ISO 9001 Certification Malta is a major milestone for all forward-looking businesses. That said, the first step to getting this prestigious certification is relatively daunting for business owners.
Below is an in-depth, 50-minute video that will go through all the details relating to ISO 9001.
Hi, I am Luke Desira and for the past 10 years, I have been helping companies to achieve ISO 9001 Certification in Malta.
As my first job, I was an R&D Engineer With an international medical device company in Malta. Which made me realize that too many procedures were stopping me from giving my optimal performance.
For example: to change a form, we had to fill in another form… that was 15 pages long. And felt that it wasn’t the right environment for me to work. As it restricted my creativity.
I was then recruited by a construction company where my job was to set up a new company within the group of companies.
But I was surprised to realize that they did not have systems on how to do work on how to do a quote, or how do the profit & loss after a job. And I soon realised that not even this was the right environment for a person to work at their optimal performance during their day a work.
In the meantime I was reading for a Master of Science with the University of Malta on how companies can use Management Systems to improve. Which is how I first encountered ISO 9001 as one of the management systems.
I was evaluating management systems, and during my research ISO 9001 proved to the standard that met all my requirements for a world-class management system
- It helps companies improve it is a standard that
- some clients and/or suppliers would need from companies they work with
- and for Maltese Companies the Government offers funding opportunities for a company to get ISO 9001 Certified or for another ISO Certification.
So 10 years ago, I had decided to as the foundation through which I can help clients find the middle-ground.
Neither having too many procedures that kill creativity and neither having no procedures. Always starting from scratch.
ISO 9001 Certification in Malta: a Deatiled Explanation
And so, without further ado Let’s talk about today’s topics.
We’ll start with the history of ISO 9001 and the implementation process.
We will go through the 10 Clauses of ISO 9001, and it’s good to know that other ISO management systems are based on the structure that we’ll talk about during this session about ISO 9001.
We’ll go through the documents required for an ISO 9001 Certification in Malta.
And we’ll go through the supporting system and talk about the systems we need to run ISO Certification
We’re going to talk about Internal & External Audits
And we’re going to talk about what you need to do to maintain your ISO 9001 Certification in Malta.
History of ISO 9001
The 2 World Wars
Like most other things, unfortunately ISO was conceptualized during a war. During World War 1, the Allies had a problem, whereby the bombs they were dropping on enemy territory were not exploding.
Which was a problem, but not an enormous problem. It surely wasn’t as big as the problem they had in World War 2. In World War 2, the bombs were exploding within the factories of their subcontractors. And this was a problem because 1) people were dying and 2) in the context of a war, the bigger problem was that supply was disrupted. And this was interfering with the manufacturing plans of bombs that they needed for the ongoing war.
With this in mind, the Allies came up with the idea of asking all their subcontractors to write procedures on the systems they are using to manufacture the bombs and naturally, everyone did the procedures in the best way they could – how they thought was best.
And the Allies had a problem to try to understand the logic behind the reasoning that each company has used to design and build their procedures. And that’s how the first standard was created.
Where the Allies told the subcontractors to follow a specific guideline to create a Management System, with the same structure as other subcontractors. And this would then help the Allies to figure out the root cause of the problem, of why the bombs were exploding.
And this was the first version of Management System in the World which has evolved over time.
Versions of the Standard for ISO 9001 Certification in Malta
The first version of ISO 9001 was launched in 1987, and the standard is updated roughly every 8 years. The last version of ISO 9001 is of 2015 and the one before that was of 2008.
So this means that when we see ISO9001:2015 We are seeing the version of the standard, in this case, 2015.
Changes within the standard
And with time, the standard was tailored more to tailored companies. During the war, the World was manufacturing-based and over time the service industry was growing rapidly, and the standard was updated to also meet the needs of service companies.
Misconceptions about the Standard
And at this stage, I would appreciate it if you could put aside all knowledge and background of what ISO 9001 Certification in Malta is. And you would jump into this session with an open mind of what is ISO Certification. The standard can be interpreted in different ways. Because of my background where I have always strived to help companies find the middle way to not have too many procedures but neither too little.
I have always strived to simplify the standard in a way that would help my clients fully benefit from ISO Certification but also that bureaucracy doesn’t hinder our work. The world is complex enough!
Timeline for achieving ISO 9001 Certification in Malta
So let’s start with the timeline. The process that a company needs to follow to get ISO Certified.
The first step is the Gap Analysis. Whereby we would study the current systems to meet the requirements of your clients. How you are currently doing the sales, purchasing and operational processes.
And if you have any other systems, like gathering customer feedback or if you have a list of approved suppliers, and if you do some kind of evaluation to these suppliers.
From that we will define the systems that you currently have and the requirements of the ISO 9001 standard and this will highlight the gap – where you are now, to where you have to be to be compliant to the ISO 9001 standard.
Once the gap analysis is done, we’ll move onto the implementation where we will review the systems that we need to improve and implement so that your company bridges the gap. To ensure that what you are doing reflects the requirements of the standard and we will ensure that these systems are working.
Choosing Certification Body
The final step to get certified is to contact a Certification Body to get the certification.
Benefits of ISO 9001 Certification in Malta
A quick overview of the benefits of ISO Certification.
Management by Data
This is where the standard asks us to collect data about our processes and while collecting this information. Management can take decisions based on data. Not based on hunches. or on what “I” think. But we’ll have the numbers to help us take decisions in a scientific and concrete way.
Reduced wasted time
The 2nd benefit is to reduce wasted time. In most cases, when going through the processes of a company we will be questioning “Why” are things happening this way And by asking “Why” we might discover things that are done like that because “that’s how we always did it” and so, during the ISO Certification process, we will have many opportunities to find new ways of doing things because the old system doesn’t add value. and the more of these discoveries, we will reduce wasted time in systems that have evolved overtime, but that we did not really need.
The 3rd benefit is that if you are going to involve your staff to identify areas for improvement employees will feel like they are being heard. and that their opinion matters. and therefore we should see a boost in the staff morale, because their employer values their opinion.
Clauses for ISO 9001 Certification in Malta
And now we are going to jump right into the Clauses of the Standard.
The ISO 9001 Standard has 10 Clauses and these clauses are shared with other ISO Management Systems.
Other Management Systems
So for example ISO 14001 would have 10 Clauses ISO 27001, ISO 45001.
All these Management Systems are all built on this structure of 10 Clauses. And each would have their own focus. For example ISO 27001 would focus on Information Security ISO 14001 will focus on the Environment ISO 45001 will focus on Health & Safety and they are all using the same structure.
And so, when working with clients, I prefer starting with ISO 9001. Why?
Because ISO 9001 is a Quality Management Systems Now, what is Quality? Quality is giving the customer, what was agreed. So we need to know the requirements, to know what was promised. And we will have an operational system to give the client what was agreed and by talking about sales and operations, we will be covering the critical elements that your company does to serve your client. And that is what ISO 9001 is about.
When we are looking into other Management Systems, like Environment, Health & Safety, and others we will once again look at the systems that we follow to give our clients the service or product but we will do it from a different point of view. we will do it from an Environmental, a Health & Safety, or from an Information Security point of view. so when starting with ISO 9001, we will have the foundation from where to start so that we seeking other certifications, we will know what to focus our efforts on when it comes to these different points of views (other ISO Certifications).
10 Clauses of ISO 9001 Certification in Malta
Let’s look at the 10 Clauses with are the requirements of ISO 9001:2015. I personally think that the first 3 Clauses don’t add much value.
Clause 1 talks about an overview of the relevant ISO Certification and I like adding the organization chart, so that we can start seeing the people involved in the given organization. The second Clause talks about the purpose of the Management System like who has access to the system. In the 3rd Clause, we’re going to see the Terms & Definitions, like the acronyms used within the company, like “PO” refers to “Purchase Order”. So that if a new person is looking at the management system, they will have a reference to understand each acronym used. I believe that the first 3 Clauses don’t add much value. But from Clause 4 onwards, the standard will help us to improve our business.
In Clause 4, the standard asks us to discuss the Internal & External Issues of the company and issues don’t necessarily mean problems. It refers to factors that we have to consider. Which is where we’ll do a SWOT & PESTLE analysis.
SWOT is Strengths, Weaknesses, Opportunities & Threats
PESTLE is Politics, Economical, Social, Technological, Legal & Environmental analysis
A SWOT & PESTLE Analysis is done to define the Internal = we have direct control over and even the External = we have no direct control over but that could still affect our business in a positive or negative way.
The 2nd thing that we’ll consider in Clause 4 is the Interested Parties which refers to anyone who has some kind of interest in our business. These could be shareholders, clients, employees suppliers, Government Entities. The needs of each of these Interested Parties have to feature in our Quality Management System.
Scope of Certification
The last topic in Clause 4 is the Scope of the QMS – Scope of Certification which is a collection of 4/5 words (and sometimes longer) that gives an accurate summary of what your company does.For example, for a company that sells kitchens, we could say “Design & Manufacture of Kitchens” which is just an example. Or we could say “Manufacturing of Plastic Injection Moulded Parts” or “Provision of Accountancy & Corporate Services”. So the scope of Certification gives a good overview of the value added by the company to its clients. And the Scope of Certification will be on your ISO 9001 Certificate, once certified.
I’ll have to say that there is an element of repetition in the standard. and so for now I will be talking about each individual Clause. In a few minutes, we’ll review all the requirements of the standard in a Signature System that I have developed over the years, or how to better grasp this standard.
Clause 5 talks about leadership. Leadership is about Top Management driving improvement and committed to proving the customer what was agreed = customer focus.
The second thing that we need to consider is the Quality Policy. Which is the vision that we have for the quality of our products and services. Where do we want to be?
And here we can use ‘fancy’ words for example “we are committed to providing the client with an excellent service” or “delivering an on-time service.” And these are statements that can be used freely. And yet the Quality Objectives (that are discussed in the next Clause) we need to translate these statements into numbers.
And the last thing to consider is leadership towards continual improvement. I like stating that get ISO Certification doesn’t mean that you have an International Level of Quality but it means that you run a Management system that allows you to have information on what is working and what’s not.
From there you can know what is creating such positive and negative effects.
And therefore, we will also be able to improve our company from one year to the next, and that is the point of continual improvement and the point of a Management System.
Risks & Opportunities
Clause 6 talks about Risks & Opportunities which we would have identified in Clause 4 where we had mentioned the internal/external issues (factors) of the company by doing a SWOT & PESTLE analysis to identify. To define factors that have a positive effect (opportunities) or negative effect (risk) and we will need to prioritize these risks & opportunities and we will define the ones that are most worthy to pursuit and therefore to implement.
To mitigate risks and seize opportunities.
The Quality Objectives refers to goals – which are numbers since objectives have to be SMART and relate the vision that we had defined in the Quality Policy. So if in the quality policy we have stated that we want to give “an on-time delivery”.
To have a SMART Objective (Specific, Measurable, Attainable, Realistic & Timely). So a SMART Objective for on-time deliveries for a company that manufactures kitchens, we could say that “97% of our kitchens will be delivered on time throughout the year”.
Here the goal is Specific (delivery of the kitchen on time) Measurable (since we have a number to measure). Attainable (because from experience we know that this goal is ambitious but reachable). Realistic (it is possible for us to collect the information and to do the process to reach this goal). And Timely (because we said that 97% refers to the overall result of a particular year)
Planning Changes is the last requirement of Clause 6 defines the systems that we are to have in place to mitigate risks and seize opportunities and systems to make sure we reach the quality objectives.
Clause 7 talks about the resources that are needed to run a company to give our clients the promised product or service – the people, the equipment and documented information.
Now equipment refers to manual tools are needed if you do hands-on work like tools/machines that we use on-site, at our clients, or within our own premises. But also refers to other equipment like computers, mobiles, vans, cars…
Equipment that you use in your day-to-day running the business, to give the customer the agreed product/service.
Another element within the equipment list is the infrastructure. The infrastructure needed to run your company. Like your office, the internet connection, the provision of electrical energy and based on the risk-factors that we will identify (and prioritise) we will decide accordingly.
So a software house that runs in-house servers that host client information cannot afford to be without electrical power or without an internet connection, so, in this case, we will consider having back-up internet and backup electricity, just in case we lose internet or electrical energy.
So that we could mitigate that risk = stop something from happening, which might be something that stops us from giving our clients what we had promised.
The second resource that we need to do the work required which might as well be the most important resource, is people. For everyone in our team, we will ensure that they have the competence to do the work as per the job description and to define the training that is needed for each different job description.
Naturally, ISO 9001 and other ISO Management Systems can be implemented by different types of companies. Software houses, manufacturers of kitchens, hospitals, supermarkets… There are myriad different industries that get ISO 9001 Certification.
You could say that all industries can get ISO 9001 Certified, and therefore this standard cannot tell you exactly how you need to do something. It will not be able to give you a list of technical training modules to cover with an employee because that list can make sense for one company, but not for another company in another industry.
Therefore, for example, as regards people, the standard will ask us to ensure that all employees have the skills they need to do the work they are intended to do, as define in their job description. If there are any missing skills (training-gap) as a company, you will deliver such training (on the job, external etc). And once the training is done, we need some kind of proof to ensure that the training has really been done.
The 3rd type of Support that is required to run the business is Documented Information. Which refers to papers, software, excel sheets, word documents – all the different systems we have to collect the information we need and to communicate with clients, suppliers, and internally.
FAQs for ISO 9001 Certification in Malta
ISO 9001 Certification Malta is an ideal step forward for businesses committed to continual improvement. In 2012, I have set out on a mission to help local businesses to implement this prestigious standard. It is my great passion to help businesses implement this standard. With that in mind, I have created this page with answers to the most frequently asked questions.
ISO stands for International standardization organization. The role of this organization is to harmonize the various standardization bodies around the world to ensure that seamless standards exist throughout.
As management consultants, we are mostly interested in the ‘Management Systems’ that are issued by by ISO.
There are various ‘Management Systems’ issued by ISO, including ISO 9001 (Quality), ISO 14001 (Environment), ISO 45001 (Health & Safety), and ISO 27001 (Information Security). As can be noted, each Management System caters for different needs. Therefore, the best ISO Certification depends on your business’ needs. That said, we believe that ISO 9001 is the foundation for any other management system.
ISO 9001 is an International Standard relating to Quality Management. The standards sets out the basic principles on what must been considered when designing, and implementing a management system. Moreover, through ISO, there is a certification process, that allows companies to notify their clients, suppliers and partners of their certification. This is a regulated certification, given that the certification body (which issues the certification), passes through an accreditation process – thereby they too are checked for compliance.
According to ISO.org ISO 9001 is “a standard based on a number of quality management principles including a strong customer focus, the motivation and implication of top management, the process approach and continual improvement.”
The first version of ISO 9001 was launched in 1987. Since then, the standard has been updated every 8 years. The latest update of the standard was in 2015. Therefore, the current version of the ISO 9001 standard is ISO 9001:2015. Note that the final digits in the standard name, relate to the year in which the standard was issued.
ISO 9001 can be implemented by any type of organization – irrespective of the product or service it offers. This means that the standard has not been designed in a way that tell you ‘how’ to do something, but rather advises on ‘what’ needs to be considered. Primarily, the most important requirement of certification for ISO 9001:2015 is to have a Risk Management System. This means that the company must evaluate its risks and opportunities, and that it must have system in place to mitigate and action these findings.
To apply for an ISO 9001 certification, you will need a functional Management System in place. This means that the risks relating to the internal and external issues have been defined and mitigated. You will also need to do an internal audit & management review meeting to start the process for continual improvement, which is the foundation for an effective management system.
ISO 9001 is important because it give business leaders a standard on which to base the design of the management system to implement within their companies. From my experience as an ISO 9001 consultant in Malta, I’ve noticed that successful companies would have more than 80% of the requirements within ISO 9001 already in place. This would happen as management within such organizations would start identifying the needs for such system with experience. However, the remaining 20% that’s usually not implemented relates to having a structured system for continual improvement.
The benefits relating to ISO 9001 are that it provides a guideline to set up a system for continual improvement. Most business owners are excellent at seeking what needs to be done to solve customer issues as they crop up. However, few actively implement systems to prevent issues from happening. Another benefit for ISO is that it is widely accepted by suppliers and customers alike as the leading certification to confirm that the business has a recognized management system in place – this means that an ISO certification might result in an increased appeal to the business by external stakeholders.
Efficiency is doing thing in the least time possible. Effectiveness is doing the right things in the most efficient way, which naturally is far more important than just being efficient. Now, ISO 9001 improves efficiency by providing clear instructions on how on how to deal with every circumstance within the business. Moreover, by ensuring that the resources required are constantly available (through the right training, maintenance etc.), there will be less downtime, and therefore more efficiency.
Being ISO 9001 certified means that you have been awarded an ISO Certification by an approved certification body. To get such a certification, the certification body will need to conduct an external audit, to confirm that the company meets all the requirements for an ISO 9001 compliant management system.
ISO 9001 certification is only worth it if the top management of the organization believe in having a structured quality management system. In such a case, there is a strong commitment by the leaders of the organization to ensure that the principles mentioned within the standard are actually implemented within the business – and thus their respective benefits are reaped.
To get ISO certified, you will need to have a management system in place, you’ll need to conduct an internal audit and a management review meeting. Subsequently, you will need to speak with a certification body who will do Stage 1 Audit – desk audit to evaluate that the required documentation is in place. And a Stage 2 Audit – an audit at your offices (similar to what you’d do in an Internal Audit).
The time it takes to get ISO 9001 certified, depends from one organization to the other. For an organization employing around 10 people, with committed management, the process should take less than 6 months.
Hiring an ISO 9001 consultant is highly recommended. This is because an external consultant, with experience on implementing management system will make sure you will not create a bureaucratic system (to try to cater for all the requirements). Therefore, the cost to get ISO 9001 certification would be around €5,000.
ISO accreditation, or as it more commonly known, ISO Certification, is when you are audited by a certification body (after the work by the consultant has been completed and the management system has been successfully implemented). The cost of certification bodies depend on the number of people within the organization. For a company employing less than 10 people, the cost for ISO accreditation is around €1,000.
Immediately after successfully passing through an external audit, you will be granted an ISO certificate. The duration of such a certificate would be written on the certificate itself. An a certificate for ISO accreditation lasts for 3 years, and will then need to be replaced with a new version.
Accredited certification bodies. Companies seeking to get an ISO 9001 Certification Malta have quite a few options for local and international certification bodies.
Conclusion re: ISO 9001 Certification in Malta
I honestly hope that the information above is useful to your current needs. If you have any further questions that remain unanswered after reading the above FAQs, or after going through the rest of pages within this website.
Having said that, if you are seeking ISO 9001 Certification Malta and would like to get a quote for ISO certification, feel free to get in touch.