Uncategorized
The Truth about ISO9001 Fast Track Registration
As an auditor I’ve been involved in about 40 first-time registrations for three registrars. I have another one coming up in a month or so. So, I have some things to say about ISO9001 Fast Track registration. These would be organizations who are trying to get ISO9001 registered as quickly as possible. .
How the ISO9001 Fast Track works
This is not actually a real thing, it is an artifact of a person or company that wants to sell you a quality manual. The underlying assumption is that you can buy and/or import the necessary documentation into your company, “adopt it” as your QMS requirements, and then get your ISO certification once you find a cooperative registrar.
I can understand the motivation behind it. This happens more often than not in small businesses that has some sales opportunity that requires “ISO certification.” The boss calls somebody into his or her office and says “we need ISO certification, it needs to be done faster than humanly possible, let me know when you’re done so I can bid on this business.”
The person that gets this message quite often is an accounting or administrative person that doesn’t have a lot of QMS experience. This is a side issue too, assigning the job to one person.
How Fast can you become ISO Cerfitied?
This is an important question the answer to which is generally considered to be three to six months.
Here’s a link that says you can be certified in 10 days. (Link)
Here’s another link that says the more plausible time is 3 to 6 months, which is more plausible. (Link)
Here is another link that says that gives you tips to get your certification within 8 weeks.
Note to self: Make a video like this to tell readers the truth, which is that it is relatively easy to get your ISO certification in a hurry, but it is hard to get it permanently.
The ISO9001 Fast Track Temptation
So, it is tempting to do the following:
Buy a canned ISO9001 Quality System manual from the internet. “Adopt” it. Call a registrar and schedule your Stage 1 and Stage 2 audits. Do the minimum requirements for certification (which is accommodate the 38 cases in the ISO standard which say “the organization shall”). Call it good. You did your job.
For a small fraction of businesses that are well run, with engaged management, are data-driven with solid objectives, and a good record keeping system, this is actually plausible.
But, human nature being what it is, this is a rarity.
It is more likely that this happens in a place that is a bit autocratic, the processes are not well developed, and the business is just doing it to get the piece of paper. ISO is the “flavor of the minute”, management sees it as a necessary evil, and the unfortunate administrator is left with the responsibility. They are trying to do the ISO9001 Fast Track Registration for a reason, which is they are behind on sales and need to drum up business,
In this case, chances are they don’t have strong systems of objectives, no discipline when it comes to records of conformity, limited written operating procedures, and run things by “gut feeling.” All of this is fine, at one stage of organizational development, but not fine later on. Customers want you to be a bit more methodical. It helps business continuity.
What you actually need to be ISO9001 Certified
It is quite true that I, or someone knowledgeable, can give you a very short list of things you need to do to become ISO certified:
The first is a written scope statement, and objective evidence that you can do the activities in your scope. What, you may ask, is this? Well, it’s basically a statement of what business you are in, and how to prove it.
True Story
This actually happened to me. I actually was assigned to a Stage 1 audit in a hurricane-prone area. I went to the place, which was a rather weather-beaten metal building into which was installed a collection of ancient machine equipment. This would be a lathe, drilling equipment, a few other things.
“We want to be ISO certified so we can get oilfield business,” the boss said.
“Great!” I said. “Let’s see some parts or records or anything else that says that you’re capable of producing anything that the customer might want to buy. The ISO standard says this has to be validated in order for you to have “machine shop” as your scope.”
“Uh.. well we hired a machinist. Here he is out in the back.”
“Super!” I said. “So you have objective evidence that this collection of equipment is capable of meeting customer requirements.”
“Uh…”
So you know how the rest of the conversation went. I was a nice guy and provided them with a list of things they needed to do. In this case, the boss had a “quality system” that he imported from his previous company which had ISO9001:2000 as the underlying standard. This would make it at least 15 years old.
You need some fundamental things in place
You might be able to do those things, attract a small customer or two, and then prove your scope on that basis. I would be happy to validate your scope if that was the case.
But you can’t buy a lot of equipment, hire an operator, and say that you’re a machine shop and get an ISO registration from a responsible registrar.
You might be able to do so from an irresponsible registrar, if one can be found. That is a side issue.
You have to provide some records or other evidence that you can do what you say you can do. This may actually be more difficult if you are in some kind of consulting business, for example. You don’t have a pallet full of widgets at the end of the assembly line. How do you do that?
Turns out, that the registrars have rules for this kind of thing. The rules differ slightly depending on the registrar as well. In general, as suggested above, you need to provide objective evidence of the activities in your scope. The “ISO9001 Fast Track Registration” is only as fast as you are good.
If your scope is “widget production” it’s easy. Have objective evidence of your capability to produce widgets for some length of time. Ideally this is a long time, less ideally it is a few trial orders with satisfied customers.
If your scope is a service, such as “IT services”, have on hand objective evidence of the successful completion of an “IT Services Contract” whatever that looks like. For the government, they may issue you a DFAR letter or something similar that is evidence that you did your job.
If you are a distribution place, for example, you may have PO records, and maybe some data about on-time delivery.
What if you’re just starting out and do not have any of that yet? It’s the chicken and the egg. Get some customers that need similar products or services, and then we can talk.
The Point of “Proving your scope.”
Keep in mind that your auditor can’t give you anything. He or she has to convince the technical committee within the registrar that you deserve ISO registration. He or she “should”, in theory, be convinced that you can actually do the product or service that you say you can do in some reasonably plausible way.
The point of this is that the registrar is a gatekeeper. It is possible that you can fraudulently make some statement of your capabilities, pay some willing registrar to give you ISO certification, and then you go out and defraud customers. The auditor, and the registrar, are the eyes of the customer. You knew that, didn’t you?
Validating the Scope of Registration
So if your scope is “custom machining of oilfield parts” you had better have objective evidence that you at least made a few prototypes. If you have a consulting business, you’d better have evidence of at least some partially completed projects. If you do some other service, some customer invoices, or purchase orders, or some other documents will have to be available for the auditor to meet the requirements of the registrar.
One of the registrars I work for requires “three to six months of production records” to keep the validity of the system. I guess that would work with service records.
Another one just requires “objective evidence of the ability to do the things listed in the scope.”
Either way, the spirit of this is the same.
ISO9001 Fast Track Registration: The Spirit of the ISO Standard
There is a lot more to say about this topic, so much so that it is worth a couple more blog posts.
If you are responsibly running an “A” business, you have products or services that people love, and for whatever reason you want to be ISO certified, by all means, do the ISO 9001 fast track registration. Buy a quality manual, do the necessary handful of things, and call your registrar to schedule your audit. You can expect this to be somewhere in the neighborhood of 6 to 8 weeks unless you get very lucky and your registrar has auditors sitting around waiting to do this.
You’re actually required to wait one day between the Stage 1 and Stage 2 audits, and it takes a little time for the technical committee at the registrar to review the audit documents. If you got cooperation from the registrar this could happen in a few days.
If you are not in this situation, have a “B-Minus” business that is scrambling to fix customer complaints, short on sales, and don’t really have a system of measurements, ISO certification is definitely for you.
However, you shouldn’t try to do it overnight.
ISO registration would be a perfect way for you to enhance the value of your business by establishing controlled conditions and a methodical management approach. In your case, you should take the time to set up processes and other activities. The ISO registration will more than pay for itself in efficiency improvements. Do yourself a favor and don’t try the ISO9001 Fast Track because it will make your life miserable.
You should know who you are.
The ISO9001 Fast Track Bottom Line
Keep in mind, that a responsible, serious auditor can see right away what you are. If you are after the piece of paper, the auditor knows. If you’re genuine, the auditor knows that too. He or she has been around a little and can tell.
That being the case, the ISO9001 Fast Track is not for everybody. The irony is, the people that are least equipped to do it are typically the ones who feel theyneed to.
There will be some more things to say on this.
The world is full of chaos, and there are no guarantees on anything.