ISO 9001 Certification Malta is a major milestone for all forward-looking businesses. That said, the first step to getting this prestigious certification is relatively daunting for business owners.
Below is an in-depth, 50-minute video that will go through all the details relating to ISO 9001.
Hi, I am Luke Desira and for the past 10 years, I have been helping companies to achieve ISO 9001 Certification in Malta. In this website, you will find all you need to know about ISO 9001. Below, is an overview of the table of contents relating to all the information you need to know regarding this Quality Management System:
- What is the current ISO 9001
- What is the difference between certification & accreditation?
- What are ISO standards?
- What is ISO 9001 in a nutshell
- The ISO 9001 Family
- Which ISO Certification is best?
- How do I drive improvement through ISO 9001?
- What does it mean to be ISO Certified?
- How many clauses ISO 9001 has?
- What are the 10 clauses of ISO 9001?
- What does QMS stand for?
The 7 principles to quality management
Risk-based thinking in management
- Who gives ISO Certification?
- How do I get ISO Certified?
- The first step to get ISO Certified
- How long does it take to become ISO Certified?
- How much does ISO Certification cost?
- How long does ISO 9001 last?
- How hard is it to get ISO 9001 Certification?
- What can go wrong when implementing ISO 9001?
- Does a quality certification improve quality?
- What are the responsibilities of the quality representative?
- Can you fail an ISO audit?
- How do I pass an ISO audit?
- What do ISO 9001 external auditors look for?
- Examples of Internal & External Audit Findings
- How do I prepare for an ISO Audit
- Internal Audit Criteria for ISO 9001 (with examples)
- Recommendations from certification bodies
- How often is ISO 9001 audited?
- How long does it take to get an ISO Certification?
- What is the process approach in ISO 9001?
- What is Risk-Based thinking in ISO 9001?
- Choosing a certification body
- Process to get ISO 9001 Certified
- Organisation Chart
- Terms & Definitions
- The context your business
- Interested parties
- Internal/External Issues (SWOT/PESTLE)
- Scope of the QMS
- Define the key processes
- Quality Policy (and Vission, Mission & KPIs)
- Risk Management
- Quality Objectives
- Documented Information
- Requirements of ISO 9001ISO 9001 Certification Requirements
- Key Processes
- Supporting System
- Quality Manual
- Training staff on ISO 9001 requirements
- Job Descriptions
- Training plan and record
- Equipment maintenance and calibration
- Supplier quality
- Customer Satisfaction
- Corrective action
- Book of knowledge
- Internal audit schedule
- Management review
As my first job, I was a Quality Engineer with an international medical device company in Malta. Which made me realize that too many procedures were stopping me from giving my optimal performance.
For example: to change a form, we had to fill in another form… that was 15 pages long. And felt that it wasn’t the right environment for me to work. As it restricted my creativity.
I was then recruited by a construction company where my job was to set up a new company within the group of companies.
But I was surprised to realize that they did not have systems on how to do work on how to do a quote, or how to do a profit & loss after a job. And I soon realised that not even this was the right environment for a person to work at their optimal performance during their day a work.
In the meantime, I was reading for a Master of Science with the University of Malta on how companies can use Management Systems to improve. Which is how I first encountered ISO 9001 as one of the management systems.
I was evaluating management systems, and during my research ISO 9001 proved to the standard that met all my requirements for a world-class management system
- It helps companies improve it is a standard that
- some clients and/or suppliers would need from companies they work with
- and for Maltese Companies the Government offers funding opportunities for a company to get ISO 9001 Certified or for another ISO Certification.
So 10 years ago, I had decided to as the foundation through which I can help clients find the middle-ground.
Neither having too many procedures that kill creativity and neither having no procedures. Always starting from scratch.
ISO 9001 Certification in Malta: a Deatiled Explanation
And so, without further ado Let’s talk about today’s topics.
We’ll start with the history of ISO 9001 and the implementation process.
We will go through the 10 Clauses of ISO 9001, and it’s good to know that other ISO management systems are based on the structure that we’ll talk about during this session about ISO 9001.
We’ll go through the documents required for an ISO 9001 Certification in Malta.
And we’ll go through the supporting system and talk about the systems we need to run ISO Certification
We’re going to talk about Internal & External Audits
And we’re going to talk about what you need to do to maintain your ISO 9001 Certification in Malta.
History of ISO 9001
The 2 World Wars
Like most other things, unfortunately ISO was conceptualized during a war. During World War 1, the Allies had a problem, whereby the bombs they were dropping on enemy territory were not exploding.
Which was a problem, but not an enormous problem. It surely wasn’t as big as the problem they had in World War 2. In World War 2, the bombs were exploding within the factories of their subcontractors. And this was a problem because 1) people were dying and 2) in the context of a war, the bigger problem was that supply was disrupted. And this was interfering with the manufacturing plans of bombs that they needed for the ongoing war.
With this in mind, the Allies came up with the idea of asking all their subcontractors to write procedures on the systems they are using to manufacture the bombs and naturally, everyone did the procedures in the best way they could – how they thought was best.
And the Allies had a problem to try to understand the logic behind the reasoning that each company has used to design and build their procedures. And that’s how the first standard was created.
Where the Allies told the subcontractors to follow a specific guideline to create a Management System, with the same structure as other subcontractors. And this would then help the Allies to figure out the root cause of the problem, of why the bombs were exploding.
And this was the first version of Management System in the World which has evolved over time.
Versions of the Standard for ISO 9001 Certification in Malta
The first version of ISO 9001 was launched in 1987, and the standard is updated roughly every 8 years. The last version of ISO 9001 is of 2015 and the one before that was of 2008.
So this means that when we see ISO9001:2015 We are seeing the version of the standard, in this case, 2015.
Changes within the standard
And with time, the standard was tailored more to tailored companies. During the war, the World was manufacturing-based and over time the service industry was growing rapidly, and the standard was updated to also meet the needs of service companies.
Misconceptions about the Standard
And at this stage, I would appreciate it if you could put aside all knowledge and background of what ISO 9001 Certification in Malta is. And you would jump into this session with an open mind of what is ISO Certification. The standard can be interpreted in different ways. Because of my background where I have always strived to help companies find the middle way to not have too many procedures but neither too little.
I have always strived to simplify the standard in a way that would help my clients fully benefit from ISO Certification but also that bureaucracy doesn’t hinder our work. The world is complex enough!
Timeline for achieving ISO 9001 Certification in Malta
So let’s start with the timeline. The process that a company needs to follow to get ISO Certified.
The first step is the Gap Analysis. Whereby we would study the current systems to meet the requirements of your clients. How you are currently doing the sales, purchasing and operational processes.
And if you have any other systems, like gathering customer feedback or if you have a list of approved suppliers, and if you do some kind of evaluation to these suppliers.
From that we will define the systems that you currently have and the requirements of the ISO 9001 standard and this will highlight the gap – where you are now, to where you have to be to be compliant to the ISO 9001 standard.
Once the gap analysis is done, we’ll move onto the implementation where we will review the systems that we need to improve and implement so that your company bridges the gap. To ensure that what you are doing reflects the requirements of the standard and we will ensure that these systems are working.
Choosing Certification Body
The final step to get certified is to contact a Certification Body to get the certification.
Benefits of ISO 9001 Certification in Malta
A quick overview of the benefits of ISO Certification.
Management by Data
This is where the standard asks us to collect data about our processes and while collecting this information. Management can take decisions based on data. Not based on hunches. or on what “I” think. But we’ll have the numbers to help us take decisions in a scientific and concrete way.
Reduced wasted time
The 2nd benefit is to reduce wasted time. In most cases, when going through the processes of a company we will be questioning “Why” are things happening this way And by asking “Why” we might discover things that are done like that because “that’s how we always did it” and so, during the ISO Certification process, we will have many opportunities to find new ways of doing things because the old system doesn’t add value. and the more of these discoveries, we will reduce wasted time in systems that have evolved overtime, but that we did not really need.
The 3rd benefit is that if you are going to involve your staff to identify areas for improvement employees will feel like they are being heard. and that their opinion matters. and therefore we should see a boost in the staff morale, because their employer values their opinion.
Clauses for ISO 9001 Certification in Malta
And now we are going to jump right into the Clauses of the Standard.
The ISO 9001 Standard has 10 Clauses and these clauses are shared with other ISO Management Systems.
Other Management Systems
So for example ISO 14001 would have 10 Clauses ISO 27001, ISO 45001.
All these Management Systems are all built on this structure of 10 Clauses. And each would have their own focus. For example ISO 27001 would focus on Information Security ISO 14001 will focus on the Environment ISO 45001 will focus on Health & Safety and they are all using the same structure.
And so, when working with clients, I prefer starting with ISO 9001. Why?
Because ISO 9001 is a Quality Management Systems Now, what is Quality? Quality is giving the customer, what was agreed. So we need to know the requirements, to know what was promised. And we will have an operational system to give the client what was agreed and by talking about sales and operations, we will be covering the critical elements that your company does to serve your client. And that is what ISO 9001 is about.
When we are looking into other Management Systems, like Environment, Health & Safety, and others we will once again look at the systems that we follow to give our clients the service or product but we will do it from a different point of view. we will do it from an Environmental, a Health & Safety, or from an Information Security point of view. so when starting with ISO 9001, we will have the foundation from where to start so that we seeking other certifications, we will know what to focus our efforts on when it comes to these different points of views (other ISO Certifications).
10 Clauses of ISO 9001 Certification in Malta
Let’s look at the 10 Clauses with are the requirements of ISO 9001:2015. I personally think that the first 3 Clauses don’t add much value.
Clause 1 talks about an overview of the relevant ISO Certification and I like adding the organization chart, so that we can start seeing the people involved in the given organization. The second Clause talks about the purpose of the Management System like who has access to the system. In the 3rd Clause, we’re going to see the Terms & Definitions, like the acronyms used within the company, like “PO” refers to “Purchase Order”. So that if a new person is looking at the management system, they will have a reference to understand each acronym used. I believe that the first 3 Clauses don’t add much value. But from Clause 4 onwards, the standard will help us to improve our business.
In Clause 4, the standard asks us to discuss the Internal & External Issues of the company and issues don’t necessarily mean problems. It refers to factors that we have to consider. Which is where we’ll do a SWOT & PESTLE analysis.
SWOT is Strengths, Weaknesses, Opportunities & Threats
PESTLE is Politics, Economical, Social, Technological, Legal & Environmental analysis
A SWOT & PESTLE Analysis is done to define the Internal = we have direct control over and even the External = we have no direct control over but that could still affect our business in a positive or negative way.
The 2nd thing that we’ll consider in Clause 4 is the Interested Parties which refers to anyone who has some kind of interest in our business. These could be shareholders, clients, employees suppliers, Government Entities. The needs of each of these Interested Parties have to feature in our Quality Management System.
Scope of Certification
The last topic in Clause 4 is the Scope of the QMS – Scope of Certification which is a collection of 4/5 words (and sometimes longer) that gives an accurate summary of what your company does.For example, for a company that sells kitchens, we could say “Design & Manufacture of Kitchens” which is just an example. Or we could say “Manufacturing of Plastic Injection Moulded Parts” or “Provision of Accountancy & Corporate Services”. So the scope of Certification gives a good overview of the value added by the company to its clients. And the Scope of Certification will be on your ISO 9001 Certificate, once certified.
I’ll have to say that there is an element of repetition in the standard. and so for now I will be talking about each individual Clause. In a few minutes, we’ll review all the requirements of the standard in a Signature System that I have developed over the years, or how to better grasp this standard.
Clause 5 talks about leadership. Leadership is about Top Management driving improvement and committed to proving the customer what was agreed = customer focus.
The second thing that we need to consider is the Quality Policy. Which is the vision that we have for the quality of our products and services. Where do we want to be?
And here we can use ‘fancy’ words for example “we are committed to providing the client with an excellent service” or “delivering an on-time service.” And these are statements that can be used freely. And yet the Quality Objectives (that are discussed in the next Clause) we need to translate these statements into numbers.
And the last thing to consider is leadership towards continual improvement. I like stating that get ISO Certification doesn’t mean that you have an International Level of Quality but it means that you run a Management system that allows you to have information on what is working and what’s not.
From there you can know what is creating such positive and negative effects.
And therefore, we will also be able to improve our company from one year to the next, and that is the point of continual improvement and the point of a Management System.
Risks & Opportunities
Clause 6 talks about Risks & Opportunities which we would have identified in Clause 4 where we had mentioned the internal/external issues (factors) of the company by doing a SWOT & PESTLE analysis to identify. To define factors that have a positive effect (opportunities) or negative effect (risk) and we will need to prioritize these risks & opportunities and we will define the ones that are most worthy to pursuit and therefore to implement.
To mitigate risks and seize opportunities.
The Quality Objectives refers to goals – which are numbers since objectives have to be SMART and relate the vision that we had defined in the Quality Policy. So if in the quality policy we have stated that we want to give “an on-time delivery”.
To have a SMART Objective (Specific, Measurable, Attainable, Realistic & Timely). So a SMART Objective for on-time deliveries for a company that manufactures kitchens, we could say that “97% of our kitchens will be delivered on time throughout the year”.
Here the goal is Specific (delivery of the kitchen on time) Measurable (since we have a number to measure). Attainable (because from experience we know that this goal is ambitious but reachable). Realistic (it is possible for us to collect the information and to do the process to reach this goal). And Timely (because we said that 97% refers to the overall result of a particular year)
Planning Changes is the last requirement of Clause 6 defines the systems that we are to have in place to mitigate risks and seize opportunities and systems to make sure we reach the quality objectives.
Clause 7 talks about the resources that are needed to run a company to give our clients the promised product or service – the people, the equipment and documented information.
Now equipment refers to manual tools are needed if you do hands-on work like tools/machines that we use on-site, at our clients, or within our own premises. But also refers to other equipment like computers, mobiles, vans, cars…
Equipment that you use in your day-to-day running the business, to give the customer the agreed product/service.
Another element within the equipment list is the infrastructure. The infrastructure needed to run your company. Like your office, the internet connection, the provision of electrical energy and based on the risk-factors that we will identify (and prioritise) we will decide accordingly.
So a software house that runs in-house servers that host client information cannot afford to be without electrical power or without an internet connection, so, in this case, we will consider having back-up internet and backup electricity, just in case we lose internet or electrical energy.
So that we could mitigate that risk = stop something from happening, which might be something that stops us from giving our clients what we had promised.
The second resource that we need to do the work required which might as well be the most important resource, is people. For everyone in our team, we will ensure that they have the competence to do the work as per the job description and to define the training that is needed for each different job description.
Naturally, ISO 9001 and other ISO Management Systems can be implemented by different types of companies. Software houses, manufacturers of kitchens, hospitals, supermarkets… There are myriad different industries that get ISO 9001 Certification.
You could say that all industries can get ISO 9001 Certified, and therefore this standard cannot tell you exactly how you need to do something. It will not be able to give you a list of technical training modules to cover with an employee because that list can make sense for one company, but not for another company in another industry.
Therefore, for example, as regards people, the standard will ask us to ensure that all employees have the skills they need to do the work they are intended to do, as define in their job description. If there are any missing skills (training-gap) as a company, you will deliver such training (on the job, external etc). And once the training is done, we need some kind of proof to ensure that the training has really been done.
The 3rd type of Support that is required to run the business is Documented Information. Which refers to papers, software, excel sheets, word documents – all the different systems we have to collect the information we need and to communicate with clients, suppliers, and internally.
Clause 8 talks about the operational work that you do as a company. Where basically, we are going to over how we get the requirements from our customers and we’ll have some type of agreement with the client on how the work has to be done which can be called ‘Sales’.
We are going to discuss how you provide the product/service to your client which is the ‘operations ‘and we are going to discuss the quality control systems in place to ensure that our product/service is what the customer had originally requested. Once again, if we are talking about a grocery shop and a software-house we can assume that having the customer requirements, or a contract with the client is a totally different story.
In the case of a grocer, you would know that the customer wants a product because they get it next to the cash to be able to pay directly. On the other hand, a software house will need to go through a more elaborate process to get the requirements from the customer and therefore to issue the quote, the steps are much more complicated.
And therefore, in Clause 8, ISO9001 cannot tell us, as a company, that we must sign a contract with our clients. Because imagine if you had to go to buy a carton of milk, and the grocery shop asks you to sign a contract. Therefore, the level of detail that we will of through depends on the risks and opportunities that we will have identified in Clause 6. And from there, we will know which risks we have to mitigate, and how.
Clause 9 is about Performance Evaluation. We will be working to improve our business, and as mentioned earlier, we will manage our business by data. To be able to do this, we need to collect data, and the data that we are going to collect relates to 1) customer satisfaction where we will ensure that our customer is happy with the product/service that we are offering. 2) Analysis and Evaluation where we will collect data relating to our sales, operational, and purchasing processes. To know which areas are performing well and not, to identify areas for improvement.3) Internal Audit and Management review is the final source of data collection, which will be discussed later on.
Clause 10, which is the last clause, talks about continual improvement. Non-conformities relate to something that didn’t go as planned. We are human and we can design many processes and systems and we can still make mistakes. Most importantly, we will learn from mistakes. Most all our mistakes, to ensure that we do not repeat the same mistakes. And so, when there is a non-conformity (something didn’t go as planned) we are going to launch a CAPA (corrective and preventive action). When something that wasn’t planned happens / or might happen, we are going to launch a CAPA.
A CAPA is a structured way to implement and monitor improvement in our organization.
1) First, we are going to identify the problem and solve that problem for a particular client. Let’s take a simple example. We were doing a delivery to the client and the van broke down. So, we are going to find ways to deliver the product to the client as fast as possible. We are either going to fix the van, or to load the cargo on another van.
2) Then we are going to evaluate the root cause. Why did this van break down?
3) to find a solution on how this van won’t break down in a similar way, ever again. So, for example, the van broke down, because of lack of fuel, or lack of maintenance or maybe because there was an accident. There are various reasons why a van could break down. If the breakdown happened because of a lack of fuel, we will make sure that the van always has enough fuel before departing to a customer. If the van broke down because of lack of maintenance, we will implement a maintenance system, ensure that our vans are always available when needed. So, in step 2 we have identified the root cause of the problem, and then in Step 3 we will implement something that fixes the root cause.
4) We will let a few months pass, and we will revisit this CAPA to ensure that our solution has solved the original problem. So, the term continual improvement has been mentioned quite a few times, as it has been discussed in different Clauses.
Key Processes/Procedures for ISO 9001:2015
And now we are going to talk about ‘Mapping Key Processes’. To talk about all that we need to consider when documenting our processes. And then, I will once again go through all the requirements, but split them in a different way. I will be going over all the requirements in a more structured way (when compared to the standard itself).
If we are going to look at the ISO 9001 sales procedures, the information we need method to collect the requirements from the client method to know the product specifications of what the customer is expecting from us and a method of the client is confirming the order. Now, as I have already explained in the case of a grocer or a company that does tailor-made software The level of detail for the sales process will be very different and yet, we need to make sure that the key moments within the sales process are going to be documented.
The 2nd process that we are going to discuss is the operational process. and this is where you do the actual work that your customer needs from your company. And we will start by first considering how the work is planned. This refers how to the resources are being allocated to specific jobs – equipment & people. And we will also consider the steps – the actions – that you need to perform to do the work required by your customer.
So, for example, a company that works in aluminium, if, in this case, the first step that we do is to create detailed customer requirements, including measurements, we will see how that is done. And then the process would go on to how the company creates the cutting list. We will then purchase the material that we need, we will cut the material, do manufacturing and assembly, we’re then going to purchase and assemble the glass, and we will remain with the finished product. So, in the operational process, we go into detail to explain how to the work is done to give the product as promised to the customer. And how the work is delivered to the client for installation, and if needed, for any repairs. So, in the operational procedures, we go into detail to explain the day-to-day operations of your company.
Next up is the purchasing process. The standard doesn’t tell us what we need to purchase, or from whom. But the standard asks us to ensure that we are working with approved suppliers. It is our responsibility to determine how we want to approve our suppliers (and the standard doesn’t advise how we are to approve suppliers). What we will need to have been a list that indicates from which suppliers do we purchase we products/services. We also need to have a structured system through which we communicate with our suppliers to inform them of our purchasing requirements. This can be done through a purchase order or any other system that you decide to use in your company. What we will certainly need to have been a system that helps us be concrete and specific on what we need to purchase from our suppliers. And this is needed to reduce mistakes as much as possible (for example short shipments).
And the last factor to consider for purchasing as regards ISO 9001:2015, is to evaluate our suppliers. Just like we as our customers to evaluate our performance to ensure that they are happy with the product/service that we are providing them, we give ratings to our suppliers to monitor the performance of our suppliers. To make sure that we are happy with their service/products given to us. And this can be in terms of quality of products/services, value-for-money, communication, how they handle complaints. And we do not necessarily need to share these ratings with our suppliers. But we can choose to keep this information internal, in a way that helps us to ensure that we are working with top quality suppliers.
Documentation needed for ISO 9001 certification in Malta
And now we are going to talk about the Documentation that is required by the standard of ISO 9001:2015. And it’s good to keep in mind that Documentation is one of the factors to most of my clients worry about when it comes to getting their company ISO 9001 Certified. Unfortunately, due to older standards and some consultants, there is a misconception that ISO 9001 is about documentation only. This is not true. Here we are seeing the documents that you will need for ISO Certifications. And as you can see, there are needed by any type of business.
The first document is the ‘Quality Manual’. Which can also be called, ‘The Business Plan’. In this document, we will store the information that we need relating to our business. This includes internal & external factors, SWOT analysis, PESTLE analysis. This is a centralized place where we will store such information.
In the management processes, we are going to define how we going about doing the work for our clients. And unfortunately, many companies do not have a written way in which work has to be done (they don’t have written procedures). And this creates problems of consistency. This is caused if Person A is doing the work, it will be done in one way, if Person B is doing the work – it will be done in another way.
What will happen should a key person within the company leave? There will be a drain-brain. Having management processes in place resolves that issue specifically. Which gives you a structured, standardised way, that is written, on how work is to be done. Which has been agreed by all on how work is done within the company.
This can be used so that when a new person joins the company, they will easily see how they fit into the organisation, and how they have to do their work. And how their work ties to that of all their colleagues, and therefore, new employees can start being productive immediately.
The 3rd and final type of documentation that we need for ISO Certification is’ process records. And records refer to any software, excel sheet, word documents, papers, emails etc. That we are using to gather information. So, the standard is not asking us to add more papers. Or to introduce more systems. But the standard is asking us to have a structured way in which we can collect the data that we are already collecting.
Requirements of ISO 9001:2015
And now we are going to go through the requirements of the 10 Clauses of ISO 9001 that are required for ISO 9001 Certification, split in a different way. The requirements are here split in a way that makes more sense for SMEs.
The first category is the ‘Strategy of the Company’. And here we are considering the Mission and Vision of the organizations. And we’re starting off with the quality policy. Which states what we want to achieve as a company, and what is our overarching goal. It also defines what defines good quality, within the context of our company. The quality objectives stem from the quality policy. If, for example, in the Quality Policy we stated that we promise an on-time delivery – in the Quality Objectives, we are going to attach a value to that promise. And we are also going to make sure to have systems that allow us to collect, and analyse information relating to the Quality Objectives.
Resources are split into the following 3 items. Work Environment – and any tools that we use to do the work. Resources also include people, and the infrastructure required to do the work. The 3 element is ‘Document Management. And here we’re going to define how/where we are going to save/store information. We also going to discuss how we can create new documents within the Quality Management System, to make sure that everyone is using the latest version during their day-to-day operations.
Next, in Reviews, we have grouped: Customer feedback, supplier evaluation, and Internal Feedback. The idea behind these reviews is to have a source of input for areas that require improvement within our company. And by analysing this data, and taking decisions accordingly, we are going to be managing by data. Incident Management is the next consideration. As explained, no matter how many systems we create, mistakes are part of life. And here we are going to implement a system on how mistakes/non-conformities will be handled within our organization. And systems to make sure that once a mistake is made, is never repeated again.
Next up is the info bank. A central place to store organizational knowledge. This knowledge refers to any lessons that we got from training, seminar, market analysis, business plans, or meetings we have with suppliers/customers etc. All the knowledge that we acquired as a company. The organizational knowledge is one of the requirements that might be most useful, however one of the hardest to implement. And therefore, I strongly suggest that you start small. That you start inserting some pieces of information, and over time, you will start noticing that you are building a strong repository of the most important lessons within your company.
Next up, we’re discussing business management. Internal Audits and Management Review are systems, inbuilt within the standard, that ensure that the company is working by following the agreed systems. An important saying for ISO 9001 Certification is “Say what you do, do what you say”. This means that “Say what you do” – you first start by stating how you work within your organization. And then, “Do what you say” – is when you commit to doing the work as you had stated. And that is what we check during an Internal Audit.
In an internal audit, we take a random customer order, and we follow that order from start to finish to make sure that everyone within your company did the work as was stated that will be done. So, you will first define how a process should run, and during the audit, we make sure that orders are being processed in such a way.
The management review is an opportunity to go into further detail on the data that we would have collected throughout the year, and we will evaluate the performance of the company. To define whether there is a change that is needed, based on any changes within the internal/external factors. If there are any new competitors/products that might impact how we work. Any markets that we can tap in, or any new key people that have joined the company. So, the Management Review, which has to be done at least once every year, but that can be done more than once a year, gives us a structured way to improve our business. And gives us a structure to ensure that the actions being discussed from one Management Review to the next are being implemented.
Accountability System – Implementing ISO 9001
And now we’ll discuss the Accountability system. Naturally, all companies need to get work done. And the Action Plan and Follow-ups are another way in which we can describe the Internal Audit. Now I know the word Internal Audit might be a daunting word for some. But that should not be the case.
This is because the main aim of the audit is to find areas for improvement, and to prioritize which improvements will add the most value to the company, and we will define which actions will be implemented. In future audits, we will make sure that such agreed items were implemented. To ensure that there is continuation from one year to the next. To make sure that the PDCA (Plan – Do – Check – Act). And this is a repetitive, continuous process. A process, through which we will strive to perfection – knowing that we can never be perfect. There is always room for further improvement. And that is all you will need to do to get ISO 9001 Certified.
Certification Process (with certification body)
And now I’ll discuss what you’ll need to do to get certified. You will need to work with a certification body, to go through these 3 steps.
Get Quote from certification body
The first step is where we ask the certification body to issue a quote. When helping clients in the implementation I introduce them to various certification bodies, and all of these have their pros/cons. Once the request for a quote has been submitted, we will receive the quote from the certification body.
Desk Audit – Stage 1 Audit
Once we approve the quote, we will do a Stage 1 Audit – also known as a Desk Audit. In the Desk Audit, we will send the Management System that we would have created to the certification body, so that they can evaluate that our management system, meets all the requirements set by the ISO Standard. As I had mentioned earlier – the first step we do during implementation is a Gap Analysis. And here, that is what the certification body will be effectively doing. The only difference is that since the certification body will do the gap analysis after the implementation, they will not find any gaps within our system when compared to the requirements of the standard. So, step 1 is to get a quote, Step 2 is to do the desk audit.
Field Audit – Stage 2 Audit
Step 3 is the field audit. Step 3, is the field audit – also known as Stage 2 Audit. In Stage 2 Audit, the external auditor will visit your offices, and the auditor will ensure that you are following the systems that you had defined within your Management System. Which is the same thing that is done during the Internal Audit.
The only difference is that during the external audit, the certification body will also check that that internal audit was done as per the requirements of the standard. And that the audit was done by a competent, unbiased person. By un-biased when mean that the internal auditor would not work within the process that is being audited. And this would in turn guarantee that the audit was done in a professional way.
Getting the ISO 9001 Certificate from the Certification Body
Once that is done, the certification body will be able to provide you the ISO 9001 Certificate within (around) 1 week. You would first receive the certificate via email, and then by post.
Maintaining you ISO 9001 Certification in Malta
What will you need to do to maintain your ISO 9001 Certification? Getting certified is just the first step on your never-ending journey of continual improvement.
Never-ending, continual improvement
I like comparing an ISO Certification to a University Degree. For example, in my case, I had graduated as an Engineer. That does not mean that I can do any type of engineering. When I got the certificate, I merely had the foundation on which to start learning. And the knowledge that I have today on how to be a world-class process engineer, was obtained from real-life, work experiences. Which is very similar to your ISO 9001 Certification? When you get ISO 9001 Certified, you have the foundation over which you can improve. To reach world-class levels of quality and to start improving your business, you will need to run your management system – year after year – continually improving. Always striving for perfection, but knowing that perfection is an ideal that can never be reached.
Routine work needed
To maintain an ISO 9001 Certification, you will need to keep on doing a yearly internal audit, to make sure that all processes are audited at least once a year. You will need to do a Management Review – where at least once a year, we will need to discuss the topics mentioned within the agenda as defined within the standard, for the Management Review, and you will also need to conduct the surveillance audits. This means that the certification body will visit you at least once a year. To ensure that the company is improving, year over year. And to make sure that you are still following the systems, as you had defined them during the implementation.
Updating your Quality Management System to maintain your ISO 9001 Certification in Malta
Naturally, should you have any change in how you work, this should be reflected within your management system. This means that internal and external auditors will be auditing the updated systems that is continually being updated, year over year.
Conclusion about this Detailed ISO 9001 Introductory Training
I really hope that you have enjoyed hearing me speak about ISO 9001 Certification. And I also hope that this session has helped you to start understanding what the requirements of the ISO 9001 Standard are. If you have any questions, I would be happy to answer any questions that you might have. And I really hope that you consider the aforementioned points, and ISO Certification, as I truly believe that if you take the ISO 9001 standard to heart, this standard can really help you to transform your company.
FAQs for ISO 9001 Certification in Malta
ISO 9001 Certification Malta is an ideal step forward for businesses committed to continual improvement. In 2012, I have set out on a mission to help local businesses to implement this prestigious standard. It is my great passion to help businesses implement this standard. With that in mind, I have created this page with answers to the most frequently asked questions.
ISO stands for International standardization organization. The role of this organization is to harmonize the various standardization bodies around the world to ensure that seamless standards exist throughout.
As management consultants, we are mostly interested in the ‘Management Systems’ that are issued by by ISO.
There are various ‘Management Systems’ issued by ISO, including ISO 9001 (Quality), ISO 14001 (Environment), ISO 45001 (Health & Safety), and ISO 27001 (Information Security). As can be noted, each Management System caters for different needs. Therefore, the best ISO Certification depends on your business’ needs. That said, we believe that ISO 9001 is the foundation for any other management system.
ISO 9001 is an International Standard relating to Quality Management. The standards sets out the basic principles on what must been considered when designing, and implementing a management system. Moreover, through ISO, there is a certification process, that allows companies to notify their clients, suppliers and partners of their certification. This is a regulated certification, given that the certification body (which issues the certification), passes through an accreditation process – thereby they too are checked for compliance.
According to ISO.org ISO 9001 is “a standard based on a number of quality management principles including a strong customer focus, the motivation and implication of top management, the process approach and continual improvement.”
The first version of ISO 9001 was launched in 1987. Since then, the standard has been updated every 8 years. The latest update of the standard was in 2015. Therefore, the current version of the ISO 9001 standard is ISO 9001:2015. Note that the final digits in the standard name, relate to the year in which the standard was issued.
ISO 9001 can be implemented by any type of organization – irrespective of the product or service it offers. This means that the standard has not been designed in a way that tell you ‘how’ to do something, but rather advises on ‘what’ needs to be considered. Primarily, the most important requirement of certification for ISO 9001:2015 is to have a Risk Management System. This means that the company must evaluate its risks and opportunities, and that it must have system in place to mitigate and action these findings.
To apply for an ISO 9001 certification, you will need a functional Management System in place. This means that the risks relating to the internal and external issues have been defined and mitigated. You will also need to do an internal audit & management review meeting to start the process for continual improvement, which is the foundation for an effective management system.
ISO 9001 is important because it give business leaders a standard on which to base the design of the management system to implement within their companies. From my experience as an ISO 9001 consultant in Malta, I’ve noticed that successful companies would have more than 80% of the requirements within ISO 9001 already in place. This would happen as management within such organizations would start identifying the needs for such system with experience. However, the remaining 20% that’s usually not implemented relates to having a structured system for continual improvement.
The benefits relating to ISO 9001 are that it provides a guideline to set up a system for continual improvement. Most business owners are excellent at seeking what needs to be done to solve customer issues as they crop up. However, few actively implement systems to prevent issues from happening. Another benefit for ISO is that it is widely accepted by suppliers and customers alike as the leading certification to confirm that the business has a recognized management system in place – this means that an ISO certification might result in an increased appeal to the business by external stakeholders.
Efficiency is doing thing in the least time possible. Effectiveness is doing the right things in the most efficient way, which naturally is far more important than just being efficient. Now, ISO 9001 improves efficiency by providing clear instructions on how on how to deal with every circumstance within the business. Moreover, by ensuring that the resources required are constantly available (through the right training, maintenance etc.), there will be less downtime, and therefore more efficiency.
Being ISO 9001 certified means that you have been awarded an ISO Certification by an approved certification body. To get such a certification, the certification body will need to conduct an external audit, to confirm that the company meets all the requirements for an ISO 9001 compliant management system.
ISO 9001 certification is only worth it if the top management of the organization believe in having a structured quality management system. In such a case, there is a strong commitment by the leaders of the organization to ensure that the principles mentioned within the standard are actually implemented within the business – and thus their respective benefits are reaped.
To get ISO certified, you will need to have a management system in place, you’ll need to conduct an internal audit and a management review meeting. Subsequently, you will need to speak with a certification body who will do Stage 1 Audit – desk audit to evaluate that the required documentation is in place. And a Stage 2 Audit – an audit at your offices (similar to what you’d do in an Internal Audit).
The time it takes to get ISO 9001 certified, depends from one organization to the other. For an organization employing around 10 people, with committed management, the process should take less than 6 months.
Hiring an ISO 9001 consultant is highly recommended. This is because an external consultant, with experience on implementing management system will make sure you will not create a bureaucratic system (to try to cater for all the requirements). Therefore, the cost to get ISO 9001 certification would be around €5,000.
ISO accreditation, or as it is more commonly known, ISO Certification, is when you are audited by a certification body (after the work by the consultant has been completed and the management system has been successfully implemented). The cost of certification bodies depend on the number of people within the organization. For a company employing less than 10 people, the cost for ISO accreditation is around €1,000.
Immediately after successfully passing through an external audit, you will be granted an ISO certificate. The duration of such a certificate would be written on the certificate itself. An a certificate for ISO accreditation lasts for 3 years, and will then need to be replaced with a new version.
Accredited certification bodies. Companies seeking to get an ISO 9001 Certification Malta to have quite a few options for local and international certification bodies.
Conclusion re: ISO 9001 Certification in Malta
I honestly hope that the information above is useful to your current needs. If you have any further questions that remain unanswered after reading the above FAQs, or after going through the rest of pages within this website.
Having said that, if you are seeking ISO 9001 Certification Malta and would like to get a quote for ISO certification, feel free to get in touch.