Appendix E Sample ISO 9000 Effort for a 50-Person Company
-
1.
|
Document Review. This is a review (by an ISO 9000 registrar1) of an institution's quality manual that fully describes its entire business system. This document can be an upper-level "policy" document or fully detailed about the system (with the exception of assembly/test instructions).
|
-
2.
|
Pre-ISO Certification Actions. The client has a choice of either a checklist, an initial visit, or a preassessment audit:
(2a) Checklist. This document gives the registrar some basic knowledge about the company and the level of system implementation.
(2b) Initial Visit. This is an on-site visit to discuss document review results, tour the facility, and discuss the upcoming logistics for the initial audit; comments may be made about the system, and a report is generated to summarize the discussions.
(2c) Preassessment Audit. This is a five-day on-site visit to discuss document review results and audit the quality system. After the audit of the quality system is performed, results are recorded and provided to the company. The company may choose to take action on the issues noted (it is highly recommended that they do so, as some of the issues noted may prevent ISO 9000 certification from occurring as quickly as the company may like), but formal corrective action on the issues identified by the registrar is not required.
|
-
3.
|
Initial (certification) Audit. This is a formal six-day audit of the quality system, with nonconformances (i.e., items that do not meet the applicable ISO standard or the company's internal procedures) issued and formal corrective action required in response prior to recommending/issuing the certificate. Certification is good for a three-year period, with six-month periodical (surveillance) audits performed in order to monitor compliance activity.
|
-
4.
|
Periodical (surveillance) Audit. This is a formal audit of the quality system, with nonconformances issued and formal corrective action required. These audits require approximately 1.5 days and are performed every six months during the first three-year cycle of the certificate. Several elements are covered during the audit, with the following elements reviewed at each audit: management responsibility, quality system, document and data control, corrective and preventive action, and internal quality audits.
|
-
5.
|
Renewal/Certificate Extension Audit (at the end of the three-year cycle). The time required will vary, as some audits are an extended periodical audit, whereas other audits can include a complete audit of all applicable elements (similar to an initial audit).
|
|
The costs of the above items will vary between registrars. The internal costs at the company (the cost of company personnel, equipment, and other resources) will be significantly greater than the cost of the registrar's audit.