989.289.6005

Expert ISO Assistance

  • Plan system, taking into account a) business objectives; b) business structure; c) requirements of the relevant Standard(s); d) identified compliance gaps.
  • Define policy statement, ensuring that it is a) unique to your business, b) written in your language, and c) user-friendly.
  • Define processes (core and support) and their interaction.
  • Document core processes (preferably in flow chart form).
  • Document core sub-processes with work instructions as necessary.
  • Document key support processes as necessary (i.e. training, purchasing, document control, etc.)
  • Identify or establish key system performance metrics (i.e. cost of poor quality); identify baseline and commence data gathering and analysis.
  • Establish document distribution system such that system documents are reasonably available to those that need them.
  • Orient / train work force in a) aspects of the system that everyone has to know (such as the policy statement, and their role in the corrective action process) and b) aspects of the system specific to their jobs.
  • Internally audit system to confirm that it is understood, implemented, and compliant with the Standard. (Some processes may require re-audit after corrective action.)
  • Hold initial management review.
  • Select registration body.
  • Undergo registration audit.

If we want to have (for example) both ISO 9000 / ISO 9001 quality and ISO 14000 / ISO 14001 environmental management systems, do they have to be separate?

No, they can be integrated.

  • The major Standards ISO 9001, ISO 14001, ISO/TS 16949 (sometimes called TS16949 or ISO 16949), and/or OHSAS 18000 / OHSAS 18001 are set up around the same basic model (Plan-Do-Check-Act, or PDCA for short).
  • They have a significant number of common or parallel requirements (i.e. document control, internal audit). With an integrated ISO 9001 / ISO 14001 system, for example, you'd have a single internal audit process for both quality and environmental aspects.
  • All major registrars recognize and accept integrated management systems. Generally, registrar costs are lower for integrated systems than for individual systems assessed separately.

This depends on many factors, including (in order of importance):

  • Degree of top management commitment
  • Availability of resources (mainly people and time freed up from other tasks)
  • Whether or not there is a serious, hard-and-fast deadline (i.e. customer mandate)
  • Organization size, type, configuration
  • Compliance status when you start
  • Extent to which the organization is ‘system oriented' (i.e. is accustomed to operating on a planned basis) and already has some level of defined, documented processes that can be grandfathered into the ISO/OHSAS system
  • For ISO-9000, whether or not organization is design-responsible
  • For ISO 14001, number and magnitude of environmental interactions / impacts
  • For OHSAS 18001, number and magnitude of health/safety hazards and risks

If you're like most organizations, you can't just shut down your business and implement your management system full time. So it'll have to be done during "normal" business operations.

Generally speaking, 6 months is a bare minimum to implement a rudimentary system from start to finish. The quickest we've done it is 8 months, with a small organization doing ISO 9000 / ISO 9001 on a tight customer-mandated time line. The larger the organization, and the more complex the process stream(s), the longer it tends to take. And even great organizations with great quality practices and highly motivated employees can take an agonizing forever to get this done when management support/commitment is lukewarm or two-faced.

In real world experience, the average tends to be around 14 months from start to finish. Firms attempting the task without expert help tend to run double the length of time.

To lead, and guide, and speed the process; to save you from making rookie mistakes; to apply his/her experience and abilities to see to it you end up with a system that not only "passes" registration audit, but, more importantly, adds value to your organization.

The consultant's role is also, ultimately, to work him/herself out of a job – that is, to leave you with a system that you understand, own, and can operate just fine without further consultant help (and expense).

Ultimately, your ISO / OHSAS system should be an asset that pays you back, not a cost that bleeds you dry. A consultant can help you achieve this faster than you'd figure it out without help -- if the consultant is experienced, competent, and conscientious.

But be careful. Finding a qualified consultant can be tricky. There is no licensing or certification required to be a management systems consultant – the only requirement to be one is simply to declare yourself.

For more information on how to select a consultant, review our "17 Answer to Get - BEFORE You Hire a Consultant." (Warning: Our competitors would rather you did not read this.)

Start with a "pilot" and roll the system out from there.

  • If you have multiple sites, design and implement your system to include the central one, and then add subsidiary sites after the "pilot" area is implemented and settled down.
  • If you're doing more than one ISO / OHSAS standard (i.e. ISO 9001 and ISO 14001), do one first (ISO 9001, preferably) and add environmental and/or safety management later. With the proper planning you can do this and still enjoy the benefits of integrated systems discussed earlier.

Taking a measured approach to implementation as recommended here lessens the pressure on time and resources. It also extends the overall project time, though probably, in our experience, not by much.

  • Understand and accept what you're getting into. To design and implement a management system that actually means something, adds value, works well, and is a tool to help run the business better on a continually improving basis, is difficult, expensive, and takes time.
  • Make sure top management / ownership is on board, fully supportive, and willing to walk the walk without reservation. (We like to start projects with a meeting of the management team during which top management / ownership ‘lays down the law'.)
  • Designate a project champion that has full access to and the support of top management; authority within and respect of the organization at large; significant knowledge of processes, people, and company history. (This is no job for a newbie.)
  • Design the system to fit your business – consistent with your processes – to meet your goals. In other words, do not design your system around the Standards (an old-school approach that is long discredited), or to fit the whims / prejudices of outsiders like consultants and auditors.

To implement the system, you'll need additional resources in terms of people and time. This is inescapable – but temporary. Once your system is implemented, in place, and settled down, if it is properly designed with minimal bureaucracy, the amount of extra headcount required will be zero.