Featured Product
This Week in Quality Digest Live
Standards Features
Chad Kymal
Addressing risks from inadequate information security and cybersecurity starts with leadership
Jon Speer
As a medical device manufacturer, you can expect to be inspected
Donald J. Wheeler
It takes more than a good capability ratio
William A. Levinson
Ineffective CAPA processes are the greatest source of ISO 9001 audit findings

More Features

Standards News
ISO and WHO are working for universal access to quality health products that are all at once safe, effective, and affordable
Streamlines shop floor processes, manages nonconformance life cycle, supports enterprisewide continuous improvement
Allows construction industry to collaborate across projects and national borders
Enhances accreditation services portfolio across global market
Features illustrations as applied in real-world organizational contexts
Standards like ISO 10303 and ISO 14306 help to keep planes high in the sky
Amendments to the California Consumer Privacy Act go into effect no later than July 2020
VQIP allows for expedited review and importation for approved applicants that demonstrate safe supply chains
Intended to harmonize domestic and international requirements

More News

Dan Nelson

Standards

Does ISO 9001 Certification Remind You of Spoiled Milk?

Misunderstanding its purpose sours the whole thing

Published: Tuesday, March 11, 2014 - 12:42

Editor's note: Dan Nelson will be a guest on Quality Digest LIVE Friday March 14, 2014, at 11 a.m. Pacific.

Bill Cosby once did a routine about a funny aspect of human nature: How we all seem to have a hard time believing the obvious.

So Cosby pulls some milk out of the fridge. He sniffs it. It’s unbelievably rancid, and disgust and nausea instantly register on his face. He holds the carton away from himself, and once able to breathe, proclaims that the milk is sour. Someone nearby takes the carton and sniffs it. “Yep,” confirms this second witness, gagging at the vile odor, “the milk is definitely bad.”

“Here, let me smell it,” says another, who almost passes out from the smell—but not before another requests, “Let me smell it!”

Of course, the humor lies in the fact that if these folks had chosen to believe the obvious, visceral reaction from the original freshness tester, they all would have avoided an unpleasant experience. They went out of their way to find a bad experience and then seemed surprised when they arrived at one.

So it seems with ISO 9001 certification. Using standard-based, cut-and-paste procedures from a book, one organization manages to “get ISO 9001-certified.” Of course, nobody in the organization sees any value in, let alone likes the ISO 9001 documentation, but it’s promoted as a quick and easy solution. Although the organization has a bad experience with quality management à la ISO 9001, it gets through certification.

The sour cycle is perpetuated when other companies seeking ISO 9001 certification ask a certified organization how to “get certified.” The certified organization says, “Do what we did; it worked. Copy our proven procedures or buy them somewhere. They suck, but you get certified.”

So cascading down the supply chain—along with the requirement to “get certified”—is this bad idea about how to get certified: Borrow proven procedures from a certified company, or buy proven procedures widely available in books or online. Ignore the fact that everyone who’s done it that way dislikes ISO 9001 and the documentation and audits associated with it. Just accept it as a necessary evil of doing business in an ISO 9001 environment.

It’s akin to the spoiled milk routine, isn’t it? “Hey, getting certified really sucks. Do it just like we did, and you’ll see what we mean.” Then a year later, “Oh, you did it just like we told you! See? It really sucks, doesn’t it?”

Don’t just do it. Do it right.

On the receiving end of requirements to become certified, suppliers are often unclear about what ISO 9001 really requires. But the requirement to become certified is clear enough, so the goal becomes to “get certified.” And plenty of “help” is available—consultants and books promising “easy ISO 9001 implementation.” So, organizations were given the idea that ISO 9001 itself was supposed to be implemented to ensure quality. But this was never true. ISO 9001 was never intended to be used to design or implement quality management for any organization, but merely to assess quality management.

According to the standard itself, at 0.1, Introduction:
“This International Standard can be used by internal and external parties, including certification bodies, to assess the organization’s ability to meet customer, statutory, and regulatory requirements applicable to the product, and the organization’s own requirements.” [Italics added.]

Basically, that statement is saying ISO 9001 can be used by almost anyone—including certifying body (CB) auditors—to assess organizations’ ability to meet requirements. Nowhere does it say that the standard can be used by anyone to establish a quality management system (QMS). The standard assumes a currently documented QMS to which the standard is applied; it doesn’t provide a guide for how to implement quality management. Sure, management might glean some details about QMS development from analyzing ISO 9001 requirements, but the requirements are not supposed to establish any QMS. A company must first establish real-time standard operating procedures (SOPs), and then look at how they compare to ISO 9001 requirements.

Why does this matter? Because when an organization uses ISO 9001 to establish and document a QMS, it’s putting the cart before the horse. A system outputting quality product (the horse) is already in place before ISO 9001 (the cart) is applied.

When the standard is used to define a QMS, the documentation first attempts to describe conformity to ISO 9001 requirements, while failing to effectively describe the system currently outputting product. Thus, the defined QMS is different from the actual system outputting product. The two don’t match, and only one of them—the existing system—is a QMS. Using ISO 9001 to define a QMS forces organizations to go out of their way to (mis)define their QMSs in terms of ISO 9001 requirements. So when auditors arrive, personnel must go out of their way to prove conformity to the defined QMS. Meanwhile, the actual QMS never really gets assessed.

The objective should have been to define current operations to be clear and transparent about how processing occurs systemically to output quality product. ISO 9001 can then be applied to the defined system to assess the system’s ability to meet the requirements it was designed to meet.

In a nutshell:
1. Document current processes your company uses to create product without regard to ISO 9001 (think SOPs).
2. Perform a gap analysis or document review to ensure these SOPs meet ISO 9001 requirements. Close any discovered gaps.
3. Contract with a CB.
• Stage 1 auditing assesses how well your SOPs meet ISO 9001 requirements and presents any nonconformance findings.
• Address the Stage 1 findings.
• Stage 2 auditing assesses the conformity of actual shop-floor activity (“working practice”) to the established SOPs; when the working practice is found to meet the SOPs (previously verified to be ISO 9001-compliant), conformity to ISO 9001 is at hand.

Note: Defining a QMS per ISO 9001 requirements will result in an ineffective system, add unnecessary costs, and may cause the system to smell like spoiled milk.

Discuss

About The Author

Dan Nelson’s picture

Dan Nelson

T. D. (“Dan”) Nelson is a quality management consultant and trainer specializing in the process approach of ISO 9001 and related sector schemes. Nelson has 20 years of experience with ISO 9000 and years of experience as an IRCA QMS lead or principal auditor. He has also trained lead auditors in accredited course. Nelson also holds an MA in Business Administration from the University of Iowa. He is the author of The Process Approach of  ISO 9001 (Create Space, 2014, updated for ISO 9001:2015).

Comments

What, truly, is spoiled here?

Is it the poorly written, nearly incomprehensible standard (For example:  7.2.1 Determination of requirements related to the production vs 7.2.2, Review of the requirements related to the product), or is the implementation that smells?

Hmmm.

Poor implementation of quality management

Poor implementation of quality management due to the influence of ISO 9001 accounts for most of the smell, in my opinion. The standard itself is kind of neutral smelling. Those who apply it should be trained adequately to where the statement of the requirements doesn't confuse the intent of the requirements. Those who apply ISO 9001 shouldn't be confused by its intent, or they might end up with a certified-but-rotten system.

An issue I'm currently facing

I'm sure the good readers of Quality Digest will be shocked to hear this, but I'm currently facing this issue, as I inherited a QMS that was 'designed' around the ISO 9001 standard. Not only that, but it was designed around the old 1994 standard! So, it might as well be written in Latin for all the use it is. 

Spoiled milk from 1994--yum!

Spoiled milk from 1994--yum! That's why they put expiration dates on that stuff, huh?

Great Article

This was very helpful! As a Project Manager who works closely with Quality Engineers towards certification, this really helped clear up some misconceptions. Very well written, thank you......and Go Hawks!

Thanks for your kind words.

Thanks for your kind words. I'm hoping some Hawks will start going on this soon!