Becoming ISO 9001 compliant

D.P. · 13 Aug 2018 at 12:00

Does anyone have experience with this? I have been tasked with formulating a plan and calculating costs as a quick draft, ideally within the next few days. There is a project we might want to bid on but it requires ISO certification.

The hope would be to become complaint within 1 years, ideally 6 months. My proposal is to hire a consultant to aid the process, but cost estimates online vary widely (5-50k?. I am interested in ball-park costs that are more likely a slightly over-estimate. We have a QA guy, he is pretty junior so would hire a more experienced manager to work with the consultant.

I am doing plenty of reading on the subject, but would appreciate if anyone could create some pointers. We have some QA processes in place but it is best to simply assume there are 10 software developers that concentrate on producing results rather than formal processes, a necessity of a start up.

Some questions I can't find answers to include the expected time costs on developers in documenting and reporting etc. It is on thing to say a consult costs X, but if all 10 staff becomes 15% less productive in advancing functionality that is a big cost (I know you gain with more robust code but that has a different value to investors).

Cheers!

Hades · 13 Aug 2018 at 15:48

I don't have the answer to your question. But one approach may be to pa a consultant a couple of days time to come in and explain the typical costs, benefits, pitfalls and also how he would approach the project.

Steeps · 13 Aug 2018 at 16:58

Most of these standards are designed more around data handling and form filling rather than actual output so making sure your admin is all up to scratch and processes are documented in easy to find folders. Another thing to remember is there are no standards with some of the certificate issuers, you can ask two different companies the same question and get different answers with how to implement a process (sometimes even two people in the same company will give different answers). Whoever handles your back office (accounts/contract discussions/emails/general admin) will be the person most under the microscope.

BSI were frustrating to work with, always changing their standards and not clear enough with their documentation, a previous place used QMS (loved going for the cheapest so must have been affordable) and seemed to have everything running within a couple of months. One of the issuers once signed up should be able to send you documentation with what you need to do, implement yourself or get a consultant in (easier yourself if your admin has time) then have the processes audited when all the files/folders are in place.

Stelly · 13 Aug 2018 at 17:07

We employed someone that is just an ISO officer to do this in our software house, its not easy and everything needs to be documented and logged, things like server access, access to buildings, we moved most of our on premise infrastructure to cloud to be completely complaint... it isnt easy and it is a lot of pain and I wouldn't do it without having someone dedicated to getting you through it...

Stelly

Throrik · 14 Aug 2018 at 19:35

We've just passed the new versions of 9001 and 27001 - seriously, get a 3rd party in to help you if necessary. They're a bleeding nightmare lol.