The DO's and DON'Ts of ISO 9000 implementation

“Management is about arranging and telling. Leadership is about nurturing and enhancing.”

Thomas J. Peters (American Author and consultant, birth 1942, books: Re-Imagine) 

DO's

• Document your way of doing business.
  
• Keep the documentation simple.
  
• Document the flexibility you need in your procedures.
  
• Use this opportunity as a stepping stone to get better efficiency in your operations.
  
• Choose a Management Representative that is part of the management team and well liked and respected within the organization.
  
• Choose a Management representative who has leadership capabilities.
  
• Provide ISO training to the manager level individuals even if you are going to use an external consultant.
  
• Provide Quality Auditor training to the Management Representative and some other key members of the organization.
  
• Select a consultant on the basis of how well his style will fit your company culture, as well as his success rate in helping companies achieve certification. An inappropriate consultant can do a lot of damage. Check the references!
  
• Make sure you use consultants with practical business experience in your field.
  
• Beware of consultants that quote you a fixed cost without conducting a thorough audit of your operation. They are low-balling to get the job. Once they get it and they do get a feel of the amount of work, they will either start cutting corners to save time, which will put you at risk, or find a way to abort the implementation process in midstream after having pocketed a chunk of money.
  
• Ask for detailed quotes from registrars that cover beyond 3-year period, which include the yearly or half yearly Surveillance Audits. Note that some certification bodies quote you for six years and give certification without renewal date or expiry date.
  
• Lock in a registration audit date right away, so that all your organization has a clear target and stays focused. Secondly certification bodies are too busy now a days and getting a suitable date might be a problem.
  
• Choose and treat your Registrar like a long-term partner.
  
• Use a Registrar's Preliminary Assessment as an improvement tool, as well as to maintain momentum for the implementation.
  
• If you feel confident that you are ready without having to go through a preliminary assessment, call for a certification audit.

DONT's

• Start implementation before an experienced person or a professional conducts a gap analysis to determine exactly what needs to be done. You may go off-track and waste precious time and resources implementing unnecessary items, and missing some crucial tasks.
  
• Implement documented quality management system just to get a certificate.
  
• Over-document procedures: the more you say the more you commit to.
  
• Sacrifice the operational flexibility you need for your business.
  
• Use an expensive consulting firm as a guarantee of better results: they usually have large corporation background, and may impose inapplicable requirements to your businesses, or may send their trainees to work on your account.
  
• Document artificial or hypothetical ways of doing business to please the auditors (from certification body).
  
• Not commit to a target date for certification audit until you assess implementation progress.
  
• Think that the auditor is here to fail you and worse to think that the auditor is here to give you certificate, no matter what you do.
  
• Use an obscure certification body who may almost give you a certificate for the right price… Their ISO certificates are worthless in the eyes of the business community.
  
• Think that a good auditor is necessarily good at implementation.
  
• Have a Preliminary Assessment conducted by the certification body, even before you have documented your quality system.
  
• Implement Statistical Process Control Techniques even if it does not make sense for your process.