Published in 1987, ISO 9000 is set of standards created by the International Organization for Standardization pertaining to the creation of quality management systems. The family of standards sets out 7 principles organisations should follow to ensure their quality management process is able to consistently deliver a high-quality end product/service as well as stakeholder value.
ISO 9000 consists of 5 separate standards, with ISO 9000 itself relating to the fundamental principles that should underpin a quality management process, and ISO 9001 stipulating the criteria organisations should satisfy in order to gain ISO 9001 certification. ISO 9001 is the only standard in the set that relates to certification.
Applicable to organisations big and small and across almost all sectors, ISO 9000 is the foremost set of quality management standards worldwide, with over 1 million organisations having achieved certification since its inception.
A quality management system is a set of processes designed to ensure a service or product meets an ideal or expected standard. The system should be substantiated by documentation designed to institutionalise the processes and responsibilities required to meet these quality objectives.
A well-conceived QMS should help to deliver a satisfactory outcome for both clients and stakeholders and function as a foundation for driving continuous improvement. It should also be cognizant of constraints, including compliance obligations, budgetary realities and cost fluctuations, and seek to overcome such challenges in order to deliver high quality service/product outcomes.
Now that we’ve covered some of the fundamental definitions, let’s examine the recommended approach to creating a robust QMS as well as the properties it should possess in order to obtain ISO 9001 certification.
Before laying out the certification criteria, ISO 9001 promotes a number of concepts that are conducive to building a QMS that serves its purpose effectively. These include:
Organisations are encouraged to map out processes in a way that consider the actions and input variables critical to each of them, as well as dependencies and interplay that occur between different procedures. The aim of this exercise is to draw attention to the processes, inputs and activities most critical to delivering the desired outcome.
This concept encourages organisations to consider the risks each process is subject to, determine whether risk mitigation is possible in each instance and consider whether the risk-reward ratio makes each process worthwhile. ISO 9001 certification requires the instatement of a fully-documented risk management process that records all identifiable risks and the mitigation measures in place to manage them.
The ‘plan, do, check, act’ cycle is a procedural model designed as an aid to implementing continual improvements. ‘Plan’ centres around objectives, the parties involved and any limiting factors, ‘do’ involves carrying out the planned changes, ‘check’ involves determining the success of the newly-implemented changes and ‘act’ refers to taking any remedial steps necessary to achieve the desired outcome. Before we examine the 7 criteria clauses relating to certification, it’s worth pointing out that each of these clauses can be assigned a position on the PDCA cycle.
ISO 9001:2015 features 10 clauses, 7 of which relate to the properties a QMS must demonstrate in order to achieve certification. The first 3 clauses are informative rather than instructional, so we shall skip these for the purposes of this article.
Clause 4 requires the QMS to consider all the influential factors (both internal and external) and concerned parties that have any bearing on the processes featured. It requires that consideration be given to internal context (employees, regulations and contractual commitments), external context (economic pressures, competition and legal constraints) in addition to what ISO defines as ‘interested parties’ – customers, vendors, suppliers and stakeholders. This clause requires the QMS to frame business operations in the broadest possible context so that the quality management process is able to accommodate all the parties and limiting factors that have any bearing on quality outcomes.
This clause stipulates the responsibilities of decision makers/managers in terms of creating and executing the quality management system. It requires leaders to draw up a quality policy document, assign resources in order to achieve quality aims, establish objectives and identify individuals responsible for the various aspects of the quality management process.
This clause recommends that organisations pursue reward whilst considering the risks inherent in doing so, and encourages the use of risk management activities that don’t restrict opportunities. It also gives instruction on the creation of ‘quality objectives,’ which should underpin the goals of the quality policy document. The clause emphasizes the importance of allocating resources, entrusting responsibility to others, setting out deadlines and reviewing results in pursuit of these quality objectives.
This clause is concerned with ensuring adequate resources are provided to support the quality management process. It requires management to ensure adequate provision of the equipment, facilities, personnel and training needed to achieve the quality management objectives. The clause also emphasizes the importance of establishing effective communication strategies and channels.
Clause 8 is one of the core components of ISO 9001’s certification criteria. It represents the ‘Do’ phase of the PDCA cycle and involves realising and executing the plans made in the preceding 4 clauses.
The clause centres heavily on the concept of ‘process control,’ which defines actions that help direct running processes towards the ideal outcome (a high quality end product or service). The clause requires provisions to be made in respect of ensuring the quality of internal production processes, as well as services and products provided by third-party contractors/suppliers in instances where these third-party inputs have a bearing on your product/service delivery.
This clause requires organisations to measure and compare process outcomes against the quality targets that have been established, representing the ‘check’ element of the PDCA cycle. The purpose of this requirement is an assessment of the quality management system’s ability to drive continual improvement. The clause also demands the use of internal audits to test the QMS’s ability to satisfy internal requirements and the conditions for certification set out by ISO 9001.
Corresponding to the ‘act’ component of the PDCA cycle, clause 10 demands that corrective action be taken to address process non-conformities and deficiencies identified in performance evaluations. These corrective actions should aim to get to the heart of a problem, and their efficacy should be determined by further evaluation.
We hope this article has helped you understand the basics of the ISO 9000 standards family, as well as the steps that are required to construct an ISO 9001-certified Quality Management System. In our next article we’ll explore some of the business benefits ISO 9001 certification can bring, and help explain how your IT system can aid in your quality management objectives.