ISO 9001 is an internationally recognized certification which ensures quality of products and services of a company. Being ISO 9001certified has lots of benefits to corporations. Some of these benefits include but not limited to;
As you can see, there are many benefits of being ISO 9001certified. However, getting the certification is not easy and there are some costs associated with it.
Costs of Getting ISO 9001Certification:
There are two kinds of costs related to ISO 9001certification. One of them is the costs for the certification itself and the other one is the costs for getting ready for it.
– Ramdas Pai
Sr. Consultant – Certifiers Bureau, Germany | 10th Feb 2019
While conducting an ISO 9001certification audit on a client, it became clear that the main auditor was the ISO 9001implementation consultant who had “installed” the management system. We explained that we needed to speak to the process owners, i.e., the users and owners of the system, but the consultant continued to lurk and cut in to answer questions on behalf of the company employees, who obviously knew very little. Needless to say, this audit did not go well.
When an organization finds itself in the position of needing to implement ISO 9001, they may not have the internal skills to do so without outside help. The obvious answer to the obvious question of “Where do we start?” becomes “Get a consultant.” However, this answer is premature. Instead, a follow-up question should be: “Do we really need a consultant?”
The decision of whether to hire a consultant or to “do-it-yourself” should only be made after careful consideration. The wrong decision can be costly and fail to deliver the desired results. Keep in mind that the motivations for implementation and certification vary.
In particular, if the implementation driver is external (e.g., certification is demanded by a key customer as a condition of being included on an approved suppliers’ list), and there is only rudimentary knowledge of what ISO 9001actually is, and there is deadline pressure, then the inclination will be to put yourselves in the hands of the consultant who promises to install a “ready-to-use” system in the shortest possible time and with minimal disruption and demands on you. So, think twice before you hire someone.
What’s wrong with this approach, you might ask? If you pay a consultant a lot of money, isn’t their job to do everything for you, including creating all of your documented information and getting you through the audit so that the certificate is on the wall? However, this provides a false sense of security. If your auditors are not too fastidious, you might just get through the initial audit and get certified. But if there is no understanding, buy-in, or ownership from the company employees, this kind of “parachuted system” is of limited viability. And, what about the next audit and the one after that? Will you continue to be helpless unless the consultant is there to hold your hand?
So, what kind of consultant should you seek? The best kind of consultant is the one who builds capacity in their client’s organization by first training people and equipping them with the knowledge to understand the standard sufficiently to build their own value-adding system. The starting point should ideally be the organization’s top management. They must clearly understand their role, particularly in determining the organization’s intended results and establishing the organization’s context ISO 9001:2015 clause 4) and quality policy (ISO 9001:2015 clause 5.2). A cross-functional team of implementers should then be selected and trained. This team will then go through the implementation steps with the desired level of guidance, review, and monitoring from the consultant.
In selecting a consultant, it is worth considering at least the following questions:
1) Does the consultant have a track record of successful implementations? References should be checked.
2) What is the consultant’s background? Ideally, you want someone with wide experience and/or a background that matches your industry. This will determine how well they understand your business. They will be well-placed to advise how best to apply the generic standard requirements to your processes. A former industrial chemist may not be the best fit for an IT company, nor an engineer for a marketing company.
The ‘no consultant’ options
There are two other alternatives, which involve no consultant at all. The first includes nominating some employees to attend public courses such as the ISO 9001:2015 Foundations Course, ISO 9001:2015 Lead Implementer Course, and ISO 9001:2015 Internal Auditor Course. Thereafter, these people should be adequately competent to develop, implement, and maintain the system.
The second option involves using toolkits that are available online. These toolkits provide step-by-step guidance on the implementation of ISO 9001. The guidance will, out of necessity, be generic, so if you need help to problem solve or answer specific questions during the project, there is also the option to purchase more personalized guidance in addition to the generic toolkit.
Do what suits you
When all is said and done, the best course of action is the one that suits your organization best. In fact, many organizations choose to go for a combination of the solutions described above. Because every organization is different in size, purpose, culture, etc., there cannot possibly be a one-size-fits-all prescription.
– Gurutej Kaigonahalli
Sr. Consultant – Certifiers Bureau, U.A.E | 18th March 2019
If you analyze the last year of your sales team’s performance, and you have a working knowledge of the ISO 9001:2015 standard, then it’s not especially difficult to envisage how the adoption of standard processes and certification according to the standard might help your team. Has your team lost a customer in the last year? Does your organization have standard methods of winning, retaining, and gaining feedback to allow that relationship to flourish? When a mistake is made – which can be very costly in the sales world – do you have a prescribed method for fixing it and being confident that it will not be repeated? Are you good at the process of planning improvements to your team and process and reviewing the results effectively? I’m sure that if you answer these questions honestly, you will find that there is almost always room for improvement. So, let’s see how ISO 9001:2015 can help you to unlock that improvement:
ISO 9001:2015 can bring a host of benefits, both direct and indirect, to your sales organization. A shared sense of purpose and focus can help inspire your sales team to new heights, and the credibility that certification gives your organization can often provide your sales team with a new edge, or “unique selling point
Why not consider implementing it in your sales business now, and get that vital edge that could take your sales performance to new heights?
– D’souza Raj
Sr. Risk and opportunity analysis specialist, India – Certifiers Bureau | 2nd April 2019
First, it is important to note that both standards include many of the same requirements, as both are used to create an OHSMS. While both standards emphasize the management of Occupational Health & Safety (OH&S) hazards and legal requirements, and the importance of top-level management involvement, there are some new requirements in the ISO 45001:2018 standard that are included to further benefit your company.
One of the biggest changes is to organize the ISO 45001standard to match the standard format for ISO management systems, called Annex SL, so that the structure and format match those of other management systems such as ISO 9001:2015and ISO 14001:2015. This organization helps you to better align the different management systems you may implement, and allows you to easily see the common processes that can be done together (such as the internal audit). One important change involves how we think about risk in the OHSMS. Where OHSAS 18001 only talked about the risks associated with the OH&S hazards in the organization, ISO 45001talks about managing other risks and opportunities along with controlling these OH&S hazards. With these additional risks and opportunities to assess, many companies will want to have a more formal risk management process than they did using OHSAS 18001.
One change to all of the ISO management system standards that some people have found confusing is the new requirements for documented information, and ISO 45001also includes these requirements. The new requirements are basically an amalgamation and simplification of the old requirements for creating and maintaining documents and records in the OHSMS. The standard clarifies that documented information refers to information for the management system and its processes, information created for the organization, and evidence of results achieved. In general, the process that has been put into place for document and record control in OHSAS 18001 will meet the requirements of ISO 45001.
One important thing to note about this change is that there is not a requirement to change your terminology from “documents and records” to the term “documented information” in your OHSMS. Keep using the terminology that your people understand. The new standard also has different expectations of what documentation you will require, so ensure that you compare your current documentation listing with the new requirements.
Both ISO and BSI have indicated in their communications that there is a three-year transition time to change your OHSMS from OHSAS 18001:2007 to the new ISO 45001:2018 standard. This matches what normally happens when an ISO standard is updated, such as when ISO 9001:2008 changed to the ISO 9001:2018 revision. Companies that are already certified have until 2021 to upgrade their OHSMS, and at this time BSI has indicated that it will make OHSAS 18001:2007 obsolete. Any company that is implementing a new OHSMS should use the ISO 45001 standard as their requirements, because certification bodies will stop granting certification to the OHSAS 18001standard sooner than this 2021 deadline.
So, it is clear that ISO 45001does replace OHSAS 18001. Now, for your transition, you need a plan. This should start with a gap analysis comparing what you are doing now to the requirements of the ISO 45001:2018 standard. In this gap analysis, go through every “shall” statement and determine if you meet the requirement or not. For each requirement that is not met, determine what you need to do to meet it, and then make that change. It sounds simple, but it can take some time to do.
Many companies tend to wait to make the changes in their system, but this can be problematic. While the transition process may sound simple, as mentioned above, it can take some time to accomplish. Waiting to start will only delay your conclusion, and rushing because you started late can hinder the improvements you want to make.
Remember – just because you make improvement changes to your OHSMS so that it meets the ISO 45001requirements doesn`t mean that you need to change your certificate right away. Take the time to make the changes work for you, implementing the most important first, and get the benefits of each improvement as soon as you can. You have an OHSMS to improve your OH&S performance, so why wait to make improvement changes that will benefit you?
– Aaron Varghese
Sr. Safety auditor – Certifiers Bureau, U.A.E | 2nd April 2019
If you are asking your suppliers to have a Quality Management System (QMS) that is based on ISO 9001:2015, you have reasons for doing so. Maybe you want to reduce the risk of products, processes and services resulting in poor results, or maybe your customers require you to use certified suppliers. Whatever the reason for requesting a QMS certificate, you want to ensure that a supplier sends you a copy of an authentic certification. But what do you do when you suspect that the certificate is false?
Here are a few things to consider if this happens:
It may surprise you, but the concern about false certifications is not included in the ISO 9001standard. The standard is simply a set of requirements that can be implemented to provide a company with a QMS that will help them deliver products and services that meet customer needs and improve customer satisfaction. How this is done by the organization, and how they gain certification, is not included because certification of the QMS is not a mandatory requirement.
So, why would a company falsify a certificate? It is hard to say, and every organization that does this probably has different reasons. It could be because they are concerned about the expense of hiring a certification bodyto audit them. It could be because they are worried about what will be found during the certification audit. It may even be that they just want to claim certification without having done any of the preparation and implementation required. Whatever the reason, without a valid certification you do not know that any QMS they might have in place has been verified against the ISO 9001:2015 requirements.
The first thing to remember is that an organization cannot certify their own QMS; this needs to be done by an accredited certification body. To better understand what to look for it is helpful to know how certification works.
The process for how certification works goes like this: the International Organization for Standardization (ISO) issues a standard, and an organization will implement the standard. The organization will hire a certification body to audit their system and issue an accredited certificate that the system meets the standard requirements. In order to be allowed to do this, the certification body needs to be accredited by the national accreditation body who monitors their work. In turn, the national accreditation body must be authorized by the International Accreditation Forum (IAF).
So, each certificate should include the registration/certification number, the name of the certification body and the name of the accreditation body. If there is no certification or accreditation body, then the certificate is definitely false. If there are a certification and accreditation body identified, then you can start the process of looking to find out if the certification body is properly accredited. The way to do this is as follows:
This may seem simplified, but if you follow the above process and find that those who claim to have issued a certificate are not on the maintained approval listing, then the certification is not valid.
If you have good reasons to ask your suppliers for certification to ISO 9001:2015, then it is obvious that a supplier with a false certificate should not be used by your organization. Use your internal process to find another supplier who can satisfy your needs. You may also notify ISO about your suspicions of a company who has a false certificate; this can easily be done at https://www.iso.org/complaints.html. This can help the ISO group to better investigate this problem.
Those of us who know the benefits of having a certified QMS may be mystified by an organization that would falsify their certification. Unfortunately, this practice is occurring with some organizations and needs to be monitored. As with any other requirement if you have any providers of external processes, products or services, you want to ensure that the requirement for a certified QMS is met. After all, if a supplier would misrepresent their ability to meet this simple requirement, what else are they hiding?
– Mohammed AneesShiek
Business Analyst – Certifiers Bureau, U.A.E | 4th June 2019