ISO 9000 is a family of
standards for quality management systems. ISO 9000 is maintained by ISO, the
International Organization for Standardization and is administered by
accreditation and certification bodies. Some of the requirements in ISO 9001
(which is one of the standards in the ISO 9000 family) would include:
• a set of procedures that cover all key processes in the business;
• monitoring processes to ensure they are effective;
• keeping adequate records;
• checking output for defects, with appropriate corrective action where
necessary;
• regularly reviewing individual processes and the quality system itself for
effectiveness; and
• facilitating continual improvement
A company or organization that has been independently audited and certified to
be in conformance with ISO 9001 may publicly state that it is "ISO 9001
certified" or "ISO 9001 registered." Certification to an ISO 9000 standard does
not guarantee the compliance (and therefore the quality) of end products and
services; rather, it certifies that consistent business processes are being
applied.
Although the standards originated in manufacturing, they are now employed across
a wide range of other types of organizations. A "product", in ISO vocabulary,
can mean a physical object, or services, or software. In fact, according to ISO
in 2004, "service sectors now account by far for the highest number of ISO
9001:2000 certificates - about 31% of the total"
ISO 9000 family
ISO 9000 includes the following standards:
• ISO 9000:2005, Quality management systems - Fundamentals and vocabulary.
Covers the basics of what quality management systems are and also contains the
core language of the ISO 9000 series of standards. A guidance document, not used
for certification purposes.
• ISO 9001:2000 Quality management systems - Requirements is intended for use in
any organization which designs, develops, manufactures, installs and/or services
any product or provides any form of service. It provides a number of
requirements which an organization needs to fulfill if it is to achieve customer
satisfaction through consistent products and services which meet customer
expectations. It includes a requirement for the continual (i.e. planned)
improvement of the Quality Management System, for which ISO 9004:2000 provides
many hints.
This is the only implementation for which third-party auditors may grant
certification. It should be noted that certification is not described as any of
the 'needs' of an organization as a driver for using ISO 9001.
• ISO 9004:2000 Quality management systems - Guidelines for performance
improvements. covers continual improvement. This gives you advice on what you
could do to enhance a mature system. This standard very specifically states that
it is not intended as a guide to implementation.
There are many more standards in the ISO 9001 family, many of them not even
carrying "ISO 900x" numbers. For example, some standards in the 10,000 range are
considered part of the 9000 family: ISO 10007:1995 discusses Configuration
management, which for most organizations is just one element of a complete
management system. ISO notes: "The emphasis on certification tends to overshadow
the fact that there is an entire family of ISO 9000 standards ... Organizations
stand to obtain the greatest value when the standards in the new core series are
used in an integrated manner, both with each other and with the other standards
making up the ISO 9000 family as a whole".
Note that the previous members of the ISO 9000 family, 9001, 9002 and 9003, have
all been integrated into 9001. In most cases, an organization claiming to be
"ISO 9000 registered" is referring to ISO 9001.
Summary of ISO 9001:2000 in informal language:
• The quality manual is a formal statement from management, closely linked to
the business and marketing plan and to customer needs. The quality manual is
understood and followed at all levels and by all employees. Each employee needs
measurable objectives to work towards.
• Decisions about the quality system are made based on recorded data and the
system is regularly audited and evaluated for conformance and effectiveness.
• You need a documented procedure to control quality documents in your company.
Everyone must have access to up-to-date documents and be aware of how to use
them.
• To maintain the quality system and produce conforming product, you need to
provide suitable infrastructure, resources, information, equipment, measuring
and monitoring devices, and environmental conditions.
• You need to map out all key processes in your company; control them by
monitoring, measurement and analysis; and ensure that product quality objectives
are met. If you can’t monitor a process by measurement, then make sure the
process is well enough defined that you can make adjustments if the product does
not meet user needs.
• For each product your company makes, you need to establish quality objectives;
plan processes; and document and measure results to use as a tool for
improvement. For each process, determine what kind of procedural documentation
is required. (a “product” is hardware, software, services, processed materials,
or a combination of these.)
• You need to determine key points where each process requires monitoring and
measurement, and ensure that all monitoring and measuring devices are properly
maintained and calibrated.
• You need to have clear requirements for purchased product.
• You need to determine customer requirements and create systems for
communicating with customers about product information, inquiries, contracts,
orders, feedback and complaints.
• When developing new products, you need to plan the stages of development, with
appropriate testing at each stage. You need to test and document whether the
product meets design requirements, regulatory requirements and user needs.
• You need to regularly review performance through internal audits and meetings.
Determine whether the quality system is working and what improvements can be
made. Deal with past problems and potential problems. Keep records of these
activities and the resulting decisions, and monitor their effectiveness.
• You need documented procedures for dealing with actual and potential
nonconformances (problems involving suppliers or customers, or internal
problems). Make sure no one uses bad product, determine what to do with bad
product, deal with the root cause of the problem and keep records to use as a
tool to improve the system.
History of ISO 9000
Pre ISO 9000
During WWII, there were quality problems in many British high-tech industries
such as munitions, where bombs were exploding in factories during assembly. The
adopted solution was to require factories to document their manufacturing
procedures and to prove by record-keeping that the procedures were being
followed. The name of the standard was BS 5750, and it was known as a management
standard because it did not specify what to manufacture, but how to manage the
manufacturing process. According to Seddon, "In 1987, the British Government
persuaded the International Organisation for Standardization to adopt BS 5750 as
an international standard. BS 5750 became ISO 9000."
1987 version
ISO 9000:1987 had the same structure as the UK Standard BS 5750, with three
'models' for quality management systems, the selection of which was based on the
scope of activities of the organization:
• ISO 9001:1987 Model for quality assurance in design, development, production,
installation, and servicing was for companies and organizations whose activities
included the creation of new products.
• ISO 9002:1987 Model for quality assurance in production, installation, and
servicing had basically the same material as ISO 9001 but without covering the
creation of new products.
• ISO 9003:1987 Model for quality assurance in final inspection and test covered
only the final inspection of finished product, with no concern for how the
product was produced.
ISO 9000:1987 was also influenced by existing U.S. and other Defense Standards
("MIL SPECS"), and so was well-suited to manufacturing. The emphasis tended to
be placed on conformance with procedures rather than the overall process of
management — which was likely the actual intent.
1994 version
ISO 9000:1994 emphasized quality assurance via preventative actions, instead of
just checking final product, and continued to require evidence of compliance
with documented procedures. As with the first edition, the down-side was that
companies tended to implement its requirements by creating shelf-loads of
procedure manuals, and becoming burdened with an ISO bureaucracy. In some
companies, adapting and improving processes could actually be impeded by the
quality system.
2000 version
ISO 9001:2000 combines the three standards 9001, 9002, and 9003 into one, now
called 9001. Design and development procedures are required only if a company
does in fact engage in the creation of new products. The 2000 version sought to
make a radical change in thinking by actually placing the concept of process
management front and centre. ("Process management" was the monitoring and
optimizing of a company's tasks and activities, instead of just inspecting the
final product.) The 2000 version also demands involvement by upper executives,
in order to integrate quality into the business system and avoid delegation of
quality functions to junior administrators. Another goal is to improve
effectiveness via process performance metrics — numerical measurement of the
effectiveness of tasks and activities. Expectations of continual process
improvement and tracking customer satisfaction were made explicit.
Future Version: 2008
TC 176, the ISO 9001 technical committee, has started its review on the next
version of ISO 9001, which will in all likelihood be termed the ISO 9001:2008
standard, assuming its planned release date of 2008 is met. Early reports are
that the standard will not be substantially changed from its 2000 version.
As with the release of previous versions, organizations registered to ISO 9001
will be given a substantial period to transition to the new version of the
standard, assuming changes are needed; organizations registered to 9001:1994 had
until December of 2003 to undergo upgrade audits.
Certification
ISO does not itself certify organizations. Many countries have formed
accreditation bodies to authorize certification bodies, which audit
organizations applying for ISO 9001 compliance certification. Although commonly
referred to as ISO 9000:2000 certification, the actual standard to which an
organization's quality management can be certified is ISO 9001:2000. Both the
accreditation bodies and the certification bodies charge fees for their
services. The various accreditation bodies have mutual agreements with each
other to ensure that certificates issued by one of the Accredited Certification
Bodies (CB) are accepted world-wide.
The applying organization is assessed based on an extensive sample of its sites,
functions, products, services and processes; a list of problems ("action
requests" or "non-compliances") is made known to the management. If there are no
major problems on this list, the certification body will issue an ISO 9001
certificate for each geographical site it has visited, once it receives a
satisfactory improvement plan from the management showing how any problems will
be resolved.
An ISO certificate is not a once-and-for-all award, but must be renewed at
regular intervals recommended by the certification body, usually around three
years. In contrast to the Capability Maturity Model there are no grades of
competence within ISO 9001.
Auditing
Two types of auditing are required to become registered to the standard:
auditing by an external certification body (external audit) and audits by
internal staff trained for this process (internal audits). The aim is a
continual process of review and assessment, to verify that the system is working
as it's supposed to, find out where it can improve and to correct or prevent
problems identified. It is considered healthier for internal auditors to audit
outside their usual management line, so as to bring a degree of independence to
their judgments.
Under the 1994 standard, the auditing process could be adequately addressed by
performing "compliance auditing":
• Tell me what you do (describe the business process)
• Show me where it says that (reference the procedure manuals)
• Prove that that is what happened (exhibit evidence in documented records)
How this led to preventive actions was not clear.
The 2000 standard uses the process approach. While auditors perform similar
functions, they are expected to go beyond mere auditing for rote "compliance" by
focusing on risk, status and importance. This means they are expected to make
more judgements on what is effective, rather than merely adhering to what is
formally prescribed. The difference from the previous standard can be explained
thus:
Under the 1994 version, the question was broadly "Are you doing what the manual
says you should be doing?", whereas under the 2000 version, the question is more
"Will this process help you achieve your stated objectives? Is it a good process
or is there a way to do it better?".
Advantages
It is widely acknowledged that proper quality management improves business,
often having a positive effect on investment, market share, sales growth, sales
margins, competitive advantage, and avoidance of litigation. The quality
principles in ISO 9000:2000 are also sound, "ISO 9000 guidelines provide a
comprehensive model for quality management systems that can make any company
competitive." ISO 9000 increased net profit, as the costs of registration were
recovered in three years. Implementing ISO often gives the following advantages:
1. Create a more efficient, effective operation
2. Increase customer satisfaction and retention
3. Reduce audits
4. Enhance marketing
5. Improve employee motivation, awareness, and morale
6. Promote international trade
7. Increases profit
8. Reduce waste and increases productivity
However, a broad statistical study of 800 companies found that ISO registration
in itself creates little improvement because companies interested in ISO have
usually already made some type of commitment to quality and were performing just
as well before registration.
In today's service sector driven economy, more and more companies are using ISO
9000 as a business tool. Through the use of properly stated quality objectives,
customer satisfaction surveys and a well-defined continual improvement program
companies are using ISO 9000 processes to increase their efficiency and
profitability.