Fast-track success to ISO9001:2015 with no NCRs

Fast-track success to ISO9001:2015 with no NCRs

Last year I joined a company with no processes or procedures. In the space of six months we had successfully attained ISO9001:2015 with BSI. In August we had a one day gap analysis which provided a few pointers. In October we had our stage 1 assessment which yielded a handful of opportunities for improvement. The sage 2 assessment was in early December, we passed with no NCRs and a number of areas of best practice being mentioned.

It would be unfair to say that it is easy, but I believe many companies can make the transition to the new standard unnecessarily complicated. It is also true to say that it is a real mine field fraught with opportunities for failure and rich pickings for auditors.

Like with many quality principles it is important to ensure that you start with the correct basic building blocks in place, thus creating a solid foundation to build upon.

The temptation is to get stuck into processes, procedures, quality manuals and the like, in short don’t! Start with a document register, nearly everything you start will require a document number and version control.

Now time should be invested in the consideration and creation of templates and forms, all under version control and with document numbers, of course. This will then enable you to start creating the next level of Quality Management System. It should be noted that it is important that one of your templates is for training records. Why? Anything you create will need to be trained to the relevant personnel and suitably evidenced to demonstrate competence.

Going to the opposite end of the spectrum you have all the new elements of the standard like the context. I would advocate simplicity and not have a quality manual and have a Quality Management System in excel. Obviously this is not the whole quality system but all of the key elements of the management parts.

While it is important to have a narrative outlining the context of the company, as it makes life easier to convey the information to interested parties, such as an auditor, I would also recommend the use of a table / matrix which is more extensive than a risk register. Columns that I would include in the table would be:

• Internal issue
• External issue
• Internal interested parties
• External interested parties
• Risk
• Opportunities
• Priority
• Mitigation action
• Action completion

This will address most of section 4 and 6.1.

SharePoint is a good method that companies can use for distribution of their management system and supporting documentation.

Please feel free to get in touch for more information and advice. I am able to provide consultancy and also have a proven deployment package of templates and infrastructure which I used in my success mentioned at the beginning of the article.