Once you have gone through the process of becoming ISO 9001 certified you will want to stay certified. Many organizations have made the mistake of thinking once the certification process is completed they are not required to do anything. However, their certification can be revoked if they fail to continue to abide by the requirements set out in ISO 9001. Misconduct and violations of the standard requirements can happen when an organization does not follow its own documented information or fails to update the information accordingly.
To prevent such occasions arising, and part of the Plan, Do, Check and Act model of ISO 9001, organizations are required to regularly take part in several programs. The first two programs are ‘management review’ and ‘analysis of data’. These are part of the Do step of the PDCA model. Data does not necessarily mean figures and information but the output of processes. When management analyses these outputs, they identify opportunities for improvement and actions to continue satisfying customer requirements.
The check aspect of the PDCA requires the auditing of the organization to assure the senior management that the processes currently being used conform to the plan standards. This will also help them identify areas for improvement and create a corrective plan. Auditing processes allow management to ask ‘why; and ‘what if’. These questions allow management to determine why something did not go as planned, or what if an improvement was made, how would this better the process. The period between audits varies from business to business depending on the complexity of the procedures, and the regularity in which process as updated. For some organizations, this may be a yearly thing, while for others it could be every 5 years. Audits can be required ahead of schedule if there are new revisions of ISO 9001 due to come into effect.
Additionally, if an organization takes on new staff they need to ascertain they are trained in the most recent procedures, with up to date documented information. This prevents future problems with violating the standard by using outdated documentation that may not conform to the standard.
Documenting information does not need to be overly complicated, it just needs to be easily understood and clearly identify the interaction between various processes required to operate the business. If employees struggle to understand the documentation, or feel overloaded with the amount of documentation associated with their roles they may feel less engaged with sticking with the ISO 9001 requirements. Thus, putting the organization at risk of violating the standard. Managers need to constantly stay engaged with their employees, listen to the feedback, and suggest corrective plans to make the standard easier to implement and gain employees attention.
When implementing ISO 9001 correctly it is very difficult to lose your certification, it is when the documentation is placed in a folder and left on a dusty shelf that things can go wrong. Think of the ISO 9001 as a new way of life, accept it and adjust every day to incorporate the standards, rather than forget about it until you receive your audit reminders.
If you need help implementing ISO 9001 or auditing your organization’s conformance hire a consultant such as ourselves to keep your organization on track.