For an organisation, the implementation phase for ISO 9001 begins from the moment stakeholders accept the business case for ISO 9001 and ends only when a certification body certifies the organisation. On certification, the organisation enters the maintenance phase and has to demonstrate continual improvement thereafter.
During the implementation phase, the efforts of the organisation are concentrated mainly towards understanding the requirements of the ISO 9001 standards, finding the gaps, plugging them and presenting the organisation for certification.
During the entire operation of implementation, the organisation must take all employees into confidence and inform them about the reasons for the implementation of and benefits to the organisation from the ISO 9001 certification. The organisation must also make adequate arrangements for suitable training and education related to ISO 9001, for the staff and associates. The following are the processes involved in the implementation phase in detail.
Management commitment, decision & strategy
Once stakeholders decide that the organisation needs ISO 9001 certification, the management establishes a project team for the implementation. The management then pledges their commitment towards providing all necessary resources for the implementation of ISO 9001 and beyond. Based on the recommendations of the project team, management takes a decision whether the services of an external consultant are necessary for the implementation part.
The project team, on their own or with the help of the external consultant, assesses the present situation and decides on the strategy to use for the deployment. Two important aspects of this strategy are determining the scope of the system and planning for the deployment.
Scope of the system: The project team decides if ISO 9001 standards will apply equally to the entire organisation or that a specific division or establishment of the enterprise will stay out of its ambit. ISO 9001 permits certification of an organisation, with the exclusion of specific sections, provided there is a clear and unambiguous distinction in the scope section of the Quality Manual.
ISO 9001 also allows a distinction between organisations that do not incorporate Design and Development of products and those that do. ISO 9001 exempts organisations that have no Design and Development activities from addressing Clause 7.3 in their Quality Manual. Similarly, ISO 9001 exempts organisations that do not control and monitor measuring equipment the organisation uses from addressing Clause 7.6 in their Quality Manual. The project team must specify in the scope section of the Quality Manual whether the organisation is exempt from addressing Clauses 7.3 and/or 7.6 and its justifications for the exemption/exemptions.
Planning for the implementation: Implementation depends primarily on the state of readiness of the organisation, its size and its level of training and education in ISO 9001. It also depends on the core capabilities and the processes and defined sequence of activities the organisation follows.
Based on the above, the project team develops a logical work breakdown structure, establishes dependencies and priorities, identifies resources and decides on a detailed plan for achieving ISO 9001 compliance. The period for the implementation of all activities may range from six weeks for a small organisation to about 18 months for larger enterprises.
Establishing Quality Policy & Objectives
Immediately following its commitment to deploy ISO 9001, the management must spell out the Quality Policy for the organisation based on the “Vision” of the top management and the “Mission” of their business activity. The management must also define the top-level objectives it wants the organisation to achieve. The documentation structure follows a four level structure.
Level 1: The Quality Policy is an important statement, forming the level 1 of the documentation structure. Specified in the Quality Manual, the Quality Policy lays the foundation of the Quality Management System and the related activities of the entire organisation. It is essential to spend enough time deliberating on the proper top-level objectives and the methods of measuring them as objectives for other lower levels in the organisation will depend on these.
Objectives, their measurement and display at all levels in the organisation serve to emphasize the continual improvement expected from the deployment of ISO 9001.
Level 2: This level in the Quality Manual must address six mandatory procedures as required by ISO 9001:
- Control of documents (Clause 4.2.3)
- Control of records (Clause 4.2.4)
- Internal audits (Clause 8.2.2)
- Control of non-confirming products (Clause 8.3)
- Corrective actions (Clause 8.5.2)
- Preventive actions (Clause 8.5.3)
While addressing, the procedures mentioned should cover all the aspects as specified by the standard. The organisation must implement them and audit the procedures to check if people are properly following them. Any failure to follow the procedures must trigger corrective actions.
Documenting the processes in use
Level 3: According to the Quality Management System of ISO 9001, this level in the Quality Manual identifies and defines the various business processes the organisation uses and shows the sequence and interaction of these processes. The Quality Manual must also contain the criteria and methods necessary to make the operation and control of these processes effective.
Operational documents such as work instructions are necessary for planning, operating and controlling the various business processes of the organisation. These include Strategic processes, Key processes and Support processes.
Establishing metrics
Level 4: To keep track of its progress, the organisation must keep evidence of all activities it performs and the results it achieves. These are the quality records of the organisation and it must define the metrics or the manner of measuring the results. Further, these records must also be under control according to the procedures defined under Level 2.
Mapping the processes
It is necessary for the organisation to map all its business processes to the different requirements of ISO 9001. Apart from the six mandatory procedures defined, the ISO 9001 standard has other optional procedures whose requirements the business processes of the organisation must fulfill. According to ISO 9001, the organisation must address the following top-level procedures:
- Quality Management System (Clause 4)
- Management Responsibility (Clause 5)
- Resource Management (Clause 6)
- Product Realization (Clause 7)
- Measurement, Analysis and Improvement (Clause 8)
Internal Audits
Internal audits help an organisation to know the areas that fail to meet the requirements of ISO 9001 and therefore, require increased focus. Training is necessary for creating internal auditors – they need to know what to look for, where and how. The intention is not to find faults, but to direct the organisation’s focus towards areas that do not meet the requirements of ISO 9001.
The outcome of internal audits is in the form of major and minor non-conformances. In case of non-conformances, the organisation may have to reconsider the present processes it is following and make suitable changes to align their outcomes to the requirements of the ISO 9001, substantiated with evidence through corrective and preventive actions. Once all the non-conformances raised by the internal audits are closed, the project team can put up the Quality Management System for review by the management.
Management review & Certification
Based on the recommendations of the project team and their own perception of the Quality Management System, the management of the organisation may review and recommend proceeding for certification by a certification body.
The certification body will conduct their own audit, which it usually does in two stages – a pre-assessment audit and a final certification audit. The pre-assessment audit brings to the fore non-conformances, if any, and offers the organisation a chance to take up the necessary corrective and preventive actions. The final certification audit confirms all non-conformances are closed and the organisation can then proceed towards registration for the coveted ISO 9001 certificate.
Tips to make it easier for a business to achieve ISO 9001
Here are some tips that businesses may find will not only make it easier for them to achieve ISO 9001 certification, but also help the organisation in the maintenance phase for demonstrating continual improvement as required by ISO 9001.
- Rather than calling it a quality or ISO 9001 system, it helps if the organisation chooses to see it as the way they work.
- Challenge all actions – look for justifications to do something and not because it is a recommendation from a third-party auditor or even the standard.
- People involved in the activity have the best knowledge about it – engage them to write the processes and procedures.
- Preferably, do not use the standard language – use the language of your business.
- Integrate ISO 9001 with existing business activities and meetings.
- Use flow charts, images and videos if they help – preferably use imagination and creativity for documenting and managing the system to make it understandable to all.
- Well-trained and competent staff do not need many written procedures – train your people well to reduce the number of procedures in your manual.
- Use risk assessment techniques to identify areas that essentially require documentation.
- Organisations must write their systems to suit their business and not just the standard.
The ISO 9001 quality management standard is built on the theory that organisations can achieve quality through implementing and improving their activities and behavior. Therefore, businesses can use the principles and approach of the system for providing a framework for managing all the requirements of their standards, regulatory and customer contract. Integration into the existing system to support the development and growth becomes easy when adopting a new approach or requirement by the business.