PREFACE
Universally known as ISO 9000, the international standard for QMSs continues to have a significant effect on organizations around the world. After more than 30 years of experience by user organizations, auditors, consultants, and trainers, there are fundamental misunderstandings of what is involved in applying the requirements in ISO 9001, particularly with the most recent revision, published in 2015. This is in part due to the adoption, by the writing committee, of the concept of ‘risk-based thinking.’ More on this later.
ISO 9001 was intended for use as a ‘voluntary’ basis for agreement on quality assurance between customers and their suppliers, and in the early 1990s third-party certification, which independently audited and confirmed compliance, became a popular option for both parties. Customers saw a cost-effective alternative to maintaining supplier quality departments, instead relying on the certification bodies to maintain compliance of their suppliers’ QMSs. In some respects, it is this certification that has fueled several of the myths surrounding ISO 9001.
Major purchasing organizations often require ISO certification as a prerequisite for those wanting to do business as a supplier; however, they rarely provided practical assistance with implementation to those suppliers. Further, the ISO 9000 guidance documents were never designed to be a roadmap for implementation, focusing more on improvement than the basics of creating and implementing a QMS approach to an organization’s creation and delivery of products and services.
Early adopters of ISO 9001 – particularly in the US – coined the phrase, “Say what you do, do what you say and prove it” as a description of what implementing a QMS involved. This may have been appropriate to passing a certification audit in the 1990s, but is a long way short of what is involved with effective implementation of and compliance with today’s ISO 9001 requirements. Indeed, ISO 9001:2015 was specifically designed to align with the needs of an organization’s methods of conducting business and gives freedom to those implementing the QMS by being less prescriptive.
At the time of writing, there have been seven years of implementation of the latest version of the requirements, either by organizations that have upgraded from an ISO 9001:2008-compliant/certified QMS or for those new to this experience. As has happened since the original publication in 1987, myths have become common. Many originated when the committee draft standards (CD-1, CD-2) were circulated for comment and leaked to a wider audience than was originally intended, who were eager to know what the revised standard included.
Taken out of context, many requirements suddenly gained ‘myth’ status, even before the 2015 version was formally published. Here, then, are the ISO 9001:2015 requirements and some of the common myths affecting them, along with practical, experience-based advice, including top tips applicable to implementing a specific requirement.