What you should do
Understand Where to start – identify where your current processes fall short of meeting the requirements. This can be done through a self-assessment or operational system evaluation.
Forget a Gap Analysis – beware of this term, and firms offering to do one. Understanding what the gaps are is just the beginning, how to effectively fill those gaps is the critical activity – recommendations should always accompany the findings
Pick a Management Representative - choose someone who is well respected within the organization, knowledgeable of its structure and activities, is objective and able to see the big picture and understand ISO at a higher level.
Set Program momentum – set the correct speed - slow implementations are more disruptive and more likely to stall; fast implementations are expensive and require resources to be directed away from other business activities.
Spread the knowledge – provide management at all levels with an overview of ISO and how to interpret the requirements before the program begins, commitment and buying are vital before and during implementation.
Measure for change – pick measures and metrics that matter to your customers and are important to your organization, meeting requirements is key but the viability of your business is imperative, make sure those measures are built in!
Decentralize control – select an owner for each process, each person will be responsible for defining their assigned process, gaining input from others, and ensuring the process stays current over time.
Document effectively – reflect your way of doing business including required changes and align the implementation of ISO 9001, ISO 13485, AS9100, or TS 16949 with your business objectives and business practices. Keep the documentation simple, flowcharts are the most simple and effective way, and most importantly document the flexibility you need in your procedures.
Carefully select a registrar – develop criteria that is important to you, measure each firm against this criteria - this as a long-term relationship and it is important to pick a firm that is the right fit and has the appropriate credentials for your industry, operating environment and culture
What you should NOT do
False start – never start implementation before an experienced person or a professional conducts an operational assessment to determine exactly what needs to be done. You may go off-track and waste precious time and resources implementing unnecessary items, and missing some crucial tasks.
Over Do It – avoid creating more work for yourself and your colleagues just to comply with ISO. That may mean that you are not aligning the implementation with your business practices and worst of all that the maintenance of the quality management system is going to drive you insane and choke your organization.
ISO in a Can – steer clear of canned documentation or miracle software: there are no shortcuts. If you want to comply with ISO, be certified by a reputable registrar and have a system you ‘want’ to maintain you must do the work of developing a system that is specific to your business needs.
Wrong attitude – beware of getting caught up in the ‘certificate on the wall, mentality. Making operational modifications that effectively meet the ISO requirements will have much larger advantages to your business, that the certificate will pale by comparison and be merely the icing on the cake.
Dedicate a Document Controller – be wary of picking one person to be responsible for developing and changing documents, unless you want to pay for a an ISO dedicated resource, have document changes grind to a halt when they are out of the office, busy or on vacation or have two sets of people make changes (the person key to the process in question and the person who has been nominated the document guru).
Measure too much – don’t collect, review, analyze, act upon and communicate too many measures, it will be overwhelming, resource draining and the important stuff will lose its impact.
Over-document – don’t make the #1 mistake of writing procedures that say more than you can or want to commit to.
Sacrifice operational flexibility – avoid being too rigid when defining your processes to please the auditors.
Artificial or hypothetical – never document things you aren’t doing to please a Registrar, your system will quickly come undone.
Pick the wrong Registrar -- beware of using an obscure registrar or one that is not accredited, they will almost ‘give’ you a certificate for the right price, their ISO certificates are worthless in the eyes of the business community.
