How to get ISO-9000 certification for your organization

This article may be useful for a Quality Assurance person to champion the efforts in getting his/her organization ISO-9000 certified. It does not assume the reader to have any previous knowledge regarding ISO standards. As such any aspiring professional who wants to excel in the field of Quality Assurance may benefit by reading this.

We had used "Smartworks" as a vehicle to speed up our process of getting an ISO-9000 certification for our organization. However one can use any other similar tool to achieve the same objective.

What is ISO-9000 ?

The standards are issued by the International Organization of Standardization (ISO),which is an international agency, founded in 1946 in Geneva, Switzerland. ISO was formed to promote the development of international standards and facilitate the exchange of goods and services worldwide.

ISO-9000 is an International standard for quality system. A model for Design, Development Production, Installation and Servicing. It Emphasizes documented QMS (Quality management system), Compliance and documented evidence of compliance.

The three models of ISO 9000 series are

-    ISO 9001 :- Quality Systems - Model for Quality Assurance in Design/Development, Production, Installation and Servicing.

-    ISO 9002 :- Quality Systems - Model for Quality Assurance in Production and Installation

-   ISO 9003 :- Quality Systems - Model for Quality Assurance in Final Inspection and Test.


Why ISO-9000 ?

There are several reasons for a company to go in for a certification such as ISO-9000. In my opinion following would be the principal driving factors for an organization to go in for a certification process :

Ripple effect - Customers specify as a part of contractual requirement.
 Increases Marketability of the Company.
 Improved product quality.
 Financial benefits (Cost savings).
 Competitive edge
 Increased employee morale due to reduced “gray areas”.

What is the Essence of ISO-9000 ?

The essence of ISO-9000 is simple. It expects the following from an organization

Plan & Document what you do.
 Do what you document & Record What you did.
Check the results
Act on the difference
Do this periodically


The Elements of ISO-9000

The twenty elements of ISO-9001 Quality System are

Management responsibility
Quality System
 Contract Review
 Design control
 Document & Data Control
 Purchasing
 Control of Customer Supplied Product
 Product ID & Traceability
 Process Control
 Inspection & Testing
 Control of Inspection, Measuring & Test Equipment
 Inspection & Test Status
 Control of Non-conforming product
 Corrective & Preventive Action
 Handling, Storage, Packaging & delivery
 Control of Quality Records
 Internal Quality Audits
 Training
Servicing
 Statistical Techniques

How to get ISO-9000 ?

The two phases of ISO-9000 certification are

1. Documentation
 2. Certification.

Documentation

The documentation involves procedures, standards and forms, which can be done in house (or by the help of a consultant).
 An Organization needs to develop a documented quality system, which satisfies the requirements of the chosen ISO model. The organization needs to implement this quality system. Audit of the implementation needs to be done regularly and in a timely fashion. Preventive and corrective actions need to be identified and taken.

The approach to get ISO-9001

Define the quality policy and ensure the quality management systems are effective. The quality policy needs to be imbibed by everyone in the organization. Hence define your quality policy in simple terms and try to cover all the aspects of your business as quality permeates every aspect of your business. 
In order to start, you can use your favorite internet search engine to get sample quality policies of organizations similar to yours. Remember, it is only for a start. Unless the top level management believes every word written in the quality policy, it would be difficult for the rest of the organization to buy it.

I reproduce our organization's quality policy for your reference

We believe that the customer satisfaction and trust are fundamental to our success. We shall strive to achieve this b delivering high quality products and services to our customers, both external and internal, in accordance with agreed upon requirements and budget.

We commit to achieve quality by creating a work environment that encourages our employees and suppliers to focus on defect prevention rather than detection.

We believe in continuous improvement and shall constantly monitor our processes and skills and make effective improvement on them.

Once you have drafted a quality policy for your organization, you may do the following;

 Define the quality objectives for the company
State the mission of the company by defining the Scope within which it is operated.
 Define the life cycle of the product / project, derive the standards and procedures needed to achieve and maintain quality.
Plan for the activity, involving every member of the organization
 Implement the quality management systems, the three levels of documents are

1.Quality Manual

2.Procedures

3.Standards, forms and quality records.

Identify the key process areas for your company and prepare the procedures and standards to maintain the quality system.
Monitor the quality management system and ensure it is effective in maintaining the quality policy, take necessary corrective and preventive actions if required.

ISO-900 Certification:-

The certification is done by an agency accredited in this regard.

Some tips for Selecting a Certification Agency.

1.The certification agency should be independent of your organization. No training or the consultancy should have at any stage be taken from the certification body or their assessors in any capacity.

2.The certification agency should have sufficient experience in certifying companies operating in a similar business situation and environment as yours.

3.The certification agencies have a scope with in which they can operate and give accredited certificates. You must ensure that your product or service does fall into their accredited scopes.

4. Track record of the certification agency is also critical for you to establish trust. All certification bodies have a code of ethics and practices by which they should at all times be fair and impartial. Assessment should be a learning exercise and of benefit to the organization in more than just getting a certificate.

5.The certification agency should be accredited to EN 45012 ( or equivalent) which is the standard applicable to them and the standards they should be conforming to are ISO 10011-I,II,III.

6.The accrediting board is in which country and if that does coincide with the country to which you have an export market or potential, if not then at least if any bilateral agreements existing to ensure no need for re-certification tomorrow by another agency.

7.The geographical coverage of the organization. The probability of its acceptance internationally is more if it is international.

Duration for Certification

Most assessors (certification bodies) require a minimum of about three months from the formal implementation date of the quality system to the certification audit. It is necessary to have completed at least one complete internal audit of all parts of the system and taken necessary corrective action and preventive action. At least one management review must have taken place after the audit and its decisions proved effective. This enables the company to identify problems and to solve them before the assessor finds them.

Our experience in getting ISO-9000 certification

When our organization decided to go in for ISO certification, a team was formed involving every member of the company in deriving the standards and procedures.

The most difficult task was tracking the activities, monitoring the progress.

Keeping track of the ongoing activities became very difficult as we had 60 procedures and 15 formats to be prepared in total, designed by 60 teams and verified by another 60 members approximately.

The action plan began by assigning a procedure to be designed by every responsible member with an end date mentioned for completion. The "Project Planner" plug-in of Smartworks was used to plan all the activities related to ISO-9000 certification.

Smartworks helped us in meeting all the challenges of powerful tracking system. It aided me in monitoring the progress from my desk, which facilitated me in taking action ahead of the due date.

The verifier had access to the latest document (available as an attachment ) which he verified and released to the quality dept.

This was all mainly possible because of the early warning messages sent to the individuals to take action before the due date. The entire organization was aware of the progress and motivated to their goal as the progress was well seen from the Project Planner available on each desktop.

The latest Procedure or Standards are available for everybody across the company for reference also the forms can be downloaded if required, which is available as attachment against each task.

Hence Project Planner (A plug-in of Smartworks)  provided me the excellent tool in achieving ISO, by assisting in tracking the activities, by helping me to monitor the progress, by looking at the gantt chart, I  was able to view the overall progress from my desktop 

The journey towards certification is half completed by planning accordingly and assigning responsibility and seeing to that the task is completed.

How Smartworks helped us

I would like to share with you how some of the general problems I faced during audits, review meetings, optimizing, etc were solved using Smartworks.

As you know the documentation and documented evidence of compliance covers the major activity in maintaining Quality System.
I observed against each activity the relevant document can be attached in Project Planner and all could refer the latest document. The most interesting part is I can now conduct audit from my desk, as all the documents are available in Project Planner.

Using Smartworks has now reduced lot of paper work.

Maintenance of results and records for necessary action taken for

a) Design and development verification (Clause 7.3.5)

b) Design and development validation (Clause 7.3.6)

c) Control of design and development changes (Clause 7.3.7)

This was really a tedious and cumbersome task.

The evidence of verification, validation and control of changes had to be maintained for three years for analyses by the management. This was a daunting task, which was easily solved by the Smart tracker of Smartworks.

This Defects list above gives the report number, which is a unique id traceable across all the quality related documents.

This list indicates the status of the defects filed, the type of the defects. On double clicking the mouse cursor at a particular defect we get all the details relevant to the defect.

The submitter submits the defect / enhancement. The project leader assigns the solver, which is later verified by the verifier. Hence this loop is closed giving evidence for the action taken.

The Smart tracker can be effectively used for verification, validation and control the design changes as well as in providing a proof for closing the issue either be a defect or an enhancement.

The challenges like corrective and preventive action and evidence of compliance, which is later measured and analyzed.

Consider a particular scenario like the audit non-conformities filed by the auditor and the necessary corrective and preventive action to be taken by the responsible person.

The problem faced here was having the records of the results of action taken (Clause 8.5.2  e..) , reviewing and evaluating the need for corrective action.

The Smart tracker of Smartworks helped us in filing corrective and preventive action against the key process area, which provided the record for having taken the action.

Finally verified by the Quality Auditor, this way all action taken is traced for compliance to the Quality System.

One of my toughest responsibility as the management representative is to present the metrics to the management regularly, where in proper analyses were made   and necessary action taken for improvement.

It was here I had to present the status of different projects with accurate proofs and documents.

Some of the metrics like Defects per kloc (kilo lines of code), Time taken to solve the customer complaints by the project leader, Time taken to solve employee suggestion or complaints, Planned delivery vs actual delivery etc., which were sensitive issues normally taken as a personal attack required accurate chart to report to the management.

It was here that the Smartworks tools, which had quality metrics plug-in, helped us a lot, the data was collected from Smart tracker, where the defects were filed by the developer and subsequently closed by the verifier when it was solved.

This helped in measuring the time taken to solve a particular defect type, and how many defects were observed in a particular module.

The Project Planner helped us in measuring the delay in delivery if any, and analyzing the same.As the data collected was based on the inputs keyed in by the developer or project leader, it was easy to avoid conflicts.

Hence metrics measurement was very convenient and later we used the findings  at the management review meeting to improve the process or take any corrective action if necessary.

I am providing a  few sample charts from the Smartworks Metric plugin.

a) Functional area (Module) vs defects.

The present version of the Smartworks does not support metrics like defects per kloc. However to be more useful to a Quality Assurance person , I would like Smartworks to implement this feature as soon as possible.

 

Shyamala heads the Quality Assurance effort at Accord Software & Systems. She is responsible for ensuring Accord to continuously improve its procedures and processes to ensure that it always delivers quality products. You can reach the author at http://www.smartworks.us/htm/feedback.htm

.