ISO 9000

From Free net encyclopedia

Image:ISO 9001 in Tsukiji.jpg ISO 9000 is an ISO standard for Quality Management Systems.

ISO 9000 was developed from the British Standards Institution's BS 5750. The ISO 9000 standard is maintained by ISO (the International Organization for Standardization) and administered by accreditation and certification bodies. It is widely used in manufacturing, although high costs and difficulties with implementation have led to many companies using alternatives such as IC9700, or IC9200, both of which are issued by the International Charter, or their own specific in-house 'standard'.

Some countries re-label ISO 9000 as a national standard. (e.g. IR 9000 in Iran).

It should be emphasised that ISO 9000 does not guarantee the quality of the end products - rather, it certifies that the correct manufacturing process is being carried out.

1 History
2 Revisions
3 Certification
4 Auditing
5 ISO 9000 document suite
6 Industry-specific interpretations
7 Criticisms of ISO 9000
8 Related standards
9 External links
- 9.1 Critical links
10 See also

[edit]

History

During World War II, the United Kingdom had a serious problem with accidental detonations in weapons factories. In an attempt to solve the problem, the Ministry of Defence placed inspectors in the factories to oversee the production process; to supply to the Government, a company had to write up the procedure for making their product, have the procedure approved by the Ministry and ensure their workers followed these procedures.

In 1959, the United States developed Quality Program Requirements, a quality standard for military procurement, detailing what suppliers had to do to achieve conformance. By 1962, NASA had similarly developed Quality System Requirements for its suppliers. In 1968, NATO adopted the AQAP (Allied Quality Assurance Procedures) specifications for the procurement of NATO equipment.

The idea of quality assurance spread beyond the military. In 1966, the United Kingdom Government led the first national campaign for quality and reliability with the slogan "Quality is everybody's business." In 1969, the UK and Canada developed quality assurance standards for suppliers.

By this time, suppliers were being assessed by any number of their customers. In 1969, a UK committee report on the subject recommended that suppliers' methods should be assessed against a generic standard of quality assurance, to avoid duplication of effort.

In 1971, the British Standard Institute published the first UK standard for quality assurance, BS 9000, which was developed for the electronics industry. In 1974, BSI published BS 5179, Guidelines for Quality Assurance.

In order to shift the burden of inspection from the customer, quality assurance was guaranteed by the supplier through third-party inspection.

Through the 1970s, BSI organized meetings with industry to set a common standard. The result was BS 5750 in 1979. Key industry bodies agreed to drop their own standards and use it instead. The purpose of BS 5750 was to provide a common contractual document, demonstrating that industrial production was controlled.

[edit]

Revisions

The standard has evolved over several revisions.

The initial 1987 version, ISO 9000:1987, had the same structure as the UK Standard BS 5750, with three 'models' for quality management systems, the selection of which was based on the scope of activities of the organization. This initial document, while structured like the British Standard, drew heavily from numerous documents then in use around the world. Although the Standard has gone through two more iterations which have resulted in some radically changed language, all the core, prevention oriented quality assurance requirements were present in the 1987 document. Contrary to many claims, the Standard did not focus on quality control via retroactive checking and corrective actions. The language of this first version of the Standard was influenced by existing US and other Defence Military Standards ("MIL SPECS") so was more accessible to manufacturing, and was well-suited to the demands of a rigorous, stable, factory-floor manufacturing process. With its structure of twenty 'elements' of requirements, the emphasis tended to be overly placed on conformance with procedures rather than the overall process of management - which was the actual intent.
The 1994 version, ISO 9000:1994, was an attempt to break from the practices which had somewhat corrupted the use of the 1987 standard. It also emphasized quality assurance via preventive actions, and continued to require evidence of compliance with documented procedures. Unfortunately, as with the first edition, companies tended to implement its requirements by creating shelf-loads of procedure manuals, and becoming burdened with an ISO bureaucracy. Adapting and improving processes could be particularly difficult in this kind of environment.
The 2000 version, ISO 9000:2000, sought to make a radical change in thinking by actually placing the concept of process management front and centre in the Standard. Documents produced by the ISO Technical Committee which drafted the third edition make it clear that they didn't see any change in the essential goals of the standard, which had always been about 'a documented system' not a 'system of documents'. The goal was always to have management system effectiveness via process performance metrics. The third edition makes this more visible and so reduced the emphasis on having documented procedures if clear evidence could be presented to show that the process was working well. Expectations of continual process improvement and tracking customer satisfaction were made explicit at this revision. Unfortunately too many organizations continue to produce reams of unnecessary documents and to write quality systems around the paragraph structures of ISO 9001 rather than analysing their business processes and building systems around the process flow of the organization.

[edit]

Certification

ISO does not itself certify organizations. Many countries have formed accreditation bodies to authorize certification bodies, which audit organizations applying for ISO 9001 compliance certification. It is important to note that it is not possible to be certified to ISO 9000. Although commonly referred to as ISO 9000:2000 certification, the actual standard to which an organization's quality management can be certified is ISO 9001:2000. Both the accreditation bodies and the certification bodies charge fees for their services. The various accreditation bodies have mutual agreements with each other to ensure that certificates issued by one of the Accredited Certification Bodies (CB) are accepted world-wide.

The applying organization is assessed based on an extensive sample of its sites, functions, products, services, and processes and a list of problems ("action requests" or "non-compliances") made known to the management. If there are no major problems on this list, the certification body will issue an ISO 9001 certificate for each geographical site it has visited, once it receives a satisfactory improvement plan from the management showing how any problems will be resolved.

An ISO certificate is not a once-and-for-all award, but must be renewed at regular intervals recommended by the certification body, usually around three years.

[edit]

Auditing

Two types of auditing are required to become registered to the standard: auditing by an external certification body (external audit) and audits by internal staff trained for this process (internal audits). The aim is a continual process of review and assessment, to verify that the system is working as it's supposed to, find out where it can improve, and to correct or prevent problems identified. It is considered healthier for internal auditors to audit outside their usual management line, so as to bring a degree of independence to their judgements.

Under the 1994 standard, the auditing process could be adequately addressed by performing "compliance auditing":

Tell me what you do (describe the business process)
Show me where it says that (reference the procedure manuals)
Prove that that is what happened (exhibit evidence in documented records)

Under the 2000 standard, the approach should be different, reflecting the different aspects and the processs approach. While the auditor does perform some similar functions, they are expected to go beyond mere auditing for 'compliance' and to focus on risk, status and importance. This means they are expected to make more judgements on what is effective (or not), rather than merely adhering strictly and safely to what is formally prescribed. The difference could be exemplified thus: Under the 1994 version, the question was broadly: are you doing what the manual says you should be doing? whereas under the 2000 version, the question is more: will this process help you achieve your stated objectives? is it a good process or is there a better one/way to do it better?

The ISO 19011 standard for auditing should be applied to ISO 9000.

[edit]

ISO 9000 document suite

ISO 9000 is composed of the following sections:

ISO 9000:2000, Quality management systems — Fundamentals and vocabulary. covers the basics of what quality management systems are and also contains the core language of the ISO 9000 series of standards. The latest version is ISO 9000:2004.
ISO 9001 Quality management systems - Requirements is intended for use in any organization which designs, develops, manufactures, installs and/or services any product or provides any form of service. It provides a number of requirements which an organization needs to fulfill if it is to achieve customer satisfaction through consistent products and services which meet customer expectations. This is the only implementation for which third-party auditors may grant certifications. The latest version is :2000.
ISO 9004 Quality management systems — Guidelines for performance improvements. covers continual improvement. This gives you advice on what you or could do to enhance a mature system. This standard very specifically states that it is not intended as a guide to implementation.

There are many different standards which are referenced in ISO 9001 family. A lot of them do not even carry "ISO 900x" numbers. For example, parts of the 10,000 range are also considered part of the 9000 family: ISO 10007:1995 discusses Configuration management, which for most organizations is just one element of a complete management system.

To the casual reader, it is usually sufficient to understand that when an organization claims to be "ISO 9000 compliant", it means they conform to ISO 9001:2000.

The ISO website and documentation give more detail on what each specification entails.

[edit]

Industry-specific interpretations

The ISO 9001 standard is generalized and abstract. Its parts must be carefully interpreted, to make sense within a particular organization. Developing software is not like making cheese or offering counseling services; yet the ISO 9001 guidelines, because they are business management guidelines, can be applied to each of these. Diverse organizations—police departments (US), professional soccer teams (Mexico) and city councils (UK)—have successfully implemented ISO 9001:2000 systems.

Over time, various industry sectors have wanted to standardize their interpretations of the guidelines within their own marketplace.

The TickIT guidelines are an interpretation of ISO 9000 produced by the UK Board of Trade to suit the processes of the information technology industry, especially software development.
AS 9000 is the Aerospace Basic Quality System Standard, an interpretation developed by major aerospace manufacturers. The current version is AS 9100.
PS 9000 is an application of the standard for Pharmaceutical Packaging Materials.
QS 9000 is an interpretation agreed upon by major automotive manufacturers (GM, Ford, Chrysler). It includes techniques such as FMEA and APQP.
ISO/TS 16949:2002 is an interpretation agreed upon by major automotive manufacturers (American and European manufacturers); the latest version is based on ISO 9001:2000. The emphasis on a process approach is stronger than in ISO 9001:2000. ISO/TS 16949:2002 contains the full text of ISO 9001:2000 and in addition automotive industry specific requirements.
'TL 9000' is the Telecom Quality Management and Measurement System Standard, an interpretation developed by the telecom consortium, QuEST Forum . The current version is 3.5 and unlike ISO 9001 or the above sector standards, TL 9000 includes standardized product measurements that can be benchmarked.

[edit]

Criticisms of ISO 9000

Many companies have found the transition to conforming to IS0 9000 difficult. This, along with doubts about the fundamental value of the standard, has spawned many criticisms, including:

The compliance process is costly and time-consuming.
Lots of administration is needed to implement it.
Adhering to ISO 9000 makes processes more consistent; to some proponents of continuous improvement, it also makes it harder to improve and readapt the processes.
"When all you have is a hammer, every problem looks like a nail." It has been argued that it may not be appropriate to apply a process such as ISO 9000 to a field requiring creativity, such as software engineering, which is more analogous to designing factories than to operating a factory.
Bad managers still manage at arm's length, using paper reports rather than knowing what is happening on the factory floor. ISO 9000 can reinforce this behaviour. Instead of being seen as an opportunity to improve things, audits often become quite confrontational in structure.
Many companies only register to ISO 9000 because they are forced to by the marketplace, whether or not ISO 9000 is in fact appropriate to their business.
ISO 9001:2000 does not give too much practical advice but instead focuses on general principles. In order to create a standard applicable to almost any kind of organization, specific requirements and tools were avoided whenever possible. This is one of the reasons for the proliferation of industry specific standards which are more practical and give clear guidance about what quality tools have to be used when.

There are few objective metrics showing any effectiveness for ISO 9001. In 1997, two people took the BSI to the Advertising Standards Authority for claiming in an advertisement that ISO 9001 "improves productivity ... almost always gives an immediate result in terms of productivity and efficiency, and that means cost reductions ... pays for itself ... Staff morale is better because they understand what is expected of them and each other," whilst being unable to produce any objective metrics to substantiate these assertions. The complaint was upheld.

Quality programmes are notoriously difficult to quantify as Crosby warned in 'Quality is Free' back in 1979, long before the first of these standards emerged. When an organization is measuring nothing, the only 'quality costs' it knows are the basics of scrap and rework, and often even these are not being tracked effectively. Once a formal system is introduced, much more accurate data starts to emerge and initial costs of quality often appear to increase.

In Japan, amidst complaints of ISO 9000 undermining world-class thinking, Toyota abandoned the standard in 2000, moving back to their in-house Toyota Production System.

[edit]