Thoughts and musings all things people and process
I think I've got this ISO9001 Quality Management System standard sussed now. Ok, I know that the 2015 version is pending and I'll need to address the changes, but a few years down the line from being a total novice, I have been exposed to multiple internal and external audits and assessors, and learnt several lessons along the way.
Now with the benefits of hindsight, what would I have told myself right at the very start?
Certainly, that the best move was getting in the experts in. If you've never had any experience of the ISO standards, you need someone to keep you on track. The standard is designed to be applied to any industry, so the key is understanding how the concepts apply to your business in a practical way. Choose consultants with experience in your field of business and get them to carry out a gap analysis. Without this, you can't even begin to understand the task that lies ahead of you, let alone plan realistic timescales for certification.
Bear in mind that some of the most popular accreditation bodies need to schedule your assessment dates several months in advance. Once you've paid your money and booked your date, you're stuck with it. So getting your implementation timing right is critical to avoid major headaches, stress and late night working.
And after the gap analysis, keep the experts on hand. You'll find that most consultants can offer tailored packages based on the level of support you need. If nothing else, they'll provide you with starting documentation for you to tailor and tweak, and check that everything you produce is on the right track. Nothing is worse than spending time writing a multitude of documents only to find in an external assessment that they have missed the mark. Of course, there's a cost involved, but one that is bound to be offset by the reduction in wasted internal resource time.
Whatever you do, keep it simple. Keep the processes that you have that work, just fine tune them if they don't fully meet the requirements of the standard as they stand. Don't document the perfect process if you know it's going to be difficult to maintain, because you need to be able to evidence all that you've documented. Focus on defining a process that'll work on a day to day basis and upon building solid foundations that will give you scope to improve as you learn.
What else?
That getting the accreditation is in many ways the easy part. Maintaining it shouldn't be hard. And it needn't be hard. But too often, management can think of getting the certificate as the end of the journey when it's only the start... ISO9001 or any other ISO for that matter will ultimately start to fall apart if top management support is not maintained, not least to ensure that ISO9001 principles remain embedded into the culture of the organization long term.
However you assign ISO9001 responsibilities across your business, those who you assign them to need to be committed and keep the principles at the forefront of all that they do. It's an ongoing way of working, not something that can be switched on or off depending on whether an external assessment is pending.
If you are given the chance to have ongoing continual assessment visits either once or twice a year, without doubt, go for the more frequent option. This forces people to remain focused, it's tempting to think you can forget about it all for 11 months if your visits are annual and then find your carefully implemented processes have fallen by the wayside because people don't think it matters anymore.
Have at least one person responsible for co-ordinating key ISO9001 activity. Management reviews, internal audits, compilation of KPI's... It's more than annoying to get a minor non conformity because you forgot to do something that really wasn't difficult.
Is it worth it?
The best thing about ISO9001`is that it really does force you to look at the things that matter. The things that you should be doing anyway. Who can argue with the concept of continual improvement?
But just don't do it on a whim. Your Quality Management System constantly needs to be reviewed to adapt to the business as the business evolves and changes. You will be externally assessed at agreed intervals for the rest of time. Or until you decide you don't want ISO9001 anymore. But why would that happen? When you've worked so hard to get there in the first place, why would you let it go?
Just be informed before you start your ISO9001 journey. It's not a journey that actually ends, so do it with your eyes wide open.
Cloud pricing starts from just $10 per user per month.
Self-host perpetual pricing starts from just $850 for 10 users.