Basic Steps in Gaining ISO 9001 Registration?

There is no way to get to an ISO certification or a CMMI certification without a Data Management plan.  Any attempt to create process consistency or predictability will rely on knowing 

• what is happening now
• what happened the last time
• how we agreed to handle this the next time

Begin by deciding if registration to one of the ISO 9000 standards (ISO 9001, ISO 9002 or ISO 9003) makes good sense for your organization. To determine this consider:

• How strong is the need for registration in your market and industry segment? Are your customers asking about registration? Are your competitors working toward registration?
• Are registrations increasing in your industry?
• What benefits will your organization gain by having a formal quality system?
• Does work now proceed in an orderly and predictable way, or do too many preventable error seem to occur?
• Is your quality system improving, or do you seem to encounter the same problems over and over again?
• Is the quality of your products and services improving, or do you face the same rates of complaints, returned goods and dissatisfaction?
• Have you been asked to gain registration by an important customer or the parent company?

If you are seriously consider seeking, registration, then you must understand in depth what the standard requires of an organization.

To determine the amount of effort required to comply will require assessing the maturity of your quality system. If the organization is already using detailed procedure documents, if you have a quality policy, if executive management regularly reviews reports of defects and customercomplaints, if the training needs are known for each job position, then you may be well on your way toward gaining registration. If your quality system is absent or immature, it will require much more effort to become compliant. You can do this assessment yourself, once you understand the Standard.by doing a "preassessment." A convenient summary of this preassessment is a table listing each area of the organization as a column, and each element of the Standard as a row. The cell entries can then show the applicability of the requirement to the area and the readiness of each area to comply. This will provide a graphic summary of the work that needs to be carried out.

Design and implement the quality system to comply with the requirements of ISO 9001. This will typically require:

• writing a quality manual, describing your quality system at a high level,
• writing procedure documents to describe how most work in the organization gets carried out,
• creating a system to control distribution and re-issue of documents,
• designing and implementing a corrective and preventive action system to prevent problems from recurring,
• identifying training needs for most positions in the organization,
• calibrating measurement and test equipment,
• training the people in the organization on the operation of the quality system,
• planning and conducting internal quality audits,
• attending to the other requirements of the Standard that the organization does not now comply with.
• having a data management plan in place

ISO 9000 relies on a system of audits to provide assurance that the organization is meeting the requirements of the standard. An audit is an inspection of the documents and records that make up your quality system. Most importantly it is an inspection of the way the people in the organization work and the knowledge they have about the operation of the quality system. It is required that the organization carry out scheduled and planned internal audits of the quality system. This in itself in not sufficient, however, to obtain registration.

Only a "third party registration agency" is accredited to issue a certificate attesting that your organization meets the requirements of the selected ISO 9000 standard. Select this registration agency carefully. Choose the registration agency early in the project so that you can learn in detail what they require before granting a registration.

Although registration requirements vary, it is typical to have a "preassessment" followed by a "registration audit" At both the preassessment and the registration audit, an comprehensive audit the organization is performed. When the auditor identifies a discrepancy between the work that is being performed and the requirements of ISO 9001, the "noncompliance" will be written up. If only a few minor nonconformances are found during the registration audit, the agency will issue a certificate stating that your organization complies with the requirements of the selected ISO 9000 standard.. This certificate typically expires after three years. Also, the registration agency typically requires surveillance audits at six months intervals to maintain the currency of the certificate. At this point, you deserve to celebrate your accomplishments!

The action planning checklist provides a more detailed list of steps to follow, once the decision to seek registration has been made.

A more detailed description of the steps involved, including a complete interpretation of each element of the ISO 9001 standard, is presented in the book "ISO 9001, The Standard Interpretation".

back to: Objectives

Comments, Suggestions and Questions may be addressed to: WhiteLake Data Management

Last modified: Jan-09