ISO 9001 | ISO 14001 | OHSAS 18001

Consulting | Training | Audit Services

We help organizations of all kinds meet your quality, environmental, and safety management system challenges with expert guidance, effective education, and field-tested products. Whether you're certified or not -- interested in ISO 9001 or ISO 14001, or OHSAS 18001 --
help is here.

6 reasons Rob Kantner is your smart choice for ISO consultant.

Rob Kantner - ISO expert

1. Rob Kantner: nearly 25 years of helping hundreds of organizations of all kinds meet their ISO challenges.

The ISO 9000 standard was first published in 1987, the year I first started working with ISO. Since then, and especially since going independent with my own firm in 1995, I have provided implementation, education, and audit services for ISO 9001, ISO 14001, OHSAS 18001, and others, to hundreds of clients in manufacturing and service fields all over North America. And from every one of them, I've learned.

2. Rob Kantner: Expert at making ISO work for you (not other way around).

Because you're doing this, you must be a great company. Great firms get great because they have effective processes. These effective processes, I believe, do not need to be changed to "fit ISO." Rather, I help you build your ISO system around those great processes to help make them better. The only process changes I'll propose are those needed to ensure full compliance with the Standard, and in this my job is to offer an array of options. For the consultant, this strategy is not easy. It requires thought, care, creativity, and (most of all) decades of hands-on experience. That's what you get when you sign up with me.

3. Rob Kantner: Skilled at fully engaging your work force in the ISO process.

Of the three main phases of an ISO project, documentation is the easiest. Compliance is a bit harder. And implementation–getting the work force fully knowledgeable and engaged–is by far the toughest. But full implementation is what drives your ISO system beyond "passing audits" to paying dividends. With my expert guidance, your work force becomes fully educated, engaged, and actively using the ISO system as a tool for improvement.

4. Rob Kantner: Helps you dodge the big ISO pitfalls–pointless bureaucracy and needless paperwork.

An ISO system becomes a paperwork monstrosity when the people setting it up don't know any better. That's not their fault; they lack my years of experience. I understand the requirements and the principles, and know how to translate them to your day to day reality. Most important, at each step I'll apply a vigilant and critical eye. I'll challenge client people and myself to make each step of the ISO process add value. I'll watch warily for paperwork creep–and when in doubt, I'll throw it out!

5. Rob Kantner: Flexible help to fit your unique situation.

Some clients need full in-person service. Others can do the job with remote guidance from me. I strive to understand exactly what you need, and tailor my plan (and its costs and timelines) to fit your particular circumstances.

6. Rob Kantner: assuring an excellent outcome.

This means fully preparing your team, including top management, for successful registration audit. More important, it's ensuring that your ISO system is free of ISO-speak, and fits your firm and its processes like a glove–a system your team fully understands, owns, and can operate into the future, with no further consulting help needed. For me, then, a big measure of success is to work myself out of a job!

2015-curtain.original (195K) ISO 9001 Transition:
Tips and Tricks
from the Expert

Editor's note: This is the third in a series of articles by ISO 9001 expert Rob Kantner describing the changes found in the new ISO 9001:2015 standard - with tips and tricks on how to transition your system effectively. Come back each week for another edition. Or, to receive each installment automatically, subscribe to our email newsletter.

Part 3: Interested Parties

Reference: ISO 9001:2015 4.2 Understanding the needs and expectations of interested parties

Plain English: What are the individuals / groups that affect, or are affected by, your firm's activities? What do they require of you? What are the related risks and opportunities?

What's new: Everything.

What's changed: n/a.

Exactly what does ISO 9001 mean by "interested party"? The Standard itself is silent. Conveniently, ISO 9000:2015 section 3.2.1 defines "interested party" this way:

Person or organization (3.01) that can affect, be affected by, or perceive themselves to be affected by a decision or activity. EXAMPLE Customers (3.26), owners, people in an organization (3.01), suppliers (3.27), bankers, unions, partners or society that may include competitors or opposing pressure groups.

Those are just a few of the categories of "interested parties" that may affect you (i.e. impose requirements on you), OR that are affected BY you. Here is a somewhat larger list:

  • Certification Body
  • Competitors
  • Customers / End Users
  • Customers / Dealers
  • Employees
  • Labor Union
  • Landlord
  • Local Community / Neighbors
  • Outsource Provider
  • Ownership / stockholders
  • Regulator
  • Supplier / Vendor
  • Trade Association

Refining the list

4.2 requires us to "determine":

  • Interested parties relevant to the quality management system;
  • Their requirements that are relevant to the quality management system.

The repeated "relevant" clause is important. Don't get get carried away "determining" every single interested party with whom you engage, or have the potential to engage. Limit the selection to the interested parties that (paraphrasing the first paragraph of 4.2):

Have an effect or potential effect on your ability to consistently provide products/services that meet customer and applicable laws/regulations.

First steps

  • Use the list above as a starting point.
  • Pare it down to the categories of interested parties that meet the "relevance" criteria.
  • Review each category to make it as focused and specific as possible. For example, not every supplier / vendor is relevant to the QMS. You might want to create a category called "critical suppliers" and define what that means.

Next: determine interested party needs, expectations, requirements

These interested parties are all engaged with you in some capacity. This engagement may take the form of:

  • Requirements they impose on you
  • Needs / expectations that you must satisfy as a condition / expectation of the relationship
  • Effect their activities have on your QMS

Your task now is to specify, for each interested party, the details of engagement. Keep this brief and to the point and refrain from cramming every possible consideration into it.

Examples? Yup, we've got some.

Competitors -

  • Threaten our existing customer base
  • Has potential to poach our employees

Dealer -

  • Expects business continuity
  • Expects protected territory

Labor Union -Requires terms of labor agreement to be met

Local Community / Neighbors - Expect us to

  • Be a source of jobs
  • Support community improvement initiatives
  • Maintain our facilities in an optimal manner
  • Refrain from intrusive activities (noise, exhaust, litter, etc.)

Regulator -

  • Requires compliance with relevant regulations
  • Can assess fines / disrupt our activities if compliance levels fall

Should we write all this down?

As with 4.1, the Standard does not specifically require that this information be documented. It does, however, require you to monitor it and review it - impossible to do on a disciplined basis unless it is documented.

Note also that, as with 4.1, 4.2 states that "the organization" determines all these things. That means you determine them, not the external auditors. They may second-guess your determinations and try to poke holes in them, but, the way the Standard is worded, the ultimate authority is you. Keep it simple and stick to your guns.

That's it for 4.2 Interested Parties. But, while you're on the subject, we recommend you carry out one more step.

Ranking the terms as risks or opportunities

As we described in an earlier installment, the Planning section of ISO 9001:2015 has a new requirement involving determining risks and opportunities (and taking action relevant to them) that calls back to this section.

We therefore recommend, before you move on, that you rank each of the terms you've identified as risks (i.e. failure that could hamper the success of the QMS) or opportunities (i.e. conditions which, if maintained or enhanced, could improve the results of the QMS). There may also be terms that you determine are a mix of risk/opportunity, or which are neutral.

And yes, you should write all this down. Otherwise it's tough to "monitor and review" it.

And yes, the Standard specifically states that the organization - you - determine these things. Not external auditors.


The work in this section is largely one of planning and, also, reverse-engineering what it already in place. Your Company Context document is a living document subject to change as your company and its processes evolve, grow, and improve. The new Change Control process, discussed later, may impact this from time to time.


  • Document this information.
  • Assign responsibility for keeping it up to date.
  • Review and update as needed at management review (at least annually).

June 15, 2016

To receive each installment automatically, subscribe to our email newsletter.