ISO 9000 is not Rocket Science

Dispelling the “Myths” of ISO 9001

Part One of Four

By Bretta Kelly


Let me start by saying, I love the ISO 9001:2000 standard! I believe it is the perfect tool to help a company improve their processes, eliminate waste, and save money. The key is to implement your ISO system in a way that it supports your company’s business goals and enlists the involvement of all of your employees. Implementation of this standard should never hinder your company’s practices. If it does hinder them, you need to read this article and learn how to prevent this from happening (or fix what you already have)!

I was so excited when the ISO 9000:1994 standard was upgraded to ISO 9001:2000. Finally, the standard went from a very prescriptive and labor-intensive process, to a common sense continual improvement tool. Years later, it is so disheartening to see that so many companies did not take advantage of this opportunity to improve their system. Many companies either failed at implementing a system, or over documented their system to the point where it does not work for them. Implementation of an ISO 9001:2000 is not Rocket Science, unless of course your company builds Rockets!

What is ISO 9000?

ISO 9001:2000 is very simply a total quality/business management system based on the very simple continual improvement methodologies of plan, do, check, and act. Most companies in business producing quality products or providing a quality service and continually improving upon these processes to satisfy their customers are already in compliance with the requirements of ISO 9001:2000. 

The standard is broken out into five sections (numbered 4, 5, 6, 7 and 8). Section 4 of the standard describes how to document your system and control records. Section 5 is about management commitment and responsibilities, and review of data collected by the system. Section 6 is resource management; Section 7 is planning, producing, and controlling whatever product or service the company provides. Finally, Section 8 of the standard is about monitoring and measuring your product processes and your management processes through inspection, testing, validation, auditing, etc. In addition, Section 8 defines what to do when your processes do not meet the desired result; these are control of nonconformance and corrective action. Section 8 ends by describing analysis of data and preventive action and this small part of the standard is where you get the bang for your buck in your ISO system. If you are going to spend all this time conducting processes that generate data, and you do not analyze the data, set objectives, goals, and act on preventive action opportunities to improve your company and the bottom line, then you are wasting your time collecting the data in the first place.

ISO 9001:2000 is about defining your processes, measuring and improving your processes. Everything you do is in fact “a process”, and all processes can be improved. The key to a successful and meaningful ISO system is to understand how to measure the success of your processes so that you can then determine which processes require additional focus for improvement. The following is a basic outline of the four steps required to accomplish continual improvement:

  1. Plan: you need to plan the process. Planning a processes could be writing a work instruction or flow chart or simply training the people involved in the process on how you plan for it to be conducted;

  2. Do: perform the process according to the plan;

  3. Check: inspect and verify the results of the process;

  4. Act: if the results are not satisfied in accordance with the plan then action must be taken to correct the situation

 A few important programs must be implemented to support the ISO program. These are based on the Plan, Do, Check, Act model. Two of these programs are called “management review” and “analysis of data” and are the output of the “Do” requirement. The output of a process is data and this data needs to be reviewed and analyzed by management in order to identify opportunities for improvement and actions required to satisfy customer requirements. Another program required in the ISO standard is the “Internal Audit” program. This is the “Check” requirement. This is the program used by the company to inspect its own processes to ensure conformance to the plan, and more importantly to find areas for improvement. Continual improvement and customer satisfaction are the most important objectives of any ISO 9001 system. This is why the “Act” step is so important! The “Act” will be the actions taken resulting from analysis of data and auditing your processes for improvement. During the auditing of a process, one must always ask the question “Why?” and “What if?” Why do we do it that way, why are these the requirements, why can we not improve the process, what if the parts are received bad, what if the procedure does not make sense and by continually asking these types of questions, we can drill down to the roots of each process. Once we have a complete understanding of the process from the bottom-up:

  • We can then determine if there may be a requirement to implement corrective action to correct “why” something did not happen as “Planned” or

  • There may be an opportunity for preventive action “what if” or improvement (to prevent a problem from occurring or to make the process more efficient and effective).

There are many different interpretations of the ISO 9001:2000 standard (and some are absurd). In an effort to highlight some common misunderstandings we will highlight some of these myths, urban legends or perceptions of different requirements that may still exist. Please cut out this section and use it throughout your organization as a reference guide! 

  • Perception: Implementing and maintaining ISO 9001:2000 is expensive.

  • False: it does not have to be expensive at all! Simply document your system based on what you already do and put in place the programs required to improve upon them and you are pretty much done. The sooner you set up your system and use it, the more cost savings you will enjoy. The ROI will be very quick!

  • Perception: The ISO 9001:2000 system is a Quality System (belongs in the quality department or is the responsibility of the quality manager), or many organizations feel they need to hire somebody full time to manage the ISO system (internal audit coordinator, corrective action coordinator, ISO coordinator, etc.).

  • False: the ISO system covers your entire business starting with customer requirements, review and acceptance of those requirements, executing those requirements, measuring and monitoring your processes to ensure you are meeting those requirements and then, ultimately delivery of a product or service that meets those requirements to ensure customer satisfaction. If only the quality department is responsible for ensuring the above, then I suppose everyone in the company should work for the quality department.

The title of this article is “ISO is not Rocket Science” because it truly is not. You simply have to take the common sense approach to how you define and manage your system! This approach is the easiest and most cost effective approach to building an effective system that will continually improve your processes and customer satisfaction while enlisting the most participation from all of your employees. The ISO standard is based on the process approach of Plan, Do, Check and Act and therefore it is very important that the company learn and understand the ISO 9001:2000 standard before implementing or documenting their management system. To accomplish this, send key employees to an ISO 9001:2000 course, hire a trainer to train in your company or hire a consultant.

A consultant’s role is to teach a company the requirements of the standard and help them define their system (not the consultant’s system). The foundation of the system needs to be based on the company’s culture, products and services, and how they will meet and continually improve upon these requirements. Often when a company hires a consultant to define, document and put in place how they meet the requirements, the system does not always match the company’s culture, or worse puts in place a system that the company does not understand. This makes enlisting employee support for the system difficult and is often the reason the system is not consistently used. If a consultant helps the company understand that the requirements of the standard are nothing beyond how they already do things, then the system has a much better chance of succeeding. 

The benefits of ISO 9001:2000 when implemented correctly:

The main purpose of implementing an ISO system is to improve your process, eliminate waste, save money for your company, and ensure that your company will be a contender in future markets. Every process in your company should have a measurement that shows if you were effective and/or met the desired result (the plan). The best platform to improve your processes is when:

  1. You define your quality policy and measurable objectives clearly and

  2. Communicate them clearly throughout your organization.

In many instances, you will have a process in your company that you cannot find a way to measure its effectives (or understand how it feeds into your overall goals and objectives). In these instances you must further investigate what is the purpose of this process and if it should be eliminated or modified to satisfy the company’s objectives (the why and what if questions). Some processes are extremely difficult to measure and define such as a process required meeting a safety requirement, regulatory requirement, customer requirement, etc. It is also very important to include the performance indicators of your processes so that when you take action (corrective or preventive) you can measure the effectiveness of those actions. The most effective method to measure effectiveness is to measure and track costs. This includes cost of nonconformity so when you correct problems and improve processes, you can measure the cost savings (dollars often say it all).

Why do some companies get discouraged when implementing a system? What can we do to prevent this?

Some of the horror stories about ISO implementations include companies who have binders of procedures, work instruction, and forms (generally with a layer of dust on top) and have been trying to implement ISO anywhere from one to five years unsuccessfully. Some have spent fifty-thousand dollars and others more than two hundred-thousand dollars on internal resources and/or consultants. Some have had a prior quality manager that wrote a system for them and then left the company and no other employee knew how to continue the system requirements. Some have gone through three quality managers each of them defining, adding to the last system, or changing requirements that result in confusion.

In many instances, we find that companies who have invested considerable time and money in the process of certification that they have a hard time letting go of it even when it has proven not to be effective or useful for them. A company must decide if they want to chase bad money with good money when faced with this problem. If you are one of these companies, consider letting the existing system go and documenting a new and effective system from scratch. Parts 2, 3, 4, and 5 of this article will outline exactly how to accomplish this change of approach.

 A very important part of the ISO standard is preventing recurrence of a problem. Therefore, it is simple common sense to change or improve a quality system and the associated philosophy when the system is found not effective. Also, remember that the ISO program does not belong to an individual; instead, it belongs to the company as a whole.

The remainder of the article is broken out into three additional parts where we will identify the relevant myths in each:

  1. Plan;

  2. Do and check;

  3. Act and Summary

Complete the form below to receive parts 2, 3 and the conclusion in part 4.