The ISO 9000 family of standards represents an international consensus on good quality management practices. It consists of standards and guidelines relating to quality management systems and related supporting standards.
ISO 9001:2015 is the standard that provides a set of standardized requirements for a quality management system, regardless of what the user organization does, its size, or whether it is in the private, or public sector. It is the only standard in the family against which organizations can be certified – although certification is not a compulsory requirement of the standard.
The other standards in the family cover specific aspects such as fundamentals and vocabulary, performance improvements, documentation, training, and financial and economic aspects.
AS9100 Rev D
AS9100 is the international management system standard for the Aircraft, Space and Defense (AS&D) industry. The standard provides suppliers with a comprehensive quality system for providing safe and reliable products to the aerospace industry. AS 9100 also addresses civil & military aviation requirements. ISO 9001:2015 is totally encompassed within AS9100 with these additional requirements applied specifically addressing aviation safety concerns.
ISO 13485 specifies requirements for a quality management system where an organization needs to demonstrate its ability to provide medical devices and related services that consistently meet customer requirements and regulatory requirements applicable to medical devices and related services.
For a company involved in the manufacture, sale or distribution of goods or services covered under the United States Munitions List (USML) or a component supplier to goods covered under USML, the contractual stipulation or requirement of being “ITAR (International Traffic in Arms Regulations) compliant” means that the company must be registered with the State Department’s DDTC, if required, as spelled out on DDTC’s web site Registration on US State Directorate of Defense Trade Control website and the company must understand and abide by the ITAR as it applies to their USML linked goods or services. The company themselves is certifying that they operate in accordance with the ITAR when they accept being a supplier to the USML prime exporter.
A Note on Certification:
ISO Compliance, Certification and Accreditation explained
The International Organization for Standardization (ISO) produces thousands of standards every year covering multiple topics and disciplines. A certain group of those standards known as management system standards are designed to support organizations in delivering products and services which are higher in quality, safer, more secure, more resilient, and environmentally friendly.
These standards are well known such as ISO 9001 (Quality Management), ISO 27001 (Information Security), ISO 14001 (Environmental), ISO 22301 (Business Continuity) and the soon to be launched ISO 45001 (Health and Safety).
Some organizations are required to implement these standards and some other to demonstrate their compliance to them. Within the industry there is a lot of “noise” about compliance, certification and accreditation, and the difference between these terms. So what do they actually indicate in reality?
Any organization can choose to implement a management system standard and use the standard to drive improvement and manage risk. They can choose to meet the requirements and perform internal audits as part of their overall management system. When an organization implements such standards there are no mandatory requirements (demanded by the standards themselves) to undergo an external audit. Essentially any organization can implement the standard and claim to be compliant.
Customers of such organizations may ask that their suppliers meet certain standards and in some cases suppliers may simply state that they are compliant however some customers may go one step further and ask for evidence or choose to audit their supplier. For organizations with multiple customers, this could certainly be a large burden having to handle multiple customer audits through the year. This costs time, resources, and often coinage to produce the same evidence time after time.
Certification to ISO standards for an organization is simply a way of proving that an organization does indeed comply with the relevant standard(s). It does not involve implementing extra requirements or controls, and if an organization has already become truly compliant, certification should be a simple next step.
Certification involves an audit being performed by an independent organization known as a certification body. A certification body will usually perform an audit over two stages.
Stage one is a high level review of the management system, whereas stage two is used to look at the management system in much closer details to provide evidence of compliance in various areas.
A good certification body and their auditors will approach the audit from a positive perspective, attempting to find evidence of conformity and are not in the business looking to “catch people out” or to deceive people. In the event that non-conformities are found (by failing to fulfill requirements of the standard), then agreements can be made on how this will be addressed, which in some cases may need a re-visit and in others it may be acceptable to correct the non-conformity over a longer period of time.
If an organization meets the requirements and is recommended for certification, then the certification is awarded for a period of three years. During that time, the organization must undergo annual surveillance audits. Surveillance audits are much smaller than the original audit and are designed to check whether the organization is maintaining and improving its management system.
What are the benefits of being certified?
If an organization has taken the time to become compliant then getting certified can have the following benefits:
- The organization can easily prove compliance to customers and interested parties
- The organization is independently recognized for its efforts
- The level of auditing from customers can often be significantly reduced as independent certification can increase assurance
- Many organizations are now demanding that their suppliers are certified to ISO standards