ISO 9000

This is an introduction to ISO 9000. We would appreciate your feedback.

Sound: George Costanza says “Yada Yada Yada”

Topics:
What's ISO 9000?
Who Wrote It?
Benefits
Registration
Certificates
Readiness
Documentation
Interviews
Records
Implementation Plan
Timeline
Extensions
More

Site Map
About this site

What Is ISO 9000?

ISO 9000 is a series of international standards which define the requirements for a system of quality management

within an organization.

Many countries have published their own equivalents of the ISO 9000 series in their native language; the US English version is called the ANSI/ASQC Q9000 series.

ISO 9000 describes “what” must be accomplished in a generic way.

Section 4.5.1 states “the supplier shall establish and maintain a documented Quality System as a means of ensuring that product conforms to specified requirements.”

The word “product” includes the result of services as well as manufacturing.

ISO 9000 is designed to address all of the most important processes affecting quality, from the initial review of contracts received from customers, to the packaging and delivery of the finished product.

“HOW” the system is implemented is left up to each individual organization.

“ISO”

iso

Copies of Q9000 can be purchased from ANSI at 11 West 42nd Street, 13th Floor, New York, NY 10036 Phone: 212.642-4900 Fax:212.302-1286 or from the American Society for Quality (ASQ) (which changed its name from ASQC in 1997).

Who Wrote ISO 9000?

ISO 9000 was defined by an international group representing governments and professionals in the field of Quality Control and Quality Assurance.

Their documents are published by the International Organization for Standardization (IOS). Based in Switzerland since 1946, the organization is composed of the national standards bodies of 91 countries.

This organization is not an enforcement agency.

Technical Committee (TC) 176

US Standards Group

American National Standards Institute (ANSI)

What's The Big Deal?

ISO 9000 registration has become a must especially for any company involved in international commerce.

Adherence to the standard is voluntary. But many companies do business exclusively with suppliers which have had their quality systems "registered".

A ISO 9000 certificate doesn't warrant whether specific products are any good — ISO 9000 deals with the environment for producing goods and services, not specific products.

Purchasers of goods and services ask their suppliers to be certified to ISO 9000 because they want to be assured that suppliers are competent to conduct business. Customers don't want to send their own inspectors to inspect how their suppliers conduct business.

course

significant decreases in customer complaints,
better employee morale,
Reductions in operating costs, as well as
increased demand for their products and services.

“Yes, ISO 9000 centralizes information. But even better -- it declares to employees at every level that their work matters enough to be looked at thoughtfully.”

Registration

An organization can declare itself “in compliance” with ISO 9000 requirements after self assessments and self audits.

But the most common way to show compliance is to obtain a certificate from an independent organization which is not affliated with the company — a Third-Party registrar, also called an “Assessment Body.”

Auditors (also called Assessors ) employed by the Registrar seek objective evidence to answer the following questions:

Is the documented system consistent with the standard? (Do you describe what you do?)
Are activities consistent with the documentation? (Do you actually do what you say you do?)
Do documented systems and non-documented activities help your company meet its goals and objectives (especially quality objectives)? (Is it effective?)

To answer these questions, they:

Read the organization's Quality Manual and other documentation.
Observe and interview workers to determine whether they understand the documentation and can effectively apply it to their individual job.
Select and review historical Quality Records created during the conduct of business.
Write a Report documenting non-conformances.

accredited

ANSI-ASQ National Accreditation Board

RABQSA International

(Before 2005, the Registration Accreditation Board (RAB), formed in 1989 by the American Society for Quality ( www.asq.org) and accredited programs for management systems certification bodies. The RAB was governed by a board of directors from industry, academia, and quality management consulting firms.)

The most well-known registrars are:
- British Standards Institute (BSi) 800.862-4977
- Det Norske Veritas (DNV) (formerly dnvcert.com)
- Intertek 800.818-1195
- Lloyd's
- Quality System Registrars (QSR)
- Perry Johnson, Inc.
- SGS
- Underwriters Laboratories 800-285-4476

Certificates of Registration

Certificates are for specific plant locations in a specific market sector. An organization can seek one of three standards of certification:

9001 is the most comprehensive of the standards. In the 89 version, all 138 requirements grouped into 20 elements of this standard applies to organizations involved in the design and development, manufacturing, installation, and servicing of products or services. The 2000 version is grouped into 8 elements.

9002 contains 19 of 9001's elements because it is applicable to those companies which do not perform design functions, such as sub-contractors or companies operating a standard service.

9003 contains 12 of the 20 elements because it is typically applied to software labs, distribution centers, and warehouse operations. It is the least comprehensive of the standards. It applies to organizations involved in only final installation and testing (but not design and development, manufacturing, installation, or servicing) of products or services.

Our company seeks certification “ISO 9003:1994(E).” for the “testing of computer software and hardware.”.
The current standards were adopted in 2000. Since the first version published in 1987, an edition was published July 1994. The most significant changes made in the new version are described here. For the latest, see the NIST ISO 9000 webpage
Quality Digest magazine keeps a database of registered companies for their paid readers.

ISO 9004, QUALITY MANAGEMENT AND QUALITY SYSTEM ELEMENTS - GUIDELINES provides guidance in developing and implementing an internal quality system and in determining the extent each quality system element is applicable.

Readiness

Achievement of ISO 9000 registration requires a rigorous approach to making changes systematically.

Readiness for performance results from a mix of several conditions. The will of an organization to achieve registration is determined by the attitudes shared by workers as well as the capabilities they exercise. Education can be provided to transfer knowledge to workers. However, people's attitudes affect their sensitivity to information. It usually requires a shift to authority based on documents rather than rank, popularity, or other sources of power.

The consistency sought by ISO 9000 is often achieved with some loss in flexibility.

Companies usually obtain help for documentation, training, and software such as iSO-Pro to create and maintain action plans, schedules, and charts displaying measurements of key metrics.

Documentation

DNV: ISO 9000 means quality Most ISO 9000 compliant organizations document their quality system using this tiered schema:

A Quality Manual describes the overall system and states the general policies and distribution of authority;

Procedures define in general terms how the interdepartmental (cross-functional) flow of work is controlled.

Work Instructions define specifically how work is performed, step by tedious step, within an individual department.

Sample quality manuals with forms and flowcharts are available on-line from the ISO 9000 File Library, Jack Kanholm's Advanced Quality, and National Semiconductor Corp's Quality Network. Use ProcedureWRITE or Procedure Design software to create and control procedure documents on an intranet.
Learn How to Write A Good Procedure
Take the Interactive Tutorial on English.
Use Active, not passive sentences and eschew obfuscation with Nimble Documentation�.
Read Strunk's concise Elements of Style guide on how to write well.
Review The Rules of Grammar by Anthony Hughes and Browse through the Alphabetical List of Grammar by Jack Lynch.

Interviews

According to the Center for International Quality and Standards at Georgia Tech University, the number one cause of ISO registration failure and the number one non-complaince issue is “inadequate document control.”

To determine whether the organization's documentation is being used effectively, assessors observe and interview workers.

The ISO 9000 Documentation Library at the NASA Marshall Space Center has a slide show on Auditee Etiquette and other resources

Records

Auditors look for objective data associated with each the 20 elements specified by the ISO 9001 standard:

Management responsibility:
define, document, and implement a policy for quality. Included in this element are requirements for periodic management review of Business Plans (4.1.4), Data Analysis (4.1.5), and Customer satisfaction (4.1.6).

Quality system:
establish, document, and maintain a quality system which includes a quality manual, system procedures, and quality planning.

Contract review:
establish and maintain documented procedures for controlling the scope of contracts and subsequent amendments.

Design control:
establish and maintain documented procedures to control and verify the design of the product to ensure conformance to specified requirements.

Document and data control:
establish and maintain documented procedures to control all documents and data (including hard copy and electronic media) including such documents as standards and customer drawings. This includes the scope of documents, other procedures referenced, and change control procedures.

Purchasing:
establish and maintain documented procedures to ensure that purchased product, associated documents and data conform to requirements.
The standard includes the evaluation of sub-contractors based on their ability to meet subcontract requirements and the type and extent of control exercised by the supplier over sub-contractors.

Control of customer-supplied product:
establish and maintain documented procedures for the control of verification, storage and maintenance of customer-supplied product provided for incorporation into the supplies or for related activities.

Product identification and traceability:
where appropriate, establish and maintain documented procedures for identifying the product from receipt and during all stages of production, delivery and installation.

Process control:
identify and plan the production, installation and servicing processes which directly affect quality, and to ensure these processes are carried out under controlled conditions.

Inspection and testing:
establish and maintain documented procedures for inspection and testing activities, in order to verify that the specified requirements for the product are met.

Control of inspection, measuring and test equipment:
establish and maintain documented procedures to control, calibrate and maintain inspection, measuring and test equipment (including test software) used by the supplier to demonstrate the conformance of product to the specified requirements.

Inspection and test status:
the inspection and test status of product shall be identified and maintained throughout the production, installation and servicing of the product to ensure that only product that has passed the required inspections and tests (or released under an authorized concession) is dispatched, used or installed.

Control of non-conforming product:
establish and maintain documented procedures to ensure that product that does not conform to specified requirements is prevented from un-intended use or installation.

Corrective and preventive action:
establish and maintain documented procedures for implementing corrective action in the handling of customer complaints, product non-conformities, and the application of controls to ensure corrective action is taken and that it is effective. Preventive action procedures will detect, analyze, and eliminate potential causes of non-conformities.

Handling, storage, packaging, preservation and delivery:
establish and maintain documented procedures to prevent damage or deterioration of product.

Control of quality records:
establish and maintain documented procedures for identification, collection, indexing, access, filing, storage, maintenance and disposition of quality records. Quality records shall be maintained to demonstrate conformance to specified requirements and the effective operation of the quality system.

Internal quality audits:
establish and maintain documented procedures for planning and implementing internal quality audits to verify whether quality activities and related results comply with planned arrangements and to determine the effectiveness of the quality system.

Training:
establish and maintain documented procedures for identifying training needs and provide for the training of all personnel performing activities affecting quality. Appropriate records of training shall be maintained.

Servicing:
where servicing is a specified requirement, establish and maintain documented procedures for performing, verifying and reporting that the servicing meets the specified requirements.

Statistical techniques:
the supplier identify the need for statistical techniques required for establishing, controlling and verifying process capability and product characteristics, and shall establish and maintain documented procedures to implement and control their application.

The QS-9000 standard drafted by the Automotive Industry Action Group (AIAG) extended ISO 9000 to include

Production Part Approval Processes,

Continuous Improvement, and

Manufacturing Capability analysis.

See ISO 9000 in Plain English
MGMT Alliances, Inc. presents this using the analogy in slices of a pizza so you can digest the contents one slice at a time.
DNV provides articles
Publishers of books CD's about ISO 9000 include Jack Kanholm's AQA, Quality America, and Systemcorp.
$33 ISO 9000 Quality Systems Handbook by David Hoyle. Boston: Butterworth-Heinemann, 1998 presents both preparation for ISO 9000 registration and satisfying ISO 9001 requirements.
$17 ISO 9000 Pocket Guide by David Hoyle. Boston: Butterworth-Heinemann, 1998 introduces ISO 9000 Quality System Management and describes audits and graphics to satisfying ISO 9001 requirements.

Implementation Plan

A full Implementation Plan includes:

A description of the benefits and risks from this project.
A Timeline of tasks and milestones for each phase of the project.
The resources needed to achieve this timeline:
- Training materials, trainers, and consultants needed;
- When workers are expected;
- Equipment (flip charts, computers, printers, copiers, etc.);
- Facilities (meeting rooms, etc.).
Policies and procedures for obtaining resources and providing status updates.

Leadership Style,

Team Building, and

Employee Empowerment,

Customer Service, and

Strategic Planning.

Timeline for Implementation

Auditors look for a minimum of 6 months of Quality Record history. The most ambitious schedule for certification is 9-12 months.

The following was adapted from the Quality Resource Center, Quality USA, Inc. and Registrar DNV's Timeline.

Month	Phase	Tasks and Milestones
1 Nov.	Awareness and Readiness	Senior management champion recognizes a need Introductory Meetings Held Conduct Initial Readiness Survey Review Readiness with senior managers
2 Dec.	Implementation Team Development	Select and assemble a cross-functional implementation team. Train Internal Quality Auditors Train Implementation Coordinators Select and Contract with Registrar Answer Registrar's Questionaire Implementation Plan Approved and Published by Executive Team
3 Jan.	Policy Clarification	Quality Manual drafted Conduct Quality System Workshop for managers Prioritize Operating Procedure Writing Efforts Quality Manual approved and distributed Preventive and Corrective Action controls initiated
4 Feb.	“As-Is” Procedure Documentation	Conduct Quality System Workshops for workers Workers Draft Operating Procedures Prioritize Work Instruction Writing Efforts Operating Procedures approved and distributed
5 Mar.	Work Instruction Documentation	Conduct Work Instruction Writing Workshops Work Instructions reviewed and approved
6 Apr.	Internal Audit	Conduct Quality System Audit Corrective Actions issued by auditors Conduct Quality System Management Review Additional Corrective Actions issued by management
7 May	System Improvements	Workers Implement Corrective Actions Auditors Confirm Effectiveness of Corrective Actions
9 Jul.	Pre-Assessment Audit	External Auditors conduct Pre-Assessment Audit External Audit findings reported to management Corrective Actions issued by management
10 Aug.	Non-conformity Resolution	Workers resolve all known nonconformities Internal Auditors confirm status of Corrective Action Requests Readiness for Certification Audit announced by management
11 Sep.	Certification Audit	3rd Party Auditor conduct Certification Audit and issue a report After non-conformances are corrected, Certificate is issued
12 Oct.	Publicity and Follow-up	Send out Press Release about ISO 9000 CERTIFICATION! Semi-annual Periodic Audits.

Extensions

Certificates are typically valid for three years. During that time Periodic Surveillance Audits are carried out semi-annually. At the end of three years, a Certificate Extension Audit is conducted, after which time a new certificate is issued.

More About ISO 9000

Check out these sites:

NIST on ISO 9000
Amy Zuckerman, author of "ISO 9000 Made Easy" and "International Standards Desk Reference," has a tools & resources center.
simplyquality.org (formerly "ISO Easy") is dedicated to helping organizations understand and implement the ISO 9000 and ISO 9001 models for quality assurance.
isonet.com
www.iso9000checklist.com provides sample checklists and other forms.

Your rating of this page:
Low High

Your comments on this topic, please:

Publish this comment publicly

Your first name:

Your family name:

Your location (city, country):

Your Email address:

Email me updates

Top of Page

Thank you!