What’s Really Required for a Small Company to Get ISO 9001 Certification?
One of the most common misunderstandings about ISO 9001 certification is what must be in place to successfully pass a certification audit. This confusion most often stems from previous experience with ISO 9001 certification at a previous company, or what’s been “heard through the grapevine” over the years.
Granted, ISO 9000 has a developed a mixed reputation over the 25+ years it has been around. What I commonly hear is:
ISO 9001 is too hard for a small business
ISO certification doesn’t really improve quality
ISO is nothing more than added paperwork
Small companies can’t get ISO without hiring someone full-time to manage it.
The question to ask is “Are these really true?”
Many small businesses are finding the new ISO 9001 easier than they thought and far more helpful for real improvements that their customers notice. After all that’s what is was designed for!
ISO 9001 Documentation Required
Currently the minimum requirements for ISO 9001:2008 are:
Control of Documents Procedure
Control of Records Procedure
Control of Nonconformity Procedure
Internal Audit Procedure
Corrective Action Procedure
Preventive Action Procedure
Management Review Procedure
Every business that is ISO 9001 certified has these documents.
However, ISO 9001:2015 you don’t need all these documents. There are only 3 required pieces of documentation:
The Scope of the Quality System
Your Quality Policy
Your Quality Objectives
That doesn’t mean that there is no other paperwork, ISO, as before, still requires you to evidence your records and the documents that are needed for your employees to do their work. This could be in paper form or electronically. But the amount of paperwork has been drastically reduced. From personal experience, I think it is a good idea to have a Quality Manual as a reference to how your Quality System works.
Generally, this means that only documents that your employees are required to use on the job are necessary. So, if you have a simple process, explaining to an employee how to do the task may be enough. If you provide good training, it is likely a minimum of job documentation would be needed. If you are a very small company you may find that it is easy to support each other by answering questions as they come up in order to control your process and added documentation wouldn’t be necessary.
When it comes to docuemtnation, a basic question: “If you produce a document, is anyone going to use it?” Seems like a simple question.
The wrong question to ask is, “What does the auditor want to see?” A better question: “What do our employees need to do the job right?”
Typically, small companies pursuing ISO 9001 for the first time don’t need additional documentation. They just need to organise and “clean up” the documents they have now.
Improvement and Results
ISO 9001:2015 places much more emphasis on continual improvement and results. This means that measurements and actions come to the fore. The emphasis is placed squarely on Senior Management to set quality objectives that matter to your business and your customers. You can start with 3 or 4 quality objectives focused on the quality of your performance for your customers. By setting these high-priority measures and reviewing them on a regular basis creates focus for both your managers and employees on what is most important.
This data provides an objective way to see where improvement is needed or being achieved.
This disciplined approach to improvement is managed through a formal process called management review. The management review is led by the top executive of the company (typically President, CEO or GM) and attended by all other top managers. It is typically scheduled as a monthly meeting, at least at first. This regularity keeps focus on improving results that are most important
Flexibility to Adapt to Your Business
The latest standard is the most flexible yet to fit your type of business and business model. It has become more of a set of guidelines or best practices that need to be applied to your business. In a nut shell it means that there is more than one way to implement ISO 9001, even for businesses in the same sector. For instance:
How many documents should you create? – Up to you.
How often should the Management Review take place? – Up to you.
How often should you conduct Internal Audits? – Up to you.
What measures should you measure as your quality objectives? – Depends on what you need.
Do you need to put all your documents in one place? – Whatever works for you.
As long as the ISO requirements are addressed effectively and you are seeing improvement in your results, the ISO is working and you can easily get certified. Remember there is no ‘one size fits all’ that works for everyone.
For some, these three points are somewhat of a surprise. You may even have individuals in your company who have worked in an ISO 9001 certified company in the past, or heard something about ISO, and have very strong opinions about what it will take to get certified. That may be the reason your company hasn’t pursued ISO 9001 yet – fear of what it will do to your company.
My suggestion is the best way to fight rumors is with the truth. The ISO 9001 standard has changed and will continue to change with the times.