The subject of achieving registration for a contract has come up a lot lately. The situation is you are interested in a tender to provide a big customer your goods or services and they require as part of your submission that you are or are actively working toward ISO 9001:2015. As a result you have ended up on this website and you need it sorted and fast. This is how Activa can help you…..
The short term project
Typically it can take six months for a company to be certified. For larger companies it can take years. In order to demonstrate the fact that you are working towards the standard we have found that we can help you do this in a matter of eight days, or even less – and if you are prepared to work weekends, so are we!
In that time, we need to create the following things:
- A quality policy – what are you trying to achieve, what are your values / vision? We also need to add a few statement which address the requirements of the standard.
- A quality manual – which specifically addresses the requirements of the standard
- A process map to show the interrelationships of your key processes
- More detailed process maps for each of your key processes
- One or two objectives to measure the performance of these key processes
- 6 documented procedures covering some ancillary elements of the standard (we actually merge them into 3)
- An implementation “to-do” list which is your gap analysis against the standard itself.
- A written quality implementation statement signed by both you and us to demonstrate you commitment to achieving the standard in a certain amount of time.
This should give you a documented system, which you may not completely follow by your submission date but you will be able to demonstrate a clear path to achieving it to your prospective client and with our weight behind you, (we are always happy to field calls from your customer to let them know how we will achieve it) you should have little or no concerns over the ISO 9001:2015 tender hurdle.
The long term project
This is then the bit you have actually committed to in the first project. Now you roll it out across your organisation with as much or as little help from us as you need at the pace you choose. Happily this can take a lot longer and may only require a few days of our intervention to help you with audits, improvement cycles and a management review meeting.
This is obviously not the perfect way to implement a system, but in a commercial world we are currently engaged on more of these projects than any other. There are people out there who are grasping the nettle short term to reap the rewards of larger commercial contracts.
You need to determine opportunities for improvement, these could be improvements to products, processes, mistake proofing, evolution of the QMS/ISMS. Once you have a system, this should be the most critical area of your system and where you should reap the most benefits. There are a raft of improvement techniques you can employ – Lean, Six Sigma, 5 whys, 5S, Kaizen, Kanban and many many more.
Nonconformity and corrective action
Where nonconformities (problems, complaints, risks, security incidents, outages, product failures, requirement failures) occur you need to control and correct it and then subsequently evaluate why it happened, decide of further action (where appropriate) to eliminate recurrence and review for effectiveness. You might need to update your risks and opportunities as part of your planning process. You need to keep records of these activities. It is now a requirement that you identify those involved and will serve you well that specific tasks to resolve the issues are assigned to specific individuals with agreed implementation dates. Once agreed it is at least the role of the manager to ensure those task are not only completed, be are **effective**. Better still the manager should help the individual conduct the analysis and implement the corrective actions to achieve continual improvement.
The standard is very vague about this section – just to say you need to assess and continually improve the suitability of thew QMS as part of the management review process as risks and opportunities. Why this whole section 10 is not all considered as part of the management review process and control of nonconformities is beyond me but there you go! We will have a lot more to add to this section about continual improvement as it is a huge area to embrace. Improvement may well need its own category rather than a sub heading on this site.
Planned internal audits to ensure your system conforms with planned arrangements and the ISO 9000 standard see 8.1 Planning of Product Realisation, the requirements of this standard and the requirements of the QMS. Also that the QMS is implemented and maintained
This is not only more subjective, but much more intensive, many auditors of certification bodies are not being retained as they are not considered capable of maintaining standards. The use of external consultants to conduct internal audits is already rising, but it set to rise further with the onset of ISO 9001:2015.
Audit should be planned with importance of the individual processes in mind as well as the results of previous audits showing areas of weakness.
The audit criteria, scope, frequency and methods shall be defined.
Auditors should conduct audits impartially and not audit their own work – you must get someone else to do it for you!
Responsibilities and requirements for audits (including record keeping) should be established.
Corrective actions should be undertaken without delay by those responsible and follow up activities shall include
checking actions actually worked and then reporting this to management.
Note with the new standard a documented procedure is not mandatory – just the effective keeping of records and subsequent actions in order to demonstrate an adequate audit program.
Our latest newsletter reflects the requirements of auditing all types of management systems Auditing Newletters
Follow this link to the next section
Pretty obvious things here. Both internal and external communication should be determined – then determine what, when, who to, how and finally who does it. Not a biggy here unless its very important to you and the objectives you want to strive for.
Follow this link to the next section
Scope of the ISO 9001 quality management system needs to be defined and documented as part of your system. It is normally the first thing a certification body wants to understand to they can send an appropriate auditor with industry experience.
ISO 9001 Scope example
Typically your ISO 9001 scope might say something like “the provision of products and support services in the domestic and commercial solar panel industry”. In the past, a section of the standard could be specifically excluded from certification with justifications. Typically this was “we don’t do this”. This is no longer the case. If you are seeking or renewing registration beware. You need to include all sections of the standard and the whole business process within your scope, not just the areas you cherry pick.
You would normally include a scope as part of your quality manual and as part of the submission you make to a certification body. They will agreed dates with you, assuming they have an auditor qualified to audit businesses of your type. The certification may not have an auditor with the correct business codes, as a consequence of this, they are not permitted to work with you. There is no point in sending an auditor who is qualified and experienced in the automotive industry, if your system is a dentist! They can only work within their own scope agreed with their own governing body. In the case of the UK this is United Kingdom Accreditation Services (UKAS). They are your auditors auditor. They ensure all certification bodies operate in a consistent manner.
You need to bear in mind that not all certification bodies are accredited. These unaccredited bodies tend to charge less, often consulting and certifying as an all in one package. Generally these companies do not behave in a manner likely to help you improve. Your customers will typically understand this unaccredited certification method and will often not consider an unaccredited certificate as valid. We at Activa Consulting do not work with unaccredited certification bodies.
Follow this link the next section
Your company needs to document (at least in part), and use a quality system. Once you have that, you then need to continually improve it. Your company must:
- Determine Inputs to the QMS
- Identify (not necessarily document) key processes to meet customer
requirements – this can be done in a number of ways
- establish the order of these processes and how they fit together
You need to map out your processes possibly in flowcharts or on web pages on your intranet
– this is usually our first job when hired as consultants.
- Establish how you will control the performance of these processes
You must be measuring the performance of your key processes as a tool to continually improve them.
This is an application of SPC first started in the automotive industry, but now it is anticipated that a similar technique will be applied to general business processes. Controls also means a series of checks and balances that you implement to ensure traceability. This should not be undertaken lightly and is one of the best reasons to use a consultant who has done this a lot – the reason being – if you design a system which is capable of checking a lot of data very quickly and easily you can spend less time checking and more time pushing more business through this “business bandwidth” you have created.
- Identify and make responsibilities and resources available to support these processes
You need to make sure that everything that is needed is available, otherwise this commitment to a quality system is futile.
- measure and evaluate these processes to not only ensure they do what you wanted but that you plan for them to improve.
Having a plan is not enough, you really need to carry it out. This is why companies have a three year transition period and why using an external consultancy to push these measures through is a wise idea.
Where your company chooses to outsource any of your process, you must ensure you retain control over them. These controls should be identified within your quality system. This may include how you control subcontract work, printing of material before delivery to client, installation of your goods to make sure that your customer is happy when they think the job is done. You need to mantain documentary evidence to support these processes.
Follow this link to the next section