NEWSLETTER ARTICLE

Insights from Registrars

The following is a summary of the main points covered at the Users Group session conducted by Management Systems International in Carlsbad, CA November 17, 2005.

What does the auditor look for when they get on site? 

The Auditor (or audit team) is looking for conformance with procedures when they arrive on site.  The degree of conformance varies, depending on the type of audit being conducted, whether this be an “initial” visit to determine that the system has been established and implemented, or a “surveillance” visit (sometimes called a “maintenance visit”) to determine that the system remains effective.

The auditor team will also assess overall commitment to the management system – small things, such as access to the Managing Director, the number and type of people at the opening meeting and review sessions and evidence that management is actively involved in the day to day running of the management system show that the company is committed.  These little things also make the audit process easier.

What is a process audit?

A “process audit” is an audit of an area, department or function of the organization that concentrates on the inputs and outputs to the area, as well as the work practices themselves.  A process consists of the interaction of five factors: Environment, Information, People, Materials and Equipment, and the auditor reviews these to determine whether the transformation of inputs to outputs is effective and efficient. 

What is the difference between “established” and “documented” procedures?

With the change in the standard from the ISO 9001:1994 to the ISO 9001:2000 version, emphasis went away from having to document every process in your organization.  An “established” procedure is one that can be performed on the basis of a person's knowledge, experience and training.  An example of an established procedure is the process of logging into a computer – there is no requirement to document the login process once a person is trained.

How many procedures should I have in my system?

This is a difficult question to answer – there is no “correct” number or minimum number that a registrar/certification body will look for.  The standard itself only requires six documented procedures, so you should consider as many as you think you need to achieve control of your processes.

Flowcharts are a good way of determining how many procedures you need – you can only fit so much information in one of those little boxes.  If your process needs more explanation than can fit in the box, you may need another procedure. 

How do I raise awareness of ISO and still keep it relevant to my organization in terms of what I do? 

The key to raising awareness is effective communication of what ISO requires, and how it applies to your organization. 

Don’t think of ISO as something different from what you do every day.  Organizations usually conform to about 45 – 70% of the standard without knowing it!  Although there is no proven scientific evidence that this range is accurate, the standard is based on a lot of “common sense ideas” on how to control a process, so think about ISO as something you do everyday, not something additional that you do to satisfy customer requirements.

Sometimes people remove the word “quality” from their day to day vocabulary – this often helps to break down the stigma that unfortunately goes with management system controls.

Also – try to specify your processes in language that is familiar to your coworkers and associates.  Use of “ISO speak” sometimes serves to build barriers that turn people off.  Keeping the information relevant to the organization will help you raise awareness.

How do I choose a Registrar?

The first question you should always ask yourself when choosing a registrar is “What do I want to get out of my registration?”  Are you looking for a piece of paper on the wall that gives you access to new markets, or do you want to use your management system to grow your business, to become more efficient and improve?  Are you looking for someone with a global presence, or are you just looking for the lowest price you can get?  There are over eighty registrars in the United States alone that cater for both of these types of situations (and some in between), so you need to choose carefully.

Look for a registrar/certification body (the two terms are used interchangeably) that is experienced in your industry sector.  Certification bodies are required to have industry experience in the area that your company operates – there’s no point in choosing a body that has little to no experience as you may not get value for money out of them.

Some people look for local auditors to keep the cost of their visits down, but use this as one of your criteria with caution – the local auditor may not always be available when your visits are due, so don’t use this as the sole determinant of who will be providing your audit services.

Registration is a long-term relationship between your company and that of the registrar.  Look for someone that will give you value for money over the three year registration period.  Like getting married, it’s the beginning of a partnership, not the end result of a search.

Sources for Registrar/Certification body information: Look on the ANSI-ASQ National Accreditation Board (ANAB) website (www.anab.org), or consider one of the Quality Digest “Big Ten” registrars (http://www.qsuonline.com/BodyPages/BigTen.html).

How early should I be establishing my relationship with my Registrar?

There are differing schools of though relating to this topic, but the consensus is “as early as you feel comfortable”.  Even though the registrar will need information about the size of your quality system (number of procedures and work instructions, structure of your system) to provide a quote, there is no harm in starting your research early and establishing a relationship with a service provider.

Starting a relationship early is often an advantage as it gives you a technical resource to fall back on for points of interpretation in the standard.  The registrar is “third-party independent”, meaning they cannot tell you how to write your system, but they can offer alternatives on what they have seen in other systems (protecting confidentiality of course).

About the Author:

Malcolm Ting is North America Marketing Manager for SGS Systems and Services Certification (SGS SSC) responsible for new product development and promotion of SGS SSC’s certification and training services within the United States and Canada.  A New Zealand “transplant”, Mr. Ting is a Registered QMS 2000 Lead Auditor and in his 21 year tenure with SGS has held positions that include those of Test Technician, Quality Engineer, Special Projects Manager, Management Consultant and North America Certification Manager.

SGS Systems and Services Certification; 201 Route 17 North, Rutherford, NJ 07070; tel: 201- 508-3000; fax: 201-935-4555 ; web: http://www.us.sgs.com.

 Copyright SGS Systems and Services Certification 2005

Last Updated: 05/31/06

MSI ISO TrainingMANAGEMENT SYSTEMS INTERNATIONAL

San Diego, CA


888-914-9141 (toll-free)  •  fax 760-434-5935

ISO Consulting • ISO Training • Contact MSI

Home  —  Consulting  —  Training  —  Free Users Group  —  Information Request  —  About MSI
Client List  —  News  —  Resource Links  —  Software Resources  —  Link Partners  — Articles   Site Map
 

Copyright © 1999- Management Systems International, LLC. All Rights Reserved.

Web Site Development by LMNUSA.com
 

Bookmark MSI

FREE NEWSLETTER
The ISO crossROADS

Keep informed about
ISO matters & receive a
$400 coupon
for ISO training
Subscribe now!

 

 Email
 First Name
 Last Name
 Area Code + Telephone

 

FREE Users Group
Enjoy presentations on
hot topics by industry professionals & receive
special discounts
on software!

Ask the Expert!
Have a question about
ISO standards, certification
or procedures?
Click Here to ask it.
We'll respond with a
FREE answer
within a day!

 


MSI's Privacy Policy