Chapter 1Putting ISO 9000 in ContextCHAPTER PREVIEWThis chapter is aimed at everyone with an interest in ISO 9000, students, consultants,auditors, quality managers and most importantly the decision makers, CEOs, COOs andManaging Directors. No reader should pass by this chapter without getting an appre-ciation of what ISO 9000 is all about. Many people have started their journey towards ISO 9001 certiﬁcation by reading thestandard and trying to understand the requirements. They get so far and then call forhelp, but they often haven’t learnt enough to ask the right questions. The helper mightmake the assumption that you already know why you are looking at ISO 9001 andtherefore may not spend the necessary time for you to understand what it is all about,what pitfalls may lie ahead and whether indeed you need to make this journey at all. Thiswill become clear when you read this chapter. When you encounter ISO 9001 for the ﬁrst time, it may be in a conversation, on theInternet, in a leaﬂet or brochure from your local chamber of commerce or as many havedone, from a customer. The source of the message is important as it will inﬂuence yourchoice of strategies: Our customers complain about the quality of the products and services we provide. We can’t demonstrate to our customers’ satisfaction that we have the capability of meeting their requirements. We need to get ISO 9001 certiﬁcation as we are losing orders to our competitors that are ISO 9001 registered. We need to get ISO 9001 certiﬁcation to trade within or with Europe.and if you are busy manager you could be forgiven for either putting it out of your mindor getting someone else to look into it. But you know that as a manager you are eithermaintaining the status quo or changing it and if you stay with the status quo for too long,your organization will go into decline. So you need to know: What the issue is? Why this is an issue? What this is costing us? What you should do about it? What the impact of this will be? How much it will cost? Where the resources are going to come from?ISO 9000 Quality Systems HandbookCopyright Ó 2009, David Hoyle. Published by Elsevier Ltd. All rights reserved. 3
4 PART j 1 Before You Start When you need to act? What the alternatives are and their relative costs? What the consequences are of doing nothing?In this chapter we put ISO 9000 in context by showing the link between ISO 9000 andthe fundamental basis for trade and in particular: Why customers need conﬁdence and how they go about getting it Why organizations need capability and how they go about getting it The principles on which the ISO 9000 family of standards has been based. The key requirements which underpin the structure of the standards. The growth in ISO 9001 certiﬁcation. Where ISO 9001 features in EU DirectivesMAKING THE LINKSince the dawn of civilization the survival of communities has depended on trade. Ascommunities grow they become more dependent on others providing goods andservices they are unable to provide from their own resources. Trade continues to thisday on the strength of the customer–supplier relationship. The relationship survivesthrough trust and conﬁdence at each stage in the supply chain. A reputation fordelivering a product or a service to an agreed speciﬁcation, at an agreed price on anagreed date is hard to win and organizations will protect their reputation againstexternal threat at all costs. But reputations are often damaged not by those outside butby those inside the organization and by other parties in the supply chain. Brokenpromises, whatever the cause, harm reputation and promises are broken when anorganization does not do what it has committed to do. This can arise either because theorganization accepted a commitment it did not have the capability to meet or it had thecapability but failed to manage it effectively. This is what the ISO 9000 family of standards is all about. It is a set of criteria thatcan be applied to all organizations regardless of type, size and product or serviceprovided. When applied correctly these standards will help organizations develop thecapability to create and retain satisﬁed customers in a manner that satisﬁes all the otherstakeholders. They are not product standards – there are no requirements for speciﬁcproducts or services – they contain criteria that apply to the management of an orga-nization in satisfying customer needs and expectations in a way that satisﬁes the needsand expectations of other stakeholders. ISO standards are voluntary and are based on international consensus among theexperts in the ﬁeld. ISO is a non-governmental organization and it has no power toenforce the implementation of the standards it develops. It is a network of the nationalstandards institutes of 160 countries and its aim is to facilitate the international coor-dination and uniﬁcation of industrial standards. By far, the majority of internationally agreed standards apply to speciﬁc types ofproducts and services with the aim of ensuring interchangeability, compatibility,interoperability, safety, efﬁciency and reduction in variation. Mutual recognition ofstandards between trading organizations and countries increases conﬁdence anddecreases the effort spend in verifying that suppliers have shipped acceptable products.
Chapter j 1 Putting ISO 9000 in Context 5 The ISO 9000 family of standards is just one small group of standards among the17,000 internationally agreed standards and other types of normative documents inISO’s portfolio. The standards in the ISO 9000 family In a Nutshell provide a vehicle for consolidating and The ISO 9000 family of standards will communicating concepts in the ﬁeld of stop you making promises you can’t quality management. It is not their fulﬁl and help you keep those you can. purpose to fuel the certiﬁcation, consul- Broken promises often lead to ting, training and publishing industries. conﬂict. The primary users of the standards are intended to be organizations acting as either customers or suppliers. Althoughall ISO standards are voluntary, one of the standards in the ISO 9000 family hasbecome a market requirement. This standard is ISO 9001 which is analysed in detail inParts 3–7 of this book. However, the primary purpose of these standards is to giveconﬁdence to customers that products and services meet the needs and expectations ofcustomers and other stakeholders and improve the capability of organizations to dothis. You don’t need to use any of the standards in the ISO 9000 family in order to developthe capability of satisfying your stakeholders, there are other models but none are asdetailed or as prescriptive.A QUEST FOR CONFIDENCECustomers need conﬁdence that their suppliers can meet their quality, cost and deliveryrequirements and have a choice as to how they acquire this conﬁdence. They can selecttheir suppliers:a) Purely on the basis of past performance, reputation or recommendation;b) By assessing the capability of potential suppliers themselves;c) On the basis of an assessment of capability performed by a third party.Most customers select their suppliers using option (a) or (b), but there will be caseswhere these options are not appropriate either because there is no evidence for usingoption (a) or resources are not available to use option (b) or it is not economic. It isfor these situations that a certiﬁcation scheme was developed. Organizations submitto a third party audit that is performed by an accredited certiﬁcation body inde-pendent of both customer and supplier. An audit is performed against the require-ments of ISO 9001 and if no nonconformities are found, a certiﬁcate is awarded. Thiscertiﬁcate provides evidence that the organization has the capability to meet customerand regulatory requirements relating to the supply of certain speciﬁed good andservices. Customers are now able to acquire the conﬁdence they require, simply byestablishing whether a supplier holds a current ISO 9001 certiﬁcate covering the typeof products and services they are seeking. However, the credibility of the certiﬁcaterests on the competence of the auditor and the integrity of the certiﬁcation body,neither of which are guaranteed. (This is addressed further in System assessment –Chapter 39.)
6 PART j 1 Before You Start Case Study - Trust in the System China’s biggest milk powder manufacturer sold contaminated milk after two brothers who ran a milk collection station added melamine to milk that they sold on from farmers to increase its protein content. Four babies have died and thousands have fallen ill after drinking milk tainted with toxic melamine. Melamine is an industrial chemical used to make plastic cups and saucers. Providing safe food for children is one of the most basic services of any economy. The toxin was introduced in a ploy by farmers to boost the apparent protein content of the milk that they sold to one of the best-known milk powder manufacturers in the country. The milk had been rejected several times previously by the manufacturer. Quality controls were ineffective. The milk producer had been told by its joint venture partner in New Zealand to recall the product but the local authorities in China would not do it. Twelve months prior to the incident the former head of the food and drug agency was executed for taking bribes and as a result the people were told they could trust what they buy.A QUEST FOR CAPABILITYTrading organizations need to achieve sustained success in a complex, demanding andever changing environment. This depends on their capability to:a) Identify the needs and expectations of their customers and other stakeholders;b) Convert customer needs and expectations into products and services that will satisfy them;c) Attract customers to the organization;d) Supply the products and services that meet customer requirements and deliver the expected beneﬁts;e) Operate in a manner that satisﬁes the needs of the other stakeholders. Many organizations develop their own ways Food for Thought of working and strive to satisfy their Many ISO 9000 registered organiza- customers in the best way they know how. tions fail to satisfy their customers but We will explain this further in more detail this is largely their own fault – they but in simple terms the management system simply don’t do what they say they will is the set of processes that enables the do. organization to do (a)–(e) and includes both If your management is not prepared a technical capability and a people capa- to change its values, it will always have bility. Many organizations develop the problems with quality. technical capability but not the people capability and are thus forever struggling to do what they say they will do. In choosing the best system for them, they can either go through a process of trial anderror, select from the vast body of knowledge on management, or utilize one or moremanagement models available that combine proven principles and concepts to developthe organization’s capability. ISO 9001 represents one of these models. Others areBusiness Excellence Model, Six Sigma and Business Process Management (BPM)which we address later in this chapter.
Chapter j 1 Putting ISO 9000 in Context 7 Having given the organization the capability to do (a)–(e), in many business-to-business relationships, organizations are able to give their customers conﬁdence intheir capability without becoming registered to ISO 9001. In some market sectors thereis a requirement to demonstrate capability through independently regulated conformityassessment procedures before goods and services are purchased. In such cases theorganization has no option, but to seek ISO 9001 certiﬁcation if it wishes to retainbusiness from that particular customer or market sector. However, it is important to recognize that there is no requirement in the ISO 9000family of standards for certiﬁcation. The standards can be used in helping an organi-zation discover the right things to do as well as assess for itself the extent to which itsgoals and processes meet international standards. Only where customers are imposingISO 9001 in purchase orders and contracts, would it be necessary to obtain ISO 9001certiﬁcation.THE UNDERLYING PRINCIPLESThe Assurance PrinciplesThe quest for conﬁdence through regulated standards evolved in the defence industry.Defence quality assurance standards (see Chapter 4) were based on the followingprinciples: It is essential that products and services be designed, manufactured and provided so as to conform to the purchaser’s requirements and this be effected as economically as practicable; The quality of products and services depends upon the contractor’s control of design, manufacture and other operations that affect quality; The contractor needs to institute such control over quality as is necessary to ensure the products and services conform to the purchaser’s contractual requirements; Contractors need to be prepared to substantiate by objective evidence that they have maintained control over the design, development and manufacturing operations and have performed inspection which demonstrates the acceptability of products and services; The purchaser needs to stipulate the assurance required to ascertain that the contractor has control over the operations to be carried out and will ensure that the products and services are properly produced and inspected.These are the assurance principles, the intent of which is to deliver conﬁdence tocustomers that the products and services will be or are what they are claimed to be andwill be, are being and have been produced under controlled conditions. By including the phrase ‘‘.and this be effected as economically as practicable’’,there is an implication that contractor’s controls were to embrace quality, cost anddelivery but other than in Mil-Q-9858A neither the AQAPs nor Def Stans included anyrequirements for maintaining and using quality cost data. By including the phrase‘‘control of . other operations that affect quality’’, there is an implication thatcontractors’ controls were to address the processes that created and maintained theworking environment but none of the standards included requirements on this topic andit was not until ISO 9001:2000 that requirements for managing the ‘‘work environment’’were introduced.
8 PART j 1 Before You Start The economics of quality was brought out in ISO 9000:1987 in which the intent wasstated as: ‘‘to achieve and sustain good economic performance through continual improvementin the customer speciﬁcation and the organizational system to design and produce theproduct or service to satisfy the user’s needs or requirements’’ It was believed that if organizations were able to demonstrate that they were oper-ating a quality system that met international standards, customers would gain greaterconﬁdence in the quality of products they purchased. Clearly the intent of these stan-dards was that when implemented, the contractor could be relied upon to meet customerrequirements in the most economical manner. The implication being that delivery ofnonconforming product or service, late delivery and cost overruns would be anextremely rare event.The Management PrinciplesIf we ask ourselves, ‘‘On what does the achievement of quality depend?’’ we will ﬁndthat it rather depends upon our point of view. In Deming’s seminar on Profound Knowledge (c. 1987) he suggested that if you askpeople to answer ‘‘Yes or No’’ to the question ‘‘Do you believe in quality?’’ no onewould answer ‘‘No’’. They would also know what to do to achieve it and he citeda number of examples which have been put into the cause and effect diagram shown inFig. 1-1. It is the causes below the labels on the ends of each line that are the deter-minants. The labels simply categorize the causes. Deming regarded these factors as all wrong. Either singularly or all together they willnot achieve quality. They all require money or learning a new skill and as Lloyd Dobyns(Deming’s collaborator on the video library) says ‘‘They allow management to duck theissue’’. However, he tells us that the fact that they won’t work does not mean each ofthem is wrong. Once the processes are predictable and the system is stable, a techniquesuch as Just in Time is a smart thing to do. FIGURE 1-1 Inappropriate determinants of quality.
Chapter j 1 Putting ISO 9000 in Context 9 We need principles to help us determine the right things to do and understand why wedo what we do. The more prescription we have, the more we get immersed in the detailand lose sight of our objectives – our purpose – our reason for doing what we do. Oncewe have lost sight of our purpose, our actions and decisions follow the mood of themoment. They are swayed by the political climate or fear of reprisals. Since the dawn of the industrial revolution, when man came out of the ﬁelds into thefactories, management became a subject for analysis and synthesis in an attempt todiscover some analytical framework upon which to build managerial excellence. Thereemerged many management principles and indeed they continue to emerge in an attemptto help managers deal with the challenges of management more effectively. Principles or Rules A principle is a fundamental law, truth or assumption that is veriﬁable. Management prin- ciples are a guide to action; they are not rules. ‘‘No entry to unauthorized personnel’’ is a rule that is meant to be obeyed without deviation, whereas a principle is ﬂexible, it does not require rigid obedience. A principle may not be useful under all conditions and a violation of a principle under certain conditions may not invalidate the principle for all conditions. A violation of a principle results in consequences usually by making operations more inefﬁcient or less effective, but that may be a price worth paying under certain circumstances. In order to make this judgement, managers need a full understanding of the consequence of ignoring the principles. Over the last 20 years a number of principles have been developed that appear torepresent the factors upon which the achievement of quality depends:1. Understanding customer needs and expectations, i.e., a customer focus;2. Creating a unity of purpose and a quality culture, i.e., leadership;3. Developing and motivating the people, i.e., involvement of people;4. Managing processes effectively, i.e., the process approach;5. Understanding interactions and interdependencies, i.e., the systems approach;6. Continually seeking better ways of doing things, i.e., continual improvement;7. Basing decisions on facts, i.e., the factual approach;8. Realizing that you need others to succeed, i.e., mutual beneﬁcial relationships.These eight factors represent the causes of quality as shown in the cause and effectdiagram of Fig. 1-2. A failure either to understand the nature of any one of these factorsor to manage them effectively will invariably lead to a quality failure, the consequencesof which may be disastrous for the individual, the customer, the organization, thecountry and the planet. A quality management principle is deﬁned by ISO/TC 176 as a comprehensiveand fundamental rule or belief, for leading and operating an organization, aimed atcontinually improving performance over the long term by focusing on customerswhile addressing the needs of all other interested parties. It is a pity that thisdeﬁnition includes the word ‘‘rule’’ because principles are not rules (as this impliesinﬂexibility), but guides to action, implying ﬂexibility and judgement as to theirappropriateness.
10 PART j 1 Before You Start FIGURE 1-2 The eight-quality management principles. All the requirements of ISO 9001:2008 are related to one or more of these principles.These principles provide the reasons for the requirements and are thus very important.Each of these is addressed below.Customer FocusThis principle is expressed as follows. Organizations depend on their customers and therefore should understand currentand future customer needs, meet customer requirements and strive to exceed customerexpectations. An organization applying the customer focus principle would be one in whichpeople: Understood customer needs and expectations; Met customer requirements in a way that met the needs and expectations of all other stakeholders; Communicated these needs and expectations throughout the organization; Have the knowledge, skills and resources required to satisfy the organization’s customers; Measured customer satisfaction and acted on results; Understood and managed customer relationships; Could relate their actions and objectives directly to customer needs and expectations; Were sensitive to customer preferences and acted in a way that put the customer ﬁrst. Leadership vs Management Leadership Leadership means making sure that the This principle is expressed as follows. organization is doing the right things. Leaders establish unity of purpose and Management means making sure that direction for the organization. They should those things are being done right. create and maintain the internal environment (John M Bryson) in which people can become fully involved in achieving the organization’s objectives.
Chapter j 1 Putting ISO 9000 in Context 11 An organization applying the leadership principle would be one in whichleaders are: Establishing and communicating a clear vision of the organization’s future; Establishing shared values and ethical role models at all levels of the organization; Being proactive and leading by example; Understanding and responding to changes in the external environment; Considering the needs of all stakeholders; Building trust and eliminating fear; Providing people with the required resources and freedom to act with responsibility and accountability; Promoting open and honest communication; Educating, training and coaching people; Setting challenging goals and targets aligned to the organization’s mission and vision; Communicating and implementing a strategy to achieve these goals and targets; Using performance measures that encourage behaviour consistent with these goals and targets.Involvement of PeopleThis principle is expressed as follows. People at all levels are the essence of an organization and their full involvementenables their abilities to be used for the organization’s beneﬁt. An organization applying the involvement of people principle would be one in whichpeople are: Accepting ownership and responsibility to solve problems; Actively seeking opportunities to make improvements; Actively seeking opportunities to enhance their competencies, knowledge and experience; Freely sharing knowledge and experience in teams and groups; Focusing on the creation of value for customers; Being innovative and creative in furthering the organization objectives; Better representing the organization to customers, local communities and society at large; Deriving satisfaction from their work; Enthusiastic and proud to be part of the organization.Process ApproachThis principle is expressed as follows. A desired result is achieved more efﬁciently when related resources and activities aremanaged as a process. An organization applying the process approach principle would be one in whichpeople: Know the objectives they have to achieve and the process that will enable them to achieve these results; Know what measures will indicate whether the objectives have been achieved;
12 PART j 1 Before You Start Have clear responsibility, authority and accountability for the results; Perform only those activities that are necessary to achieve these objectives and deliver these outputs; Assess risks to success and put in place measures that eliminate, reduce or control these risks; Know what resources, information and competences are required to achieve the objectives; Know whether the process is achieving its objectives as measured; Find better ways of achieving the process objectives and of improving process efﬁciency; Regularly conﬁrm that the objectives and targets they are aiming for remain relevant to the needs of the organization.Systems Approach to ManagementThis principle is expressed as follows. Identifying, understanding and managing interrelated processes as a systemcontributes to the organization’s effectiveness and efﬁciency in achieving its objectives. An organization applying the system approach principle would be one in whichpeople: Are able to visualize the organization as a system of interacting processes; Structure the system to achieve the objectives in the most efﬁcient way; Understand the interactions and interdependencies between the processes in the system; Derive process objectives from system objectives; Understand the impact of their actions and decision on other processes with which they interface and on the organization’s goals; Establish resource constraints prior to action.Continual ImprovementThis principle is expressed as follows. Continual improvement of the organization’s overall performance should bea permanent objective of the organization. An organization applying the continual improvement principles would be one inwhich people are: Making continual improvement of products, processes and systems - an objective for every individual in the organization; Applying the basic improvement concepts of incremental improvement and break- through improvement; Using periodic assessments against established criteria of excellence to identify areas for potential improvement; Continually improving the efﬁciency and effectiveness of all processes; Promoting prevention-based activities; Providing every member of the organization with appropriate education and training, on the methods and tools of continual improvement;
Chapter j 1 Putting ISO 9000 in Context 13 Establishing measures and goals to guide and track improvements; Recognizing improvements.Factual Approach to Decision MakingThis principle is expressed as follows. Effective decisions are based on the analysis of data and information. An organization applying the factual approach principle would be one in whichpeople are: Deﬁning performance measures that relate to the quality characteristics required for the process, product or service being measured; Taking measurements and collecting data and information relevant to the product, process or service objective; Ensuring that the data and information are sufﬁciently accurate, reliable and accessible; Analysing the data and information using valid methods; Understanding the value of appropriate statistical techniques; Making decisions and taking action based on the results of logical analysis balance with experience and intuition.Mutually Beneﬁcial Supplier RelationshipsThis principle is expressed as follows. An organization and its suppliers are interdependent and a mutually beneﬁcialrelationship enhances the ability of both to create value. An organization applying the supplier relationship principle would be one in whichpeople are: Identifying and selecting key suppliers on the basis of their ability to meet require- ments without compromising quality; Establishing supplier relationships that balance short-term gains with long-term considerations for the organization and society at large; Creating clear and open communications; Initiating joint development and improvement of products and processes; Jointly establishing a clear understanding of customers’ needs; Sharing information and future plans; Recognizing supplier improvements and achievements.This principle has a dual focus even though it refers to suppliers. The organization isa supplier to its customer and is a customer to its suppliers.Using the PrinciplesThe principles can be used in validating the design of processes, in validating decisions,in auditing system and processes. You look at a process and ask: Where is the customer focus in this process? Where in this process are there leadership, guiding policies, measurable objectives and the environment that motivate the workforce to achieve these objectives?
14 PART j 1 Before You Start Where in this process is the involvement of people in the design of the process, the making of decisions, the monitoring and measurement of performance and the improvement of performance? Where is the process approach to the accomplishment of these objectives? Where is the systems’ approach to the management of these processes, the optimi- sation of performance, the elimination of bottlenecks and delays? Where in the process are decisions based on fact? Where is there continual improvement in performance, efﬁciency and effectiveness of this process? Where is there a mutually beneﬁcial relationship with suppliers in this process?Also you can review the actual measures used for assessing leadership, customerrelationships, personnel, processes, systems, decisions, performance and supplier rela-tionships for alignment with the principles.THE REQUIREMENTSThe Basis for the RequirementsThe requirements of ISO 9001 have been based on the above principles but not derivedfrom them as the principles and the requirements have evolved in parallel over severalyears. Work is now underway in ISO to bring greater alignment between the principles,concepts, terminology and requirements but this won’t be compete until 2013. ISO 9001contains over 260 requirements spread over ﬁve sections but the way the requirementsare grouped creates some anomalies and fails to bring clarity to the structure. All thetopics addressed by the requirements are listed in Chapter 38.Purpose of RequirementsThe purpose of these requirements is to provide an assurance of product quality as isapparent from ISO 9001 clause 0.1 where it states ‘‘This International Standard can beused by internal and external parties, including certiﬁcation bodies, to assess theorganization’s ability to meet customer, statutory and regulatory requirements appli-cable to the product, and the organization’s own requirements.’’ They are therefore notintended to be for the purpose of developing a quality management system. If we ask ofevery requirement, ‘‘Would conﬁdence in the quality of the product be diminished if thisrequirement was not met?’’ We should, in principle, get an afﬁrmative response, but thismight not always be the case as it was not the approach taken in the validation of thestandard. There was a change in direction in 2000 when the ISO 9000 family changed its focusfrom procedures to processes. This change is illustrated in Fig. 1-3. ISO 9001:2008clearly positions the system of managed processes as the means for generating con-forming products with the intent that these create satisﬁed customers. ISO 9004:2009goes further and creates a cycle of sustained success, driven from a mission and visionthat is inﬂuenced by stakeholder needs and expectations through an extended system ofmanaged processes to produce results that satisfy all stakeholders.
Chapter j 1 Putting ISO 9000 in Context 15 FIGURE 1-3 The changing purpose in the ISO 9000 family.The Basic Management RequirementsFurther on, in this book we comment on the structure of ISO 9001 and the 263requirements in more detail, but we can condense these into the following sevenmanagement requirements:1. Purpose – establish the organization’s purpose and the needs and expectations of stakeholders relative to this purpose.2. Policy – deﬁne, document, maintain and communicate the overall intentions, prin- ciples and values related to quality.3. Planning – establish objectives, measures and targets for fulﬁlling the organiza- tion’s purpose and its policies, assessing risks and develop plans and processes for achieving the objectives that take due account of these risks.4. Implementation – resource, operate and manage the plans and processes to deliver outputs that achieve the planned results.5. Measurement – monitor, measure and audit processes, the fulﬁlment of objectives and policies and satisfaction of stakeholders.6. Review – analyse and evaluate the results of measurement, determine performance against objectives and determine changes needed in policies, objectives, measures, targets and processes for the continuing suitability, adequacy and effectiveness of the system.7. Improvement – undertake action to bring about improvement by better control, better utilization of resources and better understanding of stakeholder needs. This might include innovation and learning.
16 PART j 1 Before You StartThe Basic Assurance RequirementsWe can also condense the requirements of ISO 9001 into ﬁve assurance requirements.1. The organization shall demonstrate its commitment to the achievement of quality.2. The organization shall demonstrate that it has effective policies for creating an envi- ronment that will motivate its personnel into satisfying the needs and expectations of its customers and applicable statutory and regulatory requirements.3. The organization shall demonstrate that it has effectively translated the needs and expectations of its customers and applicable statutory and regulatory requirements into measurable and attainable objectives.4. The organization shall demonstrate that it has an effective system of interacting pro- cesses for enabling the organization to meet these objectives in the most efﬁcient way.5. The organization shall demonstrate that it is achieving these objectives as measured, that they are being achieved in the best way and that they remain consistent with the needs and expectations of its customers and applicable statutory and regulatory requirements.POPULARITY OF ISO 9001 CERTIFICATIONISO 9001 has gained in popularity since 1987 when the UK led the ﬁeld holding thehighest number of ISO 9001, 9002 and 9003 certiﬁcates (ISO 9002 and 9003 becameobsolete in 2003). Since then certiﬁcation in the UK has declined from a peak of 66,760in 2001 to 35,517 by December 2007 pushing the UK into eighth place. This is largelydue to the transfer of manufacturing to the Asian economies and why China has held thelead since 2002. The latest year for which there are published ﬁgures is 2007, when 18 of175 countries (10%) held 80% of the total number if certiﬁcates issued as detailed inTable 1-1.1 As quality system standards for automotive and medical devices (ISO/TS16949 and ISO 13485) include all requirements from ISO 9001, certiﬁcation to thesestandards can be added to the numbers of ISO 9001 certiﬁcates. The numbers onlyinclude data from certiﬁcation bodies that are accredited by members of the Interna-tional Accreditation Forum (IAF). The data is for numbers of certiﬁcates issued and notfor the number of organizations to which certiﬁcates are issued which may be less assome organizations register each location. The 15-year trend since records began in 1992 is shown in Fig. 1-4. The temporaryarrest in growth during the transition from ISO 9001:1994 to ISO 9001:2000 is clearlyevident. The continued growth is likely to be due to the European Union Directiveswhich are addressed next.ISO 9001 AND EU DIRECTIVESWith the formation of the European Union (EU) in 1993 there was a need to removebarriers to the free movement of goods across the Union. One part of this was toharmonize standards. At the time each country had its own standards for testing productsand for controlling the processes by which they were conceived, developed andproduced. This led to a lack of conﬁdence and consequently to the buying organizations1 ISO Survey (December 2007) International Organization for Standardisation, Geneva.
Chapter j 1 Putting ISO 9000 in Context 17 TABLE 1-1 Top 10% of Countries with ISO 9001 and Derivative Certiﬁcates Number of certiﬁcates issued Country ISO 9001 ISO/TS 16949 ISO 13485 Total % of Total China 210,773 7732 1329 219,834 21.99% Italy 115,359 1024 1482 117,865 11.79% Japan 73,176 1106 456 74,738 7.48% Spain 65,112 928 40 66,080 6.61% India 46,091 2008 222 48,321 4.83% Germany 45,195 3068 2204 50,467 5.05% USA 36,192 4288 2186 42,666 4.27% UK 35,517 701 589 36,807 3.68% France 22,981 1165 709 24,855 2.49% Netherlands 18,922 120 47 19,089 1.91% Republic of Korea 15,749 3453 6 19,208 1.92% Brazil 15,384 972 73 16,429 1.64% Turkey 12,802 504 52 13,358 1.34% Russian Federation 11,527 78 28 11,633 1.16% Switzerland 11,077 115 608 11,800 1.18% Israel 10,846 10,846 1.08% Hungary 10,473 257 37 10,767 1.08% Czech Republic 10,458 526 221 11,205 1.12% Sub-total 767,634 27,262 9264 805,968 80.62% Others 193,701 19.38% Grand total 999,669 100.00%undertaking their own product testing and in addition assessment of the seller’s qualitymanagement systems. The EU Council was concerned with protecting its citizens with respect to health,safety and environment and therefore decided that it needed a compliance system thatregulated the quality of products ﬂowing into and around the EU. The model prevalent inmany countries was the conformity assessment regimes operated by procurementagencies where they did the testing, inspection and system assessment. In May 1985 the EEC Council passed a resolution on a new approach to technicalharmonization and standards (85/C 136/01) that was intended to resolve technicalbarriers to trade and dispel the consequent uncertainty for economic operators. The newapproach provided for reference to standards (preferably European but national if
18 PART j 1 Before You StartFIGURE 1-4 Growth in ISO 9001 and derivative certiﬁcates.(including ISO 9002, ISO 9003, ISO/TS 16949 ISO 13485)appropriate) for the purposes of deﬁning the technical characteristics of productsaccompanied by a policy on the assessment of conformity to such standards. Thesestandards would specify the ‘‘essential requirements’’ as regards health protection andsafety with which products put on the market must conform. In 1993 the Counciladopted 93/465/EEC putting in place the conformity assessment procedures and rulesfor the afﬁxing and use of the CE conformity marking, that were intended to be used inthe technical harmonization directives. This legislation was repealed in June 2008 when the Council of the European Unionadopted a new Common Framework for marketing products. This broad package ofprovisions is intended to remove the remaining obstacles to free circulation of products andrepresents a major boost for trade in goods between EU Member States. The legislation isintended to bring particular beneﬁts for small and medium sized enterprises (SMEs), whowill no longer be discouraged from doing business outside their domestic markets. ISO 9001 is perceived by the EU Council as ensuring health and safety requirementsare met because ISO 9001 now requires organizations to demonstrate that they have theability to consistently provide product that meets customer and applicable statutory andregulatory requirements. Such requirements would be speciﬁed in EU Directives. Whereconformity with these directives can be veriﬁed by inspection or test of the end product,ISO 9001 is not a requirement for those seeking to supply within and into the EU. Whereconformity cannot be ensured without control over design and/or production processes,conformity with ISO 9001 needs to be assessed by a ‘‘notiﬁed body’’. The 2008 EUDirectives require manufacturers to lodge an application for assessment of their qualitysystem with the notiﬁed body of their choice, for the products concerned. A summary ofthe conformity assessment procedures is shown in Table 1-2. There are rules in ArticleR17 of the Common Framework regulating ‘‘notiﬁed bodies’’.
Chapter j 1 Putting ISO 9000 in ContextTABLE 1-2 Conformity Assessment Procedures in EU Legislation Module A: Internal Module B: Module G: Module H: Full production control Type examination Unit veriﬁcation quality assuranceDesign Manufacturer keeps Manufacturer submits Manufacturer EN ISO 9001:2000 (4) technical documentation to notiﬁed body: submits Manufacturer: at the disposal of national technical Technical documentation Operates an approved authorities documentation Supporting evidence for the quality system for design adequacy of the technical Submits technical design solution documentation Specimen(s), representative of the production envis- aged, as required Notiﬁed body: Notiﬁed body carries out surveillance of the QMS Ascertains conformity with H1 Notiﬁed body: essential requirements Examines technical docu- Veriﬁes conformity of mentation and supporting design (1) evidence to assess Issues EC-design examina- adequacy of the technical tion certiﬁcate (1) design For specimen(s): carries out tests, if necessary Issues EC- type examination certiﬁcate Continued 19
20TABLE 1-2 Conformity Assessment Procedures in EU Legislationdcont’d Module A: Internal Module C: Module D: Module E: Module F: Module G: Module H: production Conformity Production Product quality Product Unit Full quality control to type quality assurance assurance veriﬁcation veriﬁcation assuranceProduction A. Manufacturer: C. Manufacturer: EN ISO 9001:2000 EN ISO 9001:2000 Manufacturer: Manufacturer: (2). Manufacturer: (3). Manufacturer: Declares confor- Declares confor- Submits Operates an mity with essen- mity with Operates an Operates an product approved QMS for tial requirements approved type approved quality approved quality Declares production, ﬁnal PART j 1 Before You Start Afﬁxes required Afﬁxes required system for system for ﬁnal conformity inspection and conformity conformity production, ﬁnal inspection and Afﬁxes testing marking marking inspection and testing required confor- Declares testing Declares mity marking conformity Declares confor- conformity with Afﬁxes required mity with approved type conformity approved type Afﬁxes required marking Afﬁxes required conformity conformity marking marking
Chapter j 1 Putting ISO 9000 in ContextA1. Accredited C1. Accredited D1. E1. Notiﬁed body: Notiﬁed bodyin-house body or in-house body or Carries out Declares confor- Declares Conformity Veriﬁes confor-notiﬁed body notiﬁed body surveillance of the mity to essential to essential mity to essentialperforms tests on performs tests on QMS requirements requirements requirementsspeciﬁc aspects of speciﬁc aspects of Afﬁxes required Afﬁxes required Issues certiﬁcatethe product (1) the product (1) conformity conformity marking of conformity C2. Product marking checks at random intervals (1)A2. Product Notiﬁed body: Notiﬁed body: Notiﬁed body: Notes:checks at random Approves the QS Approves the QS Veriﬁes conformity (1) Supplementary requirements which may be used inintervals (1) Carries out surveil- Carries out surveil- to essential sectoral legislation lance lance of requirements (2) Except for sub-clause 7.3 and requirements relating to of the QMS the QMS Issues certiﬁcate customer satisfaction and continual improvement of conformity (3) Except for sub-clauses 7.1, 7.2.3, 7.3, 7.4, 7.5.1, 7.5.2, 7.5.3 and requirements relating to customer satisfaction and continual improvement (4) Except for requirements relating to customer satisfac- tion and continual improvement 21