Has your organization thought about ISO 9001 certification in the past but found it too cumbersome? If so, we have some good news.
Although the ISO 9001:2008 was admittedly difficult to follow, the most recent iteration (ISO 9001:2015) is better suited to businesses of all sizes and in all fields.
A series of changes to the standards made them more flexible, which allows organizations to employ a quality management system (QMS) using a rigorous system without stuffing their processes into a one-size-fits-all box.
The ISO 9001:2015 is the only certification opportunity within the Quality Management family, and there are a lot of great reasons to get certified.
Before you’re ready to call an auditor, you need to meet the ISO 9001 requirements — including the documentation requirements — for certification.
In this article, we take you through the standards clause-by-clause to show you what’s involved and when. Let’s get started.
Introduction: Clauses 1-3 and Plan-Do-Check-Act
As you complete the requirements for ISO 9001:2015 certification, you’ll follow what’s called the PDCA Cycle or Plan-Do-Check-Act.
The PDCA is a management tool, but it’s not the type suggested by an MBA with no experience on the ground. It works because it evolved from the scientific method and it’s connected to the Deming-Shewhart cycles.
Briefly, the PDCA Cycle requires you to:
- Plan the objectives of the system and processes as well as resources needed
- Do implement the plan
- Check the processes (and products and services) against your policies and objectives through monitoring and measurement systems
- Act to improve the system and process performance, where possible
Following the cycle isn’t just a recommendation: it’s necessary for completing the requirements in good time and efficiently.
As you reach clauses 7 and 8, you’ll find that you need to refer back to earlier plans and work. If your earlier plans aren’t up to scratch, you’ll have a difficult time completing the rest of the requirements.
You should also remember that the Act part of the cycle is just as important as the Plan phase. The ISO 9001:2015 requirements aren’t just concerned with standardization. They want continuous improvement. Expect to use the Act phase as a diving board to get right back into the Plan phase again.
Clauses 1-3 provide the introduction to the requirements, which appear from Clause 4 onwards. Don’t skip these just because there aren’t any boxes to tick: Clause 1 Scope provides a helpful introduction to what your QMS should be and Clauses 2 and 3 cover fundamental terminology and concepts.
Clause 4 – Quality Management System
Stop. Before you create any documents or identify any changes, you need to start with alignment. The standards demand that you align your objectives with the scope of the QMS (go back to Clause 1 for a refresher on scope).
The goal of these first standards is to ensure that your QMS applies directly to your organization as it currently stands. When the ISO refers to context, it refers to things like your legal, market, or technological external contexts and your values, culture, and performance (internal contexts).
Another organization’s QMS — even your close competitors’ — won’t match yours.
When you complete this step, you will have done the following things:
- Determined internal and external issues that may impact your objectives and the QMS
- Planned to monitor and review information related to identified issues
- Identified interested parties (and their requirements) relevant to the QMS
- Determined the scope of your QMS (including external and internal issues, relevant interested parties, and products)
- Noted and listed the processes needed for the QMS (including inputs, outputs, sequence, interactions, etc. as described in 4.4.1)
Clause 5 – Leadership
Your QMS is only as effective as your team’s management and leadership. Clause 5 requires you to zoom into your management team’s role in the QMS. Specifically, you’ll identify your leadership’s responsibilities in regard to the QMS.
Did you implement the 2008 standards? If so, you’ll notice a significant difference in leadership planning: you can no longer delegate quality management. Leadership is directly responsible for implementation.
In addition to outlining your leadership’s commitment, you’ll also create a quality policy to help guide leadership and focus on alignment.
When you complete this step, you will have done the following:
- Identified customer and statutory requirements
- Noted risks and opportunities that impact product and service conformity
- Re-focused the QMS on customer satisfaction
- Developed and implemented a quality policy (including means for communicating quality policy)
- Assigned organizational roles and responsibilities
Clause 6 – Planning
In the Planning phase, your QMS system begins to take shape as you identify risks, opportunities, and objectives.
During this phase, you’ll refer back to some of the items you created and planned in Clauses 4 and 5. The contexts you identified in Clause 4 will directly inform your risk management process and help you identify and outline your opportunities. The process is also known as a risk and opportunity concept.
You’ll also use the quality policy you developed in Clause 5 to set your quality objectives (as explained in 6.2).
Looking back and confirming your plans ensures your QMS will not only achieve its goal but enhance the positive aspects and reduce undesirable impacts of your process.
When you complete this step, you will have done the following:
- Taken actions to deal with opportunities and risk
- Learned how to integrate actions into your QMS (including evaluation)
- Established quality objectives (and identified quality objective documentation)
- Decided how to handle changes to your QMS (including risks, resources, and responsibility changes)
Clause 7 – Support
A QMS without support is only a plan. To implement it, you need to make sure you have all the available organizational support and resources to not only set up the QMS but to maintain it over time.
One of the most important parts of identifying supports is making sure there’s always room to improve the QMS.
In other words, you need to be thinking both short- and long-term even during the development phase. Because your auditor will look for the goal of continual improvement, you need a plan for it now.
When you complete this step, you will have:
- Audited your existing internal resources
- Determined what resources you need to seek externally
- Identified what people need to be involved in the QMS
- Assessed what infrastructure you need to maintain the QMS (including how to maintain the infrastructure)
- Evaluated the correct environment for the QMS (including human and physical factors (e.g., burnout prevention, emotionally supportive, hygiene, noise, humidity)
- Found the monitoring and measuring resources for the environment
- Completed the documented information specifically named in the ISO 9001:2015 standard
- Completed the documented information you identified as necessary for your QMS (also required by the International Standard, but not named)
Clause 8 – Operation
Although every clause is important, Clause 8 is the “meat and potatoes” of your QMS.
When you reach this clause, you’re not just planning a new system but ensuring that it will also meet the ISO 9001 requirements for certification. It’s no surprise that this is one of the longest sections in the standard and it carries the most deliverable requirements.
You also begin to see how the earlier phases were such an important part of the cycle. Clause 8 requires you to look back at Clauses 4 and 6, namely the processes you created in 4.4 and the actions you determined in 6.
When you complete this step, you will have:
- Created a plan for customer communication (of all types)
- Determined the process requirements for products and services
- Reviewed the above requirements
- Created the design and development process for products and services
- Ensured that external processes, products, and services meet your requirements
- Implemented production and service provision through controlled conditions
- Handled identification and traceability issues
- Identified and controlled nonconforming outputs
- Created the documentation of requirements for each product or service
Clause 9 – Performance Evaluation
Clause 9 is firmly in the Check part of the cycle, and it’s the largest part of your review process. In the previous Clauses, you created monitoring and measurement systems for individual processes. Now, you need to do it for the performance of the entire QMS.
Remember: your management needs to review the QMS on a regular basis, whether or not there’s an external certification audit around the corner.
You’ll start with general steps like determining what needs monitoring and measurement and what methods to use. You’ll also determine when to monitor and when to analyze the monitoring.
Keep in mind that you aren’t meant to get stuck in the nitty-gritty details of the QMS alone. Customer satisfaction is a huge part of the standards.
If your QMS appears functional but your customer satisfaction isn’t improving, then there’s something wrong.
When you complete this step, you will have completed the following tasks:
- Created a monitoring and measurement system for the QMS
- Created a monitoring and measurement system for customer satisfaction
- Set up an internal auditing system for the QMS
- Created a management review system for QMS leadership
Clause 10 – Improvement
You’ll remember that PDCA requires you to Act before starting the cycle over again. Clause 10 is a significant part of this process because it is the item that shifts your focus to continual improvement.
The goal of this clause is to find and employ opportunities that will either improve customer satisfaction. Improvement isn’t just limited to the QMS. It can also include opportunities for improvements to your product or service.
When you complete this step, you will have completed the following tasks:
- Improved your products and services
- Corrected or prevented undesired effects
- Improved your QMS performance and effectiveness
- Dealt with nonconformities and issued corrective actions
- Identified ways to continually improve the QMS (through analysis and evaluation)
Summary
To be ready for ISO 9001 certification, you need to complete and comply with all the ISO 9001:2015 requirements outlined in Clauses 4-10.
If you previously considered the 2008 version, then know that the new version includes requirements that are rigorous but more flexible in terms of their applicability. You only create processes or documents that directly apply to your organizational context or your QMS.
Once you complete the requirements and documentation laid out in Clauses 4-10, your QMS is ready for your first internal audit. Your first internal audit, in turn, prepares you for the external certification audit.
Finally, remember that passing your external certification audit doesn’t mean you’re off the hook for the duration of your certification.
The PDCA cycle needs to continue at regular intervals (as dictated in your QMS) with the help of internal ISO 9001 inspection checklists.
Your goal shouldn’t be certification alone but the continual improvement of your QMS and your customer satisfaction measurements. Your external certification body may also use satellite audits to check up on you in the meantime.
