ISO 9001 2008 Certification

Summary of ISO 9001 in informal language

• The quality policy is a formal statement from management, closely linked to the business and marketing plan and to customer needs.
• The quality policy is understood and followed at all levels and by all employees. Each employee works towards measurable objectives.
• The business makes decisions about the quality system based on recorded data.
• The quality system is regularly audited and evaluated for conformance and effectiveness.
• Records show how and where raw materials and products were processed to allow products and problems to be traced to the source.
• The business determines customer requirements.
• The business has created systems for communicating with customers about product information, inquiries, contracts, orders, feedback, and complaints.
• When developing new products, the business plans the stages of development, with appropriate testing at each stage. It tests and documents whether the product meets design requirements, regulatory requirements, and user needs.
• The business regularly reviews performance through internal audits and meetings. The business determines whether the quality system is working and what improvements can be made. It has a documented procedure for internal audits.
• The business deals with past problems and potential problems. It keeps records of these activities and the resulting decisions, and monitors their effectiveness.
• The business has documented procedures for dealing with actual and potential nonconformances (problems involving suppliers, customers, or internal problems).
• The business (1) makes sure no one uses a bad product, (2) determines what to do with a bad product, (3) deals with the root cause of problems, and (4) keeps records to use as a tool to improve the system.

Certification

ISO does not itself certify organizations. Many countries have formed accreditation bodies to authorize certification bodies, which audit organizations applying for ISO 9001 compliance certification. Although commonly referred to as ISO 9000:2000 certification, the actual standard to which an organization's quality management can be certified is ISO 9001. Both the accreditation bodies and the certification bodies charge fees for their services. The various accreditation bodies have mutual agreements with each other to ensure that certificates issued by one of the Accredited Certification Bodies (CB) are accepted worldwide.

The applying organization is assessed based on an extensive sample of its sites, functions, products, services, and processes. A list of problems ("action requests" or "non-compliance") is first made known to management. If there are no major problems on this list, or after it receives a satisfactory improvement plan from the management showing how any problems will be resolved, the certification body will issue an ISO 9001 certificate. The certificate is limited by a certain scope (e.g. production of golf balls) and names the locations covered.

An ISO certificate is not a once-and-for-all award, but must be renewed at regular intervals recommended by the certification body, usually around three years. There are no grades of competence within ISO 9001: either a company is certified (meaning that it is committed to the method and model of quality management described in the standard) or it is not. In this respect, ISO certification contrasts with measurement-based quality systems such as the Capability Maturity Model.