The ISO 9000 Series Standards for Quality Management and Assurance were issued by the International Organization for Standardization (ISO) in 1987. They reflect an important trend in business practice. Early in the 20th century, quality was viewed by businesses as an additional cost of production. However, as businesses realized that high quality leads to more efficient and less expensive production processes, the pursuit of quality became a desirable goal. Businesses began to implement quality control programs, and they began to require such programs of their suppliers. Quality control programs proliferated at the same time that businesses were being globalized. This led to the realization that international quality assurance standards were needed to avoid the need to comply with multiple, conflicting systems. The ISO responded to the need for harmonization by publishing the ISO 9000 series standards.
The ISO 9000 series is a set of standards for quality management and quality assurance. The standards apply to processes and systems used to produce products; they do not apply to the products themselves. Further, the standards provide a general framework for any industry; they are not industry-specific. A company that has a quality management system (QMS) that is "certified to" ISO 9000 has demonstrated that it has a documented QMS in place and that it is applied consistently. The ISO 9000 series emphasizes prevention of problems and meeting customers' needs. ISO 9000 standards apply to all companies large or small, whether in services or manufacturing.
Before discussing quality standards, it is important to discuss the meaning of quality. Quality refers to the combined features of a product that contribute to its ability to meet identified needs. Quality assurance processes must balance the needs of the consumer with the needs of the producer, however, the consumer is the ultimate judge of quality. The process by which quality is achieved is called quality assurance. Quality assurance includes quality control procedures, quality plans, and other mechanisms. The process of implementing quality assurance standards is called quality management. Quality assurance and quality management are the areas covered by the ISO 9000 series.
More than 200,000 companies around the world have been certified to ISO 9000, and nearly 1,000 additional businesses per month seek registration. Competitive pressure is considered the primary reason for adopting ISO 9000, and in some markets adoption is obligatory. For example, in the European Union, ISO 9000 certification is a legal requirement in the medical devices, high-pressure valves, and public transportation markets.
This essay provides an introduction to the ISO 9000 series standards. Background is provided including the history of the standards. The contents of the standards are summarized, and the certification process is then described. Reasons to adopt the standards and benefits of adoption are later discussed, followed by weaknesses of the standards. This essay concludes by stating that ISO 9000 series standards meet important needs and have changed the daily operations of many businesses. But, if the standards are to continue to meet the needs of industry and society they must be continually reviewed and revised.
International standardization began early in the 20th century with the creation of the International Electrotechnical Commission (IEC) in 1906 and the establishment of the International Federation of National Standardizing Associations (ISA) in 1926. The ISA focused primarily on mechanical engineering.
The idea of quality assurance dates back to World War II. To deal with quality problems related to manufacturing of defense equipment, the U.S. Department of Defense instituted one of the first formal quality control programs in the world. The United Kingdom, influenced by the United States, developed its own quality standards for its defense industry. U.S. and U.K. standards later spread to other countries and formed the basis for a set of quality assurance standards adopted by other members of the North Atlantic Treaty Organization (NATO). Those standards were called the Allied Quality Assurance Publication (AQAP). After World War II, the U.S. government continued to develop quality standards. These standards were conveyed to defense contractors who were expected to implement them to ensure quality defense equipment.
The idea of industry standards continued to spread and develop throughout the world. At the close of World War II, in 1947, the International Organization for Standardization (ISO) was created with headquarters in Geneva, Switzerland. The ISO published its first standards in 1951, and by 1998 it had published over 10,060 standards. ISO Standards cover a multitude of topics including, but not limited to, paper sizes, a uniform system of measurement, symbols for automobile controls, film speed codes, and an internationally standardized freight container.
In 1979, the British Standards Institute (BSI) submitted a proposal to the ISO calling for the development of international quality assurance and quality management standards. Twenty member nations of the ISO participated on the ISO/TC 176, the technical committee that drafted the standards, with another 14 nations serving as observers. In 1987, eight years after the BSI proposal, the ISO published its first quality assurance standards, called the ISO 9000 Series. Since then more standards have been added to the series.
Over 200,000 companies have been certified to ISO 9000, and those numbers are increasing rapidly. Companies in the United Kingdom and the rest of the European Union were the first to seek certification in large numbers, while progress in the United States was initially slower. For example, as of January 1993, 893 companies in the U.S. had been certified, and by December of 1997, over 18,500 U.S. companies had been certified. In contrast, over 20,000 companies in the United Kingdom were registered by 1993. The United States was catching up quickly, however. For example, the "Big Three" auto makers in the United States created an industry-specific system, called QS 9000, that incorporates the ISO 9000 series standards. Since 1997, Chrysler (now Daimler-Chrysler) and General Motors (GM) have required that Tier I suppliers (numbering over 13,000) be certified to QS 9000. QS9000 requires compliance but not necessarily registration to do so. In some cases, those automakers are pressuring Tier I suppliers to require their suppliers (the Tier II and Tier III suppliers) to adhere to QS 9000. In addition, the automakers have been working on a version of the ISO 9000 series standards (the TE supplement for tooling companies and equipment suppliers.
ISO 9000 series standards have been adopted by at least 90 countries around the world. In 1992, the European Union established the European Council for Standardization (CEN). The Council's mission is to set a single set of standards for manufacturers to simplify trade among its 15 member states. The CEN, in turn, adopted the ISO 9000 series provisions verbatim as EN 29000. Within the EU, products such as medical devices, industrial safety equipment, telecommunications equipment, and construction-related products require ISO 9000 series certification. As a result, study of the ISO 9000 series standards is a standard part of the curriculum in European trade schools.
The American National Standards Institute (ANSI), working with the American Society for Quality Control (ASQC), has adopted the ISO 9000 series for use by businesses in the United States as ANSI/ASQU Q-90. The Q-90 series includes five books, each of which corresponds to one of five parts of the ISO 9000 Series. (The five parts are ISO 9000 through ISO 9004). The standards are available for purchase through ANSI or the ASQC. It should be noted, however, that the ANSI/ASQU harmonized variant of ISO 9000 is not sponsored by the U.S. government.
The ISO 9000 Series standards are created as generic standards in order to allow them to be applied to every industry. They help businesses plan, control, and document issues related to quality. They are based on the assumption that if a quality management system is properly designed, then quality assurance programs will also be properly designed. However, it is important to note that the ISO 9000 standards relate to the quality of production processes only. They do not include provisions for evaluating the quality of the product. This means that three companies following ISO 9000 standards, each producing the same product, could produce three products of varying qualities. This fact has been the basis for criticism of the ISO 9000 series standards.
There are more than five standards in the ISO 9000 series, but five contain most of the crucial provisions. They include ISO 9000, ISO 9001, ISO 9002, ISO 9003, and ISO 9004. In addition, ISO 8402 is often grouped with the ISO 9000 series. ISO 8402, which covers vocabulary, was passed in 1986 in anticipation of the ISO 9000 series. ISO 9000 and ISO 9004 provide guidelines. To develop a quality system, a company must choose to become certified to one of three standards: ISO 9001, ISO 9002, or ISO 9003. Below is a summary of each of the six standards.
To better serve certain industries, the original 1987 standards have been modified; a major set of revisions was published in 1994. In fact, ISO 9000 includes a provision allowing the quality provisions found in ISO 9001, 9002, and 9003 to be customized to make the system applicable to certain products or services. Areas in which customized standards have been developed include, for example, ISO 9004-2, which applies to service industries; and ISO 9000-3, which covers the development and supply of computer software.
Implementation of ISO 9000 series standards and certification to them is a lengthy and detailed procedure, but this section will provide a brief overview of the process. A series of six steps lead to the development of an internal quality assurance system. That system must include but is not limited to, a quality systems manual.
It is a misperception that preparation of the manual creates mountains of paperwork; the ISO quality manual is typically about 20-35 pages long. It is a major tool in developing and implementing an internal quality assurance system. The manual is to be used for training new personnel as well as in the day-to-day operations of the company.
The process of developing a system can be described in six steps.
The quality system process is an organization-wide process. There is no such thing as a partial quality assurance system; it is either for all of a company or none of it. The documentation gathered through these steps is used as a basis to develop the company's quality management system; and the system is described in the quality management manual.
After the quality assurance system has been developed, the next step is for the company to perform a preliminary internal assessment to measure how closely it conforms to the relevant standard (ISO 9001, ISO 9002, or ISO 9003).
There are three types of certification for ISO 9000 series standards. The ISO intended the 9000 series standards to be voluntary, and so no certification process was included in the standards issued in 1987. As a result, individual countries have developed certification procedures.
There are three ways to become certified: via first, second, or third party certification. First party certification is when a company certifies itself. Thus, it is sometimes called "self-declaration." This is accomplished using a formal internal quality assessment audit. The audit is performed by an internal quality manager or representative who examines whether the company is in conformance with the applicable ISO 9000 series standards.
Second party certification is performed by a customer of the company seeking certification. (In some cases, it is by large-scale buyers of the company's goods or services.) It is the customer's job to perform an internal audit and decide whether the company is complying with the ISO 9000 series standards. Often, when a company becomes certified through this second party process, an agreement is drawn up documenting the certification process. This agreement is used as part of the basis for future transactions.
Third party certification is done by a disinterested third party, usually a firm that specializes in ISO 9000 certification. The third party provides a registrar (also called an auditor) who performs an intensive internal audit of the company to verify its compliance with ISO 9000 standards. The process, which is described below, is similar to the review process under first or second party certification.
In practice, most companies choose third party certification. With respect to first party certification, there are credibility problems. A company that certifies itself has many opportunities to cheat in the certification; there is no enforcement or verification mechanism in the certification process. Second party certification is sometimes undesirable because of inefficiency and high costs. Every time a company wants to do business with a supplier, it must spend time and money to do an audit of the potential supplier. Yet, it can be less costly than third party certification for small and mid-size companies. Third party certification, in spite of its own inherent limitations (discussed below), is used most often, at least at present.
The company desiring certification should hire a registrar who has been certified by a national accreditaion body. The registrar will then conduct the assessment in several stages. First, there is a pre-assessment. The registrar will review the quality system manual and other documents. The auditor will focus on the management system's ability to document the quality of the process of producing goods and services; he or she will not focus on the quality of the actual product. Based on this review the company may choose to proceed, or it may delay further assessment until deficiencies are corrected.
Second, there is a formal assessment. The registrar reviews documents and interviews company personnel. The objective is to determine whether written procedures are being implemented. Third, the audit report is issued. The registrar summarizes results of the audit and lists areas in which corrective action, if any, is needed. If deficiencies must be corrected, the company can do so and submit a report to the registrar. Corrections must be documented in that report.
The registrar can award certification based on an initial, favorable audit report or upon the initial report accompanied by the report verifying corrective action. After certification, the company can use the ISO 9000 seal on its letterhead and in advertising.
Following certification, twice annually the registrar will return to the company to verify that the company continues to be in compliance. Such visits will be with little or no notice. During such "spot checks," the registrar will focus on areas that were noted as weaknesses in the original report. The registrar will perform a complete audit and issue a new report every three years.
In addition, the company is expected to implement an internal auditing program to ensure the company continues to conform to ISO 9000 series requirements. A strong internal auditing program ensures that all goes well when the third party registrar visits periodically.
Compliance with ISO 9000 series standards is voluntary in most, but not all cases. When compliance is voluntary, incentives come from a variety of internal and external benefits. An internal benefit comes from within the company and relates to the day-to-day operations of the organization. An external benefit, on the other hand, comes from outside the company and relates to other entities and factors such as customers and markets. Internal benefits can be realized by any company that uses the ISO 9000 series standards. However, external benefits are limited to those companies that are certified by a second or third party entity. This occurs because customers may not be willing to accept a company's word that it complies with ISO 9000 series and may require second or third party certification.
In some instances, ISO 9000 certification is a requirement for doing business. This may be due to the requirements of a customer, as is the case with respect to Tier I suppliers dealing with U.S. auto makers. Or, it may be due to requirements of laws of a country or trading bloc.
For example, the North American Treaty Organization (NATO) requires that its contractors be ISO 9000 certified. The U.S. Department of Defense does the same.
Some countries have passed laws requiring compliance with ISO 9000. As was discussed above, the European Union has passed directives that require ISO 9000 compliance for safety products, medical devices, and other specified products.
Whether certification is required or not, ISO 9000 series certification provides a variety of internal benefits. First, ISO 9000 certification leads to better documentation of company processes. This, in turn, leads to more efficient production processes and less waste. Both save money for a company.
Second, managers and other employees become more aware of quality. They begin to view operations through a "quality of management" lens. This leads to a more efficient company that can be more competitive in the marketplace.
Third, employee morale improves. When employees feel that they are part of the process, they accept responsibility for quality. This creates an incentive for workers to do a better job and makes the company more efficient.
Fourth, cooperation and communication are improved. Documenting procedures facilitates communication and promotes cooperation.
Fifth, production processes can be made more efficient. When there is better coordination of processes, there is less "down time," and resources are shared among departments more efficiently.
Sixth, fewer defective products are produced. Better quality results in fewer defects, less scrap, and, therefore, lower production costs. Finally, documentation of safety standards results in fewer accidents. In turn, there is less downtime for employees. The ultimate results are more efficient workers and lower costs of production.
Similarly, there are many potential external benefits. The first is that company prestige increases. Companies following ISO 9000 series standards are perceived as "good corporate citizens" that produce higher quality products. Thus, they gain prestige that can help retain old customers and attract new ones.
Second, it improves customer satisfaction. Higher quality means higher customer satisfaction. Further, the manufacturer of a product is certified, a customer may feel better about the product even if it is, in fact, of no higher quality than that of a non-certified manufacturer.
Third, it creates a higher level of trust. Customers perceive a certified company as being more trust worthy than a non-certified company.
Fourth, it reduces the need for customer audits. With certification, a company has already been audited. Therefore, customers will not feel a need to audit every time they want to do business with a company. This can result in major savings. For example, it is reported that in some industry segments in the United States, a facility may be subject to dozens of audits per year; in some cases it may be as many as 30 per month.
Fifth, it can help a company increase its market share. Certified companies gain access to markets that require ISO certification, and they can deepen penetration of existing markets. Finally, the company can respond more quickly to market needs. With better quality procedures, it is easier to develop and market new product lines. Being the first to reach a market results in higher profits for the company.
There are costs in time and money for companies becoming certified to an ISO 9000 series standard. For example, an ISO program may take three months to over one year to implement, and it requires continual efforts to review progress and pursue improvement. Further, it costs money to develop a certification program and attain certification. There may be benefits in terms of increased sales resulting from public perception that the firm produces quality goods, but sometimes non-ISO certified companies may be able to produce a similar product more cheaply.
ISO certification does not mean that a firm's product is better than that of a non-ISO certified firm. For example, ISO 9000 series certification does not prevent design defects. To reiterate, the ISO series 9000 standards are process standards; they are not product standards.
The quality of an audit performed for ISO certification purposes depends on the qualifications and honesty of the auditor, and whether the auditor is acting in a first, second, or third party capacity. In addition, there are numerous problems inherent in the third party certification process.
First, the ISO does not have standard procedures for certification. As a result, various countries have developed different certification procedures. For example, in the United States, the national body of accreditation is the Registrar Accreditation Board (RAB). At present, the European Union (EU) does not regulate registrars. Instead, they are accredited through national certification boards. This divergence contributes to a lack of understanding of the certification process. Without an international certification procedure, companies and members of the public are uninformed about what is involved in certification. And, of course, standards for certification are not uniform.
Second, certification is not always recognized across borders of countries. Therefore, a registrar should be chosen in view of the company's customer base. One practice that facilitates operations of companies in various countries is that some U.S. registrars have signed memoranda with registrars in Europe. As a result of such agreements, a company can become ISO-certified in several countries through the completion of a single certification process.
Third, there is no centralized record of registrations. This makes proof of certification difficult, and potential customers must rely on documents in the possession of the certified firm or the auditing firm hired by the firm.
Fourth, certification is costly. It costs from $10,000 to $20,000 or more, and may take six to 18 months to perform, depending on the size of the company. This can be prohibitive for small companies and for companies with severely limited resources. Such companies tend to come, in disproportionate percentages, from developing countries as compared to companies from industrialized countries.
Another set of objections to the ISO 9000 series standards is based on the assertion that the standards function as a non-tariff barrier to trade. The adoption of ISO 9000 series by the EU is viewed by some commentators as a trade barrier to companies from outside the EU. In other cases, it has been asserted that, as ISO 9000 certification becomes a de facto requirement for doing business, it operates as a nontariff barrier to trade with respect to struggling companies from developing countries. This argument is based on the premise that ISO certification is an expense that is beyond the means of firms with extremely limited funds.
As implementation of the ISO 9000 series standards proceeds, additional issues arise. One important set of issues relates to how ISO 9000 will be coordinated with parallel, yet slightly divergent, sets of standards that are being developed. One of these sets of standards is the QS-9000 standard developed by Ford, General Motors, and Chrysler (now Daimler-Chrysler). QS-9000 incorporated the ISO 9000 series, but it added customer-specific and sector-specific guidelines. The members of TC 176 (the ISO technical committee that developed the ISO 9000 series) emphasize that the ISO 9000 series must maintain its generic character if it is to continue to be useful over a long term.
In the summer of 1995, proposed standards developed by the Japanese caused a clash between the United States and Japan. The Japanese Accreditation Board (JAB) had announced the JIS Z9901, a variant on ISO 9000, that would be applied to software manufacturers. It included a provision that required certification through registrars who would be trained and accredited under the JAB's system. U.S. software manufacturers and electronics companies were outraged at the special registration requirements. They viewed JIS Z9901 as a potential non-tariff barrier to trade, as a mechanism through which trade secrets might be stolen, and as a mechanism that would cut their market share. After ANSI, the American Electronics Association (AEA), the Informational Technology Industry Council (ITIC), and major multinational corporations such as Apple Computer, IBM, Motorola, and others became involved. Through negotiations with ANSI, JAB agreed with ANSI to conform to ISO norms for ISO 9000 rather than create special registration requirements for software manufacturers. The JAB withdrew JIS Z9901 and averted an international trade crisis.
The ISO 9000 series standards involve potentially high economic stakes. Therefore, there must be continuing, careful surveillance by various industries throughout the world, as standards are developed and refined, and, especially, as variants on the ISO 9000 system are developed.
Certification of businesses to the ISO 9000 series standards is increasing rapidly around the world. Many companies see implementation of the standards as an investment in the future. They are convinced that the program will pay for itself as it results in lower production costs and greater efficiency in operation as well as access to new markets and new customers. In many industries, certification has almost become a necessity for doing business. And in some countries, such as in the EU, certification is mandatory in certain industries.
Yet, the ISO 9000 series standards are process standards, not product standards. Their widespread use throughout the world is creating desirable harmonization in terms of providing goods to the public. But the ISO 9000 series standards do not guarantee quality products from the companies that participate in the program.
[ Paulette L. Stenzel ]
Badiru, Adedeji Docunde. Industry's Guide to ISO 9000. New York: John Wiley & Sons, Inc., 1995.
Johnson, Perry L. ISO 9000: Meeting The International Standards. 2nd ed. New York: McGraw-Hill, 1997.
Label, Wayne A., and Wilbur Priester. "Expanding Your Role in ISO." The CPA Journal, June 1996.
Mirams, Mike, and Paul McElheron. Gaining and Maintaining the New Quality Standards: The BS EN 9000 Tool Kit. Pitman Publishing, 1995.
"Using International Standards To Build A Better Business." Business Standards. British Standards Institute (BSI). Available at www.businessstandards.com .
Vloeberghs, Daniel, and Jan Bellens. "Implementing The ISO 9000 Standards in Belgium." Quality Standards, June 1996.
Zuckerman, Amy. International Standards: Desk Reference. New York: Amacom, 1997.