FREQUENTLY ASKED QUESTIONS: ISO CERTIFICATION
Based on our knowledge in the field of ISO Certification, we have answered some common questions that we have been asked over the years.
We’re always happy to take a call and if you have a question not answered here, please feel free to contact us at anytime.
FAQ’S ON OUR BACKGROUND AND KNOWLEDGE IN THE FIELD OF QUALITY
How would you define the term Quality?
We like to define quality as follows:
Quality is the degree to which a product or service meets or exceeds the needs and expectations of the customer.
Quality is a relative term and is based on the industry sector you are serving and their expectations.
This is why the ISO 9001 standard places so much emphasis on determining and reviewing customer requirements, at both pre-contract and post-contract award and having robust systems in place to manage this activity.
Tell us about your background and how it will help us?
We have studied Quality as subject in college since the mid 80’s and have an appreciation of the leading Quality Guru’s and their philosophies.
We have 16 years direct industry experience in implementation and upkeep QMS’S to ISO 9001, acting as Management Representative or in a Quality Manager role. Also during this time, we have 10 years’ experience of driving continuous improvement, using various quality tools and techniques.
Finally we have 8 years’ experience as Consultants, with 4 years conducting 3rd party audits on a contract basis for leading certification bodies, both in Ireland and the UK.
You will benefit from using our services in the following ways:
- We are professionals at what we do – we know the pitfalls of poorly implemented and maintained quality management systems – so we will ensure that you do not make the same mistakes.
- We have a proven track record of successful delivery of our services, and we can demonstrate this to you!
- Professionals can always complete a task faster, more efficiently and to required standard than someone with little or no experience. We save you the stress, time and resources needed to implement and maintain an effective QMS using in-house resources.
You state that you are a Principal Grade Internal Auditor. Is this similar to Lead Audit and what did you have to do to attain such status? Finally how will it benefit us if we do business with you?
Very good question – when Consultant’s state that they are Certified Lead Auditors – just because you do a 5-day Lead Auditor Course and you get a certificate, doesn’t mean they are competent auditors.
It’s takes time effort and years of experience to become a competent QMS Auditor and one of the ways of demonstrating this is to be registered to an organisation such as IRCA.
All IRCA registered auditors carry an Auditor Card which is valid for a period of 12 months. We will show you evidence of this when we first meet you.
The difference between Lead Auditor and Principal Auditor grade is as follows:
Lead Auditor
This grade is suitable if you are a competent auditor experienced at managing audits and leading teams. It is normally reserved for full-time certification body auditors
Principal Auditor
This grade is suitable if you are a senior audit professional with an extensive history of conducting full-system audits, but you may no longer lead teams or audit regularly. Principal auditors have often moved into training, consultancy or management roles.
The assessment process is as follows:
Qualifications
- Review of relevant diplomas’ degrees etc.
Work experience
• You are required to demonstrate you have 8 years full-time experience relevant to the auditor scheme you are applying for.
Other Requirements:
• 3 years full time employment as a management systems auditor with an accredited certification body (or demonstrable evidence of contracted 3rd party audits with an accredited certification body).
So you see there is much more to proving you are competent to conduct audits.
So the benefits to you as an organisation in employing an IRCA Certificated Lead Auditor is as follows:
- With the increasing competitiveness of business, it is more important than ever that organizations benefit from using competent, certified auditors. As an IRCA auditor we belong to a register of over 12,000 skilled management systems professionals that operate in over 120 countries.
- IRCA has assessed our technical and interpersonal skills, including our professional attributes (ethical conduct, professional care, communication skills), and our skills in planning, managing and reporting management systems audits. This provides clients and employers with the assurance that we have the ability and experience to add real value to their business, through the assessment of business processes and systems.
- Because we belong to IRCA we have access to the latest information and thinking with regard to management systems and auditing. We also participate in a programme of continual professional development that ensures that we can provide clients and employers the best results.
I have spoken to numerous business about ISO Certification over the years – some have said that ISO 9001 generates too much paperwork and does not add value. Would you agree with this statement?
We’ve heard this statement many times – It’s our belief that a Quality Management System implemented correctly is of tremendous value to an organisation.
It is our experience that a poor Quality Management System is a result of some, or all of the following factors:
1. Poor consulting – consultant has given you a relatively generic documented Quality Management System and hasn’t got to the core of how you run your business and/or the company has accepted that this is what they needed to do to meet requirements and did not challenge the reasoning behind the forms and their format for fit in their organisation.
2. Lack of knowledge and understanding of the requirements of ISO 9001 and how to apply them in.
3. Lack of leadership and commitment to the integration of the Quality Management System as a tool to run and improve the business.
4. Poorly conducted internal audits – which do no pick up on obvious failing in the management system and pro-actively track recommended corrective actions to closure and follow up on the effectiveness of actions taken at subsequent audits.
FAQ’S ON ISO 9001 CERTIFICATION
What does ISO stand for?
ISO stands for the International Organisation for Standardisation. They develop and publish International Standards.
Can your business issue ISO Certificates?
No, we are a Consultancy practice who offer implementation of a Quality Management System prior to the application for ISO Certification and also a maintenance support service, after you achieve certification, should you require it. Certification bodies which are independent of the implementation process, they audit and issue certificates.
What is ISO 9001 Certification?
ISO 9001, is the Internationally recognised Quality Management System (QMS) standard – it’s a guidance document on the requirements for implementing and maintaining a QMS with a business.
How does ISO 9001 Certification benefit a business?
A correctly implemented Quality Management System, can yield some, or all of the following benefits:
- Win more business and compete in tenders
- Better management of business processes
- Enhance the company image
- Increase employee satisfaction
- Reduce re-work and frustration
- Creates a framework to continually improve, streamline operations and reduce costs
What is the process of attaining ISO Certification?
See our ‘How We Work’ section of the website and our ’12 Steps to Certification’.
Once you have your documented system in place and have developed the necessary amount of records (normally 3 months records), you are ready for your registration audit with your chosen Certification Body.
The audit with a Certification Body is 2 stage process:
Stage 1 Preliminary Audit – Company and documentation review – this is mainly a desktop exercise, coupled with a walkabout of your premises, conducted by the lead auditor from your Certification Body.
The aim is to establish the following:
- The scope, size and number of employees is correct in line with the application that you submitted and any exclusions are valid.
- The necessary documented high-level review QMS and records required by the standard are in place and that there is a sufficient amount for you to proceed to the stage 2 audit.
It is important to note that it is not mandatory to have all records in place for the stage 1 audit – in fact, we actively encourage you to apply, once we have developed the documented QMS and you are in the progress of gathering the necessary records.
The output of the stage 1 audit is an audit report confirming whether you are ready to proceed to the stage 2 Registration Audit. Depending on the company’s level of compliance, a date is agreed by which all the findings will be addressed and date is agreed for the stage 2 registration audit.
The stage 2 Registration Audit is much more in-depth look at the business, it’s people and it’s processes. It involves interviewing, observing and reviewing of records to determine the level of compliance with requirements.
Certification bodies usually have a ‘category of finding’ at this stage of the certification process.
A Category 1 finding is a MAJOR finding and certification cannot be recommended. It is only raised if you have provided no evidence of fulfilling a requirement of the standard. As a practice, we have never had a category 1 finding raised and we guarantee you won’t either!
A category 1 finding will require you to submit evidence of compliance before a certification can be recommended. If the finding is relating to a process, it may involve an addition visit to observe and verify compliance.
A Category 2 finding is what they call a MINOR non-conformance. An example of this type of finding might be an item of equipment found to be out of calibration however you have a very good calibration system in place showing a high level of compliance.
With a category 2 finding, you can be recommended for certification subject
A Category 3 finding is an observation, generally corrective action is not mandatory, but an auditor will ask you to give the finding due consideration.
The Certification Body conducts an in-house technical review of the audit report findings and corrective action plan you submitted.
Assuming all is ok – your Certificate is issued normally 4-6 weeks after the submission of an effective action plan (where requested).
How long does it typically take to achieve ISO 9001 Certification?
A typical minimum time frame is 3-4 months for a small business, is about the average.
Once we have ISO 9001 Certification, for how long does the Certificate remain valid and how is compliance monitored by the awarding certification body?
An ISO 9001 Certificate awarded by an Accredited Certification body lasts for 3 years and is subject to having and passing an annual surveillance audit.
How much does ISO 9001 Certification cost?
There are 2 costs our Consultancy fees and that of the Certification Bodies for the audits.
Actual costs vary and are influenced by many factors, some of which are outlined below.
Some Factors That Influence Cost and Time of ISO 9001 Certification
- How committed are Top Management – if you keep cancelling appointments, which can happen, the timeframe naturally is going to be extended.
- The current culture of your organisation and whether people are willing and open to change.
- The size and complexity of your business. Design and manufacture obviously will take more time than a small simple structured service organisation.
- The level of the majority of your current management system against the requirements of the requirements of the standard. In other words, the size of ‘the gap’
- What resources and time you have available.
So to determine the cost we need to meet with you and get a feel for your business. We can then quote you a FIXED FEE for the project, so that you have total clarity as to the project costs.
FAQ’S ON OUR ISO CERTIFICATION SUPPORT SERVICES
We are a small company with limited resources and have great difficulty with updating our internal audit programme. Is this something that you can help us with?
Absolutely, we have of experience in auditing both as Internal Auditors and Lead Auditors with Certification Bodies.
So we can help you with the following:
- Developing and managing your audit programme
- Conducting audits on a contract basis and providing you with professional reports
We decided to attempt to implement the requirements of ISO 9001 using our in-house resources, however we are unsure that we have implemented the requirements correctly. Can you assist with identifying any gaps/issues that we need to address?
Yes, we can conduct a gap analysis exercise/audit and issue a format report with our findings.
We feel that our current documented management system is very difficult to maintain and does not work for our business. Can you provide us with advice and guidance on how best to improve on it, so that it adds value to the day to day running of our business?
Yes, we can conduct a full Quality Management System audit of your management system and issue a format report with our findings and recommendations. We can of course, also restructure your whole documented Quality Management System to make relevant to your business.
We are already Certified to ISO 9001:2008 and wish to upgrade to ISO 9001:2015. Is the transition to the new standard something you can help us with?
Yes, we have a proven ‘road map’ to transition businesses to the new standard. See our news item about our client Allen Removals & Storage on the website, we are one of the first practices in Ireland to successfully upgrade a company to the new standard in March 2016.
FAQ’S ON CERTIFICATION TO ISO 9001:2015
We are currently Certified to iso 9001:2008. What is the date by which we have to transition to the new iso 9001:2015 standard?
September/October 2018 is the deadline. After this date, all ISO 9001:2008 Certs in circulation will be INVALID.
Our advice is don’t wait until the last minute to tackle the new requirements – act now – start reading the standard. The new standard is the most significant change to ISO 9001 requirements in almost 2 decades.
Should you need external guidance, the closer it gets to the deadline, the busier Consultancy practices and Certification Bodies are going to be!
Can we get Certified to ISO 9001:2008 now and upgrade to ISO 9001 : 2015 at a later date?
The answer is yes you can, however, you will probably find from mid-2017 onwards, that Certification Bodies will only accept applications to ISO 9001:2015.
Can you give us an outline of the changes to ISO 9001 in the 2015 version?
The main changes are as follows:
New high level SL Structure – this will be common to all management system standards going forward and it will make the integration of different management systems easier.
So all the clauses references in the standard have changed.
Greater emphasis on leadership and use of the QMS as a tool to achieve strategic business objectives – this must be demonstrated at all future audits – auditors with look to interview the person responsible for leading the organisation.
Organisation needs to demonstrate that management of risks and risk based thinking in the business – the method is up to the organisation to decide.
Objectives need to now not only to be well defined, but have plan for achieving them – so the simple one liner objectives will no longer do! In fact, if you have a business plan or strategic review document, this will be a great asset to you as a starting point in meeting the new requirements of the standard.
There is requirement for the quality policy to reflect the strategic direction of the organisation – so generic quality policy statements will need to be reviewed and updated accordingly.
When reviewing corrective actions you are now required to review the associated risks as part of the review.
The need for a quality manual and procedures is no longer required, however, we feel most businesses will find them useful and indeed necessary, to have some form of benchmark for control of the business processes and training of staff in the operation of the Quality Management System within the business.
There is a clear requirement to monitor performance of business processes, normally via relevant key performance indicators. It’s the old adage that ‘what gets measured, gets managed’
Scope is now determined by the context of the organisation, so if a business process has an effect on the product/service, it must be included.
The above is not intended to be an exhaustive list – but it gives you flavour as to the main changes.
I believe the standard has no reference to a quality manual and procedures. Is this correct?
Yes, most businesses and clients we have talked to think this is ridiculous – you need to document your processes and controls so management and employees know what to do and for training of new staff.
We recommend retaining the core procedures of your QMS as required by the 2008 Standard as a minimum. In fact, should you go for the transition audit to ISO 9001:2015 and if you fail, it is important that you retain your ISO 9001:2008 so that you can remain certified!
A well written Quality Manual, aligned to how the company actually operates its’ Quality Management System, is a valuable document which should be retained.
If you read your Quality Manual and it has the same wording as the ISO 9001 standard, with the words ‘the organisation shall’ and replaced with your company name – we would probably advise you to remove it from your QMS going forward, as it was not adding any value to your business in the first place.
REMEMBER! The ISO 9001:2015 still requires the organisation to retain documented information to demonstrate compliance with the standard – so don’t be fooled into thinking you don’t need procedures and records at some level.
Is it correct that design is now a mandatory requirement?
Yes. That’s our belief anyway, because the standard clearly states design of products/services and processes.
So if you are relatively new business, it is highly likely that you will need introduce a new service at some stage until you find your niche.
For all businesses as a minimum, you need to have a process in place to demonstrate how you would bring the service for initial concept formerly into the management system. And where you have introduced a new service, have the records to demonstrate that the process has been followed.
Is a ‘formal risk management process’ now a mandatory requirement of the standard?
In a word no. It’s left up to the organisation to decide on how best to comply with this.
We have done some lateral thinking on this aspect of the standard and have a few different ways of approaching this aspect of the standard.
Some quality tools you could consider using are as follows:
Failure Mode Effect Analysis (FMEA)
SIPOC Diagrams
Turtle diagrams and/or swim lane process flows.
