The ISO 9000 family of quality management systems standards is designed to help organizations ensure that they meet the needs of customers and other stakeholders while meeting statutory and regulatory requirements related to a product or service. ISO 9000 deals with the fundamentals of quality management systems, including the seven quality management principles upon which the family of standards is based. ISO 9001 deals with the requirements that organizations wishing to meet the standard must fulfil.
Third-party certification bodies provide independent confirmation that organizations meet the requirements of ISO 9001. Over one million organizations worldwide are independently certified, making ISO 9001 one of the most widely used management tools in the world today. However, the ISO certification process has been criticized as being wasteful and not being useful for all organizations.
ISO 9000 was first published in 1987 by ISO (International Organization for Standardization). It was based on the BS 5750 series of standards from BSI that were proposed to ISO in 1979. However, its history can be traced back some twenty years before that, to the publication of government procurement standards, such as the United States Department of Defense MIL-Q-9858 standard in 1959, and the U.K's Def Stan 05-21 and 05-24. Large organizations which supplied government procurement agencies often had to comply with a variety of quality assurance requirements for each contract awarded which led the defence industry to adopt mutual recognition of NATO AQAP, MIL-Q and Def Stan standards. Eventually, ISO 9000 was adopted as a suitable option, instead of forcing contractors to adopt multiple - and often similar - requirements.
Reasons for use
The global adoption of ISO 9001 may be attributable to a number of factors. In the early days, the ISO 9001 (9002 and 9003) requirements were intended to be used by procuring organizations, as the basis of contractual arrangements with their suppliers. This helped reduce the need for "supplier development" by establishing basic requirements for a supplier to assure product quality. The ISO 9001 requirements could be tailored to meet specific contractual situations, depending on the complexity of product, business type (design responsibility, manufacture only, distribution, servicing etc) and risk to the procurer. If a chosen supplier was weak on the controls of their measurement equipment (calibration), and hence QC/inspection results, that specific requirement would be invoked in the contract. The adoption of a single Quality Assurance requirement also lead to cost savings throughout the supply chain by reducing the administrative burden of maintaining multiple sets of quality manuals and procedures.
A few years later, the U.K. Government took steps to improve national competitiveness following publication of cmd 8621, and Third Party Certification of Quality Management Systems was born, under the auspices of the National Accreditation Council of Certification Bodies (NACCB) which has become the United Kingdom Accreditation Service (UKAS) .
Before the certification body can issue or renew a certificate, the auditor must be satisfied that the company being assessed has implemented the requirements of sections 4 to 10. Sections 1 to 3 are not directly audited against, but because they provide context and definitions for the rest of the standard, not that of the organization, their contents must be taken into account.
The standard no longer specifies that the organization shall issue and maintain documented procedures, however, ISO 9001:2015 requires the organization to document any other procedures required for its effective operation. The standard also requires the organization to issue and communicate a documented quality policy, a quality management system scope, and quality objectives. The standard no longer requires compliant organizations to issue a formal Quality Manual. The standard does require retention of numerous records, as specified throughout the standard. New for the 2015 release is a requirement for an organization to assess risks and opportunities (section 6.1) and to determine internal and external issues relevant to its purpose and strategic direction (section 4.1). The organization must demonstrate how the standard’s requirements are being met, while the external auditor’s role is to determine the quality management system's effectiveness. More detailed interpretation and implementation examples are often sought by organizations seeking more information in what can be a very technical area.
Contents of ISO 9001:2015 are as follows:
Section 1: Scope
Section 2: Normative references
Section 3: Terms and definitions
Section 4: Context of the organization
Section 5: Leadership
Section 6: Planning
Section 7: Support
Section 8: Operation
Section 9: Performance evaluation
Section 10: Continual Improvement
International Organization for Standardization (ISO) does not certify organizations itself. Numerous certification bodies exist, which audit organizations and, upon success, issue ISO 9001 compliance certificates. Although commonly referred to as "ISO 9000" certification, the actual standard to which an organization's quality management system can be certified is ISO 9001:2015 (ISO 9001:2008 will expire by around September 2018). Many countries have formed accreditation bodies to authorize ("accredit") the certification bodies. Both the accreditation bodies and the certification bodies charge fees for their services. The various accreditation bodies have mutual agreements with each other to ensure that certificates issued by one of the accredited certification bodies (CB) are accepted worldwide. Certification bodies themselves operate under another quality standard, ISO/IEC 17021, while accreditation bodies operate under ISO/IEC 17011.
An organization applying for ISO 9001 certification is audited based on an extensive sample of its sites, functions, products, services and processes. The auditor presents a list of problems (defined as "nonconformities", "observations", or "opportunities for improvement") to management. If there are no major nonconformities, the certification body will issue a certificate. Where major nonconformities are identified, the organization will present an improvement plan to the certification body (e.g., corrective action reports showing how the problems will be resolved); once the certification body is satisfied that the organization has carried out sufficient corrective action, it will issue a certificate. The certificate is limited by a certain scope (e.g., production of golf balls) and will display the addresses to which the certificate refers.
An ISO 9001 certificate is not a once-and-for-all award but must be renewed at regular intervals recommended by the certification body, usually once every three years. There are no grades of competence within ISO 9001: either a company is certified (meaning that it is committed to the method and model of quality management described in the standard) or it is not. In this respect, ISO 9001 certification contrasts with measurement-based quality systems.