Whether a seasoned vet or seeking certification for the first time, preparing for an ISO audit can be a daunting task. But with the right plan of action and proper organization you can have confidence that your company will pass with flying colors. Consider these tips for a stress-free and successful audit process.
Know Your Standards
It may seem obvious, but before anything else you must know what standards apply to your business or industry. What certifications are you required to have (if any) and what standards you may be expected to comply with for quality assurance and peace of mind for your customers.
Some ISO standards are required for certain industries. The automotive quality management standard ISO/TS 16949 that is required of many Tier 1 supply chain companies. But many standards are completely optional, providing an extra layer of reliability to show the world you care deeply about the products and services you provide to your clients. For example, ISO 9001, the general quality management system standard, is not a requirement but over 1,000,000 companies worldwide certify to it for its credibility.
Not sure where to start? Here are the top 10 most popular standards and the industries they’re most applicable for.
Once you know what standards apply to your organization, decide which one(s) are the most necessary and focus on those. Take the process one step and one standard at a time and avoid overwhelming your team. Don’t take on more than you can accomplish in a reasonable time-frame.
Read and Review the Standard
After you’ve determined what standard you will tackle, you need to familiarize yourself with all that it entails. This means briefly reading through the entire standard before jumping into anything substantial.
Most standards aren’t more than 30 pages and focus on management processes. They help a company put plans in place as opposed to issuing a rigid checklist to follow. Avoid any mishaps and extra frustration by having your team get to know the standard you will be working with.
As you read, it may be beneficial to keep note of things in the standard that your company already does as well as anything you know your company doesn’t currently do. If each member of the team does this and compares notes you will have an easier time determining where to focus the most energy.
Align Company Policy to the Standard
After everyone on the team is familiar with the standard, compare notes and existing company policy to the requirements. This will help to get organized and realize the true scope of work you are about to take on.
Hold a management meeting to determine what needs to be improved upon and identify any gaps in the competency of your employees and organization. Senior management should be held accountable and given the power to make process changes within their department. They should be involved with quality at every level.
Determine what documented policies you have that comply, ones you have but could use some work, and any you need to create from scratch and assign the appropriate people to take on the challenges.
Create Necessary Documentation
Each standard has a set of required documents your organization will need to create to be compliant. Depending on how formal your processes are, you may already have some or most of the requirements documented.
If you plan to maintain and continuously improve upon your certification, it may be wise to format your existing and newly created documents in a way that follows the standard. This will not only help you stay organized throughout the process but will help your audit run smoothly as the auditor will know exactly what they are looking at. It could also be beneficial for future re-certification if your standard undergoes a revision.
ISO certification is all about being able to prove your organization is compliant. Whether it is your first audit or not, companies can always improve, so being honest about your procedures and any shortcomings upfront will only help you to pass an audit.
Document, Document, Document!
In addition to the required ISO documents, it is especially important to have well organized and maintained training records for all employees, so the auditor can easily identify the competency of any employee at any time.
To simplify this process, we recommend having all documents and data stored electronically. Nothing slows down an audit more than an auditor sifting through piles of paper to find what they need. Maintaining electronic documentation makes it easier to find, allowing an organization to send anything to the auditor at a moment’s notice.
Whether the entire management team writes the required documents or just a few, it is recommended to have them checked by a consultant and to perform a mock audit to make sure all documentation covers what it needs to before the real deal.
Prepare for the Real Thing with a Mock Audit
Whether you have been through the audit process before or it is your first time, hiring a consultant and going through a mock audit can be instrumental in passing the real one. It will help your company identify weaknesses and gaps in their processes that will need to be remedied in order to pass.
There are many organizations as well as individual consultants who offer mock audit services. We’ve worked with a bunch of seasoned consultants with various expertise and backgrounds, contact us for a recommendation! There are consultants for standards including ISO 9001, 27001, 14001, and more.
After the mock audit is performed, depending on the findings your organization might need to make further changes to their processes or documentation, but hey that’s what the trial run was for! Once you have made all necessary, it’s time to schedule the main event.
Most fears of external audits come from not knowing what to expect. If you have gone through these steps and hired a consultant for help, these fears should be alleviated. ISO9000 Resources urges companies to remember that they are the customer in an audit, and that the auditor is “Not trying to uncover dirt that they can expose to world and discredit you. They are there to help you by finding flaws (hopefully minor) in your system that you might not find by yourself”
As long as you’re prepared and have all documentation, there should be nothing to worry about. And even if there are gaps in competency, as long as it can be proved that there are systems in place to remedy them, a company can still pass an audit – that is where organized documentation is crucial.
And remember, the auditor is your resident expert on the standard you want to certify to. So don’t be afraid to ask any questions you may have! Rely on your auditor for advice, they are usually more than happy to help you work out any problems you are facing.
Post ISO Audit Highs and Woes
An ISO audit is all about continuous improvement. If you pass, congratulations, you have taken the necessary steps to certify to an ISO standard! And it is important to continually keep up with the great quality management and processes that enabled your organization to pass in the first place.
And if an auditor has any findings, these will go in a non-conformance report (NCR). According to ISO9000 Resources, there are three types of findings: Opportunities for improvement, minor findings, and major findings. Opportunities for improvement and minor findings are normal and do not bar an organization from being certified.
They may be as simple as comments to think about for the next audit, or may be minor corrections that need to be made. It is normal to have as many as 10 of these, and Quality Digest says “If the company got, for example, two, five, or seven minor nonconformities, the organization should feel great because if appropriate corrective action is submitted for review to the registrar, they will be recommended for certification.”
Even major findings are not the end of the world, they simply are identifiable gaps in compliance, which can be remedied before scheduling a follow up audit. The good news is you have now identified weaknesses and shortcomings in your company, and can now work to improve upon those. Ask the auditor questions and rely on their expertise to determine what should be the next move, and how to pass in the future.
The Importance of Competence
You’ve prepped your documents, hired a consultant, preformed a mock audit and you’re feeling good about your system, hooray! While your ISO certification is dependent on all the hard work you’ve done to document your processes, the true meaning and objective of having an ISO certified system is to prove to your clients that your organization is competent and preforming at the highest level possible.
Therefore, employee competence should be one of your top priorities and something you work to improve every day. Competence can be a tricky thing to measure, with so many factors contributing to a person’s competence. Training is a big part of it, but you can’t rely solely on an LMS to create a competent workforce. Field experience, witnessing, certifications, and degrees are just a few other major contributors that are forgotten by most LMS’s. Failing to acknowledge them creates gaps in an organizations competence assessment.
Having a system that realizes the different nuances in a competent workforce will help your company continuously improve the quality, efficiency, and value of your products and services. CABEM’s Competency Manager is the first out of the box software application dedicated to maintaining and proving a competent workforce, designed specifically with standards and regulated industries in mind. Learn More.