The Ultimate Guide to ISO 9000

The International Organization for Standardization (ISO) is a body that comprises standards organizations from 163 countries. Companies and individuals cannot be members of ISO; rather, the entity includes full members (member bodies), correspondent members, and subscribers. Examples include the British Standards Institution (BSI) for the United Kingdom, the Standards Council of Canada, and the American National Standards Institute (ANSI). ISO’s many member-deliberated standards help organizations worldwide meet the needs of customers and stakeholders and comply with regulations and statutes.

ISO 9000 is a family of quality improvement standards released by ISO. The 9000 series helps an organization define steps to create and maintain a quality management system. Thoughtful work toward ISO 9001 certification (the most well-known standard issued by ISO) can increase  efficiency and customer satisfaction for service and transactional businesses, as well as for manufacturing and real-goods organizations. Although ISO standards provide a foundation for thinking about and working toward quality, however, certification does not guarantee immediate business growth and cost savings. 

What Are the Differences Between Standards and Requirements?

Standards are defined levels of quality, and requirements are what is needed to make something else happen. For the purposes of ISO, standards include requirements, guidelines, and specifications to point the way to quality output. In the ISO 9000 series, different standards exist; we refer to these standards as a family of standards.

What Is the Purpose of the ISO 9000 Series?

ISO 9000 is the most widely recognized of over 21,000 international standards issued by the ISO body. Although these management rules originated in manufacturing, they are useful to any industry or service organization of any size and provide guidance for creating best practices for facilities, services, equipment, and, most of all, training and people.

ISO requirements accommodate your business process and are flexible to scale up or down, depending on the size and complexity of an organization. The standards encourage looking at the whole picture, not just at individual departments or groups. The requirements are generic and written as a framework; your team is responsible for filling in the specifics for your organization.

When an organization’s management and team members have captured and internalized (and ideally, achieved) best practices, an external body audits the documentation, processes, and people to ensure that these elements conform to ISO requirements. Once you are ISO certified, your organization is considered registered. To date, the ISO has issued over a million certificates to organizations around the world.

ISO 9000 is a family of standards encompassing a handful of documents. ISO 9000 is also the name of the document that details the fundamentals and vocabulary of what constitutes a quality system. “It’s a primer for us all to understand the same technical language,” says veteran quality management consultant René Ffrench. 

ISO 9001 represents specific requirements to improve processes, and is considered the most essential certification of the ISO 9000 family. Alan Bryden, Secretary General of the ISO, explains why: “ISO 9001 helps organizations demonstrate to customers that they can offer products and services of consistently good quality,” he says. “[Such management rules are] distillations of good management practice worldwide for the way an organization accomplishes its work.”

ISO 9001 describes the framework of what an organization should have in its quality management system and how to ensure that you train employees within that framework. You can consider it a guide for the design of products or services. (Remember, organizations get certified only in 9001.) 

Other standards in the 9000 series are only foundational and supporting. The organization intended ISO 9002 to describe a framework for production and installation, and 9003 provided guidelines for testing and inspection. However, today’s professionals consider both to be obsolete. 9004 describes how organizations can sustain the success they have achieved through the implementation of quality improvement measures.

All elements of ISO documents must conform to specific guidelines, including document titles and subtitles, and paragraph numbering. Word templates are available to assist with correct formatting of documents and offer their own extensive documentation of tips, tricks, and even keyboard shortcuts. Localized versions of the templates are available for some languages. Guidelines also exist for drawings. 

As with other quality management methods, ISO’s requirements and improvements contain agreed upon principles. ISO 9001 includes seven principles, although some practitioners break out supplier relationships into a separate principle unto itself.

• Customer Focus: By making the customer the center of the business, organizations can understand needs and generate customer loyalty.
• Engagement of People: As with total quality management (TQM), Kaizen, and Lean, this principle should include all employees. In this way, people with a vested interest will be more committed to the venture’s success.
• Leadership: Good leaders create an environment that focuses on customers and involves all employees. 
• Process Approach to Quality Management: When you view the goals and activities of a company through the lens of processes, the big picture becomes clear. Rather than focusing on silos or inspection at the finish, the process reveals issues and concerns on the way to product delivery.
• Continual Improvement: Organizations must regularly seek improvement beyond the changes they make to gain certification. 
• Evidence-Based Decision Making: You should make data-driven decisions to provide a foundation for comparing results and build organizational confidence. 
• Relationship Management: Actively managing all relationships with suppliers, partners, and others is critical to the success of your organization. This includes understanding their needs and providing feedback on services.

 
Image: courtesy of Michigan Manufacturing Technology Center 

The myths surrounding ISO 9000 tend to portray the system as more complicated than it is, or as guaranteeing things out of the box that actually depend on long-term commitment from management and teams. Here are some of the other myths companies commonly associate with ISO 9000:

• It guarantees customers.
• If you’re certified, your products must be top quality.
• A consultant can prepare the certification documentation for you.
• It’s a waste of money and time.
• The ISO 9000 requirements are complicated.
• Certification is the job of the quality-control department.

Despite some misconceptions, organizations can find distinct benefits from applying for and attaining ISO certification. These benefits include:

• Major purchasers in business and government often require suppliers to be ISO certified, so certification may bring new business. It may also be a bonus if you try to sell your business.
• In an increasingly global economy, the more organizations that certify, the more solid and dependable the supply chain will become.
• ISO certification can improve internal communication, improve customer relationships, provide financial benefits for stakeholders, improve processes, and enhance supplier relationships. “It’s a great way of getting people on the same page,” says quality professional Andy Nichols.
• As with other quality management methods, such as the theory of constraints and Lean, ISO 9000 emphasizes finding the root cause of problems, so you can correct and account for them on a continuing basis. 
• Certification may offer a roadmap for defining quality and building continual improvement into your strategic plan. 
• ISO 9000 can help management become more fully engaged in running a business.

Andy Nichols is a Quality Program Manager at the Michigan Manufacturing Technology Center. From his own career, Nichols offers a case study in how an ISO 9000 requirement can solve previously undefined problems. A job shop for a large automotive company used four processes to produce deliverables within 24 hours. However, the third process had a 60 percent redo rate. The errors were fixed on the second and third shifts. 

“They were paying premium wages to fix issues, but never resolving the bigger problem,” he explains. Enter ISO. “By keeping records and analyzing them and then doing corrective action through tools like Lean problem solving, that 60 percent rework loop disappeared overnight.” What’s more, the employees, largely young wage workers with little formal education, knew nothing about ISO and quality management. “Yet, the kinds of things we changed in a year were absolutely important to them. And, they took to it like a duck to water,” he says.

René Ffrench is a Master Black Belt, Operations Lean Master, and Principal at Firefly Consulting who has facilitated projects around the world. He gives a similar example of how the ISO principles of leadership and employee engagement can empower the individual: A production line regularly stopped when trying to produce one component. A young worker stepped up to problem solve. 

“On her kitchen table on a Saturday morning, she made a laminate model of the exact space in which they built this module,” Ffrench explains. She overcame her self-consciousness about her stutter to present the model and her ideas to the team the following Monday. “For the first time, the lights went on for the engineers and people on the production line,” he says. The company took steps to make amendments.

Standards organizations exist in almost every country. However, some organizations stand out as foundational to international standards. Forebears include the Sèvres, France-based International Bureau of Weights and Measures, where 17 European countries met in 1875. Another is the International Electrical Congress, which convened in Paris in 1881, with subsequent meetings in Chicago in 1892 and St. Louis in 1904. 

The British Standards Institution (BSI), was formed in 1901 by Sir John Wolfe-Barry, and is the first national standards organization in the world. Another milestone followed in 1946 with the first Commonwealth Standards Conference sponsored by the BSI, at which attendees proposed a more far-reaching international body. By 1947, other nations joined to create the International Organization for Standardization (Organisation internationale de normalisation in French, or ISO). Among its other accomplishments, ISO established an agreed-upon system of measurement, SI, or international units. National ISO affiliates, such as BSI and ANSI, contribute to drafting ISO standards, technical documents, and guidelines. 

The 9000 series was first published by ISO in 1987, but it was preceded by other standards. Beginning in 1959, the United States Department of Defense MIL-Q-9858A laid out guidelines for supplier expectations. These eventually influenced the documentation of fellow NATO partners through the eponymous NATO Standard. According to Nichols, this is undoubtedly responsible for some of the jargon that “permeated the earliest versions” of ISO 9000, in terms such as materiel to describe products, goods, and services, rather than material.

But the direct antecedent to ISO was a home-grown document issued in 1979 by the BSI called BS-5750. As Nichols explains it, in pre-ISO and pre-Thatcherite Britain, industry frequently supplied government enterprises, including the military and utilities. Customers required quality level documentation and conducted audits, but each customer had its own specifications. Nichols gives the example of a supplier he knew who, by the late 80s, was maintaining 14 different manuals, each with essentially the same content, but packaged slightly differently for 14 different customers. 

“Eventually one bright spark said, ‘if we’re going to be competitive in Great Britain Limited,’ as it was known, ‘then we need to stop this farce of added costs in all these audits and quality standards,” says Nichols. BS-5750 became the first consolidated management system guideline in the UK.  

Since its initial release in 1987, ISO 9000 standards have received five updates, in 1994, 2000, 2005, 2008, and, most recently, 2015. Each year forms a suffix on standard document numbers, such as 9000:2005 or 9000:2015. ISO/TC 176, or technical committee 176, revises ISO 9000. Here are short explanations of the five updates:

• 9000:1994: This version moved toward quality assurance, the process of monitoring requirements and processes in creation of an item or service, rather than merely inspecting the finished product. 
• 9000:2000: This major revision recognized the vital importance of process management in quality management, including a focus on stakeholder needs (the types of principles expounded upon by total quality management) as foundational to the 9000 standard.
• 9000:2005: This update clarified key terms used to define the management system.
• 9000:2008: This revision (ISO 9004:2009) is a quality management approach that focuses on an organization’s long-term success.
• 9000:2015: This 25th anniversary of the original release of the ISO 9000 standards contains considerable updates.

Ffrench sees ISO 9000 as “the personification of the fourth generation of quality management methods, wherein products and processes focus more and more on meeting customer requirements.” He sees the quality management evolution as follows:

• 1st Generation: Quality control, with the inspection of output at the end of the production line.
• 2nd Generation: Product assurance, with a focus on creating clear requirements, instructions, and documentation for the product before you begin production.
• 3rd Generation: Process assurance, with an emphasis on ensuring that the product-building process is sound. Ffrench believes that both the first iteration of ISO 9000 and the rewrite in 2000 addressed process assurance.
• 4th Generation: Systems assurance, with the understanding that a focus on quality happens not just on the production line, but also in other areas of the business, such as the HR department, who must hire qualified candidates who fit well with the team.

“We have now gone a step further, and ISO 9001:2015 is even less prescriptive than its predecessor, focusing instead on performance. We have achieved this by combining the process approach with risk-based thinking and employing the plan-do-check-act cycle at all levels in the organization,” says Nigel Croft, Chairman of ISO’s Technical Committee. 

Ffrench calls it a move toward system assurance, an expression of the importance of seeing the big picture. The new version emphasizes the importance of leadership, not just management, in advocating for and guiding the implementation of ISO 9000 practices. It also calls focus to a true understanding of the individual business or organization and its context, before an individual quality management system is defined.

In addition, the 2015 version encourages organizations to adopt risk-based practices, rather than focus on ill-documented preventive measures. And, to underpin all other quality efforts, 9001:2015 calls out the need to include HR requirements for hiring, training, and evaluation as essential to progress for the entire organization.

While the 9000 series of standards is the most widely known ISO series and covers quality management, other ISO standards focus on guidelines for management of fields, such as health care, environmental protection, and, recently, sustainable event planning. ISO 9000 and the other standards complement each other and are often used side by side. The -000 documents details fundamentals and vocabulary for each series, and the -001 documents specifies requirements. A complete list of standards for purchase and free descriptive guides is available at the ISO Store. A few of the 21704 standards are listed here:

• PS 9000: Specifies requirements and guidance for manufacturing packaging materials for medicinal products.
• AS 9000: Corresponds to ISO 9000, with special consideration for the aerospace industry.
• ISO 13485: Concerns medical devices.
• ISO 14000: Helps organizations manage their businesses in an environmentally respectful way and in compliance with local ordinances and national regulations. 
• ISO 18091: Pertains to local government.
• ISO/IEC 90003: Relates to software engineering.
• ISO 17582: Deals with electoral organizations at all levels of government.
• ISO 22000: Specifies requirements for food safety. 
• ISO 20121: This standard sets requirements for sustainable event management and is based on BS 8901, which organizations successfully applied to the 2012 Olympics and the 2014 Commonwealth Games. The ISO 20121 integrates with ISO 14000. It takes into account location, environment, local economy, and community. 
• TL 9000: Concerns telecommunications.
• ISO/TS 29001: Describes the quality management system for petroleum, petrochemical, and natural gas industries.
• ISO/IEC 27000: Deals with information security management. 

Although the acronyms and numbers may be alienating, and the talk of auditors and registrars may seem complicated, ISO standards are written in plain language. The best way to start may be to to read ISO 9000 and ISO 9001. Online, printed, and printable versions are available from ISO and licensed ISO agencies in every country for about $150. Private auditing and registering companies also have paid and free information available online. 

The path to certification begins with a discovery process for all activities, which documents detail step by step. This may include gap analysis to determine how you should be doing things vs. how you are currently doing them. Third-party auditors then verify that processes and documentation meet requirements; this audit may include interviews with employees to determine if they actually know and understand the documented procedures. Auditors may request amendments, which they also recheck. 

The candidate company pays auditing costs, including travel expenses. Auditors will review certification every five years to ensure that processes are still consistent with ISO requirements.

No system is perfect, and, since its inception, ISO 9000 has received its share of criticism. Some believe that, despite the considerable time and cost of certification, ISO 9000 is not a profit-making investment, but merely a condition of business. Others argue that it may or may not enhance quality and that it may cause improvement efforts to plateau. Some understand ISO 9000 as requiring a slavish adherence to specifications and documenting procedures, often largely for the purpose of impressing auditors (rather than driving results). 

All of these criticisms are potential impediments to learning, improvement, and innovation. However, these concerns may largely be a function of improper understanding and implementation of ISO 9000 than of the methodology itself. 

“The original ISO said you have to have documented procedures for everything, which people took to an extreme,” says Nichols. The notion of say what you do, and do what you say, he adds, is also a poor understanding of the methodology’s intent. “At the time, you could get through an audit if you had a document that described what you did,” Nichols explains. “When I teach ISO, I try to make a joke of the fact that the original version only addressed the concept of customer in terms of how to deal with complaints.”

Nichols asserts that if an organization implements the standards correctly, they will discover problems and inefficiencies when mapping their processes (as in Six Sigma and Lean) that can be gateways to improvement. 

One way the ISO ensures consistency in ISO 9000 is by clearly defining the processes, activities, and documents that we use for the ISO requirements and the ISO certification process. This glossary contains explanations of some of the commonly used auditing terms.

Empower your people to go above and beyond with a flexible platform designed to match the needs of your team — and adapt as those needs change. 

The Smartsheet platform makes it easy to plan, capture, manage, and report on work from anywhere, helping your team be more effective and get more done. Report on key metrics and get real-time visibility into work as it happens with roll-up reports, dashboards, and automated workflows built to keep your team connected and informed. 

When teams have clarity into the work getting done, there’s no telling how much more they can accomplish in the same amount of time. Try Smartsheet for free, today.

Any articles, templates, or information provided by Smartsheet on the website are for reference only. While we strive to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability, or availability with respect to the website or the information, articles, templates, or related graphics contained on the website. Any reliance you place on such information is therefore strictly at your own risk.