ISO 9000:2K



Part 1


ISO 9001:2000





by Jeanne Ketola
and Kathy Roberts

Since the beginning, the ISO 9000 standards series (ISO 9001, ISO 9002 and ISO 9003) has contained very basic requirements for management. First, management was required to establish a quality policy and quality objectives and communicate these to the rest of the organization. This typically meant that slogans smacking of motherhood and apple pie were written in an attractively styled format and communicated by means of signs posted on the walls throughout organizations. Responsibility was addressed through an organizational chart, the torch was passed to a management representative to set up the documentation, and key members of management sat through long meetings two to four times a year to review the system.

 Management responsibility takes on a new dimension with the proposed revisions in the draft international standard (DIS) of ISO 9001:2000. One key criticism of ISO 9001's previous versions has been that management had a minimal role that didn't require them to move beyond maintenance into the improvement arena. In fact, the 1994 version of ISO 9001 is often viewed as a foundation only and isn't considered a vehicle for moving a company to world-class status.

 ISO 9001:2000 is designed to transfer the responsibility for the quality management system from quality assurance to top management. This ensures that customer satisfaction is achieved, customer requirements are fully understood and met, planning activities include objectives at each relevant function and level within the organization, internal communications are established, and information within the system (e.g., data, internal audit results, customer measures) is used to facilitate improvement.

What has changed?

 For a quick comparison of where management responsibility elements from the 1994 version are found in the ISO 9001:2000 DIS, refer to Figure 1.

 The following is a summary of management requirements that were present in ISO 9001:1994 but have been clarified and more explicitly stated in ISO 9001:2000. These requirements are drawn from sections 4-8 in the DIS:

 Management is to establish the quality policy and quality objectives. The management review must be used to evaluate the need for changes to the quality management system, quality policy and quality objectives.

 The quality policy must be communicated and understood at "appropriate" levels, rather than at "all levels," within the organization.

  Top management has the responsibility and must provide evidence of their commitment to ensure the availability of resources.

 It is now possible to have more than one designated management representative.

  The organization must ensure that personnel with defined responsibilities in the quality management system are competent based on appropriate levels of education, training, skills and experience.

  The organization must provide resources and facilities that are specific to the product.


 The following management responsibility requirements, found in sections 4-8 of ISO 9000:2000, are new:

 Top management must provide evidence of their commitment to the development and improvement of the system, which includes communicating to the organization the importance of meeting customer, regulatory and legal requirements.

 Top management must ensure that the quality policy shows a commitment to continual improvement, provides a framework for quality objectives and is reviewed for ongoing suitability.

 The quality objectives must be established at relevant functions and levels, be measurable and consistent with the quality policy, and include those objectives needed to meet product requirements.

 Top management must ensure that customer needs and expectations are determined and fulfilled.

  The organization must define and communicate the responsibilities and authorities necessary to facilitate effective quality management, as well as communicating the effectiveness of the quality management system and processes.

 The management representative has the authority and responsibility to promote the awareness of customer requirements throughout the organization.

 The inputs to the management review must be explicit and must include audit results, feedback from customers, process performance and product conformance analysis, preventive and corrective actions status, follow-up actions from previous management reviews, and any changes that might affect the quality management system.

 The outputs from the management review include actions relating to improvement of the quality management system (and its processes), product improvement (related to customer requirements) and resource needs.

 In a timely manner, the organization must determine and provide the necessary resources to implement and improve the quality management system processes and address customer satisfaction.

  The organization facilitates continual improvement through the use of the quality policy, objectives, audit results, data analysis, corrective and preventive actions, and management review.


 The following requirements are the same in both ISO 9001:1994 and ISO 9001:2000:

 The organization must establish and document a quality policy, quality objectives and its commitment to quality.

  The quality policy must be relevant to organizational goals and customer requirements.

 The quality policy must be disseminated throughout the organization.

 Responsibilities and authorities are to be defined and communicated.

 Top management is responsible for allocating adequate resources relating to the quality management system.

  The management representative must be a member of top management who has defined responsibility and authority on matters relating to the quality system.

 Top management is responsible for the periodic quality system review to ensure its suitability and effectiveness.

  Records of management reviews must be kept.


 The following items from ISO 9001:1994 have been omitted in the revision:

 The specific list of actions for personnel who affect quality.

 Responsibility and authority for personnel "that affect quality."

  The specific language regarding types of resources (i.e., trained personnel) for management, work performance and verification activities, including audits.


What challenges will organizations face?

 Many organizations will need to analyze how actively management is involved in promoting the quality system as an integral part of operations. Planning activities will now need to be more focused and will have to be documented. Changes occurring within the organization must be planned in order to protect the integrity of the quality management system. Many organizations haven't yet grasped the idea that ISO 9000 isn't about writing procedures but about defining an operational structure. Management representatives are often excluded from planning activities and aren't consulted when impending management decisions result in changes that jeopardize the system. Consequently, they're often left to pick up the pieces.

 Management will also face the challenge of pulling together the information from their quality management system and using that information effectively for management review and planning activities as well as for the purposes of continual improvement.

 Small businesses face special challenges in the transition to ISO 9001:2000. "I have found that small companies are often strong in day-to-day management and provide excellent-quality product but are weak in documentation of quality planning, quality objectives and formal reviews with trend data," comments Andy Lauber, president of Lauber Associates in Chapel Hill, North Carolina. "Although continuous improvement has been an implied requirement, it must now be a documented objective with measurable items of quality planning that are reported as part of the management review output. This requirement is open to considerable variation in interpretation and may cause trouble for many small companies."

 Quality systems registrars will look for evidence of the shift in responsibility to top management when assessing organizations. "The increased focus upon top management's strategic role within the quality management system will result in many organizations and registrars re-examining their approach," says Mark Jessen, Underwriters Laboratories' ISO 9000:2000 program manager and an RAB lead assessor. "Top management will be challenged to demonstrate commitment to a wider circle of quality management system activities and may need to evaluate how this commitment will be demonstrated to registrars. Many organizations may also need to examine the role that the quality policy and quality objectives play in the quality management system, as well as the methods used to improve the quality management system."

 In general, registered organizations communicate about their processes and the effectiveness of their quality management system at a management level but don't carry this activity to other levels and functions throughout the organization. Communication has always been an issue for organizations, and the requirements in the revised standard may lead organizations to develop a more methodical approach in conveying information.

 When making changes, it's also not unusual for organizations to forge ahead without considering how changes affect the overall system. Although many organizations review how changes such as the addition of new equipment or new technologies or a reduction of workforce may affect their organization, many lack a formal approach for handling this issue while ensuring that the integrity of the quality management system is maintained.

 Another challenge that organizations may face will be whether management will decide to apply resources to implement the revisions. Susan Lee of Banta Information Services Group--Marketing Distribution Centers in Seattle sees the revisions as a major resource issue. Even though the revised standard maintains that current documentation does not need to be modified to parallel ISO 9001:2000's new structure, she states that her organization is feeling overwhelmed by this new structure. She believes that the structure will require her organization to overhaul some documentation for management and internal auditors to be comfortable with the changes. Although she views the revisions in a positive light, especially the new emphasis placed on management responsibility, Lee sees the retraining and rewriting as a major resource issue.

 "The current element structure [1994 version] fits our business," says Lee. "Our company may decide to be compliant to the standards and forgo the registration process. Rewriting our documentation and retraining staff would require a huge resource investment. The current standard structure provides our business with a good foundation to build a quality system. While there are many content improvements that we would implement, the proposed structure changes do not add value to our organization."

How will the revisions affect different industries?

 The purpose of the ISO 9000 series has always been to provide generic standards that can be used in any industry. The language of the 1994 version was slanted toward a manufacturing environment, making it vulnerable to criticism in some other industries, which concluded that if the terminology didn't specifically meet their needs, it didn't apply.

 However, organizations have always had the ability to indicate why certain requirements aren't relevant. They have also had the ability to expand their systems to include other activities, such as safety programs or human resources activities. When modifying their systems, though, organizations need to consider that adding these types of requirements may subject them to audit if the organization chooses to pursue registration.

 ISO 9001:2000 has been modified to make much of the language less manufacturing-based. These modifications should remove the stigma that ISO 9000 is for manufacturers only and perhaps make it more accessible to service industries and other industry sectors.

In a nutshell

 ISO 9001:2000 requires that all organizations in all industries meet all of the requirements under the management responsibility section. (ISO 9001:2000 allows a reduction in scope only for the activities under section 7, Product realization.) Some of the requirements everyone will be obligated to meet include demonstrating management commitment; ensuring internal communications; conducting management reviews; ensuring planning activities; maintaining the integrity of the quality management system during organizational change; understanding customer requirements and aiming to achieve customer satisfaction; and focusing on the continual improvement of the organization.

 "Overall, the strengthened ISO 9001 requirements will result in improved performance for small companies by requiring that more thought be put into planning efforts that are now required to be documented," says Lauber. "This will help small companies establish a solid base for growth. The management responsibility requirements of ISO 9001:2000 do not appear to add a significant burden and will not require the addition of permanent new resources, but they will require an initial effort to understand the management techniques of effective planning, trend analysis, customer knowledge and continuous improvement."

 Keep in mind that these changes are still in the DIS stage. There is one more stage (and possible iteration) of the standard before its scheduled release in November 2000. However, if the requirements remain as they currently are, they will have a profound effect on the responsibility of top management in extracting and analyzing information from the system for the purposes of improvement activities. Management will also need to become more succinct in their planning activities to ensure that the quality management system is maintained through change. Furthermore, becoming compliant with the revision will require the management team to place more emphasis on moving toward improvement and taking their quality system to the next level.

About the authors

 Jeanne Ketola, CEO of Pathway Consulting Inc. in Minneapolis, has more than 20 years of business experience in a diverse range of industries. She is an ASQ Certified Quality Auditor, an RAB Quality Systems Auditor and a trained management coach. Ketola is an active participant of the U.S. TAG to TC 176, which is responsible for reviewing and writing the ISO 9000 revisions, establishing all U.S. positions and voting on the final draft standard prior to publication. She has participated at a national level in writing the auditing guidelines for ISO 9000-Q10011 and is secretary of the ANSI Z1 executive committee, which is responsible for all actions relating to national quality standards. Contact her by e-mail at jketola@qualitydigest.com .

 Kathy Roberts, president of Sunrise Consulting Inc. in Raleigh, North Carolina, has held various quality engineering and quality management positions in a variety of industries during the past 10 years. She is an ASQ Certified Quality Auditor and a trained examiner for the North Carolina Performance Excellence Process. Roberts is an active member of the U.S. TAG to TC 176 and vice chair of the ANSI Z1 executive committee. E-mail her at kroberts@qualitydigest.com .

 Ketola and Roberts are authors of the new book ISO 9001:2000 In a Nutshell: A Concise Guide to the Revisions, published by Paton Press. For more information about their book, visit www.paton press.com, e-mail books@patonpress.com  or call (530) 342-5480.

Today's Specials

Figure 1: ISO 9001:1994 Management Responsibility Clauses Cross-Referenced to the ISO 9001:2000 DIS

Menu Level Above 

[Contents] [News] [WebLinks] [Columnists]

This Menu LeveL 

[Kaizen] [ISO 9000:2K] [CMMs] [Registrars] [State]

Menu  Level Below 


Copyright 2000 QCI International. All rights reserved.
Quality Digest can be reached by phone at (530) 893-4095. E-mail:
Click Here