Organizations and companies often go for certifications/assessment like ISO 9001 or ISO 27001 or CMMI. A company may decide to seek certification for many reasons, as certification can:

  • Meet Customer Requirements
  • Result in more revenue and business from new customers
  • Improve Company and Product Quality

Assessment process is a continuous cycle. There are some stages/steps in this continuous cycle leading to certification and sustenance.  For organizations that are new to the implementation process, attaining certification can be a little bit troublesome activity. This article helps to make the implementation stress-free through the ten points explained below. Assessment

1. Determine scope of registration

Determine whether the entire organization or a part of the organization is going for certification. Sometimes only a particular product in the organization is seeking for certification.

2. Get quotes from accredited third-party certifying bodies

The certifying bodies must be accredited to conduct audits. After evaluating several certification bodies (Transition partners in case of CMMI) based on their quotes and many other factors, the best suited certification body is selected by the organization. Once the quote is accepted by both parties – client and certification body, an auditor contacts the client to schedule the assessment audits. It’s vital to clarify and check for other hidden costs such as ‘registration’ and travel fees when obtaining quotes from the certification bodies.

3. Study of standard/model requirements

The first step in any certification/assessment process is ‘to have a clear understanding of the standard/model’. If people are not comfortable with the new standard, perhaps the first step in any implementation could be training on the new standard/model from experts in the industry. If required, organization can opt external consultancy to get help in implementation strategy. A good consultant can increase the value of the process.

4. Gap Analysis

It has to be evaluated how far away is the present management system or the product compliance from the new standard. Gap analysis, Pre-assessment, Internal audits etc. can be used for this evaluation. For more details on gap analysis, please refer Performing gap analysis. The Gap analysis documentation provides the input to the sub sequent phases.

5. Establish an implementation plan

An implementation team, work division, milestones of activities etc. need to be set up. Training has to be to be provided to the implementation team. Implementing the new management system needs to be an organization-wide target developed by senior management. (‘organization’ refers to the entire organization, a part of the organization or a project team as per the scope defined)

6. Ensure the implementation as per plan

The steps include preparation and review of procedures, manuals, other supporting documents, training to the affected parties on the new/changed system and deploying new/changed system.

7. Practice and live with the new system

During this period, observe and evaluate the new/changed system for its effectiveness. Audits need to be conducted to evaluate the changed system. Auditors must be trained to conduct the audits. Existing loop holes, inefficiencies, etc. are corrected and corrective actions are deployed. This leads to continuous improvement of the system. After a few months, the new system and the organization should be ready for the registration audit.

8. Third party Assessment/ certification

The number of auditors needed, and the time involved to conduct a registration audit may vary according to the size and complexity of the organization. Pre-assessments/Stage1 audits are conducted before the final assessment. During the pre-assessments, auditor reviews the existing systems and provides a report identifying further actions required to meet the standard requirements. Once the organization is ready and has fixed the gaps reported in the pre-assessment, the auditor performs the registration/final audit. The final audit is held in accordance with the audit plan. Upon completion of the audit, the auditor generates an audit report identifying non-conformances, if any are there. The client resolves these non-conformances. Once the auditor approves the closure of non-conformances, organization (or client) is recommended for certification. The auditor’s report is then verified via an approval process and if no anomalies are identified, certification is officially granted. Then the auditor works with the client to set up subsequent surveillance audits/health checks to ensure continuous adherence to the standard.

9. Sustaining the standard/model

Attaining a certification is not a one time job. The sustenance of the same is also equally important. So proper attention must be paid to ensure that level of certification is not degraded. To achieve the benefits of improvement from the new/changed system, an organization has to be committed in maintaining and amending the system over time to best suit its requirements. The tough work really starts with the maintenance of the new/changed system. And hence continued buy-in from everyone is important for the implementation to succeed, and for the organization to obtain the true advantages of becoming certified. So proper training needs to be carried out regularly to ensure on-going awareness. In addition, internal audits must be conducted to ensure the compliance to the requirements of the standard/model.

10. Get Buy-In

Getting full support from management and employees is crucial for the success of any certification/assessment program. The company executives need to be well clear on the advantages, requirements and costs etc. It’s also important that the employees are confident on the new system.

Baselines are created for the core “value-generating” processes of the business in the organizations. From the observed measurement data, an organization comes up with various process performance baselines (PPB) periodically. In a software industry, there can be PPBs for coding speed, defect density, productivity, testing speed, review effectiveness etc. Then measurable improvement targets (process performance objectives) are set for the selected processes. Say for example an objective could be to increase the coding speed by 10 % (Definitely some improvement initiatives need to be there to achieve the targets which are above to the current performance). Even, there can be an objective to maintain the performance at current level itself instead of improving upon the same. The process performance objectives are based on

    • the organization’s business objectives
    • the past performance of projects
    • customer requirements

In all these cases organization needs to have a reference value as baseline to know where it is right now. (Otherwise goals will be subjective) Baselines show the current performance measures of an organization. Now assume a case where an organization has just started to collect measurement data. Definitely there won’t be a baseline initially. In this scenario, how the organization will be setting objectives, without a reference baselines

They can have different options as below.

  1. Industry bench marks
  2. The organization can look in to the industry benchmarks. If the organization is performing a similar nature of work as per the contextual information of the industry benchmarks, they can use those values as references for setting targets.
  3. Expert discussions and brainstorming
  4. There might be employees in the organization who are much skilled to come up with some reference values on the critical processes for setting the targets.
  5. Collecting information from similar organization.
  6. The organization can refer baselines of other similar organization via employee contacts and use it as reference values.
  7. Process Performance Models (PPMs)
  8. If there are some prediction models defined, suitable to the requirements of the organization, dependent parameters (y values) can be predicted, assuming organization have some knowledge on the values of the independent parameters(x values)

When a reference value is obtained, organization can build targets upon the same. Once the organization has collected enough data over a period of time, PPBs can be built. Then those PPBs can be used to set targets for coming year. In this way process is continued and baselines are revised on a periodical manner, say on a yearly basis or so.

Add your points if you have got some other methods ‘to set objectives when there is no baseline’