Certification

ISO does not itself certify organizations. Many countries have formed accreditation bodies to authorize certification bodies, which audit organizations applying for ISO 9001 compliance certification. Although commonly referred to as ISO 9000:2000 certification, the actual standard to which an organization's quality management can be certified is ISO 9001:2000. Both the accreditation bodies and the certification bodies charge fees for their services. The various accreditation bodies have mutual agreements with each other to ensure that certificates issued by one of the Accredited Certification Bodies (CB) are accepted world-wide.

The applying organization is assessed based on an extensive sample of its sites, functions, products, services and processes; a list of problems ("action requests" or "non-compliances") is made known to the management. If there are no major problems on this list, the certification body will issue an ISO 9001 certificate for each geographical site it has visited, once it receives a satisfactory improvement plan from the management showing how any problems will be resolved.

An ISO certificate is not a once-and-for-all award, but must be renewed at regular intervals recommended by the certification body, usually around three years. In contrast to the Capability Maturity Model there are no grades of competence within ISO 9001.

ISO 9000 History

Pre ISO 9000

During World War II, there were quality problems in many British industries such as munitions, where bombs were exploding in factories during assembly. The adopted solution was to require factories to document their manufacturing procedures and to prove by record-keeping that the procedures were being followed. The name of the standard was BS 5750, and it was known as a management standard because it specified not what to manufacture, but how the manufacturing process was to be managed. According to Seddon, "In 1987, the British Government persuaded the International Organization for Standardization to adopt BS 5750 as an international standard. BS 5750 became ISO 9000."^[

1987 version

ISO 9000:1987 had the same structure as the UK Standard BS 5750, with three 'models' for quality management systems, the selection of which was based on the scope of activities of the organization:

• ISO 9001:1987 Model for quality assurance in design, development, production, installation, and servicing was for companies and organizations whose activities included the creation of new products.
• ISO 9002:1987 Model for quality assurance in production, installation, and servicing had basically the same material as ISO 9001 but without covering the creation of new products.
• ISO 9003:1987 Model for quality assurance in final inspection and test covered only the final inspection of finished product, with no concern for how the product was produced.

ISO 9000:1987 was also influenced by existing U.S. and other Defense Standards ("MIL SPECS"), and so was well-suited to manufacturing. The emphasis tended to be placed on conformance with procedures rather than the overall process of management—which was likely the actual intent.

1994 version

ISO 9000:1994 emphasized quality assurance via preventive actions, instead of just checking final product, and continued to require evidence of compliance with documented procedures. As with the first edition, the down-side was that companies tended to implement its requirements by creating shelf-loads of procedure manuals, and becoming burdened with an ISO bureaucracy. In some companies, adapting and improving processes could actually be impeded by the quality system.^[

2000 version

ISO 9001:2000 combines the three standards 9001, 9002, and 9003 into one, called 9001. Design and development procedures are required only if a company does in fact engage in the creation of new products. The 2000 version sought to make a radical change in thinking by actually placing the concept of process management front and center ("Process management" was the monitoring and optimizing of a company's tasks and activities, instead of just inspecting the final product). The 2000 version also demands involvement by upper executives, in order to integrate quality into the business system and avoid delegation of quality functions to junior administrators. Another goal is to improve effectiveness via process performance metrics — numerical measurement of the effectiveness of tasks and activities. Expectations of continual process improvement and tracking customer satisfaction were made explicit.

Future version: 2008

TC 176, the ISO 9001 technical committee, has started its review on the next version of ISO 9001, which will in all likelihood be termed the ISO 9001:2008 standard, assuming its planned release date of 2008 is met. Early reports are that the standard will not be substantially changed from its 2000 version.

As with the release of previous versions, organizations registered to ISO 9001 will be given a substantial period to transition to the new version of the standard, assuming changes are needed; organizations registered to 9001:1994 had until December of 2003 to undergo upgrade audits.

The forthcoming ISO 9001:2008 international standard is likely to be published by October–November 2008.

Summary of ISO 9001:2000 in informal language

• The quality policy is a formal statement from management, closely linked to the business and marketing plan and to customer needs. The quality policy is understood and followed at all levels and by all employees. Each employee needs measurable objectives to work towards.
• Decisions about the quality system are made based on recorded data and the system is regularly audited and evaluated for conformance and effectiveness.
• Records should show how and where raw materials and products were processed, to allow products and problems to be traced to the source.
• You need a documented procedure to control quality documents in your company. Everyone must have access to up-to-date documents and be aware of how to use them.
• To maintain the quality system and produce conforming product, you need to provide suitable infrastructure, resources, information, equipment, measuring and monitoring devices, and environmental conditions.
• You need to map out all key processes in your company; control them by monitoring, measurement and analysis; and ensure that product quality objectives are met. If you can’t monitor a process by measurement, then make sure the process is well enough defined that you can make adjustments if the product does not meet user needs.
• For each product your company makes, you need to establish quality objectives; plan processes; and document and measure results to use as a tool for improvement. For each process, determine what kind of procedural documentation is required (note: a “product” is hardware, software, services, processed materials, or a combination of these).
• You need to determine key points where each process requires monitoring and measurement, and ensure that all monitoring and measuring devices are properly maintained and calibrated.
• You need to have clear requirements for purchased product.
• You need to determine customer requirements and create systems for communicating with customers about product information, inquiries, contracts, orders, feedback and complaints.
• When developing new products, you need to plan the stages of development, with appropriate testing at each stage. You need to test and document whether the product meets design requirements, regulatory requirements and user needs.
• You need to regularly review performance through internal audits and meetings. Determine whether the quality system is working and what improvements can be made. Deal with past problems and potential problems. Keep records of these activities and the resulting decisions, and monitor their effectiveness (note: you need a documented procedure for internal audits).
• You need documented procedures for dealing with actual and potential nonconformances (problems involving suppliers or customers, or internal problems). Make sure no one uses bad product, determine what to do with bad product, deal with the root cause of the problem and keep records to use as a tool to improve the system.

ISO Family of Standards

ISO 9000 includes standards:

• ISO 9000:2000, Quality management systems – Fundamentals and vocabulary. Covers the basics of what quality management systems are and also contains the core language of the ISO 9000 series of standards. A guidance document, not used for certification purposes, but important reference document to understand terms and vocabulary related to quality management systems. In the year 2005, revised ISO 9000:2005 standard has been published, so it is now advised to refer to ISO 9000:2005.
• ISO 9001:2000 Quality management systems – Requirements is intended for use in any organization which designs, develops, manufactures, installs and/or services any product or provides any form of service. It provides a number of requirements which an organization needs to fulfill if it is to achieve customer satisfaction through consistent products and services which meet customer expectations. It includes a requirement for the continual (i.e. planned) improvement of the Quality Management System, for which ISO 9004:2000 provides many hints.

This is the only implementation for which third-party auditors may grant certification. It should be noted that certification is not described as any of the 'needs' of an organization as a driver for using ISO 9001 (see ISO 9001:2000 section 1 'Scope') but does recognize that it may be used for such a purpose (see ISO 9001:2000 section 0.1 'Introduction').

• ISO 9004:2000 Quality management systems - Guidelines for performance improvements. covers continual improvement. This gives you advice on what you could do to enhance a mature system. This standard very specifically states that it is not intended as a guide to implementation.

There are many more standards in the ISO 9001 family (see "List of ISO 9000 standards" from ISO), many of them not even carrying "ISO 900x" numbers. For example, some standards in the 10,000 range are considered part of the 9000 family: ISO 10007:1995 discusses Configuration management, which for most organizations is just one element of a complete management system. ISO notes: "The emphasis on certification tends to overshadow the fact that there is an entire family of ISO 9000 standards ... Organizations stand to obtain the greatest value when the standards in the new core series are used in an integrated manner, both with each other and with the other standards making up the ISO 9000 family as a whole".

Note that the previous members of the ISO 9000 family, 9001, 9002 and 9003, have all been integrated into 9001. In most cases, an organization claiming to be "ISO 9000 registered" is referring to ISO 9001.

ISO 9000 Basic Information

ISO 9000 is a family of standards for quality management systems. ISO 9000 is maintained by ISO, the International Organization for Standardization and is administered by accreditation and certification bodies. Some of the requirements in ISO 9001 (which is one of the standards in the ISO 9000 family) include

• a set of procedures that cover all key processes in the business;
• monitoring processes to ensure they are effective;
• keeping adequate records;
• checking output for defects, with appropriate and corrective action where necessary;
• regularly reviewing individual processes and the quality system itself for effectiveness; and
• facilitating continual improvement

A company or organization that has been independently audited and certified to be in conformance with ISO 9001 may publicly state that it is "ISO 9001 certified" or "ISO 9001 registered". Certification to an ISO 9000 standard does not guarantee the compliance (and therefore the quality) of end products and services; rather, it certifies that consistent business processes are being applied. Indeed, some companies enter the ISO 9001 certification as a marketing tool.

Although the standards originated in manufacturing, they are now employed across a wide range of other types of organizations. A "product", in ISO vocabulary, can mean a physical object, or services, or software. In fact, according to ISO in 2004, "service sectors now account by far for the highest number of ISO 9001:2000 certificates - about 31% of the total."

Structure of the ISO 9001:2000 Standard

The ISO 9001:2000 Standard is compiled of eight Clauses. The first three are introductory in nature. The subsequent five clauses include the requirements the organization must address. They are as follows:

Clause 4 – Quality Management System

Process Management, Documentation Requirements, Records Control

Clause 5 – Management Responsibility

Customer/Patient Focus, Policy, Objectives, Planning, Responsibility & Authority

Clause 6 – Resource Management

Human Resources, Infrastructure, Work Environment

Clause 7 – Product / Service Realization

Planning of New Products & Services, Customer Interface/ Communication, Design, Purchasing/Supplier Management, Production/ Service Operations, Calibration

Clause 8 – Measurement, Analysis, and Improvement

Internal Audits, Customer/Patient Satisfaction, Monitoring/Measurement of Products/Services and Processes, Handling Nonconformance, Corrective & Preventive Action, Continual Improvement

Balanced Scorecard Excersise

Place the 8 objectives and measures into the four balanced scorecard metric categories of Finance, Customers, Business Processes and Learning and Growth. Please note that objectives and measures (in the table below) may not be related i.e. objective (1) and measure (a) do not belong together. So first place the objectives, and then place the measures.

Categorise the following as Financial, Customers, Processes, or Learning and Growth (You may need to print this page):
Objective	Measure
1. To be the cost leader in our market by 2008	(a) Average time taken for customers to receive complete orders
2. To reduce customer churn by 75% within 12 months	(b) Customer retention rates
3. To lead the market in speedy delivery by 2008	(c) Return On Capital Employed (ROCE)
4. To build a sports and social club by March 2011	(d) Employee satisfaction rates
5. To increase profitability by 20% by 2009	(e) Statistical process control
6. To produce products that are right first time within 3 months	(f) Employee retention rates
7. To train and develop all team leaders by 2009	(g) Customer feedback or complaints
8. To achieve 99% customer satisfaction within 5 years	(h) Unit cost

1. Finance
Objective	Measure

2. Customer.
Objective.	Measure.

3. Business Processes
Objective	Measure

4. Learning and Growth
Objective.	Measure.

The Balanced Scorecard Approach

The Balanced Scorecard is an approach that can be used by business leaders and strategic marketing managers to control, and keep track of, key performance indicators. In fact the scorecard itself is designed to be wholly strategic since it contains long-term outcomes and drivers of success. There are four zones in a balanced scorecard namely financial, customers, business processes (or simply processes), and learning and growth. Each measure is part of a longer chain of cause and effect, and all of the measures eventually lead to outcomes (read on and this will become clearer). So the scorecard is 'balanced' in that outcomes are in balance with each other.

The benefit of the scorecard is that is overcomes short-term quick fixes, and gives the strategic marketing manager a straightforward overview of the organization. In fact, a scorecard should ideally fit onto a single sheet of paper. In fact Kaplan and Norton (1992), the originators of Balanced Scorecard, describe it as the dials in an airplane cockpit.

Learning and Growth.

Learning and Growth deals with measures of corporate success in relation to how it learns as it develops over time. So if the company makes mistakes in any way, then it must learn from them and there must be mechanisms in place to make sure that happens. Growth also includes the way in which it generates leaders for the future and equips employees with the necessary skills that will ultimately sustain its business. Examples include skills sets, employee relations and satisfaction, and staff competences.

Internal Business Processes.

Internal business processes include all operations within the organization. The measures would cover whether or not value is being delivered to target segments, and the value chain is tracked. Innovation and new product development would also be measured. Examples of internal business processes include Information Technology, manufacturing, marketing operations such as customer service, procurement and quality processes.

Customers.

As marketers we are very concerned with our customers. We need to make sure that they are satisfied with every aspect of their experience with our organization. We need to make sure that we not only recruit more new customers, but that we also retain them and extend new products and services to them. We also need to make sure that we are meeting the needs of our target segments. So here, examples of customer measures include customer retention and recruitment, their satisfaction and so on.

Financial.

Financial measures are vitally important for any business. A note of caution here, since traditional measures of financial success such as Return On Investment (ROI), and made secondary to 'shareholder value.' Shareholder value is the natural measure of success, and so it is prioritized. Information on customers, markets and technology is far more widely available today, so don't bogged down with old fashioned financial measures.

Resources, individuals and teams within a business are then aligned with the scorecard objectives, measures, targets and initiatives for each of the four areas of measurement.

Leadership is Key

The key ingredient with all business management is the quality of leadership.

Since their inception, the ISO Standards have been synonymous with quality. As the market and customer needs have evolved, the standards have moved beyond product quality to an increasing emphasis on customer satisfaction and continual improvement. These standards are internationally accepted and provide a consistent basis for understanding requirements related to product, service and environmental quality. ISO relies on eight quality principles to be used by senior management for leading and improving their organization.

Benefits of ISO 9001:2000

An ISO System as the framework for managing all Business Quality Certifications

ISO 9001:2000 offers a way for evaluating processes at an organizational level. It also enables the organization to define organization specific goals and methods for quality business management. ISO 9001:2000 also offers a monitoring and audit system for maintaining the business quality management system.

Benefits of ISO 9001:2000 as a Quality Management System

1. If a business is certified to ISO 9001, any other survey process for business quality certifications will be much simpler and less costly regarding both preparation and compliance demonstration
2. Systemic breakdowns are recognized earlier in the process and systematically addressed
3. Development of “Best practice” Business-wide processes, with reference to supporting documentation
4. Ensures conformance to and effectiveness of documented processes
5. Focuses on Customer Care, Satisfaction, and Safety
6. Reduce errors associated with ”hand-offs”
7. Improve documentation and records
8. Improve employees’ understanding of roles and responsibilities within the business quality management system
9. Strengthen customer/community confidence and relationships
10. Alignment of Business-wide, Departments, Individual objectives
11. Foundation for on-going improvement initiatives

IFLEX services

ISO 9001:2000 - ISO 14001:2004 - AS9100

Our services have a strong business approach in implementing any management system tool. We emphasize the importance of demonstrating leadership.

We have experience in ISO Standard Implementation, document control and working with all levels of management to achieve ISO requirements and compliance. We develop and maintain policies, documentation, plans, programs and procedures to comply with company and stakeholders requirements.

Our services includes; planning, developing, implementing, auditing and improving business management systems for business/process enhancement and cost savings.

IFLEX provides expertise in ISO 9001:2000, AS9100 and ISO 14001 Management System Standards using an implementation program which supports the strategic decisions made by the organization's top management. The step-by-step coaching program and on-site or off-site training program will plan and develop the execution of all requirements involved with each specific Management System Standard.

The management standards are a set of business practices which require an organization to establish the structure and processes used to assure that it produces goods and services that consistently meet both the requirements of the customers as well as the requirements of regulatory agencies.

The adoption of a management system needs to be a strategic decision of the organization. The design and implementation is influenced by varying needs, particular objectives, the products and services provided, the processes employed and the size and structure of the organization.

Key Benefits for using IFLEX

Implementation of goals and objectives using a system approach to move in the direction of improved performance.

Implementation of project management which promotes leadership and accountability from the top down.

Structured, implemented and improved processes which enable your business to enhance production, business and financial performance.