Frequently Asked Questions
This information is expressed in layman's terms, and as a result may differ from the information provided in official ISO and IAF guidance documents. Links to the agencies that administer ISO standards are found on the Quality Sites page. Additional resources may be found in the Quality Standards.com Glossary. Your comments and suggestions are encouraged. What is ISO?
What is the registration process?
What are the basic principles of ISO 9001:2000?
What is the difference between an Assessment
and an Audit?
What is the difference between Registration
and Certification?
What are the benefits of ISO 9001 certification?
What is a Registrar?
What are "nonconformances"?
What does the Registrar do when nonconformances
are detected?
Why can't my Registrar help me achieve
registration?
What is a Pre-Assessment?
Who does a Registrar interview during
the registration process?
What is a Surveillance Audit?
How can a small company adapt to the
requirements of ISO 9001:2000? What flexibility is allowed?
My company provides services. How is the
ISO 9001:2008 standard applicable to us?
Does ISO9001 2000 address financial issues?
What is meant by "continual improvement"?
What is a process?
How much does registration cost?
Can we use our registered status to promote
our company?
What is accreditation?
Are unaccredited certificates valid?
What is ISO 9001 software?
ISO (International Organization for Standardization) is the world's largest developer and publisher of International Standards.
ISO is a network of the national standards institutes of 157 countries, one member per country, with a Central Secretariat in Geneva, Switzerland, that coordinates the system.
ISO is a non-governmental organization that forms a bridge between the public and private sectors. On the one hand, many of its member institutes are part of the governmental structure of their countries, or are mandated by their government. On the other hand, other members have their roots uniquely in the private sector, having been set up by national partnerships of industry associations.
Therefore, ISO enables a consensus to be reached on solutions that meet both the requirements of business and the broader needs of society.
What are the basic principles of ISO 9001:2000?
ISO 9001-2000 (now known as ISO 9001:2008) is based on:
- Customer Focus,
- Effective Leadership,
- The Involvement of People,
- A Process Approach,
- A System approach to management,
- Continual improvement,
- A Factual approach to decision making, and
- Mutually beneficial supplier relationships.
What is the registration process?
Registration is performed by an organization known as a Certification/Registration Body (aka CRB or "Registrar"). It involves the examination of a company's ISO 9001 quality system documentation, and a series of on-site audits. The Registrar looks at the company's procedures, processes, and operations to determine their conformance to the requirements of the applicable standard and to the company's own internal procedures.
The Registrar looks at a variety of issues including but not limited to the applicant company's administrative, design, and production processes, quality system documentation, personnel training records, management reviews, and internal audit processes.
Preparation for registration can take anywhere from several weeks to more than a year, depending on the readiness of the company applying for registration. The actual process of registration depends on factors such as the size of the company, the scope of its activities, and the number of facilities being registered and their locations. The document review typically takes one day, and the on-site audit can take anywhere from two to as much as ten or more days, depending on the factors noted above.
For more information see The Registration Process
What is the difference between Registration and Certification?
Internationally, the two terms are used interchangeably. In the U.S., the national accreditation body uses the term registration to reduce confusion by consistently associating registration with the qualification of management systems and associating certification with the qualification of either products or individuals as in "product certification" or "Auditor certification."
What is the difference between an Assessment and an Audit?
Internationally, the two terms are used interchangeably, as are the terms "Assessor" and "Auditor". The ISO number indicates which ISO standard is being audited, thus an ISO 9001 Auditor can conduct an ISO 9001 audit, but may not be qualified to conduct an ISO 14001 audit.
Who does a Registrar interview during the registration process?
A Registrar's audit team can interview anyone from the chief executive officer to line workers and operators. This interview process is typically done on a sampling basis and covers a wide range of personnel from diverse divisions and departments.
What are "nonconformances"?
A nonconformance represents a failure to conform to a standard such as ISO 9001:2000/2008, or to the requirements of the company's quality management system. Such failures are usually broken down into minor and major nonconformances, depending on the significance of the nonconformity to the quality system.
A minor nonconformance doesn't necessarily indicate a systemic problem with the quality management system. It is typically an isolated or random incident. For example, if the most current version of a document is not available at an operator's station; the updated version exists but a copy of it is not available for the operator's use and the operator is using an outdated procedure. Other examples could be a form without a document control number on it or an internal audit with an overdue corrective action request pending. Nonconformances may also be issued during the Document Review if a firm's quality system documentation is found to be lacking.
Typically, major nonconformances occur when a company has not addressed all of the requirements of a specific element or criterion, leading to a breakdown or potential failure of the quality system. They also occur when a company has put a process or procedure in place but cannot demonstrate effective implementation. It is unfortunate that one of the of the most common major nonconformances results when a company fails to complete a compliant internal audit and/or management review prior to their Initial Assessment.
A major nonconformance can also occur if a significant number of minor nonconformances in a given activity or against a given element point to a systemic failure. For example, a minor nonconformance in document control may not in itself constitute a significant problem. But if several problems (the audit team leader judges what constitutes a significant number) are found with document control, this points to a larger systemic document control problem and would constitute a major nonconformance.
What does the Registrar do when nonconformances are detected?
Usually the Registrar will require corrective action for minor nonconformances to be implemented no later than the next scheduled Surveillance Audit. Major nonconformances are typically required to be corrected as quickly as the Auditor feels is possible. Most Registrars will not issue a Registration Certificate until any major nonconformances have been acceptably corrected. In some cases, if a nonconformance can only be cleared by on-site inspection, the Auditor may require a special follow-up visit.
Why can't my Registrar help me achieve registration?
To prevent conflicts of interest and ensure that the validity of the registration certificate is beyond reproach, a Registrar is not allowed to give advice to the company it audits. To prevent conflicts of interest, the Registrar may not recommend a specific consultant, and it is prohibited from stating or otherwise implying that it may be easier for a firm to achieve registration as a result of using a particular consultant.
The Registrar will identify (and in some cases the Auditor may explain the reasons for) problems (nonconformances) found with a firm's quality system, but it is up to the company to determine and implement appropriate corrective actions.
What is a Surveillance Audit?
Surveillance Audits are the means by which a Registrar verifies that a quality management system remains effective and conformant. The Auditor checks certain key elements of the quality system at each Surveillance, verifies that the Internal Audit and Management Review activities continue to be effective, and verifies corrective action for any nonconformances that may have resulted from previous audits.
The two most common schedules for surveillance are two audits per year at approximately six-month intervals, or one annual Surveillance Audit. The total number of audits days per year will be the same in both cases, and should total about one-third of the days that were required for the Initial Audit, as required by International Accreditation Forum Guidance documents.
Surveillance frequency is determined by factors such as the complexity and effectiveness of the system.
What is a Pre-Assessment?
A Pre-Assessment is an option that helps a company determine its readiness for the actual Initial Registration Audit. Other terms for Pre-Assessment are Pre-Audit and Trial Audit. Pre-Assessments offer the opportunity to experience a third-party audit with no risk of failure, and may be performed by the Registrar or by an impartial third party. The number and frequency of Registrar Pre-Assessments are limited by ANAB guidance.
In most cases, a pre-assessment by your Registrar is preferable to one performed by your consultant, because even though your consulting firm is allowed to recommend specific solutions, the fact remains that they are auditing their own work and may be biased and miss problems. For this reason, firms that want a "second opinion" often hire another independent consultant to perform the pre-assessment, which should include evaluation of the quality system documentation.
How much does registration cost?
Registration costs depend primarily on the amount of time that the process takes, which is based on factors such as the standard being audited, the number of employees, the scope and complexity of the company's operations, and the number of facilities being registered. The initial cost for an ISO 9000 Document Review and on-site Audit for a company with ten or fewer employees typically runs between U.S. $2000-$4000. The cost of maintaining the registration will vary based on the cost per day and frequency of surveillance audits, and on the amounts of the Auditor's travel and lodging expenses.
The amount of auditor time required for the Initial Assessment is based on International Accreditation Forum Guidance. When soliciting quotes for registration, a company should be sure to ask the Registrar if they have qualified local Auditors, and to confirm how many employees and what other criteria will be used to determine how much audit time will be required.
Any activity or operation, which receives inputs and converts them to outputs, can be considered to be a process. Almost all activities and operations involved in making a product or providing a service are processes.
For companies to function, they must define and manage numerous interrelated processes. Often the output from one process will directly form the input into the next process. The systematic identification and management of the various processes employed within an company, and particularly the interactions between such processes, may be referred to as the ‘process approach’ to management.
What is meant by "continual improvement"?
Continual improvement refers to the need for a company to stay focused on increasing the effectiveness and/or efficiency of its processes, to fulfill its policies and objectives. Continual* improvement (where "continual" implies that the improvement process requires progressive consolidation steps) responds to the growing needs and expectations of customers and ensures a dynamic evolution of the quality management system. *Although the word "continuous" is sometimes used, it is usually inappropriate in this context because it implies constant (uninterrupted) activity.
Does ISO 9001:2000 address financial issues?
While financial information may be used to demonstrate the effectiveness of certain aspects of a firm's quality management system, it is not specifically addressed by the ISO 9000 standard. ISO 9004:2000 guidance emphasizes the financial resources needed for the implementation and improvement of a quality management system, but ISO Registrars do not require or audit financial information, and any such information that may be disclosed in the course of an ISO audit should be protected by a strict confidentiality agreement with the Registrar.
How can a small company adapt to the requirements of ISO 9001:2008? What flexibility is allowed?
The requirements of ISO 9001:2008 are applicable to small, medium, and large companies alike. ISO 9001:2008 provides some flexibility, through clause 1.2 “Application”, on the exclusion of certain requirements for specific processes (e.g. those covered by clause 7, such as design activities) that may not be performed by the company. However, the company still needs to demonstrate its ability to meet customer and any applicable statutory or regulatory requirements, and to consider this when formulating its quality management system.
My company provides services. How is the ISO 9001 standard applicable to us?
ISO 9001 was designed to take a "generic" approach applicable to all types of companies. As such, it is equally appropriate to all sectors, including service providers. The ISO definition of the term 'product' includes services.
Can we use our registered status to promote our company?
It's no secret that registration to any of the international ISO standards sets a company apart from its competitors and can help get new customers while retaining existing ones. There are numerous effective ways to let your customers know how and why registration makes your company and its products better.
Many people don't realize that there are specific rules that apply to the use of ISO as a marketing tool. One common mistake is to claim that one's product is "ISO-Certified" or "Registered". Registration applies only to a your quality management system, not to your products or services. For this reason, you must never use language that could be misinterpreted to mean that products or services are ISO-certified, and in fact the Registrar may withdraw a firm's registered status if it engages in such practices. For these and other reasons, the International Organization for Standardization (ISO) completely forbids the use of its copyrighted ISO logo. For specific guidance on this issue, consult the ISO website or ask your Registrar.
What are the benefits of ISO 9001 certification?
Customers and users will benefit by receiving products and services that are:
- Conforming to the requirements
- Dependable and reliable
- Available when needed
- Maintainable
People in the company will benefit by:
- Better working conditions
- Increased job satisfaction
- Improved health and safety
- Improved morale
- Improved stability of employment
Owners and investors will benefit by:
- Increased return on investment
- Improved operational results
- Increased market share
- Increased profits
Suppliers and partners will benefit by:
- Stability
- Growth
- Partnership and mutual understanding
Society will benefit by:
- Fulfillment of legal and regulatory requirements
- Improved health and safety
- Reduced environmental impact
- Increased security
It should be noted that a company can have an effective quality management system and enjoy most of these benefits without ever becoming registered. Because a quality system must be fully implemented before registration can take place, that is in fact how firms begin. One significant advantage of registration is the increased credibility and recognition that comes from having independent third party verification that your quality system is performing as claimed.
What is a Registrar?
A Registrar (also known as a Certification/Registration Body, or CRB) is a third-party company that is contracted to perform an impartial evaluation of a company's quality, environmental, or other management system's conformance to the requirements of the appropriate ISO standard, and to issue a registration certificate once conformance is verified.
What is accreditation?
Accreditation is the means that a national authoritative body (such as the ANSI-ASQ National Accreditation Board, or ANAB) uses to give formal recognition that a Registrar is competent to carry out specific tasks. Accreditation, which is voluntary and strictly enforced by the accreditation body, provides assurance to a Registrar's customers that the Registrar operates according to internationally accepted criteria.
Are unaccredited certificates valid?
The issuance of unaccredited registration certificates is a hotly debated topic in quality assurance circles, primarily because an unaccredited registration is subject to less scrutiny than an accredited one.
An unaccredited certificate issued by an accredited Registrar may well be just as trustworthy as an accredited certificate, although it would not be recognized internationally. Registrars sometimes issue such certificates at the request of companies whose operations make it difficult or costly to comply fully with their chosen standard. (For example, a firm that performs exactly the same processes at a huge number of locations or in several countries might find ISO auditing requirements to be cost-prohibitive. By choosing an unaccredited approach, a smaller number of sites might be sampled at each surveillance, thereby saving the company a great deal of money while achieving essentially the same results.
A registration certificate issued by an unaccredited registrar, however, would be considered questionable by most quality professionals and would not be recognized by accredited registrars nor by most knowledgeable companies.
What is ISO 9000 software?
ISO software most often refers to document templates used by consultants and their clients to create ISO 9001-compliant quality management systems. An ISO document template can save time and will ensure that all elements of the standard are included in the company's documentation, but it does not guarantee that the documents will be an accurate representation of how the company's quality system really functions.
Although an experienced quality manager should be able to customize such templates for his or her company, a better approach would be to hire a quality management consultant who is familiar with both the template and with the industry in which the company operates.
Updated 25 March 2009