Follow ISO Update Blog on Feedspot

Continue with Google
Continue with Facebook


ISO 31000 is a standard on risk management developed by the International Organization for Standardization firstly in 2009 and updated in 2018. It is the international codification of the principles and guidelines of risk management, which emerged as a necessity to have one international standard which applied to all industries and organizations of all sizes. In other words, because there were a number of standards on risk management that different organizations in different industries were implementing, experts deemed it necessary for a new family of standards to emerge and to unify all the concepts in one single standard which would provide guidelines and strategies for implementing risk management. Later on, we will discover how ISO 31000 and ISO 22301 can be intertwined, and how can ISO 31000 deepen the risk management control in an organization that has already implemented ISO 22301 – business continuity management system.

Uncertainty is an inseparable part of every business, and as such, every company has to tackle the risks associated with uncertainty in every dimension of business operations. First, risks have to be identified, after which they are categorized and preventive and responsive measures for each identified risk are implemented. The nature of risk nowadays has evolved into unprecedented complexity, because the amount of data that goes in and out of companies is rapidly increasing. As such, unsurprisingly, contracts and insurance companies require mechanisms in place which make sure that the company is identifying and tackling risks.

ISO 31000 helps organizations protect their assets as well as increase the likelihood of achieving objectives by providing direction and risk management strategies. It is adaptable to the context of every organization and it helps mitigate risk within the organization by implementing risk-based decision-making and risk-based corporate culture. That is to say that both employees and stakeholders make decisions by always bearing in mind the risks associated with each decision, but at the same time, apart from seeing negative consequences, it helps a company also identify positive opportunities.

On the other hand, one of the most famous international standards which deal with the continuation of business operations and business security is ISO 22301. This is a standard on business continuity management and it is widely-implemented in organizations of all sizes and all industries. Differing from ISO 31000, ISO 22301 does lead a company to certification if the latter proves to have implemented the standard and its requirements.

The main goal of this standard is to offer a management system which makes sure that in case of incidents, of every nature, an organization can continue its crucial business operations – in other words, it can survive. Incidents can have a very different nature from each other, ranging from natural disasters to cyber-attacks, and ISO 22301 includes all of these kinds of incidents. It also helps a company to mitigate risk and to evaluate which risks are more imminent and more probable.

Based on these factors, and a proper understanding of the organization and its context, a Business Continuity Plan should be developed (BCP). This plan includes actions and measures to be taken in case of different scenarios, the persons in charge of every scenario and how to contact these persons in case that one of the scenarios happens. In other words, a BCP should be composed, but there should also be instruments to activate the BCP and responsible managers should be appointed for every situation, and the information should be communicated clearly so that every employee is aware of who to contact in different scenarios.

So, among other things, risk assessment and risk management are integral parts of business continuity, and this is where ISO 31000 and ISO 22301 intersect. In ISO 22301 there are two important clauses which deal specifically with risk: close 6.1 on “Actions to address risks and opportunities” and clause 8.2 on “Business impact analysis and risk assessment”.

Every business is exposed to risk, ranging from market risks, investment (or stock) risks, natural risks, cyber risks and so on. Depending on the scale of risk exposure, a company might choose to implement and get certified against ISO 22301, but at the same time have ISO 31000 as a guiding tool for risk-based thinking, risk strategies and risk-based corporate culture. It is a very good integration (but not an integrated management system, since ISO 31000 does not offer requirements but guidance) of two standards which can produce a very detailed and accurate platform, that can serve a business well in difficult times – and as history has often proved, it can help a company stay in business when faced with risks and challenges.

It is often argued that civilization started when the first humans learned to domesticate plants and were able to farm and harvest. In order to be able to farm, one must at least be able to recognize and know seasons, humidity and temperature as minimum requirements to be successful. So, in other words, it was the event of being able to predict which marked the beginning of civilization and its continuation and evolution to this point. We have developed immaculate methods (e.g. scientific method) to predict and forecast in order to survive, thrive and evolve. The same concepts apply to a business if you see it as thinking, living organism which is striving to evolve and thrive, but which also has to deal with the bad days where survival is the main objective. We can consider standards such as ISO 22301 and ISO 31000 as the scientific methods of the world of management, which help a business as a living organism to survive in these bad days while helping them reach their objectives and grow in good times.

About PECB

PECB is a certification body for persons, management systems, and products on a wide range of international standards. As a global provider of training, examination, audit, and certification services, PECB offers its expertise on multiple fields, including but not limited to Information Security, Business Continuity, Resilience and Recovery, Governance, Risk Management, and Compliance, Quality Management, IT Governance & Service Management, Health, Safety, and Sustainability.

About the Author

Julian Kuci is the Marketing Quality Assurance Manager at PECB. He is an honour graduate of RIT in Economics & Statistics and Public Policy & Governance. Julian holds a diploma in Transitional Justice from the Regional School of Transitional Justice and is certified against ISO 9001 – Quality Management and ISO/IEC 27001- Information Security Management.

The post Predict, Survive, Grow | Business Continuity Management and Risk Management with ISO appeared first on ISO Update.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Management systems are designed to add value to the organization by saving resources, time, and money. PAS 99, developed according to the ISO standards for writing management system standards, is a single framework developed by the British Standards Institution (BSI) which assists in proficient management of all ISO certified systems. PAS 99 was developed in response to the need for a reference document for the implementation of a real and effective integrated management system. Prior to the publication of PAS 99, there was confusion in the market about what should be considered an integrated management system as organizations were only able to merge the reference documentation (manuals, procedures, etc). This approach was far from a real integrated management system and insufficient for many organizations.

PAS 99:2006 was created to enable organizations to integrate common management system requirements into one framework. PAS 99:2012 is based upon the structure of ISO Guide 83, and now sets a common structure to be followed by all management system standards moving forward.

PAS 99 is designed to be used by organizations that have a management system standard or are implementing various management system standards. It applies to organizations of all sizes and industries.

To integrate different management systems, some elements of the standards were restructured to enable easier integration of various management systems. The high-level structure as adopted by many of the new standards has the following elements:

  1.  Scope
  2. Normative Reference
  3. Terms and Definitions
  4. Context of the Organization
  5. Leadership
  6. Planning
  7. Support
  8. Operation
  9. Performance Evaluation
  10. Improvement
Benefits of PAS 99 Integrated Management Systems:

PAS 99 has gained success because it provides a great number of benefits to users.

Some of the benefits of implementing the PAS 99 system include, but are not limited to:

  1. Meet differently implemented standard requirements of your business with a single set of policies and procedures. This helps govern the standards in a more coherent and less cumbersome manner, which results in a more streamlined and smooth approach to meeting the multiple different requirements.
  2. A single audit can cover all the various management systems in place, providing a way to achieve the same end goal but with far fewer resources involved.
  3. Improve the overall efficiency of your business by systematically removing redundancy and duplicate tasks. The duplicate tasks with different targets are now replaced by singular tasks that cover all the different targets of the individual management systems.
  4. Roles and responsibilities are clearly defined with roles now being responsible for all the areas that have an overlap causing the merger of multiple roles into one. This new role will now be responsible for all the common objectives that were previously being looked after by multiple different roles.
  5. Continuously improve multiple management systems by providing an integrated overview of the systems which allows growth to be driven without handling and executing improvements on multiple disparate systems.
Implementation and certification of PAS 99 Integrated Management Systems:

PAS 99 can be tailored for specific business needs and can be built to suit any organization that utilizes multiple certified systems. The developers of your organization’s specific PAS 99 will help your management design and implement a tailored PAS 99 integrated management system. Then, your staff must be trained to ensure effective implementation of PAS 99. The type of training your staff receives can vary and is based on your organization’s specific needs.

In the process of getting PAS 99 certified you can expect the following:

1. Gap analysis

It is during a Gap Analysis that discrepancies between PAS 99 requirements and the organization’s existing integrated management system are assessed before any further formal assessment.

2. Formal Assessment

It is during a Formal Assessment that, firstly, your organization is assessed for preparedness for the assessment of PAS 99 controls and procedures. If there is any gap found, it will be communicated to you for rectification. Then, if the primary requirements are fulfilled, an assessment of the actual implementation of controls and procedures is carried out.

3. Certification and beyond

After the Formal Assessment, a PAS 99 certificate is issued having validity for three years and during this time the client manager of PAS 99’s developers would stay in touch with the user’s organization and would help in any improvements.

Compliance with this specification does not in itself ensure conformity with any other management system standards or specifications. The requirements of each management system standard will still need to be addressed to achieve certification. Organizations that wish to certify compliance with PAS 99, can do so to demonstrate that an effective integrated management system is in place.

The post PAS 99 Integrating Common Management Systems appeared first on ISO Update.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Contemporary marketplaces work in a highly competitive environment. It has become imperative for organizations to improve their business performance and stay ahead of their competition. Improving business performance requires cost reduction without compromising quality. Implementing ISO 9001 can help organizations easily improve their business performance. ISO 9001 is an international standard that defines requirements for Quality Management Systems. It has all the ingredients which can ensure that a business runs in the most optimized manner and improves its performance. Let’s explore how various aspects of ISO 9001 help achieve higher business performance.

How does ISO 9001 help improve business performance factors?

Business Performance is defined by product quality, waste control, cost reduction, competitiveness improvement, sales volume, and profitability. An ISO 9001 system ensures each of these factors improves with the implementation of requirements which are built-in to various clauses of the standard.

Product Quality

Product Quality and achievement of higher customer satisfaction is at the core of the ISO 9001 standard. ISO 9001 defines various controls within its clauses that ensure that an organization provides high-quality output to its clients and meet its customers’ expectations. Some of the ISO 9001 requirements that ensure these are:

  • Understanding the Context: ISO 9001 requires that an organization understands the requirements of all its interested parties and internal/external issues that are relevant to the organization while defining the scope of the Quality Management System. This ensures that the requirements of customers are well understood and catered to when defining the Quality Management System. ISO 9001 requires that top management actively involves themselves in defining the strategic direction and ensuring that the Quality Management System runs in conjunction with the business scenario and aligns with the companies’ long term and short-term objectives. Understanding the requirements of its customers and setting of objectives ensures that an organization understands the needs of its customers well and processes defined are more customer-centric.
  • Risk Management: Risk-based thinking is introduced in the new version of ISO 9001 and is an important tool to understand the risks involved in delivering a quality product/service to the customer and to take actions to address these risks.
  • Operational Controls: Various controls are built in the standard in various clauses to ensure all deliveries are reviewed and tested before it reaches the customer. Some of these are requirement/design reviews, quality inspections of both raw materials/final product, monitoring of suppliers, etc.
  • Resources and Infrastructure: ISO 9001 touches on all the aspects of a business and support systems required to ensure product quality to the customer. This includes infrastructure, communication, resources, both human resource and equipment/tools that may be required.
  • Data-Driven Approach: ISO 9001 is a standard that is driven by data and has efficient monitoring mechanisms applied. It requires that the organization defines its quality objectives and constantly improves on their performances. Organizations with a continuous focus on the quality objectives and with improvement in the goals, achieve their business objectives.
  • Process-Approach: ISO 9001 focuses on having a standard set of procedures and having streamlined processes in all departments of an organization. This ensures processes are repeated and produce the same quality of product every time. This approach provides the necessary controls that are required to keep the risks at an acceptable level and deliver a more consistent result.
  • Empowered and Engaged Employees: ISO 9001 also stresses having empowered and engaged employees, a suitable work environment, access to organizational knowledge and training. This helps to improve the overall morale of employees and employees put in their best efforts towards customer satisfaction and ensure better product quality.
Waste Control

To achieve higher business performance, waste control is important as it makes your processes leaner and more efficient and you deliver faster. This also ensures that the procedures are optimized and the product quality improves.

  • Non-Conforming Product/Process: ISO 9001 requirements define a very detailed approach for handling non-conforming product /processes. It requires that an organization analyse all aspects of the non-conformities and ensure that the non-conformities do not re-occur. This pro-active approach improves processes and reduces waste in the processes.
  • Continual Improvement: The new version of the ISO 9001 standard has captured various aspects of running a business beyond just a Quality Management System. It gives a framework or a tool to improve performance. ISO 9001 focuses on continual improvements which require that organizations explore various ways to improve the current set of processes and develop optimized ways of working.
Cost Reduction

Implementing ISO 9001 means that the business operates a set of consistent processes which are continuously improving with time. This brings in efficiency and you deliver more with the same set of resources. Waste control and lesser rework reduce the cost of deliveries.


Efficient risk management which is embedded in all the processes of the organization ensures that the organization has analysed business needs well. This reduces all risks due to external factors like competition, market, trends, technological advancements, etc. and improves business sustainability in a competitive marketplace. ISO 9001 also improves customers trust in the organization’s processes when an organization is ISO 9001 certified. ISO 9001 focuses on increasing customer satisfaction and working towards improving customer relationships at all levels. This itself improves the competitiveness of an organization as old customers are retained and new customers are introduced.

Sale Volume and Profitability

The overall increase in the reputation of the organization in the market due to excellent customer satisfaction and improved product deliveries brings in new business and increases sales volume. Reduced costs and increases in sales result in increased profitability in business.


ISO 9001 is all about: Improved product quality + process improvements.

Both of these factors, when implemented through the various clauses of ISO 9001, ensure that there is less waste in the system. This further ensures cost reduction. The reduced cost helps the organization to pass on better value to its customers. As you provide value to the customer within the same cost, the customer is “delighted” and you gain more business. Each delighted customer provides you with new references and your competitiveness improves. A surge in sales volume is what follows which increases your profitability. So, just by applying the ISO 9001 standard, you achieve higher business performance with improvement in all the parameters that define performance.

About the Author

Avital Koren is the Director of ISO Global

The post Implementing ISO 9001 Improves Business Performance appeared first on ISO Update.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

ISO 17021 is an International Standard that provides Certification Bodies (CB) with a set of requirements that will enable them to ensure that their management system certification process is carried out in a competent, consistent and impartial manner.

ISO 17021 Requirements for Certification Bodies - YouTube

The conformity assessments done by ISO 17021 certified CBs provide value to all types of organizations.
The conformity assessments done by ISO 17021 certified CBs provide value to all types of organizations.
ISO/IEC 17021 Conformity assessment — Requirements for bodies providing audit and certification of management systems, as it is officially called, was prepared by the ISO Committee on conformity assessment (CASCO) in 2006. It was developed to fulfil the need to have an International Standard that could facilitate the recognition of bodies that were performing conformity assessments and the acceptance of their certifications on a national and international basis; making it easier to recognize management system certification in the interests of international trade.

Read the full description of the standard at ISOUpdate.com/standards/iso17021

The post ISO 17021 Requirements for Certification Bodies – Video appeared first on ISO Update.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

When developing a Quality Management System, companies often struggle with the calibration requirement and the expectations that surround it. As a matter of fact, because it is misunderstood, people try to exclude it as fast as you can say calibration. Let us attempt to explain what calibration is, why it is important, what is required by ISO 9001:2015 and some common pitfalls while implementing this requirement. In this article, Factor Quality keeps it as simple and relatable as possible so you can easily understand the concept of Calibration and it’s importance.

“One accurate measurement is worth a thousand expert opinions.”

– Rear Admiral Grace Hopper

Why is Calibration important?

Let us give you 2 great examples of why calibration is such an important activity of your business:

  1. Imagine weighing 10 lbs. of screws and shipping it to a customer. 

When the customer receives it, they weigh the screws at 8 lbs. Expect this customer to complain. When they do, you will have to investigate what happened and resolve the matter promptly. So, what happened? Is your scale accurate? Is their scale accurate? The only thing that you know with certainty is that you have essentially cheated your customer unknowingly. Calibrating your tools and equipment should give you the confidence that your devices are measuring, in this case weighing, the way they are supposed to.

  1. You buy a piece of furniture that is supposed to fit at a specific spot at home.

Only to find out that when you put it together the furniture is too big for the area. It makes you wonder if the dimensions were published correctly or if the pieces of furniture were measured correctly.

Measurements can become more critical when we are talking about items in the medical, automotive & aerospace industries. A piston that is too heavy in racing can slow the car down. A part that does not measure as expected will not work in a satellite and potentially delay a launch. A catheter size change could potentially be damaging to a patient.

Calibration is needed to help us confirm that the measurements we perform are being done with accurate devices.

It is a concept that has been around shortly after civilizations were started. Measurements were needed to calculate weights and lengths for early trades- calibration was done of devices to ensure fair trade. As time went by and technology evolved other measurements and means to ensure accuracy were introduced.

As inventions have evolved over time the demand on accuracy has also increased. When we say “lighter, faster, better!” Somehow these items must be measured to validate the statement. If you think about it, calibration is quietly a key component of any economy and hence it ought to be considered a key component of businesses.

In this image, you will notice that at 1 inch, all rulers are measuring the same. But look at the 2- & 3-inch marks? They are all different. Which is the right measurement?

The quote by Rear Admiral Grace Hopper now makes more sense, right? It is extremely important to have a measuring device that you can rely on.

“One accurate measurement is worth a thousand expert opinions.”

Okay, I get it is important, but what is calibration?

Calibration simply put is ensuring a measurement meets a known standard.

So, let’s dissect this statement.

What do we mean by known standard? A known calibration standard.

What is a known calibration standard? An object with a universally recognized value (for example a centimetre, a millimetre, a kilo, etcetera). Normally these standards are traceable to a national agency. Here in the US, we use the National Institute of Standards and Technology, NIST. Therefore, most organizations in the USA use the term “NIST traceable” when speaking about their measurement devices.

How do you ensure it is meeting that standard?

The idea is that the device used (ruler, calliper, micrometre, scales, etcetera) gives you the certainty that your measurements are accurate. The act of calibrating means that you are verifying the tool to see if it meets those standards. If it does not meet the standard, then you will need to adjust, fix or scrap the item.

Since the introduction of Quality Systems calibration requirements have been present. In ISO 9001:2015, the requirement is called “Measurement Traceability” and calibration is a component of this requirement. It is written in such a manner that your company needs to first decide if “measurement traceability” is a requirement that applies to your company. It is quite possible to have businesses where no measurement devices are used (mostly service organizations). If that is the case, then you can deem the requirement as not applicable to the business.

For those companies that do have measuring devices then the question becomes “What items require calibration?” Normally we like to say that there are two categories:

  1. Equipment used to approve products- usually, this equipment that is carried by Quality personnel in the organization and it is used to determine if the product meets requirements at any point of the manufacturing or realization process. Not just final inspection.
  2. Equipment that is used to monitor a key factor in the process- a means to assure the process is performing as needed. An example of this can be a thermometer for a furnace where the temperature has been determined to be a critical factor in the process.
What are the ISO 9001 Requirements?

The intent of the calibration requirement is that, once you determined you have equipment/devices that need to be calibrated that you need to control it. What does this control mean?

It means that:

  1. you identify these devices, so you are aware of their calibration status;
  2. these devices are handled with care as not to affect their accuracy;
  3. you retain proof that these devices have indeed been calibrated.
Calibration Program Setting & Management

Managing a calibration program can be a costly expense to any business. Not only from the out-of-pocket expense of sending out items to get calibrated at a defined frequency but also the time it takes to manage the program. By the way, ISO 9001:2015 never defines the frequency of calibration for any given device. Some companies do counter the expense of external calibration by doing it themselves. Maintaining a calibration program can be achieved by using simple spreadsheets. We have seen software packages that help you manage, remind you and keep records of calibration activities. There are some calibration houses that have started offering “calibration data” solutions.

The most common pitfalls of calibration programs: 1. Dealing with out of tolerance items.

Many organizations do not deal with “Out of Tolerance” items. Small businesses are often happy to receive their calibration certificates and quickly file them without taking a close look at them. But if you do not read it properly, you might miss that the calibration house notified you about an item being out of tolerance. Luckily, nowadays the calibration companies do not only report it on the certificate, but they also provide a quote for the adjustment/ fix.

If you used an item that was out of tolerance you need to know the effects of the failure. People forget to analyze if the “Out of Tolerance” condition could have affected any of the measurements taken with the device. If the out of tolerance item does not affect your products then, no need to do more. However, if the out of tolerance device affects your product then you might have your hands full trying to figure out what product(s) were measured with the device and how far back in time you need to go to assess product quality. This might even have you recalling the product to ensure it is safe.

2. Proper handling of measurement devices.

For example, what if someone was to bump into equipment X and it falls onto the floor? Do you need to know as soon as it happens? Yes! It is extremely important to verify that the calibrated item still functions as expected. If not, you would have to deal with the consequences. Normally, months later, through a customer return/ complaint or through an Out of Tolerance condition detected at calibration that you will need to investigate. Another frequent calibration pitfall is that items are not identified properly to show their calibration status. Calibration stickers are the easiest way to identify your equipment and tools. The picture here is a snapshot of items you can find in google when searching for “calibration stickers”. You choose which best suits your organization and then start using it on all items that are calibrated. This is an easy way for everyone to know when to get the item calibrated.

3. Calibrated equipment missing proper identification.

Calibration stickers are the easiest way to identify your equipment and tools. The picture here is a snapshot of items you can find in google when searching for “calibration stickers”. You choose which best suits your organization and then start using it on all items that are calibrated. This is an easy way for everyone to know when to get the item calibrated.

Some companies identify measuring devices with stickers that state “For Reference Only”. This is an acceptable practice if the device is not being used to determine if the product/ test is viable or not. The litmus test comes when auditors ask the employee how they use device “X” and what decisions they might make based on the device readings.

Now granted calibration stickers can fall off, especially if the devices are being used in an environment where the stickers are being exposed to chemicals or are prone to wear due to use. So, some companies keep the status of their calibrations using alternate methods. Which is fine, but you must prove that they make sense for your organization.

Need More Help?

We understand that you might still have questions at the end of this blog and might not know where to start when creating your calibration system.

Don’t stress! We get it!

Factor Quality is here to help!

We can come in or meet online and check if your organization is calibrating the right items and controlling them correctly? We have vast experience setting up calibration systems that make sense and are sustainable. One size does not fit all and we are here to help you determine what fits your organization.

Check out our Process Improvements services but remember that we can always add a la carte services to ensure more value for you. We are not about just charging you money, we are here to ensure we make your QMS better. That is our goal.

About the Author

Pierre Servan | CEO, Principal Consultant, Factor Quality Inc.

Factor Quality was founded in 2011, with a vision to help fix quality issues, improve businesses, and help them get certified. Pierre never thought he would encounter such a rewarding industry with clients that appreciated his work, students that appreciated his words, partners that helped him and consultants/colleagues that appreciated him and what he had to say. Today, Factor Quality helps organizations take the next step in their quality journey and service the following certification: ISO 9001, ISO 14001, ISO 13485, ISO 16949, ISO 17025, ISO 45001, AS9100, AS9110 & AS9120. If you are interested in learning more about Factory Quality, visit them at www.factorquality.com/

The post Calibration Explained – Why is Calibration Important? appeared first on ISO Update.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

ISO Management Systems consider Interested Parties an essential element in the success of any business. Interested parties, also referred to as Stakeholders must be managed in order to obtain and retain their support. Additionally, many ISO Management Standards including; ISO 9001, ISO 14001, and ISO 45001, require organizations to understand and manage the interests and expectations of their Interested Parties as part of the certification process.

What are Interested Parties | Stakeholders in ISO 9001:2015 - YouTube

Most organizations have many Interested Parties. Determining which are the most relevant is a critical step towards developing a plan to prioritize and manage them.

How can an organization begin this process? Read the full article here!

The post What are Interested Parties | Stakeholders in ISO 9001:2015 – Video appeared first on ISO Update.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 
ISO Update Blog by Isoupdate.com - 1M ago

What is ISO?

ISO, or the International Organization for Standardization, is a non-governmental international organization that develops, through consensus, voluntary, market-relevant international standards with the aim of supporting innovative thinking and practices and providing solutions to global challenges. Through international standards, ISO provides specifications for products, services and systems to ensure quality, safety and efficiency, and are instrumental in facilitating international trade.

In short, ISO sets a standard for how companies produce their product or service and manage their organization to ensure that what you expect from an organization is what you receive. Download the information PDF from ISO here to learn more about the history of ISO. 

Creating and implementing a Management System (MS) first requires choosing a standard, or set of requirements, to structure your system upon. Consider this the solid foundation that your MS is built on.

These standards are the key to creating an MS that properly delivers its promise to establish and improve upon efficiency and excellence. One such standard is ISO 9001, the internationally accepted standard for Quality Management Systems.

What is a Quality Management System?

Organizational operations are typically dictated by ideas centered on their customers. This includes customer satisfaction and customer service, as well as the need for offering products or services that meet certain standards and requirements that customers expect.

A Quality Management System, or QMS, is a compilation of diverse business processes that aims to fulfil customer requirements and deliver customer satisfaction. The QMS is a formal list of procedures, policies, responsibilities and organizational goals to ensure the organization is efficient and effective. The QMS aids a company’s aspirations towards improving efficiency and lowering costs, streamlining processes, creating organization-wide direction for employees and reducing wasted time, money and manpower.

A properly implemented QMS will help your company meet organizational requirements and achieve your vision, as well as satisfy your customers by fulfilling their expectations.

Who Needs ISO 9001?

The nature of ISO 9001 is to provide guidelines for quality management systems that aren’t specific to any single industry or category of work. Because of this, ISO 9001 can be used by any organization, in any industry.

ISO 9001 is currently used by over 1.5 million organizations in 191 countries, and the nature of ISO 9001 means it is inclusive to all sizes of organizations. Whether your organization has 2 workers or 2 million, ISO 9001 will improve your business through a process approach and increased efficiencies.

It is important to note that ISO 9001 is not a product standard. It does not define product quality.  This is a process-based standard: you use it to control your processes so that your end product will meet your desired outcomes. https://the9000store.com/what-are-iso-9000-standards/what-is-iso-9001/

Understanding the diverse nature involving risks and the specific requirements of certain industries, ISO 9001 has a small group of sector-specific applications for the standard, including:

ISO 13485 – Medical Devices

ISO 17582– Electoral organizations at all levels of government

ISO 18091– Local government

ISO/TS 22163– Business management system requirements for rail organizations

ISO/TS 29001– Petroleum, petrochemical and natural gas industries

ISO/IEC 90003– Software Engineering

Your organization should consider achieving ISO 9001 certification if your organization wants to:

  • gain international credibility;
  • work with international suppliers;
  • improve the consistency of operations;
  • improve the company or product quality;
  • increase customer satisfaction and trust;
  • focus management and employees;
  • reduce waste and save money
How Can my Organization become ISO 9001 certified?

ISO does not directly provide certification for any standards. But, if it is not possible for an organization to be certified by ISO, who awards the certifications?

Organizations must use third-party Management Systems Certification Bodies to achieve certification for an ISO standard.

Certification Bodies Role in Certification to ISO 9001

The Committee on Conformity Assessment (CASCO) is the ISO committee that works on issues relating to conformity assessment. CASCO develops policy and publishes standards related to conformity assessment, it does not perform conformity assessment activities. Countries have governing bodies that provide accreditation to Certification Bodies. An accredited Certification Body (CB) has achieved accreditation from an Accreditation Body.

Finding an accredited Certification Body for standards like ISO 9001 can be done either by contacting the National Accreditation Body in your region or by visiting the International Accreditation Forum (IAF) https://www.iaf.nu/.

If your Certification Body is not accredited to ISO 17021 by an IAF Member Accreditation Body, your ISO 9001 certification will not be internationally recognized.

These factors must be taken into consideration before settling on an organization of your choosing for the certification of your company. When you are looking into organizations who are certified to ISO 9001, or at Certification Bodies to issue your ISO 9001 certificate, do your due diligence and ask if they are accredited to ISO 17021 and a member of the IAF. Most accredited Certification Bodies will advertise their accreditation on their website, so look out for the IAF logo.

What are the Requirements for ISO 9001 Certification?

Before your organization can begin the steps towards certification, your QMS must be in place and functioning. It is at this stage that you could consider bringing in an ISO consultant to assess your organization and provide industry experience and expertise for implementing your system.

Once your system is in place, and effective, an auditor from your selected Certification Body will perform a Stage 1 audit to determine your readiness for a Stage 2 Certification Audit. During your Stage 1 Audit, your Certification Body will review your management system’s documented information, evaluate site-specific conditions and have a discussion with employees. The auditor will determine if objectives, KPI’s or significant aspects are in place and understood. They will review the scope of the QMS and obtain information on your processes and operations, equipment in use, levels of control established, as well as applicable statutory or regulatory requirements. Internal audits and management reviews will be evaluated to ensure they are being planned and performed and the overall level of implementation of the management system will be assessed to determine if you are ready to move forward with the Stage 2 Certification Audit.

The Stage 2 Audit evaluates the implementation and effectiveness of the organization’s management system. During this audit, the Certification Body will determine the degree of compliance with the standard’s requirements and report any non-conformances that the organization will have to correct before the certificate of registration can be issued. If the Stage 2 audit is successful, the organization’s management system will be certified. http://isoupdate.com/resources/exploring-stage-1-and-stage-2-audits/

How Much Does ISO 9001 Certification Cost?

Because ISO 9001 certification is issued by an external Certification Body, the exact cost associated with the certification does vary. Accredited Certification Bodies must follow strict requirements for quoting certification activities. These costs are based on an organization’s employee count, the level of risk associated with the product/service being provided under the management system, and how many locations are being certified.

There are two types of costs associated with the certification: implementation and certification.

Implementation of a QMS that conforms ISO 9001 may be quite costly depending on your current practices, the nature of your business, your process design and employee awareness.


The general opinion of standards and certification is that the benefits outweigh any and all costs involved with audits and implementation. As a guide, a recent study undertaken through the American Society for Quality (ASQ) showed that for every $1 spent on your QMS, you could expect to see an additional $6 in revenue, a $16 reduction in costs, and a $3 increase in profits. On average, they saw that quality management reduced costs by 4.8%

Learn more about the ROI of Quality 

The post What is ISO 9001? appeared first on ISO Update.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

When running an ISO 9001 certified quality management system (QMS), you need to ensure that the QMS and its effectiveness are consistently reviewed for effectiveness. Doing so allows your organization to better understand the processes and ensure they are performing at peak effectiveness. An integral part of the ISO 9001 standard is continual improvement via internal and external audits and annual reviews.

Management reviews work to prepare your organization for external audits as well as to ensure that ISO 9001 is being implemented and utilized to its best capacity.

An effective management meeting reviews current management and operational performance data, and if the need is identified, improves upon company measures.

Plain English Guide to ISO 9001:2015 Terms from Praxiom

Getting the most out of your Management Review

In ISO 9001:2015, section 5 outlines that the accountability for effective deployment of the QMS ultimately rests upon upper management. There is ambiguity though as the standard does not detail who owns the responsibility to schedule reviews, only that they must be planned. When making efforts to improve upon management reviews, you need to plan and prepare for them in advance. These meetings are required on an annual basis but can be held more frequently according to company preferences.

Learn more about how often you should be having internal audits for compliance

Steps to take Prior to your management review:

If you decide your organization should have multiple management reviews per year, it is a good idea to dedicate each meeting to a specific section of the system and split the work into more manageable tasks.  Setting dates, locations, and an agenda to direct the discussion is advantageous. ISO 9001:2015 also requires you to formally document these meetings.

Important note: Documenting a list of attendees is a good practice.

Ensure that you cover all the topics in the ISO standard you are certified to. The best way to do this is to produce a detailed agenda which lists the topics to be addressed during the meeting; this is particularly helpful to keep track of multiple reviews during the year.

The attendees must include the senior management team, but others can be included to discuss more specific issues. For example, specific processes that directly relate to certain employees or teams should have a representative present to ensure communication and changes are well received.

Management Review meetings should include the following:

  • Discussion on issues previously discussed in meetings, as well as a review of the effectiveness of any actions taken as a result of past meetings; 
  • Any updates to current external and internal issues affecting the Management System;
  • Review of available resources and their adequacy;
  • An examination of the overall performance of the Management System – including a discussion on possible updates and improvements.

Read more about the Audit Report from the perspective of Management from The Auditor Online.

Steps to Take During your Management Review

As per the requirements of ISO 9001:2015, minutes must be taken on behalf of all individuals attending management review meetings to document the discussion. Minutes must be descriptive and understood by an observer, as they will be made available to third-parties who were not present during the meeting.

Another good idea for increasing efficiency is to examine previous data or evidence. Examples of this could include minutes of the last review meeting, management system documentation, audit reports (both internal and external), policies, etc.

For continuous improvement, your organization needs to note trends affecting your business, as they can point to recurring issues that could be preventable. Current trends can also highlight issues that might not affect your company for the time being but might be consequential in the future. Areas such as requirements of potential business partners, compliance with legislation, and complaint records should be addressed.

Steps to take after your Management Review

Minutes should be distributed to the appropriate staff members, especially if changes or revisions have been made to company systems. This is done to ensure all staff are informed and conform to the updated system.

Management Review Checklist

While having a detailed agenda during the review is helpful, having access to a professional review template or checklist is extremely beneficial to ensure your management review is effective and compliant with ISO 9001. Below are sample templates from trusted sources who have taken the time to create generic templates for you to review and tailor to your organization. Use these as a guide during your own company Management Reviews.

Management Review Template from SAI Global – Click Here

Management Review Template from Sample Templates – Click Here

The post Management Reviews – Your Responsibilities appeared first on ISO Update.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 
Understanding ISO 55001

ISO 55001 lays down the prerequisites for an asset management system. It gives a framework for the establishment and regulation of objectives, policies, processes, governances, and facilities involved in any organization’s pursuit of their goals and objectives. The standard highlights the necessity of having a management system.

ISO 55001 does not include or specify any financial, technical, or accounting needs for managing various types of assets.

ISO 55001 uses an organized and effective system for driving ongoing improvement and creation of value.

This is possible by effectively managing all assets and the costs, risks, and performances related to these assets.

ISO 55001 is complemented by the two other additions in this category namely ISO 55002 and 55000. They provide the principles, overviews, application, guidance and terminology.

Understanding Strategic Asset Management - YouTube

Read the full article on ISO 55001

The post Understanding ISO 55001 – Video appeared first on ISO Update.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

By Pierre Servan CEO, Principal Consultant, Factor Quality Inc.

Do I need Document Control?

In my years of performing third party Quality Management System (QMS) audits, gap assessments and internal audits, a common question about document control people ask is:

 “Do I need to control this document?”

Over the years I’ve noticed Document Control has received “a bad reputation” in quality circles.  It does not matter if it’s a procedure, work instruction, or form; One of these pesky documents is bound to be in the wrong place at the wrong time.

Recently, I have noticed that these document control issues are decreasing due to new tech solutions that help organizations manage documents. Nevertheless, the question persists, “to control or not control a document?”

Sponsored Article

Are you looking for recommendations for Quality software? Factor Quality has the experience you need for options you can rely on. Contact us Today!

To Control or not Control a Document?

Without dwelling in the details of ISO 9001 requirements regarding document control and in the spirit of keeping it simple, the intent of the standard’s requirement is straightforward. The aim of the standard is once your organization determines the need for a document (i.e. means to convey critical information or template to collect data) then logic dictates that you want to make it available to those who need it and want to make sure the information is always accurate.

“Document Control is having a way to ensure that information remains relevant, up-to-date, accessible and aligned to the strategy”. – Pierre Survan, Factor Quality

ISO 9001 does not handcuff organizations in dictating specific required procedures. Each organization is free to decide what documents need to be created and controlled.

The expectation is that when you make the decision you ensure the document aligns with the nature of the business and any requirements that need to be met.

Thou shall not use the standard’s name in vain

The ISO gives general rules for document control, that when used appropriately, do help businesses.

At Factor Quality, we’ve heard statements about document control such as:

“This document cannot be used because it is not in an ISO format.”

“That document requires to be approved by two supervisors, a manager and the CEO per ISO requirements.”

“That document is missing a document #, what section of the standard it belongs to so that I know how to number it.”

“That document is only important to our department, so it does not need to be controlled.”

Did you know ISO provides a general requirement for organizations, it does not tell you how many approvers certain documents need to have?

Nor does it prescribe a document format or a document ID# (i.e. QAP-1001ab). These are misconceptions that have been circulating for a long time.

Let’s clear some misconceptions:

  1. ISO 9001 does not establish a minimum of approvals required,
  2. ISO 9001 it does not provide a format for documents nor does it require you to have a document number.

“In my opinion, the “bad rep” of document control has mostly been driven by the way companies have decided to control their documents and some lack of understanding of the standard, leaving many confused and somewhat irritated. All these requirements are self-imposed by each organization. The company defines the policy of how many approvers are needed for documents, what type of format is to be used and how to identify it.” – Pierre Survan, Factor Quality

Important Note: Stay Curious and Question Decision Making – If you don’t like current document control methods within your organization, ask the owners of document control why they consider the current method correct. And under no circumstance should you accept “Because ISO requires it,” as an answer.

How Do We Control Documents?

While ISO 9001 does not mandate specific formats, identifier or number of approvals, the documents created for the organization must meet a certain set of criteria to be considered as controlled effectively.

Remember –when you create a document you need to make sure the correct version is available to all in the business.

Requirements You Need to be Aware of with ISO 9001 Documents can be in any media

“Any Media” means document scan be written in paper, electronic, even video formats. The documents can be written, pictorials, flow charts, or a combination of these. Just remember it needs to make sense to your organization.

Documents Need to be Identified

There is no need to have document numbers unless you believe these are needed and are helpful to your business. A simple identifier is the title of the document and if this appears in the footer or header of each page, the document is indeed identified.

Documents Need to be Approved

Designate a person or group of people with the authority to determine suitability for your business. Ideally, that person is always aligned to the strategic direction of the business and understands the implications of such a document.

Documents Need to be Controlled
  • Version Control: Documents must have an identifiable version visible throughout the document. This allows you to determine if the right version of the document is being used. The version can be alphanumeric or by date.
  • Distribution Control: Documents must be made available and accessible for use. They need to be maintained in a manner so points of use can be readily updated when changes occur, that only authorized changes are made, and documents remain legible over time.
Keeping Document Control Effective

Over the years some of the most infamous controls deployed by overly careful document control administrators have been:

  • Document Stamps: Stamps showing the document status such as: “Reference Only,” “Uncontrolled,” “Not a Controlled Document,” “Master Copy,” etc.
  • Footer Controls: “Not valid if printed,” “Check system for latest version,” “Not valid after 24 Hours,” etc.
  • Watermark Controls: Using watermark to notate “Draft”, “Controlled”, “Uncontrolled”, etc.

All these are methods of control but can be misunderstood by those using them. For example, could you have the correct stamp, footer, or watermark, but have no way to ensure that people do not change the document, even on accident? Can these controls show that the document approvals were adequate? Can a stamp prevent someone from receiving an outdated version of the process?

Do not assume that if the correct stamp, footer, or watermark is used, that is enough to demonstrate robust document controls.

Remember, these are just controls and as such, auditors will always check for effectiveness.

It doesn’t matter how big and bright the stamp, footer, or watermark is – when evaluating Document Control, auditors will consider valid the document the employee/operator points or shows.

What is the Most Common Document Control Issue When Employees are Asked: “What Document do you Use?”

“Employees proudly say, ’this one’, as they pull it out from their toolbox or desk drawer, and in most cases, these copies are out of date”. – Pierre Survan, Factor Quality

Summary of document control

Document Control’s purpose is to help the business document those items that are critical to its own functionality. 

These documents should align with the strategy and help the business meet requirements in a consistent manner.

How much or how little you control these documents is a decision made by each company.

At Factor Quality, our best advice is to Keep it Simple! The well-being of the organization should always be put before the need of a group or department. Make sure every document is needed, because when a document is really needed it will be easy to control, maintain and keep relevant.

Document control structures can be reviewed, revamped and reset during the lifetime of a Quality Management System. Organizations should review their systems and ensure that they are leveraging existing and available resources to support their own documented systems. Factor Quality is here to guide you through this unpopular mythical creature called Document Control without Process Improvement Services. We have experience using several document control systems, from software solutions to self-contained systems, we can recommend the best simple, but effective solution for your business.

Let us help you set a new document control structure or revamp your current system to its most effective. Take advantage of our knowledge in the industry! This article was originally published here by Factor Quality and has been published on ISOUpdate with permission from Pierre Servan.

About the Author

Pierre Servan | CEO, Principal Consultant, Factor Quality Inc.

Factor Quality was founded in 2011, with a vision to help fix quality issues, improve businesses, and help them get certified. Pierre never thought he would encounter such a rewarding industry with clients that appreciated his work, students that appreciated his words, partners that helped him and consultants/colleagues that appreciated him and what he had to say. Today, Factor Quality helps organizations take the next step in their quality journey and service the following certification: ISO 9001, ISO 14001, ISO 13485, ISO 16949, ISO 17025, ISO 45001, AS9100, AS9110 & AS9120. If you are interested in learning more about Factory Quality, visit them at www.factorquality.com/

The post Document Control ISO 9001:2015 Explained appeared first on ISO Update.

Read Full Article

Read for later

Articles marked as Favorite are saved for later viewing.
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Separate tags by commas
To access this feature, please upgrade your account.
Start your free month
Free Preview