CHAPTER 5: ISO 9000 – A LEGEND IN ITS OWN LIFETIME?
Today, after 30 years of implementation and certification experiences all over the world, many myths and legends have grown and been promulgated surrounding the use of ISO 9000, including:
“Say what you do, do what you say” or
“ISO certification allows you to make concrete life jackets” (a similar quote was printed in USA Today in 1998).
Many of these myths have delayed managements’ interest in using ISO 9000 as a tool to improve the way business operates, to drive the result that customers are satisfied with the results which, in turn, can lead to repeat business. Management can focus on reduced waste and higher efficiencies, through implementing an improved management system of processes and controls.
Today, Internet groups and forums are filled with questions and comments from users concerning all manner of ISO 9000-related issues. These posts show that many of the original myths and legends that began to pervade implementation of ISO 9000 requirements back in the 1990s are still alive and kicking today.
Perhaps a contributory factor in attracting so much misunderstanding of the purpose behind the Standard is that there was no model or other description of what a QMS should be when implemented.
Early versions of the ISO 9001 requirements heavily emphasized documented procedures for each of the 20 ‘elements’ or clauses – which could easily be aligned to individual functions or departments – with the result that implementing organizations often built a QMS of paperwork for each function. In doing so, they often failed to address the quality problems resulting from interdepartmental ‘dysfunction.’ This silo approach was, in part, the reason for the “Say what you do, do what you say” myth.
In 2015, a diagrammatic description of the interaction of the requirements of the Standard was incorporated to facilitate an understand of their relationship to the Deming PDCA cycle.
In July 2009, the ISO and the IAF released a joint statement on the expected outcomes of ISO 9001 and accredited certification.
It states:
“Expected Outcomes for Accredited Certification to ISO 9001 (from the perspective of the organization’s customers)
For the defined certification scope, an organization with a certified quality management system consistently provides products that meet customer and applicable statutory and regulatory requirements and aims to enhance customer satisfaction.
Notes:
a. “Products” also includes “services."
b. Customer requirements for the product may either be stated (for example in a contract or an agreed specification) or generally implied (for example in the organization’s promotional material, or by common practice for that economic/industry sector).
c. Requirements for the product may include requirements for delivery and post-delivery activities.
What (IAF) accredited certification to ISO 9001 means
To achieve conforming products, the accredited certification process is expected to provide confidence that the organization has a quality management system that conforms to the applicable requirements of ISO 9001. In particular, it is to be expected that the organization:
A. has established a quality management system that is suitable for its products and processes, and appropriate for its certification scope
B. analyzes and understands customer needs and expectations, as well as the relevant statutory and regulatory requirements related to its products
C. ensures that product characteristics have been specified in order to meet customer and statutory/regulatory requirements
D. has determined and is managing the processes needed to achieve the expected outcomes (conforming products and enhanced customer satisfaction)
E. has ensured the availability of resources necessary to support the operation and monitoring of these processes
F. monitors and controls the defined product Characteristics
G. aims to prevent nonconformities, and has systematic improvement processes in place to:
1. Correct any nonconformities that do occur (including product nonconformities that are detected after delivery)
2. Analyze the cause of nonconformities and take corrective action to avoid their recurrence
3. Address customer complaints
H. has implemented an effective internal audit and management review process
I. is monitoring, measuring and continually improving the effectiveness of its quality management system.
What accredited certification to ISO 9001 does not mean
1) It is important to recognize that ISO 9001 defines the requirements for an organization’s quality management system, not for its products. Accredited certification to ISO 9001 should provide confidence in the organization’s ability to “consistently provide product that meets customer and applicable statutory and regulatory requirements”. It does not necessarily ensure that the organization will always achieve 100% product conformity, though this should of course be a permanent goal.
2) ISO 9001 accredited certification does not imply that the organization is providing a superior product, or that the product itself is certified as meeting the requirements of an ISO (or any other) standard or specification.”
The myth of the concrete life jackets is just that – a myth! Since in several of the preceding paragraphs there are many references to meeting statutory and regulatory requirements, as well as determining customers’ needs and expectations, a concrete life jacket couldn’t be designed, tested, and produced and be delivered to a customer. There are numerous regulations that require a life jacket to float – with an adult strapped into it – and product testing would have verified the ability of the jacket to float (in accordance with the regulations). These requirements would have been factored into a number of key requirements of ISO 9001 and would be necessary components of the life jacket manufacturer’s QMS!
Many ISO pundits have promoted ISO 9001 as the model for business management without regard for the many functions of an organization that sustain it, outside of the QMS, including finance and marketing – neither of which are even alluded to in the Standard. Although many of the concepts and requirements in ISO 9001 can be found in practices adopted by other functions – for example, regular reviews of financial performance by management are a common occurrence in mature organizations, as are audits – in reality, ISO 9001 represents a very product-centric (or service-centric) set of processes, controls, etc.