ISO 9000

ISO 9000
From Wikipedia, the free encyclopedia
Jump to: navigation, search

ISO 9001 certification of a fish wholesaler at the Tsukiji fish market
ISO 9000 is a family of ISO (the International Organization for Standardization) standards for quality management systems.
ISO 9000 was developed from the British Standards Institution's BS 5750. The ISO 9000 standards are maintained by ISO and administered by accreditation and certification bodies.
Although the standards originated in manufacturing, they are now employed across a wide range of other types of organizations. In fact, according to ISO in 2004, "service sectors now account by far for the highest number of ISO 9001:2000 certificates - about 31% of the total" - source: the ISO Survey 2004
ISO 9000 is quite similar to ISO 14000. Both pertain to how a product is produced, rather than how it is designed. For example, ISO 216 very precisely specifies sizes of paper. ISO 9000 and ISO 14000 are more general, referring to processes, rather than any single product.
ISO 9000 is intended to make sure that the product—any product—has been produced in the most efficient and effective manner possible. ISO 9000 does not guarantee the compliance (and therefore the quality) of end products and services; rather, it certifies that consistent business processes are being applied.
ISO 14000 exists to ensure the product (again, any product) has the lowest possible environmental impacts.
[edit] History
Errors committed in manufacturing have been an impetus for creating quality standards. For example, in World War I, a high percentage of shells failed to explode. This was traced to different definitions of an inch by the two major UK armaments manufacturers, leading to calibration standards.
During World War II, the United Kingdom had a serious problem with accidental detonations in weapons factories. In an attempt to solve the problem, the Ministry of Defence placed inspectors in the factories to oversee the production process. To supply to the Government, a company had to write up the procedure for making their product, have the procedure approved by the Ministry and ensure that their workers followed the procedure. None of the early commercial "quality gurus", such as Walter Shewhart, W. Edwards Deming or Phillip Crosby advocated rigorous adherence to written procedures as a method of achieving or improving quality.
In 1959, the United States developed Quality Program Requirements, a quality standard for military procurement, detailing what suppliers had to do to achieve conformance. By 1962, NASA had similarly developed Quality System Requirements for its suppliers and applied these techniques on the project "travel to the moon" with great success. In 1968, NATO adopted the AQAP (Allied Quality Assurance Procedures) specifications for the procurement of NATO equipment. In 1970, the AEC (which has become the NRC) adopted the 18 Quality Assurance criteria for the construction of nuclear power plants. These criteria were published in the Appendix B of the 10CFR50 (the American legislation about nuclear power reactors) and are still applicable today. They can be read on NRC website ( www.nrc.gov ).
The idea of quality assurance spread beyond the military and nuclear sectors. In 1966, the United Kingdom Government led the first national campaign for quality and reliability with the slogan "Quality is everybody's business." In 1969, the UK and Canada developed quality assurance standards for suppliers.
By this time, suppliers were being assessed by any number of their customers. In 1969, a UK committee report on the subject recommended that suppliers' methods should be assessed against a generic standard of quality assurance, to avoid duplication of effort.
In 1971, the British Standards Institution (BSI) published the first UK standard for quality assurance, BS 9000, which was developed for the electronics industry. In 1974, BSI published BS 5179, Guidelines for Quality Assurance.
In order to shift the burden of inspection from the customer, quality assurance was guaranteed by the supplier through third-party inspection, though none of the assessing bodies at that time accepted any legal liability for the quality of their decisions. The collapse of a jetty at Dover, which had been assessed by LRQA, an assessing body, and the subsequent court case forced a rethink.
Through the 1970s, BSI organized meetings with industry to set a common standard. The result was BS 5750 in 1979, which however much consulation there was, turned out to be an almost exact replica of the DEF-STAN 05-21/24 series of military quality assurance Standards, driven by a Rear Admiral Spikernell who took over as Director General of BSI after a spell in charge of military purchasing. Key industry bodies agreed to drop their own standards and use it instead. The purpose of BS 5750 was to provide a common contractual document, demonstrating that industrial production was controlled.
In 1982 the UK government produced a White Paper No. 8621 entitled "Standards, Quality and International Competitiveness". This introduced the concept of certification of a company's management system as a marketing tool. Obviously, an independent third party was needed to ensure fairness. The original idea in the white paper was that BSI would partner with trade associations to produce industry sector-specific variants of BS 5750, but since these variants were never allowed to exceed the basic requirements of BS 5750, and few trade bodies had the necessary resources, BSI became the first de facto assessors.
The lack of technical expertise in the first assessors, and the inevitable fact that the first generation of assessors were trained by people with purely military quality assurance skills caused many problems. At the time, military procurement contracts were given on a cost-plus basis, so on-costs such as inspection, internal auditing and procedure writing became profit centers.

[edit] Revisions
The standard has evolved over several revisions.
The initial 1987 version, ISO 9000:1987, had the same structure as the UK Standard BS 5750, with three 'models' for quality management systems, the selection of which was based on the scope of activities of the organization. This initial document, while structured like the British Standard, drew heavily from numerous documents then in use around the world. Although the Standard has gone through two more iterations which have resulted in some radically changed language, all the core, prevention oriented quality assurance requirements were present in the 1987 document. Contrary to many claims, the Standard did not focus on quality control via retroactive checking and corrective actions. The language of this first version of the Standard was influenced by existing US and other Defence Military Standards ("MIL SPECS") so was more accessible to manufacturing, and was well-suited to the demands of a rigorous, stable, factory-floor manufacturing process. With its structure of twenty 'elements' of requirements, the emphasis tended to be overly placed on conformance with procedures rather than the overall process of management - which was the actual intent.
The 1994 version, ISO 9000:1994, was an attempt to break from the practices which had somewhat corrupted the use of the 1987 standard. It also emphasized quality assurance via preventive actions, and continued to require evidence of compliance with documented procedures. Unfortunately, as with the first edition, companies tended to implement its requirements by creating shelf-loads of procedure manuals, and becoming burdened with an ISO bureaucracy. Adapting and improving processes could be particularly difficult in this kind of environment.
The 2000 version, ISO 9000:2000, sought to make a radical change in thinking by actually placing the concept of process management front and centre in the Standard. Documents produced by the ISO Technical Committee which drafted the third edition make it clear that they didn't see any change in the essential goals of the standard, which had always been about 'a documented system' not a 'system of documents'. The goal was always to have management system effectiveness via process performance metrics. The third edition makes this more visible and so reduced the emphasis on having documented procedures if clear evidence could be presented to show that the process was working well. Expectations of continual process improvement and tracking customer satisfaction were made explicit at this revision. Unfortunately too many organizations continue to produce reams of unnecessary documents and to write quality systems around the paragraph structures of ISO 9001 rather than analysing their business processes and building systems around the process flow of the organization.

[edit] Contents
Like all properly-written Standards (see BS 0:2005 A standard for standards.), ISO 9000 seeks to set criteria which achieve a goal and is not prescriptive as to methods.
The requirements come in Sections 4 to 8.
Section 4 is entitled General Requirements
Section 5 is entitled Management Responsibility
Section 6 is entitled Resource Management
Section 7 is entitled Product Realisation
Section 8 is entitled Measurement, analysis and improvement
In each of these areas, ISO 9001:2000 seeks to set out key requirements, which if met will ensure consistency.
In the standard, there are 6 documents that ISO specifies:
Control of Documents (4.2.3)
Control of Records (4.2.4)
Internal Audits (8.2.2)
Control of Nonconforming Product / Service (8.3)
Corrective Action (8.5.2)
Preventive Action (8.5.3)
In addition to these, ISO 9001:2000 requires a Quality Policy and Quality Manual (which may or may not include the above documents).

[edit] Certification
ISO does not itself certify organizations. Many countries have formed accreditation bodies to authorize certification bodies, which audit organizations applying for ISO 9001 compliance certification. It is important to note that it is not possible to be certified to ISO 9000. Although commonly referred to as ISO 9000:2000 certification, the actual standard to which an organization's quality management can be certified is ISO 9001:2000. Both the accreditation bodies and the certification bodies charge fees for their services. The various accreditation bodies have mutual agreements with each other to ensure that certificates issued by one of the Accredited Certification Bodies (CB) are accepted world-wide.
The applying organization is assessed based on an extensive sample of its sites, functions, products, services, and processes and a list of problems ("action requests" or "non-compliances") made known to the management. If there are no major problems on this list, the certification body will issue an ISO 9001 certificate for each geographical site it has visited, once it receives a satisfactory improvement plan from the management showing how any problems will be resolved.
An ISO certificate is not a once-and-for-all award, but must be renewed at regular intervals recommended by the certification body, usually around three years. In contrast to the Capability Maturity Model there are no grades of competence within ISO 9001.

[edit] Auditing
Two types of auditing are required to become registered to the standard: auditing by an external certification body (external audit) and audits by internal staff trained for this process (internal audits). The aim is a continual process of review and assessment, to verify that the system is working as it's supposed to, find out where it can improve, and to correct or prevent problems identified. It is considered healthier for internal auditors to audit outside their usual management line, so as to bring a degree of independence to their judgements.
Under the 1994 standard, the auditing process could be adequately addressed by performing "compliance auditing":
Tell me what you do (describe the business process)
Show me where it says that (reference the procedure manuals)
Prove that that is what happened (exhibit evidence in documented records)
How this led to preventive actions was not clear.
The 2000 standard uses the process approach. While auditors perform similar functions, they are expected to go beyond mere auditing for rote "compliance" by focusing on risk, status and importance. This means they are expected to make more judgements on what is effective, rather than merely adhering to what is formally prescribed. The difference from the previous standard can be explained thus:
Under the 1994 version, the question was broadly "Are you doing what the manual says you should be doing?", whereas under the 2000 version, the question is more "Will this process help you achieve your stated objectives? Is it a good process, or is there a way to do it better?".
The ISO 19011 standard for auditing applies to ISO 9000.

[edit] ISO 9000 document suite
ISO 9000 is composed of the following sections:
ISO 9000:2000, Quality management systems - Fundamentals and vocabulary. covers the basics of what quality management systems are and also contains the core language of the ISO 9000 series of standards. The latest version is ISO 9000:2005.
ISO 9001 Quality management systems - Requirements is intended for use in any organization which designs, develops, manufactures, installs and/or services any product or provides any form of service. It provides a number of requirements which an organization needs to fulfill if it is to achieve customer satisfaction through consistent products and services which meet customer expectations. This is the only implementation for which third-party auditors may grant certifications. The latest version is :2000.
ISO 9004 Quality management systems - Guidelines for performance improvements. covers continual improvement. This gives you advice on what you could do to enhance a mature system. This standard very specifically states that it is not intended as a guide to implementation.
There are many different standards which are referenced in ISO 9001 family. A lot of them do not even carry "ISO 900x" numbers. For example, parts of the 10,000 range are also considered part of the 9000 family: ISO 10007:1995 discusses Configuration management, which for most organizations is just one element of a complete management system. A complete list of documents in the ISO 9000 family is maintained here
To the casual reader, it is usually sufficient to understand that when an organization claims to be "ISO 9000 compliant", it means they conform to ISO 9001.
However, even ISO (the International Organization for Standardization) itself is critical of the widespread emphasis on certification to ISO 9001 : "The emphasis on certification tends to overshadow the fact that there is an entire family of ISO 9000 standards ... organizations stand to obtain the greatest value when the standards in the new core series are used in an integrated manner, both with each other and with the other standards making up the ISO 9000 family as a whole". Get the best of out of the ISO 9000 family.

[edit] Industry-specific interpretations
The ISO 9001 standard is generalized and abstract. Its parts must be carefully interpreted, to make sense within a particular organization. Developing software is not like making cheese or offering counseling services; yet the ISO 9001 guidelines, because they are business management guidelines, can be applied to each of these. Diverse organizations—police departments (US), professional soccer teams (Mexico) and city councils (UK)—have successfully implemented ISO 9001:2000 systems.
Over time, various industry sectors have wanted to standardize their interpretations of the guidelines within their own marketplace. This is partly to ensure that their versions of ISO 9000 have their specific requirements, but also to try and ensure that more appropriately trained and experienced auditors are sent to assess them.
The TickIT guidelines are an interpretation of ISO 9000 produced by the UK Board of Trade to suit the processes of the information technology industry, especially software development.
AS 9000 is the Aerospace Basic Quality System Standard, an interpretation developed by major aerospace manufacturers. The current version is AS 9100.
PS 9000 is an application of the standard for Pharmaceutical Packaging Materials.
QS 9000 is an interpretation agreed upon by major automotive manufacturers (GM, Ford, Chrysler). It includes techniques such as FMEA and APQP. QS 9000 is now replaced by ISO/TS 16949.
ISO/TS 16949:2002 is an interpretation agreed upon by major automotive manufacturers (American and European manufacturers); the latest version is based on ISO 9001:2000. The emphasis on a process approach is stronger than in ISO 9001:2000. ISO/TS 16949:2002 contains the full text of ISO 9001:2000 and automotive industry-specific requirements.
TL 9000 is the Telecom Quality Management and Measurement System Standard, an interpretation developed by the telecom consortium, QuEST Forum. The current version is 4.0 and unlike ISO 9001 or the above sector standards, TL 9000 includes standardized product measurements that can be benchmarked.
ISO 13485:2003 is the medical industry's equivalent of ISO 9001:2000. Whereas the standards it replaces were interpretations of how to apply ISO 9001 and ISO 9002 to medical devices, ISO 13485:2003 is a stand-alone standard. Compliance with ISO 13485 does not necessarily mean compliance with IS0 9001:2000.

[edit] Criticisms of ISO 9000
Many companies have found the transition to conforming to ISO 9000 difficult. This, along with doubts about the fundamental value of the standard, has spawned many criticisms, including:
The compliance process is costly and time-consuming.
Lots of administration is needed to implement it.
Adhering to ISO 9000 makes processes more consistent; to some proponents of continuous improvement, it also makes it harder to improve and readapt the processes.
"When all you have is a hammer, every problem looks like a nail." It has been argued that it may not be appropriate to apply a process such as ISO 9000 to a field requiring creativity, such as software engineering, which is more analogous to designing factories than to operating a factory.
Bad managers still manage at arm's length, using paper reports rather than knowing what is happening on the factory floor. ISO 9000 can reinforce this behaviour. Instead of being seen as an opportunity to improve things, audits often become quite confrontational in structure.
Many companies only register to ISO 9000 because they are forced to by the marketplace, whether or not ISO 9000 is in fact appropriate to their business.
ISO 9001:2000 does not give too much practical advice, but instead focuses on general principles. In order to create a standard applicable to almost any kind of organization, specific requirements and tools were avoided whenever possible. This is one of the reasons for the proliferation of industry-specific standards which are more practical and give clear guidance about what quality tools have to be used when.
It can be easier to produce the necessary documents than it is to improve the business processes themselves.
There are few objective metrics showing any effectiveness for ISO 9001. In 1997, two people took the BSI to the Advertising Standards Authority for claiming in an advertisement that ISO 9001 "improves productivity ... almost always gives an immediate result in terms of productivity and efficiency, and that means cost reductions ... pays for itself ... Staff morale is better because they understand what is expected of them and each other," whilst being unable to produce any objective metrics to substantiate these assertions. The complaint was upheld.
Quality programmes are notoriously difficult to quantify as Crosby warned in Quality is Free back in 1979, long before the first of these standards emerged. When an organization is measuring nothing, the only "quality costs" it knows are the basics of scrap and rework, and often even these are not being tracked effectively. Once a formal system is introduced, much more accurate data starts to emerge and initial costs of quality often appear to increase.
Toyota abandoned the standard in 2000, moving back to their in-house Toyota Production System.
One of the most concise and well-regarded statements of how to achieve quality is Deming's 14 points[citation needed]. A comparison of the principles of even ISO 9001:2000 against the 14 points still shows a considerable mismatch.

[edit] Quality consultants
A rarely examined aspect of ISO 9000 is the consultant. In the UK the government initiated a program called the "Quality Initiative" with a TV advert showing paperwork being blown out of the window by the consultant. There were very few qualification requirements for the early consultants and the Quality Initiative rapidly became a paperwork-producing exercise using the recently-invented word processor. Success in the Quality Initiative was based on completion of the project rather than certification, quality improvement or bottom-line improvements for the customer.
For quality consultants to be effective, they need to have a good understanding both of ISO 9001 and the sector or company they are seeking to apply it to. Effective ISO 9001 implementation is supposed to lead to improved productivity, efficiency, consistency and client service. If ISO 9001 is not delivering this, then it has not been effectively implemented, and the fault may very well lie with the consultant.
Dr. Jack E. Small, in his book ISO 9000 for Executives said, "There is no substitute for practical experience! One of the most important ingredients an ISO 9000 consultant can bring is that they have actually been a part of an ISO 9000 registration (rather than merely talking about it). Experience will often allow clients to avoid costly mistakes and most certainly will reduce the learning curve—which will always prove to be a good investment.".
The Institute of Quality Assurance runs a Management Consultants Register which provides an organisation seeking assistance with the names of three consultants with the required expertise.
ISO 9001 Case Study

[edit] Related standards
ISO 10005
ISO 10006 Quality management; Guidelines to quality in project management
ISO 10011

[edit] See also
ISO 14000 - Environmental management standards
ISO 18000
ISO 19011 - Guidelines for quality management systems auditing and environmental management systems auditing
ISO 17025 - General requirements for the competence of testing and calibration laboratories
ISO/IEC 17025 - ISO 9000 adaptation for testing and calibration laboratories
ISO/TS 16949
ISO 15189 - Quality management system requirements for medical labaratories