ISO 9000:2000 - The New Quality Standard
ISO 9000 has been revised—but the new standard, called ISO 9000:2000, is a radical revision and the industry has questions.
Since it was originally conceived in 1987, some 250,000 organizations around the world have registered to ISO 9000, a series of international standards that establish Quality Management System (QMS) requirements. ISO 9000, far and away, is the most influential initiative that grew from the quality movement of the early ’90s.
In 1994, the standard was changed, but only around the margins. Now for 2000, ISO 9000 has again been revised—but the new standard, called ISO 9000:2000, is a radical revision. It will require the quarter of a million organizations that have already been certified to update their current quality systems. It will also change the ground rules for the tens and even hundreds of thousands of organizations that are seeking or will seek registration in the future. National standards bodies, registrars, consultants and the rest of the apparatus that have grown up around the ISO standard now have to contend with a whole new set of challenges and opportunities.
Like its predecessor, ISO 9000:2000 is really a series of three interrelated documents—each of which has a different function. ISO 9000 deals with fundamentals and vocabulary. ISO 9001, which is the heart of the new revision, states the requirements for the new system. ISO 9004 provides guidance for implementation and fleshes out ISO 9001.
In view of the impact of this revision and the costs it will entail, organizations understandably have many questions and concerns. Do we have to register to the new standard? How long is our current certification good for? Why the change? What’s the difference between the old ISO and the new ISO? How will it change the way we run our business? Who will benefit from the new standard? Who will be hurt? Will it be more difficult to implement the new ISO than the old ISO?
Comparing ISO 9000:2000 to ISO 9000:1994
ISO 9000:2000 and ISO 9000:1994 offer different models for quality. ISO 9000:1994 defines quality around 20 key elements a company uses to effectively and consistently produce products and services it provides customers. The standard was originally designed for application to manufacturing companies that produce widgets, although it can be, and has been, adapted to apply to processing companies and service organizations. The primary purpose is to assure customers that the certified company produces products at a consistent level of quality. To register to ISO 9000:1994, as the saying goes, “Document what you do, do what you document and be prepared to prove it.”
The quality model in ISO 9000:2000 is quite different. Instead of 20 elements, it is based on a Process Model that any effective enterprise can use whether it manufactures parts, processes chemicals or provides services. The Process Model, as laid out in the new ISO 9001, is composed of four sections: Section 5: Management Responsibility; Section 6: Resource Management; Section 7: Product Realization; and Section 8: Measurement, Analysis, Improvement.
The other sections in ISO 9001 support the Model. Sections 0 through 3 provide background. Section 4: Quality Management System is a precursor to the Process Model itself, describing the obligations of the organization in establishing a documented quality management system.
The four sections in the standard contain all the requirements for the new ISO stated in more-generic and less-prescriptive terms than in the previous, 20-element model. This lack of specificity makes it easy for enterprises of all sorts to fit their operations to the new ISO.
On the other hand, although the new model may be simpler and less prescriptive than its predecessor, the requirements are a quantum leap forward and in line with progressive thinking in the quality field. The Model’s four sections function similarly to the Plan-Do-Check-Act (PDCA) improvement process popularized by W. Edwards Deming. This is much more rigorous than the 1994 ISO’s watchwords: “Document what you do, do what you document and be prepared to prove it.”
Going Beyond The First Standard
In comparison to its predecessor, ISO 9000:2000 actually features several quantum leaps forward. These include:
- Voice of the customer—Even a cursory view of the graphic depiction of the Process Model in Figure 1 shows the power of the customer in the new standard. It is book-ended by two drivers: Customer Requirements drive the input and Customer Satisfaction drives the output. The organization will need methods in place to describe and monitor the needs and desires of each customer for each order, and will need processes and procedures in place to measure and analyze customer satisfaction.
- Continual improvement—Critics have long complained that a company could make concrete life preservers and still be registered to ISO 9000. ISO 9000:2000 helps put that criticism to rest. Under ISO 9000:2000, it won’t be enough for an organization simply to measure customer satisfaction. The company will need to improve the level of satisfaction. It will also have to measure and improve internal processes. Continual improvement is a core theme in the new version of ISO 9000, and is inherent in the Model’s PDCA structure. Continual improvement is one of the essential goals of quality. Continually improving defect rates, with consequent increased customer satisfaction, is a core value of Deming and Total Quality Management (TQM). Although many, including the authors of this article, believe that continual improvement was always implied in ISO 9000, continual improvement is now a clearly defined requirement throughout the 2000 revision.
- Management Responsibility—Management had a role in the previous ISO 9000 in that it was required to establish quality policy, commit adequate resources, conduct a management review and appoint a management representative to supervise the QMS. But, for the most part, under ISO 9000:1994, the quality management system was largely the responsibility of quality professionals.
Executive management plays a far more central role with the new standard. In ISO 9000:2000, management responsibility is expanded so that management presides over a multi-step version of the PDCA process. This process includes these requirements:
- Policy—Management is obligated to establish an appropriate quality policy that incorporates a commitment to continual improvement and meeting customer requirements.
- Objectives—This policy must establish a framework for reviewing quality objectives, which are set “at relevant functions and levels within the organization.”
- Planning—Objectives are set in conjunction with a plan that identifies the activities and resources necessary to achieve it. The planning “shall be consistent with other requirements of the quality system.”
- Quality Management System—Management is responsible for the organization establishing a QMS as a means of implementing the quality policy with its associated objectives and plans, as well as the requirements of the standard.
- Management Review—Although ISO 9000:1994 required a management review, this element is much expanded in the new version. In this new model, management’s check of the QMS specifically includes a review of policy and objectives to find opportunities for continual improvement. On the basis of this review, management is required to take actions, among other things, “relating to the improvement of the quality management system.” This process, which begins with setting policy and moves to management review with continual improvement as the output, is similar to the way the PDCA process is outlined in ISO 14001, the Environmental Management System Standard. The compatibility between ISO 14001 and the new ISO 9000 should permit organizations to develop complementary systems for the two standards. (Appendix A of ISO 9001:2000 offers tables that show the correspondence between ISO 9001 and ISO 14001.)
- Resource Management—The 1994 standard contains a paragraph (184.108.40.206) that requires management to provide necessary resources. It also contains requirements for training (4.18). These kernels are expanded in the 2000 revision to be one of the four clauses, 6.0 Resource Management, in the Process Model. The section spells out a wide range of specific resources, including human resources, that management leadership must provide or make available, including adequate numbers of competent people, the training necessary to assure competence, infrastructure, work environment, (i.e., resources that affect safety, ergonomics and hygiene), suppliers and partners, and financial resources.
These advances are embodied in the standard’s eight Quality Management Principles listed in Figure 2. They emphasize the importance of customer focus, leadership, involvement of people at all levels, the process approach, systems and objectives, continual improvement, importance of accurate data and analysis, and the significance of supplier relationships—a mirror image of the focus on the customer.
Do We Have To Start Over?
What about organizations that previously registered to ISO 9000? Do they have to start over? Every element of ISO 9000:1994 can be mapped onto the new ISO 9001. Moreover, since the new version requires written procedures, the familiar four-tier pyramid structure for documentation need not change, although it can be simplified under the new standard. For example, Policy Manual and Tier 1 procedures can be combined. Thus, an organization’s current ISO system can be the foundation for its successor.
On the other hand, much of the existing documentation may need to be remapped and expanded to meet the requirements of ISO 9000:2000. In many cases, these revisions can be substantial. As an indication of the degree of change, 12 of the elements in ISO 9000:1994 have been reduced to sub-clauses in ISO 9000:2000.
Also, some new procedures will need to be produced to accommodate new requirements and subject matters. For example, there is nothing in ISO 9000:1994 that addresses elements such as 5.2 Customer Focus, 5.4 Planning, 5.5.4 Internal Communication, 6.2 Human Resources, 7.2.1 Identification of Customer Requirements, 7.2.3 Customer Communication, 8.2.1 Customer Satisfaction and 8.5 Improvement, all of which are part of ISO 9000:2000.
But this need not be as overwhelming as it seems. Much of what is new in ISO will not be new to many well-run companies. Virtually every business enterprise or entrepreneur understands that to be successful an organization must:
- have an effective, strategic business-planning process in place
- carefully monitor the needs and requirements of its customers
- satisfy its customers
- have a full array of metrics to measure the performance of its internal processes and its success at satisfying its customers
- continually seek to improve its operations, products and services to succeed, grow and prosper
Most well-run organizations will already have business processes in place to reach at least some of these objectives, which correspond to the requirements of ISO 9000:2000. Under the new standard, once formalized and disciplined, these business processes will become procedures folded into the business or quality management system required by ISO 9000:2000. Many companies may be far closer to satisfying the requirements of ISO 9000:2000 than simple comparison to their current ISO 9000-based quality management system suggests.
Who Does It Help? Who does it Hurt?
The new ISO standard will benefit everyone the old standard did, except more so. By incorporating such advances as continual improvement and customer satisfaction, the new standard yields a more-effective platform. It will help companies improve their operations and increase their competitiveness. With the improvements, customers will benefit. As a result, ISO 9001:2000 will carry far more weight with customers than did its predecessor. If an enterprise enjoyed a marketing advantage because it was registered to the 1994 ISO standard, the new standard should give it an even greater edge.
Many companies have both a quality management system and a business management system. ISO 9000:2000 encourages enterprises to combine the two. Such a combination should result in a streamlined organization, devoted to a single model with everyone pulling together.
ISO 9000 was originally designed for manufacturing plants. Over the years, it has been adapted to other types of organizations, such as service companies. But in many cases, the fit was problematic, and results seemed jury-rigged. So in many areas, ISO 9000 hasn’t really caught on. It is not surprising that the vast majority of certifications have been to manufacturing organizations, particularly to those that produce discreet parts/products.
In contrast, the new version is purposely more generic so that it will apply universally. It is as readily applicable to an adhesives plant as it is to a medical facility or a school. This should increase the appeal of the standard to large, new classes of enterprise. With this broader appeal, there is no reason why the number of certifications under the 2000 revision won’t double.
The downside of the new standard is that it will, over time, require currently certified organizations to invest additional time and resources in meeting the requirements of the new standard. Some organizations will find this less of a challenge than others. For example, well-run companies with strategic business-planning processes and procedures in place to measure customer satisfaction will have a head start. Companies that have achieved ISO 9000 as a means of improving their business processes will also have an edge, since ISO 9000:2000 will move them further down the path they are already on.
Companies that have made only a minimal commitment to ISO 9000—which embraced it as a necessary evil only to gain a marketing advantage or meet the demands of customers—may feel the new ISO 9000 hurts them. They may have a point, but it doesn’t change the fact that ISO 9000:2000 offers considerable advantages to them and their customers.
How Does The Transition Work?
The transition is essentially the same whether a company is registered to ISO 9001, 9002 or 9003. ISO 9001:2000 contains a clause (1.2 Permissible Exclusions) for excluding or modifying requirements so that companies registered under the old ISO 9002 and ISO 9003 can adapt their quality management systems to ISO 9001:2000. ISO 9002 and 9003 thus become obsolete.
The three ISO 9000:2000 documents—ISO 9000, ISO 9001 and ISO 9004—have been circulating in various draft forms since December 1998. ISO 9000:2000 is scheduled to be published as an International Standard (IS) in the fourth quarter of 2000.
Upon publication, an organization will have a maximum of three years to adopt the new standard. In those three years, quality management systems conforming to either the 1994 or 2000 standard will be acceptable. To meet the deadline, it is expected and encouraged that organizations will start adopting the new requirements during their surveillance audits. Thus, if all goes according to plan, the conversion process should be complete by the beginning of 2004.
The Draft International Standard (DIS), which was published at the end of 1999, is expected to be virtually the same as the final draft, except for cosmetic changes. As a result, companies, as well as registrars and consultants, can begin taking steps to anticipate the transition. But at this point, the registrars and other apparatus that oversee certification are not yet set up. No certifications based on the draft documents will be acceptable. So, no registrations can be made until the IS is published.
As a rule of thumb, organizations that are either already in the process of registering to ISO 9000, or who want or need to get registered by the end of 2000, could register to the current 1994 version. However, they should begin modeling their system around ISO 9000:2000 in anticipation of the conversion that follows.
How Do We Implement The New Standard?
In general, the implementation process should not be significantly different for the 2000 revision than it was for the previous version.
However, a key point for consideration is this. Under ISO 9000:1994, an organization could choose to exclude activities they performed, such as design control (4.4), from the scope of their registration and seek certification to ISO 9002. Under ISO 9001:2000, businesses will no longer have the option of excluding activities they actually perform. Under the new regime, if you do it, you must include it as part of your ISO 9001 system.
Here are the basic steps for a conversion:
- Get copies of the standard and review them. Although ISO 9001 is the key document since it contains the requirements, ISO 9004 is also central. ISO 9004 provides guidance and fleshes out ISO 9001, which is generic and sparsely written.
- Set up a core implementation or conversion team. If possible, reconstitute the team you used in your original registration effort. This team will bear the primary responsibility for managing the initiative.
- Contact your registrar to discuss options and obtain input. If you decide you don’t have the expertise internally to carry out the transition, consider hiring an outside consulting and training organization.
- Conduct a gap analysis to determine the gaps between your current systems and the requirements of the new ISO 9000. It is useful to start with Annex B of ISO 9001, which provides tables that show the correspondences between the 1994 and 2000 versions. However, the gap analysis should not be confined to your quality management system. You should also consider the elements of your business management system and other business processes that may be candidates for incorporation into ISO 9000:2000. For example, if you survey your customers to get feedback on your organization’s products and performance, you have the initial groundwork for the customer-satisfaction process required in the new version.
- Determine how you should structure your documentation. The simplest way to organize the conversion of your current documentation is to remap it to the new system without changing the existing numbering or organization. You could then use an index or matrix, which shows how the two systems relate. This may be simpler in the short term but could create complexities down the road. The alternative is to renumber and restructure your current documentation into the new system. This will take more work up front but will create a more streamlined system in the long run.
- Determine whether you have new training needs. You may wish, for example, to seek out instruction in setting up a business-operating system based on the Plan-Do-Check-Act process, in establishing a continuous-improvement system or in designing customer-satisfaction processes.
By incorporating such factors as customer satisfaction and continual improvement, ISO 9000:2000 moves closer to the principles of TQM than its predecessor. At the same time, it retains the discipline of third-party assessment, registration and surveillance that has made ISO 9000 so successful. It is an inevitable evolution that offers substantial benefits to organizations, their customers and their suppliers.