ISO 9000 Certification

man in a suit writing on a notepad
••• Johnny Magnusson

In recent years many companies have been through the experience of becoming ISO 9000 certified. Sometimes this can be a long and expensive process, but businesses are willing to go through certification for the benefits it brings. However, each company is unique and management should carefully consider the reasons why they want to become ISO 9000 certified and what the benefits to the business will be.

The ISO 9000 certification was first published in 1987 based on the BS 5750 series of standards introduced by the British Standards Institute (BSI) in the 1970s. As of 2009, the ISO organization estimates that over one million companies had been ISO 9000 certified, with a quarter of those being from China.

In the 1990s, companies carried out ISO 9000 certifications for reasons that may not have benefited their business. The rush to become ISO 9000 certified was driven in some respects by not wanting to be the only company not to be certified. Firms were carrying out certification because their competitors were and not because their business would improve. In the current economic climate, companies are carefully considering whether ISO 9000 certification is something they will benefit from. The reasons for certification should be weighed against the benefits certification would bring.

The major reason a company would consider ISO 9000 certification is that is a requirement of one of their customers or potential customers. If a company’s major customer was to require that all their suppliers were to be certified then it would obviously in a company’s best interest to pursue ISO 9000 certification. This would also be the case is a potential customer had the same requirement.

Another significant reason why a company should consider ISO 9000 certification is that it can improve the efficiency of the company. ISO 9000 certification can help a company to streamline and order its processes, which will make a company more efficient.

In order for a company to become ISO 9000 certified there are a number of activities that must be performed regardless of the size or type of company. The first and most important of these activities is to have senior management commitment. Without having senior managers driving the process, ISO 9000 certification is difficult to achieve. This commitment should not just be present at the commencement of the certification process, but at each and every step, giving guidance and support in the form of a steering committee. Many companies have failed in the certification process due to lack of support by top management.

When the management have committed to the certification process then it is vitally important to train the company’s staff on the ISO 9000 process. From there key personnel can be selected and trained to be the company’s internal auditors for the certification process.

The next step is to prepare a quality policy manual for the company. This manual should reflect the elements of the ISO 9000 requirements that apply to the company. It is important to ensure that the requirements are fully understood before the quality policy manual is developed. The quality policy manual should include operating procedures that identify functions within the company and the responsible personnel for those functions. The quality policy manual is then reviewed by the company’s assigned internal auditors for compliance with the ISO 9000 regulations. If the audit finds any issues then corrective action can be scheduled and amendments made to the procedures. Once an internal audit has found that there are no longer any corrective actions required, the company can select an ISO registrar or certification body. Selection of a registrar is critical to reducing the cost of the ISO 9000 external certification audits. Registrars have different costs and it's prudent for a company to select a registrar based on the company’s needs. It is sometimes not necessary to hire the largest or most expensive registrar when a local registrar would be sufficient.

When a company hires a registrar, it will usually include the registration audit and surveillance audits. The Registration Audit is the initial audit that will be done to see if a company will achieve registration. A company will agree upon the audit process with the registrar. A pre-assessment audit is ​performed and any corrective action taken. Once there are no more corrective actions, the registration audit can be performed. If the registration audit does not flag any corrective actions, the ISO registration is complete. After a company has its registration, the registrar will come back approximately every six months or year to see if the firm is maintaining its system and continuing to meet the requirements of the standard.