard, and so you need to ensure that you have a copy of the most current version to show evidence that you fully understand those requirements. Most Registrars do ask to see that you have a copy available and that it is controlled appropriately as an external document in your Document Control. 14. Do I need a consultant? Many companies choose to attain ISO certification on their own, so having a consultant is not a requirement. We do believe that having access to a consultant's knowledge and expertise can be very helpful as you try to sort out how to apply ISO in your business. And if you have an urgent need to attain certification and limited resources, using a consultant is often the most practical approach. We provide several flexible options to meet most needs.

1. How long will it take me to get certified? Of course this depends upon several factors such as: how large your organization is; how complex your processes are; what procedures you may have in place already, etc. For a smaller company (less than 100 employees) an implementation can take 4-8 months; for a larger company (more than 100 employees) the process can take 12-18 months. The process also depends on the time and resources your company can apply to implementation. One note about the timeframe - once you have met the requirements, there is some time needed for your systems to mature and to produce records that show evidence the systems are working. Most registrars prefer to see 2-3 months worth of records after you've implemented everything. That time needs to be figured in your overall timeline upfront, especially if you have to meet a deadline for registration. 2. How many documents will I need? What are the requirements?

Many people are hesitant to begin the certification process, because they incorrectly believe that they will need mounds of paperwork to comply. In fact, the ISO standard only requires a quality manual and six written procedures: Control of Documents, Control of Records, Internal Auditing, Control of Nonconforming Product, Corrective Action, and Preventive Action. Beyond those requirements, it's really up to you how much additional documentation you need to plan, operate and control your business effectively. Some companies find the need to add extra controls they didn't have previously; some use the process to delete older documents that are redundant or not worthwhile to maintain. 3. My customer is asking me to become ISO certified...or...I need to bid on a project that requires ISO certification. How can I do this quickly? You can certainly be ISO certified in as little as 4 months. It requires focused attention on your part and often the help from an experienced outside consulting resource. Another option to speed up your ISO project would be to utilize a template-based documentation package like we provide on the 9000World website. 4. What should I do first? The best way to start is to gain an understanding of the requirements and the process. One place to start is the free training video entitled "Introduction to ISO 9000," which provides an overview of what ISO 9000 entails. 9000World also provides free access to articles that help you gain specific insight into processes and terminology that may be confusing as you get started. 5. What is a gap analysis? A gap analysis is a process used to assess your organization's readiness for ISO 9000. The analysis can be done to review what you currently have in place versus the requirements of the ISO standard. Any differences are the "gaps" that need to be addressed. This process can be conducted by internal staff or can be done by an external consulting firm and should occur in the beginning stage of your implementation. 6. Who is the Management Representative? There needs to be an individual appointed by top management who is responsible for ensuring compliance with the ISO standards and internal procedures. This individual, the Management Representative, usually drives the initial implementation and certification project. After implementation, the Management Rep. has some specific duties relative to the Quality Management System as outlined in the ISO standard. This person needs to have some broad authority to drive change and to relate customer requirements, so the Management Rep. needs to be respected in the organization. Related information: 5.5.2 Management Representative 7. Who can be internal auditors? Internal auditors are people internal to your business - your employees or a sub-contractor - who are trained to audit your company's quality management system. In many organizations, auditors are drawn from their full time jobs periodically (usually annually) to perform "audit duties" on a part-time basis. One stipulation is that auditors are not allowed to audit the areas where they work in their full-time capacity. Even in small companies, this can be accomplished by having at least two auditors assigned. The smallest of companies might consider sharing resources within another local ISO certified company or hiring outside help. Related information:

8.2.2 The Internal Auditor 8. What documents do I need to be certified by ISO 9001 if I want to open a logistics and sort company? The documentation needed to get any organization certified (be it logistics, or manufacturing, or service) is really the same. There is a quality manual needed, which is a policy level document that shows how you address all the ISO requirements. There are six procedure level documents required: Control of Documents; Control of Records; Internal Audit; Control of Non-conforming Product; Corrective Action; and Preventive Action. And then there are other documents that you deem necessary to run your business. The need for these documents is really your call in terms of what you need in place to control and operate your organization. If there are sections of the ISO standard that aren't applicable - for example, if you don't design products or services - you can write an "exclusion" in your quality manual to exempt you from that section. We provide several packages that can get you started with the quality manual, procedures and other helpful tools. They can all be modified to suit your company. 9. What is the difference between design verification and validation (7.3)? Verification is an evaluation of your final design results to ensure that they meet specified requirements for the product that were developed before the design effort began. Validation is an evaluation of your product's capability to meet the needs of your customer's application or use. In other words, verification asks, "Does our design meet the requirements?" and validation asks, "Does our designed product work for what the customer needs?" 10. Should findings during an Audit be used to take disciplinary action against an employee or should processes be improved so that all employees are made to act to the required standard? An interesting question. In our view, an ISO-based QMS is a system of processes that are established and managed by the top management of the company. Employee "compliance" with procedures and processes is achieved with a balance between good process design and employee involvement. Both are necessary and, in our opinion, both are the responsibility of management. A good process design is one that is easier to do "right" than to do "wrong" so that employees will more often do the "right" thing and errors are immediately made visible to the employee so that a quick correction can be made. If a process is hard to do right, or easy to do wrong, it will be done wrong sometimes simply due to human error, in spite of best effort by employees and management. Employee involvement is achieved by the creation of a company culture that encourages identification and removal of obstacles in the process. If "real world" obstacles are hidden or ignored, it violates the rule for good process design mentioned above. Most often, obstacles are hidden or ignored because management has not made it "safe" to report problems. That being said, there are times when an occasional employee will not want to participate and support the change. I've often said that these are the easiest problems management can solve because the appropriate action is clear.

In summary, I guess I'd more support your latter suggestion over the former one. 11. Why are metrics so important in the new standard? Also what are some typical objectives of different functions and levels? Metrics are critical because they provide a way to gauge the effectiveness of the processes that have been implemented. More importantly, measures tell an organization how well they are doing in meeting the elements of their quality policy. Most organizations measure several high level objectives related to speed, delivery, quality, reliability, customer satisfaction, etc. Ideally, departmental measures are then designed to support the organization's measures. For example, on-time performance can be measured not only for the business as a whole, but within each department or even at individual work areas. It's really about alignment and focus for going forward as much as knowing where the organization is currently. 12. What are the disadvantages in ISO 9001? As with anything worthwhile, there is some ongoing effort required to maintain ISO 9000 so that it returns real value to your organization. It is possible to implement ISO only to satisfy the auditors and to "check the certification box". But, in many cases only an extra half-step of effort is required to make the certification really pay for itself with increased quality and efficiency. Certainly there are some resources needed to maintain the processes you implement. However, most companies feel this cost is offset by the business benefits realized in terms of more efficient processes. 13. How do international standards make life easier for employees? In ISO certified companies and non-ISO certified companies. The ISO 9001 process does impact every employee in a certified company. Generally, the continual improvement of your company processes and procedures involves employees in helping to make changes to the ways in which work gets done, thereby making things work more smoothly. This emphasis on continual improvement is the primary purpose of the ISO certification. 14. Are flowcharts needed? The ISO 9001 standard requires that you define your processes, the sequence, and the interaction between them. Many companies develop flow charts to meet this requirement. In fact, some Registrars prefer to see a flow chart as evidence that you understand the key processes of the business. It's also a way to explain the business processes to new employees. 15. Can I really get certified in 2-3 months as some websites claim? While it is technically possible to attain certification that quickly, it would imply a very simple process and a very small company. Most organizations take four to six months to attain certification. Also, in order to achieve any business value through the certification process, it should take some thought and planning, which takes a bit longer. 16. Do I need a full-time person dedicated to run my ISO program? There are several factors that dictate how much time to dedicate to the Quality System. Factors such as size of the organization, complexity of the process, manual administrative systems verses automated or electronic systems (ex: Document Control) all have a role in determining if there is a need for a full-time person. Of course, during the set-up of the Quality Management System there is more of a time commitment than after you are certified. For most small companies, it is a part time role.