08 27 chapter 1 - putting iso 9000 in context

Chapter 1

Putting ISO 9000 in Context

CHAPTER PREVIEW

This chapter is aimed at everyone with an interest in ISO 9000, students, consultants,auditors, quality managers and most importantly the decision makers, CEOs, COOs andManaging Directors. No reader should pass by this chapter without getting an appre-ciation of what ISO 9000 is all about.

Many people have started their journey towards ISO 9001 certification by reading thestandard and trying to understand the requirements. They get so far and then call forhelp, but they often haven’t learnt enough to ask the right questions. The helper mightmake the assumption that you already know why you are looking at ISO 9001 andtherefore may not spend the necessary time for you to understand what it is all about,what pitfalls may lie ahead and whether indeed you need to make this journey at all. Thiswill become clear when you read this chapter.

When you encounter ISO 9001 for the first time, it may be in a conversation, on theInternet, in a leaflet or brochure from your local chamber of commerce or as many havedone, from a customer. The source of the message is important as it will influence yourchoice of strategies:

� Our customers complain about the quality of the products and services we provide.� We can’t demonstrate to our customers’ satisfaction that we have the capability of

meeting their requirements.� We need to get ISO 9001 certification as we are losing orders to our competitors that

are ISO 9001 registered.� We need to get ISO 9001 certification to trade within or with Europe.

and if you are busy manager you could be forgiven for either putting it out of your mindor getting someone else to look into it. But you know that as a manager you are eithermaintaining the status quo or changing it and if you stay with the status quo for too long,your organization will go into decline. So you need to know:

� What the issue is?� Why this is an issue?� What this is costing us?� What you should do about it?� What the impact of this will be?� How much it will cost?� Where the resources are going to come from?

ISO 9000 Quality Systems Handbook

Copyright � 2009, David Hoyle. Published by Elsevier Ltd. All rights reserved. 3

4 PART j 1 Before You Start

� When you need to act?� What the alternatives are and their relative costs?� What the consequences are of doing nothing?

In this chapter we put ISO 9000 in context by showing the link between ISO 9000 andthe fundamental basis for trade and in particular:

� Why customers need confidence and how they go about getting it� Why organizations need capability and how they go about getting it� The principles on which the ISO 9000 family of standards has been based.� The key requirements which underpin the structure of the standards.� The growth in ISO 9001 certification.� Where ISO 9001 features in EU Directives

MAKING THE LINK

Since the dawn of civilization the survival of communities has depended on trade. Ascommunities grow they become more dependent on others providing goods andservices they are unable to provide from their own resources. Trade continues to thisday on the strength of the customer–supplier relationship. The relationship survivesthrough trust and confidence at each stage in the supply chain. A reputation fordelivering a product or a service to an agreed specification, at an agreed price on anagreed date is hard to win and organizations will protect their reputation againstexternal threat at all costs. But reputations are often damaged not by those outside butby those inside the organization and by other parties in the supply chain. Brokenpromises, whatever the cause, harm reputation and promises are broken when anorganization does not do what it has committed to do. This can arise either because theorganization accepted a commitment it did not have the capability to meet or it had thecapability but failed to manage it effectively.

This is what the ISO 9000 family of standards is all about. It is a set of criteria thatcan be applied to all organizations regardless of type, size and product or serviceprovided. When applied correctly these standards will help organizations develop thecapability to create and retain satisfied customers in a manner that satisfies all the otherstakeholders. They are not product standards – there are no requirements for specificproducts or services – they contain criteria that apply to the management of an orga-nization in satisfying customer needs and expectations in a way that satisfies the needsand expectations of other stakeholders.

ISO standards are voluntary and are based on international consensus among theexperts in the field. ISO is a non-governmental organization and it has no power toenforce the implementation of the standards it develops. It is a network of the nationalstandards institutes of 160 countries and its aim is to facilitate the international coor-dination and unification of industrial standards.

By far, the majority of internationally agreed standards apply to specific types ofproducts and services with the aim of ensuring interchangeability, compatibility,interoperability, safety, efficiency and reduction in variation. Mutual recognition ofstandards between trading organizations and countries increases confidence anddecreases the effort spend in verifying that suppliers have shipped acceptable products.

5Chapter j 1 Putting ISO 9000 in Context

The ISO 9000 family of standards is just one small group of standards among the17,000 internationally agreed standards and other types of normative documents inISO’s portfolio.

The standards in the ISO 9000 familyprovide a vehicle for consolidating andcommunicating concepts in the field ofquality management. It is not theirpurpose to fuel the certification, consul-ting, training and publishing industries.The primary users of the standards areintended to be organizations acting aseither customers or suppliers. Although

all ISO standards are voluntary, one of the standards in the ISO 9000 family hasbecome a market requirement. This standard is ISO 9001 which is analysed in detail inParts 3–7 of this book. However, the primary purpose of these standards is to giveconfidence to customers that products and services meet the needs and expectations ofcustomers and other stakeholders and improve the capability of organizations to dothis.

You don’t need to use any of the standards in the ISO 9000 family in order to developthe capability of satisfying your stakeholders, there are other models but none are asdetailed or as prescriptive.

A QUEST FOR CONFIDENCE

Customers need confidence that their suppliers can meet their quality, cost and deliveryrequirements and have a choice as to how they acquire this confidence. They can selecttheir suppliers:

a) Purely on the basis of past performance, reputation or recommendation;b) By assessing the capability of potential suppliers themselves;c) On the basis of an assessment of capability performed by a third party.

Most customers select their suppliers using option (a) or (b), but there will be caseswhere these options are not appropriate either because there is no evidence for usingoption (a) or resources are not available to use option (b) or it is not economic. It isfor these situations that a certification scheme was developed. Organizations submitto a third party audit that is performed by an accredited certification body inde-pendent of both customer and supplier. An audit is performed against the require-ments of ISO 9001 and if no nonconformities are found, a certificate is awarded. Thiscertificate provides evidence that the organization has the capability to meet customerand regulatory requirements relating to the supply of certain specified good andservices. Customers are now able to acquire the confidence they require, simply byestablishing whether a supplier holds a current ISO 9001 certificate covering the typeof products and services they are seeking. However, the credibility of the certificaterests on the competence of the auditor and the integrity of the certification body,neither of which are guaranteed. (This is addressed further in System assessment –Chapter 39.)

In a Nutshell

The ISO 9000 family of standards will

stop you making promises you can’t

fulfil and help you keep those you can.

Broken promises often lead to

conflict.


Case Study - Trust in the System

China’s biggest milk powder manufacturer sold contaminated milk after two brothers who ran

a milk collection station added melamine to milk that they sold on from farmers to increase its

protein content. Four babies have died and thousands have fallen ill after drinking milk

tainted with toxic melamine. Melamine is an industrial chemical used to make plastic cups

and saucers.

Providing safe food for children is one of the most basic services of any economy. The toxin

was introduced in a ploy by farmers to boost the apparent protein content of the milk that they

sold to one of the best-known milk powder manufacturers in the country.

The milk had been rejected several times previously by the manufacturer. Quality controls

were ineffective. The milk producer had been told by its joint venture partner in New Zealand

to recall the product but the local authorities in China would not do it.

Twelve months prior to the incident the former head of the food and drug agency was

executed for taking bribes and as a result the people were told they could trust what they buy.

A QUEST FOR CAPABILITY

Trading organizations need to achieve sustained success in a complex, demanding andever changing environment. This depends on their capability to:

a) Identify the needs and expectations of their customers and other stakeholders;b) Convert customer needs and expectations into products and services that will satisfy

them;c) Attract customers to the organization;d) Supply the products and services that meet customer requirements and deliver the

expected benefits;e) Operate in a manner that satisfies the needs of the other stakeholders.

Many organizations develop their own waysof working and strive to satisfy theircustomers in the best way they know how.We will explain this further in more detailbut in simple terms the management systemis the set of processes that enables theorganization to do (a)–(e) and includes botha technical capability and a people capa-bility. Many organizations develop thetechnical capability but not the peoplecapability and are thus forever struggling todo what they say they will do.

In choosing the best system for them, they can either go through a process of trial anderror, select from the vast body of knowledge on management, or utilize one or moremanagement models available that combine proven principles and concepts to developthe organization’s capability. ISO 9001 represents one of these models. Others areBusiness Excellence Model, Six Sigma and Business Process Management (BPM)which we address later in this chapter.

Food for Thought

Many ISO 9000 registered organiza-

tions fail to satisfy their customers but

this is largely their own fault – they

simply don’t do what they say they will

do.

If your management is not prepared

to change its values, it will always have

problems with quality.


Having given the organization the capability to do (a)–(e), in many business-to-business relationships, organizations are able to give their customers confidence intheir capability without becoming registered to ISO 9001. In some market sectors thereis a requirement to demonstrate capability through independently regulated conformityassessment procedures before goods and services are purchased. In such cases theorganization has no option, but to seek ISO 9001 certification if it wishes to retainbusiness from that particular customer or market sector.

However, it is important to recognize that there is no requirement in the ISO 9000family of standards for certification. The standards can be used in helping an organi-zation discover the right things to do as well as assess for itself the extent to which itsgoals and processes meet international standards. Only where customers are imposingISO 9001 in purchase orders and contracts, would it be necessary to obtain ISO 9001certification.

THE UNDERLYING PRINCIPLES

The Assurance Principles

The quest for confidence through regulated standards evolved in the defence industry.Defence quality assurance standards (see Chapter 4) were based on the followingprinciples:

� It is essential that products and services be designed, manufactured and provided soas to conform to the purchaser’s requirements and this be effected as economically aspracticable;

� The quality of products and services depends upon the contractor’s control of design,manufacture and other operations that affect quality;

� The contractor needs to institute such control over quality as is necessary to ensurethe products and services conform to the purchaser’s contractual requirements;

� Contractors need to be prepared to substantiate by objective evidence that they havemaintained control over the design, development and manufacturing operations andhave performed inspection which demonstrates the acceptability of products andservices;

� The purchaser needs to stipulate the assurance required to ascertain that the contractorhas control over the operations to be carried out and will ensure that the products andservices are properly produced and inspected.

These are the assurance principles, the intent of which is to deliver confidence tocustomers that the products and services will be or are what they are claimed to be andwill be, are being and have been produced under controlled conditions.

By including the phrase ‘‘.and this be effected as economically as practicable’’,there is an implication that contractor’s controls were to embrace quality, cost anddelivery but other than in Mil-Q-9858A neither the AQAPs nor Def Stans included anyrequirements for maintaining and using quality cost data. By including the phrase‘‘control of . other operations that affect quality’’, there is an implication thatcontractors’ controls were to address the processes that created and maintained theworking environment but none of the standards included requirements on this topic andit was not until ISO 9001:2000 that requirements for managing the ‘‘work environment’’were introduced.


The economics of quality was brought out in ISO 9000:1987 in which the intent wasstated as:

‘‘to achieve and sustain good economic performance through continual improvementin the customer specification and the organizational system to design and produce theproduct or service to satisfy the user’s needs or requirements’’

It was believed that if organizations were able to demonstrate that they were oper-ating a quality system that met international standards, customers would gain greaterconfidence in the quality of products they purchased. Clearly the intent of these stan-dards was that when implemented, the contractor could be relied upon to meet customerrequirements in the most economical manner. The implication being that delivery ofnonconforming product or service, late delivery and cost overruns would be anextremely rare event.

The Management Principles

If we ask ourselves, ‘‘On what does the achievement of quality depend?’’ we will findthat it rather depends upon our point of view.

In Deming’s seminar on Profound Knowledge (c. 1987) he suggested that if you askpeople to answer ‘‘Yes or No’’ to the question ‘‘Do you believe in quality?’’ no onewould answer ‘‘No’’. They would also know what to do to achieve it and he citeda number of examples which have been put into the cause and effect diagram shown inFig. 1-1. It is the causes below the labels on the ends of each line that are the deter-minants. The labels simply categorize the causes.

Deming regarded these factors as all wrong. Either singularly or all together they willnot achieve quality. They all require money or learning a new skill and as Lloyd Dobyns(Deming’s collaborator on the video library) says ‘‘They allow management to duck theissue’’. However, he tells us that the fact that they won’t work does not mean each ofthem is wrong. Once the processes are predictable and the system is stable, a techniquesuch as Just in Time is a smart thing to do.

FIGURE 1-1 Inappropriate determinants of quality.


We need principles to help us determine the right things to do and understand why wedo what we do. The more prescription we have, the more we get immersed in the detailand lose sight of our objectives – our purpose – our reason for doing what we do. Oncewe have lost sight of our purpose, our actions and decisions follow the mood of themoment. They are swayed by the political climate or fear of reprisals.

Since the dawn of the industrial revolution, when man came out of the fields into thefactories, management became a subject for analysis and synthesis in an attempt todiscover some analytical framework upon which to build managerial excellence. Thereemerged many management principles and indeed they continue to emerge in an attemptto help managers deal with the challenges of management more effectively.

Principles or Rules

A principle is a fundamental law, truth or assumption that is verifiable. Management prin-

ciples are a guide to action; they are not rules. ‘‘No entry to unauthorized personnel’’ is a rule

that is meant to be obeyed without deviation, whereas a principle is flexible, it does not

require rigid obedience. A principle may not be useful under all conditions and a violation of

a principle under certain conditions may not invalidate the principle for all conditions.

A violation of a principle results in consequences usually by making operations more

inefficient or less effective, but that may be a price worth paying under certain circumstances.

In order to make this judgement, managers need a full understanding of the consequence of

ignoring the principles.

Over the last 20 years a number of principles have been developed that appear torepresent the factors upon which the achievement of quality depends:

1. Understanding customer needs and expectations, i.e., a customer focus;2. Creating a unity of purpose and a quality culture, i.e., leadership;3. Developing and motivating the people, i.e., involvement of people;4. Managing processes effectively, i.e., the process approach;5. Understanding interactions and interdependencies, i.e., the systems approach;6. Continually seeking better ways of doing things, i.e., continual improvement;7. Basing decisions on facts, i.e., the factual approach;8. Realizing that you need others to succeed, i.e., mutual beneficial relationships.

These eight factors represent the causes of quality as shown in the cause and effectdiagram of Fig. 1-2. A failure either to understand the nature of any one of these factorsor to manage them effectively will invariably lead to a quality failure, the consequencesof which may be disastrous for the individual, the customer, the organization, thecountry and the planet.

A quality management principle is defined by ISO/TC 176 as a comprehensiveand fundamental rule or belief, for leading and operating an organization, aimed atcontinually improving performance over the long term by focusing on customerswhile addressing the needs of all other interested parties. It is a pity that thisdefinition includes the word ‘‘rule’’ because principles are not rules (as this impliesinflexibility), but guides to action, implying flexibility and judgement as to theirappropriateness.


All the requirements of ISO 9001:2008 are related to one or more of these principles.These principles provide the reasons for the requirements and are thus very important.Each of these is addressed below.

Customer Focus

This principle is expressed as follows.Organizations depend on their customers and therefore should understand current

and future customer needs, meet customer requirements and strive to exceed customerexpectations.

An organization applying the customer focus principle would be one in whichpeople:

� Understood customer needs and expectations;� Met customer requirements in a way that met the needs and expectations of all other

stakeholders;� Communicated these needs and expectations throughout the organization;� Have the knowledge, skills and resources required to satisfy the organization’s

customers;� Measured customer satisfaction and acted on results;� Understood and managed customer relationships;� Could relate their actions and objectives directly to customer needs and

expectations;� Were sensitive to customer preferences and acted in a way that put the customer first.

Leadership

This principle is expressed as follows.Leaders establish unity of purpose and

direction for the organization. They shouldcreate and maintain the internal environmentin which people can become fully involvedin achieving the organization’s objectives.

FIGURE 1-2 The eight-quality management principles.

Leadership vs Management

Leadership means making sure that the

organization is doing the right things.

Management means making sure that

those things are being done right.

(John M Bryson)


An organization applying the leadership principle would be one in whichleaders are:

� Establishing and communicating a clear vision of the organization’s future;� Establishing shared values and ethical role models at all levels of the organization;� Being proactive and leading by example;� Understanding and responding to changes in the external environment;� Considering the needs of all stakeholders;� Building trust and eliminating fear;� Providing people with the required resources and freedom to act with responsibility

and accountability;� Promoting open and honest communication;� Educating, training and coaching people;� Setting challenging goals and targets aligned to the organization’s mission and

vision;� Communicating and implementing a strategy to achieve these goals and targets;� Using performance measures that encourage behaviour consistent with these goals

and targets.

Involvement of People

This principle is expressed as follows.People at all levels are the essence of an organization and their full involvement

enables their abilities to be used for the organization’s benefit.An organization applying the involvement of people principle would be one in which

people are:

� Accepting ownership and responsibility to solve problems;� Actively seeking opportunities to make improvements;� Actively seeking opportunities to enhance their competencies, knowledge and

experience;� Freely sharing knowledge and experience in teams and groups;� Focusing on the creation of value for customers;� Being innovative and creative in furthering the organization objectives;� Better representing the organization to customers, local communities and society at

large;� Deriving satisfaction from their work;� Enthusiastic and proud to be part of the organization.

Process Approach

This principle is expressed as follows.A desired result is achieved more efficiently when related resources and activities are

managed as a process.An organization applying the process approach principle would be one in which

people:

� Know the objectives they have to achieve and the process that will enable them toachieve these results;

� Know what measures will indicate whether the objectives have been achieved;


� Have clear responsibility, authority and accountability for the results;� Perform only those activities that are necessary to achieve these objectives and

deliver these outputs;� Assess risks to success and put in place measures that eliminate, reduce or control

these risks;� Know what resources, information and competences are required to achieve the

objectives;� Know whether the process is achieving its objectives as measured;� Find better ways of achieving the process objectives and of improving process

efficiency;� Regularly confirm that the objectives and targets they are aiming for remain relevant

to the needs of the organization.

Systems Approach to Management

This principle is expressed as follows.Identifying, understanding and managing interrelated processes as a system

contributes to the organization’s effectiveness and efficiency in achieving its objectives.An organization applying the system approach principle would be one in which

people:

� Are able to visualize the organization as a system of interacting processes;� Structure the system to achieve the objectives in the most efficient way;� Understand the interactions and interdependencies between the processes in the

system;� Derive process objectives from system objectives;� Understand the impact of their actions and decision on other processes with which

they interface and on the organization’s goals;� Establish resource constraints prior to action.

Continual Improvement

This principle is expressed as follows.Continual improvement of the organization’s overall performance should be

a permanent objective of the organization.An organization applying the continual improvement principles would be one in

which people are:

� Making continual improvement of products, processes and systems - an objective forevery individual in the organization;

� Applying the basic improvement concepts of incremental improvement and break-through improvement;

� Using periodic assessments against established criteria of excellence to identifyareas for potential improvement;

� Continually improving the efficiency and effectiveness of all processes;� Promoting prevention-based activities;� Providing every member of the organization with appropriate education and training,

on the methods and tools of continual improvement;


� Establishing measures and goals to guide and track improvements;� Recognizing improvements.

Factual Approach to Decision Making

This principle is expressed as follows.Effective decisions are based on the analysis of data and information.An organization applying the factual approach principle would be one in which

people are:

� Defining performance measures that relate to the quality characteristics required forthe process, product or service being measured;

� Taking measurements and collecting data and information relevant to the product,process or service objective;

� Ensuring that the data and information are sufficiently accurate, reliable andaccessible;

� Analysing the data and information using valid methods;� Understanding the value of appropriate statistical techniques;� Making decisions and taking action based on the results of logical analysis balance

with experience and intuition.

Mutually Beneficial Supplier Relationships

This principle is expressed as follows.An organization and its suppliers are interdependent and a mutually beneficial

relationship enhances the ability of both to create value.An organization applying the supplier relationship principle would be one in which

people are:

� Identifying and selecting key suppliers on the basis of their ability to meet require-ments without compromising quality;

� Establishing supplier relationships that balance short-term gains with long-termconsiderations for the organization and society at large;

� Creating clear and open communications;� Initiating joint development and improvement of products and processes;� Jointly establishing a clear understanding of customers’ needs;� Sharing information and future plans;� Recognizing supplier improvements and achievements.

This principle has a dual focus even though it refers to suppliers. The organization isa supplier to its customer and is a customer to its suppliers.

Using the Principles

The principles can be used in validating the design of processes, in validating decisions,in auditing system and processes. You look at a process and ask:

� Where is the customer focus in this process?� Where in this process are there leadership, guiding policies, measurable objectives

and the environment that motivate the workforce to achieve these objectives?


� Where in this process is the involvement of people in the design of the process,the making of decisions, the monitoring and measurement of performance and theimprovement of performance?

� Where is the process approach to the accomplishment of these objectives?� Where is the systems’ approach to the management of these processes, the optimi-

sation of performance, the elimination of bottlenecks and delays?� Where in the process are decisions based on fact?� Where is there continual improvement in performance, efficiency and effectiveness

of this process?� Where is there a mutually beneficial relationship with suppliers in this process?

Also you can review the actual measures used for assessing leadership, customerrelationships, personnel, processes, systems, decisions, performance and supplier rela-tionships for alignment with the principles.

THE REQUIREMENTS

The Basis for the Requirements

The requirements of ISO 9001 have been based on the above principles but not derivedfrom them as the principles and the requirements have evolved in parallel over severalyears. Work is now underway in ISO to bring greater alignment between the principles,concepts, terminology and requirements but this won’t be compete until 2013. ISO 9001contains over 260 requirements spread over five sections but the way the requirementsare grouped creates some anomalies and fails to bring clarity to the structure. All thetopics addressed by the requirements are listed in Chapter 38.

Purpose of Requirements

The purpose of these requirements is to provide an assurance of product quality as isapparent from ISO 9001 clause 0.1 where it states ‘‘This International Standard can beused by internal and external parties, including certification bodies, to assess theorganization’s ability to meet customer, statutory and regulatory requirements appli-cable to the product, and the organization’s own requirements.’’ They are therefore notintended to be for the purpose of developing a quality management system. If we ask ofevery requirement, ‘‘Would confidence in the quality of the product be diminished if thisrequirement was not met?’’ We should, in principle, get an affirmative response, but thismight not always be the case as it was not the approach taken in the validation of thestandard.

There was a change in direction in 2000 when the ISO 9000 family changed its focusfrom procedures to processes. This change is illustrated in Fig. 1-3. ISO 9001:2008clearly positions the system of managed processes as the means for generating con-forming products with the intent that these create satisfied customers. ISO 9004:2009goes further and creates a cycle of sustained success, driven from a mission and visionthat is influenced by stakeholder needs and expectations through an extended system ofmanaged processes to produce results that satisfy all stakeholders.


The Basic Management Requirements

Further on, in this book we comment on the structure of ISO 9001 and the 263requirements in more detail, but we can condense these into the following sevenmanagement requirements:

1. Purpose – establish the organization’s purpose and the needs and expectations ofstakeholders relative to this purpose.

2. Policy – define, document, maintain and communicate the overall intentions, prin-ciples and values related to quality.

3. Planning – establish objectives, measures and targets for fulfilling the organiza-tion’s purpose and its policies, assessing risks and develop plans and processesfor achieving the objectives that take due account of these risks.

4. Implementation – resource, operate and manage the plans and processes to deliveroutputs that achieve the planned results.

5. Measurement – monitor, measure and audit processes, the fulfilment of objectivesand policies and satisfaction of stakeholders.

6. Review – analyse and evaluate the results of measurement, determine performanceagainst objectives and determine changes needed in policies, objectives, measures,targets and processes for the continuing suitability, adequacy and effectiveness ofthe system.

7. Improvement – undertake action to bring about improvement by better control,better utilization of resources and better understanding of stakeholder needs. Thismight include innovation and learning.

FIGURE 1-3 The changing purpose in the ISO 9000 family.


The Basic Assurance Requirements

We can also condense the requirements of ISO 9001 into five assurance requirements.

1. The organization shall demonstrate its commitment to the achievement of quality.2. The organization shall demonstrate that it has effective policies for creating an envi-

ronment that will motivate its personnel into satisfying the needs and expectations ofits customers and applicable statutory and regulatory requirements.

3. The organization shall demonstrate that it has effectively translated the needs andexpectations of its customers and applicable statutory and regulatory requirementsinto measurable and attainable objectives.

4. The organization shall demonstrate that it has an effective system of interacting pro-cesses for enabling the organization to meet these objectives in the most efficient way.

5. The organization shall demonstrate that it is achieving these objectives as measured,that they are being achieved in the best way and that they remain consistent with theneeds and expectations of its customers and applicable statutory and regulatoryrequirements.

POPULARITY OF ISO 9001 CERTIFICATION

ISO 9001 has gained in popularity since 1987 when the UK led the field holding thehighest number of ISO 9001, 9002 and 9003 certificates (ISO 9002 and 9003 becameobsolete in 2003). Since then certification in the UK has declined from a peak of 66,760in 2001 to 35,517 by December 2007 pushing the UK into eighth place. This is largelydue to the transfer of manufacturing to the Asian economies and why China has held thelead since 2002. The latest year for which there are published figures is 2007, when 18 of175 countries (10%) held 80% of the total number if certificates issued as detailed inTable 1-1.1 As quality system standards for automotive and medical devices (ISO/TS16949 and ISO 13485) include all requirements from ISO 9001, certification to thesestandards can be added to the numbers of ISO 9001 certificates. The numbers onlyinclude data from certification bodies that are accredited by members of the Interna-tional Accreditation Forum (IAF). The data is for numbers of certificates issued and notfor the number of organizations to which certificates are issued which may be less assome organizations register each location.

The 15-year trend since records began in 1992 is shown in Fig. 1-4. The temporaryarrest in growth during the transition from ISO 9001:1994 to ISO 9001:2000 is clearlyevident. The continued growth is likely to be due to the European Union Directiveswhich are addressed next.

ISO 9001 AND EU DIRECTIVES

With the formation of the European Union (EU) in 1993 there was a need to removebarriers to the free movement of goods across the Union. One part of this was toharmonize standards. At the time each country had its own standards for testing productsand for controlling the processes by which they were conceived, developed andproduced. This led to a lack of confidence and consequently to the buying organizations

1 ISO Survey (December 2007) International Organization for Standardisation, Geneva.


undertaking their own product testing and in addition assessment of the seller’s qualitymanagement systems.

The EU Council was concerned with protecting its citizens with respect to health,safety and environment and therefore decided that it needed a compliance system thatregulated the quality of products flowing into and around the EU. The model prevalent inmany countries was the conformity assessment regimes operated by procurementagencies where they did the testing, inspection and system assessment.

In May 1985 the EEC Council passed a resolution on a new approach to technicalharmonization and standards (85/C 136/01) that was intended to resolve technicalbarriers to trade and dispel the consequent uncertainty for economic operators. The newapproach provided for reference to standards (preferably European but national if

TABLE 1-1 Top 10% of Countries with ISO 9001 and Derivative Certificates

Country

Number of certificates issued

ISO 9001 ISO/TS 16949 ISO 13485 Total % of Total

China 210,773 7732 1329 219,834 21.99%

Italy 115,359 1024 1482 117,865 11.79%

Japan 73,176 1106 456 74,738 7.48%

Spain 65,112 928 40 66,080 6.61%

India 46,091 2008 222 48,321 4.83%

Germany 45,195 3068 2204 50,467 5.05%

USA 36,192 4288 2186 42,666 4.27%

UK 35,517 701 589 36,807 3.68%

France 22,981 1165 709 24,855 2.49%

Netherlands 18,922 120 47 19,089 1.91%

Republic of Korea 15,749 3453 6 19,208 1.92%

Brazil 15,384 972 73 16,429 1.64%

Turkey 12,802 504 52 13,358 1.34%

Russian Federation 11,527 78 28 11,633 1.16%

Switzerland 11,077 115 608 11,800 1.18%

Israel 10,846 10,846 1.08%

Hungary 10,473 257 37 10,767 1.08%

Czech Republic 10,458 526 221 11,205 1.12%

Sub-total 767,634 27,262 9264 805,968 80.62%

Others 193,701 19.38%

Grand total 999,669 100.00%


appropriate) for the purposes of defining the technical characteristics of productsaccompanied by a policy on the assessment of conformity to such standards. Thesestandards would specify the ‘‘essential requirements’’ as regards health protection andsafety with which products put on the market must conform. In 1993 the Counciladopted 93/465/EEC putting in place the conformity assessment procedures and rulesfor the affixing and use of the CE conformity marking, that were intended to be used inthe technical harmonization directives.

This legislation was repealed in June 2008 when the Council of the European Unionadopted a new Common Framework for marketing products. This broad package ofprovisions is intended to remove the remaining obstacles to free circulation of products andrepresents a major boost for trade in goods between EU Member States. The legislation isintended to bring particular benefits for small and medium sized enterprises (SMEs), whowill no longer be discouraged from doing business outside their domestic markets.

ISO 9001 is perceived by the EU Council as ensuring health and safety requirementsare met because ISO 9001 now requires organizations to demonstrate that they have theability to consistently provide product that meets customer and applicable statutory andregulatory requirements. Such requirements would be specified in EU Directives. Whereconformity with these directives can be verified by inspection or test of the end product,ISO 9001 is not a requirement for those seeking to supply within and into the EU. Whereconformity cannot be ensured without control over design and/or production processes,conformity with ISO 9001 needs to be assessed by a ‘‘notified body’’. The 2008 EUDirectives require manufacturers to lodge an application for assessment of their qualitysystem with the notified body of their choice, for the products concerned. A summary ofthe conformity assessment procedures is shown in Table 1-2. There are rules in ArticleR17 of the Common Framework regulating ‘‘notified bodies’’.

FIGURE 1-4 Growth in ISO 9001 and derivative certificates.(including ISO 9002, ISO 9003, ISO/TS 16949 &

ISO 13485)

Module G:Unit verification

Module H: Fullquality assurance

Manufacturersubmitstechnicaldocumentation

EN ISO 9001:2000 (4)Manufacturer:

� Operates an approvedquality system for design� Submits technical

documentation

Notified body carries outsurveillance of the QMSH1 Notified body:

� Verifies conformity ofdesign (1)� Issues EC-design examina-

tion certificate (1)

Continued

19

Chap

terj

1Puttin

gISO

9000

inC

ontext

TABLE 1-2 Conformity Assessment Procedures in EU Legislation

Module A: Internalproduction control

Module B:Type examination

Design Manufacturer keepstechnical documentationat the disposal of nationalauthorities

Manufacturer submitsto notified body:

� Technical documentation� Supporting evidence for the

adequacy of the technicaldesign solution� Specimen(s), representative

of the production envis-aged, as required

Notified body:

� Ascertains conformity withessential requirements� Examines technical docu-

mentation and supportingevidence to assessadequacy of the technicaldesign� For specimen(s): carries out

tests, if necessary Issues EC-type examination certificate

TABLE 1-2 Conf

ModulInternaproduccontro

F:

ion

Module G:Unitverification

Module H:Full qualityassurance

Production A. Man

� Declmitytial r� Affix

confomark

Manufacturer:

� Submitsproduct� Declares

conformity� Affixes

required confor-mity marking

Manufacturer:

� Operates anapproved QMS forproduction, finalinspection andtesting� Declares

conformity� Affixes required

conformitymarking

20

PA

RTj

1B

efore

You

Start

ormity Assessment Procedures in EU Legislationdcont’d

e A:ltion

l

Module C:Conformityto type

Module D:Productionquality assurance

Module E:Product qualityassurance

ModuleProductverificat

ufacturer:

ares confor-with essen-equirementses requiredrmitying

C. Manufacturer:

� Declares confor-mity withapproved type� Affixes required

conformitymarking

EN ISO 9001:2000(2). Manufacturer:

� Operates anapproved qualitysystem forproduction, finalinspection andtesting� Declares confor-

mity withapproved type� Affixes required

conformitymarking

EN ISO 9001:2000(3). Manufacturer:

� Operates anapproved qualitysystem for finalinspection andtesting� Declares

conformity withapproved type� Affixes required

conformitymarking

es Conformityntialments

requiredmity marking

Notified body:

� Verifies confor-mity to essentialrequirements� Issues certificate

of conformity

Notified bodyCarries outsurveillance of theQMS

body:

s conformityntialmentscertificateformity

Notes:

(1) Supplementary requirements which may be used insectoral legislation

(2) Except for sub-clause 7.3 and requirements relating tocustomer satisfaction and continual improvement

(3) Except for sub-clauses 7.1, 7.2.3, 7.3, 7.4, 7.5.1,7.5.2, 7.5.3 and requirements relating to customersatisfaction and continual improvement

(4) Except for requirements relating to customer satisfac-tion and continual improvement

21

Chap

terj

1Puttin

gISO

9000

inC

ontext

A1. Accreditedin-house body ornotified bodyperforms tests onspecific aspects ofthe product (1)

C1. Accreditedin-house body ornotified bodyperforms tests onspecific aspects ofthe product (1)C2. Productchecks at randomintervals (1)

D1.

� Declares confor-mity to essentialrequirements� Affixes required

conformitymarking

E1.

� Declarto esserequire� Affixes

confor

A2. Productchecks at randomintervals (1)

Notified body:

� Approves the QS� Carries out surveil-

lanceof the QMS

Notified body:

� Approves the QS� Carries out surveil-

lance ofthe QMS

Notified

� Verifieto esserequire� Issues

of con

08 27 chapter 1 - putting iso 9000 in context

Education

iso standards

competitors thatare

agreed standards

product standards

family of standards

satised customers

customers satisfaction

key requirements