1. Chapter 1
Putting ISO 9000 in Context
CHAPTER PREVIEW
This chapter is aimed at everyone with an interest in ISO 9000, students, consultants,
auditors, quality managers and most importantly the decision makers, CEOs, COOs and
Managing Directors. No reader should pass by this chapter without getting an appre-
ciation of what ISO 9000 is all about.
Many people have started their journey towards ISO 9001 certification by reading the
standard and trying to understand the requirements. They get so far and then call for
help, but they often haven’t learnt enough to ask the right questions. The helper might
make the assumption that you already know why you are looking at ISO 9001 and
therefore may not spend the necessary time for you to understand what it is all about,
what pitfalls may lie ahead and whether indeed you need to make this journey at all. This
will become clear when you read this chapter.
When you encounter ISO 9001 for the first time, it may be in a conversation, on the
Internet, in a leaflet or brochure from your local chamber of commerce or as many have
done, from a customer. The source of the message is important as it will influence your
choice of strategies:
Our customers complain about the quality of the products and services we provide.
We can’t demonstrate to our customers’ satisfaction that we have the capability of
meeting their requirements.
We need to get ISO 9001 certification as we are losing orders to our competitors that
are ISO 9001 registered.
We need to get ISO 9001 certification to trade within or with Europe.
and if you are busy manager you could be forgiven for either putting it out of your mind
or getting someone else to look into it. But you know that as a manager you are either
maintaining the status quo or changing it and if you stay with the status quo for too long,
your organization will go into decline. So you need to know:
What the issue is?
Why this is an issue?
What this is costing us?
What you should do about it?
What the impact of this will be?
How much it will cost?
Where the resources are going to come from?
ISO 9000 Quality Systems Handbook
Copyright Ó 2009, David Hoyle. Published by Elsevier Ltd. All rights reserved. 3
2. 4 PART j 1 Before You Start
When you need to act?
What the alternatives are and their relative costs?
What the consequences are of doing nothing?
In this chapter we put ISO 9000 in context by showing the link between ISO 9000 and
the fundamental basis for trade and in particular:
Why customers need confidence and how they go about getting it
Why organizations need capability and how they go about getting it
The principles on which the ISO 9000 family of standards has been based.
The key requirements which underpin the structure of the standards.
The growth in ISO 9001 certification.
Where ISO 9001 features in EU Directives
MAKING THE LINK
Since the dawn of civilization the survival of communities has depended on trade. As
communities grow they become more dependent on others providing goods and
services they are unable to provide from their own resources. Trade continues to this
day on the strength of the customer–supplier relationship. The relationship survives
through trust and confidence at each stage in the supply chain. A reputation for
delivering a product or a service to an agreed specification, at an agreed price on an
agreed date is hard to win and organizations will protect their reputation against
external threat at all costs. But reputations are often damaged not by those outside but
by those inside the organization and by other parties in the supply chain. Broken
promises, whatever the cause, harm reputation and promises are broken when an
organization does not do what it has committed to do. This can arise either because the
organization accepted a commitment it did not have the capability to meet or it had the
capability but failed to manage it effectively.
This is what the ISO 9000 family of standards is all about. It is a set of criteria that
can be applied to all organizations regardless of type, size and product or service
provided. When applied correctly these standards will help organizations develop the
capability to create and retain satisfied customers in a manner that satisfies all the other
stakeholders. They are not product standards – there are no requirements for specific
products or services – they contain criteria that apply to the management of an orga-
nization in satisfying customer needs and expectations in a way that satisfies the needs
and expectations of other stakeholders.
ISO standards are voluntary and are based on international consensus among the
experts in the field. ISO is a non-governmental organization and it has no power to
enforce the implementation of the standards it develops. It is a network of the national
standards institutes of 160 countries and its aim is to facilitate the international coor-
dination and unification of industrial standards.
By far, the majority of internationally agreed standards apply to specific types of
products and services with the aim of ensuring interchangeability, compatibility,
interoperability, safety, efficiency and reduction in variation. Mutual recognition of
standards between trading organizations and countries increases confidence and
decreases the effort spend in verifying that suppliers have shipped acceptable products.
3. Chapter j 1 Putting ISO 9000 in Context 5
The ISO 9000 family of standards is just one small group of standards among the
17,000 internationally agreed standards and other types of normative documents in
ISO’s portfolio.
The standards in the ISO 9000 family
In a Nutshell provide a vehicle for consolidating and
The ISO 9000 family of standards will
communicating concepts in the field of
stop you making promises you can’t quality management. It is not their
fulfil and help you keep those you can. purpose to fuel the certification, consul-
Broken promises often lead to ting, training and publishing industries.
conflict. The primary users of the standards are
intended to be organizations acting as
either customers or suppliers. Although
all ISO standards are voluntary, one of the standards in the ISO 9000 family has
become a market requirement. This standard is ISO 9001 which is analysed in detail in
Parts 3–7 of this book. However, the primary purpose of these standards is to give
confidence to customers that products and services meet the needs and expectations of
customers and other stakeholders and improve the capability of organizations to do
this.
You don’t need to use any of the standards in the ISO 9000 family in order to develop
the capability of satisfying your stakeholders, there are other models but none are as
detailed or as prescriptive.
A QUEST FOR CONFIDENCE
Customers need confidence that their suppliers can meet their quality, cost and delivery
requirements and have a choice as to how they acquire this confidence. They can select
their suppliers:
a) Purely on the basis of past performance, reputation or recommendation;
b) By assessing the capability of potential suppliers themselves;
c) On the basis of an assessment of capability performed by a third party.
Most customers select their suppliers using option (a) or (b), but there will be cases
where these options are not appropriate either because there is no evidence for using
option (a) or resources are not available to use option (b) or it is not economic. It is
for these situations that a certification scheme was developed. Organizations submit
to a third party audit that is performed by an accredited certification body inde-
pendent of both customer and supplier. An audit is performed against the require-
ments of ISO 9001 and if no nonconformities are found, a certificate is awarded. This
certificate provides evidence that the organization has the capability to meet customer
and regulatory requirements relating to the supply of certain specified good and
services. Customers are now able to acquire the confidence they require, simply by
establishing whether a supplier holds a current ISO 9001 certificate covering the type
of products and services they are seeking. However, the credibility of the certificate
rests on the competence of the auditor and the integrity of the certification body,
neither of which are guaranteed. (This is addressed further in System assessment –
Chapter 39.)
4. 6 PART j 1 Before You Start
Case Study - Trust in the System
China’s biggest milk powder manufacturer sold contaminated milk after two brothers who ran
a milk collection station added melamine to milk that they sold on from farmers to increase its
protein content. Four babies have died and thousands have fallen ill after drinking milk
tainted with toxic melamine. Melamine is an industrial chemical used to make plastic cups
and saucers.
Providing safe food for children is one of the most basic services of any economy. The toxin
was introduced in a ploy by farmers to boost the apparent protein content of the milk that they
sold to one of the best-known milk powder manufacturers in the country.
The milk had been rejected several times previously by the manufacturer. Quality controls
were ineffective. The milk producer had been told by its joint venture partner in New Zealand
to recall the product but the local authorities in China would not do it.
Twelve months prior to the incident the former head of the food and drug agency was
executed for taking bribes and as a result the people were told they could trust what they buy.
A QUEST FOR CAPABILITY
Trading organizations need to achieve sustained success in a complex, demanding and
ever changing environment. This depends on their capability to:
a) Identify the needs and expectations of their customers and other stakeholders;
b) Convert customer needs and expectations into products and services that will satisfy
them;
c) Attract customers to the organization;
d) Supply the products and services that meet customer requirements and deliver the
expected benefits;
e) Operate in a manner that satisfies the needs of the other stakeholders.
Many organizations develop their own ways
Food for Thought of working and strive to satisfy their
Many ISO 9000 registered organiza- customers in the best way they know how.
tions fail to satisfy their customers but We will explain this further in more detail
this is largely their own fault – they but in simple terms the management system
simply don’t do what they say they will is the set of processes that enables the
do. organization to do (a)–(e) and includes both
If your management is not prepared a technical capability and a people capa-
to change its values, it will always have bility. Many organizations develop the
problems with quality.
technical capability but not the people
capability and are thus forever struggling to
do what they say they will do.
In choosing the best system for them, they can either go through a process of trial and
error, select from the vast body of knowledge on management, or utilize one or more
management models available that combine proven principles and concepts to develop
the organization’s capability. ISO 9001 represents one of these models. Others are
Business Excellence Model, Six Sigma and Business Process Management (BPM)
which we address later in this chapter.
5. Chapter j 1 Putting ISO 9000 in Context 7
Having given the organization the capability to do (a)–(e), in many business-
to-business relationships, organizations are able to give their customers confidence in
their capability without becoming registered to ISO 9001. In some market sectors there
is a requirement to demonstrate capability through independently regulated conformity
assessment procedures before goods and services are purchased. In such cases the
organization has no option, but to seek ISO 9001 certification if it wishes to retain
business from that particular customer or market sector.
However, it is important to recognize that there is no requirement in the ISO 9000
family of standards for certification. The standards can be used in helping an organi-
zation discover the right things to do as well as assess for itself the extent to which its
goals and processes meet international standards. Only where customers are imposing
ISO 9001 in purchase orders and contracts, would it be necessary to obtain ISO 9001
certification.
THE UNDERLYING PRINCIPLES
The Assurance Principles
The quest for confidence through regulated standards evolved in the defence industry.
Defence quality assurance standards (see Chapter 4) were based on the following
principles:
It is essential that products and services be designed, manufactured and provided so
as to conform to the purchaser’s requirements and this be effected as economically as
practicable;
The quality of products and services depends upon the contractor’s control of design,
manufacture and other operations that affect quality;
The contractor needs to institute such control over quality as is necessary to ensure
the products and services conform to the purchaser’s contractual requirements;
Contractors need to be prepared to substantiate by objective evidence that they have
maintained control over the design, development and manufacturing operations and
have performed inspection which demonstrates the acceptability of products and
services;
The purchaser needs to stipulate the assurance required to ascertain that the contractor
has control over the operations to be carried out and will ensure that the products and
services are properly produced and inspected.
These are the assurance principles, the intent of which is to deliver confidence to
customers that the products and services will be or are what they are claimed to be and
will be, are being and have been produced under controlled conditions.
By including the phrase ‘‘.and this be effected as economically as practicable’’,
there is an implication that contractor’s controls were to embrace quality, cost and
delivery but other than in Mil-Q-9858A neither the AQAPs nor Def Stans included any
requirements for maintaining and using quality cost data. By including the phrase
‘‘control of . other operations that affect quality’’, there is an implication that
contractors’ controls were to address the processes that created and maintained the
working environment but none of the standards included requirements on this topic and
it was not until ISO 9001:2000 that requirements for managing the ‘‘work environment’’
were introduced.
6. 8 PART j 1 Before You Start
The economics of quality was brought out in ISO 9000:1987 in which the intent was
stated as:
‘‘to achieve and sustain good economic performance through continual improvement
in the customer specification and the organizational system to design and produce the
product or service to satisfy the user’s needs or requirements’’
It was believed that if organizations were able to demonstrate that they were oper-
ating a quality system that met international standards, customers would gain greater
confidence in the quality of products they purchased. Clearly the intent of these stan-
dards was that when implemented, the contractor could be relied upon to meet customer
requirements in the most economical manner. The implication being that delivery of
nonconforming product or service, late delivery and cost overruns would be an
extremely rare event.
The Management Principles
If we ask ourselves, ‘‘On what does the achievement of quality depend?’’ we will find
that it rather depends upon our point of view.
In Deming’s seminar on Profound Knowledge (c. 1987) he suggested that if you ask
people to answer ‘‘Yes or No’’ to the question ‘‘Do you believe in quality?’’ no one
would answer ‘‘No’’. They would also know what to do to achieve it and he cited
a number of examples which have been put into the cause and effect diagram shown in
Fig. 1-1. It is the causes below the labels on the ends of each line that are the deter-
minants. The labels simply categorize the causes.
Deming regarded these factors as all wrong. Either singularly or all together they will
not achieve quality. They all require money or learning a new skill and as Lloyd Dobyns
(Deming’s collaborator on the video library) says ‘‘They allow management to duck the
issue’’. However, he tells us that the fact that they won’t work does not mean each of
them is wrong. Once the processes are predictable and the system is stable, a technique
such as Just in Time is a smart thing to do.
FIGURE 1-1 Inappropriate determinants of quality.
7. Chapter j 1 Putting ISO 9000 in Context 9
We need principles to help us determine the right things to do and understand why we
do what we do. The more prescription we have, the more we get immersed in the detail
and lose sight of our objectives – our purpose – our reason for doing what we do. Once
we have lost sight of our purpose, our actions and decisions follow the mood of the
moment. They are swayed by the political climate or fear of reprisals.
Since the dawn of the industrial revolution, when man came out of the fields into the
factories, management became a subject for analysis and synthesis in an attempt to
discover some analytical framework upon which to build managerial excellence. There
emerged many management principles and indeed they continue to emerge in an attempt
to help managers deal with the challenges of management more effectively.
Principles or Rules
A principle is a fundamental law, truth or assumption that is verifiable. Management prin-
ciples are a guide to action; they are not rules. ‘‘No entry to unauthorized personnel’’ is a rule
that is meant to be obeyed without deviation, whereas a principle is flexible, it does not
require rigid obedience. A principle may not be useful under all conditions and a violation of
a principle under certain conditions may not invalidate the principle for all conditions.
A violation of a principle results in consequences usually by making operations more
inefficient or less effective, but that may be a price worth paying under certain circumstances.
In order to make this judgement, managers need a full understanding of the consequence of
ignoring the principles.
Over the last 20 years a number of principles have been developed that appear to
represent the factors upon which the achievement of quality depends:
1. Understanding customer needs and expectations, i.e., a customer focus;
2. Creating a unity of purpose and a quality culture, i.e., leadership;
3. Developing and motivating the people, i.e., involvement of people;
4. Managing processes effectively, i.e., the process approach;
5. Understanding interactions and interdependencies, i.e., the systems approach;
6. Continually seeking better ways of doing things, i.e., continual improvement;
7. Basing decisions on facts, i.e., the factual approach;
8. Realizing that you need others to succeed, i.e., mutual beneficial relationships.
These eight factors represent the causes of quality as shown in the cause and effect
diagram of Fig. 1-2. A failure either to understand the nature of any one of these factors
or to manage them effectively will invariably lead to a quality failure, the consequences
of which may be disastrous for the individual, the customer, the organization, the
country and the planet.
A quality management principle is defined by ISO/TC 176 as a comprehensive
and fundamental rule or belief, for leading and operating an organization, aimed at
continually improving performance over the long term by focusing on customers
while addressing the needs of all other interested parties. It is a pity that this
definition includes the word ‘‘rule’’ because principles are not rules (as this implies
inflexibility), but guides to action, implying flexibility and judgement as to their
appropriateness.
8. 10 PART j 1 Before You Start
FIGURE 1-2 The eight-quality management principles.
All the requirements of ISO 9001:2008 are related to one or more of these principles.
These principles provide the reasons for the requirements and are thus very important.
Each of these is addressed below.
Customer Focus
This principle is expressed as follows.
Organizations depend on their customers and therefore should understand current
and future customer needs, meet customer requirements and strive to exceed customer
expectations.
An organization applying the customer focus principle would be one in which
people:
Understood customer needs and expectations;
Met customer requirements in a way that met the needs and expectations of all other
stakeholders;
Communicated these needs and expectations throughout the organization;
Have the knowledge, skills and resources required to satisfy the organization’s
customers;
Measured customer satisfaction and acted on results;
Understood and managed customer relationships;
Could relate their actions and objectives directly to customer needs and
expectations;
Were sensitive to customer preferences and acted in a way that put the customer first.
Leadership vs Management Leadership
Leadership means making sure that the This principle is expressed as follows.
organization is doing the right things. Leaders establish unity of purpose and
Management means making sure that direction for the organization. They should
those things are being done right. create and maintain the internal environment
(John M Bryson) in which people can become fully involved
in achieving the organization’s objectives.
9. Chapter j 1 Putting ISO 9000 in Context 11
An organization applying the leadership principle would be one in which
leaders are:
Establishing and communicating a clear vision of the organization’s future;
Establishing shared values and ethical role models at all levels of the organization;
Being proactive and leading by example;
Understanding and responding to changes in the external environment;
Considering the needs of all stakeholders;
Building trust and eliminating fear;
Providing people with the required resources and freedom to act with responsibility
and accountability;
Promoting open and honest communication;
Educating, training and coaching people;
Setting challenging goals and targets aligned to the organization’s mission and
vision;
Communicating and implementing a strategy to achieve these goals and targets;
Using performance measures that encourage behaviour consistent with these goals
and targets.
Involvement of People
This principle is expressed as follows.
People at all levels are the essence of an organization and their full involvement
enables their abilities to be used for the organization’s benefit.
An organization applying the involvement of people principle would be one in which
people are:
Accepting ownership and responsibility to solve problems;
Actively seeking opportunities to make improvements;
Actively seeking opportunities to enhance their competencies, knowledge and
experience;
Freely sharing knowledge and experience in teams and groups;
Focusing on the creation of value for customers;
Being innovative and creative in furthering the organization objectives;
Better representing the organization to customers, local communities and society at
large;
Deriving satisfaction from their work;
Enthusiastic and proud to be part of the organization.
Process Approach
This principle is expressed as follows.
A desired result is achieved more efficiently when related resources and activities are
managed as a process.
An organization applying the process approach principle would be one in which
people:
Know the objectives they have to achieve and the process that will enable them to
achieve these results;
Know what measures will indicate whether the objectives have been achieved;
10. 12 PART j 1 Before You Start
Have clear responsibility, authority and accountability for the results;
Perform only those activities that are necessary to achieve these objectives and
deliver these outputs;
Assess risks to success and put in place measures that eliminate, reduce or control
these risks;
Know what resources, information and competences are required to achieve the
objectives;
Know whether the process is achieving its objectives as measured;
Find better ways of achieving the process objectives and of improving process
efficiency;
Regularly confirm that the objectives and targets they are aiming for remain relevant
to the needs of the organization.
Systems Approach to Management
This principle is expressed as follows.
Identifying, understanding and managing interrelated processes as a system
contributes to the organization’s effectiveness and efficiency in achieving its objectives.
An organization applying the system approach principle would be one in which
people:
Are able to visualize the organization as a system of interacting processes;
Structure the system to achieve the objectives in the most efficient way;
Understand the interactions and interdependencies between the processes in the
system;
Derive process objectives from system objectives;
Understand the impact of their actions and decision on other processes with which
they interface and on the organization’s goals;
Establish resource constraints prior to action.
Continual Improvement
This principle is expressed as follows.
Continual improvement of the organization’s overall performance should be
a permanent objective of the organization.
An organization applying the continual improvement principles would be one in
which people are:
Making continual improvement of products, processes and systems - an objective for
every individual in the organization;
Applying the basic improvement concepts of incremental improvement and break-
through improvement;
Using periodic assessments against established criteria of excellence to identify
areas for potential improvement;
Continually improving the efficiency and effectiveness of all processes;
Promoting prevention-based activities;
Providing every member of the organization with appropriate education and training,
on the methods and tools of continual improvement;
11. Chapter j 1 Putting ISO 9000 in Context 13
Establishing measures and goals to guide and track improvements;
Recognizing improvements.
Factual Approach to Decision Making
This principle is expressed as follows.
Effective decisions are based on the analysis of data and information.
An organization applying the factual approach principle would be one in which
people are:
Defining performance measures that relate to the quality characteristics required for
the process, product or service being measured;
Taking measurements and collecting data and information relevant to the product,
process or service objective;
Ensuring that the data and information are sufficiently accurate, reliable and
accessible;
Analysing the data and information using valid methods;
Understanding the value of appropriate statistical techniques;
Making decisions and taking action based on the results of logical analysis balance
with experience and intuition.
Mutually Beneficial Supplier Relationships
This principle is expressed as follows.
An organization and its suppliers are interdependent and a mutually beneficial
relationship enhances the ability of both to create value.
An organization applying the supplier relationship principle would be one in which
people are:
Identifying and selecting key suppliers on the basis of their ability to meet require-
ments without compromising quality;
Establishing supplier relationships that balance short-term gains with long-term
considerations for the organization and society at large;
Creating clear and open communications;
Initiating joint development and improvement of products and processes;
Jointly establishing a clear understanding of customers’ needs;
Sharing information and future plans;
Recognizing supplier improvements and achievements.
This principle has a dual focus even though it refers to suppliers. The organization is
a supplier to its customer and is a customer to its suppliers.
Using the Principles
The principles can be used in validating the design of processes, in validating decisions,
in auditing system and processes. You look at a process and ask:
Where is the customer focus in this process?
Where in this process are there leadership, guiding policies, measurable objectives
and the environment that motivate the workforce to achieve these objectives?
12. 14 PART j 1 Before You Start
Where in this process is the involvement of people in the design of the process,
the making of decisions, the monitoring and measurement of performance and the
improvement of performance?
Where is the process approach to the accomplishment of these objectives?
Where is the systems’ approach to the management of these processes, the optimi-
sation of performance, the elimination of bottlenecks and delays?
Where in the process are decisions based on fact?
Where is there continual improvement in performance, efficiency and effectiveness
of this process?
Where is there a mutually beneficial relationship with suppliers in this process?
Also you can review the actual measures used for assessing leadership, customer
relationships, personnel, processes, systems, decisions, performance and supplier rela-
tionships for alignment with the principles.
THE REQUIREMENTS
The Basis for the Requirements
The requirements of ISO 9001 have been based on the above principles but not derived
from them as the principles and the requirements have evolved in parallel over several
years. Work is now underway in ISO to bring greater alignment between the principles,
concepts, terminology and requirements but this won’t be compete until 2013. ISO 9001
contains over 260 requirements spread over five sections but the way the requirements
are grouped creates some anomalies and fails to bring clarity to the structure. All the
topics addressed by the requirements are listed in Chapter 38.
Purpose of Requirements
The purpose of these requirements is to provide an assurance of product quality as is
apparent from ISO 9001 clause 0.1 where it states ‘‘This International Standard can be
used by internal and external parties, including certification bodies, to assess the
organization’s ability to meet customer, statutory and regulatory requirements appli-
cable to the product, and the organization’s own requirements.’’ They are therefore not
intended to be for the purpose of developing a quality management system. If we ask of
every requirement, ‘‘Would confidence in the quality of the product be diminished if this
requirement was not met?’’ We should, in principle, get an affirmative response, but this
might not always be the case as it was not the approach taken in the validation of the
standard.
There was a change in direction in 2000 when the ISO 9000 family changed its focus
from procedures to processes. This change is illustrated in Fig. 1-3. ISO 9001:2008
clearly positions the system of managed processes as the means for generating con-
forming products with the intent that these create satisfied customers. ISO 9004:2009
goes further and creates a cycle of sustained success, driven from a mission and vision
that is influenced by stakeholder needs and expectations through an extended system of
managed processes to produce results that satisfy all stakeholders.
13. Chapter j 1 Putting ISO 9000 in Context 15
FIGURE 1-3 The changing purpose in the ISO 9000 family.
The Basic Management Requirements
Further on, in this book we comment on the structure of ISO 9001 and the 263
requirements in more detail, but we can condense these into the following seven
management requirements:
1. Purpose – establish the organization’s purpose and the needs and expectations of
stakeholders relative to this purpose.
2. Policy – define, document, maintain and communicate the overall intentions, prin-
ciples and values related to quality.
3. Planning – establish objectives, measures and targets for fulfilling the organiza-
tion’s purpose and its policies, assessing risks and develop plans and processes
for achieving the objectives that take due account of these risks.
4. Implementation – resource, operate and manage the plans and processes to deliver
outputs that achieve the planned results.
5. Measurement – monitor, measure and audit processes, the fulfilment of objectives
and policies and satisfaction of stakeholders.
6. Review – analyse and evaluate the results of measurement, determine performance
against objectives and determine changes needed in policies, objectives, measures,
targets and processes for the continuing suitability, adequacy and effectiveness of
the system.
7. Improvement – undertake action to bring about improvement by better control,
better utilization of resources and better understanding of stakeholder needs. This
might include innovation and learning.
14. 16 PART j 1 Before You Start
The Basic Assurance Requirements
We can also condense the requirements of ISO 9001 into five assurance requirements.
1. The organization shall demonstrate its commitment to the achievement of quality.
2. The organization shall demonstrate that it has effective policies for creating an envi-
ronment that will motivate its personnel into satisfying the needs and expectations of
its customers and applicable statutory and regulatory requirements.
3. The organization shall demonstrate that it has effectively translated the needs and
expectations of its customers and applicable statutory and regulatory requirements
into measurable and attainable objectives.
4. The organization shall demonstrate that it has an effective system of interacting pro-
cesses for enabling the organization to meet these objectives in the most efficient way.
5. The organization shall demonstrate that it is achieving these objectives as measured,
that they are being achieved in the best way and that they remain consistent with the
needs and expectations of its customers and applicable statutory and regulatory
requirements.
POPULARITY OF ISO 9001 CERTIFICATION
ISO 9001 has gained in popularity since 1987 when the UK led the field holding the
highest number of ISO 9001, 9002 and 9003 certificates (ISO 9002 and 9003 became
obsolete in 2003). Since then certification in the UK has declined from a peak of 66,760
in 2001 to 35,517 by December 2007 pushing the UK into eighth place. This is largely
due to the transfer of manufacturing to the Asian economies and why China has held the
lead since 2002. The latest year for which there are published figures is 2007, when 18 of
175 countries (10%) held 80% of the total number if certificates issued as detailed in
Table 1-1.1 As quality system standards for automotive and medical devices (ISO/TS
16949 and ISO 13485) include all requirements from ISO 9001, certification to these
standards can be added to the numbers of ISO 9001 certificates. The numbers only
include data from certification bodies that are accredited by members of the Interna-
tional Accreditation Forum (IAF). The data is for numbers of certificates issued and not
for the number of organizations to which certificates are issued which may be less as
some organizations register each location.
The 15-year trend since records began in 1992 is shown in Fig. 1-4. The temporary
arrest in growth during the transition from ISO 9001:1994 to ISO 9001:2000 is clearly
evident. The continued growth is likely to be due to the European Union Directives
which are addressed next.
ISO 9001 AND EU DIRECTIVES
With the formation of the European Union (EU) in 1993 there was a need to remove
barriers to the free movement of goods across the Union. One part of this was to
harmonize standards. At the time each country had its own standards for testing products
and for controlling the processes by which they were conceived, developed and
produced. This led to a lack of confidence and consequently to the buying organizations
1
ISO Survey (December 2007) International Organization for Standardisation, Geneva.
15. Chapter j 1 Putting ISO 9000 in Context 17
TABLE 1-1 Top 10% of Countries with ISO 9001 and Derivative Certificates
Number of certificates issued
Country ISO 9001 ISO/TS 16949 ISO 13485 Total % of Total
China 210,773 7732 1329 219,834 21.99%
Italy 115,359 1024 1482 117,865 11.79%
Japan 73,176 1106 456 74,738 7.48%
Spain 65,112 928 40 66,080 6.61%
India 46,091 2008 222 48,321 4.83%
Germany 45,195 3068 2204 50,467 5.05%
USA 36,192 4288 2186 42,666 4.27%
UK 35,517 701 589 36,807 3.68%
France 22,981 1165 709 24,855 2.49%
Netherlands 18,922 120 47 19,089 1.91%
Republic of Korea 15,749 3453 6 19,208 1.92%
Brazil 15,384 972 73 16,429 1.64%
Turkey 12,802 504 52 13,358 1.34%
Russian Federation 11,527 78 28 11,633 1.16%
Switzerland 11,077 115 608 11,800 1.18%
Israel 10,846 10,846 1.08%
Hungary 10,473 257 37 10,767 1.08%
Czech Republic 10,458 526 221 11,205 1.12%
Sub-total 767,634 27,262 9264 805,968 80.62%
Others 193,701 19.38%
Grand total 999,669 100.00%
undertaking their own product testing and in addition assessment of the seller’s quality
management systems.
The EU Council was concerned with protecting its citizens with respect to health,
safety and environment and therefore decided that it needed a compliance system that
regulated the quality of products flowing into and around the EU. The model prevalent in
many countries was the conformity assessment regimes operated by procurement
agencies where they did the testing, inspection and system assessment.
In May 1985 the EEC Council passed a resolution on a new approach to technical
harmonization and standards (85/C 136/01) that was intended to resolve technical
barriers to trade and dispel the consequent uncertainty for economic operators. The new
approach provided for reference to standards (preferably European but national if
16. 18 PART j 1 Before You Start
FIGURE 1-4 Growth in ISO 9001 and derivative certificates.(including ISO 9002, ISO 9003, ISO/TS 16949
ISO 13485)
appropriate) for the purposes of defining the technical characteristics of products
accompanied by a policy on the assessment of conformity to such standards. These
standards would specify the ‘‘essential requirements’’ as regards health protection and
safety with which products put on the market must conform. In 1993 the Council
adopted 93/465/EEC putting in place the conformity assessment procedures and rules
for the affixing and use of the CE conformity marking, that were intended to be used in
the technical harmonization directives.
This legislation was repealed in June 2008 when the Council of the European Union
adopted a new Common Framework for marketing products. This broad package of
provisions is intended to remove the remaining obstacles to free circulation of products and
represents a major boost for trade in goods between EU Member States. The legislation is
intended to bring particular benefits for small and medium sized enterprises (SMEs), who
will no longer be discouraged from doing business outside their domestic markets.
ISO 9001 is perceived by the EU Council as ensuring health and safety requirements
are met because ISO 9001 now requires organizations to demonstrate that they have the
ability to consistently provide product that meets customer and applicable statutory and
regulatory requirements. Such requirements would be specified in EU Directives. Where
conformity with these directives can be verified by inspection or test of the end product,
ISO 9001 is not a requirement for those seeking to supply within and into the EU. Where
conformity cannot be ensured without control over design and/or production processes,
conformity with ISO 9001 needs to be assessed by a ‘‘notified body’’. The 2008 EU
Directives require manufacturers to lodge an application for assessment of their quality
system with the notified body of their choice, for the products concerned. A summary of
the conformity assessment procedures is shown in Table 1-2. There are rules in Article
R17 of the Common Framework regulating ‘‘notified bodies’’.
17. Chapter j 1 Putting ISO 9000 in Context
TABLE 1-2 Conformity Assessment Procedures in EU Legislation
Module A: Internal Module B: Module G: Module H: Full
production control Type examination Unit verification quality assurance
Design Manufacturer keeps Manufacturer submits Manufacturer EN ISO 9001:2000 (4)
technical documentation to notified body: submits Manufacturer:
at the disposal of national technical
Technical documentation Operates an approved
authorities documentation
Supporting evidence for the quality system for design
adequacy of the technical Submits technical
design solution documentation
Specimen(s), representative
of the production envis-
aged, as required
Notified body: Notified body carries out
surveillance of the QMS
Ascertains conformity with
H1 Notified body:
essential requirements
Examines technical docu- Verifies conformity of
mentation and supporting design (1)
evidence to assess Issues EC-design examina-
adequacy of the technical tion certificate (1)
design
For specimen(s): carries out
tests, if necessary Issues EC-
type examination certificate
Continued
19
18. 20
TABLE 1-2 Conformity Assessment Procedures in EU Legislationdcont’d
Module A:
Internal Module C: Module D: Module E: Module F: Module G: Module H:
production Conformity Production Product quality Product Unit Full quality
control to type quality assurance assurance verification verification assurance
Production A. Manufacturer: C. Manufacturer: EN ISO 9001:2000 EN ISO 9001:2000 Manufacturer: Manufacturer:
(2). Manufacturer: (3). Manufacturer:
Declares confor- Declares confor- Submits Operates an
mity with essen- mity with Operates an Operates an product approved QMS for
tial requirements approved type approved quality approved quality Declares production, final
PART j 1 Before You Start
Affixes required Affixes required system for system for final conformity inspection and
conformity conformity production, final inspection and Affixes testing
marking marking inspection and testing required confor- Declares
testing Declares mity marking conformity
Declares confor- conformity with Affixes required
mity with approved type conformity
approved type Affixes required marking
Affixes required conformity
conformity marking
marking
19. Chapter j 1 Putting ISO 9000 in Context
A1. Accredited C1. Accredited D1. E1. Notified body: Notified body
in-house body or in-house body or Carries out
Declares confor- Declares Conformity Verifies confor-
notified body notified body surveillance of the
mity to essential to essential mity to essential
performs tests on performs tests on QMS
requirements requirements requirements
specific aspects of specific aspects of
Affixes required Affixes required Issues certificate
the product (1) the product (1)
conformity conformity marking of conformity
C2. Product
marking
checks at random
intervals (1)
A2. Product Notified body: Notified body: Notified body: Notes:
checks at random
Approves the QS Approves the QS Verifies conformity (1) Supplementary requirements which may be used in
intervals (1)
Carries out surveil- Carries out surveil- to essential sectoral legislation
lance lance of requirements (2) Except for sub-clause 7.3 and requirements relating to
of the QMS the QMS Issues certificate customer satisfaction and continual improvement
of conformity (3) Except for sub-clauses 7.1, 7.2.3, 7.3, 7.4, 7.5.1,
7.5.2, 7.5.3 and requirements relating to customer
satisfaction and continual improvement
(4) Except for requirements relating to customer satisfac-
tion and continual improvement
21