ISO 9001 QUALITY MANAGEMENT SYSTEMS FAQ

Getting ISO certification as soon as possible should be your goal. The evidence is overwhelming - a clear majority of ISOQAR clients win more business and experience efficiency gains from having ISO certification. Just remember though that the auditor will actually have to have a business to audit! So you’ll probably need to have been up and running for a few months.

It’s tempting to respond with “How long is a piece of string?” It depends not only on the size of the business - especially how many sites you have - but the complexity too. But it’s entirely up to you (or more likely, your customers) what you include in the ’scope’ of your certification. It may be that you don’t want to certify all of your sites and services/products. So, the narrower the ‘scope’, the quicker you can build your system. In an ideal world, an auditor would like to see that your system has been running for three months, but we do have cases of companies getting certified within six weeks of a standing start. An independent consultant can help you get up and running quicker.

The topic of ‘scope’ is one that often causes confusion. In this example: no, you would not need two different systems and certificates. Indeed it is very rare for a single organisation to hold more than one certificate for the same standard. You would just need to ensure that your management system covers the appropriate sites and products that you want certifying. It’s obvious when you think about it, since one of the objectives of ISO 9001 is to implement consistent standards across an organisation. A quick phone call to a UKAS certification body can advise on ‘scope’.

You can watch a recording of an ISO 9001 webinar we broadcast where we explain this.

Yes. Many organisations do this. It’s called an ‘extension to scope’. It’s very easily done - you just need to expand your system to cover the additional sites and/or products you want to include. After a successful ISO 9001 audit, an amended certificate can be issued.

If you are a group of separate companies, then you will need separate certificates. But if you just have sites all over the world (but all within the same company), then as stated above, you can have one certificate.

‘Policies’ are broad principles. A policy can often easily be stated on one side of a sheet of paper. It’s not about details. Just search online for ‘quality policy’ to get examples from other organisations - you’ll see they are very brief. Your policy should be in writing.

As described in supporting ISO documentation, a procedure is a ‘specified way to carry out an activity or a process’ and a process is a ‘set of interrelated or interacting activities which transforms inputs into outputs’.
 
It could be said that a process is what happens, procedures describe how it happens.

A work instruction is more detailed still and dictates exactly how a certain task should be performed.
 
It’s worth mentioning the term process approach here. It’s regarded as one of the pillars of management systems. It’s a way of managing your activities as a system of processes, rather than as people, products and departments. It means you take a holistic view, rather than taking a ‘silo mentality’. A process approach involves establishing effective and efficient processes that are consistently followed and improved upon. It’s the basis for most management standards.
 
There is no one size fits all for processes and procedures. These should be bespoke to each individual organisation based on context, scope and size.

‘Understanding the needs and expectations of interested parties’, as ISO 9001 puts it, is a critical early stage in developing your QMS. It does in fact relate to more than just customers, it includes for example shareholders, suppliers, contractors etc. too.
 
But you’re right, it’s mostly about customers. After all, if you don’t know what they want, how can you build a successful system (or even a successful business)? There’s no silver bullet here, you just need to dig and show you’ve done your research: email surveys, phone surveys, customer feedback, focus groups, face-to-face interviews. They all help build a picture. You may find this blog interesting.
 

Yes, you heard that right. These days, with the current version of the ISO 9001 standard, a manual is not mandatory. But to be honest, it’s recommended you do have one, even if it’s not a printed document on a shelf. It’s really a term that describes your collection of policies, objectives, procedures, records etc. that relate to your management system. It makes life easier for you and the auditor.

Good question. The short answer is that there is no official body that oversees this. It’s for you to determine who is ‘competent’ to conduct your internal audits. As a minimum, anyone doing internal audits should do a Foundation Course to get an understanding of what the standard is all about, then ideally an internal auditor training course. They’re both just one day each, and more details can be found within our ISO training section.

It’s important that ‘top management’, to use ISO terminology, take responsibility for their management system. There’s no escaping it - it cannot be delegated. Auditors will expect to speak to top management to assess their involvement. It’s recommended that top management take at least the one day foundation course to get an appreciation of the standard. For a Quality Manager, if this is your full time role rather than just a title you occasionally assume, then yes, we definitely recommend a lead auditor course. It’s a good investment not only in the individual but for the company too as you’ll learn how to improve your system and do things more efficiently. You should find that the auditor uncovers fewer nonconformities, making life easier for everyone.

Absolutely. If you have more than one ISO system, or are thinking of adding another standard such as ISO 45001, you should look at combining them into an Integrated Management System (IMS).
 
You can share elements of the standards, like the Management Review, so that you can kill two birds with one stone. Your certification body can also audit integrated management systems at the same time, saving time and money.

You don’t so much ‘fail’ in getting certified as just not actually get awarded your certificate. The auditor will highlight nonconformities when auditing - and it’s very rare not to find any - and decide whether your system should be certified or not based on the number and severity of those nonconformities. You won’t get your certificate until those issues have been put right. That said, it’s quite rare not to be awarded a certificate as long as you’ve put the effort in. You might find this information on the audit process interesting. It relates to ISO 9001 but it’s the same for all standards.

Yes, you can do that. Organisations transfer their certification all the time, often because they have different certificates with different certification bodies and want to make life simpler by consolidating, or because they aren’t happy with the service.

UKAS rules mean you can’t be locked into long term contracts - that’s not the case with non UKAS bodies, so check the small print. Some lock you in for many years.

Find out more about transferring to ISOQAR. (By the way it’s easy and there’s no charge for it if you’re moving from another UKAS body.)

Firstly, you should check the small print of your contract with whoever gave you your certificate. It could be that you’re locked in. But either way, if you need to get UKAS certification, then you will likely have to put a little more work into developing your system because UKAS accredited certification is more rigorous. You can get an independent consultant to look at things for you or perhaps or even get a pre-assessment which will provide you with a preliminary evaluation of your management system. ISOQAR can do this for you.

Far from it. There are many small businesses of even fewer than five people with ISO 9001 certification. Indeed, ISOQAR has sole traders as clients too. It’s a great marketing tool to make you stand out from the crowd and of course to help you win more business and grow.

ISO 17021 is relevant only to certification bodies, like Alcumus ISOQAR. It’s really important. It’s the standard against which certification bodies are assessed if they want to be UKAS accredited. UKAS is a bit like a regulator for the certification industry. They are appointed by the government to audit and accredit certification bodies. ISO 17021 is a mark of competence, consistency and impartiality and shows that a certification body conforms to the highest standards.
 
You should ensure the certification body you choose is UKAS accredited; your certificate will then be accepted everywhere. Many people make the mistake of assuming all certification bodies are equal - but they aren’t. Unaccredited certification often is not recognised. Learn more about UKAS accreditation and why it’s essential.