ISO 9001: Cer­ti­fic­ate for Quality Assurance

Quality checks are important for every company. Of course, not only company ex­ec­ut­ives are in­ter­ested in the quality of their own services - customers, investors and creditors must also be able to rely on the company being led correctly and sus­tain­ably. So that you can show the world you’re your own quality man­age­ment is performed at a high level, the In­ter­na­tion­al Or­gan­isa­tion for Stand­ard­isa­tion (ISO) has developed a standard and a cor­res­pond­ing cer­ti­fic­ate: ISO 9001.

The goal of quality man­age­ment is to con­stantly improve workflows and man­age­ment. At the same time, com­mu­nic­a­tion within the company is as much a priority as customer sat­is­fac­tion and workflow ef­fi­ciency. Both the product being offered to the customer and the internal processes should con­tinu­ously advance toward an optimum. In doing so, it is best for the company to introduce a quality man­age­ment system (QMS). This helps with or­gan­ising quality man­age­ment.

Whether this system is effective and also properly im­ple­men­ted is too difficult to assess ex­tern­ally. Also, such a com­pre­hens­ive system can only be overseen with dif­fi­culty in­tern­ally if one does not adhere to clear guidelines. ISO 9001 stip­u­lates exactly this type of criteria. If a company obtains cer­ti­fic­a­tion, they can advertise in­ter­na­tion­ally that they have high quality-assurance mech­an­isms.

ISO 9001 has already – along with other standards in the 9000 series – been in use since the 1980s. It was revised in 2000 and 2015. One assumes that over a million companies worldwide have ISO 9001 cer­ti­fic­a­tion.

In order to be able to receive an ISO 9001 cer­ti­fic­ate, the QMS being used must meet certain re­quire­ments. To this end, the standard contains seven sections (Chapters 4 to 10) with reg­u­la­tions.

How is your company set up and what does this mean in terms of re­quire­ments? This chapter of the ISO 9001 standard (to be precise, ISO 9001:2015) will ask you to evaluate your company. In doing so, you must take both internal and external factors into con­sid­er­a­tion. The size of your business plays as much of a role as es­tab­lish­ing the market and customer base, and even company culture. QMS must deal with all of these factors. In the process, all potential trouble spots and hurdles that a QMS must overcome are revealed. All findings should be thor­oughly doc­u­mented.

This section addresses upper man­age­ment’s ob­lig­a­tion to have a well-func­tion­ing quality man­age­ment system. This also includes man­age­ment assuming ac­count­ab­il­ity for the QMS. Should it turn out that the system is in­ef­fect­ive, then man­age­ment assumes re­spons­ib­il­ity for this failure. Generally, lead­er­ship should set a good example by openly promoting the QMS. In doing so, they encourage all their other employees to adhere to the system.

Another important point – addressed in the standard as a subchapter – is customer ori­ent­a­tion. Company man­age­ment must make sure that customer demands are also met. To this end, the demands should be described in specific terms in order strictly work toward ful­filling the cus­tom­er­'s wishes. It should always be the company’s objective to steadily increase customer sat­is­fac­tion.

The so-called quality policy outlines man­age­ment’s vision. Thus, the company’s ob­ject­ives must always be com­pat­ible with quality man­age­ment. This is why the defin­i­tion of quality ob­ject­ives is also among man­age­ment’s re­spons­ib­il­it­ies. Fur­ther­more, one must assign clear roles and thus also rights and ob­lig­a­tions.

The next section (chapter 6) deals with the actual planning of a QMS. Here, the re­quire­ments con­cern­ing this or­gan­isa­tion­al step are defined. While doing this, risks and op­por­tun­it­ies are an important factor. According to the standard, the planning should be carried out in such a way that the result minimises risks and improves op­por­tun­it­ies. To achieve this, both success factors must be defined and doc­u­mented at the beginning. The second step then involves planning for how to address op­por­tun­it­ies and risks.

This chapter also calls for quality ob­ject­ives. It involves going into more detail so that the set ob­ject­ives are specific and not abstract. This means that you should define ob­ject­ives that are also meas­ur­able. Whether the self-defined ob­ject­ives were thus achieved should be decided based on facts and not through in­ter­pret­a­tion.

In this section, it is mainly a question of managing resources. One of these resources is personnel. Company employees should receive support from man­age­ment in the im­ple­ment­a­tion of the quality man­age­ment system. To this end, com­mu­nic­a­tion plays a very large role. All employees must be informed about ob­ject­ives and the paths to achieving the desired quality standards.

For the purpose of this chapter, however, support also has to do with making other resources available. It is man­age­ment’s re­spons­ib­il­ity to provide in­fra­struc­ture, budget, meas­ure­ment tech­niques and expertise in such a way that quality can be assured for the long-term.

The services and products offered by the company are the focus of this section. It is necessary for defining the re­quire­ments for services. How must the man­u­fac­tured product or offered services be designed and/or be executed in order to achieve optimal quality? Re­quire­ments as well, such as the plan for how the company wants to realise these ob­ject­ives should be thor­oughly doc­u­mented. Even with pro­duc­tion steps that are carried out by third-party providers, re­spons­ib­il­ity and oversight remain within your op­er­a­tions.

Com­mu­nic­a­tion with your customer base in ac­cord­ance with ISO 9001 is also part of a product or service. This comprises the dis­clos­ure of in­form­a­tion regarding the offering or even the provision of help resources such as a support line. You must set clear guidelines within your company with respect to how these tasks are to be handled.

This section deals with mon­it­or­ing the quality man­age­ment system: Which methods are utilised in order to check the ef­fect­ive­ness of the QMS? An audit’s findings are to be doc­u­mented and archived as ac­cur­ately as possible. In terms of quality man­age­ment, however, they must also measure customer sat­is­fac­tion, so methods must be defined for this as well. However, you are not only auditing in­tern­ally, but ex­tern­ally as well. The standard ex­pli­citly mentions that this also includes man­age­ment. In a man­age­ment as­sess­ment, man­age­ment’s per­form­ance should be examined crit­ic­ally with regard to quality man­age­ment.

How the meas­ure­ment methods should spe­cific­ally look is not defined by the standard. Every company can decide based on their own situation. What is important is that specific data can be collected. Fur­ther­more, you should perform all data col­lec­tion and analyses at regular intervals.

The con­clud­ing chapter of the ISO 9001 standard deals with the con­tinu­ous im­prove­ment of your quality man­age­ment system. In doing so, you determine with which resources quality will be further increased in the future. This involves de­term­in­ing problems during your first step. Where are there starting points for im­prove­ment? In a second step you plan measures for im­prove­ment. Im­prove­ment should occur con­tinu­ously according to ISO 9001 – thus, when it comes to quality, stasis should not prevail.

ISO 9001 involves dealing with an in­ter­na­tion­al standard, not some form of law. The cor­res­pond­ing cer­ti­fic­ate is an optional means of promoting your company, not a re­quire­ment. Every company is at liberty to approach quality man­age­ment dif­fer­ently. However, there are good reasons for why companies should still adhere to the guidelines.

On the one hand, cer­ti­fic­a­tion clearly stands out. ISO 9001 means a lot – across all in­dus­tries as well. An ISO cer­ti­fic­ate has a high value in most parts of the world. In this way you build trust in your company on the in­ter­na­tion­al stage. Both customers and business partners can be sure that a business with this cer­ti­fic­ate uses a system for ensuring quality over the long-term.

On the other hand, with ISO 9001 you have a good guidebook. Instead of trying to determine reg­u­la­tions, and as a result perhaps fail to do so, with the standard you have a soph­ist­ic­ated work available. Many experts have worked together on the ISO standard and have kept it current through re­vi­sion­ing. Therefore, anyone who works according to the standard reference will sooner or later notice im­prove­ments, such as increased customer sat­is­fac­tion – provided that one is dis­cip­lined in their adherence to the pro­vi­sions.

When you receive ISO 9001 cer­ti­fic­a­tion, it means an in­de­pend­ent authority has de­term­ined that the quality man­age­ment system being utilised meets the in­ter­na­tion­al standard. There are many cer­ti­fi­ers for this: it partly involves private companies; however, many as­so­ci­ations perform audits as well.

Before you choose a certifier, it is necessary to install a quality man­age­ment system or adapt an existing one to the ISO standard. This also involves preparing the necessary documents. Then you usually perform an internal audit. This means that you simulate the audit and, in this way examine your company for weak spots. To this end it can be helpful to call in an external con­sult­ant who can ensure an objective per­spect­ive. They can also provide tips for solving problems.

Only then does the actual audit takes place, and indeed in two phases. First of all, the auditors review your doc­u­ment­a­tion. If this is complete and correct, the second phase follows. Should the auditor notice smaller flaws, you can eliminate these for them at the beginning of the second phase. With larger abuses, however, the audit is ter­min­ated. There should be no more than three months between the first and second step.

In the second phase, the actual activ­it­ies are audited. For this, the auditor visits the business premises and speaks with employees. In the second step the doc­u­ment­a­tion is reviewed again – but this time it’s more detailed. The cer­ti­fic­a­tion authority then generates an audit report where all items which are in agreement with the standard are listed, as well as those that deviate from it. This document is the basis for the closing meeting, in which the auditor presents to you their findings. If your QMS is not yet compliant with the standard, you have 90 days to make ad­just­ments. Then a follow-up audit occurs.

If you pass this audit, the cer­ti­fic­a­tion authority issues you a cer­ti­fic­ate. This is valid for three years. During this time, annual sur­veil­lance visits occur. For this, an auditor arrives at your business and performs an audit on a sample basis. This means that the audit is far from com­pre­hens­ive as that which is needed to obtain ISO 9001 cer­ti­fic­a­tion. Re­cer­ti­fic­a­tion occurs after three years.

It is hard to say how high the costs are for cer­ti­fic­a­tion, as this depends on various factors. In general, larger companies have more of a financial burden than smaller ones. Here providers follow the reg­u­la­tions for the In­ter­na­tion­al Ac­cred­it­a­tion Forum (IAF), which provides a price scale arranged according to the number of employees. Also, the industry in which you are active is crucial in de­term­in­ing the price, as your employees’ workflows affect the auditor’s amount of work. In addition, a follow-up audit generally costs extra.

However, these are only the costs that directly result from ISO 9001 cer­ti­fic­a­tion, that is to say, via the price set by the certifier. Fur­ther­more, you must think about the internal financial burden that will result from in­stalling a QMS. De­vel­op­ing the system, training employees and adapting to ISO 9001 guidelines are time-intensive activ­it­ies, and for this reason have costs as­so­ci­ated with them.

Please note the legal dis­claim­er relating to this article.