ISO9001 Certification - Group of companies operating in different sectors

[Coury Ferguson]

Re: ISO9001 certification for an entire group?

Hi all.

New to this forum but already found a wealth of info. Seems to be one of the better ones out there.

Thanks for this compliment. The Cove has been very special to me and others.

Anyway question time.

I have been recently employed within a group of companies with one of my remits to obtain at some time in the near future ISO9001 accreditation. Although not formally trained I had previously worked for an accredited company and carried out the internal audits etc for that system.

You have gained some knowledge on the subject, so this shouldn't be that difficult to undertake. Besides, you have the Cove to help you. But be careful on the advice you take. The advice is good, but it may not apply to your specific needs. Caution: Don't take this on by yourself.

My main question is as follows:

The group is made up of atleast 8 separate companies all within the construction industry but operating in different sectors e.g. civil engineering contracting, road surfacing, steelwork, plant hire, suppliers etc etc. Is it wise to try and get an 'umbrella' accreditation that covers all companies or work through each one independently???.

Only been here a couple of weeks and at first glance appears to be no documented systems already in place from a quality perspective.

My initial hope was to concentrate on one, get it accredited then 'tweak' the system to match the other companies procedures

I have started by creating a QA awareness questionnaire to sum up the in house feeling /knowledge. And I hope to go on a couple of formalised short training courses to help.

My suggestion: One system is easier to maintain and control then 8. Specifically address each unit in your Quality Management System and identify any exceptions that may apply to each unit. Your system is made up of how the Organization works (High level). Individual procedures would apply to each unit. Now you would have a fairly tight system.

This is just my opinion, so use part of it, all of it, or none of it.

 

[DrM2u]

Re: ISO9001 certification for an entire group?

:truce: CAUTION :truce:

I see a lot of replies indicating that you need procedures for this and that. While this might be true for those specific organizations it might not be suitable for yours. Keep in mind that the ISO 9001 standard requires documented procedures only for SIX (6) clauses: 4.2.3 (control of documents), 4.2.4 (control of records), 8.2.2 (internal audit), 8.3 (NC product), 8.5.2 (corrective actions) & 8.5.3 (preventive actions). Any additional procedures are to be DOCUMENTED based on the needs identified by the organization. Therefore, do not go overboard documenting everything and anything. It is time consuming and constraining on the QMS. Not to mention the dirty looks you'll get from your coworkers ...

As I have posted in other forums, my position is that the intent of documentation is to compensate for the lack of knowledge necessary to perform a process (or a task) and to promote consistency in practice across members involved in a process or task. In other words, let the process lead and the documentation follow the process as needed (make sure they match). Doing it the other way around will constrain the natural progression and improvement of processes. We, as humans, are mostly lazy and will therefore look for the easiest way to do something. For example you can show someone how to assemble something or you can tell them what needs to be done and let them figure the how part on their own. You will be amazed how soon they will figure out the easiest way to do it!

 

[Coury Ferguson]

Re: ISO9001 certification for an entire group?

:truce: CAUTION :truce:

I see a lot of replies indicating that you need procedures for this and that. While this might be true for those specific organizations it might not be suitable for yours. Keep in mind that the ISO 9001 standard requires documented procedures only for SIX (6) clauses: 4.2.3 (control of documents), 4.2.4 (control of records), 8.2.2 (internal audit), 8.3 (NC product), 8.5.2 (corrective actions) & 8.5.3 (preventive actions). Any additional procedures are to be DOCUMENTED based on the deeds identified by the organization. Therefore, do not go overboard documenting everything and anything. It is time consuming and constraining on the QMS. Not to mention the dirty looks you'll get from your coworkers ...

I don't agree with the statement "6 only." The six being referred to are the minimum. Why place such a limited number of processes that need to be controlled in a system that could have a lot more processes to provide the ultimate goal Customer Satisfaction?

 

[ISO 9001 Guy]

Re: ISO9001 certification for an entire group?

During the 1994 version of the standard, many experts insisted that ISO 9001:1994 required 20 procedures. This was never true, and very obviously in line with a standard-based approach. This standard-based approach regarded 20 as the "right" number of procedures.
Then, when the 2000 version came out, standard-based experts insisted that because six procedures are required, that six is the right number of procedures.
In either case, people are looking to the standard to structure their QMSs.
Using the process approach, the "right" number of procedures corresponds to the number of QMS processes. Under the 1994 standard, I took several companies through registration using only 10 or 11 procedures--based upon their processes instead of being based upon the standard 20. Auditors didn't like it, as they were under the impression that QMS documentation was supposed to be written to satisfy THEM--pandering to the 20 elements of the standard--rather than being written for internal personnel to assure quality. Some auditors still seem to believe that they are the proper audience of an organization's QMS documentation.
Using the process approach, the "right" number of procedures depends on your company and its processes and how serious you are about managing quality. If your emphasis is to comply with ISO 9001 and get a certificate on the wall, six is the minimum number of procedures required of the standard. If you want to sensibly assure quality by making sure your processes are clearly defined, adopt the process approach and write as many procedures that are right to control your QMS processes. It's probably more than six, but probably much less than twenty.

 

[DrM2u]

Re: ISO9001 certification for an entire group?

I don't agree with the statement "6 only." The six being referred to are the minimum. Why place such a limited number of processes that need to be controlled in a system that could have a lot more processes to provide the ultimate goal Customer Satisfaction?

Do you associate a documented procedure with defining and controlling a process?!? Then you better look up the difinitions for 'document' and 'define'. Also I believe that it is rather pathetic if a company cannot define and control a process without documenting it in a procedure.

 

[ISO 9001 Guy]

Re: ISO9001 certification for an entire group?

A procedure, per ISO 9000:2005, 3.4.5, is a "specified way to carry out an activity or a process." So, a procedure does serve to define a process. A document (ISO 9000:2005, 3.7.2) is "information and its supporting medium." Documenting procedures is a good way to promote process consistency and provide clear, more tangible assignment of responsibility.
Also, documenting procedures at a level appropriate to the standard makes management more clearly responsible for many of the quality problems they encounter. So often, recurring problems are NOT due to the folks on the floor, they are due to the resources provided to the process. In other words, quality problems often originate in the MANAGEMENT of these processes. ISO 9000 as a management standard recognizes this and promotes systemic management of processes affecting quality.
A procedure describes the "specified" way to perform a process in an effort to control it. A procedure itself is one mechanism used to control a process, in that it describes the process to promote good practices, to promote consistency, and to assign responsibility. But a procedure doesn't itself control a process. A good procedure does, however, describe whatever controls that are in place to ensure quality. If defining QMS processes and documenting them is painful, you are doing it wrong. These processes operate every day, after all. They don't need to be senseless, painful procedures.
How pathetic it is for management to need procedures to control operations, I suppose, depends on how complex the processes are, how often they are engaged, the competence of personnel, organizational size, etc. In plenty of cases, absence of a documented procedure would be regarded as being pathetic from the perspective of quality assurance.

 

[Coury Ferguson]

Re: ISO9001 certification for an entire group?

Do you associate a documented procedure with defining and controlling a process?!? Then you better look up the difinitions for 'document' and 'define'. Also I believe that it is rather pathetic if a company cannot define and control a process without documenting it in a procedure.

The bottom line here (in my opinion) is that it makes the process more consistent. How would you control the process, without documenting specific tasks associated with it?

 

[ISO 9001 Guy]

Re: ISO9001 certification for an entire group?

I agree, Coury. Regardless of certification, a few sensible documented procedures can go a long way to helping assure quality. But in the case of certification, they make even more sense from a perspective of prudence.
If Tom in Production follows a well-written procedure--one describing the process and one that happens to meet applicable requirements of the standard--Tom doesn't need to be an ISO 9000 expert to meet the requirements of the standard. He simply needs to follow his procedure. And he can be confident that in doing so, he meets the requirements of the standard.
I tell my clients that if they get stumped during an audit, all they need to do is look to their procedure (singular) and find the answer. I promise them the answer is there because it is, although it might not be expressed in terms of ISOese--but it's the auditor's job to interpret both the standard and the procedure correctly.
Anyway, having good documented procedures makes sense for many organizations. Notice how many organizations that are not ISO-certified nevertheless have documented procedures. Why? Regardless of certification, in many cases, it's simply good quality management.

 

[DrM2u]

Re: ISO9001 certification for an entire group?

The bottom line here (in my opinion) is that it makes the process more consistent. How would you control the process, without documenting specific tasks associated with it?

You control a process by implementing CONTROLS (specifications and inspections) at appropriate steps in a process and not documented procedures. There are preventive (Poka Yoke) and detective (inspection) controls in a process, also known as 'checks and bounds'. You verify the 'existence' and evaluate the effectiveness of the defined process by observing the activities, interviewing the ones doing it and by reviewing the records kept. HOW to do a process or a task can be taught via on-the-job training and other means, not only through a documented procedure.

Don't get me wrong here. I am not saying NOT to have procedures, just to document the ones identified as needed by the organization. What I am advocating against is the general tendency to over-document everything because that is how it was done in the past. I am also advocating for letting the process lead the procedure and not the procedure lead the process. This way the natural human tendency to optimize processes and tasks will take place resulting in continual improvement. Have the procedures match the process to preserve knowledge and use as a reference when needed.

 

[DrM2u]

Re: ISO9001 certification for an entire group?

[...] If Tom in Production follows a well-written procedure--one describing the process and one that happens to meet applicable requirements of the standard--Tom doesn't need to be an ISO 9000 expert to meet the requirements of the standard. He simply needs to follow his procedure. And he can be confident that in doing so, he meets the requirements of the standard.

Why not have the procedure match what Tom and his coworkers established to be the most effective and efficient method to complete the process??? This way Tom can improve the process without having to worry that he's stepping outside the boundaries set by the procedure. And, if the procedure is kept up to date with the process then Tom still doesn't have to be an ISO expert and compliance is maintained.

[...] I tell my clients that if they get stumped during an audit, all they need to do is look to their procedure (singular) and find the answer. I promise them the answer is there because it is, although it might not be expressed in terms of ISOese--but it's the auditor's job to interpret both the standard and the procedure correctly.

Why would your clients get stumped during an audit? Shouldn't they know their own processes since they are performing them on a regular basis? Why do they have to reference what the procedure says unless they are in discordance with the documented process? This raises flags for many audit trails to an auditor, including the implementation and maintenance of the quality sytem.