ISO FAQ's

Q. What is ISO 9001?

Ans. : In short, ISO 9001 is a voluntary Quality Management System standard that helps organizations ensure they are meeting customer requirements. Note that the key word in the title is "Management." The intent of the 9001 standard is to implement systems that Management can use to better run the business.


Q. What does ISO stand for?

Ans. : The International Organization for Standardization decided not to use an acronym for their organization, because it would be different in different languages. Instead, they used the word "ISO," which is derived from the Greek word "isos" meaning "equal." The standards act as an equalizer for companies doing business across global boundaries.

Apart from the Quality Management System standards, there are many other standards that are maintained by the International Organization for Standardization located in Geneva, Switzerland, and their 158 member countries.


Q. What are the benefits of certification?

Ans. : Apart from the obvious benefit of opening up market opportunities where ISO 9001 certification is a requirement, the biggest benefits stem from having a structure to improve your processes. Because the standard is really based on best practices for organizations, it provides management with the tools to objectively decide where things are working well, and where to best apply resources to make things run more smoothly. So - ideally, ISO 9000 helps your management team maximize the effectiveness of your business, thereby enhancing growth and reducing cost. From your customers' perspective, it gives them confidence that you have an organization that can consistently meet their needs.


Q. My company is very small. Can I get certified?

Ans. : Absolutely, we’ve worked with companies of one or two people who decided to get certified. The processes that you'll put in place would have the same intent as a much larger company; it's just that the implementation will be simpler. We work with organizations to assist them in balancing the appropriate level of documentation with what's necessary to meet requirements.


Q. How much will this cost?

Ans. : The answer depends on a number of factors. There are costs to implement, cost related to the Registrar and costs to maintain. In terms of costs to implement, if you choose a full do-it-yourself approach, the only real costs will be in the time for resources dedicated to the implementation process and in time spent writing documents and training your staff. If you have little experience with ISO 9000, or have limited internal resources, you might choose to get some outside professional help or a consulting company like us.

Costs of registration are dependent on the size of your organization as well. Most registrars charge a certain rate per day to be on-site at your facilityTo maintain your certification, the Registrar must return at least annually to audit a portion of your system. Those costs will be less than the original visit, since the time spent will be shorter. Once every three years, the Registrar returns to audit your entire system.


Q. Does ISO apply to my industry?

Ans. : The ISO 9000 standards are general enough to apply to any industry. We have clients in industries ranging from manufacturing to government and defense contractors; from education to call center operations to software development and they can all apply the standard to their business model.


Q. Do I need a consultant?

Ans. : Many companies choose to attain ISO certification on their own, so having a consultant is not a mandatory but highly advisable. We do believe that having access to a consultant's knowledge and expertise can be very helpful as you try to sort out how to apply ISO in your business. And if you have an urgent need to attain certification and limited resources, using a consultant is often the most practical approach. We provide several flexible options to meet most needs.


Q. What is the Process Model?

Ans. : The process model is based on the idea that an organization is a system of interlinked processes. The ISO 9001:2015 Standard is designed to manage and improve those processes. First, you identify your key processes. Second, you define quality standards for those processes. Third, you decide how process quality will be measured. Fourth, you document your approach to achieving the desired quality, as determined by your measurements. Fifth, you evaluate your quality and continuously improve.


Q. Are process flow charts required?

Ans. : Flow charts are not specifically required, but more than likely expected by your registrar. The standard requires that you identify your processes and determine the sequence and interaction of the processes. This is most easily accomplished by preparing flow charts of your product realization processes.


Q. How many procedures are we required to write?

Ans. : The standard specifically requires six procedures :
• Control of Documents
• Control of Records
• Internal Audits
• Control of Nonconforming Prod cut
• Corrective Action and
• Preventive Action

That may not be enough: the standard also asks that you prepare any other documents you need to for planning, operation and control of your processes. The standard also asks that you have available the work instructions you feel are necessary. The answer to how many procedures or work instructions are required: you must decide this.


Q. What records are required by the standard?

Ans. : The standard specifically requires records for the following items :
• Management reviews
• Education, training, skills and experience
• Evidence that processes and product or service meet requirements
• Review of customer requirements and any related actions
• Design and development including: inputs, reviews, verification, validation and changes
• Results of supplier evaluations
• Traceability where it is an industry requirement
• Notification to customer of damaged or lost property
• Calibration
• Internal audit
• Product testing results
• Corrective action
• Preventive action
• Records you need to provide evidence of following your processes.


Q. How often should we have management review meetings?

Ans. : There is no specific requirement for frequency of management review meetings. We recommend quarterly meetings. This allows you to stay on top of upcoming issues and yet collect data between meetings that is meaningful. We have found annual meetings are not acceptable to all registrars. With annual meetings you may not be able to prevent issues or resolves issues in a timely manner. Management Review.


Q. Are job descriptions required?

Ans. : No, there is no requirement for job descriptions. You are required to do two related tasks: define responsibility and authority and define competency in terms of education, experience, skills and training. Job descriptions are one way of accomplishing this. There are other ways including preparing organizational, job responsibility lists, and competency matrices.


Q. What is process auditing?

Ans. : Recently we have been receiving questions regarding process auditing and what it means. If you are auditing your quality management system by area or department and then auditing all the applicable ISO elements while in that department, you are doing process auditing. If you are auditing your quality system by ISO elements throughout the organization you are not set up currently for process auditing. Process auditing.


Q. How often should we audit each area?

Ans. : There is no specific requirement for audit frequency. The audit schedule should be based on the importance of the area and on what previous audits have uncovered. In a new system, you will want to audit frequently, perhaps monthly, to make sure everything is implemented and working. In a mature, audits can be performed much less frequently. For a mature system (in place for several years) we recommend every six months to one year. Taper down your audits over time. If you start at monthly, try quarterly for awhile and see if it is working. Do not audit less than annually.


Q. How long will it take me to get certified?

Ans. : Of course this depends upon several factors such as: how large your organization is; how complex your processes are; what procedures you may have in place already, etc. For a smaller company (less than 100 employees) an implementation can take 2-3 months; for a larger company (more than 100 employees) the process can take 5 - 6 months. The process also depends on the time and resources your company can apply to implementation.

One note about the timeframe - once you have met the requirements, there is some time needed for your systems to mature and to produce records that show evidence the systems are working. Most registrars prefer to see 2-3 months worth of records after you've implemented everything. That time needs to be figured in your overall timeline upfront, especially if you have to meet a deadline for registration.


Q. How many documents will I need? What are the requirements?

Ans. : Many people are hesitant to begin the certification process, because they incorrectly believe that they will need mounds of paperwork to comply. In fact, the ISO standard only requires a quality manual and six written procedures: Control of Documents, Control of Records, Internal Auditing, Control of Nonconforming Product, Corrective Action, and Preventive Action. Beyond those requirements, it's really up to you how much additional documentation you need to plan, operate and control your business effectively. Some companies find the need to add extra controls they didn't have previously; some use the process to delete older documents that are redundant or not worthwhile to maintain.


Q. My customer is asking me to become ISO certified...or...I need to bid on a project that requires ISO certification. How can I do this quickly?

Ans. : You can certainly be ISO certified in as little as 4 months. It requires focused attention on your part and often the help from an experienced outside consulting resource. Another option to speed up your ISO project would be to utilize a template-based documentation package like we provide on the 9000World website.


Q. Do I need a full-time person dedicated to run my ISO program?

Ans. : There are several factors that dictate how much time to dedicate to the Quality System. Factors such as size of the organization, complexity of the process, manual administrative systems verses automated or electronic systems (ex: Document Control) all have a role in determining if there is a need for a full-time person. Of course, during the set-up of the Quality Management System there is more of a time commitment than after you are certified. For most small companies, it is a part time role.