In this article, we’re discussing how to implement an ISO 9001:2015 quality management system in your organisation.
I’m the CEO here at Best Practice, and I’ve been thinking back to when I started the business. I’m thinking about all the systems I’ve looked at, and I’ve talked about it with the team to come up with top tips and tricks for you to follow in terms of going through that process and understanding what it is that you need to do.
The first thing I’d recommend that you do is some reading: most importantly: grab a copy of ISO 9001:2015 from our Training Academy. So, step one is some reading. Now, dropping down, starting with an internal audit, or your own little gap analysis in terms of what you need to do to understand what’s the standard is – how does it apply and learn through the process. More importantly, what we’re looking for when implementing a system is a raft of evidence… so why not get started straight away.
Do not- and this is tip number one- do not go and write lots of policies, or get a whole bunch of templates. You’ll get too caught up in what you need to write down. So, tip number one: start with an internal audit. Now what you can do is you can jump on to the Best Practice Training Academy here and download the ISO 9001:2015 checklist. There’s a checklist for the standard and they’re easily accessible. That’s going to give you some things to focus on and make the priority.
The second thing to do is talk to your stakeholders. They might be the executive management of the business that ask you to look at ISO 9001:2015, they might be customers or they might be your regulators. Have a think about what their needs are. It’s important to start to convene your system and start to assemble your system from day one. Now, once again, I’m saying don’t go and write lots of documents. Start with this process the documents will come later. So, after you have conducted your internal audit, in the context of thinking about your stakeholders, I want you to think about the opportunity to conduct your very first management review. So that is step number two.
Now, out of that, we can start to think about risk-based thinking and we can do some analysis. So, how do you conduct a management review? Assembling the senior management or top management in your organization is important to talk them through your findings for your internal audit and start thinking about risk-based thinking and how you can mitigate or eliminate these risks. The management review is your record for your system implementation.
So, what other evidence do you need? You need your internal audit records – you can use our checklists from our website as the record. For the management review, setting meeting minutes would be your record there. For more information on what this looks like, watch the video at the top of this article.
Now, we’ve got another process that’s starting to occur here in terms of our risk-based thinking and what we want to start to identify over here is our controls. And you can start to look and identify those as part of your analysis, engaging with your stakeholders. So, your stakeholders will help you to specify what the controls are. The stakeholders could be staff, managers, anyone working in the organization, suppliers and contractors. You need to build out and manage those risks that you’ve identified. You might be thinking: “Wow, this isn’t looking like a quality management system – what’s the how-to?”. This is the ‘how-to’, because what we want to see is the management system. We want IT- we don’t want to see all these documents. We want to see that there’s a self-evaluation cycle in place, which is your internal audits and management review, and we want to see an improvement process in place. So, what we can start to do is capture improvements.
So, what do we do next? Well, there’s going to be a couple of things. This management review and internal audits start to establish our cycle of continual improvement. So, moving right along we can start to talk about our business plan. Now you might say: “Hey, I work for a massive organization. I’m not involved in the business plan”. Well, that’s not ultimately what we want to see. We want to see that the management system is tied into the business.
My suggestion here an improvement register, for example. So, we can talk about non-conformance, opportunities for improvement, corrective action, preventative action and all those sorts of things. Those improvements are going to feed back into the management review, and spilling out of that is controls. Controls include things like training. We can look at training to have people implemented controls. Policies, procedures, work instructions, guides, all those sorts of things, but try to minimize these as much as possible. I would suggest video guides as a fantastic way of creating controls. These are all different ways to have people manage the risks. So, it’s all about this risk management here in the context of management review.
Now, in the absence of a business plan you can use ISO 9001:2015 as the business plan, but what are we really focusing on here is what the objectives and targets are. Now, there are lots of videos here on YouTube and on Facebook and all that sort of stuff and what the reading about smart objectives and target.