Do It Yourself “Rapid ISO 9001” – Ten Quick Pointers

by Christopher Paris

Recently, a fellow posted a question on LinkedIn asking for tips on how to implement ISO 9001 quickly. Like a batsignal going up, I was compelled to reply. I came up with a list of 10 — okay, 11 — points that summarized what I have been saying for years now. I thought I’d reproduce my response here.

In no particular order (and not meant to be comprehensive by far):

1.) Avoid “steering committees.” These are invented to offload responsibility of the consultant, or internal ISO guy, onto a group of people who he can later blame everything on when it stalls. You’ve heard the joke that a camel is a horse designed by a committee. There is no need whatsoever for a steering committee unless you are implementing ISO 9001 in an organization with thousands of employees over many, many sites. These committees inevitably slow the process down. Instead, assign the roles to a few key individuals, and have signoff responsibility for procedures and tools per my next suggestion, # 2.

2.) Don’t have everyone sign off documents. Have ONE key subject matter expert (SME) or top manager sign off on top-level procedures, and only a ONE SME sign off on anything of a lower level. As soon as you add a second signature, you invite delay, disagreement, egos, and trouble.

3.) Read the standard and interpret it how you see fit for your organization. You can listen to, but not rely solely, on the experiences of others from other companies. How they did it at AirBus isn’t going to be useful if your company only has ten employees. Keep it simple, keep it customized, keep it organic to your company and its philosophy. If your intent is to get the company certified later, then make the certification auditor understand your interpretation.

4.) Avoid document numbering. Not required by the standard, and it only increases the chances of nonconformities due to mis-typed references to numbers, and makes for a hellish editing experience if you ever change a number. Refer to documents by titles. After all, you don’t buy a book at the book store by ISBN number.

5.) Keep tools simple. Document control can be done entirely in your computer’s operating system without buying any third party software. Calibration can be managed with a simple spreadsheet. Record control can be a simple table written in Word. The approved vendor list probably already resides in your accounting software.

6.) Enforce quick approval of documents. The biggest delay in any implementation is the document approver(s) dragging their feet. Have top management force the issue. If it takes more than a few days to get a document approved, something is really wrong.

7.) Develop your program, and procedures, based upon what you do NOW. Then fill in the gaps or change things only where they clearly conflict with the standard. Don’t reinvent fire.

8.) Avoid the temptation to improve the entire company as a part of your ISO 9001 implementation. I’ve seen downtrodden quality guys try to use ISO 9001 as a hammer to “finally get what I’ve wanted for years” and try to pin everything on the certification, as a threat to management. “If you don’t buy me a new CMM, the auditor will flunk the company!” ISO 9001 provides for improvement, you don’t have to have a perfect company in order to implement it from the start.

9.) Don’t use boilerplate documents you buy online. Yes, the temptation for this easy approach is very strong. Yes, the sales guys for these sham products will tell you anything. Giving you my experience as both a consultant AND an auditor for registrars, I can assure you that using boilerplate documents will cause nothing but problems. If your intent is to certify the company, this will likely cause major nonconformities. I’ve spent weeks trying to clean up companies that used these things, and it just added a huge amount of time and expense. This sounds counter-intuitive, but It is FASTER and CHEAPER to write custom documents that suit your unique organization than it is to cut and paste your company name over someone’s generic procedure. (If you really must use a template kit, download our free one. Yes, template kits suck, but free ones suck less.)

10) If you hire a consultant, make sure he or she doesn’t suggest doing any of the things I just warned you about. If you are vetting consultants and they mention “steering committee”, remember rule # 1, and don’t sign the contract. Bad consultants make money by padding their contracts and intentionally stretching out the time for implementation, because they don’t have other clients waiting to fill their calendars. Don’t buy into consultants who make claims of “guarantees” for certification (if certification is your goal) as it usually means they are (a) neophytes who don’t know that nothing during an ISO 9001 audit is guaranteed, or (b) they have a “backdoor deal” with a specific registration auditor who has promised them a favorable audit in exchange for leads (as soon as the registrar sends a different auditor, you are hosed.) A good consultant can work quickly and efficiently, reducing your costs. Anyone who says otherwise is scamming you.

After this, the original poster asked about buying a pre-assessment from a registrar, so I added an 11th point:

11) Don’t ever buy a pre-assessment audit from your registrar. I can do that for you for free, right now: “Your organization does not comply with ISO 9001. Please implement it.” There, I just saved you a few thousand dollars! Pre-assessments are a waste of time and money (again, the auditors out there will disagree with me, but I’ve been on the Advisory Boards of two registrars and can tell you, even they know it’s a scam.) You shouldn’t audit anything until you have your system almost fully implemented. Then conduct a round of *internal* audits, which you have to do anyway to comply with the standard, and use that to identify remaining gaps.

Christopher Paris is a former member of the US TAG to TC 176, a Senior Member of ASQ, and came up with “Rapid ISO 9001” after one too many Cuban coffees.