There comes a time when every manufacturer should consider attaining ISO certification. Not only can it lead to greater market penetration — specifically reaching those companies who require ISO certification from its vendors — but it can help to streamline your company’s internal processes as well. The following is a list of questions presented by Gear Solutions to Patrick Hall, who is president of Global QA, an ISO authority and industry leader in guiding its clients through the certification process.
At what point should a company consider becoming ISO certified (in terms of company size, annual sales, markets served, etc.)?
Companies of all sizes — and in a number of different industries — have been shown to benefit from implementing the international ISO 9001:2000 quality system standard, but the question of when a firm should consider becoming ISO certified is determined more by its priorities and readiness for certification than by its size or sales volume. One of the basic requirements for certification is that a company must be able to demonstrate that it has implemented a quality management system that complies with the requirements of ISO 9001:2000. Therefore, once a company has made the decision to become certified, it must fully implement such a system before it will be able to achieve certification.
Can companies handle this process on their own, or should they always contact a consultant? If so, why?
Although ISO 9001:2000 has been successfully implemented without outside assistance by a large number of companies, the process requires significant effort; especially in the beginning. ISO-compliant quality system manuals must be prepared, employees need to be trained, the system must be activated and evaluated for effectiveness, and records must be kept to verify compliance and continual improvement. For these reasons, firms that do not have a trained quality manager on staff, or who need to achieve registration within a relatively short period of time, may want to seek help from a consulting company.
If the company chooses to work with a consultant, what does the consultant do? Can you give a general idea of the cost?
Depending on a company’s needs and budget, ISO consulting companies are often the most cost-effective way to achieve ISO certification. Services range from generic “fill-in-the-blank” quality system document templates to custom-written manuals and extensive on-site training.
Pre-typed templates may be a good investment for a company that has adequate time and staff but limited financial resources. It should be pointed out, however, that many firms have found such a “do it yourself” approach to be a confusing and lengthy process. The cost of this method varies from free library books (not recommended) to as much as $5,000 for pre-typed manuals on CD that come with telephone support and written guarantees of effectiveness.
Probably the most common approach is to have a consulting company write the quality manuals based on interviews and questionnaires completed by the candidate company, at which point the consultant provides in-house training and mock audits to help the company put its system into use and prepare for the initial on-site audit by an ISO registrar. This approach typically costs from around $8,000 to as much as $50,000 or more, depending on the size of the company, the amount of service provided by the consulting firm, and whether there is a deadline that must be met.
Finally, some companies hire a consultant to work in-house to write their quality manuals, train their staff, audit the system to measure its compliance, and even to act as the company’s quality system representative during the initial audit by the ISO registrar. With ISO consultants charging anywhere from $400 to more than $1,000 per day, this approach can be costly, but it is considered by many to be the easiest, most-effective path to ISO certification.
A word of caution: consultants are largely unregulated, so make sure to ask for recent references and to get an agreement about what happens if you fail your audit. Be aware that a bargain-price consultant may be desperate for work and may not be qualified. If you need someone to help set up your quality system, consider that consulting companies may be a better choice than individual consultants, because a company will usually provide a back-up consultant in the event that illness or an accident prevents your original consultant from completing the work.
How much time does it usually take to obtain certification, and what factors are involved in the length of this period?
The time from the decision to become ISO certified to the date of certification is determined by numerous interacting factors. Most companies take between 10 to 15 months, although we have seen firms do it in 90 days. Some took more than years, and others lost their momentum and never became certified. A firm commitment to ISO by top management is crucial to the process. Without management backing, the quality manager’s job is truly frustrating and probably doomed to failure.
Educating employees about their role in ISO is another important factor. Everyone involved in the quality management system should understand why the system is important, what is expected of them, and what they should expect from the employees that they interact with. Consistent application is critical, both to make sure that everyone in the organization understands that the quality system is ongoing, and how important it is for the company’s success. The setting of measurable quality objectives — and a timetable for achieving them — helps keep the system on track.
Also be sure to assign clear-cut responsibility for implementing ISO within your company. Once assigned, hold people accountable for getting the work done on schedule. If you’re using a consultant, make sure that responsible staff members respond promptly to his or her requests for information or action. Above all, once started, don’t stop!
What does a company stand to gain by being ISO certified?
ISO certification brings many benefits, not the least of which is the improvement and increased efficiency of your operations. Studies have found that ISO-certified companies experience an improved return on assets, a continual improvement of the quality of their products and services, and increased traceability and accountability throughout the organization. From a sales standpoint, ISO has been shown to improve competitive positioning within a firm’s industry, and to lead to increased marketability of a company and its products. Firms wishing to do business overseas have found that ISO is quite strong throughout Europe and Asia, and that certification is often a requirement to do business in these areas.
In turn, what do they lose by not being certified?
Customer demand is one of the prime factors motivating companies to become ISO certified, so firms that do not achieve certification run an increasing risk of losing business to their ISO-certified competitors. A recent study found that companies who did not achieve ISO certification experienced diminished returns on their assets compared to firms that had become ISO certified. This points to ISO as an important factor in helping a company maintain internal efficiency and profitability.
What does it take to retain certification (is annual recertification required, for example)?
Certification is maintained by periodic on-site surveillance audits, also known as “maintenance of approval” audits. The duration and frequency of these audits is determined by ISO guidance, and by the results of the audits themselves. So if a company has an effective quality management system in place — and, as a result, the ISO auditors find few or relatively minor non-conformities — the registrar may allow the minimum number of audit days that are required by ISO. If there are numerous or significant problems that need to be addressed, the registrar may feel that the number of days needs to be increased until the system improves.
Most registrars require surveillance audits at six-month or one-year intervals. As noted above, the minimum number of auditor days per year is determined by ISO guidance. For example, if a company is required to have at least two auditor days per year, the registrar may require two one-day visits at six-month intervals, or it may allow one two-day visit annually.
At the end of the three-year certification period, the registrar will perform a renewal audit (also called a “triennial audit”) to confirm that the quality system remains effective and is applicable to the company’s current operations. Upon the completion of a successful renewal audit, the three-year cycle starts again.
What resources are available, such as Web sites, where companies can learn more about this issue?
There are numerous sources of ISO information available, both on the Internet and in printed format. Here is a listing of some of the most important ones:
- The International Organization for Standardization (ISO)
www.iso.ch - The Registrar Accreditation Board (RAB)
www.rabnet.com - The American National Standards Institute (ANSI)
www.web.ansi.org - The American Society for Quality (ASQ)
www.asq.org - Quality Standards General Information Site
www.qualitystandards.com