Ideal way or steps in preparing the system certification for ISO9K:2K?


Quite Involved in Discussions
Hi Everyone,
Is there an ideal way or steps in preparing the system certification for ISO9K:2K?:bigwave:
I was quite confused on the steps that was been provided to me.
We are ISO9001:1994 certified, does everybody undergoes soft launching on the ISO9K:2K?:confused:
I'm planning to slowly update our documents and align to the ISO9K:2K standard.

Any feedback would be appreciated.

Thanks in advance,

Raffy :cool:
Elsmar Forum Sponsor


Fully vaccinated are you?
Staff member
In the 3 'upgrades' I've been involved in, we did little more than rewrite the quality manual. There were no major systems changes but we did do a 'top level' flow chart of the 'QMS' and a preventive Action flow chart. Both just repeated existing systems. No document re-numbering or anything like that. Finished the 3rd today with 0 findings (there was one 'gray area' finding that was dropped).

What steps have been 'provided' to you and by whom? Need some more detail.

I have been, and still do, contend that people (especially training companies, consultants and such) are making this out to be a big deal. It isn't. What I find hard to believe is companies are still registering to ISO 9001:1994... :bonk: What maroons... :thedeal:


Quite Involved in Discussions
Hi Marc,
Thanks for responding immediately to my concern.
" What steps have been 'provided' to you and by whom? Need some more detail."
To start with is soft launching of ISO9k:2K to the management; planning; hard launching to all employees; different courses needed to support the ISO9K:2K alignment;gap analysis;internal audit; followup audit. I got it to a consulting firm that offers their service in educating us with the ISO9K:2K.
Originally quoted by Marc:
"What I find hard to believe is companies are still registering to ISO 9001:1994... What maroons... "
With regard to this, since there were no requirement coming from our customer that we need to certify to the new standard and we are caught that our certificate would be expired in months time, we opted to choose the old revision.

M Greenaway


Many of the registrars offer a transitional audit cycle (in addition to your 1994 audits). These are basically extra visits over a two year (or less) period where a section of ISO9000:2000 will be audited against at each visit to see if you are up to scratch.

Although I havent been through it myself this sounds like an excellant approach, and avoids you doing needless, or possibly innacurate gap analysis as the registrar effectively does it for you. These transitional audits wont threaten your 1994 certificate, and so long as you implement all corrective actions you will get your 2000 cert at the end.

Sounds simple ?


Fully vaccinated are you?
Staff member
I agree with M Greenaway that a 'gentle' approach would be a good idea. And I apologise for the nick against those registering to ISO 9001:1994. I will admit some giddiness on my part as I responded within hours after another successful upgrade - that always puts me in a good mood... However, I was thinking of first time registrations. It is my understanding that registrars (at least some - this one still is) will still register a company (initial registration) to the 1994 version.

If I were you I would do my own internal gap analysis since you are already registered. Then ask yourself what you have to do. What I did was use the files in the ISO Mains directory Upgrade subdirectory (Premium File Access):

ISO9K2K_Upgrade Gap_Analy.xls and ISO9K_Upgrade.ppt were the two main files I used. I went over the line items in ISO9K2K_Upgrade Gap_Analy.xls with the management rep at each place and made sure they could answer / address each line item. That was their 'training'.

However -- Each of the companies I have worked with were former implementation clients. The one I worked with yesterday was registered in 1997. This said, each company had one or more people who understand ISO 9001 so when we looked at the differences they had a pretty good grasp of the requirements as they applied to their company. Secondarily, each was a 'Flow Chart' implementation and they followed my advice on systems when they first registered.

My concern is you mention things like courses needed to do the upgrade. I guess I gave my clients 'courses' in the sense that we did sit down and go over the requirements, but there were no courses per se involved. None of the mainstream prsonnel went through any training as the differences didn't require anything that needed training. We did not even do a management review to the new standard nor did we do an internal audit prior to the upgrade. The auditors in 2 cases were unsettled by this, but I used the standard "Show me where it says..." and they let it go.

I guess had I not already gone through 3 upgrades now (two with 0 findings - not as much as a minor) and in none of the cases did we do anything more drastic than what I have mentioned, I am having a difficult time understanding what all the hoopla is about. In each case we were able to look at existing systems which address the 'new' requirements. Not even the quality policy had to be updated. We completely rewrote the quality manual (1 day using my template and transferring references) and did two new flow charts (1 day). We had a sitdown first where we went over the line items in ISO9K2K_Upgrade Gap_Analy.xls (a morning) and not much else

So - I guess my summary is to do an internal gap analysis, identify gaps and go from there. I would make sure that you are not already addressing the new requirements. The few places I found issues were in their readiness to discuss the new requirements (which we dealt with the morning we went over the line items in ISO9K2K_Upgrade Gap_Analy.xls) and - as I said - all were already doing what the 'new' standard required. The main hangup - if one can call it that - was to ensure 'measureable' quality objectives. Communications and most of the other issues were already a part of their operations (more basic good business practices).

Unfortunately I believe there is a lot more hype than reality in what many people are saying about how the changes to the standard are significant. I might feel differently but I spent less that a week with each client going through the 'upgrade' process.

If you do an internal gap analysis and want to ask specific questions about specific 'new' requirements you do not believe you already meet, I'll try to tell you what we found and did. In addition, I did put in a field in everyone's user profile wher you can put in your company size - that would give me a better idea (I checked and you haven't updated your profile) as to the possible complexity of what you're dealing with.

If I have one sentence of advice - don't over complicate what the 'new' requirements actually require. If you look closely you may already be doing what is necessary - It may be you're just not ready to explain.

Jim Green

Additional Training for ISO 92k

What about additional training for Internal auditors. These 8 quality management principles and techniques that they are required to know?
On to another subject.
I have been following this forum for about 3 yrs. Good info. and it makes me feel like I am on the cutting edge of quility. Thanks for your efforts.


Fully vaccinated are you?
Staff member
> These 8 quality management principles and techniques that
> they are required to know?

Where in ISO 9001:2000 does it say there are 8 quality management principles and techniques that someone has to know? I would like to know where it comes from because I seem to have missed it somehow.

I would definitely go through the changes (we're talking upgrade, right?) with your internal auditors. While it is not required per se, I would go through a round of internal audits prior to the registrar coming.

Each of the registrar's auditors I 'experienced' in upgrade audits was Ok with the fact that none of my clients did a round of internal audits (but they were each surprised and expected problems and they said so), but I went through the differences with my clients so they knew what the rquirements are and how to approach auditing them, not to mention addressing them. When you come out of an audit with 0 findings it's hard to complain that the company needed a round of internal audits to the new standard. A registrar might require a round, but the standard does not and the registrars I have dealt with did not specifically require them.

What I am saying is I see stuff like this:<hr>
PeterH wrote in message
news:[email protected]
> I recently attended an ISO9001:2000 workshop for QA managers upgrading
> from ISO9001:1994. I was left with a couple of questions in my mind
> that weren't clearly explained. You may be able to help me.
> Q1. Can exemptions be sought from ALL subclauses of Clause 7 (ie Cl
> 7.1 to 7.6 inclusive) as per Clause 1.2? The presentation notes I was
> given only mentioned Cls 7.3 to 7.6 being exempt.
> Q2. The workshop notes stated that procedures must be documented (ie
> they are mandatory) for Cls 4.2.3, 4.2.4, 8.2.2, 8.3, 8.5.2 and 8.5.3
> and that other clauses can be verbal, if necessary, for the remainder.
> Where in ISO 9001:2000 does it mention these mandatory requirements
> and that some can be verbal? In what way can procedures be verbal and
> still be auditable?
> Q3. What are the main things to look for when changing from
> ISO9002:1994 to the new ISO9001:2000. Is it simply that the company
> would need to review how much design it does that was once excempt
> from the requirements of ISO9002 that may now be required to be
> included under ISO9001:2000?
> regards
> PeterH

From: "Dave & Rachael"
Newsgroups: misc.industry.quality
Subject: Re: Some 9001:2000 Questions
Date: Tue, 12 Feb 2002 21:27:59 -0000

Here's my experiences of going through certification:

Q2: The procedures called for in the standard are mostly common sense ones you would need regardless of whether you are using the ISO9000-series of standards. Effective document control does not happen by chance.

Our approach was to develop a high-level management plan that contained the objectives we planned to meet over the coming three years (it is updated each year). To support those objectives, we developed a series of simple process maps that described the steps taken to meet those objectives. Where necessary, those steps were supported by lower-level Quality plans that in turn referenced procedures. The progress of the objectives were monitored by the top-level Management Board using a traffic light system (green = OK, amber = minor weakness, red = major weakness) in a balanced scorecard.

What the Standard is trying to say is don't create procedures for the sake of it. If you need a procedure, and it will be used, create it.

Q3: The main changes for me were: - the use of the eight Quality Management principles - integrating the Quality Management System into the business planning activities - development of processes (don't underestimate this task - processes and procedures are different) - changes of auditing practices (processes + data replace procedures in many cases) - trying to communicate a technical subject such as process management to non-Quality staff

Two main pluses were: - we have LRQA as our assessors and they had created a transition checklist - we formed a working group of the Management Board to answer each question (over 100 of them, it took eight hours over three sessions) - we introduced the Management Board to the standard through mini-workshops (over three months) lasting about ten minutes where we brainstormed how we met the eight Quality Management Principles

By the time we had finished, the Management Board had bought in and knew what was going on. It was a big effort - don't underestimate it. From start to finish, the transition takes about a year for an organisation of about 150 staff.

We're talking tons of bucks here. I hope that's for an implementation from scratch. And if the person means there are only 150 people in the company where he states " organisation of about 150 staff..." a year is a long time. Is that everybody or does he mean only office personnel by using the word 'staff'? A year for a transition is way, way too long. Every client I have has already had stuff like goals and objectives at every level of the company. That's what any good company will be doing anyway. If a company currently does not have those, how do they control their operations? How do they advance and improve?

I'm just using the above as an example. My point is to take a close look at the 'new' requirements and make sure you're not already doing something but never really thought of what you are doing in light of the new standard before.

The 'process approach' thing also galls me. Practically every client I have worked with in implementations since 1994 has used flow charts for level IIs as a minimum. These flow charts already show where functional groups interact and how (also defining communication channels). The flow charts themselves describe their processes. This said, they have taken a 'proess approach' for years. This is a smoke screen of confusion in my opinion.

Bottom line: Make sure you understand the changes and make sure you're not already doing what they require before you start a crusade for change as many seem to be making this out to be.

Just my opinion... I've been through 3 upgrade audits and 2 implementations to the 2000 standard from scratch and all have been smooth audits with one exception where 1 of two auditors was a pain in the butt. But - all were successful. In two upgrades 0 nonconformances were identified. But - You never know. I could be missing something obvious. :thedeal:

M Greenaway

Marc, i'm sure you know this...

The 8 management principles are defined in ISO9000:2000 - which isnt auditable, but would be a good idea I think if auditors understood the principles (unless of course they start quoting non-compliances against it !!).


Fully vaccinated are you?
Staff member
Ah! OK. We're talking about 0.2 in that document. I agree that's not a bad idea - I've just never gone that far with internal auditors.

Bruce Wade

The eight management principles are included in our Level I manual. All auditors are trained to look for use of these principles in our procedures, processes and activities.

The auditors are also instructed to use them in conducting audits, where appropriate, i.e. factual decision-making in performing audits and analyzing results, examining processes and looking from a "systems" approach during audits.

Upper management has ascribed to these principles, per the Level I manual. Therefore, IAs are free to comment on use and call management for nonconformance when they are not used.

This (we hope) does a couple of things. First, using the eight principles, particularly using factual information in decision-making, should help keep the nonconformance system impersonal. (Like many sites, this was previously a problem. People punished each other by sending nonconformances. Lots of anger and rage!) Second, it should help keep our "feet to the fire" in terms of dealing more appropriately with nonconformance and CA/PA.

I believe this were probably the purposes of including the management principles in ISO 9000:2000...
Thread starter Similar threads Forum Replies Date
T Cpk for 0 as Ideal Value Statistical Analysis Tools, Techniques and SPC 1
W Which ISO certification is ideal for my IT company? IT (Information Technology) Service Management 8
I What is an Ideal Control Chart for Hospital Surgery Infections? FMEA and Control Plans 2
B What is the acceptable or ideal Retrieval Time of Records? Records and Data - Quality, Legal and Other Evidence 9
S The Ideal Husband. Funny Stuff - Jokes and Humour 9
D Ideal Ratio of Turnover (Sales), Employees & Departments Quality Manager and Management Related Issues 6
R Ideal Internal Audit Frequency and Scope - ISO 9001 Internal Auditing 6
S Ideas for an Ideal Internal Audit Program Internal Auditing 16
BradM How to be an ideal husband Funny Stuff - Jokes and Humour 8
C Description of the Ideal quality Engineering Position Career and Occupation Discussions 7
A Ideal job Funny Stuff - Jokes and Humour 13
P Definition Ideal Quality - What is the definition of Ideal Quality? Definitions, Acronyms, Abbreviations and Interpretations Listed Alphabetically 5
S DPMO calculation for Testing stations- ideal way? High volume PCB manufacture Six Sigma 8
W Interesting Discussion Does Lean hold the key to success? Is Lean the ideal vehicle for moving forward? Lean in Manufacturing and Service Industries 77
Claes Gefvenberg The Ideal Auditee General Auditing Discussions 22
A Process Measurable - Ideal process measurable for a quality control department ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
Z Steps to take before an MDSAP audit for Canada Canada Medical Device Regulations 2
S Sequence of ISO 9001:2015 Implementation Steps ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
N What are the software audit and control steps Reliability Analysis - Predictions, Testing and Standards 2
Anonymous16-2 21 CFR Part 11 - Steps to take if we want to validate an electronic system Pharmaceuticals (21 CFR Part 210, 21 CFR Part 211 and related Regulations) 2
N MDR review process by notified body - How many steps exist in the review process EU Medical Device Regulations 0
G Start and main steps of API Q1 Certification Process Various Other Specifications, Standards, and related Requirements 5
M FDA News Statement from USFDA on steps to strengthen the long-term safety oversight of the Essure device Medical Device and FDA Regulations and Standards News 0
J Steps when changing material for class 1 medical device 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
N Process Flow diagram steps for inspection and packaging APQP and PPAP 4
leftoverture Control Plan - Multiple Process Steps FMEA and Control Plans 8
M FDA News FDA Report - FDA Has Taken Steps to Strengthen The 510(k) Program Other US Medical Device Regulations 0
M Medical Device News FDA - Transformative new steps to modernize FDA’s 510(k) program to advance the review of the safety and effectiveness of medical devices Other US Medical Device Regulations 0
C Sequence of Process Steps not Respected FMEA and Control Plans 3
Jane's What steps do you take to terminate a product which was licensed for sale in Canada Canada Medical Device Regulations 14
S Technical Steps to ISO 17025 Accreditation ISO 17025 related Discussions 1
G What are steps to be followed to get ISO 9001:2015 certified ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
K IEC 62304 - Compliance steps IEC 62304 - Medical Device Software Life Cycle Processes 5
Q Steps from ISO 9001 2008 to 2015? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
rob73 New MDD (European Medical Device Regulations) next steps - 2016 EU Medical Device Regulations 1
M ISO 22000 Description of Process Steps and Control Measures Food Safety - ISO 22000, HACCP (21 CFR 120) 1
C Quality Assurance Manager ? Next Steps? Quality Manager and Management Related Issues 10
D Key steps to OHSAS 18001 Implementation Other ISO and International Standards and European Regulations 1
V Analysis of 'Value Added' System & Process Steps - Inspection Pharmaceuticals (21 CFR Part 210, 21 CFR Part 211 and related Regulations) 2
S What are the next steps after providing response to FDA 483 ? US Food and Drug Administration (FDA) 7
R Steps to Preserve ISO 9001 Certification during Corporate Acquisition? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
Q Moving steps from ISO 9001 to TL 9000 TL 9000 Telecommunications Standard and QuEST 4
D Steps to Complete Quality Control Plans and Work Instruction Manufacturing and Related Processes 4
C Must we identify steps taken to identify the Root Cause of a failure Nonconformance and Corrective Action 15
Sam Lazzara 12 Steps to FDA UDI (Unique Device Identification) Compliance (2013 - 2015) Other US Medical Device Regulations 45
G Further steps in Medical Devices Regulations in EU - Comments? EU Medical Device Regulations 11
S Calibration conducted to 3 steps only of the std instead of complete 5 steps General Measurement Device and Calibration Topics 4
J Eliminating Missing Steps In Manual Operations Human Factors and Ergonomics in Engineering 8
N Basic requirements and steps involved to get NADCAP Certification AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 4
S Change in Career Path - Logical Steps Up and Ways Forward Career and Occupation Discussions 3

Similar threads

Top Bottom