Published January 2, 2019
Your company claims it abides by requirements of the International Organization for Standardization (ISO), but an audit could reveal otherwise. Or your business is a time-tested supplier to Company X, but now Company X requests ISO certification to continue the partnership. Maybe attempts to court untapped industries have made it clear that without ISO, you won’t get very far.
Whatever the reason, you are embarking on ISO compliance. And you need a little – or substantial – help.
This is the story of how one manufacturing company forged the path of strengthening its business quality management system. With guidance from TCIE consultant Don Bowes, Keller Technology Corporation (KTC) of Tonawanda, NY, was ISO 9001:2008 certified in February 2015 and upgraded to ISO 9001:2015 certification in February 2018 by an external certification body, aka a registrar.
KTC Quality Systems Manager Sara Eckert talks about the journey.
TCIE: How did the ISO expedition begin?
Eckert: KTC management had a general understanding of ISO, but weren’t experts by any means. They assembled a steering committee to become ISO 9001 certified. Don worked with that committee to drive our ISO certification.
TCIE: What did the process entail?
Eckert: It was a big process. You have the standard and, within it, there are certain requirements you have to meet. You have to document the processes that are important to your business. It’s easy to sit in the conference room and write down what you think the process is. We took an active role in making sure the people who actually do the work were involved. The process owner was in charge of making sure his area or processes were documented.
Once that was complete, we reviewed the processes through classroom training for another layer of vetting. In some cases, the employees would realize the written version of the process wasn’t exactly correct or quite how we do something, so we modified the document. For some processes, each person who performed it had their own way of doing things. The training allowed us to wash out those differences and choose a standard way.
Don guided us throughout our certification journey. Additionally, he facilitated internal auditor training to a few employees and we began our internal audits. And after that, he provided a pre-assessment audit to review the system to determine if we’re compliant. Don also taught ISO overview sessions for all employees and longer, more in-depth sessions for management.
TCIE: Did you glean any significant insights about ISO that you would not have had without TCIE’s assistance?
Eckert: Once Don got involved, it was a big help to have that outside perspective. I really like his thoughts on ISO certification. I can see when looking at other businesses that their goal is just to be compliant. That’s really easy to do. If you have a strong system and controls in place, then you won’t have any issues complying with ISO. But Don preaches using the ISO standard to run your business quality management system and make your business better.
Don also coached us in how to pick a third-party auditor [registrar] that’s a good fit for our company. It’s come in handy. At one point we weren’t happy with how an audit was conducted. So that gave me the confidence to go back to our registrar and ask them to send someone else. I gave them specifications on who would be a good fit for our business.
TCIE: At the time of your recertification audit three years after your initial certification, the 2008 version was phased out and replaced by the 2015 version. How did TCIE assist in this transition?
Eckert: I was responsible for managing that initiative and tried to make the transition have as little disruption to operations as possible. We try to incorporate ISO into our business so people don’t think of it as ISO – it’s just what we do. A few weeks before our audit, we brought Don in for his opinion on where we stood. It was almost a pre-audit, so we could fix or put a plan in place for anything that wasn’t strong or compliant.
He gave us some good feedback. Probably the biggest pointer was recommending we change the format for our quality manual so that it matches the format of the ISO standard. Section four of our manual addresses section four of the ISO standard, for example. This was really helpful because with the 2015 standard, a leadership management group is responsible for maintaining the system. Previously, just a single person was. We made essentially a cheat sheet for leaders so they have a clear understanding of how our system is structured. Previously, I was the person who knew all of the ins and outs of the QMS. Now all employees, especially the management group, have all answers in a clear format available at all times.
TCIE: What are some of the benefits reaped from ISO?
Eckert: As part of our ISO certification, we need to have a corrective action process. Corrective actions are huge because when there is a problem with a product or customer order internally, we can address the issue and prevent it from happening again.
An issue pops up – for example, a customer receives a bad product. We describe the problem. We assign a champion who comes up with a short-term action before conducting a root cause analysis to figure out what really caused the problem. Then we implement a long-term action, which we observe to make sure it is effective.
Before we implemented the corrective action process, there was a lot of pushing issues through to fix them quickly. “Firefighting” was the regular term around here. When you put in a long-term action, you don’t want to address just that problem, but any other places it could happen in other processes or products. Corrective actions allow us to fix problems at a global level that will improve our processes and ultimately improve product conformity and delivery to our customers.
TCIE helps businesses comply with a range of ISO standards. Typical engagements start with a gap assessment, consisting of document review, observation of practices, and interviewing individuals to assess the current quality system against standard requirements. Services may also include devising action items, assisting with documentation creation or updates, conducting quality management system training, performing internal audits and management reviews, and providing guidance in third-party certification audits.