ISO 9000

ISO 9000 is a family of standards for quality management systems. ISO 9000 is maintained by ISO, the International Organization for Standardization and is administered by accreditation and certification bodies. The rules are updated, the time and changes in the requirements for quality, motivate change. Recently, on November 15, 2008, has made changes to the requirements of ISO 9001.

Some of the requirements in ISO 9001 (which is one of the standards in the ISO 9000 family) include

• a set of procedures that cover all key processes in the business;
• monitoring processes to ensure they are effective;
• keeping adequate records;
• checking output for defects, with appropriate and corrective action where necessary;
• regularly reviewing individual processes and the quality system itself for effectiveness; and
• facilitating continual improvement

A company or organization that has been independently audited and certified to be in conformance with ISO 9001 may publicly state that it is "ISO 9001 certified" or "ISO 9001 registered". Certification to an ISO 9001 standard does not guarantee any quality of end products and services; rather, it certifies that formalized business processes are being applied.

Although the standards originated in manufacturing, they are now employed across several types of organizations. A "product", in ISO vocabulary, can mean a physical object, services, or software.

ISO 9000 series of standards

ISO 9000 includes the following standards:

• • ISO 9001:2008 Quality management systems – Requirements is intended for use in any organization regardless of size, type or product (including service). It provides a number of requirements which an organization needs to fulfill to achieve customer satisfaction through consistent products and services which meet customer expectations. It includes a requirement for continual (i.e. planned) improvement of the Quality Management System, for which ISO 9004:2000 provides many hints.

This is the only implementation for which third-party auditors can grant certification. It should be noted that certification is not described as any of the 'needs' of an organization as a driver for using ISO 9001 (see ISO 9001:2000 section 1 'Scope') but does recognize that it may be used for such a purpose (see ISO 9001:2000 section 0.1 'Introduction').

• ISO 9004:2000 Quality management systems - Guidelines for performance improvements. covers continual improvement. This gives you advice on what you could do to enhance a mature system. This document very specifically states that it is not intended as a guide to implementation.

There are many more standards in the ISO 9001 series (see "List of ISO 9000 standards" from ISO), many of them not even carrying "ISO 900x" numbers. For example, some standards in the 10,000 range are considered part of the 9000 group: ISO 10007:1995 discusses Configuration management, which for most organizations is just one element of a complete management system. ISO notes: "The emphasis on certification tends to overshadow the fact that there is an entire family of ISO 9000 standards ... Organizations stand to obtain the greatest value when the standards in the new core series are used in an integrated manner, both with each other and with the other standards making up the ISO 9000 family as a whole".

Note that the previous members of the ISO 9000 series 9002 and 9003 have been integrated into 9001. In most cases, an organization claiming to be "ISO 9000 registered" is referring to ISO 9001.

Contents of ISO 9001

SO 9001:2008 Quality management systems — Requirements is a document of approximately 30 pages which is available from the national standards organization in each country. Outline contents are as follows:

• Page iv: Foreword
• Pages v to vii: Section 0 Introduction
• Pages 1 to 14: Requirements
  • Section 1: Scope
  • Section 2: Normative Reference
  • Section 3: Terms and definitions (specific to ISO 9001, not specified in ISO 9000)
• Pages 2 to 14
  • Section 4: Quality Management System
  • Section 5: Management Responsibility
  • Section 6: Resource Management
  • Section 7: Product Realization
  • Section 8: Measurement, analysis and improvement

In effect, users need to address all sections 1 to 8, but only 4 to 8 need implementing within a QMS.

• Pages 15 to 22: Tables of Correspondence between ISO 9001 and other standards
• Page 23: Bibliography

The standard specifies six compulsory documents:

• Control of Documents (4.2.3)
• Control of Records (4.2.4)
• Internal Audits (8.2.2)
• Control of Nonconforming Product / Service (8.3)
• Corrective Action (8.5.2)
• Preventive Action (8.5.3)

In addition to these, ISO 9001:2008 requires a Quality Policy and Quality Manual (which may or may not include the above documents).

Certification

ISO does not itself certify organizations. Many countries have formed accreditation bodies to authorize certification bodies, which audit organizations applying for ISO 9001 compliance certification. Although commonly referred to as ISO 9000:2000 certification, the actual standard to which an organization's quality management can be certified is ISO 9001:2000. Both the accreditation bodies and the certification bodies charge fees for their services. The various accreditation bodies have mutual agreements with each other to ensure that certificates issued by one of the Accredited Certification Bodies (CB) are accepted worldwide.

The applying organization is assessed based on an extensive sample of its sites, functions, products, services and processes; a list of problems ("action requests" or "non-compliances") is made known to the management. If there are no major problems on this list, or after it receives a satisfactory improvement plan from the management showing how any problems will be resolved, the certification body will issue an ISO 9001 certificate for each geographical site it has visited.

An ISO certificate is not a once-and-for-all award, but must be renewed at regular intervals recommended by the certification body, usually around three years. In contrast to the Capability Maturity Model there are no grades of competence within ISO 9001.