Friday, April 30, 2010

ISO 9001 - Frequently Asked Questions (FAQs)

This month, I'm publishing a few more questions that we're asked on a regular basis. We hear these questions so much, that I've included them in my ever-growing my list of "Frequently Asked Questions":

Q: Is ISO 9001:2008 the right Quality Management System for my business?

A: The answer to this question may, in part, be found in the requirements of your customer(s), if such requirements have been established by contract or order. Depending on your industry, suppliers are often required to maintain a Quality Management System (QMS) compliant with ISO 9001:2008, aerospace suppliers to AS9100 rev. B, nuclear suppliers to 10 CFR 50 Appendix B, oil and gas to ISO/TS 29001:2004 (API Q1) and the list goes on and on from there...

Q: I've seen ads on the Internet for pre-written Quality Manuals and other program documentation. Is this a good approach?

A: For your system to be truly effective, it should reflect your business accurately. Instead of revising your existing processes to meet a program that you purchased on-line, my personal belief is that it's always better to develop the required documentation to reflect what you're already doing. Some adjustments to existing processes may be necessary to comply with the requirements of the applicable standard, but this way, you won't need to "start-over". While the initial time and cost of this approach may be somewhat higher, you'll save over having a program that isn't used, that you aren't happy with, or that needs to be re-written in the near future.

Q: My company isn't very large; do we need to hire a full-time Quality Manager?

A: ISO 9001:2008 requires the appointment of a Management Representative by executive management; it doesn't mention anywhere the need for a full-time Quality Manager. There's no reason that the responsibilities for your program can't be delegated between functions within your organization.

Q: If we're writing documentation to ISO 9001, how many procedures will we need to develop?

A: This is a question that will be specific to your organization. While ISO 9001 requires that an organization develops a Quality Manual and a minimum of six procedures, the exact number of procedures required should be based on the organization and the scope of the activities it performs. While procedures for document control, records, internal audits, control of nonconformances, corrective action and preventative action all are required by the ISO 9001 standard, this is only a minimum requirement. The organization should consider the other activities it performs, and determine what, if any, additional controls are needed. Such additional controls could include, but should not be limited to, procedures for training, control of measurement and test equipment, purchasing, contract review and other areas.

Q: We're looking to get ISO 9001:2008 certified; how long will this take?

A: This is one of the questions we're asked most frequently, and will really depend on the level of commitment and involvement by the client, not to mention the size and complexity of their operations. As with any other major project, the organization's executive management should establish a working group or team to lead this project, a project plan and budget, and make sure that adequate resources are available to ensure the success of this effort.

Q: We need consulting assistance to get ISO 9001 certified, but we also need to control costs. What options are available?

A: Consulting assistance can vary, ranging from the consultant acting in an advisory capacity, to providing consultative help, to collaboration. The degree of involvement will be a primary factor in determining what this consulting assistance will cost. Needless to say, the more time on-site and the more "hands-on" involvement a consultant has, the higher this cost will be. Bear in mind also, that if a consultant is left to do everything, you really haven't taken ownership of your program. The best programs are those that are "owned" by the organization, and reflect the organizations unique business needs and conditions, not simply the consultant's idea of what a good program is.

Q: If we achieve ISO certification, we will then be audited by our Registrar on a regular basis. Will this meet the requirements of ISO 9001:2008 for periodic internal audits?

A: No. The audits performed by your Registrar will be for the purposes of either initial certification, surveillance (including follow-up audits) or recertification. Registrar audits are a third-party assessment focusing on the certification status of your program. Internal audits, in contrast, are an internal assessment performed by management, for the purpose of verifying conformance with applicable requirements and for identifying improvement opportunities. While these two activities may seem vary similar at times, an internal audit is still required.

No comments: