What is ISO 9001?

ISO 9001 is the international standard for quality management. The organization uses its ISO 9001 system to control its processes that assure customer satisfaction. The scope of ISO 9001 extends beyond production, inspection, and/or service delivery to include support processes like purchasing, training, calibration, and risk management.

What is ISO 14001?

ISO 14001 is the international standard for environmental management. The organization uses its ISO 14000 / ISO 14001 system to control the way(s) its processes impact, or cause changes to, air, water, land, etc.; comply with laws/regulations, and continually improve its environmental performance.

What is OHSAS 18001?

OHSAS 18001 is an international specification for health/safety management. The organization uses its OHSAS 18000 / OHSAS 18001 system to control, or eliminate if possible, health/safety hazards and risks associated with its operations; comply with health/safety laws and regulations, and continually improve its health/safety performance.

What kinds of organizations implement ISO management systems?

All kinds. ISO / OHSAS standards and specifications are intentionally generic. They can be applied by any organization providing any product or service anywhere in the world.

Why do organizations implement ISO management systems?

Most do it to meet the requirements of current or prospective customers. Others implement out of a desire to improve quality, environmental, and/or health/safety performance.

What's involved in implementing ISO or OHSAS management systems?

The generic phases of any management system implementation exercise include:

  • Set objectives.
  • Identify resources.
  • Determine gaps in compliance to the Standard(s).
  • Design system.
  • Develop needed documents.
  • Implement revised processes, and performance metrics.
  • Orient / train work force.
  • Internally audit system.
  • Implement corrections and re-audit as necessary.
  • Carry out management review.
  • Select registration body (optional).
  • Undergo registration ("certification") audit (optional).

What does "certification" or "registration" mean?

Registration -- often called "certification" -- means that your ISO management system has been objectively audited by an accredited registration body and found to be fully compliant with the ISO / OHSAS standards.

If we decide to implement both ISO 9001 and ISO 14001, do these have to be separate systems?

No. You can implement integrated management systems taking into account the requirements that are common among the standards. This integrated approach improves system efficiency and cuts costs, both internal costs and registration costs.

Can an ISO management system be implemented in small companies?


If our organization has multiple sites, can we implement a single ISO and/or OHSAS management system, or must they be separate?

Though each situation is different, and some exceptions apply, generally the answer is yes.

What should we do to prepare for an ISO management system?

Designate a person to be your project coordinator. This person should have:

  • Good knowledge of company processes and people
  • Direct relationship with and access to top management
  • Computer literacy
  • Time and resources for the work
  • Create up to date organization chart with names and job titles, from top management down to the supervisor / team leader level.
  • Create a list of employees, including name and job title.
  • Collect process documents, instructions, procedures, etc., that are current and in use.
  • Collect information on any key performance indicators, metrics, etc. that are maintained, particularly on cost of quality issues (rejects, customer returns, warranty problems, customer complaints)
  • Make a list of any companies to whom you outsource production tasks, and indicate any of these who ship your product direct to your customers.
  • Make a list of vendors / suppliers that are "critical," that is, whose performance has a significant effect on your ability to meet the requirements of your customers (and, conversely, whose poor performance would hurt your ability to meet customer requirements). Typical categories include (but are not limited to):
    • Calibration
    • Temporary / contract labor
    • Transportation
    • Lab testing
    • Equipment maintenance
    • Equipment parts (excluding generic / commodity items)
    • Raw material
    • Tooling
    • Gages and fixtures
  • List any other kinds of vendors who provide "critical" product or service (i.e. if they do not perform directly, the result could negative impact your process and/or your customers).
  • List types of measurement devices used to check product conformity. (If you have a detailed list that is even better.)

Transition to ISO 9001 (2015): What are the most critical issues to address when transitioning our system from ISO 9001:2008?

  • 4.1 Understanding the organization and its context
  • 4.2 Understanding the needs and expectations of interested parties
  • 4.4 Quality management system and its processes
  • 6.1 Actions to address risks and opportunities
  • 4.3 Determining the scope of the quality management system
  • 5.2 Establishing (and communicating) the quality policy
  • 6.2 Quality objectives and planning to achieve them
  • 6.3 Planning of changes (and 8.5.6 Control of changes)
  • 7.3 Awareness
  • 7.4 Communication
  • 8.4 Control of externally provided processes, products, and services (particularly, the outsource processor impact)
  • 10.1 Improvement

Check here for assistance options for transitioning to ISO 9001:2015.