Advantages of Outsourcing your ISO implementation Project

Do you have customers requiring ISO certification and don’t know where to begin?

ISO 9001 and other ISO standards are based on certain requirements. These requirements vary depending on the standard. An organization seeking certification is responsible for establishing, documenting, implementing, and once certified, maintaining the ISO system.

Can an organization’s personnel implement the requirements on their own?

Of course they can! If the organization can expend the time and energy of one of the managers to attend a couple of weeks of training and dedicate a good part of the next several months to documenting and implementing the requirements, then yes. Once the requirements are learned, the challenge can be applying these requirements in their respective operation.

Then Why Engage a Certification Consultant?

Time and money. While there is a cost in hiring a consultant, there is also a cost for a company to utilize internal resources.

The fundamental advantage is that a good consultant will provide common sense explanations in understanding ISO 9001. The standard is full of vague requirements leaving individuals new to ISO with a sense of frustration trying to nail down, “what does this mean?”

Aside from this, a good consultant can help with proven methodologies and supply you with sample forms, etc. Many companies feel that they need to invest in software or otherwise incur other expenses to implement an ISO system. This is not the case.

A good consultant will develop level one and two documents for you and will include the interaction of processes. Your documentation should reflect what your company does. It should also meet the requirements of the standard, leaving you with a manageable system. This is one of the biggest pitfalls…companies choosing to tackle this on their own often over document creating more work for themselves down the road in doc modification.

Consultants can also help with quality objectives, management review, internal audits and corrective action.

Conclusion

Overall, hiring an ISO expert will expedite your ability to achieve certification more quickly, which will in turn, keep your customers happy.

Holiday Greetings from Perry Johnson Consulting, Inc.

We at Perry Johnson Consulting (PJC) want to take a moment to express our heartfelt gratitude to you – our clients, partners, and supporters. Your trust and collaboration have been instrumental to our success this year, and we are truly honored to have been part of your journey.

The holiday season is a time for reflection and celebration, a moment to pause and cherish the company of friends and family. With this in mind, our offices will be closed on December 25th and January 1st, to give our hardworking team the opportunity to enjoy this time with their loved ones.

As we prepare to welcome 2025, we are filled with excitement for the opportunities and growth it will bring. We look forward to continuing to serve you with the same dedication and excellence you’ve come to expect.

From all of us at Perry Johnson Consulting, we wish you a joyful holiday season and a new year filled with health, happiness, and success.

Warmest regards,
The Perry Johnson Consulting Team

Preparing for Certification Audits: Common Pitfalls to Avoid

I recently had a conversation with Jason Leighton, Certified Lead Auditor at Perry Johnson Consulting. Jason’s 20+ years’ experience in the ISO Industry includes implementation of quality management systems in hundreds of organizations. He has also conducted certification audits on behalf of a registrar.

We discussed some of the common nonconformances found during certification audits, primarily with companies that implemented the requirements without outside assistance from a technical expert.

Per Jason, the three common issues found during certification audits are:
1. Issues with documentation
2. Lack of Employee Training and awareness of the quality management system
3. Addressing nonconformances through corrective action

Documentation Issues – Organizations struggle to understand the breadth and depth of the documentation needed for a quality management system. Some organizations fail to meet the minimum documentation requirements while others over document their system. Each presents itself with problems that are difficult to overcome. Engaging an expert to prepare your quality and procedures manual so that it meets the criteria of the standard but is easy to maintain will alleviate problems both in document control and in certification audits. A good consultant will also guide the company in the records the company must maintain and should be able to provide you with sample forms etc.

Lack of Training – Often employees don’t have an understanding of the ISO requirements, and this makes it difficult for them to respond to the auditor. Training employees is critical. An implementation firm that offers hands on training and classroom training is what is recommended. Independent consultants will not likely offer course training with student materials etc. Also, it is important to note that webinars are useful but do not take the place of a training course on the topic as they are usually very short in duration.

Addressing Nonconformances – Organizations struggle with effective root cause analysis and systemic corrective actions. Root cause analysis training should be part of the implementation plan.

Jason goes on to say that any failure to meet a requirement leads to a nonconformity thus delaying certification. If there are findings/nonconformances found during the certification audit, the organization must re-evaluate their system to determine where the systemic failure has occurred and make changes to prevent its recurrence. In addition to delaying certification for a few months, the company may have to spend additional funds if a second visit is required by the registrar auditor.

The Bottom Line – It’s true, hiring a certification consultant does cost money. Second guessing in how to appropriately respond to ISO requirements can cost a company much more in time/money. The number one cost to a company is their staff, ask any controller. Be prudent and engage an experienced certification consulting firm such as Perry Johnson Consulting. Your road to certification will be shortened, cost you less and the quality management system will be easier to maintain.

Contact us at [email protected] to see how we can help.

---

Information/Data Security

Did you Know?

Organizations spend resources on Antivirus Software, Intrusion Detection and Prevention Systems, and set up Firewalls.

Despite our attempts, data breaches continue to cost companies millions of dollars.

Why?

Depending on the study/research*, it is said that as much as 95% of data breaches are caused by HUMAN ERROR… 19 out of 20 breaches. This information is both astounding and terrifying.

Human error can be attributed to misconfigured security settings, or accidentally sharing information that is sensitive. It can be as simple as an employee clicking on a link that could expose the organization’s data to cyber criminals. These cyber criminals then hold this crucial information for ransom. Trillions of dollars are spent on cyber-attacks… a staggering number that is on the rise.

What’s The Solution?

If 95% percent of the breaches are caused by human error, it is crucial that companies implement an ISO 27001 management system that can greatly reduce the chances of a cyber-attack.

Certification to ISO 27001 is crucial, as organizations realize that managing their data is equally as important as the software or systems they employ.

To become certified, an organization must implement the requirements and employ an accredited third party that, through an audit, will certify their Information Security Management System (ISMS).

By contracting with a reputable ISO consulting firm, the management system can be implemented in months.

Conclusion

The benefit of certification is obvious. Savvy organizations and business owners realize that this layer of protection is essential.

For more information, a complimentary executive overview can be found on our website www.pjcinc.com along with upcoming ISO 27001 training course dates.

*IBM Study-2021

Author: Carrie Hayden – Vice President

---

Can a Consultant be Available During a QMS* Registration Audit?

This is a question that has been asked of me many times. While a registrar may allow the consultant to be present during management system audits, a representative of the organization must respond to the auditor and present evidence.

Clause 4. Puts the responsibility of establishing, documenting, implementing and maintaining a quality management system on the company (not the consultant).

If the consultant also performs internal audits for the organization and manages the corrective action, they could be the right individual to respond to questions about those processes. The idea of the consultant answering all of the questions about all processes would be unlikely.

Be mindful that a consultant can be present but must not be disruptive and cannot attempt to control the audit.

In as much as it limits the role a consultant may play in an audit, the benefit of having a consultant available can be to assist on your reaction to a nonconformance, perform root cause analysis, and determine corrective action during the audit.

*The exception to the above is IATF 16949 (automotive audits) where it is not permitted for a consultant to partake in an audit.

Author: Carrie Hayden – Vice President

---

Benefits of ISO 9001 Certification

What is the benefit of ISO 9001? That’s the question asked by many companies that are on the fence as to whether, or not they will gain anything from it. Over the years I have gone back to clients we have prepared for certification and asked what their biggest benefits have been from becoming certified, and below are a few of the most common answers.

Increased Business

There are many companies that will only buy from suppliers that are ISO 9001 certified. This is a big untapped market for companies that have never been certified before. Once you’re certified, placing the ISO 9001 Certified logo on your website, brochures, and social media sites is a good place to start and don’t forget to educate your sales team on the benefits. Review previously lost prospects due to not being certified and reach back out to them now that you are. These are all good ways to increase your business with ISO 9001.

Improved Productivity and Employee Satisfaction

When adding ISO 9001 properly, one of the first things that happen is an increase in morale. Giving employees a voice in the quality process, gives them ownership in the system and individual accountability moving forward. Employees working in the process have firsthand knowledge of what their unnecessary procedures are. By documenting these procedures and having discussions with management on where these unnecessary steps can be eliminated, it increases productivity and improves employee satisfaction.

Continuous Improvement

ISO 9001 standard requires the organization to continually improve the suitability, adequacy and effectiveness of the QMS (quality management system). ISO 9001 also requires management reviews. These reviews need to include decisions and actions related to opportunities for improvement including changes to the QMS, and any resources needed to accomplish the improvements. You can only consistently improve if you are always looking for ways to do so.

Enhanced Customer Satisfaction

By monitoring the expectations of the customer, and their perception of how well the company has achieved them, it allows the company to identify additional areas for improvement. This increases customer satisfaction over time.

Conclusion

ISO 9001 can enhance your business operation in several ways by making it more efficient, allowing you to streamline your processes, open a new marketable customer base, reduce overall costs, enhance employee/management engagement and improve customer relations. Contact Perry Johnson Consulting at [email protected] for easy set up and implementation of ISO 9001.

Author: Ralph Black – Business Development Manager

---

Understanding ISO 9001

Today’s marketplace is very competitive for all companies. Whether you are in the Manufacturing world or in the Service industry you always have the need to find ways to stand out amongst your competitors. One of the best ways to stand out is to have a Quality Management System that is recognized worldwide – ISO 9001. Having ISO 9001 certification demonstrates your company’s commitment to Quality and gives your customers the confidence that you can meet their requirements. Companies implement and get certified to ISO 9001 for 3 reasons:

1. They have a customer requiring certification in order to conduct business
2. They want to use it as a marketing tool to earn more business in their current industry or a new industry
3. They want a system that will help them improve quality and produce more and waste less

What is ISO 9001?

ISO 9001 is a Quality Management System standard that was first introduced in 1987. It was often described as “Say what you do, do what you say, and prove it.” Companies would need to document their processes, make sure their employees followed this documentation, and keep records to prove the system was followed, giving them a consistent process. The initial problem with this was that a company could have a consistent process but produce bad products or services and end up with dissatisfied customers.

ISO 9001 has been reviewed regularly and improved over the years. The current version is ISO 9001:2015. The main premise is still “Say what you do, do what you say and prove it,” however, requirements for Leadership (management involvement) continuous improvement, interaction of processes (the communication between each step within your process), and proving customer satisfaction have been added to make this a win – win standard for you and your customers.

Certification

Once your system is in place, a full system internal audit must take place prior to having a 3rd party certified body called a Registrar audit your system. The auditing process has changed over the years as well. It started out as a one stage audit, but they saw the need to ensure better customer readiness. Today the audit is conducted in two stages. Stage I will mainly consist of a documentation readiness review. Stage II, using the process approach, the auditor will confirm:

• Is the documented system consistent with the standard? (Do you say what you do?)
• Are activities consistent with the documented system? (Do you do what you say you do?)
• Do the documented systems and activities help the auditee meet its goal and objectives? (especially quality objectives)
• Most importantly, does the auditee consistently provide products or services that meet their customer or regulatory requirements?

Conclusion

If you are looking to improve your operation, meet your customers’ requirements, add more customers in a new industry, or want to solve quality issues more efficiently, then ISO 9001 is a great place to start. At Perry Johnson Consulting, Inc., we have helped thousands of companies reach their ISO 9001 goals and objectives over the past 30 years. Contact us at [email protected] to see how we can help.

Author: Ralph Black – Business Development Manager

---