By Phil Chambers
Health & Safety, Environmental and QA Services and Systems


So, you want ISO 9001?

Many companies want to provide good quality products and services but you don’t have to be certified to ISO 9001 for this.  However, having third-party assessment of your QA practices, which is what you get with certification to ISO 9001, gives you a status which is recognised by most clients.  It used to be that ISO 9001 companies were in the minority and this would make them stand out.  Now companies are realising that they are going to be left behind without it.  I know of many companies who have lost contracts because they are not certified to ISO 9001.  Many clients invariably ask for ISO 9001. If they don’t, then tender documents will require you to go in to detail of your QA management systems.

So what is ISO 9001 and how do we go about getting certification?

ISO 9001 is a QA management standard.  Note that it is management standard, not a performance standard.  So it is not a just matter of doing the right thing; it is also how you approach that in an auditable, sustainable and improving way.
Essentially there are two steps to gaining certification:

So how do I go about setting up and implementing management systems?

Before we go any further, I’d just like to recommend that your documentation should be implementation-based.  What I mean by this is that it should be written from the perspective of the users of the different systems and not look like semi-legal documents.  I recommend the following:

It is also worth emphasising two further key points:

Implementation and Operation

Key operations

You will need to identify the stages in your operations and the steps necessary to maintain quality.  Typical stages may be split into Estimation, Order Receipt, Pre-press, Materials Control, Printing, Finishing, Outworking, Despatch and Invoicing.
Where there are decision points in any step, then you need to define who is authorised to make the decision and how is this recorded.  This last point is often the one that gets missed.
Where there may be a problem, you need to define how this may be addressed.  For example, what steps to take if the authorised person is unsure about his decision.  This is not too bad with internal decision makers, but you need to cover how outworking problems are resolved.

Support operations

ISO 9001 requires you to control those operations which support the key operations where these operations are necessary to ensure quality.  Therefore, you need to also address calibration and data back-up.


Many companies fall down when it comes to training records.  People may be competent through experience or training, but you need a system to record this.  I suggest that this system allows for both conventional training courses and an assessment of competence by somebody in authority in the company; you don’t necessarily have to attend a course to become competent but you need some record that somebody has assessed that person for competence.

Checking and corrective action

This is an essential part of the feedback loop that ensures that your system continues to run.  You need two parts to this:

Customer feedback and internal problems

There is the tendency with problems to immediately fix the problem and do nothing more.  You need a system to simply record both customer feedback and internal problems.  Once you have got these, periodically analyse these to determine any root causes.  It is worth categorising the problem, say Late Delivery, when it is recorded.  This doesn’t take any longer at that time and makes life simpler when analysing the data.
Note that, unlike earlier QA standards which seemed to concentrate on consistency, ISO 9001 places emphasis on customer satisfaction.

System effectiveness reviews

This is referred to in ISO 9001 as auditing, but this term means different things to different people and I therefore avoid it.  You need to review each systems to determine:

You will need a schedule of effectiveness reviews and people competent to carry them out.  Some certification bodies require a full set of reviews to have been carried out before certification.  Whilst this may be excessive, you will certainly have to have reviewed all the key systems before certification.
You should also plan to review the operations at any of your key suppliers, say your key outworkers such as spot varnishers.

Management Review

ISO 9001 requires you to have periodic management reviews and actually states the topics to be included.  In the initial stages these may be quite frequent but it may be possible to reduce the frequency later.  I would not recommend have a frequency any longer than every 6 months.  Some companies like to hold them every month.

Making it all palatable

Without a doubt, the stages of setting this up from scratch require quite some effort and companies take one of two routes:

If route [1] is taken, then it is probably acceptable to have systems that require some effort to track any data.  However, most companies do not have the luxury of having such a person.
If route [2] is taken, then provided that a sensible approach is taken to data management, the tasks to run the system should not be at all onerous.
Where SSS have provided the service to set up the system, then a computerised action management system called INTACT comes an inclusive part of the package.  Options within INTACT enable is to be used to manage QA, health and safety and training records.
Essentially, INTACT replaces the majority of the paperwork and all other systems such as spreadsheets and word-processed documents to form an integrated action management system.  All of the data, such as customer feedback, internal problems, system effectiveness reviews, objectives, management meeting minutes are logged within INTACT.  In addition, analysis of data can be done at the click of a button.

Go to Home Page



Whilst you could create a quality policy as the first step, it is best to regard this as being just a draft.  Once you have done the other steps, you will almost certainly have to amend it.


As part of the planning stage, you will need a system to address the 9001 requirement to have, and to manage QA objectives. 
Each objective must have some way of assessing if you have met the objective and a target completion date.  If you use INTACT (see below) then the individual actions towards meeting each objective are linked to the objective and shows
the complete story; very handy when it comes to your certification visits.

ISO 9001 shows the policy to the right