ISO 9000

The ISO 9000 family of standards relate to quality management systems and are designed to help
organizations ensure they meet the needs of customers and other stakeholders (Poksinska et al, 2002 [1] ). The
standards are published by ISO, the International Organization for Standardization and available
through National standards bodies.
ISO 9000 deals with the fundamentals of quality management systems (Tsim et al, 2002 [2] ), including the eight
management principles (Beattie and Sohal, 1999

[3]

; Tsim et al, 2002[4]) on which the family of standards is

based. ISO 9001 deals with the requirements that organizations wishing to meet the standard have to meet.
Independent confirmation that organizations meet the requirements of ISO 9001 may be obtained from third
party certification bodies. Over a million organizations worldwide

[5]

are independently certified making ISO

9001 one of the most widely used management tools in the world today.

Reasons for use

The global adoption of ISO 9001 may be attributable to a number of factors. A number of major purchasers
require their suppliers to hold ISO 9001 certification. In addition to several stakeholders benefits, a number of
studies have identified significant financial benefits for organizations certified to ISO 9001. Corbett et
al (2005) [6] showed that certified organizations achieved superior return on assets [7] compared to otherwise
similar organizations without certification. Heras et al (2002) [8] found similarly superior performance

[9]

and

demonstrated that this was statistically significant and not a function of organization size. Naveh and Marcus
(2007) [10] showed that implementing ISO 9001 led to superior operational performance

[11]

. Sharma

(2005) [12] identified similar improvements in operating performance and linked this to superior financial
performance. Chow-Chua et al (2002) [13] showed better overall financial performance was achieved for
companies in Denmark. Rajan and Tamimi (2003)
stock market performance

[15]

[14]

showed that ISO 9001 certification resulted in superior

and suggested that shareholders were richly rewarded

[16]

for the investment in an

ISO 9001 system.

While the connection between superior financial performance and ISO 9001 may be seen from the above,
there remains no proof of direct causation, though longitudinal studies, such as those of Corbett et
al (2005) [17] may suggest it. Other writers such as Heras et al (2002) [18] have suggested that while there is
some evidence of this, the improvement is partly driven by the fact that there is a tendency for better
performing companies to seek ISO 9001 certification.

The mechanism for improving results has also been the subject of much research. Lo et al (2007) [19] identified
operational improvements (cycle time reduction, inventory reductions, etc.) as following from certification. Buttle
(1997) [20] and Santos (2002) [21] both indicated internal process improvements in organizations leading to
externally observable improvements. Hendricks and Singhal (2001)

[22]

results indicate that firms outperform

their control group during the post implementation period and effective implementation of total quality
management principles and philosophies leads to significant wealth creation. The benefit of increased
international trade and domestic market share, in addition to the internal benefits such as customer satisfaction,
interdepartmental communications, work processes, and customer/supplier partnerships derived, far exceeds
any and all initial investment according to Alcorn [23].

Background
ISO 9001 was first published in 1987 [24]. It was largely based on the previous standard BS 5750

[25]

been certifying organizations for their quality management systems since 1978. Its first certification

. BSI has
[26]

(FM

00001) is still extant and held by the Tarmac company, a successor to the original company which held this
certificate. Today BSI claims [27] to certify organizations at nearly 70,000 sites globally.
.

5.5 Responsibility, authority and communication

5.5.1 Responsibility and authority
Top management ensures that responsibilities and authorities are defined and communicated within (Company
Name) to promote effective management of the quality system. An Organizational Chart illustrates the
responsibility and relative authority of the personnel who manage, perform, and verify the activities affecting the
QMS. Changes to the quality system are planned within the framework of management reviews. These
changes may be in response to changing circumstances, such as product, process, capacity, or other
operational or organizational changes; or to improve the effectiveness and efficiency of the quality system.
Supporting Documentation
Organizational Chart

6.0 Resource management

6.1 Provision of resources
(Company Name) determines and provides the resources needed

to implement and maintain the quality management system and continually improve its effectiveness

to enhance customer satisfaction by meeting customer requirements.

6.2 Human resource Management

6.2.1 General
Personnel performing work affecting conformity to product requirements are competent on the basis of
appropriate education, training, skills and experience.

6.2.2 Competence, training, and awareness

(Company Name) :

determines the necessary competence for personnel performing work affecting conformity to product
requirements,

where applicable, provides training or takes other actions to achieve the necessary competence,

evaluates the effectiveness of the actions taken,

ensures that its personnel are aware of the relevance and importance of their activities and how they
contribute to the achievement of the quality objectives, and

maintains appropriate records of education, training, skills and experience (see 4.2.4).

Supporting Documentation
QOP-62-01 Competence, Training, and Awareness

8.3 Control of nonconforming product

VERSION:
1987 version
1994 version
2000 version
ISO 9001:2000 combines the three standards 9001, 9002, and 9003 into one, called 9001. Design and
development procedures are required only if a company does in fact engage in the creation of new products.
The 2000 version sought to make a radical change in thinking by actually placing the concept of process

management front and center ("Process management" was the monitoring and optimizing of a company's tasks
and activities, instead of just inspecting the final product). The 2000 version also demands involvement by
upper executives, in order to integrate quality into the business system and avoid delegation of quality functions
to junior administrators. Another goal is to improve effectiveness via process performance metrics numerical
measurement of the effectiveness of tasks and activities. Expectations of continual process improvement and
tracking customer satisfaction were made explicit.
The ISO 9000 standard is continually being revised by standing technical committees and advisory groups,
who receive feedback from those professionals who are implementing the standard.[1]
ISO 9001:2008 only introduces clarifications to the existing requirements of ISO 9001:2000 and some changes
intended to improve consistency with ISO 14001:2004. There are no new requirements. Explanation of
changes in ISO 9001:2008. A quality management system being upgraded just needs to be checked to see if it
is following the clarifications introduced in the amended version.

Certification
ISO does not itself certify organizations. Many countries have formed accreditation bodies to authorize
certification bodies, which audit organizations applying for ISO 9001 compliance certification. Although
commonly referred to as ISO 9000:2000 certification, the actual standard to which an organization's quality
management can be certified is ISO 9001:2008. Both the accreditation bodies and the certification bodies
charge fees for their services. The various accreditation bodies have mutual agreements with each other to
ensure that certificates issued by one of the Accredited Certification Bodies (CB) are accepted worldwide.
The applying organization is assessed based on an extensive sample of its sites, functions, products, services
and processes; a list of problems ("action requests" or "non-compliance") is made known to the management. If
there are no major problems on this list, or after it receives a satisfactory improvement plan from the
management showing how any problems will be resolved, the certification body will issue an ISO 9001
certificate for each geographical site it has visited.
An ISO certificate is not a once-and-for-all award, but must be renewed at regular intervals recommended by
the certification body, usually around three years. There are no grades of competence within ISO 9001: either a
company is certified (meaning that it is committed to the method and model of quality management described
in the standard), or it is not. In this respect, it contrasts with measurement-based quality systems such as
the Capability Maturity Model.

Effectiveness
The debate on the effectiveness of ISO 9000 commonly centers on the following questions:
1.

Are the quality principles in ISO 9001:2000 of value? (Note that the version date is important: in
the 2000 version ISO attempted to address many concerns and criticisms of ISO 9000:1994).

2.

Does it help to implement an ISO 9001:2000 compliant quality management system?

3.

Does it help to obtain ISO 9001:2000 certification?

Effectiveness of the ISO system being implemented depends on a number of factors, the most significant
of which are:
1.

Commitment of Senior Management to monitor, control, and improve quality. Organizations that
implement an ISO system without this desire and commitment, often take the cheapest road to
get a certificate on the wall and ignore problem areas uncovered in the audits.

2.

How well the ISO system integrates into their business practices. Many organizations that
implement ISO try to make their system fit into a cookie-cutter quality manual rather than create
a manual that documents existing practices and only adds new processes to meet the ISO
standard when necessary.

3.

How well the ISO system focuses on improving the customer experience. The broadest
definition of quality is "Whatever the customer perceives good quality to be". This means that
you don't necessarily have to make a product that never fails, some customers will have a
higher tolerance for product failures if they always receive shipments on-time, or some other
dimension of customer service. Your ISO system should take into account all areas of the
customer experience, the industry expectations, and seek to improve them on a continual basis.
This means taking into account all processes that deal with the three stakeholders (your
customers, your suppliers, and your organization), only then will you be able to sustain
improvements in your customer experience.

4.

How well the auditor finds and communicates areas of improvement. Now, ISO auditors may not
provide consulting to the clients they audit, however, there is the potential for auditors to point
out areas of improvement. Many auditors simply rely on submitting reports that indicate
compliance or non-compliance with the appropriate section of the standard, however, to most

executives, this is like speaking a foreign language. Auditors that can clearly identify and
communicate areas of improvement in language and terms executive management understands
allows the companies they audit to act on improvement initiatives. When management doesn't
understand why they were non-compliant and the business implications, they simply ignore the
reports and focus on what they do understand.

Advantages
It is widely acknowledged that proper quality management improves business, often having a positive
effect on investment, market share, sales growth, sales margins, competitive advantage, and avoidance
of litigation.The quality principles in ISO 9000:2000 are also sound, according to Wade and Barnes, who
say that "ISO 9000 guidelines provide a comprehensive model for quality management systems that can
make any company competitive implementing ISO often gives the following advantages:
1.

Create a more efficient, effective operation

2.

Increase customer satisfaction and retention

3.

Reduce audits

4.

Enhance marketing

5.

Improve employee motivation, awareness, and morale

6.

Promote international trade

7.

Increases profit

8.

Reduce waste and increases productivity.

Newtopic
Auditing
Two types of auditing are required to become registered to the standard: auditing by an external certification
body (external audit) and audits by internal staff trained for this process (internal audits). The aim is a continual
process of review and assessment, to verify that the system is working as it's supposed to, find out where it can

improve and to correct or prevent problems identified. It is considered healthier for internal auditors to audit
outside their usual management line, so as to bring a degree of independence to their judgments.
Under the 1994 standard, the auditing process could be adequately addressed by performing "compliance
auditing":

Tell me what you do (describe the business process)

Show me where it says that (reference the procedure manuals)

Prove that this is what happened (exhibit evidence in documented records)

The 2000 standard uses a different approach. Auditors are expected to go beyond mere auditing for rote
"compliance" by focusing on risk, status and importance. This means they are expected to make more
judgments on what is effective, rather than merely adhering to what is formally prescribed. The difference from
the previous standard can be explained thus:
Under the 1994 version, the question was broadly "Are you doing what the manual says you should be
doing?", whereas under the 2000 version, the question is more "Will this process help you achieve
your stated objectives? Is it a good process or is there a way to do it better?"