In 1987, the International Organization for Standardization released ISO 9000, a standard detailing the requirements of a quality management system (QMS). ISO 9000:1987 was an imperfect document but one that pointed the way toward a better approach to quality.
Quality Digest presented an article titled "Understanding ISO 9000" in the June 1990 issue. The piece introduced this topic to many readers and offered some practical information about how compliance could be achieved.
As part of our 25th anniversary issue, we decided to take a look back at ISO 9000 by rerunning this short article in its entirety. To help us see how far we've come, we enlisted the help of longtime Quality Digest contributors Denise Robitaille and Jack West. Robitaille and West have a wealth of experience in shaping standards and auditing compliance.
To meet its objective of creating a single unified market by the end of 1992, the 12-nation European Community is implementing over 300 directives that will establish new regulations covering a broad range of business activities and thousands of products. Designed to ease the free flow of goods and capital within the single European market, these regulations will substantially alter the way in which U.S. companies who export to Europe will conduct business.
One of the most far-reaching directives to be implemented by the European Community is the standardization of rules governing quality management systems. "ISO 9000," the common name for a set of five standards sponsored by the International Organization for Standardization, establishes requirements with which a company's quality management system must comply in order to export competitively to the European Community.
The ISO 9000 series serves as the basis for establishing product conformity in the European Community, and applies to almost all providers of goods and services who wish to do business within the Community.
Denise Robitaille : Since this article appeared, there have been two important adjustments in focus. First, the introductory paragraph emphasizes the concept of regulations. The tone suggests mandatory rather than voluntary compliance. It's refreshing to note that the focus shifted to a market-driven, rather than a regulatory, family of standards. The tradition of developing the standards based on consensus rather than statutory fiat has greatly enhanced its appeal and success. It has also facilitated its acceptance internationally, thereby contributing to burgeoning global commerce. The standard is the same regardless of culture, continent or climate. Everyone plays by the same set of rules--voluntarily.
Second, I'm not certain that this article correctly represents the original intent of ISO 9001 vis-à-vis product conformity. It's my understanding that the focus has always been on the processes and systems that support the provision of conforming product. If the originators did indeed intend to suggest that ISO 9001 registration would in some way equate to guaranteeing product conformance, then things have definitely changed. Although it's a valid premise that careful and deliberate controls surrounding product realization should eventuate delivery of conforming product, certification bodies do not certify the conformity of the product.
Jack West : I agree. The notion has always been that the organization needs to have a system that will result in conforming product. It's true that the notion of process has been there all along, but with much less emphasis than today's version. I don't think there was ever a naïve belief that having a system would truly guarantee that product would always conform, but the QMS can be used as part of a conformity assessment scheme that promotes product quality. The notion was never to make conformity with ISO 9001/2/3 mandatory but rather to provide the option of using the QMS as part of the product-conformity assessment scheme.
As part of the effort to unify the market, the European Community has been working to eliminate intra-European standard differences that could pose barriers to free trade within the single market. The ISO 9000 series represents the unification of quality control standards that had already existed in various forms in many EC nations. Failure to comply with these standards after 1992 could mean the virtual disqualification from importing goods to the European Community.
JW: This was always the myth, and signs of the myth remain today. There are very few situations where certification to ISO 9001 is actually a requirement for participation in the European market.
Composed of ISO 9000, ISO 9001, ISO 9002, ISO 9003 and ISO 9004, the ISO 9000 series requires that quality management systems be established for a comprehensive list of business functions. Systems must be documented and approved by a company's highest corporate management and established as corporate policy. ISO 9000 is a statement of purpose, and serves as a guide for the other four standards.
ISO 9001, 9002 and 9003 establish procedures for quality assurance to the customer at various stages throughout the life of a contract.
DR : The distinction of three different standards--ISO 9001, 9002, 9003--was not a very good idea. It inadvertently created an artificial hierarchy, suggesting that one was better than the other. It also was abused by some organizations to exclude critical processes from the QMS, in the misguided belief that less scrutiny by their certification bodies of more complex or elusive activities, such as design and development, would make audits go easier. It simply made their systems incomplete and less effective.
JW : Another major problem with the three-tiered system was that only the "top level" ISO 9001 included the product-design activities. The vast majority of organizations using the ISO 9001/2/3 series were using ISO 9002, which never included design. A large percentage of ISO 9002 users were organizations that actually performed design but did not want to subject their design processes to a third-party audit. Because most real product quality issues start either in the design stage or result from disconnects between design and production, the real credibility of many certifications was highly questionable because they included only production operations. With the 2000 version, the applicability of the design clause to organizations performing design work was made clear.
Compliance with these standards requires that systems be in place for quality management procedures such as contract review, design control, document control, purchasing, inspection and testing, and for the handling of nonconforming products, among others.
ISO 9004 establishes guidelines for the implementation of ISO 9001, 9002 and 9003.
DR : The technical experts of ISO/TC 176 are actively at work revising ISO 9004. One of the recurring themes is the need to clarify its purpose and use. ISO 9004, as published and as it is being revised, is not intended to be used as a how-to guide for ISO 9001 implementation. The purpose of this guidance standard is to direct organizations beyond the minimum conformance of 9001 toward improvement initiatives that promote sustainability. It is intended to provide users with tools and information to improve their QMS and ensure its contribution to the health and success of the organization.
While ISO 9000 standards are already widely enforced within Europe, it is expected that after 1992 virtually every purchase agreement, contract and specification written by European industries, institutions and governments will include a "boilerplate" requirement that mandates a contractor be able to demonstrate compliance with ISO 9000.
Company quality management systems will be required to undergo an assessment to become "system-certified" within the European Community. The assessment must be conducted by a registered "lead assessor" supervising a team of people.
A number of EC countries have established or are about to establish a system to accredit assessors and agencies to perform quality management system audits. This accreditation mark signifies that the assessment has been conducted by an organization that has successfully passed the stringent audit of the appropriate accreditation council such as the United Kingdom's National Accreditation Council for Certification Bodies (NACCB). This gives the approval certificate added credibility, and purchasing organizations can have greater confidence in suppliers who have a certificate bearing an accreditation mark.
Under the NACCB requirements, to maintain the approval, the quality management system must be reviewed every six months. This ensures that the approved system is continuing to operate effectively. Costs for the initial certification typically begin in the $10,000 range. However, by eliminating the mandatory quality management system requirements, it is expected that ISO 9000 standards will ease the burden of conducting business with many different European nations. In addition to consistency in standards, another expected benefit is that contract negotiations regarding quality assurance will be faster since contractors will already have approved systems in place. The improvement in product quality is obviously the underlying objective.
JW : The accreditation system has grown up quite a bit since this was written in 1990. The most sought-after accreditation in the world is now that of ANSI-ASQ National Accreditation Board (ANAB), and the International Accreditation Forum works diligently to promote credibility of the accreditation and certification processes worldwide.
Although more than 10,000 European-based companies have already completed the certification process, most businesses outside of Europe are unaware of the ISO 9000 requirements and the certification process.
The ISO 9000 certification process and requirements
The ISO 9000 certification process is not complex, but it can take up to 18 months to complete.
The first step in the certification process after a manufacturer has confirmed that its quality management systems are in place and has implemented the requirements of ISO 9000 is to contact an independent organization, known as a certification body. The organization selected submits a formal price proposal and checks the manufacturer's quality management system against the appropriate ISO 9000 standard.
JW : Actually the first step is to clearly understand, at the very highest levels of management, why the organization should achieve compliance and certification to ISO 9001. Often the most important reasons relate not to meeting customer or regulatory demands for certification but rather to improve the processes of the business. In my experience, failure to clearly understand the answer to the "why" question is the most significant cause of system problems, including problems with certification and, later, problems with system efficiency and effectiveness. Without a clear understanding of what they want and need from the system, top managers eventually tend to get frustrated.
Upon agreement of the appropriate ISO 9000 standard, scope of assessment and fee proposed, the manufacturer files a formal application and the assessment program begins. The certification body provides a Quality System Supplement (QSS) to the manufacturer as a guide and reference. The QSS explains how ISO 9000 applies to each process of the quality management system. ISO 9004 establishes guidelines for the implementation of ISO 9001, 9002 and 9003. From the time the manufacturer expresses an interest in ISO 9000 certification, the process can take one and one-half to three months.
The certification body determines the manufacturer's readiness to be assessed by reviewing the quality assurance manual and procedures, prepares the corresponding assessment program, and reviews the manufacturer's quality management system on the plant site against the selected ISO 9000 standard to be assessed. This phase takes between six to nine months.
Assessment teams are selected on the basis of the type and complexity of the product and company under assessment. The number of man-hours involved in an assessment is related to the size of the company, complexity of product and ISO 9000 standard required. The findings of the assessment are documented in Non-Compliance Notes, which are graded in two categories:
• Hold-point noncompliances, which must be cleared before approval is granted. This extends the certification process four to six months.
• Ongoing-system-improvements non-compliances, which do not preclude the awarding of a certificate. The completed process takes approximately 16 months.
In the likely event (there is a 70-percent system failure rate documented) that the manufacturer must take corrective action, the certification time can be extended four to six months. A noncompliant system that has been corrected must be maintained for a period of four to six months prior to certification.
DR : My personal experience is that fewer organizations "fail" their initial audits these days. This may be due to greater awareness among users and the fact that customers in general have raised the bar for minimally acceptable practices.
JW : Denise's observations may be correct, but I never experienced any significant numbers of organizations failing an initial certification audit. It always seemed to me that organizations that were serious about quality and about having a good QMS worked very, very hard to pass the first time.
Consulting services, provided by third-party organizations prior to the initial contact with the certification body, can evaluate the system's readiness for complete assessment. Consulting identifies problem areas, provides recommended corrective action, and reduces the overall cost of the assessment process.
JW : In the early days, one of the issues raised was that certification bodies were providing consulting services for the same clients that they were certifying. This situation has improved, and the accreditation schemes are far less tolerant of such conflicts of interest today.
After initial certification, the quality management system is reviewed at semi-annual intervals for follow-up audits to maintain certification with complete re-assessment every three years.
DR : I think the other evolution to the standard is the proliferation of its use across a broad spectrum of organizations. Who would have thought 20 years ago that financial institutions, schools, blood banks, prison systems, Buddhist temples, cruise lines or retail chains would implement ISO 9001-compliant quality management systems? I don't know if anyone foresaw its success or the acceptance it has gained around the world.
JW : ISO 9001 has been around for about 19 years now and remains the most popular standard in the world. Although ISO 9001:2000 is not perfect (in fact, ISO/TC 176 is now working on improving it) and its use in individual circumstances can be debated, it remains the world's best-known and most-used standard. It can be said that most of the people on the planet who have heard of "ISO" have heard of it because of the ISO 9000 family. I don't think that in 1990 we had any idea how successful it would become.
DR : Three factors have significantly influenced this timeline. First, global commerce has made control of core processes an indisputable minimum requirement for playing in most markets. In the past, documentation and control of business practices, requirements and critical processes had been inconsistent and sporadic. An ISO 9001 project, therefore, required more time since the QMS was being built from the ground up. That situation is less likely to be the case today.
JW : Management of key processes became mandatory where I was working in the early 1980s. In fact, the 1987 version of 9001 can be roundly criticized for not adopting the "process approach" at the initial stages. With the 1994 version, process became more of a 9001 issue and, of course, the 2000 version adopted the process approach as an alternative to the more bureaucratic "procedure approach." It took a while, in my view, for the standards to catch up with the prevalent thinking of the benchmark organizations.
DR : Second, the awareness of ISO 9001 and other QMS models, such as ISO/TS 16949, ISO 13485, etc., as well as the development and availability of quality tools, has decreased the likelihood that anyone would approach an implementation process with babe-in-the-woods naiveté. People have become better educated simply because utilization of QMS models has become more pervasive.
Third, ISO 9001:2000 de-emphasized the need for "documented procedures," thus making it easier for organizations to utilize the documentation they already had in place as the basis for their QMS. Much of the time spent on earlier implementation projects involved ensuring the development of compliant documentation.
JW : The adoption of the process approach in the 2000 version means that organizations should be spending less time writing down what they do and more time analyzing and managing the processes important for success. Unfortunately, we still see way too much emphasis on documentation and too little work on process improvement.
John E. (Jack) West is a consultant, business advisor and author. From 1997 through 2005, he was chair of the U.S. TAG to ISO/TC 176 and lead delegate for the United States to the International Organization for Standardization committee responsible for the ISO 9000 series of quality management standards.
Denise Robitaille is an RABQSA-certified lead assessor, ASQ-certified quality auditor and a member of the U.S. TAG to ISO/TC 176. She's the author of numerous articles as well as The Corrective Action Handbook , The Preventive Action Handbook and The Management Review Handbook , all published by Paton Press.