Havelock House 30 Timbercroft Ewell Surrey England KT 19 0TD

020 8786 8828


Home page

ISO 9001:2008 Quality Systems help with developing, maintaining the system and approval

We offer help with:-

Developing Quality Management Systems
Obtaining Approvals such as ISO 9001
Sector schemes - e.g. software systems such as TickIT, TickitPlus, construction systems such as Achilles Link-up and Achilles Building Confidence

We can:-

Produce all the documentation, introduce the systems, deal with the assessment and maintain the approval - everything to make things happen
Help you change the culture, not just the documentation.
Guaranteed success with a 100% pass rate over 20 years
Provide fixed price solutions with no hidden costs
Provide integrated systems that constitute complete solutions for Quality Management, IT Security, Environmental and H&S customised to your organisation's unique requirements.

We offer part time Quality Manager Scheme to deal with all aspects of the work and to make things happen

About our IT Security Services
Integrated Systems
ISO 9001:2008
Should we adopt the requirements?
Do we need Approval?
Scope of Approval
Format of ISO 9001:2008
Review of ISO 9001 requirements and the approach to be taken
Business Aims, Quality Policy and Measurement
Definition of Processes
Maintenance and Management of the QMS
The history of ISO 9001
The 1960s and 70s Def Satn 05-21
The 1980s BS 5750
IS0 9001:2000
ISO 9001:2008
The future

ISO 9001:2008


The Quality Standard ISO 9001:2008 is the latest version of the standard. The previous version ISO 9001:2000 introduced new concepts and requirements and the 2008 version only included minor changes clarifying requirements.

The standard is open to interpretation and the scope has widened making it flexible and suitable for a wider range of organisations but this does lead to difficulties in determining precisely what is necessary to obtain approval. The risk is to produce too much documentation and being over elaborate for the size of the company.

Should we adopt the requirements?

Before we begin to talk about the details of the standard, the first question is should we consider it all? There is a cost involved in obtaining and maintaining the quality system and approval, so what are the benefits? The following are some of the areas where there should be benefits, as a minimum it should give you confidence in your current practices and approach.

Market Perception

The number one reason for obtaining approval is a customer/market requirement, a "tick in the box" on a tender or market perception as the competitors have approval. If this is the case then obtaining approval is probably essential and it is just a case of limiting the costs incurred and gaining as many benefits as possible. The system should be built to suit your organisation and if you are currently successful without major customer or internal problems, the aim should be to reflect current practices. Why make change just for the sake of it? Normally there is room to improve, for example simplifying tasks, removing unnecessary bureaucracy and better defining aims and objectives at different levels of the organisation. The following are areas where there could be benefits.

Increased Efficiency and Profitability

The introduction of the system provides an opportunity to look at how things are done. With this better understanding, visibility and data on the processes any unnecessary or inefficient activities are highlighted and savings can be made. How much improvement you can make depends on how disorganised the company is.

Improved Communication within the Company.

Defining business, process and departmental objectives can give a clearer understanding of what is required and comfort to management and staff that they are doing the right thing.
Better Control of Resources
All resources including IT, personnel, working environment, plant and equipment are addressed by the new standard and here again there is the opportunity to review, improve and monitor the subject.

Customer Satisfaction

An overworked phrase but it is still important if your business thrives on repeat business. Adopting the standard provides the opportunity to think what it means to your business and what needs to be done

Problems in the Organisation

If a company has real problems with customer complaints, rejects, process problems then there are better approaches than ISO 9001 which can get the problems out of the way first. Talk to us.

Do we need approval?

For all or some of these reasons above there is an increase in companies seeking approval just because they feel it is good for their company. In this case the new standard is a better checklist of subjects that businesses should address and permits a better approach to the subject. Adopting the best practices of the standard is useful. Whether approval by an external UKAS assessed body is necessary is debatable, some people just like the certificate on the wall, others find that having external assessors making routine visits to check the system keeps the subject alive. It is rare to find a company that does not have a last minute panic the week before the assessment visit to tidy up loose ends and for this reason it is probably worth the cost.

Scope of Approval

One important issue is the "Scope of Approval" as it is a marketing tool and it is important that the scope incorporates all aspects of the company's business.

ISO 9001:2008 format

The standard now has eight sections -
Sections 1, 2 and 3 Scope, Normative References and Terms and Definitions
Section 4 Quality Management Systems
Section 5 Management Responsibilities
Section 6 Resources Management
Section 7 Product Realisation
Section 8 Measurement Analysis and Improvement

QIS has never recommended that quality systems were documented to match the clauses of the standard nor should the Quality System be designed to meet the new requirements. Design a system to suit the organisation, and then check all the ISO 9001 subjects have been addressed.

Review of ISO 9001 requirements and the approach to be taken

We know of several MD's and Directors who are 110% committed to providing a quality service, but still look upon ISO 9000 as a necessary evil. With the 2000 version of the standard we have found it easier to get visibility and buy-in from senior management. ISO 9001 can be simplified to three basic requirements:-

1. Defines the Business Aims, Policies, Objectives then Measurements, Analyse and Implement Improvements
2. Definition of Processes
3. Maintenance and Management of the QMS

The standard as an opportunity to move companies across to an on-line system with the minimum of change to the documentation, see our article "The Intranet as a method of integrating ISO 9001 procedures into the methods of working". It is very easy to provide links between the process diagrams and the applicable text. The standard is about "continual improvement", so although this is not a perfect solution it provides the foundations you need.

Business Aims, Quality Policy, Objectives and Measurements

Mission and Policy

There are several statements in ISO 9001 about top management's involvement and providing evidence of commitment. We accept that this is mainly a cultural issue and about how management acts rather than pieces of paper on the wall but the easiest way to address the first part of the requirement is through Mission and Quality Policy Statements and then use of the objectives, measurement and review process. There are other ways if the organisation does not feel comfortable with this approach QIS and the standard are both flexible and what suits the organisation is most important.
The mission/policy statement needs to include a commitment to continually improve and lead to measurable objectives. This mean a little more thought and care needs to be taken than in the past. For a small organisation a simple statement will suffice, for the larger organisation there can be a real benefit from creating a pyramid structure of linked mission and policy statements decomposing the company statements for the different layer/departments of the organisation.


Under "general requirements" there is a statement regarding "monitoring, measurement and analysis of processes" and in a number of sections references to "defined objectives". From the analysis of performance against objectives the areas for improvement are identified. No doubt the business will find other areas for improvement that will naturally fall out of the operation of the company, whether it is necessary to, or beneficial to try to collate all the issues is debatable.

Objective Measurement and Targets

So what are "realistic and measurable" objectives? for example "software that is defect free" (excluding safety critical software) is commercially un-realistic but then where do we set the goal? Is it really a company's intention to issue software with a known number of bugs, where do you compromise? What is acceptable? Do you ask the design team to stop testing when there is one bug, two, one hundred and how do you know? Aiming for "zero defects" still seems the goal although unrealistic. Mission statements "To be the best in the business" we have found are being challenged as in-appropriate. These are grey areas and the company needs to decide the approach they are taking that suits their business. Business is as much about instinct and what feels right, not all things can be measured. Assessors will talk about SMART objectives (Specific, Measurable, Attainable, Relevant and Time dependent) but sometimes you can be too smart. see TQM article.

Customer Focused Objectives

The standard places a great emphasis on being customer focused, measurement of customer satisfaction and a requirement to "determine customer needs, expectations and requirements whether specified or not". This requires common sense and can provide some overzealous quality managers and assessors with a field day. For example the number of times a telephone rings before it is answered is very important for Customer Help-Lines or Booking Agencies and probably should be monitored and measured, in other types of business it is a less important issue to monitor. Giving out customer satisfaction forms might work in a hotel but as a general practice is over-used and mainly inappropriate. Questionnaires even when well produced and structured, have a poor response and are only one method of collecting information. Care needs to be taken to select the right approach and the process may need to include several approaches dependent on the size of the customer account, type of product and timing of gathering of information. What needs to be done is what will benefit the organisation.

Continual Improvement

We have mentioned analysis and improvement several times, it has a much more prominent position in the standard, in principle this is not wrong, "If you can't measure it you can't control it" but as discussed above this requires thought and care. Continual measurement can be wasteful with staff collecting data that is not used. A few key indicators should be continually measured, in other instances the process should be measured, evaluated, action taken then measured again. There are clauses on measuring and monitoring customer satisfaction, processes and product, analysis of data and improvement, so a general review of the approach to measurement is required. See TQM article

There are varying approaches to reviewing achievement against objectives, board meetings, departmental reports, progress reports can all contribute. We like to see routine reviews that stand back from the day-to day operation of the business and looks at where we are and what we have achieved with regard to the business objectives we set? How often should the review take place and whether a formal meeting with top management attending is required is up to the company to decide the best way for their organisation

Definition of Processes

The definition of processes is the second key requirement. This must be to a level appropriate to the organisation and balanced against the skills and competence of the staff and the systems being used. For example a computerised procurement system does not need a great deal of decomposition. A process diagram would indicate where data needs to be entered, but how it is entered is a matter of training and use of the User Manuals.

The ISO 9001/BS 5750 main requirement was for procedures, this has disappeared and there is now only a small mention of six mandatory subjects. The ISO 9001 requirement for procedures had been around for over thirty years and we still see a place for procedures in the new system, they are a tool for communication which should not be discarded just because they are out of fashion. The standard is better than earlier versions but not the "Emperor's New. Clothes"

In addition to the main business processes subjects such as Human Resources, IT and Quality Management will need to be covered. In our eyes everything a company does should contribute towards quality and therefore in theory should have defined processes.

Legislation and statutory requirements affecting the product or service needs to be covered but theoretically Health and Safety of the working environment does not. We have been asked by several assessors about the Health and Safety Policy etc under the Working Environment requirements and rather than argue whether it is in or out we now address the subject. Disaster recovery is another subject that is gaining prominence.

Maintenance and Management of the QMS

The final requirement is that the Quality Management System is:-
1. Policed - Through internal quality audits, management reviews of objectives and measurements.
2. Maintained - The QMS documentation will also need maintenance on-going improvements made and training provided.
3. There is evidence of continual improvement - from an ivory tower this may look a smooth curve in practice it will be more of a bumpy ride

See QIS Shared Quality Management Scheme


" Look carefully at your scope of approval
" The three key issues that require attention are:-
Continual improvement through objectives and measurement
Customer focus
The final point is that it is essential that you build your quality system to suit your organisation not to meet the requirements of ISO 9001. Prioritising areas for improvement and changes based upon the advantages to be gained, continual improvement is an acceptance that not everything can be done at once. Be willing and confident to make a case for not fully implementing all of the requirements. It is your company's customers and requirements that must come first.


The History of ISO 9001


Quality is not new. The Khufu Pyramid at Gaza was constructed in 2700BC and is an example of precision engineering that many would be proud of today. The four 756ft sides vary in length by less than 0.1% In 1762, the Lancashire clock and watch trade were demanding standards of accuracy and by 1913 with the introduction of the Model T motor car the trade of "inspector" had been established.
What has changed in recent years is the way we approach the subject, the tools and techniques that have become available to help us. The wider use of ISO 9001 was one of the important steps.

The 1960's and 70s Def Stan 05-21

The easiest way to explain ISO 9001 and the benefits is to look at the history of how it developed. In the 1960s the Ministry of Defence had their own employees, resident at the suppliers' sites inspecting the final product before delivery. It became obvious that it was impossible to inspect quality into a product it needed to be made right in the first place. What was developed was a basic set of requirements that were considered necessary for all suppliers to meet to stand a chance of supplying reliable products (AQAP 1 and the Def Stan 05-21, there was also an equivalent USA Mil Spec with very similar contents).
The rules for the suppliers were quite simple,
First there needed to be a quality management system, e.g. a policy, a management structure defined responsibilities.
Secondly there had to be written procedures describing the system and what needed to be done. These procedures needed to cover all stages of the process from receipt of a customer's order to despatch of the goods. The philosophy was quite simple, if you always do things the same way the chances of getting it right improve, especially if you learn from your mistakes.
Thirdly learning from mistakes. The supplier needed to have systems for analysing problems and preventing recurrence.

The 1980's BS5750

BS 5750 was the original version of what is now ISO 9001. It might have remained in oblivion had it not been for the British Government of the 1980's mission to reduce spending in the public sector and to improve quality within British Industry. To improve quality a standard needed to be set and why not use the BS 5750 requirements after all it was a plagiarism of the original Government requirement. To save costs the Government could reduce manpower by using an independent organisation to check that suppliers met the requirement. The suppliers would incur some costs but would also have fewer visits from different organisations checking the quality systems and would achieve some labour savings.
It is therefore not surprising that a survey found 75% of companies that had achieved approval did it because of external pressures such as customer requirements and competitors having obtained approval. This is what the system was designed for and this remains the case. The public and increasingly the private sector are looking for the standard when placing tenders. This tends to be a 'tick in the box' and once the initial hurdle of whether you have a quality system has been overcome, plays little part in the remainder of the tendering process.
The BS 5750 standard became the international standard ISO 9001 which has been adopted by more than 60 countries throughout the world. When selling overseas companies are finding that approval is a benefit, it improves the perception of the company and creates an image of a professional organisation.

ISO 9001:2000

In the year 2000 there was a complete restructuring of ISO 9001, the earlier twenty requirements were reshuffled into four main sections,

Quality Management Systems
Management Responsibilities
Resource Management
Product Realisation

It was not the reworking of the text that was important it was the change in culture which came with it. The emphasis moved from documented procedures to processes, see article ISO 9001:2008. Greater importance was placed on improvement and preventing problems occurring together with a focus on customer satisfaction.

There had previously been three standards ISO 9001, ISO 9002 and 9003, 9002 and 9003 were dropped and the scope of approval for the company is now used to describe how the requirements apply.

The benefits depend on the individual company, some have found the way in which their company operates improves, others claim ISO 9001 to be bureaucratic and a waste of money. So why the difference and what are the real benefits?

The ISO 9001 requirements are brief statements described in very general terms, it is up to the company to describe how they meet the requirement. For example the need for a process does not state how thick the document should be, how many forms you should have or any of this sort of detail. It is up to the organisation to decide what is needed to control their business. This is one of the main pitfalls caused by inexperienced people setting up the system and doing too much, or trying to introduce systems they have used in another company, which are not appropriate to the business, or size of company they are now working with. Even for the professional, not everything you try works first time and there is a need to look at things again. This is possibly why a survey of ISO approved companies found that while one year after approval 60% thought they had benefited, after four years over 90% felt they had improved.
The benefit of documented processes also depends on the size of the organisation, number of locations and type of business. When you are small it's easier to shout across the office. As the company grows larger the documentation provide a foundation for expansion, allowing new staff to settle in faster, making it easier to identify areas where the system needs to be changed and frees management from many day to day routine supervisory tasks.

It is possible for a company that is reasonably under control, (low level of customer problems) to just document their present system and make very few changes to meet the ISO 9001 requirement. This is reasonable if the main aim of approval is just the tick in the box at the tendering stage. The ISO standard is a set of minimum requirements and why change a system that is working? On the other hand 'No pain no gain' and these companies are unlikely to find any real internal benefits and long term will suffer if they do not continually improve what they are doing. So who does benefit? The companies that gain the most, surprisingly enough, are those that are committed to providing a quality service and improving. For them this is an opportunity to find ways they can improve and to measure themselves against the requirements. The benefits are therefore in any area of their business they seek to improve.

ISO 9000:2008 revision

2008 saw a minor update to the standard. The changes were minor and only clarified points of misinterpretation.

The Future

Trends are towards:-

Dropping the word quality and talking about business processes
Introducing a common structure for the family of standards including ISO 14001 Environmental Management System, ISO 18001 Health and Safety etc
Risk based systems
Capability models with different levels of compliance, TickIT Plus for IT has levels from "Foundation", through "Bronze", "Silver" "Gold" and finally "Platinum"

Shared Quality Manager Scheme
Contact us