Does ISO 9001 Certification Remind You of Spoiled Milk?

Misunderstanding its purpose sours the whole thing

Published: Tuesday, March 11, 2014 - 11:42

Editor's note: Dan Nelson will be a guest on Quality Digest LIVE Friday March 14, 2014, at 11 a.m. Pacific.

Bill Cosby once did a routine about a funny aspect of human nature: How we all seem to have a hard time believing the obvious.

So Cosby pulls some milk out of the fridge. He sniffs it. It’s unbelievably rancid, and disgust and nausea instantly register on his face. He holds the carton away from himself, and once able to breathe, proclaims that the milk is sour. Someone nearby takes the carton and sniffs it. “Yep,” confirms this second witness, gagging at the vile odor, “the milk is definitely bad.”

“Here, let me smell it,” says another, who almost passes out from the smell—but not before another requests, “Let me smell it!”

Of course, the humor lies in the fact that if these folks had chosen to believe the obvious, visceral reaction from the original freshness tester, they all would have avoided an unpleasant experience. They went out of their way to find a bad experience and then seemed surprised when they arrived at one.

So it seems with ISO 9001 certification. Using standard-based, cut-and-paste procedures from a book, one organization manages to “get ISO 9001-certified.” Of course, nobody in the organization sees any value in, let alone likes the ISO 9001 documentation, but it’s promoted as a quick and easy solution. Although the organization has a bad experience with quality management à la ISO 9001, it gets through certification.

The sour cycle is perpetuated when other companies seeking ISO 9001 certification ask a certified organization how to “get certified.” The certified organization says, “Do what we did; it worked. Copy our proven procedures or buy them somewhere. They suck, but you get certified.”

So cascading down the supply chain—along with the requirement to “get certified”—is this bad idea about how to get certified: Borrow proven procedures from a certified company, or buy proven procedures widely available in books or online. Ignore the fact that everyone who’s done it that way dislikes ISO 9001 and the documentation and audits associated with it. Just accept it as a necessary evil of doing business in an ISO 9001 environment.

It’s akin to the spoiled milk routine, isn’t it? “Hey, getting certified really sucks. Do it just like we did, and you’ll see what we mean.” Then a year later, “Oh, you did it just like we told you! See? It really sucks, doesn’t it?”

Don’t just do it. Do it right.

On the receiving end of requirements to become certified, suppliers are often unclear about what ISO 9001 really requires. But the requirement to become certified is clear enough, so the goal becomes to “get certified.” And plenty of “help” is available—consultants and books promising “easy ISO 9001 implementation.” So, organizations were given the idea that ISO 9001 itself was supposed to be implemented to ensure quality. But this was never true. ISO 9001 was never intended to be used to design or implement quality management for any organization, but merely to assess quality management.

According to the standard itself, at 0.1, Introduction:
“This International Standard can be used by internal and external parties, including certification bodies, to assess the organization’s ability to meet customer, statutory, and regulatory requirements applicable to the product, and the organization’s own requirements.” [Italics added.]

Basically, that statement is saying ISO 9001 can be used by almost anyone—including certifying body (CB) auditors—to assess organizations’ ability to meet requirements. Nowhere does it say that the standard can be used by anyone to establish a quality management system (QMS). The standard assumes a currently documented QMS to which the standard is applied; it doesn’t provide a guide for how to implement quality management. Sure, management might glean some details about QMS development from analyzing ISO 9001 requirements, but the requirements are not supposed to establish any QMS. A company must first establish real-time standard operating procedures (SOPs), and then look at how they compare to ISO 9001 requirements.

Why does this matter? Because when an organization uses ISO 9001 to establish and document a QMS, it’s putting the cart before the horse. A system outputting quality product (the horse) is already in place before ISO 9001 (the cart) is applied.

When the standard is used to define a QMS, the documentation first attempts to describe conformity to ISO 9001 requirements, while failing to effectively describe the system currently outputting product. Thus, the defined QMS is different from the actual system outputting product. The two don’t match, and only one of them—the existing system—is a QMS. Using ISO 9001 to define a QMS forces organizations to go out of their way to (mis)define their QMSs in terms of ISO 9001 requirements. So when auditors arrive, personnel must go out of their way to prove conformity to the defined QMS. Meanwhile, the actual QMS never really gets assessed.

The objective should have been to define current operations to be clear and transparent about how processing occurs systemically to output quality product. ISO 9001 can then be applied to the defined system to assess the system’s ability to meet the requirements it was designed to meet.

In a nutshell:
1. Document current processes your company uses to create product without regard to ISO 9001 (think SOPs).
2. Perform a gap analysis or document review to ensure these SOPs meet ISO 9001 requirements. Close any discovered gaps.
3. Contract with a CB.
• Stage 1 auditing assesses how well your SOPs meet ISO 9001 requirements and presents any nonconformance findings.
• Address the Stage 1 findings.
• Stage 2 auditing assesses the conformity of actual shop-floor activity (“working practice”) to the established SOPs; when the working practice is found to meet the SOPs (previously verified to be ISO 9001-compliant), conformity to ISO 9001 is at hand.

Note: Defining a QMS per ISO 9001 requirements will result in an ineffective system, add unnecessary costs, and may cause the system to smell like spoiled milk.

About The Author

Dan Nelson

T. D. (“Dan”) Nelson is a quality management consultant and trainer specializing in the process approach of ISO 9001 and related sector schemes. Nelson has 20 years of experience with ISO 9000 and years of experience as an IRCA QMS lead or principal auditor. He has also trained lead auditors in accredited course. Nelson also holds an MA in Business Administration from the University of Iowa. He is the author of The Process Approach of  ISO 9001 (Create Space, 2014, updated for ISO 9001:2015).