Steps towards ISO 9001:2000 certification?

Could someone please advise us how we should continue our process towards certification?
We have drawn flowcharts over the major processes in a hotel business and started to compare these with the standard. What shall we do next?
Best Regards
Quality trainees
Mathias & Jens
Elsmar Forum Sponsor

Jim Triller

If top management hasn't already done so, have them define the quality policy (including management’s goals & objectives for quality). Establish metrics and track performance relative to these goals & objectives. Periodically present metrics to management for their review. When the metrics indicate negative trends (including falling short of stated goals & objectives) take corrective action. Use these quality performance metrics to "drive" the implementation and focus of your quality system.

Select a registrar early. Several registrars have “help desks” that can be called for guidance on their interpretation of the standard. This way you can understand (in advance of your company’s assessment) how your registrar interprets the standard’s requirements.

Visit a registered organization in your area. Learn from them. There is a free, online database ( of registered companies.

Have someone who has been through the registration process look at your quality system. Ask for assistance in performing an internal audit. Many folks who are experienced with ISO 9000 would be happy to provide an audit free of charge in exchange for the experience. A good source to find such people is your local chapter of the American Society for Quality (ASQ). ASQ has a web page that has links to its section’s web sites at: - Link was: /about/join/sct.html

Keep a positive attitude and good luck!


Hi J and M! Have you decided how to control your documents yet? Are you gonna use Intranet, papercopies or both? We are also in the process of implementing a QMS according to ISO 9001:2000 and we have found that it is quite important to have a document structure set up as soon as possible. It helps you a bit when you feel a bit lost in the djungle of clauses and flowcharts...But don´t forget "Att mäta är att veta" An old swedish saying...
Good luck

David Mullins

Sounds like you need a long answer.

Here's a short one:
Perform a gap analysis. That is, set out each little sentence of requirement in the standard, then determine if you comply. Where you don't fully comply, you have a GAP.
Now plan for, and close, the gaps.

This is a good learning method. It makes you ask questions about what each requirement actually means within your organisation.



Fully vaccinated are you?
From: ISO 9000 Standards Discussion
Date: Mon, 11 Dec 2000 13:43:04 -0600
Subject: Re: GAP Analysis /Preez/Hankwitz

From: "Hankwitz, John"

>From: Andre du Preez
> I am looking for a methodology of how a GAP Analysis
> should be conducted with special reference to the
> Reporting of the results
> Regards
> Andre du Preez


Perhaps the easiest method would be to simply perform an Internal Audit, focusing on those areas you are concerned with. Prepare an audit report, listing the shortcomings as if they were findings for a corrective action. We've done this many times in the past, and have found it to be simple and effective.

John Hankwitz


From: ISO 9000 Standards Discussion
Date: Mon, 11 Dec 2000 13:44:59 -0600
Subject: FW: GAP Analysis /Preez/Venkatasamy

From: "venkatasamy.v"

ISO publication N474R (October 2000) gives a good guidance on
this. This can be printed from ISO web site.



From: ISO 9000 Standards Discussion
Date: Mon, 11 Dec 2000 13:53:12 -0600
Subject: Re: Q: GAP Analysis /Preez/Green

From: Joseph & Susan Green

Joe Green's reply (lengthy, but good mental exercise)

Gap Analysis is certainly a necessity to "base line" an existing system; whether or not the organization being audited knows they have a system for the management of quality or not.

Only a person who knows the entire content of the reference standard to be audited against can effectively perform a useful gap analysis. The knowledge must be intuitive, because the auditor will need to recognize the actual system and compare what is observed to the reference standard.

A planned audit of an already documented quality management system is relatively easy compared to a gap analysis.

Even though the objective is to compare "reality" (the organizations methods) to a reference standard; the gap analysis can easily overlook satisfactory or compliant issues simply because the auditee doesn't understand what the auditor is actually looking for, and the auditor doesn't recognize what he/she is seeing. While tracking down a "clause" of the reference standard the auditor must remain extremely aware of all actions going on around them.

Observing, tracing and flow charting (no interviews) forms the basis for a productive gap analysis. Questioning (interviewing) should only be conducted after the observation, tracing and flow charting phase of analysis is complete.

I have observed that when done effectively this audit requires 75% observe, trace, and flow chart and maybe 15% interview to confirm what has been observed. The balance (10%) is repeat observation and tracing to correct and improve the "systems" flow, actions, and content.

Instead of "show me" audit method, the person conducting a gap analysis should rely on the "take me to where you"....

Design you products
Receive orders (whatever)
Process orders (whatever)
Produce your product
Store your product
Measure your product
Put your product when it's not salable
Package your product
Ship your product.....and on through all QMS elements of the
reference standard.

Only after observing (and mapping) the "actions" in all areas of the audited organization should any direct questions be asked.

When asking questions "parables" "teaching stories" are a necessity to lead the auditee to what the auditor is hopeful of finding.

Example: I see your recieving clerk places the incoming material in two or three areas. Have I missed any? (not that we know of)

The reason I am asking is because most successful organizations give their employees latitude in how they do their job. For example your receiving guy usually has a logical "path of least resistance" that he/she has developed to allow completion of tasks with a minimum of wasted effort.

Now we can begin to zero in on issues:

(at this point intuitive knowledge of the reference standard is essential to the person conducting the audit)

"Do you look at every item that is received?"
"Ever receive something that you suspect isn't correct (in your
"Who else receives stuff when your off sick or on vacation?"
"Do they perform the task the same as you do?"
"Is there someone to go to if you don't know how to handle a
problem that comes up?" (Who would that be?)
"What", "When", "How", "Where", "Who"

This line of questions could be almost endless; however, when the gap analysis is exhausted in this one area; the entire reference standard will be addressed: 1994 = 19 or 20 elements and 9K2K #'s 4 through 8.

The above method should produce a flow chart (map) (diagram) or something that allows the auditor to convey what he has seen and learned so that issues that are defined in the reference standard can be easily seen as present or absent from this single audited function.

The above "location" or "task" specific gap analysis should be repeated for every visible and discrete group and/or task within the audited organization.

When complete, the various flow charts should be arranged and referenced to show how they connect with each other. A system map should be apparent. I believe even "chaos" can be flow charted.

The finished "system" map can then be used to point out "gaps" (if any), "system weakness (if any). and provide a framework by which issues concerning all requirements of the reference standard can be proven "present" or "absent".

You will notice I have not mentioned one word as yet concerning documentation and records. Documentation that is already present may be noted on the same flow charts (individual area or system), and the same is true for records.

Only after the above task is completed and verified as to what is actually being done by the organization can "gap analysis" begin. That task is relatively straight forward.

1. Follow the flow with the audited organization and show where the requirements defined in the reference standard are already being met.

2. Follow the flow, identify possible missing elements, verify with the auditee that the suspect "gap" (defined requirement) is actually absent.

3. Quote the reference standard requirements as they apply to identified compliant functions found, and also as the requirements apply to those areas which constitute a suspect gap.

4. Explain or teach why the requirement is prudent to a well managed QMS; and be sure to address (with examples) the Benefit to be derived from closing the identified gap or recognizing and appreciating the value derived from those requirements already being addressed.

I have only seen a few "gap analysis" audits conducted in this fashion. Unfortunately most "gap analysis" audits focus only on what the organization is missing; rather than what it already has.

Try it you'll like it.
Takes time and effort but the reward is priceless.

"Gap Audit" followed by "Analysis of the data" when called gap analysis audits are not what needs to be done. Even though we call it a "Gap Analysis" this activity should be defined as a "planned assessment and analysis" of existing methods conducted against a reference standard for the purpose of fact based decision making.

Attempted Humor
Invent an anacronym in the name of ISO
Planned Assessment And Analysis = P(A)3

Old Joe


From: ISO 9000 Standards Discussion
Date: Mon, 11 Dec 2000 13:58:27 -0600
Subject: Re: Q: GAP Analysis /Preez/Scalies/

From: "Charley Scalies"

How it should be done depends on the individual circumstances. However, I will describe how I do it in a great many cases. I call the process a Team Gap Analysis. The best "Team" is one that includes the major process owners, provided they also represent that critical mass of people who, together, know how everything in the organization works. It generally ranges from 3 to 10 people though I have done a Team of 25. (The more the merrier. )

We guide the team through an exhaustive checklist of all ISO requirements, explaining each as we go.( This doubles as their ISO education. It works better than a talking heads presentation because they are learning the standard in the context of their own organization.) As they discuss and explain their current practices in each area, we facilitate their identification of all the areas in need of attention, i.e., the gaps between requirements and practices. In the final step, we faciltiate their preparation of an Implementation Action Plan - who will do what, when. The entire process typically consumes 1 1/2 to 2 consecutive days. (Yes we often work into the weekend to minimize the impact on day to day activities.)

My checklist is in the form of a Microsoft Excel '97 spreadsheet (ISO Scorecard - one for ISO9000-1994 and another for the 2000 version). Each checklist item (well in excess of 200 of them ) is scored 1, where the organization meets the requirement, and 0, where it does not. The Scorecard calculates the "score" on each element (1994) or process group (2000) and on a Total basis. (Scale of 100). It also presents the results in a bar graph form. The "report" consists of the summary score and the bar graph. 2 pages in all.

Throughout the implementation program, the Scorecard is continually updated and used to provide ongoing status reports to management.

Feel free to contact me off list if you want to know more about the Scorecards or the Team Gap process.

Charley Scalies
Thread starter Similar threads Forum Replies Date
Z Steps to take before an MDSAP audit for Canada Canada Medical Device Regulations 3
S Sequence of ISO 9001:2015 Implementation Steps ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
N What are the software audit and control steps Reliability Analysis - Predictions, Testing and Standards 2
Anonymous16-2 21 CFR Part 11 - Steps to take if we want to validate an electronic system Pharmaceuticals (21 CFR Part 210, 21 CFR Part 211 and related Regulations) 3
N MDR review process by notified body - How many steps exist in the review process EU Medical Device Regulations 0
G Start and main steps of API Q1 Certification Process Various Other Specifications, Standards, and related Requirements 5
M FDA News Statement from USFDA on steps to strengthen the long-term safety oversight of the Essure device Medical Device and FDA Regulations and Standards News 0
J Steps when changing material for class 1 medical device 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
N Process Flow diagram steps for inspection and packaging APQP and PPAP 4
leftoverture Control Plan - Multiple Process Steps FMEA and Control Plans 8
M FDA News FDA Report - FDA Has Taken Steps to Strengthen The 510(k) Program Other US Medical Device Regulations 0
M Medical Device News FDA - Transformative new steps to modernize FDA’s 510(k) program to advance the review of the safety and effectiveness of medical devices Other US Medical Device Regulations 0
C Sequence of Process Steps not Respected FMEA and Control Plans 3
Jane's What steps do you take to terminate a product which was licensed for sale in Canada Canada Medical Device Regulations 14
S Technical Steps to ISO 17025 Accreditation ISO 17025 related Discussions 1
G What are steps to be followed to get ISO 9001:2015 certified ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
K IEC 62304 - Compliance steps IEC 62304 - Medical Device Software Life Cycle Processes 5
Q Steps from ISO 9001 2008 to 2015? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
rob73 New MDD (European Medical Device Regulations) next steps - 2016 EU Medical Device Regulations 1
M ISO 22000 Description of Process Steps and Control Measures Food Safety - ISO 22000, HACCP (21 CFR 120) 1
C Quality Assurance Manager ? Next Steps? Quality Manager and Management Related Issues 10
D Key steps to OHSAS 18001 Implementation Other ISO and International Standards and European Regulations 1
V Analysis of 'Value Added' System & Process Steps - Inspection Pharmaceuticals (21 CFR Part 210, 21 CFR Part 211 and related Regulations) 2
S What are the next steps after providing response to FDA 483 ? US Food and Drug Administration (FDA) 7
R Steps to Preserve ISO 9001 Certification during Corporate Acquisition? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
Q Moving steps from ISO 9001 to TL 9000 TL 9000 Telecommunications Standard and QuEST 4
D Steps to Complete Quality Control Plans and Work Instruction Manufacturing and Related Processes 4
C Must we identify steps taken to identify the Root Cause of a failure Nonconformance and Corrective Action 15
Sam Lazzara 12 Steps to FDA UDI (Unique Device Identification) Compliance (2013 - 2015) Other US Medical Device Regulations 45
G Further steps in Medical Devices Regulations in EU - Comments? EU Medical Device Regulations 11
S Calibration conducted to 3 steps only of the std instead of complete 5 steps General Measurement Device and Calibration Topics 4
J Eliminating Missing Steps In Manual Operations Human Factors and Ergonomics in Engineering 8
N Basic requirements and steps involved to get NADCAP Certification AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 4
S Change in Career Path - Logical Steps Up and Ways Forward Career and Occupation Discussions 3
M The steps that my ISMS Internal Audit Report has to Contain IEC 27001 - Information Security Management Systems (ISMS) 3
S Depicting Communication Flow Gaps between Departments/Process Steps on a Process Map Process Maps, Process Mapping and Turtle Diagrams 1
J What are the steps to transfer TS 16949 certification or switch registrars? Registrars and Notified Bodies 4
B How many steps does a procedure have? Document Control Systems, Procedures, Forms and Templates 9
A PFMEA for an Assembly Process - Stuck in first steps FMEA and Control Plans 6
M System Building - What are the key steps? Quality Manager and Management Related Issues 2
H Process Development to Validation: What are the steps? Design and Development of Products and Processes 3
V What are the Steps in Ensuring a Definition/Implementation of an Effective Procedure Document Control Systems, Procedures, Forms and Templates 3
T Pilot's Checklist for Six Sigma - Steps to Consider when Initiating Projects Six Sigma 3
R Sales Order Process Flow Plan (Flow Chart) Steps help ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
K Seeking guidance on Preliminary Steps to enable Hazard Analysis Food Safety - ISO 22000, HACCP (21 CFR 120) 1
bobdoering The CORRECT steps to implement an SPC chart Imported Legacy Blogs 16
E What are the general steps to distribute a medical device in U.S.? US Food and Drug Administration (FDA) 1
M How to Implement the QHSE Integrated Management System Easy Steps? Occupational Health & Safety Management Standards 1
A One of APQP Process Steps - OTS (Off Tool Sample) Approval APQP and PPAP 1
L Importing CSV (comma separated values) / Excel process steps into Visio diagram Excel .xls Spreadsheet Templates and Tools 2

Similar threads

Top Bottom