Introduction to ISO 9001
ISO standards and their subsequent management systems are an excellent way of driving standardised productivity, efficiency and continual improvement within a business.
The quality management system ISO 9001:2015 is one of the three most common ISO standards that businesses are certified against, together with ISO 14001:2015 (environmental management standard) and ISO 45001:2018 (occupational health and safety management standard).
The basic purpose of a quality management system is to standardise your business processes using a risk-based thinking approach and the Plan-Do-Check-Act (PDCA) methodology. The processes should be engaging to the workforce and simple enough to be repeatable in order to deliver a high standard of product or service to customers.
Getting started with ISO 9001 implementation
Implementing a quality management system can seem quite daunting, and there are various ways of starting.
The most important foundation for this endeavour involves a diverse team to develop your management system. This will support engagement and foster your quality culture. Many businesses I’ve worked with rely purely on a quality manager to devise and implement the management system. These management systems become a box-ticking exercise because senior management only wants the certificate to adorn their reception wall. Utilising other departments and key personnel across the business—such as a senior manager— fulfiling the roles of champions, human resources, marketing, sales, operations, and procurement will ensure that the quality manager has the support to devise a good quality management system.
The first phase of implementing the ISO 9001 standard is understanding your business (ISO 9001:2015 Clause 4)—its scope, purpose and context. This can be achieved by documenting and communicating the following aspects:
- What service or product do you provide?
- Who do you offer it to, and who is affected by your operation?
- How do you provide that service or produce your product?
- What additional support or external third-party services do you use?
- What risks and opportunities are there, internally and externally, that can affect your business?
Identifying who’s in charge
The next step is to consider your leadership (Clause 5), who will be driving the management system within the business, identifying the risks and opportunities and implementing and maintaining the documentation. It can all be documented in a quality policy.
This document should summarise how you will deliver everything you mentioned in Clause 4. Your customers will ask for this as a demonstration of your management system. It should be signed by the most senior in the company as they own this document. They should also be involved in writing and reviewing it on a regular basis.
Securing adequate support for quality management
As mentioned previously, involving various departments necessary for the operation of your business is important. It can’t remain on the shoulders of a quality manager to manage the operations. They will require support (Clause 7), especially from the Human Resources or People Department.
This team can support the employees by ensuring that job descriptions are suitable and that the right people are in the right roles. Doing so also guaranteesthere is a process to reduce staff turnover and retain knowledge within the business. There are sections regarding employee competence, awareness and communication which can all be achieved through SafetyCulture (formerly iAuditor) features such as Heads Up, EdApp and Issues.
Clause 7 also requires a suitable infrastructure (building and equipment) and environment for operations. The most recent version of the ISO 9001 standards requires businesses to consider the social, psychosocial and physical aspects of the workplace. This aligns with current trends for social sustainability within companies.
Understanding your operations
Clause 8 in ISO 9001:2015 covers the operations within the business. This is quite a significant aspect of the standard, and around 50 per cent of an external audit would cover this clause.
The whole of your operation needs to be considered from planning, design, product handling, customer requirements and communication, product control and handling of non-conformances, e.g. customer complaints. No doubt there will already be plenty of operational processes in place. Taking the opportunity to ensure that the processes are mapped out, documented and communicated to the workforce is vital.
Some companies employ the assistance of consultants to aid in this aspect. SafetyCulture has a partner program with consultants to support a wide range of businesses in streamlining their processes.
Measuring operational performance
There is the adage, ‘if you don’t measure, you can’t control’. This adage perfecty connects with ISO 9001’s Clause 9, as this section discusses performance evaluation.
This clause requires businesses to measure and analyse their performance against their business and customer objectives set way back in Clause 5. This can be achieved using the simple analytics feature on the SafetyCulture dashboard. For more complex data, there is an API integration opportunity to extract data generated in SafetyCulture and integrate it with existing monitoring and measuring systems that the business may already be using.
Internal audits are an essential aspect of measuring internal performance and compliance with your processes. Don’t wait for the third-party auditor to show up and check them for you! Templates are available in the SafetyCulture Public Library for full-clause and process-based audits. Using the Schedules feature for the internal audit schedule is a great way to manage the internal auditing team and monitor their progress.
Achieving continual improvement
Continual improvement is an aspect introduced in the 2015 version of the ISO 9001 standards. Clause 10, the final clause, brings the PDCA methodology full circle.
The management system should be able to demonstrate that method when checking the system and ensure that the non-conformance management is adequate should there be deviations from the process. Utilising the Issues feature in SafetyCulture can support the data collection of non-conformance information and monitor and follow up their corrective actions to completion. With the Analytics part of Issues, it is possible to identify trends within the management system to ensure continual improvement is achieved.
Since the improvement of the ISO standards themselves in 2015, the management system should be process-driven. You no longer need an overly complicated, long-winded administration and a heavy, paper-based quality manual.
In order to become certified by an external accrediting body, the business can simply demonstrate its process work! Using SafetyCulture and integrating all the features available to you as a customer so you can achieve a streamlined, continually improving ISO 9001 quality management system.
The information contained in this article is general in nature and you should consider whether the information is appropriate to your specific needs. Legal and other matters referred to in this article are based on our interpretation of laws existing at the time and should not be relied on in place of professional advice. We are not responsible for the content of any site owned by a third party that may be linked to this article. SafetyCulture disclaims all liability (except for any liability which by law cannot be excluded) for any error, inaccuracy, or omission from the information contained in this article, any site linked to this article, and any loss or damage suffered by any person directly or indirectly through relying on this information.