Category: General-2

ISO 9001 internal audits are most valuable when they move beyond compliance checking to actively drive performance improvement. Properly designed and executed, internal audits validate that the quality management system (QMS) is effective, reveal systemic weaknesses, surface opportunities, and provide input for management decisions that raise process outcomes and customer value.

It is best to start with purpose and planning. Audits should be risk‑based and aligned to business objectives and scope: critical processes, high‑risk activities, recent changes, customer complaints, and past nonconformities merit higher audit frequency. Define clear objectives for each audit (e.g., verify effectiveness of corrective actions, assess process performance against KPIs, confirm readiness for certification). Use a rolling schedule that balances coverage with depth rather than mechanical clause ticking.

Adopt a process‑and‑evidence mindset. Auditors trace the process flow from inputs through controls to outputs and outcomes. Instead of focusing on whether a procedure exists for the organization, an auditor must ask whether the process delivers the intended result and how that is measured. Review objective evidence — records, performance data, trend charts, work observations and interviews — to test effectiveness. Ask probing questions such as “How do you know this control is working?” and “What evidence shows improvement over time?”

Make auditor competence and approach central. Auditors require process knowledge, risk awareness, data‑analysis skills and good interviewing techniques. Internal auditors should act as impartial investigators and constructive consultants: identifying root causes and suggesting practical corrective or improvement actions rather than assigning blame. Cross‑functional auditing helps expose interdependencies and spreads good practices across the organization.

Emphasize root‑cause analysis and corrective action effectiveness. When nonconformities are found, require structured root‑cause methods (5 Whys, fishbone) and corrective actions that target systemic causes with measurable success criteria and timelines. Verification of effectiveness is essential — closures should be evidence‑based (data, subsequent audits, or implemented controls), not merely administrative sign‑offs.

Link audit findings to performance metrics and management review. Audits should feed quantifiable insights into management review: trends in KPI performance, recurring issues, risk exposures, and results of corrective actions. Management should use this input to prioritize resources, approve improvement projects, and adjust objectives. Tracking audit‑driven improvements against business outcomes (reduced defects, faster delivery, higher customer satisfaction) demonstrates audit ROI and motivates continued engagement.

It is imperative to use data and tools to enhance impact. Data analytics, control charts, exception reporting, and audit management software increase audit efficiency and enable evidence‑based conclusions. A well-prepared checklist focuses on performance indicators—not just mere clause compliance; this is to ensure consistency while preserving investigative flexibility.

Cultivate a culture that views audits as opportunities and not as a factor to intimidate. Communicate that audits are aimed at learning and strengthening processes. Celebrate instances where audits uncover improvements or where process owners implement effective corrective actions. A no‑blame, improvement‑oriented culture increases transparency and cooperation.

Measure audit program effectiveness. Useful indicators include the decline in recurring nonconformities, the percentage of corrective actions verified effective, time to close actions, and improvement in audited process KPIs. Regularly review and refine the audit program itself based on these metrics.

To sum up, ISO 9001 internal audits that improve performance are planned around risk and business impact, executed with process focus and competent auditors, emphasize root‑cause, corrective action and measurable verification, leading to effective management decision‑making process. When integrated with data analysis and a culture of continual improvement, the internal audit becomes a strategic tool that drives sustained and measurable enhancement of quality and organizational performance.

I take pride on my experience as I work with our maritime clients emphasizing the personal perspective from both below and above the surface of this ocean. My view of the ISM Code is shaped by a life at sea. I spent good 22 years of the early part of my career in the Indian Navy, eventually commanding two F-class submarines and later serving on India’s first nuclear submarine a Charlie II. After leaving the Navy, I served for a decade as Master in the mercantile marine. Then as a VP in the second largest ship registry, the Liberian Flag for 3 years and now as the leader of the QMII team. I have seen safety management from the control room of a submarine and from the bridge of a merchant ship, in fair weather and in crisis. These experiences have convinced me that a Safety Management System only works when it is lived by the people who must make decisions in real time, far from shore support.

I still remember standing on the bridge of a merchant vessel, facing commercial pressure to sail on schedule while weather and equipment concerns suggested otherwise. The manuals and procedures were on board, but what mattered in that moment was whether the company truly backed me and my Master’s judgment. That is where the real test of any SMS lies, not in what is written, but in the support given when difficult decisions must be made.

Having sailed for many years, I know how isolating a tough decision at sea can feel. A good DPA is not just a name in the manual but a trusted voice on the other end of the line, someone the Master can call at 0200 hours and speak openly with. When that relationship exists, the SMS becomes real; when it doesn’t, the paperwork quickly loses relevance on board.

After a lifetime at sea and many years working ashore with companies to implement the ISM Code, and finally leading QMII for over two decades in training, auditing and consulting in management systems, I remain convinced of one thing that the Code itself is not the problem. The real issue is whether we choose to make the SMS a living system that respects the realities of those at sea. When shore and ship learn to listen to each other through the SMS, we honor not just compliance requirements, but the professionalism and lives of the people who sail our ships.

More than 25 years after the ISM Code became mandatory, the International Safety Management (ISM) Code is still too often treated as a paper exercise. Shore offices produce manuals, checklists and forms; ships receive them, file them, and do their best to keep up. The result is a familiar complaint from both sides, “The system is for auditors, not for us.”

Yet the ISM Code was never intended to create a paperwork gap between shore and ship. It was meant to bridge that gap by providing a common safety language and a shared framework for decision-making. When understood and implemented as a living system, the Safety Management System (SMS) becomes exactly that bridge. I always recollect the curt observation by Justice Sheen post the sinking of the Herald of Free Enterprise: “…. I see a disease of sloppiness at every level of the hierarchy….”. His direct pointer at having a management system brought us the ISM Code connecting to the SOLAS.

The ISM Code’s original Intent was to have a system that connects people. The ISM Code’s purpose is clear: to provide an international standard for the safe management and operation of ships and for pollution prevention. The Code defines the Safety Management System as a structured and documented system enabling company personnel to implement the company’s safety and environmental protection policy effectively.  From the beginning, the Code placed both shore and ship within the same system. Company objectives in section 1.2 of the ISM Code include:

• providing safe practices in ship operation and a safe working environment,
• assessing risks to ships, personnel and the environment and establishing safeguards, and
• continuously improving safety management skills of personnel ashore and aboard ships.

These are not separate objectives for two separate worlds. They are shared obligations, achievable only when the SMS genuinely links the office and the vessel.

So where then does the gap come from? Despite this intent, many organizations experience a shore–ship divide in their SMS.

• On shore, staff may focus on satisfying external auditors, producing beautifully formatted procedures that look good in a DOC audit but are hard to use in real operations.
• On board, crews often experience the SMS as extra work: duplicative checklists, complex forms, and procedures that do not reflect the realities of weather, port pressure and human limitations.

When this happens, several symptoms appear:

• “Cut-and-paste” risk assessments that no one believes in.
• Non-conformities written in audit language instead of operational language.
• Masters and Designated Persons Ashore (DPAs) communicating mainly for certification, not for learning.

The result is an SMS that is formally compliant but functionally weak—it exists on paper but not in daily decision-making. The SMS must be a living system. To bridge the gap, we must return to a simple idea, the SMS is not a manual. It is the way the organization manages risk and work, documented so it can be repeated, audited and improved. A living system has several characteristics:

• Owned by users, not by paperwork Procedures and checklists are written in the language of the people who use them. Crew and shore staff participate in their development and revision. Guidance documents are concise, operational and easy to find.
• Fed by real feedback The Code requires procedures for reporting accidents and non-conformities, and for internal audits and management reviews as functional elements of the SMS. In a living system, these are not compliance rituals but mechanisms for learning. Near misses, hazardous observations and improvement suggestions from crew are actively encouraged, analyzed and acted upon.
• Adaptable, not frozen, clause 12 of the Code calls for review and evaluation of the SMS.
  A living SMS changes in response to new risks, technology, trade patterns and lessons learned. Revision is continuous, not something done hurriedly before an audit.
• Transparent roles and communication The Code requires defined levels of authority and lines of communication between shore and shipboard personnel. In a living system, these lines are not just organograms—they are trusted relationships. Masters feel supported, not second-guessed. The DPA is accessible, respected and known by name, not just as a title in the manual.

 The DPA then should be the human bridge. Perhaps the most powerful bridging mechanism in the ISM Code is the requirement that every company designate a person or persons ashore with direct access to the highest level of management (ISM Code clause 4).

In many organizations, the Designated Person Ashore (DPA) becomes either:

• a paper coordinator, chasing signatures and tracking audits, or
• a firefighter, reacting to incidents and port state control findings.

To make the SMS a living system, the DPA must instead function as a system integrator:

• Listening systematically to ship feedback and ensuring it reaches senior management.
• Challenging shore practices that create unrealistic demands on ships.
• Ensuring that risk assessments and procedures reflect actual operations, not office assumptions.
• Facilitating honest discussions after incidents—not searching for blame but for system weaknesses.

In short, the DPA should be the voice of the ship in the boardroom and the voice of the system on the ship.

The companies should plan practical steps to bridge the shore–ship gap. Companies that wish to transform a static SMS into a living one can take several practical steps as to co-create procedures with ship staff by involving the masters, officers and ratings when developing or revising procedures. I call it capturing the “as-is” of the system in preference to throwing the ‘baby with the bath water” by simply adopting a template. Pilot new checklists on board before formal approval. Ask: “does this help you do the job safely under time pressure?” If not, redesign. Management systems are not etched in stone. They should be open, flexible and adoptable to change.

Train to be competent and for understanding, not just for compliance. Move beyond “read and sign” familiarization. Use case studies, incident reviews and simulations that connect ISM clauses with real operational dilemmas. Emphasize why a procedure exists, not just how to follow it.

Most importantly, simplify and prioritize. The ISM Code specifies functional requirements, not thickness of manuals. Focus on critical operations and major risks; remove redundant or overlapping forms. A smaller, well-used SMS is better than a massive, ignored one. While doing this, also strengthen feedback loops. Make incident and near-miss reporting simple and non-punitive. Provide feedback to the crew on what was learned and what changed as a result. When people see that speaking up leads to improvement, not punishment, the system comes alive.

Remember data drives risk and trends and makes an organization proactive. Use data—and stories. Combine quantitative indicators (deficiencies, delays, injuries) with qualitative insights (crew narratives, master’s reviews). This blended view gives a more complete picture of safety performance and culture.

A change from compliance culture to learning culture must be brought in to create an environment for quality, safety, security and continual improvement. Port State Control statistics show that ISM-related deficiencies remain among the most frequently reported issues worldwide. This suggests that many SMSs still operate at a minimum compliance level. Bridging the shore–ship gap means moving toward a learning culture, where:

• Deviations are signals to improve the system, not just to correct the individual.
• Masters are empowered to exercise their overriding authority and supported by the shore organization with resources on as needed basis.
• Top management sees the SMS not as a cost, but as an asset that protects people, ships, reputation and the marine environment.

In conclusion I would repeat that making the Code work as intended is the need. Not just talk but walk the talk. The ISM Code gave the maritime industry a powerful framework. It defined objectives, clarified responsibilities, and required a documented Safety Management System (SMS) that connects shore and ship. The challenge now is not to “comply” with the Code, but to realize its intent.

When the SMS is treated as a living system—owned by its users, nourished by feedback, continually adapted and genuinely connecting shore and ship—it becomes what the Code envisioned:

• a bridge between management and operations,
• a driver of safety and environmental protection, and
• a practical expression of the company’s values at sea and ashore.

The choice is ours: an SMS that exists for certificates, or an SMS that saves lives, protects the environment, and unites shore and ship in a common purpose.  

For many U.S. factories, the first ISO 9001 audit can feel daunting. It’s like getting ready to marry someone even though you have known the person for a long time. Therefore, some preparation is necessary. Questions will come up in your mind – like “Are we ready?” or “What if we miss something?” are common. The good news is that ISO 9001 audit preparation doesn’t have to be stressful. With the right steps, your factory can approach the audit with confidence and even use it as a springboard for improvement. Afterall, the intent of an audit should be to drive continual improvement. That then becomes the secret mantra to your long last married life in effect ensuring your leadership get the inputs to improve processes and continue to produce confirming products and services. Here are a few steps to consider:

Step 1: Understand the Audit Scope

Before diving in, clarify what the certification body will be looking at. Typically, the audit will cover:

• How your Quality Management System (QMS) meets ISO 9001 requirements.
  
• Evidence of processes, records, and continual improvement.
  
• Compliance with statutory, regulatory, and customer requirements.

Step 2: Conduct a Gap Analysis

A gap analysis compares your current system against ISO 9001 requirements. It is best not to fit your system into templates. It is ideal to capture the “As-Is” of the system. This helps identify weak spots before the auditor does.

• Review clauses of ISO 9001 one by one.
  
• Document where your processes already comply.
  
• Flag areas needing corrective action.

Case Study: Mock Audits in Gap Analysis

QMII’s ISO 9001 lead auditor training highlights the importance of mock audits and case studies to simulate real audit situations. Factories that conducted mock audits before their first certification audit found gaps early and reduced findings during the real audit. Source 

Step 3: Train and Communicate

Employees are often nervous about audits. Reduce anxiety by explaining what to expect.

• Train staff on how their role connects to the QMS.
  
• Conduct mock interviews so they’re comfortable answering auditor questions.
  
• Emphasize honesty: auditors appreciate real answers, not rehearsed ones.

Step 4: Organize Documentation and Records

ISO 9001 requires evidence. That doesn’t mean mountains of paperwork, it means accessible, controlled documents.

• Review procedures, work instructions, and records.
  
• Ensure version control is in place.
  
• Archive outdated documents so they don’t cause confusion.

Step 5: Perform an Internal Audit

An internal audit is like your dress rehearsal before the wedding.

• Use internal auditors who understand ISO 9001.
  
• Treat findings seriously; corrective actions show the auditor you’re committed to improvement.
  
• Document everything, from nonconformities to follow-ups.

Case Study: Digital Tools for Internal Audits

A QMII client in manufacturing adopted a cloud-based QMS to centralize documentation and automate audit tracking. This reduced manual errors and improved version control, enabling faster retrieval of documents during internal audits. As a result, the company reported fewer audit findings and smoother external audit preparation. Source 

Case Study: CAPA Improvements

From QMII’s ISO 13485 audit trainings, one company improved its CAPA (Corrective and Preventive Action) process by introducing root cause analysis and systematic tracking. Within a year, they achieved about 30% reduction in non-conformities. While this example is from medical device audits, the lesson applies directly to ISO 9001 audit readiness. Source

Step 6: Conduct a Management Review

ISO 9001 clause 9.3 requires top management to be actively involved. A management review shows leadership commitment.

• Review audit results, customer feedback, and performance data.

• Discuss risks, opportunities, and resources.

• Document decisions and improvement plans.

Step 7: Create a Positive Audit Environment

On the audit day, set the tone.

• Greet auditors warmly and provide a clear schedule.

• Assign a guide to accompany them around the factory.

• Encourage open communication.

Final Thoughts

ISO 9001 audit preparation is not just about passing the audit. It’s about building a culture of quality. U.S. factories that approach audits with openness and preparation often find unexpected benefits: streamlined processes, engaged employees, and stronger customer confidence.

• QMII Government Services reported a 64% decrease in product processing time, 67% increase in productivity, and 89% reduction in inventory levels after optimizing their management systems.
  
• According to ISO studies, companies certified to ISO 9001 typically report 20-30% defect reduction rates, driving both cost savings and customer trust. 
  

Your first audit may feel intimidating, but with the right preparation, it can become a milestone on your factory’s journey to excellence. “You’ll be happily married for life!”

When a U.S. industrial plant leadership makes the strategic decision to roll out ISO 9001, the first instinct is often to focus on documentation, audits, and procedures. They often start with looking for a consultant and the consultants for quick money provide a template. That is the start of misery for an organization. The “As-Is” of the management system should be the start. What has been developed over the years should not be forgotten or lost! The truth is no checklist, or manual can build a true quality culture. The secret ingredient in implementing ISO 9001 is the leadership involvement in developing the system with their total involvement, commitment as required by ISO 9001 clause 5.1 and of others who assist them in this role as per ISO 9001 clause 5.3.

Why leaders make or break ISO 9001 effectiveness is an important question, a vital decision, therefore. Employees don’t take their cues from policies-they take them from people. If leaders treat ISO 9001 as “just another certification,” that’s exactly how the workforce will see it. On the other hand, when leadership is visible, engaged, and committed, quality stops being a buzzword and becomes a way of working. That system has the best chance to produce confirming products and services as also ensure continual improvement of the system.

ISO 9001:2015 makes this clear. Clause 5 puts accountability squarely onto the leadership. It’s not the “quality manager’s project” anymore-it’s a business-wide effort, and leaders must own it. Therefore it is the leadership that matters in ISO 9001 and is an important aspect of the process. At QMII we teach an ALW (Awareness Leadership Workshop) to prepare leaders. ISO 9001:2015 places leadership at the heart of the standard. Clause 5 emphasizes that leaders must:

• Demonstrate commitment to the Quality Management System (QMS).
• Align quality objectives with organizational strategy.
• Promote a culture of continual improvement.

In U.S. industrial plants, where efficiency and production targets often dominate discussions, leadership involvement ensures quality doesn’t get sidelined. Leaders act as role models, showing that meeting quality objectives is as important as meeting delivery deadlines.

As auditors and other stake holders look at a management system implementation, they need to be able to clearly evidence what leadership involvement looks like in practice. There are numerous indicators, most of them based on ISO 9001 clauses 5.1, 5.1.2 customer focus, 5.2  policy leading to 6.2 objectives and good risk assessment 6.1 and 10.3 continual improvement. To generalize these into simple language I would say these would include the following:

• Setting the tone. A plant manager who opens every team meeting with a quality update shows that it matters as much as production numbers.
• Walking the floor. Leaders who regularly join quality reviews or stop by the line to ask about issues send a strong signal of support.
• Connecting quality to strategy. Instead of treating ISO 9001 as paperwork, leaders can frame it as a competitive edge: fewer defects, happier customers, stronger market position.
• Celebrating wins. Recognizing teams for continuous improvement projects—no matter how small—builds momentum and pride.

Culture Is caught, not taught. We can train employees on ISO 9001 requirements, but culture is shaped by what leaders actually do. Creating an environment of quality is a leadership accountability issue. When executives understand the value of NCs (nonconformities) as the drivers of correction and corrective action, they follow procedures, welcome audits, and act on feedback, employees naturally mirror those behaviors. Over time, this creates a culture where quality isn’t “extra work”—it’s simply the way we work. It is then the organization goes from a reactive industry to a proactive manufacturing entity.

Case Study: ISO 13485 Lead Auditor Training – CAPA & Supplier Quality Improvements

A medical device manufacturer worked with QMII to strengthen supplier quality management, integrate risk assessments into production, and improve CAPA processes. Source
Results:
• Significant drop in supplier-related issues.
• Reduced risk incidents and better device reliability.
• 30% reduction in non-conformities within one year.

The payoff or what is often termed ROI (return on investment) and in ISO 9001 as meeting objectives clause 6.2 is of great value to the leadership. Industrial plants that embrace ISO 9001 leadership involvement don’t just pass audits. They see fewer reworks, stronger customer trust, and a workforce that takes pride in doing things right the first time. In today’s competitive manufacturing landscape, that’s not just compliance-it’s survival.

Case Study: ISO 9001 Consulting for Manufacturing Industries

A mid-sized automotive components manufacturer partnered with QMII to address high defect rates and inefficiencies. QMII conducted a gap analysis, developed an ISO 9001-aligned QMS, trained employees, and streamlined workflows. Source
Results :
• 30% reduction in product defects.
• 25% increase in operational efficiency.
• Improved customer satisfaction and stronger repeat business.

• QMII Government Services reported a 64% decrease in product processing time, 67% increase in productivity, and 89% reduction in inventory levels for a government client.
• Companies certified to ISO 9001 typically report 20-30% defect reduction rates, leading to significant cost savings.

Practical steps leaders can take to lead the industry may include the following:

1. Communicating their vision by clearly articulating why ISO 9001 matters—not only for certification, but for customer trust, employee pride, and long-term competitiveness. QMII with its clients conducts an orientation workshop for employees.
2. Allocating resources is a primary responsibility of leaders. Quality initiatives fail when they’re underfunded. Leaders must ensure sufficient training, technology, and staffing to support ISO 9001 compliance. Where they cannot provide resources, they must assume the risk and adjust objectives.
3. Engaging with the employees includes walking the floor, participating in quality meetings, and recognizing contributions all reinforce that quality is everyone’s responsibility.
4. Integrating quality into the strategy, includes quality goals and should not be separate from business goals. For example, reducing defects can be tied directly to cost savings and improved customer satisfaction.
5. Leading by example is an important aspect of leadership. Leaders who adhere to procedures, value data-driven decisions, and embrace audits demonstrate that ISO 9001 is part of the plant’s DNA.

ISO 9001 isn’t a binder sitting on a shelf. It’s a leadership-driven culture shift. And when leaders lead the way, the entire plant follows. Just keeping the binder on the shelf is no good. The binder sitting on that shelf may get the organization a certificate but will not result in ROI. Please remember and don’t let ISO 9001 become the missing link in U.S. industrial plant success, for that leadership involvement is a must. Your involvement as leaders at every step of your organization matters more than checklists. ISO 9001 leadership involvement should be driving the culture of change in manufacturing.

In concluding I would opine that rolling out ISO 9001 in U.S. industrial plants requires more than technical checklists; it requires leadership. By committing to ISO 9001 leadership involvement, plant managers and executives can transform their organizations into a quality-driven powerhouses that thrive in today’s competitive market.

Wouldn’t it be nice if an ISO 9001 documentation templates package came wrapped up in a little box with a red bow? Ready to use and that delivered the magic of a quality product, streamlined processes resulting in efficiency, and satisfied customers.

Aside from the requirements for records the ISO 9001 standard, many find it surprising that ISO 9001 does not really require a manual or any documented procedures! So are all those companies selling you ISO 9001 documentation templates providing you value for money or is this just snake oil?

ISO 9001 has not really re-invented the wheel and most companies when they get down to implementing the standard realize that they cover most of the requirements in practice. After all it really is just business 101. In this article we will cover why to document your system, how to document your system, and how you can do so while not increasing the burden for your personnel.

Why is ISO 9001 documentation such a challenge for U.S. manufacturers?

ISO 9001 is often synonymized with documentation. Companies tend to document every little thing they do— the tiniest of detail. This approach creates a documentation burden for their users with information being duplicated in multiple records, information duplicated in multiple procedures and so on.

U.S. Manufacturers often seek ISO 9001 systems not for the benefit that a quality management system when implemented well will provide. Often the need for this is driven by a need for certification that is required by a customer or a potential customer. Time is of the essence in many of these cases and ISO 9001 documentation templates provide an easy out. While in the initial lifecycle of the system this may result in certification, over time it becomes a compliance burden. Something that is spruced up before audits. Before customer visits and that outside of those rare visits rarely see the proverbial light of day.

Most U.S. small and medium businesses further may not have the in-house expertise and/or the resources needed to invest in a consultant to support this effort.

What documents are actually required under ISO 9001?

ISO 9001 does not require any mandatory procedures. Before we dive further into this topic let us look at some definitions.

• Process – a series of actions or steps taken to achieve a particular end (the what)
  
• Procedure – an established or official way of doing something (the how)
  
• Documented procedure – A documented way of doing something

In essence, a procedure or process, as referenced in ISO 9001 does not imply a documented procedure. ISO 9001 asks organizations to determine the risk of not having something documented and as a result determine what they would like to document.

The only documented requirements, outside of required records, in ISO 9001 are the following:

• The scope of the management system including a justified non-applicability
  
• The Quality Policy
  
• The Quality Objectives

Which documentation mistakes cause audit failures?

In documenting the management system, it is of the utmost essence that companies appreciate their management system. What does this mean? It means each company has a way of doing things that have brought them this far. In aligning your system to ISO 9001 always begin by capturing how you are currently doing work. Measure it up against the requirements of ISO 9001 and determine where gaps exist.

In documenting your system take into account the competence of personnel, the structure of the organization and the complexity of the processes. DO NOT document your system to satisfy an auditor!

Common documentation mistakes that organizations make include:

• Over documentation – This often occurs when activities are documented by a person not close to the process, done to please an auditor, done in cases where there is high personnel turnover. This becomes an issue for users because there may be a conflict in the requirements for personnel, too many “shall” that become difficult to meet, and confusing to reference.

• Missing records – Where records are not located in the right location, have not been maintained or have been inadvertently deleted/destroyed.

• Uncontrolled documents – This often occurs when personnel print documents for use or take copies and then do not go back to the main repository to validate that they are using the most current version of the document. This may also occur in companies where the document control process may be non-existent.

From recent data, here are statistics that highlight how these mistakes show up in audit failures:

According to isoTracker’s “6 Top Reasons for Failing an ISO 9001 Audit,” common causes include inadequate document control, undocumented employee training, neglecting internal audits, and weak corrective & preventive action (CAPA) processes. (isoTracker)
In another study, companies certified to ISO 9001 significantly outperform non-certified ones in product quality, customer satisfaction, operational and market performance. This suggests that well-implemented documentation (among other system aspects) correlates strongly with improved business outcomes. (ResearchGate)

How can ISO 9001 documentation templates simplify compliance?

While at QMII we do not recommend ISO 9001 documentation templates, what we do recommend is using standardized formats for documentation created by the company. This means that your documents based on document type will have a standardized header and footer and overall document content structure. These standardized formats help personnel with creating new documents ensuring that relevant content is captured.

If you decide to create a risk register to meet the requirements of ISO 9001 Clause 6.1 then you can create a spreadsheet for this as also a risk criterion so that all risks are uniformly assessed using the same criteria. Over time you will create custom audit checklists for your processes that will help your auditors with a baseline of things to check for in an audit.

While templates may not provide the intended success a well-documented system can.

Real-world example: How one U.S. factory cut audit prep time using templates

QMII has helped numerous clients, over the years, set up management systems that capture how work is done at the company. This makes it easy for people to follow the process and easy to conform and comply.

A small business in the aerospace industry reached out to QMII after trying the template approach and failing. They spent the small money to buy the template and then struggled to fill in the blanks. Worse, they could not keep up with the amount of documentation provided in the template and struggled to meet customer requirements because the templates did not reflect how work at the site was actually done. Personnel struggled to follow the documented procedures and morale was low.

QMII helped set up a lean documented user-friendly system that with time help build morale, increase teamwork and resulting in time and cost savings. The company personnel were trained in QMII’s globally recognized ISO 9001 lead auditor course where they learned how to analyze and document processes and also create custom checklists for their internal audits. The improved operations set the company up for success and lead to a successful merger with a large business.

To reinforce how powerful a well-designed documentation system can be: manufacturing companies certified under ISO 9001 generally outperform non-certified peers in product quality, customer satisfaction, operational and financial performance. (ResearchGate)

What’s the easiest way to build lean documentation without overcomplicating it?

For over 39 years QMII has been helping small to large organizations implement systems that help them meet objectives and enhance customer satisfaction. Our approach sets organizations up to succeed with resilient systems that enable the company to adapt to changes. QMII consulting uses a methodology that does not include a cookie cutter approach. For each company and their system is unique. Thus, you need a unique solution that fits your needs. While ISO provides the foundation, we help build the house, customized to your product/service, that will allow you to succeed.

To learn more about our methodology visit https://www.qmii.com/developing-your-system/

Don’t we all love shortcuts! They save time and money and make it easier to get the job done. ISO 9001 and ISO 45001 integration is one such shortcut that companies can take. Yet when it comes to implementing multiple ISO standards, we choose to implement them one at a time rather than use an integrated approach.

The International Organization for Standardization (ISO) has for over a decade been publishing management system standards using the harmonized structure. This means all standard such as ISO 9001 and ISO 45001 have the same 10 clause structure. Nearly 60-70% of the standard’s requirements are aligned based on the standards selected.

Management system integration allows the organization to implement combined audits that save time and reduce the burden on the workforce. Integrating QMS+OHSMS requirements into one management system also allows for easier compliance to regulatory standards including OSHA compliance. In this article we explore the benefits to using an integrated approach to conforming to both these standards.

Why should U.S. factories consider integrating ISO 9001 and ISO 45001?

U.S. Factories can benefit from better recognition among potential clients by pursuing a path to certification to ISO 9001 and ISO 45001. ISO standards are globally recognized as the baseline for delivering a quality product consistently as also a systemic approach for creating a safe work environment.

While certification is not a requirement and the ISO standards allow you to self-declare conformity, companies can benefit from the system approach to continual improvement and enhancement of customer satisfaction. Additionally using this integrated and systemic approach allows companies to address non-conformities systemically thus reducing compliance costs. Various studies have shown how compliance costs reduced from the introduction of these standards.

For instance, the ISO Survey (2023) shows that there are over 837,978 ISO 9001 certificates and 185,166 ISO 45001 certificates worldwide, with the U.S. holding 1,687 ISO 45001 certificates. (Source: Enhesa) This demonstrates the growing recognition of these standards and the push towards dual compliance.

Additionally, personnel in the company are seeking clear guidance and direction and the leadership can provide this to them using the system thus increasing efficiency over time.

What are the key differences and overlaps between ISO 9001 and ISO 45001?

A read of the two standards will evidence that the requirements for Clause 4 – context of the organization, Clause 5 – Leadership, Clause 7 – Support, Clause 9 – Performance evaluation and Clause 10 -Improvement are for the majority quite similar. So, companies can meet the intent of the standard through a common integrated policy, integrated audits and an integrated management review. By having a common process for document and record control for both standard as also a common process for addressing non-conformities.

The key differences in the standard lie in the requirement of Clause 6 – Planning and Clause 8 – Operations. ISO 9001 here has a focus on controls required to deliver a conforming product meeting customer requirement. Companies use the requirements in the standard to build quality processes that work well time after time. ISO 45001 has a focus on identifying and addressing significant risks to employee safety.

How do you map common requirements between ISO 9001 and ISO 45001?

While someone new to the standards may find the process of mapping the requirements of the standard to the requirements of their system, QMII’s ISO 45001 Lead auditor training provides the needed coaching to overcome this challenge.

However, before you begin down this path the first step is to get leadership buy in for the process. This will be important to ensure that the project is a success. At QMII, we have experienced clients where the implementation of these standards stalled and did not progress until the buy-in from leadership was received.

A gap analysis is always a great start to see what it is that you are doing that meets the intent of the standard and what does not. Remember that it is important that you meet the intent of the standards since the ISO standards are not prescriptive in their requirements. They provide a high-level structure for achieving continual improvement.

What step-by-step process can factories use to integrate the two systems?

To integrate the two systems following the gap analysis put together a project plan and identify who will be responsible for each stage/step. Assign clear and reasonable deadlines to track project completion. The first step following buy-in is capturing the core process of the business, defining the scope of the system and defining the unified policy. Leadership plays a key role in each of these steps.

As companies begin to document their system keep in mind the following:

• Document the system for the users – Keep it simple so they understand the process and know what to do.
• Don’t over document the system – The system must be documented to the extent needed to give the leadership confidence that the processes are being carried out as planned.
• Documentation is a weak control layer – build controls into the software, the infrastructure and into the chain of command as documentation is a weak control.

Further actions to be considered are combined trainings and integrated audits.

What benefits do factories gain from dual compliance?

Dual compliance allows factories to lower audit costs, for external audits and for internal audits as well (where a consultant may be used for this). Companies that have implemented ISO 45001 have reported improved safety metrics with some reporting a decrease in reportable lost time injuries.

For example, a U.S. aluminum manufacturer implementing ISO 45001 alongside ISO 9001 reported a 50% reduction in injuries after implementation.

Companies that implement ISO 9001 also report an increase in efficiency as also better continuity of operations. Employee engagement and morale too increase as a result of streamlined processes and lesser mistakes. The system provides better requirements and objectives (goals) for them to work towards.

Recognition among the client base is also improved and there is a reduced customer oversight as a result of certification to these two standards.

Case study: How integration reduced incidents in a U.S. factory

A QMII client that implemented a safety management system (ISO 45001) was able to reduce their reportable lost time injuries year over year to zero where five years prior to the implementation of the standard this would not have been thought of as achievable. It began with an increase in near-miss reporting. Each of these incidents were investigated and the data over time of causes analyzed to determine the actions needed to improve safety awareness overall. Seeing leadership commitment and involvement, personnel started reporting risks as they perceived/observed them as also stopped unsafe acts/condition when they observed them. This led to over time a reduction in accidents.

This aligns with broader industry data where companies adopting ISO 45001 saw significant reductions in both frequency and severity of incidents. In fact, over 370,000 workplaces globally are now ISO 45001 certified, with studies showing measurable improvements in productivity and profitability due to safer, more efficient systems. (NCBI Study)

How can U.S. manufacturers get started with integration today?

Perhaps the easiest step a company can take is to educate personnel on the standards and the interpretation of the requirements. QMII lead auditor trainings are a good option to achieve this. Additionally, QMII also provides gap analysis services where our experts analyze your system and provide you with a project plan of actions to be taken to achieve conformity to the two standards.

Looking to start your integrated management system journey today? Call a solutions advisor at QMII or reach out at info@qmii.com today.

Compliance with the ISM Code is no longer just a matter of ticking boxes to satisfy auditors. For U.S.-flagged vessels and companies operating in regulated maritime sectors, staying compliant is essential to maintaining operational continuity and avoiding costly penalties.

The U.S. Coast Guard (USCG) plays a central role in enforcing compliance with the ISM Code through Flag state audits, Port State Control (PSC) inspections, and other monitoring measures. Despite good intentions, many companies still face detentions, fines, and revocation of certificates. Often not due to bad practices, but due to gaps in implementation and a disconnect between policy and practice.

Let’s explore how the ISM Code and USCG (Flag State and Port State) interface, what compliance really means in practice, and how to build a safety management system (SMS) that delivers beyond documentation.

What Is the ISM Code and Who Must Comply?

The International Safety Management (ISM) Code is a safety framework adopted under SOLAS Chapter IX. Developed by the International Maritime Organization (IMO) in response to a growing need for uniform safety management, it requires companies to establish and implement a Safety Management System (SMS). The SMS must ensure compliance with applicable regulations, promote safe ship operation, and drive continuous improvement in pollution prevention and crew safety.

The ISM Code applies to:

• U.S.-flagged vessels operating in international trade
• Domestic vessels, including towing and passenger vessels under Subchapter M or other regulatory pathways (as an optional means of compliance
• Shore-based management, including Designated Persons Ashore (DPAs) and company safety departments

While the ISM Code originated from international conventions, U.S. operators are directly accountable through the USCG, which acts as the prime agency representing the Flag State Administration for the United States and enforcer of these international obligations.

U.S. Coast Guard Oversight and Enforcement Role

The USCG is responsible for ensuring compliance with the ISM Code for U.S.-flagged vessels, domestic operators and foreign vessels operating in US waters. This includes:

• Conducting port state control (PSC) inspections
• Issuing or renewing Document of Compliance (DoC) for companies
• Certifying ships with Safety Management Certificates (SMC)
• Reviewing SMS implementation and effectiveness
• Publishing guidance such as NVIC 02-13, which outlines expectations for compliance

Additionally, applicable CFRs (Code of Federal Regulations) and U.S. Code provides the legal interpretation of ISM provisions as they apply in the U.S. maritime sector. The USCG evaluates not only whether a system exists, but whether it is functioning as intended, both ashore and on board.

Common Compliance Pitfalls That Lead to Detentions or Fines

Despite having certified systems in place, many companies still fall short during audits and inspections. Here are common issues that QMII has encountered:

• SMS not being lived on board
  One of the most frequent causes of detention is a clear disconnect between the documented SMS and actual practices on the vessel. Crew unfamiliar with procedures, drills, or roles during emergencies is a major red flag.
• Ineffective internal audits
  Treating audits as a formality, rather than a tool for learning, leads to blind spots. Many companies miss critical non-conformities due to poorly planned or poorly executed audits.
• Inactive or under-engaged DPAs
  The Designated Person Ashore plays a central role in monitoring and supporting the SMS. If the DPA is disconnected from shipboard reality, non-conformities go unaddressed and leadership loses visibility.
• Failure to correct non-conformities
  Repeat deficiencies often stem from weak root cause analysis or superficial corrective actions. A missed opportunity to learn often leads to larger failures down the line.
• SMS not updated to reflect regulatory changes
  The regulatory landscape is dynamic. Systems must be regularly reviewed to align with new requirements, such as amendments to MARPOL Annex VI or ballast water management standards.

Each of these pitfalls reflects a broader truth: a system that looks good on paper, but is not embedded in day-to-day operations, is a liability waiting to happen.

How to Build a Sustainable Safety Management System (SMS)

A truly effective SMS is more than documentation; it is a living system that evolves with operations, engages personnel, and drives performance. There is no direct correlation between the amount of documentation in a management system and the effectiveness of the system.

Here’s how to build one that stands up to scrutiny and improves outcomes:

• Conduct regular and meaningful internal audits
  Audits should be independent, risk-based, and carried out by trained personnel who can objectively evaluate implementation.
• Empower the DPA
  The DPA must have direct access to top management and the authority to act. Their involvement in analyzing trends, facilitating communication, and conducting oversight is critical.
• Ensure crew awareness and involvement
  From drills to toolbox talks, crew engagement is essential. A safety culture isn’t imposed—it’s cultivated through participation and trust.
• Monitor and respond to regulatory changes
  Build a process for tracking new requirements and updating procedures accordingly. Your SMS should not fall behind the law.

Use root cause analysis tools
When things go wrong—or almost go wrong—use proven tools like the 5 Whys or Fishbone Diagram to get to the bottom of it, then verify that corrective actions are effective.

Financial, Legal, and Operational Risks of Non-Compliance

When ISM compliance is treated as a formality, the consequences are real and costly:

• USCG detentions and voyage delays
• Revocation of DoC or SMC, suspending commercial operations
• High daily fines per violation
• Loss of reputation, charter party disputes, or insurance premium hikes

Many companies only realize the true cost of non-compliance after the fact. But a proactive, well-implemented management system can prevent most of these risks before they escalate.

Conclusion

The ISM Code is not just about paperwork. It is about ensuring vessels are operated safely, sustainably, and in compliance with both international and U.S. maritime regulations. The USCG takes its enforcement role seriously, and vessel operators must as well. More than just for compliance or for passing an inspection/audit, the SMS should be implemented to achieve the objectives as laid out in clause 1.2 of the ISM code.

At QMII, we help companies close the gap between what’s written in the SMS and what actually happens on board. From ISM internal auditor training to DPA workshops and mock audits, we support clients in building systems that are functional, compliant, and culture-driven.

Need help preparing for a USCG inspection or aligning your system with the ISM Code?
Contact us at info@qmii.com or explore our training and consulting services at www.qmii.com.

Preparing for an ISO audit can feel like navigating a maze. With unfamiliar terminology, detailed clauses, and high-stakes expectations, it’s no surprise that many organizations find the process overwhelming. More so if it’s their first time. But with a clear plan, the right people, and a bit of systems thinking, you can turn your ISO audit prep from a source of anxiety into a driver of continual improvement.

This article breaks down the ISO certification process into manageable steps. Whether you’re aiming for ISO 9001, ISO 14001, ISO 45001, or another standard, the principles remain largely the same. The key is to understand the requirements, assess your current state, and prepare your teams.

Step 1 – Choose the Right ISO Standard for Your Industry

Before preparing for an ISO audit, it’s important to start with clarity: which standard are you trying to certify to, and why? While certification may be driven by market or customer requirements, the organization needs to define a higher purpose for why they are incorporating ISO standards into their existing management system.

Here’s a quick breakdown:

• ISO 9001 – Focuses on quality management and is applicable to virtually all industries. If you’re looking to improve customer satisfaction, streamline operations, or meet supplier requirements, this is your starting point.
  
• ISO 14001 – Tailored for companies that want to minimize environmental impact. Often sought after by manufacturers and companies with environmental exposure. The standard however, is also equally applicable to service industries that want to improve their environmental performance.
  
• ISO 27001 – Designed for information security management. A must-have for IT, SaaS, fintech, and any organization handling sensitive data.
  
• ISO 45001 – Focuses on occupational health and safety. Ideal for organizations in logistics, manufacturing, construction, and other labor-intensive industries.

Selecting the right standard ensures your effort aligns with your organization’s risks, priorities, and strategic goals. At QMII, we encourage clients to consider an integrated approach. With the harmonized structure of the standards it is easier to implement an integrated system now. With the system implemented an organization can choose which ones to get certified based on requirements. With this approach you benefit from the various standards implemented.

Step 2 – Conduct a Gap Analysis

Once you know your target, it’s time to assess where you stand. The gap analysis compares your existing practices with the requirements of the ISO standard. Think of it as a health check for your management system. A key here is to first confirm that your existing documentation reflects actuality.

This stage involves reviewing:

• Current processes
• Existing documentation
• Responsibilities and authority structures
• How risks and opportunities are managed
• How performance is measured and reviewed

Many organizations are already doing much of what ISO requires but they haven’t documented it or formalized it. Don’t forget to appreciate your management system! The gap analysis helps you identify what’s missing and what needs to be improved. It also helps leadership see where investment and resources may be needed.

Conducting a process audit, where you walk through actual workflows with your teams, can offer a more accurate view than just reviewing policies alone.

Step 3 – Develop Required Documentation

With gaps identified, your next step is to document what matters; clearly and concisely. ISO standards don’t demand piles of paperwork. They ask for documented information that supports effective operation and consistent results. Where the system is documented to the extent needed to have confidence that the process is being carried out as planned.

Common documentation includes:

• Quality Manual or Management System Manual (optional but often helpful)
• Policies and objectives aligned with the standard and strategic direction
• Documented procedures for key processes as determined by the organization
• Records to demonstrate implementation (meeting minutes, inspection reports, audit logs, etc.)

The goal is not to add bureaucracy, but to create a system that’s understandable, suitable and usable. Use simple flowcharts, templates, or spreadsheets where appropriate—especially if you’re a smaller business.

Step 4 – Conduct Internal Audits

Before your certification audit, you’ll need to conduct at least one internal audit to verify that your system works and is effective. This is your opportunity to find and fix issues before the external auditor does. It is also a requirement of each ISO standard to have an internal audit program in place. An effective internal audit:

• Follows an audit plan and checklist aligned with ISO clauses as also to the process requirements
• Engages employees across departments
• Verifies both compliance and effectiveness
• Results in findings that are tracked through corrective action

If your team is new to auditing, consider training internal auditors or bringing in outside help for the first cycle. Just make sure internal auditors are impartial and knowledgeable about the processes they are reviewing.

Also, don’t overlook employee awareness. Everyone should understand the system, their role in it, and what to expect during the audit. A well-informed workforce reduces audit anxiety and improves overall performance.

Step 5 – Schedule the Certification Audit

When you feel ready, it’s time to choose a certification body, sometimes referred to as an ISO registrar. Select one that is accredited to audit the standard you’re pursuing. Accreditation ensures the audit will be recognized by customers, regulators, and stakeholders.

Here’s what to consider when scheduling:

• Time to submit application and documentation
• Scope of your audit (sites, activities, employees involved)
• Timing to avoid peak production or seasonal workloads
• Readiness for Stage 1 and Stage 2 audits (initial certification occurs in two stages)

Your registrar will guide you through what to expect on Day 1, but preparation is key. Review the audit plan, assign roles, and ensure records and personnel are accessible.

Step 6 – Address Nonconformitiesand Achieve Certification

It’s normal for an audit to uncover nonconformities, especially the first time around. These findings don’t mean failure—they mean you have room to improve.

After the audit:

• Respond to each finding with a corrective action plan
• Document root cause analysis and actions taken
• Submit evidence of implementation to the registrar

Once all findings are resolved, your certification body will issue your certificate. It’s a milestone worth celebrating—but also a starting point for continual improvement. Certification is not a finish line. It’s a commitment to maintaining and evolving your system.

Conclusion: Start With the End in Mind

ISO audit preparation is not just about passing a one-time check. It’s about building a management system that reflects your organization’s values, risks, and priorities. The audit becomes easier when the system is meaningful—when employees own it, leadership supports it, and the documentation tells your story.

At QMII, we help companies cut through the noise and focus on what matters. If you’re preparing for an ISO audit, our tools, training, and consulting support can help you get there with confidence.

Visit www.qmii.com or contact info@qmii.com to learn more about how we can help your internal audit program and/or support your system implementation.

Why Growing Factories Need Integrated Management Systems

As factories expand, so do their systems, and with growth comes complexity. A once-simple quality management system now competes with separate systems for environmental compliance, health and safety, and even energy management. Each has its own policies, audits, training records, and documentation. It doesn’t take long before the factory floor becomes burdened with duplicate efforts and siloed systems.
This is where integrated management systems (IMS) come into play. By unifying multiple ISO standards into one cohesive structure, an IMS streamlines compliance, reduces redundancy, and lays the foundation for sustainable, scalable operations. For factories experiencing rapid growth or operational sprawl, integration simplifies the system and its maintenance.

What Is an Integrated Management System?

An integrated management system combines two or more management systems—such as ISO 9001 (Quality), ISO 14001 (Environmental), and ISO 45001 (Occupational Health and Safety) into a single, unified framework. Rather than managing each standard in isolation, integration ensures that common elements such as documentation control, internal audits, training, and leadership engagement are aligned.
For example, instead of preparing for three separate audits, a factory with an IMS can undergo a single integrated audit that covers all relevant standards. Objectives can be aligned across departments, and reporting becomes more consistent and insightful. The Annex SL structure, adopted across most ISO standards, further simplifies integration by providing a shared high-level framework.

Common Pain Points in Single-System Environments

Factories operating multiple standalone systems often encounter familiar problems:

• Overlapping audits that pull the same teams and records multiple times a year
• Conflicting policies and procedures, leading to confusion or non-conformities
• Separate data tracking, reducing visibility across the enterprise
• Redundant training programs, increasing fatigue and resource waste
• Siloed improvement initiatives that may work against each other

These pain points not only waste time and money, but they also undermine employee engagement and limit management’s ability to drive systemic performance improvements.

The Business Case for Integration

The move toward integrated systems isn’t just about compliance; it’s about business value. With an IMS, factories benefit from

• Consolidated audits, reducing external audit days and preparation stress
• Streamlined documentation, which is easier to manage and control
• Aligned objectives and KPIs, providing a clearer picture of performance
• Improved internal communication, since teams work from the same playbook
• Reduced administrative costs, with fewer reports and records to manage

Over time, these efficiencies translate into greater agility, faster decision-making, and better responsiveness to change-key traits for any growing manufacturing business.

How to Transition from Single to Integrated Systems

Shifting from separate systems to an integrated one requires planning, leadership support, and a methodical approach. Here’s a practical roadmap:

1. Conduct a gap analysis
   Identify overlapping processes and where integration is feasible. Assess current maturity and readiness for change.
   
2. Map out common requirements
   Use the harmonized ISO structures to align policies, risk processes, and objectives across systems.
   
3. Unify documentation and procedures
   Create shared SOPs and eliminate redundant ones. Standardize forms, control processes, and training modules.
   
4. Engage cross-functional teams
   Involve quality, safety, environment, HR, and operations early. Their input ensures the system reflects real workflows.
   
5. Train for integration
   Conduct awareness sessions and role-specific training to ensure everyone understands how their responsibilities align with the new system.
   
6. Update audit protocols
   Plan and execute internal audits that evaluate integrated performance across all standards.
   
7. Review and refine
   Use management reviews to evaluate IMS performance, identify system-level improvements, and plan continual improvements.

Technology and Tools to Support IMS

Technology can be a powerful enabler in IMS adoption. Cloud-based QMS platforms now offer modular tools that support multiple standards within one system. These platforms:

• Centralize document control and revision history.
• Automate audit scheduling and CAPA tracking.
• Provide dashboards for real-time KPI monitoring.
• Facilitate cross-functional collaboration with shared workflows.

For growing factories, investing in digital tools early can make scaling an IMS much easier and more sustainable. These can be simple digital tools such as inherent SharePoint usage with access controls and version controls, Excel spreadsheets, and MS Office suite flows.

Cultural Change and Leadership Commitment

leadership is to integrating quality, safety, and sustainability into the company’s DNA.

This means:

• Making integration goals visible and strategic
• Providing time and resources for cross-functional collaboration
• Recognizing and rewarding behaviors that support system alignment
• Communicating the “why” behind integration—efficiency, clarity, and long-term growth

When leaders lead by example, teams follow. And when employees see integration improving their work rather than complicating it, they buy in.

Real-World Example: Integration in Action

Consider a regional manufacturer that had separate ISO 9001 and ISO 14001 systems. After rapid expansion, they were overwhelmed with overlapping audits and siloed reporting. With guidance from QMII, they implemented an integrated management system.

Within a year:

• Internal audit prep time dropped by 40%
• Document control became aligned and easier to manage
• Management got a “big” picture view on the effectiveness of their system
• Employees reported greater clarity on roles and fewer duplicative tasks

They also found it easier to onboard new facilities under a single system, accelerating their growth plans without overburdening their management teams.

Conclusion: Start Small, Scale Strategically

An integrated management system is more than a compliance strategy. It’s a framework for sustainable growth and operational excellence. For growing factories, integration can mean the difference between scaling with confidence or stumbling under the weight of complexity.

Start small: identify overlaps, align your teams, and commit to a phased approach. Whether you’re merging two standards or managing four, QMII can support your journey with training, assessments, and consulting designed for real-world implementation. Ready to unify your systems and scale smarter?
Contact us to learn more about our Integrated Management Systems Services at info@qmii.com to build your roadmap today.