ISO 9000 refers to a set of three Quality Management System (QMS) documents: ISO 9000, ISO 9001, and ISO 9004, produced by the International Organization for Standardization.

• ISO 9000 contains the definitions and terminology used by the ISO 9001 standard.
• ISO 9001 contains the actual QMS requirements used for certification or registration audits.
• ISO 9004 is a set of guidelines that can be used to develop a quality management systems.

Although,  the three documents make up the ISO 9000 set, the main one that everyone concerns themselves with is the ISO 9001 standard itself.  About every seven years a new ISO 9000 set is released.  The release date is then added to each set to complete the naming convention.  So, ISO 9001:2008 is the full name of the standard and the current release used for ISO registration.

What is the difference between ISO 9001, 9002 and 9003?

We no longer use ISO 9002 or ISO 9003.  These names were used in the older ISO 9000:1994 standard that was obsoleted by the ISO 9000:2000 version, which in turn, was obsoleted by the latest ISO 9001:2008 version.  This may sound confusing but ISO rules require the standards to be reviewed and updated periodically to stay current with technological and market developments.  We don’t expect the next update until ISO 9001:2015.

Many people think ISO is an acronym that stands for the developer and publisher of International Standards — the International Standards Organization.  But that ISO organization is actually called International Organization for Standardization or IOS.

Since the IOS is an international organization, it would have a different acronym in different languages.  Hence, the ‘ISO’ in English versus the ‘IOS’ in Swiss or the ‘OIN’ in French (Organisation internationale de normalisation).

The ISO standards are not named after an acronym.  ISO comes from the Greek word ‘isos’ for equal.  All ISO standards use the name ISO to mean ‘isos’ and not to mean an acronym.  So now, no matter the country or language that ISO is used in, the ISO standards are always pronounced the same.  It is not an I.S.O. standard as many people think.  It is an ISO standard. ISO is one word.  No pauses.

Blogs are a great interactive communication vehicle.  We first started writing to answer many questions about policies and procedures, quality, and management systems. We now have three blogs.  One focused on longer quality articles.  One focused on shorter comments (this blog).  And one focused on the OnPolicy document revision control software.

The blog content comes from our training classes, consulting practice, and the policies and procedures manuals themselves.  Over the years we have written about a wide range of topics.  People still ask questions and we are still answering them every month.

Below are some of the top questions regarding quality management systems.

1. What’s the Difference Between Policies and Procedures?
2. Are Procedures the Same as Work Instructions?
3. What’s the Difference between Corrective Action and Preventive Action?
4. What’s the Difference Between Verification and Validation?
5. What is a Lean ISO 9001 Quality Management System?
6. What Procedures Should You Write?
7. What is Continuous Improvement?
8. What is a Process Map?
9. How Are PDCA Cycles Used Inside ISO 9001?
10. Why Policies and Procedures Don’t Work.

If you have any questions about ISO 9000, quality, lean six sigma, or management systems design, ask them below and I will be happy to answer them in an upcoming blog post.

Customers demand consistency — they need it to make informed purchase decisions.  We’ll start with an example: Let’s say you run a restaurant.  At your restaurant, you have a different chef every day. Each chef makes the menu according to their preferences.

If your menu changes every day — if there’s a high degree of variability — most customers will be put off. Some people like variety and go out of their way for it, but most of us are creatures of habit. We find something we like and we stick with it; we go where we know what we’re getting. If we don’t know what to expect from you, you may not be in business for long.

It’s generally not good business to let your employees make your products any way they want, whether your product is hamburgers, tires, or remote data backup. Too much variation, or inconsistency, in your product will hurt your business.

Consistency with quality means value, and value means happy customers. Happy customers will return, and they’ll tell their friends. who will tell their friends, and they’ll grow your business.

If yours is like most companies in these difficult times, you’re struggling. Every employee reacts to their own problems and can’t be bothered with others. Furthermore, no one has the time or “luxury” to look ahead, let alone ensure consistency in the here-and-now.  The result is a decline in quality, revenues, morale, and…the number of employees.

You can do something about this! Work towards improving consistency in your work first.  Good management looks ahead, plans for the future, defines the “product”, and develops measurable objectives, active job descriptions, and clearly defined policies and procedures.

Consistency equals quality, doesn’t it? Not necessarily. You can make a consistently bad product, which obviously isn’t good for your business.  You need to make a consistently good product, which ISO 9001 — specifically, a quality management system designed around the ISO 9001 quality standard — can help you produce.

Quality management works toward delivering a consistent product, inside and out. Unless everyone in your business is doing everything they can to deliver a consistent product internally, you won’t see consistency in your finished products. Be a leader and deliver consistent products consistently. If you deliver high quality consistently, everything else takes care of itself.

Rumors are flying around the Internet that British Petroleum is considering removing Tony Hayward from the company’s top post. Apparently investors like the idea, as BP’s stock price has steadily risen since the rumors began.

People may feel like it’s a good start, as Hayward seems to have become a greater liability than an asset to the oil giant. However, one grand, symbolic gesture — one more sacrificial lamb — doesn’t get to the root of the problem. We have much further to go. Hayward is at the top of the company but the failures that led to the oil catastrophe have not nearly been all his or his company’s doing.

BP’s failure was part of a systemic failure: there is plenty of blame to go around. Rather than blame everybody (which helps no one), we have to correct the system in which this fiasco occurred or devise a new system.

Where to start?  We might take care of the problem this way:

• Compile lessons learned and share them with the industry.
• Rewrite industry (and other) standards to put a greater emphasis on safety.
• Enforce existing regulations before writing new ones.
• When writing a new bill (and this goes to any bill, not just those dealing with oil and gas), the legislature cannot be allowed to hide laws by combining them, related or not. One bill for one issue.
• Spend money on enforcement (i.e., hire qualified people, train them well, and pay them what they’re worth).
• Break up the MMS and organizations like it. The Materials Management Service has been responsible for gathering rights fees, etc., and they’ve been responsible for enforcing oil-and-gas-related statutes and requirements. Often, these two work at cross-purposes: as we saw, the MMS didn’t want to enforce laws that might put the brakes on revenue. Those functions have to be kept separate so there’s no confusion about what’s important.
• Restore “reinvestment in the company” as a business tenet. Paying out profits to shareholders and executives while infrastructure and technology lag isn’t sustainable.
• Fine anyone or any organization that misled anybody at any point (misinformation, late or no information, deflecting blame, covering up problems, etc.). This alone could raise enough money to put the issue behind us.
• Get the world on the same standards. It’s too easy for a company to say, “We don’t like the tax laws here, so we’re moving offshore” or “It’s cheaper to operate “over there”, so we’re going over there.” Artificially low wages and taxes, as well as lax standards and enforcement, relocates the problems and potentially intensifies them. Relocating a problem doesn’t solve it and it can create more.
• Accept responsibility. Management can certainly do its share but so can the rest of us. We need to find our collective moral compass and use it all the time.

Do you have any suggestions or ideas for preventing a recurrence of this unfortunate situation? What would your corrective or preventive actions be? Should compliance with ISO 9001 and ISO 14001 be required of all oil and gas companies (and their subcontractors)? Should policies and procedures be transparent?

Thanks for your time.

Remember when Ford’s tagline was “Quality Is Job 1″? No? Well, maybe this will jog your memory.

Back in the 1980′s, Ford, GM, Chrysler, and AMC¹ were quickly losing ground to Japanese automakers². Rumors that U.S. auto workers were deliberately sabotaging cars on assembly lines gained traction; these rumors were alleged to have been started to divert attention from the obvious and growing inequities between American and Japanese vehicles.

Fact is, American car buyers were turning away from domestic cars simply because their Asiatic counterparts were cheaper to buy and much cheaper to operate. The bad reputation American cars were saddled with then — a consumer perception of poor quality — persists to this day, even though Toyota — which leapfrogged all American automakers in 2007 to become the world’s #1 vehicle producer precisely because of its reputation for quality — has turned out to be the modern-day emperor with no clothes.  It looks as though quality took a back seat to profits.

Then there’s BP, whose failed wellhead in the Gulf of Mexico “will live in infamy”³, mainly because it appears the company would not spend a little on safety because that might eat into profits. This story has been thoroughly covered in the news, on blogs (including ours), and in company emails.

Now add the computer maker Dell to the list. Dell is now in court for allegedly selling millions of defective computers from 2003-2005 — computers that it supposedly knew were defective — hurting companies that relied on its reputation for quality manufacturing and customer service.

What’s the common thread running through all of these cases? Corporate hubris? Maybe.  A message running throughout these companies that “quality be damned — just get it out fast and make a big profit”? Quite possibly. Is their profit more important to you — the consumer – than a quality product and your satisfaction?

When do we, as consumers, demand that quality be placed before price? It catches up with the producer — eventually — but why wait for the inevitable? Why chase the elusive promise of “newer and better”? (Look at what Apple’s going through with the iPhone 4.)^{4, 5} Also, when do we, as corporate citizens, begin to see that our responsibility to give our customers quality isn’t incompatible with healthy profits?

It’s often said that we get what we deserve. If you think you deserve better, demand — and hold out for — quality.

Notes:

¹ Yes, they were still around, though not for long. AMC was put down for good in 1988.

² Except for body rust; that problem plagued Japanese auto makers for decades. My first two new vehicles were Japanese-made and I logged 18 years and several hundred thousand miles between them. If not for the severe case of “car cancer” they both caught, I believe they would’ve given me 20 or more years, combined.

³ My apologies to the late Franklin D. Roosevelt only.

⁴ http://abcnews.go.com/Technology/apple-iphone-hit-class-action-suit/story?id=11066239.

⁵ http://news.cnet.com/8301-30677_3-20008919-244.html.

Further Reading/Viewing:

1. Enderle, Rob, “Dell and the Cost of Cover-Ups“, IT Business Edge post, 30 Jun 2010.
2. Evans, Joel, “Is Apple Covering Up the Real Problem with Its iPhone?“, ZDNet blog post, 4 July 2010.
3. “Product Recalls“, Back in Black, The Daily Show, 6 July 2010.

When was the last time you had to manage a “critical” project without the support of top management in word and deed? If it’s happened once, it’s happened too often.

Yet, this happens all the time with quality management systems. Quality management systems are commonly — and wrongly — viewed as a “necessary evil”. That is, your company’s top management feels a QMS project won’t have an immediate and positive effect on the bottom line but they’re going ahead with the project because “they’re making us do it!”

A customer may require its vendors (and maybe you’re one of them) to have an ISO-9001-certified QMS in place. Or, maybe you deal in a product or service that’s highly regulated, so you’re implementing a QMS only “because it’s the law.”

ATTITUDE

If your attitude is “we have to” instead of “we want to”, you may be setting up your QMS  to fail before you’ve begun.

Think about it. You always perform a task better when your heart and mind are in it, right?Isn’t the same true of your employees? If you’re not sold on the QMS as a win-win, your employees won’t be, either. And neither will the certification auditor.

Besides management having a poor attitude, there are other ways to sink your QMS project. Here are just a few:

• No development plan or one that’s insufficient
• Unrealistic expectations
• Lack of management support
• Poor communication
• Not enough resources
• Lack of user involvement

NO DEVELOPMENT PLAN

Just as with any other project, a QMS is more likely to yield desired results when a realistic plan is drawn up in advance. It’s just that simple: thorough project planning leads to a greater likelihood of success than relying on chance.

When you started your company, you drew up a detailed business plan before you went to borrow seed capital. True, the bank required you to have a business plan, but not because they just “felt like it”. They wanted you to succeed so they’d get their money back and so you’d become a regular customer.

The same is true of your QMS project — plan now for success, or pay dearly later.

UNREALISTIC EXPECTATIONS

Without bothering to put a plan together, top management will say, “We need a functional QMS in three months and we can spare one person from the staff to work on it.” It’s just a QMS, right? You only need a half-dozen procedures and a quality manual and you’re done, right?

WRONG! If you don’t do the research, you ensure that your expectations will NEVER be met. Realistic, achievable objectives come only from careful research and planning. If you don’t have a history of QMS projects, look at other projects.

Look at what other companies have done with their quality management systems. Ask around — maybe you know someone who’s been through the experience. The point is to have a clear idea of what you’re getting into and what to expect.

Next, we’ll look at four more reasons why QMS projects fail. In the meantime, I’d like your comments. Why do QMS projects fail? Why does any kind of project fail?

Thanks for your time.

It was nearly a year ago that the Bizmanualz Quality Management System (QMS) was certified to the ISO 9001:2008 standard by Platinum Registration.

Nearly a year has passed since that ISO certification audit and, as required, Platinum returned last week to conduct a surveillance audit of our QMS. That is, they reviewed our quality documentation and records to verify that we were in compliance with ISO 9001 and our QMS is healthy.

I’m happy to say we passed the ISO 9001 surveillance audit. We didn’t get through the audit completely blemish-free, but that’s to be expected. (In fact, I’d be rather suspicious of an auditor if he/she didn’t identify something that needed improvement.)

Your registrar should find opportunities for improvement. Your QMS isn’t expected to be perfect. No matter how long you’re in business, you will never do things perfectly. That’s why continual improvement (clause 8.5) is in the international quality standard.

“Don’t worry about perfection. You’ll never achieve it.”
(Salvador Dali, 1904-1989)

Our ISO auditor did identify a few “issues”. If her concerns had been serious enough – if, for example, we didn’t have a quality manual, as clause 4.2.1(b) requires — she would be correct in writing major or minor findings. We’d be required to address those concerns…those findings…in a timely manner or risk losing our certification.

However, our ISO auditor identified several “statements of fact” (also called “observations”), which aren’t nearly as serious. We could ignore observations, which are a way of saying “you’re in compliance, so you don’t have to do anything.” Instead, we’ll use the auditor’s statements of fact to improve our QMS further.

You see, merely passing an audit isn’t good enough. Posting “ISO 9001 Certified” on your office wall, your stationery, and your product means nothing if you don’t back that term with action. If you don’t, your customers will see right through you.

That’s why customer satisfaction (clause 8.2.1) is a key requirement of the quality standard. In fact, you could argue customer satisfaction is the KEY requirement, and few would differ with you.

In the coming days, we’ll use the auditor’s statements to improve our system. And throughout the coming year, we’ll be doing a number of other things to continually improve our QMS. We have another surveillance audit in about a year from now and a recertification audit in 2012. We also have customers to take care of.

The Moral of the Story: Always practice the quality you preach and you’ll be ready for anything at any time. Right? Do you disagree?

When we talk about helping companies obtain ISO 9001:2008 certification, people often ask us, “Why does our company need to be ISO 9001 certified?” Good question. ISO 9001 is the quality management system (QMS) standard and it produces numerous benefits for any company willing to go that route. So, why should your organization obtain ISO 9001 certification?

1. Meet Customer Requirements

Many companies want to get ISO 9001 certified just to satisfy one customer requirement. The customer states that it will only do business with vendors that are certified as ISO 9001 compliant, so to get (or keep) the business they need that certification. The problem with these companies is that they’re looking for a short-term payoff.  They see nothing but that one benefit — we need money– and ignore the long-term benefits, like “if we keep the customer well satisfied, they will want to come back again and again”.

They don’t embrace the concept of quality through continual improvement. They don’t understand that continued customer satisfaction is the ultimate goal of a QMS. In other words, these companies haven’t “bought into the program”. See, you may obtain a piece of paper (that ISO certificate) that claims ISO 9001 certification without seeing much actual quality or improvement. Focusing only on that one benefit — your immediate gain — without putting the customer in front will end up costing you much more in the long run. Hopefully, some of the quality management system ideas may rub off and eventually stick…but wouldn’t you rather have a plan than trust to luck?

2. Get More Revenue and Business from New Customers

Once you earn your ISO 9001 certification, you can advertise your quality certification and respond to requests for quotes (RFQ) from companies that make ISO 9001 certification a “must-have”. ISO 9001 certification can open up new markets you were virtually unable to do business with before your certification.

3. Improve Company and Product Quality

A quality management system standard is all about quality (really!) so, of course, one result of adopting a QMS should be an improved level of quality for the entire organization — every process, and every product. There are many definitions of “quality”, but Philip Crosby and Joseph Juran provide two of the best. Crosby defined it as “conformance to requirements”; Juran called it “fitness for use”.  A well-designed, effectively implemented ISO 9001 Quality Management System will put your company on the Road to Quality.

4. Increase Customer Satisfaction with your Products

Quality means whatever you produce will work as your customers expect. You will meet not only their stated requirements — you will meet more of their implied requirements, too.

Quality also means far fewer complaints and doing a better job of resolving those you do.  If your quality management system is working correctly, you should know what your customers expect and you should be providing it, resulting in increased customer satisfaction.

5. Describe, Understand, and Communicate Your Company Processes

The ISO 9001 QMS standard requires that you identify and describe your processes using business metrics, the purpose of which is to better manage and control your business processes.  Quality objectives form the center of your system.  Metrics are used to understand and communicate your system’s performance relative to your quality objectives.  If you make an honest attempt to conform to the requirements of ISO 9001, you’ll learn more about your business.

6. Develop a Professional Culture and Better Employee Morale

Implementing an ISO 9001 Quality Management System can empower employees. Your QMS will provide them with clear expectations (quality objectives and job descriptions), the tools to do their job (procedures and work instructions), and prompt, actionable feedback on their performance (process metrics). The result? An improved company culture and a more professional staff!

7. Improve the Consistency of Your Operations

What is consistency? Well, one way to think of it is “decreased variation”.  Reducing the variation in your processes is the definition of consistency. Is your customer better served by you supplying them with a consistent product — same dimensions, same weight, same tolerances, same output every time — or by your products being unpredictable and “all over the place”? (I hope you’re not thinking too hard on this.)

Of course, they won’t accept variation, and neither should you! And how do you decrease variation?  Increase control of your processes!  Control comes from having a clear target to shoot for (objective), collecting data on the process (metrics), and understanding how to adjust the process (procedures and work instructions) to maintain the target output.  If your ISO 9001 QMS is working, you should be increasing operational…and product…consistency.

8. Focus Management and Employees

We’ve discussed quality objectives, metrics, and procedures used within an ISO 9001 Quality Management System. Having the right objectives, metrics, and procedures, management and employees should be able to focus better on what’s important.  Yet, this isn’t always the case — it’s easy to lose focus over a period of time.

The ISO 9001 QMS has a way to ensure the company stays focused, and that’s quality auditing.  Internal audits, registration (and surveillance) audits, and self-process audits. ISO 9001 requires that the company periodically audit its quality processes. Regular process audits and as-needed audits, when done correctly, provide the objective feedback needed to correct any deviations from the quality path and keep the company focused on its goals.

9. Improve Efficiency, Reduce Waste, and Save Money

An ISO 9001 Quality Management System isn’t perfect; no process and no one is perfect.  (Why else would the standard devote a clause to “continual improvement”?) A well-run QMS does enable your company to approach perfection.  As your processes improve, become more consistent, and you achieve your target objectives with greater regularity, you will see tangible results. Your process waste will decrease, for one.

Waste is money lost forever. Waste results from poor quality and inefficiency.  Inefficiency results from variation and inconsistent processes.  Reduce variation, improve consistency, and you’ll have less waste…and more money.  It’s that simple!

10. Achieve International Quality Recognition

ISO 9001 is a worldwide standard administered by the International Organization for Standardization (ISO), based in Switzerland. ISO 9001 is currently in use by close to one million organizations around the world!  It is truly a world wide standard for quality! Obtaining ISO 9001 certification puts your company in a very select group.

Why Should Your Organization Obtain ISO 9001 Certification?

Recapping the article, your company’s certification to ISO 9001 will help you:

1. Meet customer requirements;
2. Get more revenue and business from new customers;
3. Improve company and product quality;
4. Increase customer satisfaction with your products;
5. Document, understand, and communicate your company processes;
6. Develop a professional culture and better employee morale;
7. Improve the consistency of your operations;
8. Keep management and employees focused on quality;
9. Improve efficiency, reduce waste and save money; and
10. Achieve international quality recognition.

To learn more about improving your processes, attend our How to Create Well-Defined Processes Class, coming this spring to our St. Louis, Missouri, offices.

In Sarbanes-Oxley compliance your SOX policies and procedures have the same purpose as with ISO 9001 policies and procedures, to provide a foundation for improvement.  Sarbanes-Oxley is not a quality standard so why the need for improvement?

First, Sarbanes-Oxley (SOX Section 302 and 404) requires that your financial reports contain accurate information from controlled accounting and financial processes.  Second, signing executives have to report on the effectiveness of the company’s internal controls and disclose any significant deficiencies in the design or operation of those internal controls that could affect the company’s financial reports.

ISO 9001 uses terms like effectiveness and deficiencies too.  Only the focus is on continuously improving effectiveness and identifying non-conformances that do not conform to planned arrangements.   Sounds pretty similar to SOX compliance.

SOX Policies and Procedures Provide a Baseline for Improvement

SOX policies and procedures are used to build consistency, communicate SOX internal controls, and provide a baseline for SOX improvement.  This is done by indentifying a target performance (policy) and communicating a series of actions (procedure) to achieve the target. Risks are areas for mistakes, fraud, or abuse.  Internal controls are responses to mitigate indentified risks to the policy and procedure. 

For example, an accounts receivable policy might be timely invoice collection.  Your procedure consists of the steps to ensure a timely invoice collection.  Risks include an accounts receivable clerk taking cash, misapplying collections, or not collecting at all.  Internal controls could include: segregation of duties, cash application controls, bad debt reserves, credit policy, credit approval process, and so on.  Each control counters one or more identified risk to the accounts receivable procedure. 

But let’s say we missed a few risks, now what?  If it is determined to be a significant deficiency then you would disclose the risks that you missed and work on improving them.  With SOX policies and procedures like this, you are Sarbanes-Oxley compliant.  You have reported on the effectiveness of your controls and disclosed known deficiencies, just like with ISO 9001.  Sarbanes-Oxley compliance and ISO 9001 conformance are pretty similar in their implementation.

Bizmanualz Accounting Policies Procedures Manuals serve as a model, or framework, for your own SOX policies and procedures.  Save time with the CFO Accounting Policies and Procedures Manuals set, which contains 239 procedures you can use to address Sarbanes-Oxley compliance with the ten accounting cycles.