ISO 9001: Cer­tifi­cate for Quality Assurance

Quality checks are important for every company. Of course, not only company ex­ec­u­tives are in­ter­est­ed in the quality of their own services - customers, investors and creditors must also be able to rely on the company being led correctly and sus­tain­ably. So that you can show the world you’re your own quality man­age­ment is performed at a high level, the In­ter­na­tion­al Or­ga­ni­za­tion for Stan­dard­iza­tion (ISO) has developed a standard and a cor­re­spond­ing cer­tifi­cate: ISO 9001.

The goal of quality man­age­ment is to con­stant­ly improve workflows and man­age­ment. At the same time, com­mu­ni­ca­tion within the company is as much a priority as customer sat­is­fac­tion and workflow ef­fi­cien­cy. Both the product being offered to the customer and the internal processes should con­tin­u­ous­ly advance toward an optimum. In doing so, it is best for the company to introduce a quality man­age­ment system (QMS). This helps with or­ga­niz­ing quality man­age­ment.

Whether this system is effective and also properly im­ple­ment­ed is too difficult to assess ex­ter­nal­ly. Also, such a com­pre­hen­sive system can only be overseen with dif­fi­cul­ty in­ter­nal­ly if one does not adhere to clear guide­lines. ISO 9001 stip­u­lates exactly this type of criteria. If a company obtains cer­ti­fi­ca­tion, they can advertise in­ter­na­tion­al­ly that they have high quality-assurance mech­a­nisms.

ISO 9001 has already – along with other standards in the 9000 series – been in use since the 1980s. It was revised in 2000 and 2015. One assumes that over a million companies worldwide have ISO 9001 cer­ti­fi­ca­tion.

In order to be able to receive an ISO 9001 cer­tifi­cate, the QMS being used must meet certain re­quire­ments. To this end, the standard contains seven sections (Chapters 4 to 10) with reg­u­la­tions.

How is your company set up and what does this mean in terms of re­quire­ments? This chapter of the ISO 9001 standard (to be precise, ISO 9001:2015) will ask you to evaluate your company. In doing so, you must take both internal and external factors into con­sid­er­a­tion. The size of your business plays as much of a role as es­tab­lish­ing the market and customer base, and even company culture. QMS must deal with all of these factors. In the process, all potential trouble spots and hurdles that a QMS must overcome are revealed. All findings should be thor­ough­ly doc­u­ment­ed.

This section addresses upper man­age­ment’s oblig­a­tion to have a well-func­tion­ing quality man­age­ment system. This also includes man­age­ment assuming ac­count­abil­i­ty for the QMS. Should it turn out that the system is in­ef­fec­tive, then man­age­ment assumes re­spon­si­bil­i­ty for this failure. Generally, lead­er­ship should set a good example by openly promoting the QMS. In doing so, they encourage all their other employees to adhere to the system.

Another important point – addressed in the standard as a sub­chap­ter – is customer ori­en­ta­tion. Company man­age­ment must make sure that customer demands are also met. To this end, the demands should be described in specific terms in order strictly work toward ful­fill­ing the cus­tomer's wishes. It should always be the company’s objective to steadily increase customer sat­is­fac­tion.

The so-called quality policy outlines man­age­ment’s vision. Thus, the company’s ob­jec­tives must always be com­pat­i­ble with quality man­age­ment. This is why the de­f­i­n­i­tion of quality ob­jec­tives is also among man­age­ment’s re­spon­si­bil­i­ties. Fur­ther­more, one must assign clear roles and thus also rights and oblig­a­tions.

The next section (chapter 6) deals with the actual planning of a QMS. Here, the re­quire­ments con­cern­ing this or­ga­ni­za­tion­al step are defined. While doing this, risks and op­por­tu­ni­ties are an important factor. According to the standard, the planning should be carried out in such a way that the result minimizes risks and improves op­por­tu­ni­ties. To achieve this, both success factors must be defined and doc­u­ment­ed at the beginning. The second step then involves planning for how to address op­por­tu­ni­ties and risks.

This chapter also calls for quality ob­jec­tives. It involves going into more detail so that the set ob­jec­tives are specific and not abstract. This means that you should define ob­jec­tives that are also mea­sur­able. Whether the self-defined ob­jec­tives were thus achieved should be decided based on facts and not through in­ter­pre­ta­tion.

In this section, it is mainly a question of managing resources. One of these resources is personnel. Company employees should receive support from man­age­ment in the im­ple­men­ta­tion of the quality man­age­ment system. To this end, com­mu­ni­ca­tion plays a very large role. All employees must be informed about ob­jec­tives and the paths to achieving the desired quality standards.

For the purpose of this chapter, however, support also has to do with making other resources available. It is man­age­ment’s re­spon­si­bil­i­ty to provide in­fra­struc­ture, budget, mea­sure­ment tech­niques and expertise in such a way that quality can be assured for the long-term.

The services and products offered by the company are the focus of this section. It is necessary for defining the re­quire­ments for services. How must the man­u­fac­tured product or offered services be designed and/or be executed in order to achieve optimal quality? Re­quire­ments as well, such as the plan for how the company wants to realize these ob­jec­tives should be thor­ough­ly doc­u­ment­ed. Even with pro­duc­tion steps that are carried out by third-party providers, re­spon­si­bil­i­ty and oversight remain within your op­er­a­tions.

Com­mu­ni­ca­tion with your customer base in ac­cor­dance with ISO 9001 is also part of a product or service. This comprises the dis­clo­sure of in­for­ma­tion regarding the offering or even the provision of help resources such as a support line. You must set clear guide­lines within your company with respect to how these tasks are to be handled.

This section deals with mon­i­tor­ing the quality man­age­ment system: Which methods are utilized in order to check the ef­fec­tive­ness of the QMS? An audit’s findings are to be doc­u­ment­ed and archived as ac­cu­rate­ly as possible. In terms of quality man­age­ment, however, they must also measure customer sat­is­fac­tion, so methods must be defined for this as well. However, you are not only auditing in­ter­nal­ly, but ex­ter­nal­ly as well. The standard ex­plic­it­ly mentions that this also includes man­age­ment. In a man­age­ment as­sess­ment, man­age­ment’s per­for­mance should be examined crit­i­cal­ly with regard to quality man­age­ment.

How the mea­sure­ment methods should specif­i­cal­ly look is not defined by the standard. Every company can decide based on their own situation. What is important is that specific data can be collected. Fur­ther­more, you should perform all data col­lec­tion and analyses at regular intervals.

The con­clud­ing chapter of the ISO 9001 standard deals with the con­tin­u­ous im­prove­ment of your quality man­age­ment system. In doing so, you determine with which resources quality will be further increased in the future. This involves de­ter­min­ing problems during your first step. Where are there starting points for im­prove­ment? In a second step you plan measures for im­prove­ment. Im­prove­ment should occur con­tin­u­ous­ly according to ISO 9001 – thus, when it comes to quality, stasis should not prevail.

ISO 9001 involves dealing with an in­ter­na­tion­al standard, not some form of law. The cor­re­spond­ing cer­tifi­cate is an optional means of promoting your company, not a re­quire­ment. Every company is at liberty to approach quality man­age­ment dif­fer­ent­ly. However, there are good reasons for why companies should still adhere to the guide­lines.

On the one hand, cer­ti­fi­ca­tion clearly stands out. ISO 9001 means a lot – across all in­dus­tries as well. An ISO cer­tifi­cate has a high value in most parts of the world. In this way you build trust in your company on the in­ter­na­tion­al stage. Both customers and business partners can be sure that a business with this cer­tifi­cate uses a system for ensuring quality over the long-term.

On the other hand, with ISO 9001 you have a good guidebook. Instead of trying to determine reg­u­la­tions, and as a result perhaps fail to do so, with the standard you have a so­phis­ti­cat­ed work available. Many experts have worked together on the ISO standard and have kept it current through re­vi­sion­ing. Therefore, anyone who works according to the standard reference will sooner or later notice im­prove­ments, such as increased customer sat­is­fac­tion – provided that one is dis­ci­plined in their adherence to the pro­vi­sions.

When you receive ISO 9001 cer­ti­fi­ca­tion, it means an in­de­pen­dent authority has de­ter­mined that the quality man­age­ment system being utilized meets the in­ter­na­tion­al standard. There are many cer­ti­fiers for this: it partly involves private companies; however, many as­so­ci­a­tions perform audits as well.

Before you choose a certifier, it is necessary to install a quality man­age­ment system or adapt an existing one to the ISO standard. This also involves preparing the necessary documents. Then you usually perform an internal audit. This means that you simulate the audit and, in this way examine your company for weak spots. To this end it can be helpful to call in an external con­sul­tant who can ensure an objective per­spec­tive. They can also provide tips for solving problems.

Only then does the actual audit takes place, and indeed in two phases. First of all, the auditors review your doc­u­men­ta­tion. If this is complete and correct, the second phase follows. Should the auditor notice smaller flaws, you can eliminate these for them at the beginning of the second phase. With larger abuses, however, the audit is ter­mi­nat­ed. There should be no more than three months between the first and second step.

In the second phase, the actual ac­tiv­i­ties are audited. For this, the auditor visits the business premises and speaks with employees. In the second step the doc­u­men­ta­tion is reviewed again – but this time it’s more detailed. The cer­ti­fi­ca­tion authority then generates an audit report where all items which are in agreement with the standard are listed, as well as those that deviate from it. This document is the basis for the closing meeting, in which the auditor presents to you their findings. If your QMS is not yet compliant with the standard, you have 90 days to make ad­just­ments. Then a follow-up audit occurs.

If you pass this audit, the cer­ti­fi­ca­tion authority issues you a cer­tifi­cate. This is valid for three years. During this time, annual sur­veil­lance visits occur. For this, an auditor arrives at your business and performs an audit on a sample basis. This means that the audit is far from com­pre­hen­sive as that which is needed to obtain ISO 9001 cer­ti­fi­ca­tion. Re­cer­ti­fi­ca­tion occurs after three years.

It is hard to say how high the costs are for cer­ti­fi­ca­tion, as this depends on various factors. In general, larger companies have more of a financial burden than smaller ones. Here providers follow the reg­u­la­tions for the In­ter­na­tion­al Ac­cred­i­ta­tion Forum (IAF), which provides a price scale arranged according to the number of employees. Also, the industry in which you are active is crucial in de­ter­min­ing the price, as your employees’ workflows affect the auditor’s amount of work. In addition, a follow-up audit generally costs extra.

However, these are only the costs that directly result from ISO 9001 cer­ti­fi­ca­tion, that is to say, via the price set by the certifier. Fur­ther­more, you must think about the internal financial burden that will result from in­stalling a QMS. De­vel­op­ing the system, training employees and adapting to ISO 9001 guide­lines are time-intensive ac­tiv­i­ties, and for this reason have costs as­so­ci­at­ed with them.

Click here for important legal dis­claimers.