ISO 9000 is the series for international quality management system standard (QMS). QMS ISO 9001 is not products or services specific, but to the processes that produces product and services. The standard under which an organization can ascribe for certification (or use the term registration) is specifically ISO 9001, and the most recent version is the year 2000. ISO 9001:2000 addresses an organization's processes and activities in helping organizations to objectively demonstrate its capability to meet customer requirements (and expectations). ISO 9001 is of descriptive nature (not prescriptive) and applies to generic categories of products or services.

Note on prescriptive: Variants derived from ISO 9001:2000 are typically prescriptive.

ISO 9001:2000 certificate of registration provides organizations with the benefit of an independent and competent assessed quality management system. ISO 9001:2000 certificate of registration are issued by a registration body. Registration bodies are accredited organizations and entities empowered to grant certification. Each country can have its own accreditation body, some of the better known are  are RvA, EMA, JAB, UKAS, SCC... ANAB. In turn certification bodies may grant registrars the right to bear the trademark of the registration body in issuing certificates of registration (doing work in their behalf). Thereof, expect that it may be more effective and efficient to interact with an International Registration Body such as DNV from Norway, BSI from the UK, BRS from the USA, TÜV from Germany...

An effective QMS needs to progressively contribute to improve your organization's performance; by competent audit teams applying advance techniques, methods and principles that relate to quality, competitiveness, and managing risk the QMS can be a significant contributor to an organization's objectives. These benefits can be evident by assuring that the necessary elements for competitiveness within a "Knowledge Based Global E-conomy" concurrently with and enticing reduction of hazards and risks.  Read-On for ISO 9000 FAQs (also under ISO 9000:2000 FAQ questions, supplemental to this page-portal). Also within this portal we provide information on ISO 9000 variants including; HACCP MS / ISO 22000, ISO 13485 , AS9100, TL 9000, ISO/IEC 17025, ISO/IEC 17024, ISO/IEC 17799 | ISO/IEC 27001, ISO/TS 16949 and others....

The ISO 9000:2000 series of international standards includes, among others, ISO 9000, ISO 9004 and the specification requirement ISO 9001:2000. The International Standard, General Requirements for Quality, ISO 9001:2000 allows the exclusion(s) of clauses of section 7 (clauses 7.0  through 7.6 - ISO/TS 16949 limits exclusions to clauses of section 7.0). On the basis of ISO 9000:2000  requirement standards series leads to development of other schemes specifically addressing industry sectors (or industry specifics), namely ISO 9001 variations or variants;
 

• ISO 22000
• ISO 9000-3 (basis for Tick-IT),
• AS9100 for Aerospace / Aviation,
• ISO 13485 (compatible with FDA cGMP QSR 21 CFR Part 820) for medical devices,
• TL 9000 for telecommunications,
• HACCP into ISO 9001 (food sector) - ISO 9001 "HACCP MS" (ISO 22000),
• ISO/TS 16949 (harmonizing automotive sector standards),
• ISO/IEC 17024 for the certification of individuals,
• ISO/IEC 17025 for competence of laboratories, and
• others include security of information ISO/IEC 17799 (... and others... EN 13816...)

ISO 9001:2000 propitiates the necessary management principles with a greater scope of requirements to its predecessor with lesser specific (explicit) documentation requirements. For the International Standard ISO 9001 year 2000 an organization must include the business process and cycle activities as a requirement to define its scope plus demonstrating continual improvements, while focuses relating to clients, markets, and similar. The business cycle may include process activities from marketing to the delivery of the product or service, namely the "supply-chain".

 

 

 

 

 

 

The following are Frequently Asked Questions (we encourage to browse and print this page)

1. Why does the ISO 9000 series receives such great attention?
2. Which are the general requirements for the applicable standard?
3. Why needing the International Standard QMS ISO 9000 series?
4. What is certification-registration?
5. Why consider registration-certification?
6. What are some of the requirements to start?
7. How do I select the registrar or registration body?
8. What is the cost of the registration | certification?
9. How do I know if registration | certification is important to my company?
10. Occupational Health and Safety OHSAS 18001, ILO-OSH and ISO 9000:2000?
11. What is ISO/IEC 17025 and ISO/IEC 17024?

Why does ISO 9000 receive such (great) attention?

Registration to ISO 9001 exceeds 500,000 organizations worldwide.

A report from "Manufacturing News", provides the following: Companies publicly trading that posses ISO 9001 registration reported improved financial performance. This study has been conducted in collaboration by UCLA, the University of Maryland and the Universidad Carlos III in Madrid since 1997. Processing sector reports a steady return on asset rate of 17.9%. However, non-certified firms saw their ROA drop over the same period. The study reports many other favorable aspects thus it has been proven that does lead to relative improvements in ROA mainly through increased productivity. Other industrial sectors have shown even more pronounced improvements some as high as 37%.

For the International Standard Series ISO 9000 (given by ISO 9001 requirements) to be effective requires the participation of the organization as a whole, and includes the technostructure, operational / business cycle, and administration. Contemporary quality goes beyond the concept of quality control and assurance (communication, command and control); quality is not the responsibility of some but that of the organization as a collective entity / enterprise. Some of the fundamentals require for organizations to address and focus on customer requirements + continuously improvement processes... The organization must consider implementation of the fundamentals determined by ISO 9001 such that continual improvement is  a progressive process (considering the organizations role in the "supply-chain"). The International Standard applies to all types of organizations including manufacturing, banks, hospitals, mining, petroleum, services, and government... The beauty of ISO 9000 is that does not imposes - its is descriptive in nature and not prescriptive... implies that it does not impose how the organization is to perform, it requires that the organization address its management system in response to ISO 9001:2000 requirement-clauses and that it focuses on its market and clients and the organization's objectives, ISO 9001 is of descriptive nature. ISO 9001 has lead to the development of other schemes / variants and these include; AS9100, ISO/TS 16949, ISO 13485, ISO/IEC 17799... | ISO/IEC 27001… and TL 9000, ISO 9001 HACCP, ISO 22000. ISO 9001:2000 variants are prescriptive in nature when compare with the International Management Systems Standard ISO 9001:2000. From implementation to achieving a certificate of registration some of the principles that ISO 9001 entices are for the  organization to improve business performance by anticipating to market trend, evolution of regulatory requirements (e.g. Sarbanes-Oxley), as well as addressing discontinuance of technology.

Further, it is the intent of ISO 9001 providing a path for improving an organization's bottom-line performance through cycles considering identifying, planning, controlling and acting on matters relating to satisfying customer needs, consumer protection, organization's objectives, reduction of risk...  

..

Which are the general requirements for the applicable standard?

It is a managerial scheme enticing organizations to improve performance through processes and activities (greatly reducing specific procedural documents than the 1994 version) - please note that variants of ISO 9001 2000 may require additional procedural documents such as in the case of AS9100, ISO/TS 16949, TL 9000, ISO 13485, ISO 22000. For consistency and systematization it is essential that those activities and controls important to the organization's management system be consider within its documentation structure and its implementation. At times, without documentation, it may be difficult to objectively demonstrating an effective management system (and in some industry sectors may be a deterrent to verifying effectiveness). However, ISO 9001:2000 does require that organizations document those activities and processes that are important (key) to the organization's nature of activities... ISO 9001:2000 requires as absolute minimum to document process relevant to: (1) Control of Documents, (2) Control of Records, (3) Control of Non Conformance, (4) Internal Auditing, (5) Corrective Action, and (6) Preventive Action. Without "key" documentation, the management system is only a series of practices and methods that are at times difficult demonstrating effectiveness in control and improving performance. Without documentation, the practices and methods are conjecture and convenient to time and / or to (some) individuals. ISO 9001:2000 requirements for documentation initiate with a quality policy relating and inclusive to a quality manual that address each of the ISO 9001 2000 requirement-clauses and referencing procedures (whether explicit or implicit documents). It is NOT advisable that external to the organization personnel specifically develops, completes, and formalizes these documents comprising the management system.

Of interest to many, integrating management systems; ISO 9001 concurs with ISO 14001, both rely less on documentation of procedures, and more on procedures (not necessarily documented), objective evidence, training, competence, and awareness / consciousness. And only with the necessary documents to substantiate the effectiveness of the management system focusing on competitiveness (and reduction of risk) thus assisting in the objectives to improve the organization's  objectives / goals of performance.

For a management system to be effective, implementation must be consistent with practices and methods, thereof the management system does not need to rely on a specific function such as a "Quality Department" (however, do consider that some of the ISO 9001 variants expect that a specific managerial role... with responsibility on "quality").  Effective documentation and records, in simple terms, propitiates development and advancement of an agile and yet robust management system concurrent with the objectives of the organization. This enhances (facilitates) that a management system operates within the team concept, and one that precludes the burden brought by namely "bureaucracy." An effective management system measures its results through the policy, objectives, effectiveness, and performance in adding value to the customer (improving). Thus, management evaluates and diagnoses the level of effectiveness against market / customer expectations and from thereon improves. Improvement can be address by analysis, market studies, tendencies and trends, corrective action, and better yet through preventative measures. Improving requires identification of  causes and thus a basis for improvement (such that a learning experience happens). It is imperative that organization improve not by merely attacking symptom but by tackling causes, and better yet preventative measures.

Variants of ISO 9001 addressing specific industry sector, some of the better known are:

• Aviation - AS9100;
   
• Food - (HACCP MS), ISO 22000;
   
• Medical Devices - ISO 13485 (Registration to ISO 13485:2003 does not constitute registration to ISO 9001, as these are exclusive);
   
• Automotive - ISO/TS 16949;
   
• Telecommunications - TL 9000 (SW, HW, FW and Service);
   
• Laboratories for test and metrology - ISO/IEC 17025;
   
• Certification of individuals - ISO/IEC 17024;
   
• Security of Information - ISO/IEC 17799 | ISO/IEC 27001 (consistency pair of standards);
   
• [Transportation - EN 1316 (or international ISO 9001:2000)];
   
• Occupational Safety and Health - ILO-OSH-2001, OHSAS 18001, Loss Prevention thus OSHMS; and
   
• Others... as these develop
   

• Providing the path for advancing to new levels of competitiveness,
• It is a contractual requirement,
• In some regions, the need is to be more competitive and in other preventing exclusion from some business activities,
• A fundamental management system as a basis for integrating methods and techniques for continual improvement...

An organization that is require abiding to Sarbanes-Oxley may find ISO 9001 as an excellent tool for maintaining internal controls. 

What is certification-registration?

Foremost, registration to ISO management systems is voluntarily. Registration comprises of a process by which a third party, known as a Registration Body or a Registrar examines, evaluates conformance and validates an organization's implementation of a management (quality, environmental, safety, security...) system conforming to International Standards such as ISO 9001 or one of its (namely) variants (or other standards / schemes). Certification-Registration applies equally to ISO 9000:2000 and variants such as ISO/TS 16949, AS9100, TL 9000... This examination, verification, and concluding "validation" refers to an assessment-auditing process. An external (3^rd party) conducts this audit. 3^rd Party registrars are under accreditation for the purpose of providing valid registration. Some of the well known and globally recognized accreditation bodies, known for ethics and integrity, is the "Dutch Accreditation Council", Raad Voor Accreditatie - RvA, UKAS (UK), SCC (Canada), DAR (Germany), ANAB (USA), EMA (Mexico Accreditation Entity) and others with ties to their own country government within nations comprising the "ISO". You may want to visit our Registrar page for listing recommending registrars and linking to accreditation bodies. In order to maintain the integrity and ethics values under a standardization scheme, accreditation of Registrars is common (or either these are objectively in process of accreditation).

Note - Registration or certification (equivalent language depending on the world region, for conventionalism responds to the region you're...). In the UK the term certification has a different implication (...humorists to say) thus the term Registration is the "order of the day" (and for this reason, adopted in Canada). In the USA and Latin America both, certification and registration terms, are been applied/used. Regardless the ISO/IEC Guide 62 (ISO 17021), is a key standards to which registrar must abide and basis of accreditation refers to the term certification / registration. 

There are various reasons why an organization elects / pursue management system certification-registration:

 

Marketing strategy, in pursuit of becoming or maintaining a "benchmark" position in a specific market (e.g., manufacturer, hospital, police department... and other service providers).

Ascertain that no exclusion affects business and commercial activities.

Customer requirement... a customer requires certification - registration...

Of interest to small organizations; recently a company president and owner... "…finally I can go on vacation."   A requirement set forth by the market for product qualification... advancement... e.g., CE Marking for Medical Devices (e.g. Canada - CMDCAS, EU - MDD)...

Improving the competitiveness and operations activities performance.   Implementation of management fundamentals thus improvement can strive within an organizations infrastructure, the supply-chain.   Business alliance.   Imposition as a contractual requirement by client or even a regulatory entity / authority.

Note: BULLTEK has develop techniques and methods for agile and robust management system implementation, two case studies The Willow Manufacturing Co., Canada, Renard in Florida... achieving registration, further Canadian Willows Manufacturing has become a Global World Class Showcase. However BULLTEK LTD effective 2003 no longer provides direct consulting or training and only under special conditions.

After a firm commitment by executive / top management, consider the following (essentials) on the road to implementation and achieving certification-registration:

Selection of a Registrar or Registration Body?

Do not take lightly selecting a registrar or preferable an international registration body. Why? (1) Its a long-term relationship, and (2) poor selection lead your organization into an incompatibility between your business objectives, goals, and resources. The market where selling products or providing services must be taken in consideration as well as values, mission, and the expertise of the registrar in your process and activity sector. Other key aspects is that the registrar be customer-centric and knowledgeable on contemporary techniques relevant to global competitiveness and reduction of risk. Whilst Registrars must follow the same protocol they not all operate equally (or the same) - see our web page for registration bodies and registrars .

Registrars and Registration Bodies, Note: While not "all" agreeing with us... we consider that a "Registrar" construe as a branch of a registration body (namely registration body), thus the accreditation body may not maintain the same level of surveillance as to the Certification Body. another way of seeing such explanation is looking at the difference between centralized and decentralized operational activities. Thereof the difference in terms we use for Registrar and (International) Registration Bodies.

The selection protocol involves; identification, contacting, evaluation of the choices - compare, select, communicate, identify scope, quote, mutual agreement, and proceed to the adequacy auditing (namely Phase I, documentation review, planning, or even part of a Phase II). In addition, registrars provide an optional service pre registration auditing which your organization may consider but not needing. From "Phase I" your organization may move onto certification-registration (Phase II) assessment-audit leading to recommendation for certification-registration, achieving registration, and from thereon through surveillance assessment-audits (for most likely) a 3-year agreement. Further, and of key importance, is the selection of the assessment audit team... Organizations in the past have allow external auditors imposing their own view and interpretation regardless of those of the organization's objectives... we recommend that organizations obtain as much information from the to be Registrar and Assessment Team Assessors as if they where going to be full time employee - an  indicator to effectiveness... are registrars / certification bodies operating under ISO/IEC 17024:2003. Finally yet importantly, you may wish to consider that the assessment process includes adding-value analysis (truly adding value, not gimmicks of adding value).

We shall not forget that registration bodies or registrars are service providers. It is you who selects a registrar that meets your criteria and benefits your organization's effort, and don't decide on the amount or colorfullnes of a brochure or if they are "big" - small registration bodies or registrars provide a degree of service satisfaction not seen with bigger registration bodies or registrars (focusing on becoming the biggest...). Certification-registration for all purpose is the same under one or numerous accreditation, publicity about being big or having the more number of registrations does not mean much to your objectives. Consider a registration body that adds true value through assessments, friendly, ethical, and which operates ethically and with integrity.

What is the cost of registration | certification?

Answering the Registration Body's | Registrar's fee the answer is easy, just call, or request a quote through completing an application questionnaire. For regions of North America the range varies from $500.00 to $1,2000.00 for application and yearly fees and between $1,100.00 to US$1,800.00 per day plus expenses per individual (auditors or otherwise) and others costs related to the activity and paperwork / administration. In global regions other than North America, the price per assessment / day goes down to US$800.00 and even less than US$600.00 (again depending on the global region). In India it could be as low as US$300.00 per auditor / assessor day. Registration bodies or Registrars, as require for ISO 9001 registration operate under ISO/IEC Guide 62 (or ISO/IEC 17021... for ISO 14001... see ISO/IEC Guide 66...) and others to develop a documented managerial system for the business of providing "Registration", and which requires to define the "assessment days" with a specific protocol and control. The organization's size, activities, locations, nature of business activities, and scope may be an indicator of total costs. We courteously and under no obligation answer specific questions, contact us . We recommend that the registrar be under direct surveillance of an accreditation body, and not a subsidiary of registrar which is rarely or never receives accreditation body assessment (verify this fact).

Herein we provide some information for a small size company in North America:

First year registration protocol for one site, approx. 175 employees (requiring 8 days +/- 30%), specialized activities for a regional market, consider US$9,800.00 (+/- 30%) [+ travel expenses] - this includes initial assessment + follow-up surveillance assessments (3-year agreement).

Multiple sites within a region (e.g. US, Canada, Argentina, Korea, etc.) with multiple activities selling globally with over 4,000 employees consider a total package under US$300,000.00 (including registrar and travel expenses for external parties).

Important Note - it is essential that at the onset the route from point "A" (commencement) to point "B" (namely achieving certification-registration) be as "straight" as a "speeding arrow", efficient and effective. Further, the process shall be a vehicle for robustness and providing a path for agility and improvements. Otherwise, it could be that the cost becomes insurmountable.

How do I know if registration | certification is important to my company?

Implementation and maintaining a management system on the basis of recognized Internationally standards is the "norm" more than an "exception" in many industry (and government) sectors. In some regions it is matter of either survival (in others a matter of competitiveness).

In assisting you we provide some questions for you to consider...

	What is the trend on your customer's voice toward satisfaction? How do you know this? Is it factual or is it purely "gut feeling"?   Has our organization improved in the last 3 years? Can we provide objective measurable evidence?
	Once registered to ISO 9001 how would this affect our national objectives and/or export business objectives? How do we know this?
	What regulations or codes apply to our industry group?   Whether there is a believe that it will assist or not (e.g., meat packaging, pharmaceuticals, chemical, nuclear regulatory, government)...
	What is the competition doing in response to ISO 9000? Do we know this through evidence?
	In relation to the requirements of the International Standard ISO 9001, where does our management system stands?
	What initiatives do we currently have in place to improve productivity and to reduce waste factors (time, money and alike)? What initiatives have we successfully completed? Do we have a continual and/or continuous improvement program?   Are customers invoking ISO 9001 registration?

Perhaps a key question is... How long more should your organization wait to implement a robust yet agile operating management system? What priority should we place...?

You may want to consider an ethical International Registration Body that within its values and mission provides adding-value-assessments, protection, reduces risk, certifies its own body of assessors-auditor and technical experts, provides for improvement and preventative opportunities for improvement... a true partnership, one who's reputation does not merely rely on number of certifications (certification-paper mills). And to surprise of many price-cost structures are equivalent the same.

ISO 9000 and OCCUPATIONAL HEALTH, IS THERE A NEW STANDARD (ISO 18000?), NO and why not?

Through ISO 9001 (and ISO 14001) any organization can extend the scope of its activities to include reduction of risk and address regulatory requirements such as those related to Occupational Health and Safety , further ISO 9001:2000 invokes throughout its clauses in various sections (including legal requirements). In the USA there is a legal requirement under the OSHA (Occupational Health and Safety Act) and in many countries such as in Italy, USA, Canada... Colombia there are very stringent and enforceable requirements for safety & health comparably equivalent, thus it is a social-fiscal obligation.

Note: OHSAS 18001 is not ISO 18001 (which does not exist) and is in tune with other management systems protocols such as OSHMS, OSHMS.

ILO-OSH / OHSAS 18001 / Loss Control are internationally recognizable schemes providing a basis for implementation of Occupational Safety and Health. Whilst ILO-OSH | Loss Prevention and OHSAS 18001 are voluntarily implementation schemes, International Registration Bodies may develop their own occupational health and safety management scheme for and under which an organization registers its own system, such as DNV Loss Prevention, BRS OSHMS...

Requirements and format structure of OHSAS 18001 and ILO-OSH are compatible with ISO 9001 and ISO 14001. This provides for organizations to integrate management systems as mutually inclusive or mutually exclusive such as; ISO 22000, ISO 9001-ISO 14001-OHSAS 18001, ISO 9001 + ISO 14001-OHSAS 18001 / ILO OSH... loss control and any possible other combinations beneficial to the natures and objectives of the organization implementing and registering such standards.

What is ISO/IEC 17025 and ISO/IEC 17024?

ISO/IEC 17024 is a management standard applicable to laboratories performing tests, assays, analysis and calibration; ISO/IEC 17025 - General Requirements for the Competence of Testing and Calibration Laboratories. While ISO/IEC 17025 takes from ISO 9001 it does invoke specifies prescriptive requirements relating to competence, uncertainty, reporting and validation of tests. Once a laboratory achieves ISO/IEC 17025 implementation, verifiable by a Third Party Registrar, it indicates that it is an "Accredited" Laboratory, whilst ISO 9001 applies the term "Certification - Registration". ISO/IEC 17025 is of "higher level" and more stringent (than ISO 9001; it requires that the laboratory - organization to address the requirements at a higher level of technical competency - visit the ISO/IEC 17025 page....

ISO/IEC 17024 ... certification of individuals... is the international standard that provides specifications for organizations granting - issuing certification of individuals services. For example; an academic institution providing education... providing objective evidence of academic achievements... diploma... can opt to meet ISO/IEC 17024 and thus third party registration is an option objectively demonstrating to others meeting these requirements. It is the intent that International Registration Bodies are require to meet this stringent requirement to assure competence of individuals or otherwise require that auditors be recognized, certified or register under an organization providing such services. However, only a handful of international registration bodies or their branches (namely registrars) meet the requirements of ISO/IEC 17024, visit our Certification Bodies and Registrar List Page as few Registration body meets this criteria.

© Copyright 2000
BULLTEK LTD, All rights reserved 2008. Page updated 11 May, 2008