Appendix E Sample ISO 9000 Effort for a 50-Person Company

  • 1.  

    Document Review. This is a review (by an ISO 9000 registrar1) of an institution's quality manual that fully describes its entire business system. This document can be an upper-level "policy" document or fully detailed about the system (with the exception of assembly/test instructions).

  • 2.  

    Pre-ISO Certification Actions. The client has a choice of either a checklist, an initial visit, or a preassessment audit:

    (2a) Checklist. This document gives the registrar some basic knowledge about the company and the level of system implementation.

    (2b) Initial Visit. This is an on-site visit to discuss document review results, tour the facility, and discuss the upcoming logistics for the initial audit; comments may be made about the system, and a report is generated to summarize the discussions.

    (2c) Preassessment Audit. This is a five-day on-site visit to discuss document review results and audit the quality system. After the audit of the quality system is performed, results are recorded and provided to the company. The company may choose to take action on the issues noted (it is highly recommended that they do so, as some of the issues noted may prevent ISO 9000 certification from occurring as quickly as the company may like), but formal corrective action on the issues identified by the registrar is not required.

  • 3.  

    Initial (certification) Audit. This is a formal six-day audit of the quality system, with nonconformances (i.e., items that do not meet the applicable ISO standard or the company's internal procedures) issued and formal corrective action required in response prior to recommending/issuing the certificate. Certification is good for a three-year period, with six-month periodical (surveillance) audits performed in order to monitor compliance activity.

  • 4.  

    Periodical (surveillance) Audit. This is a formal audit of the quality system, with nonconformances issued and formal corrective action required. These audits require approximately 1.5 days and are performed every six months during the first three-year cycle of the certificate. Several elements are covered during the audit, with the following elements reviewed at each audit: management responsibility, quality system, document and data control, corrective and preventive action, and internal quality audits.

  • 5.  

    Renewal/Certificate Extension Audit (at the end of the three-year cycle). The time required will vary, as some audits are an extended periodical audit, whereas other audits can include a complete audit of all applicable elements (similar to an initial audit).

The costs of the above items will vary between registrars. The internal costs at the company (the cost of company personnel, equipment, and other resources) will be significantly greater than the cost of the registrar's audit.

1  

A registrar is a company that provides ISO 9000 certification services (e.g., Initial Certification Audits), where an employee of the registrar who conducts audits is an auditor.



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement



Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.

OCR for page 63
--> Appendix E Sample ISO 9000 Effort for a 50-Person Company 1.   Document Review. This is a review (by an ISO 9000 registrar1) of an institution's quality manual that fully describes its entire business system. This document can be an upper-level "policy" document or fully detailed about the system (with the exception of assembly/test instructions). 2.   Pre-ISO Certification Actions. The client has a choice of either a checklist, an initial visit, or a preassessment audit: (2a) Checklist. This document gives the registrar some basic knowledge about the company and the level of system implementation. (2b) Initial Visit. This is an on-site visit to discuss document review results, tour the facility, and discuss the upcoming logistics for the initial audit; comments may be made about the system, and a report is generated to summarize the discussions. (2c) Preassessment Audit. This is a five-day on-site visit to discuss document review results and audit the quality system. After the audit of the quality system is performed, results are recorded and provided to the company. The company may choose to take action on the issues noted (it is highly recommended that they do so, as some of the issues noted may prevent ISO 9000 certification from occurring as quickly as the company may like), but formal corrective action on the issues identified by the registrar is not required. 3.   Initial (certification) Audit. This is a formal six-day audit of the quality system, with nonconformances (i.e., items that do not meet the applicable ISO standard or the company's internal procedures) issued and formal corrective action required in response prior to recommending/issuing the certificate. Certification is good for a three-year period, with six-month periodical (surveillance) audits performed in order to monitor compliance activity. 4.   Periodical (surveillance) Audit. This is a formal audit of the quality system, with nonconformances issued and formal corrective action required. These audits require approximately 1.5 days and are performed every six months during the first three-year cycle of the certificate. Several elements are covered during the audit, with the following elements reviewed at each audit: management responsibility, quality system, document and data control, corrective and preventive action, and internal quality audits. 5.   Renewal/Certificate Extension Audit (at the end of the three-year cycle). The time required will vary, as some audits are an extended periodical audit, whereas other audits can include a complete audit of all applicable elements (similar to an initial audit). The costs of the above items will vary between registrars. The internal costs at the company (the cost of company personnel, equipment, and other resources) will be significantly greater than the cost of the registrar's audit. 1   A registrar is a company that provides ISO 9000 certification services (e.g., Initial Certification Audits), where an employee of the registrar who conducts audits is an auditor.