Are you a specialist engineering industry?

We are pleased to be working with a number of new clients who specialise in engineering activities such as fabrication, welding, press work, CNC operations etc.

In some cases, the companies we are working with are at early stages of implementing ISO 9001:2015, 14001:2015 and ISO 45001:2018.

As with all businesses we always start with completing a review of the current status of the current management system in place.

Typically we look at the operational controls such as customer communication (clause 8.2), process checking and monitoring (clause 8.5), design controls (clause 8.3), etc.

Most companies are already meeting the requirements of the standards but don’t always realise it. We take the hard work out of identifying where the business needs improvement and offer direct guidance and suggested forms to be used.

The standards are split into different key categories, these start at clause 4.0 – Context through to clause 10 Improvement. All new ISO standards are following the same key headings. Obviously the requirements of each clause differs for each standard but ultimately if fully implemented will improve the business management system.

How to begin your ISO journey

Complete a review of the system against the requirements of the standard.

The key areas to consider are:

  • internal and external issues that can affect the customer, to achieve this review a Strengths, Weaknesses, Opportunities and Threats (SWOT) might be an option.
  • When considering the internal and external issues, the interested parties who have an interest in the business along with THEIR expectations should be recorded.
  • When creating your ISO system, a documented scope should be recorded. This needs to clearly demonstrate exactly what your business does.
  • A Quality / Environmental / Health and Safety policy should be written to include the requirements noted in the relevant standard. A combined policy statement can be created rather than 3 separate policies if preferred and is easier to manage.
  • If you have not already done so, start listing all of the forms that are used in the Integrated Management System (IMS). Give each form a title, a date, a unique reference and an issue number. List all of the forms on your master documents register.


To achieve ISO certification and ensure that the IMS system has some support, the most senior management must be involved from the beginning of the implementation.

The senior management need to be part of the implementation and will need to approve the policy statement, set objectives and targets, they will need to review non-conformities and provide sufficient resources to ensure the system can be successful.



Business Risk and Opportunity

Following the initial SWOT the key Threats and Weaknesses should be placed in a table and risk assessed to determine the greatest risks to the business. Once this has been done the management need to implement improvements (controls) to reduce the risks to the business and convert the risks to opportunities (where possible).

From the SWOT, the Opportunities should be also assessed to determine how the opportunities can be achieved.

Once the business risks and opportunities have been reviewed, the business should set measurable targets and determine what resources are required to implement achievements.

The method of creating risk assessments from identified hazards needs to be recorded and the methodology put in the form of a procedure.

As part of the environmental standard the company needs to set up an aspects and impacts register.

Similarly, the company needs to create a list of applicable health, safety and environmental regulations and carry out a review to demonstrate how the business meets these regulations.


To achieve improvements and to drive compliance to the standard, all of the employees need to be given awareness training.

Following awareness training, individual training records must be set up to ensure that all staff have adequate training applicable to their roles issued and recorded.

All documents (forms) used in the business relating to the Quality / Environmental / Health and Safety Management System need to be fully controlled to prevent inaccurate out of date forms being used. A simple master document register should be created that lists all of the forms that are individually identified by a unique reference, an issue status and a date of issue. Any changes to the forms should be recorded on the master documents register and the issue status amended on the specific form to identify the status. Old forms should be removed from use and the obsoleted.       

The infrastructure of the business should be considered to ensure it is fit for purpose, that areas such as IT can support the business, that records are backed up and the latest anti-virus software is installed etc.

Is the working area suitable for production? Is the building maintained to a suitable standard etc? Records of these areas must be kept.

Similarly, any equipment needed to determine accurate measurement should be calibrated.

Operational Controls

To ensure consistency of product, safety systems, environmental controls etc, adequate means of controls should be implemented. These may range from a simple route card following a product around a production line through to a fully implemented bar code system.

Adequate health and safety training, signage, risk assessments, safe systems of work, fire controls must be implemented.

Waste segregation and controls including clear segregation of hazardous waste from non-hazardous wastes. Collection by licenced waste carriers, and retention of records to demonstrate legal disposal.

Monitoring and Measurement

All parts of the business will generate different information that should be managed. To manage any specific area it should be measurable (where practical).

Areas typically managed in an IMS include (but not limited to) accidents and incidents, energy usage, water usage, volumes of scrap produced, waste streams and volumes disposed, carbon footprint, customer complaints, warranty claims, in full on time deliveries (OTIF’s) non-conformities identified at internal audits etc.

This information should be discussed at relevant meetings and the information communicated in the business.

Internal Audits

A key part of addressing the requirements of the IMS is to carry out internal audits to see how well the business is doing to meet the requirements of the standards.

The audits should be completed by competent trained auditors who are impartial from the process being audited. Any non compliances should lead to improvements to the system and help continual improvements.

Management Review

Another key requirement of the standards is to review the complete IMS. This is usually done annually by all of the senior management team meeting to discuss the key areas of the system and using an agenda that covers the requirements of the standards.

The minutes must be documented along with any actions needed and completion dates to be achieved.

This meeting is a very important meeting and should be given all the necessary support and drive necessary to achieve improvements.

Non-compliances and Corrective Actions

When issues are reported or identified, a non-compliance process should be implemented.

There are hundreds of ways to deal with non-compliances and corrective actions. Ultimately a record of the non-compliance should be made and suitable corrective actions recorded.                   Non- compliances could be a customer complaint, a supplier delivery error, in-house production error, accident or near miss incident, breach of regulations etc.

Once the corrective actions have been implemented a follow up on the success or not of the corrective action should be completed and any comments recorded as necessary.

Continual Improvement

Ultimately the business can only achieve ongoing improvement if it implements some of the controls detailed above.

Whilst ISO success does not guarantee more work it certainly helps to drive improvements within the business and ultimately demonstrates to potential clients that you have a recognised system in place.

The next stage is to book your Gap Analysis and start the journey.

All of the information detailed above is for guidance only and does not fully cover all areas of the standards but will give you a good start so to book your Gap Analysis call us on 01889 881887 .

ISO 9001:2015

Achieving ISO 9001 involves a logical steps starting with a review of the standard against the system you are currently operating and noting strengths and weaknesses. We can help you review this area to build a program of improvements to meet the requirements of ISO 9001:2015.

ISO 14001:2015

Achieving ISO14001 does not have to be hard work. With the right approach and  with top management commitment we can guide you every step of the way to ensure that your procedures are fully compatible with the requirements of the standard.

ISO 45001:2018

QSC Consultancy can offer a full Health & Safety System compliant with ISO 45001  the Occupational Health & Safety Management System. This system will assist you in managing Health & Safety Risks and facilitate legal compliance.

Quality Systems Consultancy

Quality Systems Consultancy Ltd
The Nook
Blithbury Road,
WS15 3HQ

<..find us on Google..>


Quality Systems Consultancy Ltd
The Nook
Blithbury Road,
WS15 3HQ

Telephone (Office)

01889 881887


07900 558547
07818 402094

facebook twitter linkedin