Ask & We Answer

Frequently Asked Questions

Frequently Asked Questions

We all procrastinate on things we know that needs to get done.   Many companies tend to put off getting their ISO/CMMI till the last minute not leaving enough time to properly implement the system.  Not only it may get difficult to find a good consultant at last minute but also expect to pay premium charges which can be around 1.5 – 2 times the consulting cost for expediting it later.  Additionally, it can get challenging to find a certifying body to meet your certification deadlines.

 

The regulatory bodies have started to identify that and are changing the rules slowly. For e.g.  Up until a few months ago, CMMI could be completed within a month on the expedited path but now CMMI Appraisal bodies won’t’ be able to appraise companies who are unable to show few months of implementation time.

It is recommended that for any management system to be properly implemented, you must plan a minimum of 4-6 months in advance.

 

Want to know the duration, cost, and process to get your ISO/CMMI completed? Get our no-obligation Gap Assessment Report.

 

Well, if you are well versed with the specific ISO standards, are keeping up with new versions as applicable, feel comfortable doing it yourself, it should be just fine to go for a Certification Audit when needed.  If for any reason, you feel stuck or would like to have an unbiased opinion, an internal audit conducted by a consultant can certainly help. You can  contact us when ready.

We have heard these a few times. However, it is a conflict of interest to take the consulting and certification from the same company. ANAB and SEI, regulatory bodies of ISO and CMMI respectively have started to track down such companies who are trying to follow unethical practices and have been canceling their accreditation. If you are certified by such a Certifying Body, you will lose your certification.

As an informed buyer, next time you are given such an option, you must always ask yourself, how can a company help build a quality management system and also conduct a certification audit at the same time?

 

Here are some tips on how to hire an iso consultant for your firm.

ISO or CMMI doesn’t have any tangible ROI like you usually have for Marketing or Sales. However, look at it this way, like a well-lubricated machine improves the efficiency and throughput of a machine,  a well-implemented management system improves the efficiency of business processes, reduces wastage, reduces personnel time, in short reduces your operation costs.  To learn more about the benefits of ISO, check out this article on ISO Certification Benefits.

 

With the globalization and increasing competition, many customers are now seeking suppliers/vendors who are ISO certified or CMMI appraised. For some industries, in order to do business, ISO is a mandatory requirement. It won’t be long before it will start applying to almost all industry verticals. Also, it will impact the entire supply chain at some point. If you do not have ISO or CMMI, ask yourself, what does the cost of lost opportunities look like to you?

 

Still, have questions on ISO/CMMI ROI? Talk to our experts today.

A well implemented quality management system should be able to save you maintenance time in subsequent years and it should add value to your business processes.

At the minimum, the only cost you should see after the first year, is surveillance audit cost for the next 2 year. The 3rd year is a recertification year and you should expect to go through stage 1 & 2 audits again.

If you feel that you are spending way more time and cost for the upkeep of your quality management system, it may be a good idea to speak to an expert.  We can do a Gap Analysis of your existing ISO and help you identify and correct the gaps which can make your process more efficient.  Feel free to contact us with your concerns.

With globalization, companies are constantly vetting suppliers based on number of factors, ISO certification being one of them. The reason is that customers can be working with domestic as well as global suppliers and ISO Certification can offer a sense of assurance to them.

US Federal Govt has started to mandate ISO and CMMI in many of their RFP. Many large commercial clients have also started to include in their supplier qualification. It is just a matter of time when the entire supply chain will be required to get certification in order to continue doing business with same set of customers.

A proactive approach is very much recommended if your company is actively seeking for new business and you can proudly share your ISO certificate with your prospects.  We ourselves are an ISO 9001 Certified Company.  To learn more, check out our blog on how ISO Certification wins more business.

It depends on the scope of project, number of locations, type & number of standards, resource availability, skills, etc.  But for simple one standard and one location project, it should typically take upto 6 months. To determine the time and cost for your ISO project, take opportunity of our no obligation High Level Gap Assessment.

This is the biggest myth which many companies have. For creating and implementing any quality management system, it is not required to be a Lead Auditor. A job of a Lead Auditor is to audit a functional quality management system and report the feedback to Certifying Body for certification issuance.

You may choose to take Internal Audit Training (Usually 3 day) or Lead Implementor Training (Usually 5 days) instead if you are creating, maintaining, and auditing your systems internally.  Only one employee can take certified training course and can conduct a non-certified awareness training for other employees within organization.

Alternatively, you can hire a consultant who can conduct remote or onsite group training for employees if needed.  Some Certifying Bodies try to sell their certified lead auditor training without properly educating the customers, leading to an additional spend on something that may not be required.

Next time, if Certifying Body is offering you lead auditor training, ask them how it will help add value to implementation and instead ask for an Internal Audit training.

It is a myth that ISO or CMMI is disruptive for your business. In fact, it is the other way around. Any quality management system should seamlessly fit in your existing business processes and add value to your business in the long run. A good consultant will be able to understand your existing business and should be able to implement the system without changing any processes. Start with no obligation high level gap assessment report for your business to see if we are a good fit.

In today’s day and age, with so much of technological advancement, many services can be performed and delivered remotely. We have done several remote consulting projects using Zoom, Skype for business, Phone, Email, Share Drives, etc. for seamless collaboration. Here is an article on how does remote ISO consulting work.  An internal audit can be also performed remotely with ease.

In real-world, bad experiences do happen sometimes when consultants are not a good fit for the project or organization. The experience can be painful.  But be assured that there are several great consultants out there who can be an asset to your team.  If you would like to find out if we are a good fit, please setup a discovery call with one of our experts.

In today’s gig economy, you may be able to find almost any type of skilled resource online through some kind of portals like freelance.com, fiverr.com, etc. To know if they are the right fit for your project, you must know what to look for.  Here is an article that can help to hire the right consultant.

If your company is small and doesn’t have many processes or multiple locations, hiring a Quality Manager just for the purpose of creating and maintaining a quality management system doesn’t make sense. Most Consultants should be able to help build you a robust QMS that can be easily maintained inhouse with the least time and effort. However, if you feel that you need continual help with maintenance, a consultant should be able to review your QMS once quarterly or semi-annually and keep you on track. If you have a specific need, our experts can help you find out if we are able to help.

This is true with most Small Business with lean processes. They are understaffed, working on multiple business-critical roles, don’t have a dedicated and skilled resource for ISO. For such companies, the best route to consider is investing in a consultant who can save time and cost.  If you would like to learn how we can help you with your ISO project, use our no obligation high level gap assessment report.

In today’s day and age, the requirement for ISO is growing because customers want to work with vetted and approved suppliers not only domestic but globally.  ISO, a globally recognized certification, ensures that a supplier is more qualified than others in a similar niche. Even if you let go of one customer asking for an ISO certification today, it won’t be surprising if another customer would also ask for it at some point.  Also, many companies who are trying to grow their client-base will come across ISO Certification being one of their customer RFP/RFQ.  Here is an article that can help you evaluate ISO Certification Benefits.

You don’t know what you don’t know. This is true with any industry. That is why we offer a no-obligation high level Gap Assessment and a complementary 30 mins call with our ISO Expert to answer any questions you may have about the project.

For most ISO projects, the time and cost depend on several factors like specific ISO standards, Industry vertical, number of processes, number of locations, previous ISO certifications, Skilled resources, etc. In short, the certification scope needs to be identified in order to determine the time and cost regardless of your choice to complete it in-house or take the help of a consultant.  Download the ISO Project Toolkit to get an idea on time and cost. If you still need help, feel free to speak to one of our experts and they can help you determine the scope.

You are not alone. Many companies have similar dilemma.  ISO 9001 usually applies to all industries and serves as a foundation for many advance ISO Standards. Specific ISO Standards apply to different industry verticals, product or services provided, customer requirement.  For e.g.  ISO 17025 specifically applies to Testing and Calibration Labs, ISO 13485 applies to Medical Device manufacturers and so on. Some industries will require more than one ISO standards.  If you are still not sure which ISO applies specifically to your industry, setup a discovery call with one of our experts.

Local consultants can save you the overhead cost of travel only if they need to be onsite. But did you know that, nowadays, most ISO projects can be completed remotely with aid of technology? A seasoned consultant should be able to interview you, understand your business, train your resources, and help execute ISO project remotely. We have done many of them to know of sure. Can’t wrap your mind around it? Feel free to speak to one of our experts.

Sure, that’s a great idea if you have

  1. The required Expertise and Skills
  2. Dedicated Resource to implement and maintain ISO / CMMI
  3. Time to execute the project

Download the toolkit and check if self implementation is the most cost-effective solution for you.

While considering ISO certification it is very critical to understand the various costs incurred.

These costs include:

  1. 1st Year Cost
  • Create and Charter ISO project (Quality Manager)
  • External Registrar Cost+ Logistic Cost
  • Consultant Support( if external consultant used)

 

  1. 2nd Year Cost
  • Surveillance Audit and Logistics cost.
  • Soft Cost associated with Internal Audit, Reporting and Maintenance of the QMS

 

  1. Recertification cost( every 3 years)

External Audit and Logistics cost

Certification timelines depend on multiple factors:

  • Scope and Complexity
  • Number of Locations
  • Number of employees
  • Resource allocation

Timeline for certification ranges from 6-8 months depending on the factors above. Additionally, if the core process  & standard operating procedures are defined, that makes the process go faster and the timeline of implementation is shorter. For a small size, organization certification can be achieved in 6 months. During the external audit,  it will be very important that every process owner is able to demonstrate competence and awareness of their processes. Auditor will want to see a system that has been implemented for at least 3-4 months.

 

ISO 13485 is a Quality Management System for Medical devices applicable to the entire lifecycle for product and service. The processes involved from maintenance, post-manufacturing processes like packaging, shipping, and distribution are required to be compliant to the ISO standard. This in light of ensuring the accurate and quality performance of the product at the point of use. Hence all the support processes have to be certified to the standard.

Stage 1:  Discovery

  • GAP Analysis to identify the gaps as compared to standard requirements
  • Awareness Training

 

Stage 2: Documentation & Implementation

  • Documentation

Documenting  Management System procedures, WI-based on document structure most suitable and value adds to the Organization.

  • Implementation

Once documents are drafted, reviewed, and approved, process owners, will implement the documented processes. Management involvement for in-depth product /service-related risk assessment and management of DMR, DHF, and Medical Device Reporting process.

 

Stage 3: Audit (Internal and External)

  • Internal Audit of the implemented QMS and Management Review is a mandatory requirement. Internal Audit program with Internal Audit schedule and plan is required. Internal audit needs to be conducted by Trained Internal Auditors/External Contracted Auditors
  • After Internal Audit, External Audit can be scheduled and conducted.

This entire process can take up to 6-8 months depending on the number of locations, employees, scope, number of processes, and resource commitment by organization.

 

ISO 9001 and ISO 13485 high-level structure are different but there is a good overlap on individual clauses.

The mandatory compliance requirements around the Documented Information, Internal Audit, Nonconformance, Corrective Actions, Management Review, Risk Management are the same for both standards.

ISO 13485 focuses on the specific Medical Device product/service which is identified per the scope. Additionally, Regulatory requirements, health and safety, device master records, and device history files need to be defined and addressed.

So short answer is, if you have a strong ISO 9001 framework, you are halfway there in meeting the ISO 13485 requirements.

Please contact us at contact@sync-resource.com for PPT for ISO 9001 VS ISO 13485

Yes, certification is not tied to the duration of Organizations’ existence. Any organization having defined processes, meeting the compliance requirements of ISO 27001, and adequate resources ( personnel & finance) for implementation can achieve certification.

ISMS Scope is defined based on the physical and logical boundary of the organization pursuing certification. The information system that organizations consider critical and want to secure is defined with the scope. Any interrelating process is part of the scope.

Example Human Resource is responsible for maintaining the training records of all individuals hired for the personnel and confidential personnel information.

The HR department will be within the scope of the Audit. Based on the scope, the Statement of Applicability and Controls checklist needs to be documented and implemented. 3rd party audit will certify to the said scope.

ISO standard can be purchased from ANSI stores, ISO website, and authorized vendors only. Printed/electronic copies are managed per the  Terms and Agreement as well as IEC and ISO copyright requirements.

https://webstore.ansi.org/standards/iso/isoiec2700127002security

https://www.iso.org/standard/54534.html

The database/list can exist based on the country and its regulations. In the USA there is no such list, but all certificates are issued by Accredited Registrars.

ISO 27001 is a Management system for Information Security. Keeping information secure is not the task of IT department but of each individual of the Organization. Becoming more aware of existing threats will help the organization to manage the risks and place effective controls. That is the true benefit of the ISMS certification.

Stage 1:  Discovery

  • GAP Analysis to identify the gaps as compared to standard requirements
  • Awareness Training

Stage 2: Documentation & Implementation

  • Documentation

Documenting  Management System procedures and WI based on document structure most suitable and value add to the Organization.

  • Implementation

Once documents are drafted, reviewed, and approved, process owners, will implement the documented processes.

Stage 3: Audit (Internal and External)

  • Internal Audit of the implemented ISMS and Management Review is a mandatory requirement. Internal Audit program with Internal Audit schedule and plan is required. Internal audit needs to be conducted by Trained Internal Auditors or External Contracted Auditors.
  • After Internal Audit, External Audit can be scheduled and conducted.

This entire process can take up to 6-8 months depending on the number of locations, employees, scope, number of processes, and resource commitment by organization.

 

The various cost incurred in the process of securing ISO certification are distributed over a 3-year cycle:

  1. 1st Year Cost

  • Create and Charter ISO project (Quality Manager)
  • External Registrar Cost+ Logistic Cost
  • Consultant Support( if external consultant used)

 

  1. 2nd Year Cost

  • Surveillance Audit and Logistics cost.
  • Soft Cost associated with Internal Audit, Reporting and Maintenance of the QMS

 

  1. Recertification cost( every 3 years)

External Audit and Logistics cost

Impartiality, as defined in section 3 of the standard, is freedom from bias, prejudice, fairness. Confidentiality in regard to conflict of interest and resolution of issues to prevent their impact on the quality of results reported. Many Laboratories are part of a bigger organization and have shared resources or have internal customers(Sales, Product Launch Managers, Marketing, Production).

These benefits can present challenges like undue pressure to report specific values, perform test/ calibration to meet the organizational targets and so on.

This undermines Laboratories’ competence and credibility. Hence at the Laboratory level implementing safeguards and protocols /rules to ensure that personnel is able to perform their work and report information accurately, without repercussions.

While considering ISO certification it is very critical to understand the various costs incurred.

These costs include:

  1. 1st Year Cost
  • Create and Charter ISO project (Quality Manager)
  • External Registrar Cost+ Logistic Cost
  • Proficiency Testing & Measurement Uncertainty Calculations
  • Consultant Support( if external consultant used)

 

  1. 2nd Year Cost
  • Surveillance Audit and Logistics cost.
  • Soft Cost associated with Internal Audit, Reporting and Maintenance of the QMS

 

  1. Recertification cost( every 2 years): External Audit and Logistics cost

 

The benefit of ISO 17025 Accreditation is not limited to:

  1. Establish confidence in management and customers on your test /calibration results as well as test /calibration reports and increase customer trust as well.
  2. It will give a better image of the company as a Quality producer in the Global Market.
  3. Provide hot tips on the analysis of data as well as to measurement the uncertainty and integrity of data and records.
  4. Provide guidelines and better control for maintenance of Instruments, environment control, protection of test records, etc.

The principles of good laboratory practice should be applied to all type of test /calibration laboratory whether private or in- house and in any manufacturing unit for testing/calibration:

  1. To establish quality in testing/calibration and reliability
  2. To prevent risk
  3. To detect deviations
  4. To correct errors
  5. To improve efficiency
  1. ISO 17025 governs the quality of results provided by test/calibration, ISO 9001:2015 does not govern the quality of the product but the process.
  2. ISO 17025 emphasis on the technical requirement of the Lab, ISO 9001 does include the technical requirement of the organization.
  3. ISO 17025 is accreditation, ISO 9001 is certification.
  4. ISO 9001 is the ability to demonstrate the ability of an organization to provide products or services to meet customer requirements. ISO 17025 is a demonstration of competency in performing the test/calibration per the scope.
  5. ISO 17025 is for developing the quality of the Laboratory, administration, and technical system that governs the operation of testing or calibration lab.
  6. ISO 17025 does not directly provide continuous improvement, ISO 9001 provides the foundation for continuous improvement.

ISO/IEC17025:2017 specifies the general requirements for the competence to carry out the tests and/or calibrations and sampling for a Test/Calibration Laboratory. It covers testing and calibration performed using standard methods, non-standard methods, Laboratory defined methods.

Usually, the head of each department will get involved during the interview and implementation stage. They can choose to do their part of the process or delegate it to a member of their team. However, each department head will only be occupied only during their phase of work and should not take more than 40 hours spread during the entire process.

Identify and assign a designated management representative (MR) in your team to coordinate with SME during the entire process and provide necessary information that SME requires to complete their task. Based on the Gap analysis, a timeline roadmap needs to be created with the end goal of the certification audit. This helps to maintain the appropriate timeframe as defined in the RoadMap.

Customer requirements forms the input for any Product/Service Realization lifecycle. The review of requirements for accuracy, feasibility, risk, capacity needs to be performed and customer feedback solicited and evaluated.

IATF focuses on monitoring the defects rates, reject cost, warranty performance to ensure the feedback loop is converted to feedforward, and improvements are implemented on a consistent basis. The annual review is no longer sufficient for review and management system optimization.

A most important reason to get any certification is always for Business growth, Customer Requirement, Entry into Newmarket, build confidence, and consistent product/process/service delivery to the customer.

The automotive industry update requires all the vendors/suppliers in the Supply chain of OEM( Ford, GM, Toyota) to have a Quality Management system with a commitment of compliance to IATF.

Stage 1:  Discovery

  • GAP Analysis to identify the gaps as compared to standard requirements
  • Awareness Training

 

Stage 2: Documentation & Implementation

  • Documentation

Documenting  Management System procedures and WI based on document structure most suitable and value add to the Organization.

 

  • Implementation

Once documents are drafted, reviewed, and approved, process owners, will implement the documented processes.

 

Stage 3: Audit (Internal and External)

  • Internal Audit of the implemented QMS and Management Review is a mandatory requirement. Internal Audit program with Internal Audit schedule and plan is required. Internal audit needs to be conducted by Trained Internal Auditors or External Contracted Auditors. List of 1st and 2nd party auditors is necessary, who have the necessary competency and experience.
  • After Internal Audit, External Audit can be scheduled and conducted.

 

This entire process can take up to 6-8 months depending on the number of locations, employees, scope, the number of processes, and resource commitment by organization.

ISO 16949 is a Quality Management System for the Automotive industry to ensure quality of products/services throughout the supply chain. The latest version available is ISO 16949:2016. The baseline structure for ISO 16949/IATF is ISO 9001:2015 and all requirements for IATF are supplementary to existing ISO 9001.

Certification can be achieved by utilizing internal resources.  The best way is to have a person or team with ISO implementer training/previous relevant experience to charter the project.

While considering ISO certification it is very critical to understand the various costs incurred.

These include the cost for the first year :

  • Create and Charter ISO project (Quality Manager)
  • External Registrar Cost+ Logistic Cost
  • Consultant Support (if external consultant used)

     2nd-year cost: Surveillance Audit and Logistics cost

Soft Cost associated with Internal Audit, Reporting and Maintenance of the QMS

Recertification cost: External Audit and Logistics cost

ISO standard can be purchased from ANSI stores, ISO website, and authorized vendors only. Printed/electronic copies are managed per the  Terms and Agreement as well as IEC and ISO copyright requirements.

If you are limited in internal resources or have time constraints or not familiar with ISO standard it is best to engage a consultant. Once the need for ISO certification is defined, it’s the right time to start identifying consultants. It is important to know that the consultant may not be local.

It will be critical to check if the consultant has relevant experience in a similar industry and can provide a customized solutions based on your unique requirements. Apart from mandatory requirements, the QMS for a Medium size company vs CNC Machine shop will be tailored to each organization requirement.

Please review the details for ISO Guideline for  Management Consultancy ( ISO 20700).

Stage 1:  Discovery

  • GAP Analysis to identify the gaps as compared to standard requirements
  • Awareness Training

 

Stage 2: Documentation & Implementation

  • Documentation

Documenting  Management System procedures, WI-based on document structure most suitable and value adds to the Organization.

  • Implementation

Once documents are drafted, reviewed, and approved, process owners, will implement the documented processes.

 

Stage 3: Audit (Internal and External)

  • Internal Audit of the implemented QMS and Management Review is a mandatory requirement. Internal Audit program with Internal Audit schedule and plan is required. Internal audit needs to be conducted by Trained Internal Auditors/External Contracted Auditors
  • After Internal Audit, External Audit can be scheduled and conducted.

 

This entire process can take up to 6-8 months depending on the number of locations, employees, scope, a number of processes, and resource commitment by organization.

After the initial certification award, regular surveillance audits are required and mandatory. Every 3 years recertification audits are conducted. The validity of the certificate is for 3 years based on the above-defined cycle. If any organization fails to comply with 3rd party registration requirements/certification body Audit program, there can be repercussions.

ISO, International Organization for Standardization released the framework for the Quality Management system that can be used by masses as ISO 9001:1987. ISO 9001 is applicable to various industries for product, service and processes. Since then every 7-8 years this standard is updated, and the current updated version is 2015 which was released on year 2015.ISO 9000 is a family of standards, of which only ISO 9001 is a certifiable standard.

When a company claims that it is ISO certified it means that all the process standards are met and an independent Registrar has audited the Management System and certified that the entire standard are followed and company meets them.
Compliance means that company meets the ISO standards but has not be certified by Registrar.

Yes, our quotes are free and no obligation.

Gone are the days where the mythical figure was its going to be in range of 50,000 and its upkeep is 25,000 per year. The time and cost will be determined considering factors such size of company, pre-assessment and GAP analysis, various locations, complexity of manufacturing facilities and number of employees.

Yes, we will be present during the external audit and as per our service model is we will also provide a complimentary free internal audit visit after certification. If you want to retain our services we will be able to plan and schedule to do periodical audits and all the non conformance will be addressed promptly.

No extra charge. All the related concerns and queries will be covered under the pre-decided fee.

You can find more information about ISO on our Blog.

WAIT!
Don't forget  your Free ISO Certification / CMMI Appraisal Cheat Sheet

Management Standard(s)*
We're committed to your privacy. Sync Resource uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy
close-link
This website uses cookies to improve your experience. If you’d like to find out more about the cookies we use or to opt-out, please see our Privacy Policy. Agree