Home  

Resources & Info

   FAQs
   Newsletter
   Free report
   Links

Solutions

   Our services
  Products
  DIY Pack
  Testimonials

Company

   About us
  Contact us 

DIY Customers

  DIY login 

FAQs for ISO 9001 quality

Most Frequently Asked Questions

• What is ISO 9001?
• What are the benefits of ISO 9001?
• How long does it take to get ISO 9001?
• How much does it cost to get ISO 9001?
• What's a quality system?
  
• How do we get ISO 9001? - what's the process to get 9001?
• What's a quality manual? 
• Can a very small company get certified?

On ISO 9001 

• what is ISO 9001?
• how do I get a copy?
• what's in the Standard?
• what must we do to get it?
• what are the principles of ISO9001?
• Is 9001 worth it for a 1-person business?

How to...

• Get ISO 9001  
• Do ISO 9001 yourself        
• Get ISO 9001 on a tight budget   
• Get a copy of the ISO9001Standard
• Choose a quality consultant
• Choose a certifier / external auditor

Who does what  

• What does a quality consultant do?  
• How do I find a quality consultant?
• Who gives the ISO certificates?
• What's a registrar or certifier?
• Who or what is ISO?
• What is a Standard?

About quality and quality improvement

• Why do ISO 9001?
• What is quality?
• What's improvement?
• What is Root Cause Analysis?
• What happened to ISO 9002? 

More questions, answers and articles in my e-letter Archive

What is a quality system?

A quality system is the system used to ensure the quality of services/products. Think of it as the system a particular business (or organisation) uses to do whatever it is they do, whether that is providing services, designing widgets or selling stuff.
In a service business, it's the system you use to develop and provide your services.  
If you make things, it's the system you use to make them. If you sell or distribute things made by other companies, it's the system you use to find, get/buy & then sell them. 
In a nonprofit (such as a charity, college, school or government body) it's the system you use to deliver your charter or the reason you exist.

A business quality system comprises policies, processes, procedures/methods and resources: people as well as plant, tools, equipment or any other resources needed: whatever you need to produce your services or products, from planning and 'design' (if that applies) through creation and development and finally sale, release or delivery to customers. 

But a quality management system goes beyond just 'producing service or product' to embrace how you manage the organisation. So it includes how you make sure people are competent for work, that they have the right equipment, tools or whatever else is needed, right through to checking performance and results: making sure what you planned to happen in fact did happen.  And fixing problems if they happen, so that they don't keep happening.

All these various components work together (or should do!) to accomplish the desired result: goods or services of consistent quality. 

Do you have a business now? Have you been in business for a year or more? Still operating? Still have customers?  If you answer yes, you already have some kind of quality system.  It may not be an 'ISO 9001 quality system' yet, but you do have a quality management system.  And you probably already have some kind of QA, perhaps also some QC.

What's in the Standard?

The Standard itself consists of a set of specific requirements. 

The requirements aren't impossible, arcane or even strange.  Really, they are just sheer good practice, and sound business sense.  Requirements are set out in these groups: 

• General requirements -  these requirements apply throughout; including requirements to identify your processes, document the system suitably and manage records
• Management responsibility - requirements for the 'decision-makers'
• Resource management - covering people, environment and infrastructure 
• Product realization - requirements for core business activities  
• Analysis & Improvement - reviewing and improving performance

Each requirement is numbered: there are 28 in 4 groups - more if you count all the sub clauses & details in the content.  An important point: The requirements specify what must be done, but not how.  

The requirements are generic.  And because they are, you can apply them to all kinds of businesses & organisations.  But skill and experience is necessary to to apply the Standard's requirements intelligently and effectively in your particular organisation and environment. 

Which makes sense if you think about it, because you can't - or shouldn't! - try to apply a 'one size fits all' approach to, say: a security firm, a property development company, an automotive parts manufacturer, a food-producing business, a nonprofit professional organisation, police departments, the State Revenue Office SRO in Victoria, the USA's Federal Aviation Association or companies that develop, service or install software.  

On the down side, the Standard was written by a committee and has the inherent weaknesses of multiple authorship.  Its language isn't always immediately accessible since it has to be capable of translation without loss or change of meaning.  It can thus take some time and experience to clearly understand what it means. For a summary of the requirements in plain English, see ISO 9001 in a Nutshell.   

Why do ISO 9001?

That's a very important question.  You should have at least one good reason to do it.  And just 'having the certificate' is definitely not a good reason - it's one of the most common mistakes. 

Some of the most frequent reasons given: greater client assurance, because it's the most widely known quality system model, it's internationally accepted, or to get benefits such as increased sales, improved processes, improved communication at all levels, greater business control, greater internal consistency and discipline, and reduced costs through doing things faster, better or cheaper and/or reducing errors or customer complaints. >>More about the benefits of ISO certification.

Should everyone 'do ISO'?  Using the Standard as a model for your own quality management system can benefit any organisation, regardless of whether or not you choose to seek external certification.  If you do, then there is a cost involved, but too often people only focus on the immediate cost.

Try turning that thinking around: consider the cost of not having quality. What's the real cost of business lost because of poor services or products? The cost of dissatisfied customers?  Of repeating the same mistakes, duplicating work?  Or of inefficient processes, when it's so much cheaper and faster to do things once and get them right the first time (not the second, third or even fourth).

However, if you really wouldn't achieve any extra customer satisfaction (eg, a welfare organisation with a 'captive market') then certification may not be valuable for you.  If you're not sure, ask a certifier or consultant; a reputable one should advise you.

Can I do ISO 9001 myself? 

Yes.  But getting ISO 9001 certification will involve your time, effort, energy and resources.  You must know what the Standard says, identify your gaps, and work out how to fill them.  You'll also need to know how to interpret the Standard and apply it to your business, and make all the changes needed to achieve the requirements. 

If you've never done anything like this before, expect it to take considerable time and effort to figure out what's involved.  It will take longer than it would if you used a consultant, and thus will also involve further cost.  One alternative is using a good DIY ISO 9001 kit.

What's a certifier or registrar?

They are specialised organisations who are accredited to do the formal audits and to issue certificates, provided of course the audit finds you meet all the requirements at their audit. 

Certifiers/registrars award the certificates:  think of them as a bit like an examiner.  They test (audit) your system, and then give you the certificate.  They do not teach you how to do it, help prepare you or tell you how you can 'pass the audit'.  In fact they can't, because this would be a conflict of interest.  But good certifiers will adopt a 'business partner' approach, rather than the very old-fashioned dictatorial or inspector-like attitude.

How does it happen? You choose a certifier: & sign up with them, agree on the particular Standard (eg, ISO 9001) and the scope, pay the fees, and arrange a date for audit.

Are all certifiers the same?  No.  Contrary to widespread belief, they're not government bodies but are private companies: service providers.  They all assess you against the same Standard, but of course there are differences.  Choose the one you think will suit your business best. 

What do consultants do?

Consultants give advice and help. We assess your system against the requirements, do a gap analysis to establish your current position, advise, coach you through the process and how to meet the various requirements, and prepare you for audit.  We do not and can not give you the formal certificate.

A good consultant can be very valuable.  We can speed up the process, make it easier and more efficient, so you save time and money.  We make sure you avoid the most common mistakes.  A good consultant will help you get a system that suits you, not just a certificate.  

But ultimately only you can decide if it's worth it, because it's your company, your time and your money.  Do take care selecting: How to choose a consultant.

QA, QC and QM

Many people think terms like QC, QA and so forth are all the same. They aren't. 

Quality control or QC is where things began. At its simplest, QC has a focus on product/service - testing or inspecting the final product before releasing it for sale or use. Of course, if it didn't pass, it was rejected.

The next development was QA or quality assurance.  This moves beyond the end-product to go further 'up the line' to find and fix faults earlier in the process.  It is intended to provide confidence that requirements are, or have been, met. 

Note that QA includes QC, but also considers support processes such as training or document control to try to prevent non-conformance occurring in the first place or stop it happening again if it does.

Finally, Quality Management extends beyond both QC and QA to embrace management of the entire organisation so as to achieve the quality of services or products required.  Hence, a "quality management system".

We are a very small company. Can we get certified?

Yes, you can.  The ISO 9001 requirements can be applied to all organisations, regardless of type, size or services/products. We've helped companies as small as one or two people to get certified. Your system and its processes will have the same intent as a larger company, but the implementation will be simpler. 

A couple of points to consider:  if you're very small, you'll want to decide whether the cost versus benefits stacks up; see an article written on this point in our newsletter on 9001 for small companies.  If you do decide to do it, using a good ISO 9001 DIY kit is an affordable way to get certification. 

More information

List of FAQs published by ISO from experts & users
My e-newsletter for articles on quality.

Back to Top

How we can help - What clients say - Contact us

What are the top 10 mistakes? learn the secrets of ISO 9001 from our exclusive free report.

Quotes on quality

Quotes on improvement

We get brilliant results from average people managing brilliant processes.
We observe that our competitors often get average (or worse) results from brilliant people managing broken processes. 
Toyota senior exec.