Achieving success with ISO 9001 - it's easier than you think!
#008 Gain a competitive edge while improving customer satisfaction, delivery, and profitability.
Ready to take the plunge into ISO certifications? In newsletter #005, The Small Business Starter Kit, I covered steps needed for growth to include the requirement for ISO9001:2015 to onramp Government Wide Acquisition Vehicles.
It's time to leave your comfort zone and take a leap of faith, just like exiting a high-performance aircraft while in flight. For those of you lucky 😂 enough to have attended U.S. Army Airborne School, you know the problem isn't how physically difficult the school is but trusting your equipment and overcoming the fear of committing to the jump door. Sure, ISO 9001 may seem intimidating and difficult at first, but the process is designed to help you succeed (and survive the ground).
ISO 9001:2015 is a quality management system (QMS) that can be used by any organization, large or small, in any sector. The 2015 revision of ISO 9001 is the most recent. The ISO 9001:2015 standard provides a number of benefits for professional services companies. By introducing the quality management system, it enables a company to demonstrate their commitment to providing high-quality services consistently and continually improve processes to better serve customers. This in turn helps build customer confidence and loyalty as well as gaining a competitive advantage in the market. Small Business (SB) leadership should view the ISO 9001 QMS as a guide to how your business executes operations aligned to your business plan objectives. Based on my previous experience going through the initial certification process, I can attest the ISO preparation process makes you think critically about how you are managing the business, where improvements should occur, and defines a standard way of conducting your business activities. Quite honestly, I would recommend you start your business aligned to the standards, prior to any certification. Â
ISO 9001 certification can help achieve cost savings, reduce waste, and grow business profitably over time. It requires identifying risks and opportunities associated with products/services and managing them effectively throughout the supply chain. Utilizing performance metrics such as those outlined in the standard ensures that companies can measure, monitor, and control activities that affect quality objectives, ensuring consistent delivery of reliable services. The company assigns a quality manager who ensures the company is following their standard processes, and everyone at the organization receives initial and annual quality training. A 3rd party audits and certifies the company is compliant with the quality management system annually.
From the government’s perspective, many GSA Government Wide Acquisition Vehicles incentivize companies to obtain a minimum of the ISO 9001:2015 certification through certification requirements during the proposal process. This includes onramps for new vehicles like OASIS+, but also current vehicles such as OASIS, ALLIANT, 8(a) STARS III, and others. Companies with an ISO certification provide the government with a layer of trust that SB have internal processes and are following them.
Implementation Steps
There are a number of steps involved in implementing ISO 9001:2015, including conducting a gap analysis, developing a quality management system (QMS), and obtaining certification from an accredited body. Additionally, SB will need to ensure that all employees are trained on the new quality management and implementation. This can be as simple as including a short presentation alongside your initial and annual security briefing requirements.
One of the requirements of ISO 9001:2015 is that organizations develop and maintain several documentation items, including a quality policy, quality objectives, BD opportunity pipeline, and a process map for how your business functions. Additionally, you will need to keep records of all nonconformities and corrective actions taken. Most of these required policies or documents you are likely conducting already if you are executing a prime contract or subcontract.
Management must take responsibility for the effectiveness of the QMS. This includes ensuring that all employees are aware of the QMS requirements and that they understand their roles and responsibilities within it as an overhead person or a billable contractor at a government facility. Additionally, management must establish procedures for monitoring and measuring performance against quality objectives, with most of this requirement being conducted through everyday business tracking functions.
Small Businesses need to ensure that they have adequate resources in place. This includes personnel assigned roles for growth (BD, proposal, Capture), human resources, security, contracts, as well as financial and physical resource tracking. Additionally, one needs to put in place procedures for managing changes to resources or operating processes so that the QMS remains in place or is modified to accommodate the changes.
Organizations need to ensure that their processes are designed to achieve their quality objectives, and that they are regularly reviewed and updated as necessary. Additionally, organizations need to put in place procedures for controlling nonconforming products and for taking corrective action when required.
Breaking down the Quality Management System(QMS)
The goal of a overarching QMS document isn’t to be comprehensive and host all policies. The QMS should point to your data management file server where those policies are kept and be able to show you’re executing those policy actions every day conforming to those policies.
A great example of this would be the BD process outlined in section 6. We all should understand the Shipley Business Development process or execute a similar process. In section 6, the QMS should be able to point (or link) to a document (on your SharePoint or business Google drive) which outlines your process for identifying, assessing, and capturing BD opportunities alongside a link to your BD pipeline where you actively are tracking those opportunities. The policy states you will conduct BD in a specific manner, and the pipeline shows the actions you are taking in line with that policy.
You don’t necessarily want the QMS document to host the actual policy or BD Pipeline as changes occur. All corporate documents and templates are required to include a storage, record control, revision, and archive/destruction plan. This may be most familiar and very similar to those who have worked with government classification guidelines and markings.
The first four parts of the ISO 9001:2015 QMS are defined as the Introduction, Management Approach, Quality Management Structure, and Context of the Organization. The Introduction provides the scope and purpose of the QMS, while the Management Approach section outlines the organization's approach to managing the QMS. The Quality Management Structure (org chart highlighting workflows) part defines how the organization's departments and processes work together for quality management purposes. Finally, the Context of the Organization emphasizes that all actions taken by individuals within the organization should be done keeping in mind customer needs and expectations, scope of the QMS to include exclusions, and process for implementing through documentation.
Section 5 covers a more in-depth look at Leadership, covering leadership and commitment & customer focus, Policy, Organizational roles, responsibilities, and authorities. Leadership commitment identifies who and what the commitments to quality will be. Â The policy portion points the QMS to where the internal policy documents are stored and disseminated. Lastly, section 5.3 includes by name roles, responsibilities for processes, and delegation of authorities.
Section 6 includes planning considerations and a framework to address business risks and growth opportunities. This would include identifying risks to revenue (through a risk register), business continuity details, and links to your corporate BD process and pipeline. Quality objectives and plans to achieve them should point to an over-arching qualify objectives policy, then link down to each individual prime or subcontract’s requirements for execution and delivery. Lastly, you should have a plan to document how changes will occur to the above-mentioned areas.
Section 7 details internal and external resourcing requirements, the people, infrastructure, monitoring and organization knowledge to execute the QMS. A part of this section aligns to your HR processes such as recruiting, employee onboarding procedures, and initial training for company introduction, corporate policies, quality management, timekeeping, and security briefings. This section includes how we determine employee qualifications or competence, awareness, and communication. Lastly, it covers documentation, which includes storage, record control, revision, and archive/destruction corporate policies and where to locate them.
Section 8 covers Operations. The first area helps you to identify planning and product control considerations. Since we are professional services companies that aren’t building widgets that require product control, we reference back to our HR processes in section 7.  The next area covers requirements for products and services which needs to be very high level as individual government contracts dictate contract specific requirements in the PWS or SOW. Control of externally provided processes, products and services should cover subcontracting practices, any vendors or suppliers for IT such as email, timekeeping system, financial systems, marketing, or the like. Production and Services provisions are also covered which should include how you execute contractual agreements such as Non-Disclosure Agreements, Teaming Agreements, Letters of Intent, Subcontracts, Intellectual Property or physical property of partners /clients, and document control/preservation of those items. Lastly, we want to identify our policy for nonconforming outputs, products, and services and how we would correct and document the changes.
Section 9 covers Performance Evaluation to include regularly monitoring, measuring, analysis, and evaluation of our performance against our processes. This includes ensuring our customers are satisfied at the contract level and should be aligned with our monthly, quarterly, and annual deliverables. Many times, customers are already requiring this through the delivery of weekly or monthly status reports (MSRs) or In Progress Reviews (IPRs). Lastly the section covers internal audit procedures and management review plans and minutes.
The very last section (#10), covers Improvements, nonconformity, corrective actions and commitment to continual improvements of the organization. This section of the QMS points to how your SB will conduct corrective actions and document this process and lastly implement the corrections.
As you can see, the ISO9001 QMS helps you maintain your processes from BD, through contract award, Candidate recruitment, employee onboarding, meeting customer quality and deliverables similar to a MSR or IPR, documenting issues and improvement. This is something every business should do already! Reach out on LI or respond to the newsletter email if you have any questions about implementation or need a reference for a qualified ISO 9001 Quality Manager to get you started.
Good luck! And remember: Feet and Knees together!