1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice
You must be a registered member in order to post messages and view/download attached files in this forum.
Click here to register.

Small Service Company - Seeking certification solo

Discussion in 'ISO 9001:2015 - Quality Management Systems' started by Kelly Doonan, Apr 11, 2024.

  1. Kelly Doonan

    Kelly Doonan New Member

    Joined:
    Apr 10, 2024
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Good Afternoon,

    I work for a small IT consulting company that provides staffing services to the DoD. Having certification would help us win business but the cost of hiring a consultant is cost-prohibitive for us. Many years back, I was a Six Sigma Black Belt, so I thought about doing the initial leg work on my own. Has anyone been down this road with good success? I've ordered some recommended reading but thought I'd seek out advice.

    Thanks!
     
  2. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,285
    Likes Received:
    2,631
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Kelly! Welcome!

    Let's give you some things to consider:
    Why do you say this?
    What about Six Sigma is common with a quality management system?
    Which road? Doing it alone? Becoming ISO 9001 certified?
    There are 1,001 books out there, including mine - about the myths people put in their books about ISO 9001. Many of them are based on single digit experiences or what they did to pass an audit. NOT the same thing. Beware. Some people only know how to pass audits, because that was their goal.
     
  3. Kelly Doonan

    Kelly Doonan New Member

    Joined:
    Apr 10, 2024
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Hi Andy, We are a very small company that suffered a major loss in the fall so we're not in a position to have a big expense right now. I was quoted 20K at a previous company (same size/competitor) for the setup, not including the certification. The Six Sigma relevance is that my general thought process focuses on quality improvement and processes. I wonder if anyone else has become certified without a consultant. Did they do it without or with using a DIY toolkit? I expect we'll have to pay someone to certify us, correct? I appreciate your patience while I try to figure this one out. Kelly
     
  4. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,285
    Likes Received:
    2,631
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    That's a bit like saying "how long is a piece of string..." For a small company, based on my 30+ years of doing this, they were ripped off. Buying a "kit" is another way to be ripped off. You'll get a cheap up front cost, become certified and then pay on the back end because someone sold you a cute little critter, which turned out to be a a freakin' monster... #AskMeHowIKnow.

    Of course you'd have to pay to be certified. I can tell you approximately how much that will cost:

    • Go to www.iaf.nu and look for mandatory docs, MD-5 here: https://iaf.nu/iaf_system/uploads/documents/IAF_MD5_Issue_4_Version_3_14062023.pdf
    • Find page 21.
    • Look for your company's "effective number of personnel" and read across to the Audit time.
    • Stage 1 Audit is 1 day (typically), so the remainder is for the Stage 2 Audit days #AskMeHowIKnow
    • Figure an approximate audit day cost of $1350-$1550 depending on the Certification Body you choose (and you'll need help with that from a consultant who knows them, not one being paid for CB referrals or "guaranteeing" certification) #AskMeHowIKnow
    • Add in travel and accommodation, plus meals. If you are in a reasonable town/city size and not Alaska etc, this might come in under $1K
    • Add fees, many different fees. Some obvious, some not so obvious #AskmehowIknow
    • Do you know what to look for in selecting a Certification Body? Did you know you can request a specific auditor, ask to see resumes, interview them? #AskMeHowIKnow
    I just saved you as much as $10K - and you can't afford a consultant? You can't afford a bad consultant...

    Please, feel free to message me if you'd like more details and some free guidance in addition to the above.

    Or, try it yourself based on someone here who has done it once or twice. Or someone, like me, who knows where the $$$ traps are...
     
  5. Golfman25

    Golfman25 Well-Known Member

    Joined:
    Nov 6, 2015
    Messages:
    832
    Likes Received:
    409
    Trophy Points:
    62
    Look around at the trade groups and/or colleges in you area that set up a group model. Basically 5-6 similarly situated companies share a consultant. When we did ours, we covered one section every few weeks. Met as a group to learn the requirements, got some examples, and then went back to our companies and drafted our documents. At the next meeting we where able to discuss our results, bounce ideas off of each other, make revisions, etc. It worked well and was very cost effective.
     
  6. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,285
    Likes Received:
    2,631
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Kelly - it occurs to me that the vast amount of books written are about product quality organizations, not services such as yours. Hence, you can get a skewed understanding - and this is why a live person to help is beneficial. Also, unlike others your IT business is rare as a candidate for help from places such as community colleges and so on. You really should seek out some specialist. Also, be aware that if you seek the services of someone in the IT industry, they are most likely to understand ISO/IEC 27001 (InfoSec) or even ISO 20000 (IT Services). I've found these folks make the same types of errors that the ISO 9001 community made in the early days (and are still making them). With 35+ years in the QMS implementation and Certification industries, I can vouch for the fact that it's a mine field out there.
     
    Last edited: Oct 23, 2024
  7. S1D3K1CK

    S1D3K1CK Active Member

    Joined:
    Nov 5, 2018
    Messages:
    82
    Likes Received:
    29
    Trophy Points:
    17
    Location:
    The Central Valley
    What are the differences in cost and benefits from ISO 27001 and TISAX L3? We are in the early stages of investigating these but thought asking here could help!
     
  8. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,285
    Likes Received:
    2,631
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    The availability of resources who know TISAX is a severe limitation (as well as other aspects). I’d go for ISO 27001 as a means to meet TISAX requirements. Much easier!
     
  9. Miner

    Miner Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    628
    Likes Received:
    544
    Trophy Points:
    92
    Location:
    Greater Milwaukee USA
    Do you supply German car manufacturers? If not, why add in the extra requirements? If you do, you may not have a choice.

    upload_2024-10-24_7-12-50.png
     
    S1D3K1CK and Andy Nichols like this.
  10. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,285
    Likes Received:
    2,631
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    It occurs to me to add that this is an information security requirement - not only cyber security. When implementing either TISAX nor ISO 27001, (depending on scope and the statement of applicability) it's (potentially) many/all forms of information which falls under the management system.
     
    S1D3K1CK likes this.