An ISO 9001 Quality Management System (QMS) certification is essential for any business entity that wants to be taken seriously within its sector. It doesn’t matter how big or small your enterprise is when it comes to establishing trust and providing a stellar service or product. For most potential partners, clients, and consumers, dealing with a business that understands the requirements of ISO 9001 as a Quality Management System is a must in order to do business with your company.
Investing time and energy to create a quality management system recognized by the ISO (International Organization for Standardization) will pay off overall. Luke Desira will help you achieve your goal.
ISO 9001 Explained
ISO is an international NGO that was founded in 1947. Representatives from 25 countries came together to create a method whereby goods and services could be recognized as high-quality, reliable, and safe. Today, ISO has over 160 members -each one a national standards body being a specific country. The ISO 9001, formally referred to as the ISO 9001:2015, refers to the most recent update of the internationally recognized QMS. It outlines all the requirements that must be met to create a QMS that meets the ISO standards.
Quality Management System (QMS)
The QMS refers to the documented records, policies, procedures, and processes that a company uses to define how it manages the production and delivery of a product or service. The requirements of ISO 9001 as a Quality Management System demand that specific requirements must be met within the QMS, but the QMS must also reflect the needs of the company. In other words, the QMS can be customized within limits. This customization capability makes ISO 9001 certification possible for companies of all shapes and sizes. The main aims of the QMS are as follows:
- Data-led management and decision making: Creating a system to track what is essential and to record information to make informed decisions.
- Reduce wasted time: Continually review the processes and procedures to find areas for improvement.
- Improve staff motivation: Involving people in the process makes them feel part of the company. Ensure that they feel that their ideas are heard and that they can implement their solutions to their problems.
Importance of ISO 9001 and Who Needs it
ISO 9001 certification is a seal of approval given to companies by an internationally recognized organization for standardization. If your company holds an ISO 9001 certification, your clients will at once know that your company has created, implemented, and continues to keep an approved quality management system. Due to the ISO 9001 focus on improving customer satisfaction and guaranteeing an elevated level of quality when it comes to goods and services, many companies will only collaborate with companies and suppliers that are ISO certified.
As previously mentioned, an ISO 9001 certification helps any company regardless of size or stature. In fact, if your business is still in its infancy, implementing a quality management system sooner rather than later could save you a lot of headaches (and money) further down the line. The industries that typically require ISO certification are as follows:
- Software & IT
- Medical Device importers
- Professional Services
Requirements of ISO 9001 as a Quality Management System
The total number of requirements of ISO 9001 as a Quality Management System amount to 10 clauses. These clauses supply the structure for your quality management system and the conditions you must fulfill to get your certification. The first three Clauses are simply an introduction to the ISO 9001 standard, briefly explaining the scope of ISO 9001:2015 and outlining terms and definitions., as well as a statement that the ISO 9001:2015 terms and definitions apply. Clauses 4 to 10 provide a detailed outline of the requirements for each section of your QMS.
As noted over my years of experience in ISO 9001 consulting, your organization already has 80% of what is needed to meet the standard. This is because what you are doing works – if you are not following the basic principles mentioned by the standard, you will be bankrupt – it makes logical sense that only the missing 20% is not implemented to reach the level required by this international standard for quality.
Clause 4 – Context
The aim of Clause 4 is to develop a detailed understanding of your organization so that you can create a workable QMS that fosters a culture of continual improvement. Within Clause 4, there are requirements related to such things as internal and external factors that could impact your company; the needs and expectations of interested parties, such as employees, clients, suppliers, and shareholders; the company’s processes in regard to day-to-day management. A SWOT (Strengths, Weaknesses, Opportunities, Threats) and PESTLE (Political, Economic, Social, Technological, Legal, Environmental) analysis can be done at this stage to help you fulfill the requirements.
Clause 5 – Leadership
Clause 5 is designed to ensure that top management is committed to the planning and implementation of your company’s QMS. Top management’s role is to define a quality policy, put it in writing, and then ensure that everyone within the company understands the procedure and follows its guidelines. The various roles and responsibilities within the company must be clearly defined and then communicated using an organizational chart.
Clause 6 – Planning
Clause 6 is designed to ensure that you address and prioritize the risks and opportunities that could have an impact on your organization. At this stage, you will also have to set aims and plan to improve the quality of your product or service. You might also consider adding target objectives relating to the following key processes:
- Design & Development
Clause 7 – Support
Clause 7 is divided into five sections dedicated to supporting requirements in the following areas:
This section ensures that management has supplied the resources needed for the company to function correctly, including human resources, equipment, software and other internal processes used by the company, and any other resources.
This section refers to the level of education, training, and development needed for specific roles.
This section refers to the necessary training and communication related to the QMS.
This section ensures all staff members are kept up to date with QMS objectives.
This section refers to the continuous upkeep of a dynamic document management system.
Clause 8 – Operation
Clause 8 deals with the processes and documentation related to your product or service’s planning and manufacture (or undertaking). Depending on your product or service, you may skip some of this clause’s requirements. The operational areas covered in Clause 8 include plans related to critical processes; provisions related to the production, design, and development of products and services; external service providers; product launch; products or services that don’t perform to expected standards.
Clause 9 – Performance Evaluation
Fact-based evidence is used to make decisions throughout the ISO 9001 standard. The same principle is applied to performance evaluation. Clause 9 ensures that you have an efficient system for checking your QMS to gauge how well it works. This clause has requirements that will ensure you are measuring your success against customer satisfaction and internal audits.
Clause 10 – Improvement
Improvement is at the heart of the ISO 9001 standard, and Clause 10 provides requirements designed to help you continually improve your QMS. It is essential to understand that a QMS must evolve and develop over time; in some cases, you may need to correct mistakes, and in other cases, you may need to adjust your QMS to reflect your company’s growth and success.
Requirements of ISO 9001 as a Quality Management System | Implementation Process
There are five steps in the ISO 9001 implementation process. The first step is to undergo the relevant training, where you’ll learn the requirements of ISO 9001 as a Quality Management System and how those requirements are pertinent to your business.
The second step is to perform a gap analysis. The gap analysis is used to decide the areas within your organization that need improvement. This is done by mapping out the current process in place relating to the following vital functions:
The third step is system deployment. At this point, you’ll need to create new systems to implement and then train people to do the actions required for successful implementation.
The fourth step is to review the new system (internal audit). This involves checking that the systems are being followed, supplying further training to relevant staff members, changing operating procedures where necessary, and finding areas that need improvement.
The fifth and last step is the certification audit. An independent certification body will need to be brought in to audit your QMS. The audit is performed in two stages. In the first stage, the auditor will compare all your documentation with the requirements outlined in the clauses. In the second stage, the auditor will check that the documentation is a true reflection of how the company is being run. The certification audit will also include an audit of the internal audit and the management review.
Clause 4: Context of the Organization
Clause 4 is the first workable clause requirement of ISO 9001 as a Quality Management System. Clause 4 features specific requirements that are in place to help you define your organization so that you can tailor a successful QMS (Quality Management System) to suit your needs.
Clause 4 is divided into four manageable sections:
- Clause 4.1 – Understanding the organization and its context
- Clause 4.2 – Understanding the needs and expectations of interested parties
- Clause 4.3 – Determining the scope of the quality management system
- Clause 4.4 – QMS and its processes
Clause 4.1 – Understanding the Organization and Its Context
Clause 4.1 asks you to examine the internal and external factors that can affect your organization. Factors that could directly affect the goals or strategic direction of the company and your QMS could be both negative (risks) and positive (opportunities). The best way to find such factors is to perform a SWOT and/or PESTLE analysis.
SWOT is an acronym that refers to strengths, weaknesses, opportunities, and threats that an enterprise might face throughout its lifetime. These can be said to be internal and external factors that are bound to change over time and can work in favor or against the organization itself. Here is a breakdown of the four elements:
- Strengths – Internal positive aspects of the company
- Weaknesses – Internal shortcomings that require some form of improvement
- Opportunities- External factors that can ultimately have a positive impact on the organization
- Threats – External factors that may hurt the organization in the near or distant future
A PESTLE analysis finds political, economic, social, technological, legal or environmental factors that can have an impact on your business.
You must conduct a SWOT analysis to meet the requirement in Clause 4.1. A template of such SWOT analysis is within the quality manual, which is available to buy from this website.
Clause 4.2 – Understanding the Needs and Expectations of Interested Parties
Clause 4.2 asks you to address the needs of all stakeholders who have an interest in how the company runs. After all, a company does not exist in a bubble; employees, clients, suppliers, and shareholders all have a vested interest. Common stakeholders such as these must receive adequate benefits.
If any interested parties have needs that are not met, the company will suffer. It is important to note that one such interested party is any entity that regulates the statutory and regulatory requirements relating to the products and services offered by your organization.
You must find the requirements of all interested parties to build a well-balanced and efficient QMS. These requirements must be clearly defined and included within Clause 4.2 of the quality manual and must consist of any legal requirements that the company must follow.
Clause 4.3 – Determining the Scope of The Quality Management System
Clause 4.3 asks you to find the activities that fall within the boundaries of your QMS. There might be elements from your business – possibly entire product/service lines – that you might not want to include within the ISO 9001 Certificate.
To decide the scope, you must first define whether you want to include all the products/services that you sell – or a subset of them.
Let’s say, for example, that your company is both an importer and manufacturer. If you import product ‘A’ and manufacture product ‘B’, you have 3 choices on how the scope of the quality management system would be:
- Importation of Product A
- Manufacturing of Product B
- Importation of Product A and Manufacturing of Product B
Let’s say that for this company, the scope of certification was defined as “Manufacturing of Product B”. Therefore, in this case, the activities associated with the importation of product ‘A’ would not be considered when creating the Management System and would not be discussed during external audits.
Naturally, the ISO 9001 Certification will tell the said company “Manufactures of Product B “.
The first step when embarking on the ISO 9001 Implementation journey is to decide on the Scope of the Quality Management System. Therefore, after defining the scope of certification, nothing specific must be done to meet this requirement. However, it is recommended to include the scope of the QMS within Clause 4.3 of the quality manual. The scope of the QMS will be one of the first questions of the certification body.
Clause 4.4 – QMS and its Processes
One of the main aims of ISO 9001 is to cultivate a culture of continual improvement within every organization, and something can only be improved upon if it already exists. Clause 4.4, therefore, asks you to map out the processes of the company and consider how the various processes interact with eachother. In other words, you must supply a step-by-step explanation of how work is done. In this way, you set a foundation – something that you can build on to improve how your organization operates.
Creating simple flow charts at this stage will help you map out your processes and understand better the requirements of ISO 9001 as a Quality Management System. These should decide the following:
- What triggers the process to start? And at the end of the process, what will be the output of this process? How will we know it was completed? What is the deliverable?
- How do the processes interact, and what sequence do they follow?
- How is each process measured in terms of key performance indicators?
- Necessary resources – Is any equipment, or any documents needed to perform the process?
- Assigned responsibilities – Each job title can have a color that would be represented by a color in each box within the flow chart.
It is imperative that you periodically evaluate these processes to make sure that they are delivering the intended result and to find ways in which they can be improved.
To meet the Clause 4.4 requirements, you must define the key processes that we have in each of the four categories below:
- Design and Development (if applicable)
Clause 5 – Leadership
Clause 5 puts the spotlight on leadership. It defines the role of top management in creating, implementing, and communicating the QMS. It is no longer acceptable for top management to simply delegate the work involved in meeting the requirements of ISO 9001 as a Quality Management System. The ISO 9001:2015 standard insists that an efficient and certifiable QMS can only be achieved if the company is committed to its success. Clause 5 is divided into the following sections:
- Clause 5.1 – Leadership and Commitment
- Clause 5.2 – Policy
- Clause 5.3 – Organizational Roles, Responsibilities, and Authorities
Clause 5.1 – Leadership and Commitment
Clause 5.1 focuses on the leadership and commitment required by the management and employees, respectively, in order to have one main focus, which is the customer. As a result, this Clause is split in two:
- Clause 5.1.1 – Leadership and Commitment
- Clause 5.1.2 – Customer Focus
Clause 5.1.1 – Leadership and Commitment
Clause 5.1.1 emphasizes the importance of leadership commitment to implementing an effective QMS. If top management is not committed to the implementation of the QMS, it is a futile effort. It is for this reason that leadership must also be involved in the creation of the QMS.
Active involvement in the creation of the QMS ensures that it becomes a system in which top management believes wholeheartedly. This belief in the system results in management being able to communicate more effectively the importance of the new approach to their teams.
It is crucial to keep in mind that for continual improvement to leave a return, there must be an investment. The investment needed is not just financial. Time, focus, and dedication by leadership and employees are also necessary to ensure quality and improvement.
Management commitment is referenced in multiple points within the QMS. But honestly, there is no actual requirement here to be met for the organization whose management is committed to the management system.
5.1.2 – Customer Focus
Clause 5.1.2 shines a light directly on customer satisfaction. As well as creating and implementing the QMS, leadership must be committed to achieving customer satisfaction by ensuring that all customer requirements are found and met. Leadership must also ensure that all regulatory or statutory requirements are met.
Maintaining customer satisfaction requires a mindset of continual improvement. It is imperative that this mindset is instilled within the culture of the company to achieve long-term success. If customers are not kept in mind, then one of the most fundamental requirements of ISO 9001 as a Quality Management System is not being met.
Provided that the requirements of all other clauses are being met, no further action is needed to meet the requirements in this clause.
Clause 5.2 – Policy
Clause 5.2 focuses on the quality policy. It is divided into two parts:
- Clause 5.2.1 – Establishing the Quality Policy
- Clause 5.2.2 – Communicating the Quality Policy
Clause 5.2.1 – Establishing the Quality Policy
Given that this is a quality management system, your organization must have a quality policy. The quality policy is a 1-page explanation of the vision of the company in terms of quality.
To meet this requirement, the quality policy needs to meet the following criteria:
- It is proper to the context of the organization
- It supports the company’s strategic direction
- It acts as a framework for setting quality objectives
- It includes a commitment to satisfy applicable requirements
- It consists of a commitment to continual improvement of the QMS
The quality policy template provided on this website mentions all the above points and allows space for you to explain your unique selling points and meet the requirements of ISO 9001 as a Quality Management System.
5.2.2 – Communicating the Quality Policy
Drawing up the best quality policy in the world and stowing it away is not practical. The quality policy needs to be adequately communicated to all staff within the company. Top management must approve and sign off the quality policy, and all employees must be informed about the quality policy.
Typically, the quality policy is signed, laminated, framed, and placed in prominent areas within the company offices. Moreover, it is to be made available to external parties; some companies choose to upload the quality policy on their website; others consider that it has sensitive information and only provide it to stakeholders upon request.
The company must ensure that all employees have read and understood the quality policy to meet this requirement. Keep in mind that during the certification audit, auditors might ask employees to explain the gist of the policy.
Clause 5.3 – Organizational Roles, Responsibilities, and Authorities
Roles, responsibilities, and authorities as a concept can be expanded as required, depending on the size of the company. A 4-person company, for example, has many overlapping roles and responsibilities. However, a much larger organization that employs 50,000 people will have specific roles and chains of command within the organization.
The idea of risk management must be applied. You must examine the organizational structure within your organization. Are there any specific areas that need to clearly show who manages what, and who reports to who? An organization chart can be used to show how responsibilities and authorities for relevant roles are assigned, communicated and understood within the organization.
To meet the requirement of this clause, the organization must create an organizational chart to highlight the key personnel within the company. The organization chart can be placed within Clause 5.3 within the quality manual. An organization chart is included in the quality manual template provided on this website.
Clause 6 – Planning
Clause 6 of the set of requirements of ISO 9001 as a Quality Management System is in place to ensure that your company formulates specific plans to deal with the risks and opportunities that were found in Clause 4.1. You will be asked to rank the order in which these risks and opportunities must be addressed, and then put together a plan outlining how you will mitigate the risks and/or capitalize on the options available. Clause 6 also asks you to set quality aims, primarily related to customer satisfaction, and use data to measure the success of the aims.
Clause 6 is divided into three sections:
- Clause 6.1 – Actions to Address Risk and Opportunities
- Clause 6.2 – Quality Objectives
- Clause 6.3 – Planning of Changes
Clause 6.1 – Actions to Address Risks and Opportunities
In Clause 4.1, you had to find the internal and external factors, both positive and negative, that could have an impact on your organization. Based on your findings, Clause 6 now asks you to rank the order in which these factors must be addressed by identifying the high priorities and the low ones.
To find the risk or opportunity that needs immediate attention, you will need to perform a risk priority number evaluation. The risk priority number (RPN) is gleaned by using an FMEA (failure mode and effects analysis). In an FMEA, a numerical value is assigned to the following factors:
- Occurrence – The probability that the issue will occur
- Detection – The likelihood that the problem will not be detected
- Severity – The level of damage or harm caused
Once you’ve assigned numbers to each of these factors associated with a particular risk, you will then need to multiply the numbers to find the RPN. By doing this with each of the risks you’ve identified, you will easily rank your risks in order of importance.
Keep in mind that size matters. Larger companies with multiple departments and thousands of people involved might need to dissect their risks and opportunities in a unique way from a small business.
To meet the requirement for Clause 6.1, a Failure Mode & Effects Analysis must be completed and documented. Moreover, actions must be implemented to mitigate the most important risks and seize the worthiest opportunities. The quality manual template available on this website includes an in-built excel sheet to calculate the RPN.
Clause 6.2 – Quality Objectives
One of the main benefits of ISO 9001 certification is that it promotes a n objective approach to decision-making. With such a system, we do not rely on opinions or hearsay when making a decision; instead, we make decisions based on tangible data. This factual approach is fundamental when it comes to measuring the success or failure of an aim.
Clause 6.2 asks you to set quality aims that are in line with your company’s quality policy. These aims should relate primarily to customer satisfaction, but you can also set aims relating to any other elements of the business that you consider fit. You must then measure the success of those aims based on data gleaned by continual monitoring.
The size of your organization is likely to influence the number of aims that you set. The size of your organization will also dictate the extent to which resources are deployed, and responsibilities are defined when it comes to checking and measuring your aims. To make sure you are checking what counts, you could set aims relating to:
- Design & Development
- Customer Satisfaction
In short: To meet the requirements of Clause 6.2, you must; a) set aims relating to customer satisfaction, and b) measure the data relating to these aims to make sure that you are on the right track.
Clause 6.3 – Planning of Changes
When it comes to planning any changes to the QMS, a risk-based approach must be taken once again. Depending on the size of the organization, there are a certain number of moving parts. You will need to consider the risks involved in making the change and the necessary resources needed to implement the change. For example, you may need new equipment or bigger premises; you may also need to appoint new employees to fulfill specific tasks. Your plans must also align with your quality policy.
To meet this requirement, when making a change, a company must ensure that the consequences of such change have been considered. Your aim is to ensure that the change happens smoothly and with no negative impact.