ISO Certification Without Insanity
It’s possible to become certified to ISO standards in a controlled, strategic manner, and bring quality improvements at the same time, in less than a year.
Meeting the requirements for ISO standards doesn’t have to be horrific or expensive. Here are suggestions on a project plan to get your Quality Management System (QMS) documented, and to get ready for certification – realistically, in less than a year.
Plan it as a Project
The best method we’ve seen in companies preparing for certification is to break it down into chunks, get the right people involved, and then set aside time to work on each chunk. These are some of the chunks.
Understanding ISO Requirements
The standards make good sense but are written in a detailed fashion, so you want to know what you’re working at before getting started. Not to brag, but www.PQAcertification.com has a wealth of explanatory articles in our FAQ and Blog sections. Also, we can send you a summary of the clauses and what they mean, and the record-keeping requirements throughout – contact us for your free copy.
Some of those requirements are explained below, with ISO 9001:2015 as an example. And remember, your system, though documented, is not a ‘system of documents’ – it’s a system that is documented.
FIRST: Leadership Defines Context, Interested Parties, Scope, Risk-Based Thinking
ISO standards require “top management” – that is, the highest level of leadership – to set the tone and direction, and ‘engagement of people’ which means everyone has a part quality, and conformance, including creating the system.
Leadership is required to consider and formalize the issues, both inside and outside the company, that help determine the strategic direction of the company; that is, what you intend to produce for customers, and how; and what areas you choose not to be involved in for good reasons. What are the legal, technical, social, competitive and other factors that set boundaries around your activities? All of this defines your context. The needs and expectations of others, including employees and all other stakeholders (including local, state and federal regulations) are also part of this ‘context.’
The ’scope’ is another technical word in the standard, and describes the purpose and activities of the company. For instance, you might decide your scope is to “Design, produce and sell on the open market, 3d-printed toys for 3-5 year-old children.” What kind of talents, skills, resources, machinery, and more, would be needed to be successful?
We wrote several articles in October 2022 about the next principle, Risk-Based Thinking; you can access those at www.PQAcertification.com/blog. The standard requires the organization to “consider” and “determine” the risks and opportunities that are relevant to its goals. How will you decide those? How will you pursue the opportunities? Record those somehow, so you can “consider” them, and your ability to respond, in your future strategic meetings.
NEXT: Planning and Providing Resources & People
--or thinking through what you already have. If you were starting from scratch, would you provide the same things and the same kind of workers? This could be a good time to adjust the plan for what sort of staffing, materials, equipment and so forth best fits your strategic direction. Are you thinking of expanding? What type of facility would best fit your future plans? What sort of work environment will it provide? Again, the standard asks you to consider all those and record it somehow.
Describing Your Operations
We’ve seen companies use template QMS documents, but a better way is interviewing: ask the people who actually do the work, to describe what they’re doing – the inputs, activities, and outputs – where everything comes from and where it goes, as well. This builds on the ‘engagement of people’ principle, and helps address the risks and opportunities as you go. You can use any method: photos, videos, text, diagrams, flowcharts, and any combination thereof. When you’ve got that assembled, check it with the workers again for accuracy and efficiency. You and they together may come up with improvements as you go!
The standard only requires the amount of control needed to “address risks and opportunities” – to keep things going the right way. And be sure to “retain documented information” – that is, records – to show you that the processes are working as planned (or not) – leading to the next point.
Gathering Data and Making Decisions
“Plan – Do – Check – Act” is the improvement engine build into the ISO standards. “Check” means more than a final QC of parts. It refers to looking at the whole. Example: does Purchasing always have the full information needed to order raw materials or outside services? If not, why not, and then what can be done about it? Checking, defining and analyzing to the degree necessary, gives us the information we need to make strategic decisions. The standard requires that top management formally review (the inputs and outputs are defined) the data on the system, at regular intervals.
Putting it All Together
A lot of the first segments here can be done by having good leadership team meetings and keeping good records of what was decided. The rest of the QMS documentation isn’t that difficult. The best way we’ve seen to do that is to plan and complete one project each week or so, in a systematic way until they’re all documented. Then you want to go through and figure out if all the connections between activities are correct – where do material and information flow, and how? – so everything flows well.
On a chosen date, “implement” – that is, start using the system in the way you’ve documented it. Keep three months of records. Do a full round of internal audits and hold a management meeting as described in the standard, to assess your results. Then you’re ready for your Stage 1 audit – three months after you implemented it! That’s why we say you could have it all done in a year, or even less.
Are you ready to start your certification journey? Contact us for a free quote!