The Basics of ISO 9000

by Navin S. Dedhia

Organizations seeking ISO 9000 registration should
first learn the simple facts about this
international set of standards.

Most businesspeople have heard of the ISO 9000 standard series. However, many don't know its origins or requirements.

The International Organization for Standardization's Technical Committee (TC 176) produces the international quality management and quality assurance standards known as the ISO 9000 series of standards. Although relatively new, ISO 9000's roots can be traced back to the founding of ISO in 1946. The Geneva, Switzerland-based ISO establishes common sets of manufacturing, trade and communication standards.

ISO is not an acronym. It is derived from the Greek work isos, meaning equal. ISO does not lend its name to advertisements, and it is not in the registration business. ISO is only responsible for creating and publishing international standards.

These standards facilitate international exchange of goods and services. More than 100 countries participate in ISO. This includes full-voting-privilege members, correspondent members (observers) and subscribers (documentation). ISO consists of 182 active technical committees, 630 subcommittees, 1,918 working groups and 24 ad hoc study groups. While ISO 9000 is the best-known standard in North America, the ISO publishes thousands of standards.

ISO/TC 176 held its inaugural meeting in 1980 in Ottawa, with 21 participating member countries. The committee consists of a main technical committee, three subcommittees and associated working groups. ISO holds TC 176 responsible for overall management of the standardization program in the fields of quality management and quality assurance.

ISO 9000, first published in 1987, is a series of three standards and supplementary guidelines. The standards outline the collective plans, responsibilities, procedures and resources which ensure that customer requirements will be met. ISO 9000 stands for systems standardization and registration rather than product standardization and registration.

Approach to ISO 9000
ISO 9000 provides a starting place for all-encompassing quality efforts. The standards merely stipulate where organizations need documentation to validate processes and approaches but never dictate how much they require.

ISO 9000 is not a product registration standard; it in no way measures or recognizes the quality of a company's product, nor does it mean that two companies with ISO 9000 registrations are equivalent.

ISO 9000 requires:
Management that is committed, involved, focused and responsive.
People who are organized, responsible, authorized, competent, empowered and knowledgeable.
Processes that are visible, traceable, consistent, repeatable, measurable and documentable.
Documents that are appropriate, relevant, simple, understandable and consistent with processes in use.

The ISO 9000 standards basically have three requirements. First, the company must document the quality system and business process in detail. Second, the company must make sure each employee understands and follows the guidelines put forth by the documentation. And third, the documented quality system must be constantly monitored through internal and external audits, and changed or updated when necessary.

A three-step process to ISO 9000 registration includes:
Management involvement and organizational commitment, along with team spirit.
The preparation process, which entails understanding the requirements, developing a good assessment of current compliance (gap analysis), establishing an internal audit system and documenting the processes.
Audit preparation, which includes undergoing a simulation, everyone understanding the quality policy and showing a professional attitude, and fostering a good working relationship with external auditors.

The ISO 9000 audit system includes a first-party audit and a third-party audit. The first-party audit is performed internally by trained persons according to the established standards and documentation. The third-party audit involves independent reviews and registration by an external organization. Second-party audits, which are performed by the customer at a supplier's location, can be easily eliminated if the supplier is ISO 9000 registered.

ISO 9000 registration ensures that organizations take time to understand what their key quality processes are, that the processes are implemented and followed by everyone in the organization and that the processes are documented and maintained to a degree that they can be demonstrated to an outside agency.

Inherent in the ISO 9000 standards is the concept of a two-party contractual relationship. The series offers the most fundamental and basic aspects of quality by demonstrating that the organization is doing what it says to satisfy customer needs.

Registration road map
ISO 9000 registration steps include the following:
Know what you are doing.
Involve management and make them understand the concepts and obtain their commitment.
Establish a quality steering committee with empowerment.
Train management and employees.
Communicate a registration plan.
Develop an implementation plan.
Create self-assessment questions.
Establish a quality manual and procedures.
Establish an internal auditing system.
Measure compliance to the procedures.
Review results and act appropriately.
Call independent assessors in to audit.

Benefits of ISO 9000
Companies become registered to ISO 9000 to meet customer demands and expectations, achieve increased quality levels, obtain market advantage over competitors and meet the European Union's regulation requirements. Benefits of ISO 9000 registration include higher perceived quality, improved customer satisfaction, competitive edge and reduced customer quality audits. Internally, ISO 9000 registration brings better documentation, greater quality awareness, positive cultural change and increased efficiency and productivity. Meeting requirements alone cannot guarantee the quality of a product or service. Every supplier must implement an overall quality management system, covering every aspect throughout the entire life cycle of a product or service.

Lack of management commitment, lack of procedures and documentation, and not following set procedures prevents organizations from achieving ISO 9000 registration. ISO 9000's focus is conformity to practices specified in a registrant's own quality system. Its purpose is to enhance and facilitate trade. Registration means conformity to documented practices. ISO 9000 is not an award.

ISO 9000 provides a foundation and complementary approach to quality by focusing on process documentation and maintaining appropriate records. The standards lay the foundation for a total quality management program by concentrating on three fundamental aspects: implementing quality controls, documenting the various processes and procedures, and ensuring that the appropriate quality emphasis is established and followed by everyone in the organization. ISO 9000 standards form a template for the creation of a sound quality process. ISO 9000 enables suppliers to provide assurance that they have established an operational quality system.

International customers have started to make ISO 9000 compliance an integral part of their purchase agreements. Customers use the standards as a way to differentiate the offerings of various suppliers, particularly when products and services are substantially similar. Customers see compliance as a way to gain a degree of assurance that suppliers are doing what they say they are doing.

The organization seeking registration has a great deal of flexibility in deciding on the scope of the registration. Individual product lines or functional entities can be registered separately, a single site can be registered or a division with multiple sites/locations can be registered.

ISO 9000 documents
Revised in 1994, ISO 9000 consists of five main documents:
ISO 9000 describes and clarifies quality concepts and provides guidelines for the selection and use of the series.
ISO 9001 provides a model for quality assurance in design, development, production, installation and services.
ISO 9002 describes the supplier's required capabilities in production and installation.
ISO 9003 is a seldom-used subset. It applies to companies providing final inspection and test services.
ISO 9004 describes each of the quality system elements in ISO 9000, helping companies to select the appropriate elements in designing a quality system for a particular facility.

ISO 9000 is written in general terms to accommodate the full range of activities undertaken by manufacturers and service providers. Companies that achieve registration can improve relations with customers, gain better control over paperwork and processes, and increase their marketability.

ISO 9001, the most comprehensive of the standards, applies the process model at the company level. It outlines quality management activities and requirements during a complete product or service life cycle from design to installation. It details requirements such as the responsibilities of top management, setting up documentary evidence, systems to prevent and correct nonconformances, and specific necessary actions, such as supplier certification, to ensure quality throughout the life cycle.

The quality manual describes the elements of the quality system. It is the top-level quality document and is supplemented by specific procedures that describe business processes to produce quality products and services.

Making ISO 9000 work for you
Implementing ISO 9000 leads to improved competitiveness because participants:
Enforce an explicit statement of declared aims or specifications.
Enforce a system of monitoring and keeping records.
Provide the necessary discipline to carry out audits and reviews of systems to get to the root causes of problems.
Define responsibilities.
Provide an auditable system that can be verified by external auditors.
Help to successfully implement the feedback loop.
Focus on customer needs.
Apply a supplier/customer relationship with well-defined and mutually agreed-upon requirements.
Develop a prevention attitude throughout the company, accompanied by an early detection and correction system.
Establish clearly documented procedures, understood by everyone concerned.
Provide adequate quality training for everyone that includes general comprehension of what quality means and training in the use of specific tools.

The effects of ISO 9000 are now becoming very visible. While questions have always been raised about the value of ISO 9000 in improving product quality and productivity, achieving results and satisfying customers, many organizations will attest to the fact that ISO 9000 registration has done all these things and more.

The international standards can be ordered directly from the ISO Central Secretariat, Case Postale 56, CH-1211, Geneva 20, Switzerland, telephone (022) 741-0111, or from the American Society for Quality Control, 611 E. Wisconsin Ave., P.O. Box 3066, Milwaukee, WI 53201-3066, telephone (800) 248-1946 or fax (414) 272-1734.

About the author
Navin S. Dedhia is an advisory engineer at the storage systems division of IBM Corp. in San Jose, California. He joined IBM in 1968 in E. Fishkill, New York. He received the E. Jack Lancaster Award from ASQC in 1993. He is currently chair/trustee of the International Chapter of ASQC.