What we Learned by getting ISO 9001 Certified

Written by: Linus Åkerlund, Head of Competence Areas at Bontouch

Processes are great when they help you, but they don’t have intrinsic value and can never be set in stone. Historically, as an organization that has always done its best to stay lean, we haven’t been very interested in certificates and standardization. So why did we get ISO 9001 certified?

How and why did we do it?

We started investigating ISO 9001 certification in the late autumn of last year because certification does show up as a requirement in tenders now and then. The question we asked was, is this something that we could do? Could we do it without any adverse effects on how we work? Could we do it without getting tangled up in a mess of rigid processes that the standard mandates?

To get some first answers to these questions, we asked a specialist consultancy for input. They performed a GAP analysis, and we concluded that this was indeed doable and that we should be able to do it mostly by documenting what we do and how we do it. Then, we got the external auditor in for an initial visit. They had pretty much the same attitude: it’ll be a lot of work, but we had a lot of good things in place already.

So we got to work on building a Quality Management System, which is documentation on what we do to maintain and improve quality in our work. We also did what you have to do to get certified: internal audits, staff education, and management review. We documented our existing processes, tweaking a thing or two here and there. We learned a lot about a world that was new to us. And we still weren’t quite sure what an audit would be like.

So the auditors showed up, did a lot of interviews, liked what they saw, and we got certified. Sure, we did get a few non-conformances and observations, but not more than we’d expected. We took a few moments to breathe (and celebrate) and started looking into improvements.

What are the benefits?

Now that we have a Quality Management System and are certified, how does that help us?

The documentation is helpful.

The thing that we might not have foreseen is that the documentation that makes up the Quality Management System is actually useful. It’s helpful in onboarding because it gives an overview of how we work. It’s valuable in how we have to explain to ourselves how we do things and why we do them. Explaining something explicitly always makes things more clear.

It keeps things structured.

We get even more benefits from actually complying with what the ISO 9001 standard mandates. We have to follow up on the performance of our processes. We might have done this before, but we might also have skipped if we didn’t see a particular need at a specific point in time. Now, we have a reasonable amount of pressure to ensure that we deliver quality, keep our partners happy, and that everyone in the company is on board.

It’s a door opener.

So, of course, it is a door opener. The fact that we’re certified isn’t going to win any tenders for us, but not having this stamp of approval would be a problem in some cases and could even be a show-stopper.

What did we learn?

So obviously, we have learned a lot about the world of ISO standards and certification, and that goes without saying. (But now I said it anyway.)

Consultants and auditors have different perspectives.

One thing that we realized after a while is that there is a difference between what a consultant wants you to do and what the auditor thinks. If you bring in consultants to help you get certified, it’s their job to get you to do as much as possible to increase your chances of a positive outcome. So they will want you to have everything in place, whereas the auditor might be happy if you show that you’re on the right track.

The documentation and processes can be kept at a reasonable level.

Getting certified without getting bogged down in process and documentation is possible. If you take it too far, you might be stuck with a management system that dictates too much of what you do to the point where it limits your ability to act independently. As an organization where initiative and innovation are at the core, we can’t have too many processes, checks, and things set in stone. We have to be able to change constantly, and we can still do that.

The format of the management system is up to you.

And on the topic of too much process and documentation… In the world of ISO, there seem to be a lot of huge Word documents and Excel sheets. We’ve steered clear of those and have everything in Notion. That means that the documentation is easier to navigate, more accessible to update, and we don’t have to put too much effort into keeping things in order. We’ve used those standard templates as inspiration, but we’ve tried only to keep the stuff that adds value.

It’s more pragmatic than one might think.

The auditors want to see that you have a management system that helps you and doesn’t prevent you from doing what you do. All in all, this world is much more pragmatic than you would expect. Or at least than I would have expected before dipping my toes in the water.

So what is quality, really?

Quality is what we define it to be. We do that in our Quality Policy. That policy is a requirement in the standard, but the standard doesn’t tell you what quality is. To us, quality has always been essential. We’ve always focused on the end users, our products, partners, and people. You can read about that in our Quality Policy here.

You are more than welcome to review the certificate here.