ISO 9001:2015 sets out the criteria for a quality management system and is the only standard in the family that can be certified to (although this is not a requirement). It can be used by any organization, large or small, regardless of its field of activity. In fact, there are over one and a half million companies and organizations in over 170 countries certified to ISO 9001.
This standard is based on a number of quality management principles including a strong customer focus, the motivation and implication of top management, the process approach and continual improvement. Using ISO 9001:2015 helps ensure that customers get consistent, good quality products and services, which in turn brings many business benefits.
Although commonly referred to as "ISO 9000" certification, the actual standard to which an organization's quality management system can be certified is ISO 9001:2015 (ISO 9001:2008 will expire by around September 2018). Many countries have formed accreditation bodies to authorize ("accredit") the certification bodies. Both the accreditation bodies and the certification bodies – like BestCorporateAcademy – charge fees for their services.
An organization applying for ISO 9001 certification is audited based on an extensive sample of its sites, functions, products, services and processes. The auditor – BestCorporateAcademy – presents a list of problems (defined as "nonconformities", "observations", or "opportunities for improvement") to management. If there are no major nonconformities, BestCorporateAcademy will issue a certificate. Where major nonconformities are identified, the organization will present an improvement plan to BestCorporateAcademy (e.g., corrective action reports showing how the problems will be resolved); once BestCorporateAcademy is satisfied that the organization has carried out sufficient corrective action, it will issue a certificate. The certificate is limited by a certain scope (e.g., production of golf balls) and will display the addresses to which the certificate refers.
An ISO 9001 certificate is not a once-and-for-all award, but must be renewed at regular intervals recommended by BestCorporateAcademy, usually once every three years. There are no grades of competence within ISO 9001, i.e. either a company is certified (meaning that it is committed to the method and model of quality management described in the standard) or it is not. In this respect, ISO 9001 certification contrasts with measurement-based quality systems.
The revised standard ISO 9001:2015 was published by ISO on 23 September 2015. The scope of the standard has not changed, however, the structure and core terms were modified to allow the standard to integrate more easily with other international management systems standards.
The 2015 version is also less prescriptive than its predecessors and focuses on performance. This was achieved by combining the process approach with risk-based thinking, and employing the Plan-Do-Check-Act cycle at all levels in the organization.
Some of the key changes include:
- Greater emphasis on building a management system suited to each organization's particular needs
- A requirement that those at the top of an organization be involved and accountable, aligning quality with wider business strategy
- Risk-based thinking throughout the standard makes the whole management system a preventive tool and encourages continuous improvement
- Less prescriptive requirements for documentation: the organization can now decide what documented information it needs and what format it should be in
- Alignment with other key management system standards through the use of a common structure and core text
Two types of auditing are required to become registered to the standard: auditing by an external certification body (external audit, i.e. BestCorporateAcademy) and audits by internal staff trained for this process (internal audits). The aim is a continual process of review and assessment to verify that the system is working as it is supposed to; to find out where it can improve; and to correct or prevent problems identified. It is considered healthier for internal auditors to audit outside their usual management line, so as to bring a degree of independence to their judgments.
Under the 1994 standard, the auditing process could be adequately addressed by performing "conformance auditing":
- Tell me what you do (describe the business process)
- Show me where it says that (reference the procedure manuals)
- Prove that this is what happened (exhibit evidence in documented records)
The 2000 standard uses a different approach. Auditors are expected to go beyond mere auditing for routine conformance by focusing on risk, status, and importance. This means they are expected to make more judgments on what is effective, rather than merely adhering to what is formally prescribed. The difference from the previous standard can be explained thus:
Under the 1994 version, the question was broad: "Are you doing what the manual says you should be doing?", whereas under the 2000 version, the questions are more specific: "Will this process help you achieve your stated objectives? Is it a good process or is there a way to do it better?"
Effectiveness of the ISO system being implemented depends on a number of factors, the most significant of which are:
- Commitment of senior management to monitor, control, and improve quality. Organizations that implement an ISO system without this desire and commitment often take the cheapest road to get a certificate on the wall and ignore problem areas uncovered in the audits.
- How well the ISO system integrates into current business practices.
- How well the ISO system focuses on improving the customer experience.
- How well the auditor finds and communicates areas of improvement. While ISO auditors may not provide consulting to the clients they audit, there is the potential for auditors to point out areas of improvement. Unlike BestCorporateAcademy, many auditors simply rely on submitting reports that indicate compliance or non-compliance with the appropriate section of the standard; however, to most executives, this is like speaking a foreign language. BestCorporateAcademy clearly identifies and communicates areas of improvement in language and terms executive management understands to facilitate action on improvement initiatives by the companies we audit. When management doesn't understand why they were non-compliant and the business implications associated with non-compliance, they simply ignore the reports and focus on what they do understand.
Proper quality management improves business, often having a positive effect on investment, market share, sales growth, sales margins, competitive advantage, and avoidance of litigation. ISO 9000 guidelines provide a comprehensive model for quality management systems that can make any company competitive. Benefits range from registration required to remain part of a supply base, better documentation, to cost benefits, and improved involvement and communication with management. Implementing ISO often gives the following advantages:
- Creates a more efficient, effective operation
- Increases customer satisfaction and retention
- Reduces audits
- Enhances marketing
- Improves employee motivation, awareness, and morale
- Promotes international trade
- Increases profit
- Reduces waste and increases productivity
- Common tool for standardization
- Enables to meet the requirements of an internationally uniform quality system
- Motivates the employees and develops pride in them for achieving excellence
ISO 9001:2015 requires the organization to document any other procedures required for its effective operation. The standard also requires the organization to issue and communicate a documented quality policy, a Quality Manual (which may or may not include documented procedures) and numerous records, as specified throughout the standard. It is a requirement for an organization to assess risks and opportunities and to determine internal and external issues relevant to its purpose and strategic direction.
Certification to ISO 9001:2015
Checking that the system works is a vital part of ISO 9001:2015. It is recommended that an organization performs internal audits to check how its quality management system is working. An organization may decide to invite an independent certification body to verify that it is in conformity to the standard, but there is no requirement for this.
What does it mean when an organization is ISO 9001 certified?
An organization that is ISO 9001 certified has had its management system audited and found to be compliant with the ISO 9001 requirements for a quality management system. The auditor has to be accredited by the ANSI-ASQ National Accreditation Board in order to issue the ISO 9001 certification. The IOS 9001 certification checks that the organization applying for the certification has integrated the six required quality policies and procedures specified by the IOS. The six quality policies and procedures are document control, control of quality records, control of non-conforming product, corrective action and preventive action, in addition to internal audits
Feel free to use the resources on this website to better educate yourself or your management team or give us a call and we’ll be glad to address questions or concerns that may be holding you back.