As the Quality Manager for DKB Resources, Inc., a printed circuit board company, I worked from the ground up to successfully obtain a first-time quality certification from the International Organization for Standardization, (http://www.iso.org). There are several different types of ISO quality certifications. All can prove to be a valuable and legal recognition of a company’s Quality Management system. For small businesses looking to secure fist-time certification, the task can seem daunting. Through our experience, I was able to construct, monitor, improve, and manage our Quality System over the course of a year and a half with helpful input from several consultants and much of my own online research. My rules for small business owners hoping to appeal to clients with a Quality Management certification include:
Decide which standard your business should be certified to: There are several quality certifications available. Decide which one would best fit your business, and/or research the standard that your clients typically encourage/require. Keep in mind the possible future needs of your company, and the fact that the International Organization for Standardization updates standards regularly. In fact, the ISO website states that the organization “has developed over 17500 International Standards on a variety of subjects and some 1100 new ISO standards are published every year.” This is a lot to navigate, yet this website aids in searching for standards, (http://www.iso.org/iso/iso_catalogue.htm). The most popular-selling standards are:
ISO 9001:2008 Quality management systems
ISO14001:2004 Environmental management systems
ISO/IEC 27001:2005 Information technology and security techniques
ISO/IEC 17025:2005 General requirements for the competence of testing and calibration laboratories
Read the Standard, Read the Standard, Read the Standard: Double check compliance with the verbiage of the standard, which can sometimes be redundant or ambiguous. Pay attention to keywords such as ‘shall’, ‘document,’ and ‘verify’, which indicate the need for objective evidence, such as facts and/or records that can be shown and/or proved by recorded analysis or measurement. Consultants or do-it-yourself web research may come in to play here. Standards can be purchased from the ISO website and range in price, depending on the standard. Standards can also be purchased from third party internet sites, but make sure any third party site is reputable before purchase by looking into the validity of website claims or searching consumer reports.
To Hire Consultants or Not To Hire Consultants: On one hand, hiring consultants can be costly to small businesses owners trying to save money, but on the other hand, consultants can prove invaluable in deciphering the standard, completing gap analyses, and structuring a quality management system. Business owners who have little time to research Quality Management Systems should try to get some form of outside help, since failing an audit can also be costly. Be aware of what consultant payment will consist of, and get explicit details in writing! For those do-it-yourselfer’s, this is the age of information and help is available online. Google your quality questions and research! Don’t be afraid to ask a certifying agent for any recommends prior to the audit.
Research Certifying Agents: Research registrars for pricing, qualifications, accreditation, and reputation. Pricing for certification alone, not including consultants, can vary in range, typically $1000 to $3000 dollars. Inquire with registrars about the pricing, as well as the need and costs for pre-audits and surveillance audits. Be clear on the needs of your company based on the level and establishment of your quality system.
Monitor Processes: Revise them. Remember, the goal of great Quality Management is to streamline standard operating procedures, making it easier to monitor company objectives. Remember also that it isn’t always necessary to change a good company process in order to adhere to a standard, instead find ways to make the standard adhere to your good company process! The goal is to document good processes to fit into the standard requirements, and to change or eliminate the ones that do not work well for the company or the standard. You never want to claim processes you do not perform, as you will be creating more work for yourself and will not be able to maintain adequate records to meet the ISO requirements.
Documentation and Records: Sometimes, employees and business-owners are already doing more than they realize in practice, yet do not have a documented procedure for that particular company practice, this can be the difference between “Tribal Knowledge” vs. “Documented Process”. Make sure to get company processes and standard operating procedures out of employee’s minds and into a documented procedure! For example, have key employees write down what they do for a day or even for a week in a journal. Could anyone pick up the client invoicing? -- Or does the need exist for a detailed procedure where the particulars are outlined so this procedure can be followed by someone else if needed.
Internal Audits: Plan regular audits of your quality management system. It is a requirement of the standard. With this effort, you will find the holes in any processes and management systems before the auditors have a chance to. Also, be sure that no-one audits their own work, instead have other departments audit each other. This will also go a long way in growing internal “team mentality” and will also in help departments better understand and thus better support each other and projects.
Any Exclusions? : What must the company include? What can the company exclude? Determine whether or not exclusions have a possibility of future inclusion, and plan for later addition. Be sure of the requirements, there are some essential parts of the standard which companies cannot take exception to. Basic quality system requirements, such as the need for a quality manual and quality management system planning, cannot be considered as exclusions. Sometimes exceptions can be obvious, for example a company would take exclusion to Control of Monitoring and Measuring Devices if no such devices were used at the company. For difficult or ambiguous exclusion decisions, consultants and even registrars can help decipher what exclusions apply.
Prepare for the Audit: Make sure everything of relevance is available at hand to avoid digging up processes and records on audit day. It is ok to say,” I have to take a minute to get that to you,” but have the important stuff, such as Quality Manual, internal audit records, training records, and process records readily available. Have examples to show. Remember, auditors will often charge to come back to re-access any findings, be prepared before the audit!
After the Audit: Address any findings or Non-Conformances right away. Don’t be afraid to constructively question the Auditor’s judgment in order to prove standard compliance or even just to grow your own understanding. Auditors take a sample, so perhaps something was missed during the audit process that can indeed be proven. Know that there is a difference between Major and Minor Non-Conformances. A Minor Non-Conformance can result in corrective/preventive actions, and not necessarily result in a denial of certification. Gaps in quality systems can be cause for Major Non-Conformances, and may result in failing a certification audit. After the audit, follow up any corrective action in a timely matter and provide objective evidence of corrections.
Everything in Quality Management is Connected: A corrective action could be an outcome of an internal audit, and could lead to altering a process, the quality manual, or training records. When something is changed, remember it must be documented and controlled as a way to label and track revisions. Organization of your Quality System will ensure a more efficient and productive business!
Keep Obsolete Files Separate: This is easy, and required by the standard. Don’t just throw away electronic or hard copy data. Keep electronic obsolete files in an “obsolete files” to document changes.
Through trial and error, these tips have helped DKB Resources through a first-time certification and a successful first-year surveillance audit. This year, our company performed a gap analysis and worked to adhere to the newest ISO 9000:2008 standard. We are already looking to prepare for our second-year surveillance audit in less than five months!
Nicole Alexandria Blair
Quality Manager
DKB Resources, Inc.
