ISO 9000 AN INTRODUCTION ISO 9000 is rapidly becoming the most important quality management standard in the world. Thousands of companies in over 100 countries have already adopted it, and many more are in the process of doing so. Why? Because it controls quality. It saves money. Customers expect it. And competitors use it. ISO 9000 applies to all types of organizations. It doesn't matter what size they are or what they do. It can help both product and service oriented organizations achieve standards of quality that are recognized and respected throughout the world. ISO is the International Organization for Standardization. It is located in Switzerland and was established in 1947 to develop common international standards in many areas. Its members come from over 150 national standards bodies. What is ISO 9000? The term ISO 9000 unfortunately has two different meanings: it refers to a single standard (ISO 9000) and it refers to a set of three standards (ISO 9000, ISO 9001, and ISO 9004). All three are referred to as quality management system standards. ISO 9000 discusses definitions and terminology and is used to clarify the concepts used by the ISO 9001 and ISO 9004 standards. ISO 9001 contains requirements and is often used for certification purposes while ISO 9004 presents a set of guidelines and is used to develop quality management systems that go beyond ISO 9001. ISO's purpose is to facilitate international trade by providing a single set of standards that people everywhere would recognize and respect. The ISO 9000 standards apply to all kinds of organizations in all kinds of areas. Some of these areas include manufacturing, processing, servicing, printing, forestry, electronics, steel, computing, legal services, financial services, accounting, trucking, banking, retailing, drilling, recycling, aerospace, construction, exploration, textiles, pharmaceuticals, oil and gas, pulp and paper, petrochemicals, publishing, shipping, energy, telecommunications, plastics, metals, research, health care, hospitality, utilities, pest control, aviation, machine tools, food processing, agriculture, government, education, recreation, fabrication, sanitation, transportation, software development, consumer products, product design, instrumentation, tourism, communications, biotechnology, chemicals, engineering, farming, entertainment, consulting, insurance, and so on. How does ISO 9000 Work? Here's how it works. You decide that you need to develop a quality management system that complies with the ISO 9001 requirements. That's your mission. You choose to follow this path because you feel the need to control or improve the quality of your products and services, to reduce the costs associated with poor quality, or to become more competitive. Or, you choose this path simply because your customers expect you to do so or because a governmental body has made it mandatory. You then develop a quality management system that meets the requirements specified by ISO 9001. In the course of doing so, you may also wish to consult the ISO 9000 definitions and the ISO 9004 guidelines. But how do you develop such a quality management system? There are at least two approaches. You can either do a gap analysis or follow a detailed quality management system development plan. If you've already got a functioning quality management system, we suggest that you carry out a gap analysis. A gap analysis will tell you exactly what you need to do to meet the ISO 9001 standard. It will help you to identify the gaps that exist between the ISO 9001 standard and your organization's processes. Once you know where the gaps are, you can take steps to fill your gaps. By following this incremental approach, you will not only comply with the ISO 9001 standard, but you will also improve the overall effectiveness of your organization's quality management system. A gap analysis will also help you to figure out how much time it will take and how much it will cost to bring your QMS into compliance with the ISO 9001 standard. However, if you don't have a quality management system or you're starting from scratch, we suggest that you use an ISO 9001 process-based QMS development plan to develop your quality management system. Once your QMS has been fully developed and implemented, you may wish to carry out an internal compliance audit to ensure that it complies with the ISO 9001 2008 requirements. Once you're sure that your QMS is fully compliant, you're ready to ask a registrar (certification body) to audit the effectiveness of your QMS. If your auditors like what they see, they will certify that your QMS has met ISO's requirements. While ISO 9001 is specifically designed to be used for certification purposes, you don't have to become certified. ISO does not require formal certification (registration). You can simply establish a compliant QMS and then announce to the world that it complies with the ISO 9001 standard. Of course, your compliance claim may have more credibility in the marketplace if an independent registrar has audited your QMS and agrees with your claim. Why is ISO 9000 Important? ISO 9000 is important because of its orientation. While the content itself is useful and important, the content alone does not account for its widespread appeal. ISO 9000 is important because of its international orientation. Currently, ISO 9000 is supported by national standards bodies from more than 150 countries. This makes it the logical choice for any organization that does business internationally or that serves customers who demand an international standard of excellence. ISO is also important because of its systemic orientation. We think this is crucial. Many people wrongly emphasize motivational and attitudinal factors. The assumption is that quality can only be created if workers are motivated and have the right attitude. This is fine, but it doesn't go far enough. Unless you institutionalize the right attitude by supporting it with the right policies, procedures, records, technologies, resources, and structures, you will never achieve the standards of quality that other organizations seem to be able to achieve. Unless you establish a quality attitude by creating a quality management system, you will never achieve a world-class standard of quality. Simply put, if you want to have a quality attitude you must have a quality system. This is what ISO recognizes, and this is why ISO 9000 is important. ISO 9000 2005 Quality Management Principles Translated into Plain English According to ISO 9000, the ISO 9001 and 9004 standards are based on eight quality management principles. These principles were chosen because they can be used to improve performance and achieve success. But how can you ensure that your organization applies these principles? The answer is to establish a quality management system that meets the ISO 9001 2008 standard. If you do so, your organization will automatically apply these principles. This is because they permeate the ISO 9001 standard and will therefore be built into any quality system that is based on this standard. So if you want to improve the performance of your organization, you need to develop and implement an ISO 9001 2008 quality management system that applies the eight principles listed below. 1 Focus on your customers Organizations rely on customers. Therefore: • Organizations must understand customer needs. • Organizations must meet customer requirements. • Organizations must exceed customer expectations. 2 Provide leadership Organizations rely on leaders. Therefore: • Leaders must establish a unity of purpose and set the direction the organization should take. • Leaders must create an environment that encourages people to achieve the organization's objectives. 3 Involve your people Organizations rely on people. Therefore: • Organizations must encourage the involvement of people at all levels. • Organizations must help people to develop and use their abilities. 4 Use a process approach Organizations are more efficient and effective when they use a process approach. Therefore: • Organizations must use a process approach to manage activities and related resources. 5 Take a systems approach Organizations are more efficient and effective when they use a systems approach. Therefore: • Organizations must identify interrelated processes and treat them as a system. • Organizations must use a systems approach to manage their interrelated processes. 6 Encourage continual improvement Organizations are more efficient and effective when they continually try to improve. Therefore: • Organizations must make a permanent commitment to continually improve their overall performance. 7 Get the facts before you decide Organizations perform better when their decisions are based on facts. Therefore: • Organizations must base decisions on the analysis of factual information and data. 8 Work with your suppliers Organizations depend on their suppliers to help them create value. Therefore: • Organizations must maintain a mutually beneficial relationship with their suppliers. ISO 9001 2008 vs ISO 9001 2000 ISO 9001 2008 and ISO 9001 2000 use the same numbering system to organize the ISO 9001 2008 and ISO 9001 2000 use the same numbering system to organize the standard. As a result, the new standard looks much like the old standard. However, some important clarifications and modifications were made. These changes are summarized below. Outsourced Processes The process approach continues to be of central importance to ISO 9001. And since outsourcing has become increasingly common during the last few years, the new ISO 9001 standard has expanded its discussion of outsourced processes (see ISO 9001 Part 4.1). The new standard makes it clear that an outsourced process is still part of your QMS even though it is performed by a party that is external to your organization. The new standard emphasizes the need to ensure that outsourced processes comply with all customer and legal requirements. While the responsibility for a process may have been outsourced, your organization is, nevertheless, still responsible for ensuring that it meets all customer, regulatory, and statutory requirements. While the old standard said that outsourced processes must be controlled, the new standard goes further by expecting you also to specify the type, nature, and extent of control. ISO 9001 2008 also wants you to think carefully about how you’re going to control outsourced processes. How you choose to control an outsourced process should be influenced by the potential impact it could have on your products, whether or not process control will be shared with the process supplier, and whether or not adequate controls can be contractually established using your purchasing process. Documentation ISO 9001 2008, Part 4.2.1, makes it clear that QMS documentation includes not only the records required by the standard but also the records that your organization needs to have in order to be able to plan, operate, and control its QMS processes. So the new standard has expanded the definition of documentation to include all QMS process records. Part 4.2.1 makes it clear that a single document may contain several procedures or several documents may be used to describe a single procedure. While this has always been an option, the new standard makes this possibility explicit. ISO 9001 2000 Part 4.2.3 gave the impression that all external documents needed to be identified and controlled. This has now been clarified. The new standard says that you need to identify and control the distribution of only those external documents that you need in order to be able to plan and operate your QMS. In other words, only relevant external QMS documents need to be controlled, not all of them. Management Representative ISO 9001 2000, Part 5.5.2, allowed you to appoint any member of management to oversee the organization’s QMS. Since the old standard did not explicitly say that the management representative must be a member of the organization’s own management, outsiders were sometimes appointed, instead. This loophole has now been closed. ISO 9001 2008 now makes it clear that the management representative must be a member of the organization’s own management. Outsiders may no longer perform this important function. Competence While both old and new standards stress the importance of competence, the old standard wasn’t very clear about who they were talking about. Now it’s pretty clear that all QMS personnel must be competent. ISO 9001 2008, Part 6.2.1, makes it clear that any task within the QMS may directly or indirectly affect the organization’s ability or willingness to meet product requirements. Since any QMS task could directly or indirectly influence product quality, the competence of anyone and everyone who carries out any QMS task must be assured. Infrastructure For ISO 9001 2000 (Part 6.3) the term infrastructure includes buildings, workspaces, equipment, software, utilities, and support services like transportation and communications. ISO 9001 2008 has now added information systems to the previous list of support services. Both old and new standards expect you to provide the infrastructure (including information systems) that your organization needs in order to ensure that product requirements are being met. Work Environment According to ISO 9001 2000, Part 6.4, you are expected to manage the work environment that your organization needs in order to be able to ensure that all product requirements are being met. However, it failed to indicate exactly what they were talking about. This problem has now been solved. ISO 9001 2008 says that the term work environment refers to working conditions. These working conditions include physical and environmental conditions, as well as things like noise, temperature, humidity, lighting, and weather. According to the new standard, all of these conditions need to be managed in order to help ensure that product requirements are being met. Customer Requirements According to ISO 9001 2000, Part 7.2.1, you are expected to identify your customers’ specific delivery and post delivery requirements. Since some people weren’t sure about what post delivery meant, the new standard has tried to clarify this. According to ISO 9001 2008, post delivery requirements include things like warranty provisions, contractual obligations (such as maintenance), and supplementary services (such as recycling and final disposal). Design and Development Planning Both old and new standards expect organizations to plan and perform product design and development review, verification, and validation activities (Part 7.3.1). While each of these three activities serves a different purpose, ISO 9001 2008 makes it clear that these three activities can be carried out and recorded separately or in any combination as long as it makes sense for the product and the organization. Design and Development Outputs Part 7.3.3 of ISO 9001 2000 wants you to make sure that the design and development process generates information (outputs) that your purchasing, production, and service provision processes need to have. ISO 9001 2008 now also says that design and development outputs could include information that explains how products can be preserved during production and service provision. Monitoring and Measuring Equipment While ISO 9001 2008, Part 7.6, refers to the need to control monitoring and measuring equipment, the old standard talked about controlling devices. Since the term device can refer to almost anything from a literary contrivance to a machine, its meaning wasn’t exactly clear. The new ISO 9001 standard has removed this ambiguity by using the term equipment. Both the old and the new standard wants you to confirm that monitoring and measuring software is capable of doing the job you want it to do. In addition to this requirement, the new standard suggests (in a note) that configuration management and well established verification methods can be used to ensure the ongoing suitability of monitoring and measuring software. However, this is not a requirement, just a statement that explains how the ongoing suitability of software can be maintained. Customer Satisfaction Both old and new standards want you to monitor and measure customer satisfaction (perceptions). A new note to [...]... are summarized below ISO 9001 2000 versus ISO 9001 1994 New Standard In the past, ISO had three standards: ISO 9001:1994, ISO 9002:1994, and ISO 9003:1994 Now there's only one standard: ISO 9001:2000! ISO 9002 and ISO 9003 have been dropped So, if you are currently ISO 9002:1994 or ISO 9003:1994 certified, you will now need to become ISO 9001:2000 certified And if you're now ISO 9001 certified, you're... ISO 9001:2000 requirements New Structure When you compare ISO 9001:1994 and ISO 9001:2000 you’ll notice that ISO has abandoned the 20-clause structure of the old standard Instead of 20 sections, the new standard now has 5 sections ISO reorganized the ISO 9001 standard in order to create a more logical structure, and in order to make it more compatible with the ISO 14001 environmental management standard... communicate with customers and to measure and monitor customer satisfaction The new standard also emphasizes the need to make improvements While the old standard did implicitly expect organizations to make improvements, the new standard makes this explicit Specifically, ISO 9001 now wants you to evaluate the effectiveness and suitability of your quality management system, and to identify and implement systemic... your product design and development 7.3.1 Plan product design and development 7.3.2 Identify design and development inputs 7.3.3 Generate design and development outputs 7.3.4 Carry out design and development reviews 7.3.5 Perform design and development verifications 7.3.6 Conduct design and development validations 7.3.7 Manage design and development changes 7.4 Control purchasing and purchased products.. .ISO 9001 2008, Part 8.2.1, explains that there are many ways to monitor and measure customer satisfaction You could use customer satisfaction and opinion surveys And you could collect product quality data (post delivery), track warranty claims, examine dealer reports, study customer compliments and criticisms, and analyze lost business opportunities Internal Audit Records Both old and new standards... is a very important improvement We think it’s important because it makes implementation more flexible and conformance less rigid Because of this significant innovation, you’re more likely to end up with a quality management system that not only complies with ISO s standards but also meets your organization’s unique needs This new, more flexible, approach is further demonstrated in another way When... suitable and effective quality management system New Approach In order to understand ISO 9001:2000 at a deeper level, you need to recognize that ISO uses a process approach to quality management While the process approach is not new, the increased emphasis ISO now gives to it is new It is now central to the way ISO thinks about quality management systems According to this approach, a quality management... this reorganization is largely a cosmetic change, it could have some rather profound implications if you’ve organized your current quality manual around the old 20-part structure New Emphasis In general, the new standard is more customer-oriented than the old standard While the old standard was also oriented towards meeting customer requirements and achieving customer satisfaction, the new standard addresses... Monitor and measure customer satisfaction 8.3 Identify and control nonconforming products • Establish a nonconforming products procedure 8.4 Collect and analyze quality management data • Define your QMS information needs 8.5 Make improvements and take remedial actions 8.5.1 Improve the effectiveness of your QMS • Plan monitoring, measurement, and analytical processes • Implement monitoring, measurement, and... improvements New Definitions In the past, organizations that wished to be certified were referred to as suppliers because they supplied products and services to customers Since many people were confused by this usage, ISO has decided to use the word organization instead Now the ISO standards focus on the organization, not the supplier The term supplier now refers to the organization’s supplier The new redefined . ISO 9000 AN INTRODUCTION ISO 9000 is rapidly becoming the most important quality management standard in the world. Thousands of companies in. two different meanings: it refers to a single standard (ISO 9000) and it refers to a set of three standards (ISO 9000, ISO 9001, and ISO 9004). All three