Implementation of ISO 9001

The ISO/IEC 9001 standard is the international standard for quality management. The ISO 9001 standard focuses on two key aspects: meeting customer requirements and increasing customer satisfaction. To achieve this, the ISO 9001 standard outlines specific aspects that are elaborated into requirements.

Phase 1

An ISO 9001 implementation begins in the first phase with determining the scope. This scope encompasses the quality management system aimed at meeting customer requirements and improving customer satisfaction.

Deliverable: ISO 9001 scope

Phase 2

In the second phase, the organization must establish a general quality management policy. The general section describes, at a minimum, the characteristics of the organization, the characteristics of the organization’s services and/or products, the inputs and expected outputs, as well as the necessary resources for processes – responsibilities and authorities.

Regarding the policy, the following is included:

  1. A description of the risk framework. Different risk frameworks can be chosen, such as COSO 2013 or ISO 31000. The risk framework should be described from the perspective of quality control.
  2. How the organization deals with any laws, regulations, requirements, and guidelines that the organization itself imposes on quality.
  3. The policy must demonstrably align with the current risk management framework that has been implemented (alignment with COSO 2013). It should also include how the organization approaches the implementation and control of the quality management system and the methods and controls needed to ensure that procedures are carried out effectively.
  4. Which processes have been determined for the evaluation and improvement of the quality management system.
  5. The organization’s management or directors must approve the policy.

Deliverable: Policy document

Phase 3

In Phase three, a risk analysis is performed in the area of quality management. Based on the risks identified in Phase three, processes and procedures are described. Subsequently, the procedures and processes are implemented within the organization, and finally, the quality management manual is prepared and made available to all employees of the organization.

Deliverable: Risk analysis & quality management manual

Phase 4

After the manual has been described, a pre-audit or walkthrough is conducted in the fourth phase, during which all control measures and ISO 9001 procedures are tested, and potential problem areas are identified for the final audit.

Phase 5

In the fifth phase, improvements to control measures and the quality management system are implemented based on the pre-audit findings, and solutions are realized for the identified problem areas.

Phase 6

In the sixth and final phase, the ISO 9001 audit is conducted by a certifying body, and the ISO 9001 certificate is obtained.

Share this blog

July 16, 2024

Detecting and bypassing anti-Adversary-in-the-Middle (AitM) tokens Within the Advanced Red...

    July 15, 2024

    What is XXE (XML eXternal Entity) injection? A lot of...

      July 5, 2024

      Is the local administrator’s password reused in your environment? The...