ISO 9001: From Certification to Recertification
ISO 9001 is a part of the ISO 9000 family of standards and the only standard that defines requirements for a Quality Management System (QMS). Organizations comply with standards such as ISO 9001 to showcase their competence in offering products and services of good quality and to comply with laws and regulations of the government. One of the main requirements of ISO 9001 is “continuous improvement.” It refers to continuously tracking and improving an organization’s products, processes, services and satisfaction levels, among others. It also refers to the continuous improvement of the QMS that the organization has implemented.
ISO 9001 Certification
Getting certified in ISO 9001 involves preparing an organization for certification, performing an internal audit and lastly performing an external audit. This external auditor will be an accredited certifier or registrar who audits the QMS against ISO 9001 specified requirements. It is a comprehensive check of the QMS that are implemented by the organization.
An organization undergoes many changes during and after certification to close all the identified gaps in its journey of quality management. Once an organization has made a commitment to get ISO certified, it requires a huge investment in terms of time, effort, cost and change. Dedicated personnel must be identified, trained and deployed to manage this certification process. A baseline status is established and analyzed for gaps against the specifications of ISO 9001 QMS. Addressing these identified gaps may require adding new personnel, processes, documents and new quality controls. Organizations often employ Plan Do Check Act (PDCA) cycle to address gaps and improve the current state to reach the desired goal.
Organizations then perform an internal audit. It is intended to mimic an external audit and review the developed system to check if it meets ISO 9001 requirements. Established processes are checked to ensure that they comply with the quality manual the organization has put in place. For any gaps found during the internal audit, defined processes as per the quality manual must be followed to close the gaps. This approach puts the QMS into practice even before certification. It should be noted that implementing a QMS must enable an organization to continuously improve than merely satisfying certification requirements.
Maintenance & Recertification
Once an organization is awarded an ISO certification, it is valid for three years. A QMS established for certification must be maintained on a regular basis to stay compliant and achieve intended objectives. QMS must be maintained for both continuous improvement and for recertification. Also, the certifying authority or registrar must conduct periodic checks within three years of time to ensure that the system is being maintained and is rooted in the processes and procedures of the organization.
Quality management is a continuous journey and not an end state. For certified companies, continuously improving and maintaining compliance and getting recertified is a more difficult journey than the first-time certification. But, this can be simplified by managing changes to documents and processes efficiently using an Enterprise QMS.
Reasons for losing certified status
For an organization that is fully committed to follow its QMS and continuous improvement, recertification will become a natural process step. However, many companies fail in maintaining ISO 9001 certification requirements and eventually lose the certified status during their next certification cycle. Typical reasons for such failure can be broadly categorized into: commitment, competence, complexity and change management, statuses of all of which can get altered from the state before.
When a senior management of a company embarks on an ISO journey for reputation alone, quality management and continuous improvement are hard to accomplish. Processes don’t get followed effectively and quality management remains on paper. Personnel who are managing ISO requirements, who fail to maintain a quality management system, will fail in enforcing continuous improvement. Assigning responsibility of quality management system to external contractors alone and not having efficient internal oversight will also result in a failure of the system. Competence in the personnel responsible for maintaining a QMS is an absolute requirement and needs to be planned and implemented through regular training programs. Some organizations make QMS too complex to adopt. This typically happens when several different systems are put in place and understanding the system relationships is hard for the employees who use them. This can be easily avoided by engaging an Enterprise QMS software that integrates all quality management activities into a single platform.
Lastly, but undeniably, most critically, one of the reasons for a QMS failure is inability to handle change management issues. After a quality management system is certified, an organization may encounter several changes in its documents, processes, tools used and procedures to be followed. These changes often arise due to changes in the business’s functions, management team, systems and markets. Any of these changes, if not handled in a planned manner, may disrupt the original quality management system that the organization has put in place. This will lead to quality management activities that are not per the defined quality manual. In fact, handling a change in a planned manner is an explicitly stated requirement in the ISO 9001 specifications.
There are four things an organization can do when dealing with changes or actions that lead to any change in a defined QMS. First, the purpose of the change and potential consequences must be thoroughly studied. There may be an opportunity to avoid a certain change or there may be a consequence that has been missed out while conceptualizing the change. Both reason and impact of a change must be studied and documented. The second requirement is to maintain the integrity of QMS. A QMS is installed in an organization with a defined objective. A change must be analyzed to check if any of these planned objectives will not be met due to the change. Thirdly, trained and relevant resources must be available to execute the change. The fourth and final requirement is to assess if there will be any change in responsibilities and authorities of personnel due to this change.
ISO 9001 requires that the most important element of change management is to have a plan for change. Standard explicitly states that, “When the organization determines the need for changes to the QMS, the changes shall be carried out in a planned manner.” While ISO provides a framework to take up and execute changes such that the QMS is maintained intact, it is often very complex in organizations that span multiple verticals, geographies and stakeholders. A robust Enterprise QMS will help in such scenarios with an integrated approach to all the quality management requirements of the organizations. In changes related to documents, products and processes, analyzing changes for impact can be automated with an integrated change management software solution.
In an organization’s ISO journey, getting certified is just a starting point and can be fulfilled with a one-time gathering of relevant documents and data needed to file for certification. However, to maintain a QMS as documented in the quality manual and to be integrally prepared for recertification is the challenging part. This involves a cultural shift in the way an organization views quality. It requires an actual application of activities specified in the QMS. Most significantly an organization’s ability to plan for and execute change will determine its commitment towards continuous improvement. An integrated solution for QMS is essential to maintain planned quality management activities and keep organization prepared for recertification.