What Is the International Organization for Standardization (ISO)?
The International Organization for Standardization (ISO) is a body that comprises standards organizations from 163 countries. Companies and individuals cannot be members of ISO; rather, the entity includes full members (member bodies), correspondent members, and subscribers. Examples include the British Standards Institution (BSI) for the United Kingdom, the Standards Council of Canada, and the American National Standards Institute (ANSI). ISO’s many member-deliberated standards help organizations worldwide meet the needs of customers and stakeholders and comply with regulations and statutes.
What Is ISO 9000?
ISO 9000 is a family of quality improvement standards released by ISO. The 9000 series helps an organization define steps to create and maintain a quality management system. Thoughtful work toward ISO 9001 certification (the most well-known standard issued by ISO) can increase efficiency and customer satisfaction for service and transactional businesses, as well as for manufacturing and real-goods organizations. Although ISO standards provide a foundation for thinking about and working toward quality, however, certification does not guarantee immediate business growth and cost savings.
What Are the Differences Between Standards and Requirements?
Standards are defined levels of quality, and requirements are what is needed to make something else happen. For the purposes of ISO, standards include requirements, guidelines, and specifications to point the way to quality output. In the ISO 9000 series, different standards exist; we refer to these standards as a family of standards.
What Is the Purpose of the ISO 9000 Series?
ISO 9000 is the most widely recognized of over 21,000 international standards issued by the ISO body. Although these management rules originated in manufacturing, they are useful to any industry or service organization of any size and provide guidance for creating best practices for facilities, services, equipment, and, most of all, training and people.
ISO requirements accommodate your business process and are flexible to scale up or down, depending on the size and complexity of an organization. The standards encourage looking at the whole picture, not just at individual departments or groups. The requirements are generic and written as a framework; your team is responsible for filling in the specifics for your organization.
When an organization’s management and team members have captured and internalized (and ideally, achieved) best practices, an external body audits the documentation, processes, and people to ensure that these elements conform to ISO requirements. Once you are ISO certified, your organization is considered registered. To date, the ISO has issued over a million certificates to organizations around the world.
What Is ISO 9000 vs. ISO 9001?
ISO 9000 is a family of standards encompassing a handful of documents. ISO 9000 is also the name of the document that details the fundamentals and vocabulary of what constitutes a quality system. “It’s a primer for us all to understand the same technical language,” says veteran quality management consultant René Ffrench.
ISO 9001 represents specific requirements to improve processes, and is considered the most essential certification of the ISO 9000 family. Alan Bryden, Secretary General of the ISO, explains why: “ISO 9001 helps organizations demonstrate to customers that they can offer products and services of consistently good quality,” he says. “[Such management rules are] distillations of good management practice worldwide for the way an organization accomplishes its work.”
ISO 9001 describes the framework of what an organization should have in its quality management system and how to ensure that you train employees within that framework. You can consider it a guide for the design of products or services. (Remember, organizations get certified only in 9001.)
Other standards in the 9000 series are only foundational and supporting. The organization intended ISO 9002 to describe a framework for production and installation, and 9003 provided guidelines for testing and inspection. However, today’s professionals consider both to be obsolete. 9004 describes how organizations can sustain the success they have achieved through the implementation of quality improvement measures.
Specific Directives for Formatting ISO Documents
All elements of ISO documents must conform to specific guidelines, including document titles and subtitles, and paragraph numbering. Word templates are available to assist with correct formatting of documents and offer their own extensive documentation of tips, tricks, and even keyboard shortcuts. Localized versions of the templates are available for some languages. Guidelines also exist for drawings.
The Principles of ISO 9001
As with other quality management methods, ISO’s requirements and improvements contain agreed upon principles. ISO 9001 includes seven principles, although some practitioners break out supplier relationships into a separate principle unto itself.
- Customer Focus: By making the customer the center of the business, organizations can understand needs and generate customer loyalty.
- Engagement of People: As with total quality management (TQM), Kaizen, and Lean, this principle should include all employees. In this way, people with a vested interest will be more committed to the venture’s success.
- Leadership: Good leaders create an environment that focuses on customers and involves all employees.
- Process Approach to Quality Management: When you view the goals and activities of a company through the lens of processes, the big picture becomes clear. Rather than focusing on silos or inspection at the finish, the process reveals issues and concerns on the way to product delivery.
- Continual Improvement: Organizations must regularly seek improvement beyond the changes they make to gain certification.
- Evidence-Based Decision Making: You should make data-driven decisions to provide a foundation for comparing results and build organizational confidence.
- Relationship Management: Actively managing all relationships with suppliers, partners, and others is critical to the success of your organization. This includes understanding their needs and providing feedback on services.
Image: courtesy of Michigan Manufacturing Technology Center
What Are the Myths of ISO 9000?
The myths surrounding ISO 9000 tend to portray the system as more complicated than it is, or as guaranteeing things out of the box that actually depend on long-term commitment from management and teams. Here are some of the other myths companies commonly associate with ISO 9000:
- It guarantees customers.
- If you’re certified, your products must be top quality.
- A consultant can prepare the certification documentation for you.
- It’s a waste of money and time.
- The ISO 9000 requirements are complicated.
- Certification is the job of the quality-control department.
The Benefits of the ISO Process and ISO Certification
Despite some misconceptions, organizations can find distinct benefits from applying for and attaining ISO certification. These benefits include:
- Major purchasers in business and government often require suppliers to be ISO certified, so certification may bring new business. It may also be a bonus if you try to sell your business.
- In an increasingly global economy, the more organizations that certify, the more solid and dependable the supply chain will become.
- ISO certification can improve internal communication, improve customer relationships, provide financial benefits for stakeholders, improve processes, and enhance supplier relationships. “It’s a great way of getting people on the same page,” says quality professional Andy Nichols.
- As with other quality management methods, such as the theory of constraints and Lean, ISO 9000 emphasizes finding the root cause of problems, so you can correct and account for them on a continuing basis.
- Certification may offer a roadmap for defining quality and building continual improvement into your strategic plan.
- ISO 9000 can help management become more fully engaged in running a business.
“They were paying premium wages to fix issues, but never resolving the bigger problem,” he explains. Enter ISO. “By keeping records and analyzing them and then doing corrective action through tools like Lean problem solving, that 60 percent rework loop disappeared overnight.” What’s more, the employees, largely young wage workers with little formal education, knew nothing about ISO and quality management. “Yet, the kinds of things we changed in a year were absolutely important to them. And, they took to it like a duck to water,” he says.
“On her kitchen table on a Saturday morning, she made a laminate model of the exact space in which they built this module,” Ffrench explains. She overcame her self-consciousness about her stutter to present the model and her ideas to the team the following Monday. “For the first time, the lights went on for the engineers and people on the production line,” he says. The company took steps to make amendments.
ISO: History, Standards, and Versions
Standards organizations exist in almost every country. However, some organizations stand out as foundational to international standards. Forebears include the Sèvres, France-based International Bureau of Weights and Measures, where 17 European countries met in 1875. Another is the International Electrical Congress, which convened in Paris in 1881, with subsequent meetings in Chicago in 1892 and St. Louis in 1904.
The British Standards Institution (BSI), was formed in 1901 by Sir John Wolfe-Barry, and is the first national standards organization in the world. Another milestone followed in 1946 with the first Commonwealth Standards Conference sponsored by the BSI, at which attendees proposed a more far-reaching international body. By 1947, other nations joined to create the International Organization for Standardization (Organisation internationale de normalisation in French, or ISO). Among its other accomplishments, ISO established an agreed-upon system of measurement, SI, or international units. National ISO affiliates, such as BSI and ANSI, contribute to drafting ISO standards, technical documents, and guidelines.
The 9000 series was first published by ISO in 1987, but it was preceded by other standards. Beginning in 1959, the United States Department of Defense MIL-Q-9858A laid out guidelines for supplier expectations. These eventually influenced the documentation of fellow NATO partners through the eponymous NATO Standard. According to Nichols, this is undoubtedly responsible for some of the jargon that “permeated the earliest versions” of ISO 9000, in terms such as materiel to describe products, goods, and services, rather than material.
But the direct antecedent to ISO was a home-grown document issued in 1979 by the BSI called BS-5750. As Nichols explains it, in pre-ISO and pre-Thatcherite Britain, industry frequently supplied government enterprises, including the military and utilities. Customers required quality level documentation and conducted audits, but each customer had its own specifications. Nichols gives the example of a supplier he knew who, by the late 80s, was maintaining 14 different manuals, each with essentially the same content, but packaged slightly differently for 14 different customers.
“Eventually one bright spark said, ‘if we’re going to be competitive in Great Britain Limited,’ as it was known, ‘then we need to stop this farce of added costs in all these audits and quality standards,” says Nichols. BS-5750 became the first consolidated management system guideline in the UK.
Since its initial release in 1987, ISO 9000 standards have received five updates, in 1994, 2000, 2005, 2008, and, most recently, 2015. Each year forms a suffix on standard document numbers, such as 9000:2005 or 9000:2015. ISO/TC 176, or technical committee 176, revises ISO 9000. Here are short explanations of the five updates:
- 9000:1994: This version moved toward quality assurance, the process of monitoring requirements and processes in creation of an item or service, rather than merely inspecting the finished product.
- 9000:2000: This major revision recognized the vital importance of process management in quality management, including a focus on stakeholder needs (the types of principles expounded upon by total quality management) as foundational to the 9000 standard.
- 9000:2005: This update clarified key terms used to define the management system.
- 9000:2008: This revision (ISO 9004:2009) is a quality management approach that focuses on an organization’s long-term success.
- 9000:2015: This 25th anniversary of the original release of the ISO 9000 standards contains considerable updates.
Ffrench sees ISO 9000 as “the personification of the fourth generation of quality management methods, wherein products and processes focus more and more on meeting customer requirements.” He sees the quality management evolution as follows:
- 1st Generation: Quality control, with the inspection of output at the end of the production line.
- 2nd Generation: Product assurance, with a focus on creating clear requirements, instructions, and documentation for the product before you begin production.
- 3rd Generation: Process assurance, with an emphasis on ensuring that the product-building process is sound. Ffrench believes that both the first iteration of ISO 9000 and the rewrite in 2000 addressed process assurance.
- 4th Generation: Systems assurance, with the understanding that a focus on quality happens not just on the production line, but also in other areas of the business, such as the HR department, who must hire qualified candidates who fit well with the team.
What Is Included in ISO 9000:2015?
“We have now gone a step further, and ISO 9001:2015 is even less prescriptive than its predecessor, focusing instead on performance. We have achieved this by combining the process approach with risk-based thinking and employing the plan-do-check-act cycle at all levels in the organization,” says Nigel Croft, Chairman of ISO’s Technical Committee.
Ffrench calls it a move toward system assurance, an expression of the importance of seeing the big picture. The new version emphasizes the importance of leadership, not just management, in advocating for and guiding the implementation of ISO 9000 practices. It also calls focus to a true understanding of the individual business or organization and its context, before an individual quality management system is defined.
In addition, the 2015 version encourages organizations to adopt risk-based practices, rather than focus on ill-documented preventive measures. And, to underpin all other quality efforts, 9001:2015 calls out the need to include HR requirements for hiring, training, and evaluation as essential to progress for the entire organization.
Industry-Specific ISO Standards
While the 9000 series of standards is the most widely known ISO series and covers quality management, other ISO standards focus on guidelines for management of fields, such as health care, environmental protection, and, recently, sustainable event planning. ISO 9000 and the other standards complement each other and are often used side by side. The -000 documents details fundamentals and vocabulary for each series, and the -001 documents specifies requirements. A complete list of standards for purchase and free descriptive guides is available at the ISO Store. A few of the 21704 standards are listed here:
- PS 9000: Specifies requirements and guidance for manufacturing packaging materials for medicinal products.
- AS 9000: Corresponds to ISO 9000, with special consideration for the aerospace industry.
- ISO 13485: Concerns medical devices.
- ISO 14000: Helps organizations manage their businesses in an environmentally respectful way and in compliance with local ordinances and national regulations.
- ISO 18091: Pertains to local government.
- ISO/IEC 90003: Relates to software engineering.
- ISO 17582: Deals with electoral organizations at all levels of government.
- ISO 22000: Specifies requirements for food safety.
- ISO 20121: This standard sets requirements for sustainable event management and is based on BS 8901, which organizations successfully applied to the 2012 Olympics and the 2014 Commonwealth Games. The ISO 20121 integrates with ISO 14000. It takes into account location, environment, local economy, and community.
- TL 9000: Concerns telecommunications.
- ISO/TS 29001: Describes the quality management system for petroleum, petrochemical, and natural gas industries.
- ISO/IEC 27000: Deals with information security management.
How Do You Implement ISO?
Although the acronyms and numbers may be alienating, and the talk of auditors and registrars may seem complicated, ISO standards are written in plain language. The best way to start may be to to read ISO 9000 and ISO 9001. Online, printed, and printable versions are available from ISO and licensed ISO agencies in every country for about $150. Private auditing and registering companies also have paid and free information available online.
ISO Certification and Auditing
The path to certification begins with a discovery process for all activities, which documents detail step by step. This may include gap analysis to determine how you should be doing things vs. how you are currently doing them. Third-party auditors then verify that processes and documentation meet requirements; this audit may include interviews with employees to determine if they actually know and understand the documented procedures. Auditors may request amendments, which they also recheck.
The candidate company pays auditing costs, including travel expenses. Auditors will review certification every five years to ensure that processes are still consistent with ISO requirements.
Criticisms of ISO 9000
No system is perfect, and, since its inception, ISO 9000 has received its share of criticism. Some believe that, despite the considerable time and cost of certification, ISO 9000 is not a profit-making investment, but merely a condition of business. Others argue that it may or may not enhance quality and that it may cause improvement efforts to plateau. Some understand ISO 9000 as requiring a slavish adherence to specifications and documenting procedures, often largely for the purpose of impressing auditors (rather than driving results).
All of these criticisms are potential impediments to learning, improvement, and innovation. However, these concerns may largely be a function of improper understanding and implementation of ISO 9000 than of the methodology itself.
“The original ISO said you have to have documented procedures for everything, which people took to an extreme,” says Nichols. The notion of say what you do, and do what you say, he adds, is also a poor understanding of the methodology’s intent. “At the time, you could get through an audit if you had a document that described what you did,” Nichols explains. “When I teach ISO, I try to make a joke of the fact that the original version only addressed the concept of customer in terms of how to deal with complaints.”
Nichols asserts that if an organization implements the standards correctly, they will discover problems and inefficiencies when mapping their processes (as in Six Sigma and Lean) that can be gateways to improvement.
One way the ISO ensures consistency in ISO 9000 is by clearly defining the processes, activities, and documents that we use for the ISO requirements and the ISO certification process. This glossary contains explanations of some of the commonly used auditing terms.
Delivering Quality Management with Improved Processes in Smartsheet
ISO 9000 certified professionals understand the impact that quality management has on delivering the highest-quality products or services. That’s why top ISO 9000 professionals rely on Smartsheet to align the right people, resources, and schedules to ensure that the the work gets done in the most efficient and effective way.
Smartsheet is a work management and automation platform that helps enterprises and teams work better. Over 69,000 brands, and millions of information workers, trust Smartsheet to help them accelerate business execution and address the volume and velocity of today’s collaborative work. In fact, the team at Creating IT Futures (a Chicago-based nonprofit) use Smartsheet to streamline processes and increase real-time transparency.
By using Smartsheet to incorporate some much needed automation and create one location for the truth, the team was able to streamline challenging processes, mitigate costly data entry errors, and increase transparency. Creating IT Futures CEO Charles Eaton explains, “The biggest benefit of Smartsheet, is that information is instantly updated and can be shared with as many people as we need. … With the increase in productivity and efficiency, Smartsheet saved us about $25,000 a year.”
Discover how your team can realize similar results with streamlined processes in Smartsheet.
Smartsheet is now certified to three industry-leading information Security and Data Privacy frameworks — ISO 27001, ISO 27018, and ISO 27701. For more information about the enterprise-level security and data privacy standards that Smartsheet upholds, visit our Trust Center.