The ISO 9000 family of quality management systems (QMS) is a set of standards that helps organizations ensure they meet customers and other stakeholder needs within statutory and regulatory requirements related to a product or service. ISO 9000 deals with the fundamentals of quality management systems, including the seven quality management principles that underlie the family of standards. ISO 9001 deals with the requirements that organizations wishing to meet the standard must fulfil.
Third-party certification bodies provide independent confirmation that organizations meet the requirements of ISO 9001. Over one million organizations worldwide are independently certified, making ISO 9001 one of the most widely used management tools in the world today.
Reasons for use
The global adoption of ISO 9001 may be attributable to a number of factors. In the early days, the ISO 9001 requirements were intended to be used by procuring organizations, as the basis of contractual arrangements with their suppliers. This helped reduce the need for “supplier development” by establishing basic requirements for a supplier to assure product quality.
ISO 9000 series Quality Management Principles
The ISO 9000 series are based on seven quality management principles (QMP)
Principle 1 – Customer focus
Organizations depend on their customers and therefore should understand current and future customer needs, should meet customer requirements and strive to exceed customer expectations.
Principle 2 – Leadership
Leaders establish unity of purpose and direction of the organization. They should create and maintain the internal environment in which people can become fully involved in achieving the organization’s objectives.
Principle 3 – Engagement of people
People at all levels are the essence of an organization and their full involvement enables their abilities to be used for the organization’s benefit.
Principle 4 – Process approach
A desired result is achieved more efficiently when activities and related resources are managed as a process.
Principle 5 – Improvement
Improvement of the organization’s overall performance should be a permanent objective of the organization.
Principle 6 – Evidence-based decision making
Effective decisions are based on the analysis of data and information.
Principle 7 – Relationship management
An organization and its external providers (suppliers, contractors, service providers) are interdependent and a mutually beneficial relationship enhances the ability of both to create value.
Contents of ISO 9001:2015
ISO 9001:2015 Quality management systems — Requirements is a document of approximately 30 pages available from the national standards organization in each country. Only ISO 9001 is directly audited against for third-party assessment purposes.
Contents of ISO 9001:2015 are as follows:
Section 1: Scope
Section 2: Normative references
Section 3: Terms and definitions
Section 4: Context of the organization
Section 5: Leadership
Section 6: Planning
Section 7: Support
Section 8: Operation
Section 9: Performance evaluation
Section 10: Continual Improvement
Essentially, the layout of the standard follows the Plan, Do, Check, Act cycle in a process-based approach. The purpose of the quality objectives is to determine the conformity of the requirements (customers and organizations), facilitate effective deployment and improve the quality management system.
Before the certification body can issue or renew a certificate, the auditor must be satisfied that the company being assessed has implemented the requirements of sections 4 to 10. Sections 1 to 3 are not directly audited against, but because they provide context and definitions for the rest of the standard, not that of the organization, their contents must be taken into account.
The standard no longer specifies that the organization shall issue and maintain documented procedures, but ISO 9001:2015 requires the organization to document any other procedures required for its effective operation. The standard also requires the organization to issue and communicate a documented quality policy, a quality management system scope, and quality objectives. The standard no longer requires compliant organizations to issue a formal Quality Manual. The standard does require retention of numerous records, as specified throughout the standard. New for the 2015 release is a requirement for an organization to assess risks and opportunities (section 6.1) and to determine internal and external issues relevant to its purpose and strategic direction (section 4.1). The organization must demonstrate how the standard’s requirements are being met, while the external auditor’s role is to determine the quality management system’s effectiveness. More detailed interpretation and implementation examples are often sought by organizations seeking more information in what can be a very technical area.
The International Organization for Standardization (ISO) does not certify organizations itself. Numerous certification bodies exist, which audit organizations and upon success, issue ISO 9001 compliance certificates.
An organization applying for ISO 9001 certification is audited based on an extensive sample of its sites, functions, products, services, and processes. The auditor presents a list of problems (defined as “nonconformities”, “observations”, or “opportunities for improvement”) to management. If there are no major nonconformities, the certification body issues a certificate. Where major nonconformities are identified, the organization presents an improvement plan to the certification body (e.g., corrective action reports showing how the problems will be resolved); once the certification body is satisfied that the organization has carried out sufficient corrective action, it issues a certificate. The certificate is limited by a certain scope and displays the addresses to which the certificate refers.
An ISO 9001 certificate is not a once-and-for-all award but must be renewed at regular intervals recommended by the certification body, usually once every three years. There are no grades of competence within ISO 9001: either a company is certified (meaning that it is committed to the method and model of quality management described in the standard) or it is not. In this respect, ISO 9001 certification contrasts with measurement-based quality systems.
Two types of auditing are required to become registered to the standard: auditing by an external certification body (external audit) and audits by internal staff trained for this process (internal audits). The aim is a continual process of review and assessment to verify that the system is working as it is supposed to, to find out where it can improve, and to correct or prevent identified problems. It is considered healthier for internal auditors to audit outside their usual management line, so as to bring a degree of independence to their judgements.
Proper quality management can improve business, often having a positive effect on investment, market share, sales growth, sales margins, competitive advantage, and avoidance of litigation. The quality principles in ISO 9000:2000 are also sound, according to Wade and Barnes, who says that “ISO 9000 guidelines provide a comprehensive model for quality management systems that can make any company competitive”. Sroufe and Curkovic, (2008) found benefits ranging from registration required to remain part of a supply base, better documentation, to cost benefits, and improved involvement and communication with management. According to ISO 2015 version of the standard brings the following benefits:
- By assessing their context, organizations can define who is affected by their work and what they expect. This enables clearly stated business objectives and the identification of new business opportunities.
- Organizations can identify and address the risks associated with their organization.
- By putting customers first, organizations can make sure they consistently meet customer needs and enhance customer satisfaction. This can lead to more repeat customers, new clients and increased business for the organization.
- Organizations work in a more efficient way as all their processes are aligned and understood by everyone. This increases productivity and efficiency, bringing internal costs down.
- Organizations will meet necessary statutory and regulatory requirements.
- Organizations can expand into new markets, as some sectors and clients require ISO 9001 before doing business.
Fig. 1 Example of ISO9001 Certification