ISO 9001

What is ISO 9001 - the Quality management standard

ISO 9001 is a document that defines the framework and the criteria for an organisations “quality management system”.


As part of the year 2000 revisions the ISO 9001 standard adopted a number of principles, one of which is called the “process approach”.  The process approach means the systems should be developed around your existing processes and activities, we would say, they should reflect the way your work works. 


Additionally, the standard never says “this is what you must do” it simply says “these are the things you need to consider”.  How, and to what degree they are implemented, would depend on the risks (and opportunities) relevant to your business or organisation.


The full list of principles now include:


  1. Customer focus
  2. Leadership
  3. Involvement of people
  4. The process approach
  5. A systems approach to management
  6. Continual improvement
  7. Factual approach to decisions
  8. Mutually beneficial supplier relationships


In essence, ISO 9001 seeks to help an organisation define its aims and ambitions and then ensure its processes and practises deliver on those aims and ambitions.


Just so you know, you’re in good company, there are now over one million companies and organisations in over 170 countries certified to ISO 9001.

How long does ISO 9001 take to get?

The duration for obtaining ISO 9001 is likely to depend on a number of factors which might typically include:


  • The activities undertaken by your company
  • The number of people in your company
  • The current systems and process is in place (and their effectiveness)
  • The level of documentation of current systems
  • The degree of consistency across the organisation in the application of those systems


However, as a general rule a medium size company of say 30 to 50 people, operating from one office might take in the region of six to nine months.  Smaller companies could be quicker, larger more complex companies are likely to take longer.

What is the process for obtaining ISO 9001?

Effectively you are seeking to create a “book of best practise” that seeks to provide the recipe for what you do and how you do it.  At the core of this “book of best practise” is the codification of the way in which you deliver your products and services to your clients.


At a level above these core processes would be the planning processes which should define how will you go about setting the companies objectives and targets.


At a level below these core processes are the processes that define supporting activities; for instance; supplier approval and management, training and development, warehousing and logistics to name but a few.


It has been said that the process of obtaining ISO 9000 is simply one of:


  • Writing down what you do
    • Documenting “best practise”
  • Justifying what you do
    • Checking and clarifying best practise with the staff that undertake the work
  • Doing what is written
  • Recording what you have done
    • Documenting that best practise has been applied
  • Reviewing what you have done
    • Spot checking what went well and, not so well (in order to learn and improve)
  • Revising what you want to do
    • Getting feedback from a variety of sources so processes can be amended and improved


Once the “book of best practise” has been written by either yourselves, or a consultant, you will need to:


  • Audit the entire system prior to certification
  • Undertake a management review meeting


You will then be ready for certification.

What is the certification process?

The chosen certification body will need to undertake two stage audit:


  • In the initial instance, stage one, they are making a comparison of your freshly minted book of best practise against the ISO 9001 standard
  • In the second stage they are making a comparison between your book of best practise and what you do, your operational activities


At the end of the certification process they will advise of the outcome which, if things have gone well, is likely to be “recommended for registration”.  Sadly, the assessor cannot actually give the award there and then as it needs to pass through the accredited certification companies technical committee before the decision is endorsed.

Who needs to be involved in the process?

Again, this is going to depend on the scale and complexity of the organisation but is likely to include representatives from the following:

  • The senior management team in order to understand the organisations objectives and targets
  • Operational department heads, marketing, sales, operations etc in order to understand how products and services are delivered to the client base
  • Department heads of supporting processes; HR, IT, purchasing etc in order to understand how supporting activities assist in delivering company objectives and targets

What happens after ISO 9001 certification?

Hopefully, following certification, you’ll get access to new customers, contracts and tenders, so, your business will develop and flourish.  This means your “book of best practise” should adapt and change in response to changing company and customer requirements.  In short, this means:

  • Setting and developing new objectives and targets
  • Using problems and mistakes (nonconformances) as a vehicle to learn and improve
  • Undertaking audits to check processes are continuing to deliver as expected and to ratchet up improvement efforts
  • Holding and minuting management review meetings
  • Updating the system when required

These are the internal activities that you would need to embark upon.  In addition to which the accredited certification body would usually be back at least once a year, more frequently with larger organisations, to check that you are implementing the system effectively.

How can Statius help?

Once the initial euphoria is over, due to the pressure of day-to-day activities there is often a tendency to sit back and relax.  This often results in mild panic a year later when the first surveillance visit looms because audits haven’t been completed and management meetings haven’t been undertaken! 


We can help.  As one of our long-standing clients said “you guys keep us honest, you do”.  A significant portion of our work is dedicated to helping organisations support and develop their management systems.  So, the activities we get involved in includes:


  • Undertaking internal audits
  • Managing nonconformance systems
  • Undertaking supplier audits
  • Chairing and writing up management review meetings
  • Providing assessment support