ISO 9000

ISO 9000 specifies requirements for a Quality Management System overseeing the production of a product or service. It is not a standard for ensuring a product or service is of quality; rather, it attests to the process of production, and how it will be managed and reviewed.

ISO 9000 was originally created by the British Standard Institute as BS 5750. The standard is now maintained by ISO (the International Organization for Standardization) and administered by accreditation and certification bodies.

It is widely accepted, although its high price and effort has led to many companies using alternatives such as IC9700, or IC9200 , both of which are issued by the International Charter.

History

In World War II, Britain had a serious problem with bombs going off in munitions factories. In an attempt to solve the problem, the Ministry of Defence placed inspectors in munitions factories. To supply to the Government, a company had to write up the procedure for making their product, have the procedure inspected by the Ministry and ensure their workers followed these procedures.

This, and similar problems in the nuclear and power generation industries over the following decades, were symptoms of rapid technological advance in manufacturing. Advances in science were pushed into technology and thence into manufacturing too fast to be properly managed. Furthermore, managers were seen as too often basing decisions on paper reports rather than on understanding what was happening on the factory floor.

In 1959, the United States developed Quality Program Requirements, MIL-Q-9858a , a quality standard for military procurement, detailing what suppliers had to do to achieve conformance. By 1962, NASA had similarly developed Quality System Requirements for its suppliers. In 1968, NATO adopted the AQAP (Allied Quality Assurance Procedures) specifications for the procurement of NATO equipment.

The idea of quality assurance spread beyond the military. In 1966, the UK Government led the first national campaign for quality and reliability with the slogan "Quality is everybody's business." In 1969, the Central Electricity Generating Board (UK) and Ontario Hydro (Canada) developed quality assurance standards for suppliers.

By this time, suppliers were being assessed by any number of their customers. It was widely recognized that this was a very wasteful duplication of effort. In 1969, a UK committee report on the subject recommended that suppliers' methods should be assessed against a generic standard of quality assurance.

In 1971, the British Standard Institute published the first UK standard for quality assurance, BS 9000, which was developed for the electronics industry. In 1974, BSI published BS 5179, Guidelines for Quality Assurance.

In order to shift the burden of inspection from the customer, quality assurance was guaranteed by the supplier through third-party inspection.

Through the 1970s, BSI organized meetings with industry to set a common standard. The result was BS 5750 in 1979. Key industry bodies agreed to drop their own standards and use it instead. The purpose of BS 5750 was to provide a common contractual document, demonstrating that industrial production was controlled.

Revisions

The standard has evolved over several revisions.

• The initial 1987 version, ISO 9000:1987, originally issued as BS 5750, focused on quality control via retroactive checking and corrective actions. This version was strongly influenced by the existing US Department of Defence Military Standards ("MILSPECS") on manufacturing, and so was well-suited to the demands of a rigorous, stable, factory-floor manufacturing process.
• The 1994 version, ISO 9000:1994, emphasized quality assurance via preventive actions, and required evidence of compliance with documented procedures. Unfortunately, companies tended to implement its requirements by creating shelf-loads of procedure manuals, and becoming burdened with an ISO bureaucracy. Adapting and improving processes could be particularly difficult in this kind of environment.
• The 2000 version, ISO 9000:2000, introduced the concept of process effectiveness via process performance metrics, and so reduced the emphasis on having documented procedures if clear evidence could be presented to show that the process was working well. Expectations of continuous process improvement and tracking customer satisfaction were made explicit at this revision.

Certification

ISO does not itself certify organizations. Many countries have formed accreditation bodies to authorize certification bodies, which audit organizations applying for ISO 9001 compliance certification. * note * It is not possible to be certified to ISO 9000. Although commonly referred to ISO 9000:2000 certification, the actual standard to which an organization's quality management can be certified is ISO 9001:2000. Both the accreditation bodies and the certification bodies charge fees for their services. The various accreditation bodies have mutual agreements with each other to ensure that certificates issued by one of the accredited certification bodies (CB) is world-wide accepted.

The applying organization is assessed based on an extensive sample of its sites, functions, products, services, and processes and a list of problems ("action requests" or "non-compliances") made known to management. If there are no major problems on this list, the certification body will issue an ISO 9001 certificate (see note above) for each geographical site it has visited once it receives a satisfactory improvement plan from the management showing how any problems will be resolved.

An ISO certificate is not a once-and-for-all award, but must be renewed at regular intervals recommended by the certification body — usually around 3 years.

Auditing

Two types of auditing are required by the standard: auditing by the external certification body and audits by internal staff trained for this process. The aim is a continual process of assessment, leading to corrective and preventive actions, is maintained throughout the scope of the certified organization. It is considered healthier for internal auditors to audit outside their usual management line, so as to bring a degree of independence to their judgements.

Under the 1994 standard, the auditing process could be adequately addressed by performing "compliance auditing":

• Tell me what you do (describe the business process)
• Show me where it says that (reference the procedure manuals)
• Prove that that is what happened (exhibit evidence in documented records)

Under the 2000 standard, the auditor performs a similar function but is required to make more value judgements on what is effective, rather than adhering safely to the formalism of what is prescribed.

ISO 9000 document suite

ISO 9000 is composed of the following sections:

• ISO 9000 covers the basic language.
• ISO 9001 is intended for use in organizations who do design, development, installation and servicing of their product. It discusses how to meet customer needs effectively. This is the only implementation for which third-party auditors may grant certifications. The latest version is :2000.
• ISO 9002 is nearly identical to 9001, except it does not incorporate design and development. In ISO 9000:2000, this was replaced by ISO 9001:2000.
• ISO 9003 is intended for organizations whose processes are almost exclusive to inspection and testing of final products. In ISO 9000:2000, this was replaced by ISO 9001:2000.
• ISO 9004 covers performance improvements. This gives you advice on what you should (or could) do to achieve ISO 9001 compliance and customer satisfaction.

There are over 20 different members of the ISO 9000 family, most of them not explicitly referred to as "ISO 900x". For example, parts of the 10,000 range are also considered part of the 9000 family: ISO 10007:1995 discusses how to maintain a large system while changing individual components.

To the casual reader, it is usually sufficient to understand that when an organization claims to be "ISO 9000 compliant", it means they conform to one of the specifications of ISO 9001:2000. (Note that certification to ISO 9001:1994, or ISO 9002:1994 or ISO 9003:1994 is not valid after 14 December 2003.)

The ISO website and documentation give more detail on what each specification entails. Many have seemingly subtle variations.

Industry-specific interpretations

As the paragraphs and clauses of the ISO 9001 standard have always been very generalized and abstract, they have to be carefully interpreted to make sense within a particular organization. Developing software is not like making cheese or offering counseling services, yet the ISO 9001 guidelines can potentially be applied to each of these industries.

Over time, various industry sectors have wanted to standardize their interpretations of the guidelines within their own marketplace.

• The TICK-IT standard is an interpretation of ISO 9000 produced by the UK Board of Trade to suit the processes of the information technology industry, especially software development.
• AS 9000 is the Aerospace Basic Quality System Standard, an interpretation developed by major aerospace manufacturers. The current version is AS 9100.
• QS 9000 is an interpretation agreed upon by major automotive manufacturers (GM, Ford, Chrysler). It includes techniques such as FMEA and APQP .
• ISO/TS 16949:2002 is an interpretation agreed upon by major automotive manufacturers (American and European manufacturers); the latest version is based on ISO 9001:2000. The emphasis on a process approach is stronger than in ISO 9001:2000 as well automotive industry specific requirements.

Criticisms of ISO 9000

Criticisms of ISO 9000 generally concern inappropriate misapplication or extension of its use in companies, and the effect this can have on organizational culture.

• BS 5750 was designed to show that production was controlled. It in no way addresses process or performance improvement. Processes, technology and customer demands are ever-changing, but useful changes can be blocked for being non-compliant. Whereas the work of W. Edwards Deming focuses on awareness of processes, thus harnessing workers' creativity, ISO 9000 can create a culture of ritualizing processes — including creative ones — thus suppressing it.
• "When all you have is a hammer, every problem looks like a nail." It may not be appropriate to apply a process such as ISO 9000 to a field requiring creativity, such as software engineering, which is more analogous to designing factories than to operating a factory. ISO 9000 is sometimes used as an excuse for inappropriate Taylorisation.
• Bad managers still manage at arm's length, using paper reports rather than knowing what is happening on the factory floor. ISO 9000 can reinforce this behaviour. Instead of being seen as an opportunity to improve things, audits often become quite confrontational in structure.
• Many companies only register to ISO 9000 because they are forced to by the marketplace — whether or not ISO 9000 is in fact appropriate to their business.

These problems were particularly pronounced with the ISO 9000:1994 revision. The 2000 revision was in part an attempt to address such criticisms.

There are few or no objective metrics showing any effectiveness for ISO 9000. In 1997, two people took the BSI to the Advertising Standards Authority for claiming in an advertisement that ISO 9001 "improves productivity ... almost always gives an immediate result in terms of productivity and efficiency, and that means cost reductions ... pays for itself ... Staff morale is better because they understand what is expected of them and each other," whilst being unable to produce any objective metrics to substantiate these assertions. The complaint was upheld.

In Japan, amidst complaints of ISO 9000 undermining world-class thinking, Toyota abandoned the standard in 2000, moving back to their in-house Toyota Production System.

Related standards

ISO 14000 exists to ensure that the manufacture of a product has the lowest possible environmental ramifications. Like ISO 9000, it pertains to how a product is produced, rather than how it is designed.

External links

• ISO 9000 family — from ISO

Critical links

• ASA complaint against BSI regarding ISO 9000
• The 'quality' you can't feel — John Seddon, The Observer, Sunday 19 November 2000
• A Brief History of ISO 9000: Where did we go wrong? — first chapter of The Case Against ISO 9000 by John Seddon, ISBN 1860761739