ISO 9001, ISO Consulting, and Good Practice -1

Apr 23, 2014

Archived Blog & News

The content in this blog was accurate at time of publishing, however as standards (and the understanding of their application) change, some of this information may no longer be applicable.
If you have any questions on this or the other topics we’ve covered; please get in touch and we can discuss any queries you may have.

In my work as an ISO Consultant , I frequently find organisations making the whole process leading to ISO Certification far too complicated. ISO Consultancy , and gaining certification, is all about starting where the business is, building a system that fits its activities, and making it something that is embraced by the enterprise on a daily basis.

I could cover a number of standards here, but it’s probably best to start with the foundational standard ISO9001 . So, apart from the many myths and legends of ISO consultancy, what would I suggest to a company seeking ISO9001 certification?

1. Don’t over document the system

The ISO 9001 requirements for HOW you define a process, and the level of detail you need to include, are generic . Broadly, they are inputs, desirable outputs, and controls. It’s that simple. However, as the standard needs to fit many different industries and types of business, the method of defining the process can vary according to a business’s requirements, for instance using flow charts, documented procedures or work instructions, whichever work best for your business. This means that you truly can meet the requirements of the standard without including a lot of detail.

This is often misunderstood and many companies spend unnecessary time and effort going into long in depth explanations, which are never or rarely read by the staff who are supposed to follow them. In defining a process the inputs should be considered (what material is it, what machines do you use etc.), and the desirable outputs (a finished work piece or service), then what controls are critical in converting the inputs into the outputs, for instance particular machine setting etc. That’s all!

However, if your motivation is to improve Process Control as well as gain certification, it should be remembered that simplified process controls can be counter-productive. So, it is important to include the level of detail you need as a business to ensure that a process is controlled to the level you need. For instance, if you are using unskilled, inexperienced labour you will probably need far greater detail in the document, process maps, flowcharts or whatever form of process definitions you produce. But only what you need, and certainly not too much. Don’t over-document!

2. Don’t include things which are not in the ISO standard

I am regularly surprised that companies continue to offer up departments to external certification auditors which are not mentioned in ISO 9001 and have very little impact on the Quality of the products or services being provided. Your auditor does not need a grand tour of the company! HR, Marketing, Finance and IT Services are all functions which may have a small input to the certification visits, but the departments as a whole are not really addressed. So don’t send the auditors in, (unless you have a personal vendetta of course!)

Training records are a typical issue which often draws the auditor’s eyes towards H.R., but why not arrange simple access to these records rather than taking the auditor into the department. This avoids auditors asking additional questions which may lead into areas which are not as well controlled as those directly involved with the product or service. More exposure, rather than “just enough” is not necessarily beneficial to ISO Certification.

ISO Consulting is often more about advising clients what to leave out, rather than what to leave in. In Part Two, we look at how this applies to “over-auditing”, and why ISO 9001 is actually deeply relevant to your business.

Written by Colin Brown of ISO Consultants