If we're not accredited to ISO9001, what sort of detail will be acceptable to CREST?
An ISO 9001 quality management system will help you to continually monitor and manage quality across all operations and put in place processes that allow you to improve the way you operate at all levels. As the world’s most widely recognised quality management standard, it outlines ways to achieve, as well as benchmark, consistent performance and service.
The Standard uses a process oriented approach which is a useful way of considering the quality standards that should be utilised within a business. From a CREST perspective, this should include all aspects of an assignment that could be run under CREST standards.
You should consider the processes that support the assignment. The primary processes might include:
• Bid management and proposals
• Contractual agreements
• Assignment initiation and scope
• Staff suitability for the assignment
• Assignment execution
• Reporting, including security of client information in communications
• Client information retention policy
• Client information destruction policy
• Incident management
• Complaints processes and escalation
The processes described in these sections or reference documents are designed to protect both your company and your clients. CREST has dealt with assignment issues relating to all of the sections above. Having this documentation available from one source should things go wrong will place companies in a stronger position should a dispute ever arise. It also provides the client with added confidence that your company understands the need to have formalised processes for managing an assignment and protecting client information and that procedures are in place to deal with incidents as they occur if you need to produce evidence of your quality procedures.
It is also good practice to have these processes available from a single source as mentioned above: it is important that a team involved in a CREST assignment can see the end to end process and understand their responsibilities within it. Consideration should also be given to creating sections to break down and cover these areas.
• Identify your key processes
• Define quality standards for those processes
• Decide how process quality will be measured
• Document your approach to achieving the desired quality, as determined by your measurements
• Evaluate your quality and continuous improvement programme
You should also review the advice given in the FAQ below covering ISO 27001 accreditation as many of the issues addressed apply equally to ISO 9001.