ISO standards are in use today by over 600,000 companies, worldwide. So what are they for and what is the real difference between ISO Quality Standards and the others?
With quality you get what you focus on. In other words, the ISO Quality standards try to focus your organization on saying what you do and then doing what you say, while at the same time keeping the customer in mind. The idea is to eliminate variation within your organization.
Top Seven ISO Quality Standards
Let’s see what each standard is and how they relate to each other. There are a number of ISO quality standards you could seek registration for, but lets look at the top seven:
- ISO 9001 Quality
- ISO 14001 Environmental
- SAE AS9100 Aerospace
- ISO/TS 16949 Automotive
- ISO 13485 Medical Device
- ISO 22000 Food Safety
- ISO 27000 Computer Security
First there was the ISO 9000 Quality Standard. It was based on the US military standards (MIL-STD) and the British BS5750, both of which evolved from work done during Word War II to ensure safe and reliable creation of weapon systems. Eventually, as the efforts to unify industrial standards gained momentum under the watch of the International Organization of Standardization (ISO), a new standard of the ISO quality standards was born.
The latest ISO 9001:2008 standard defines guidelines for establishing a management system that provides confidence in the conformance of your product to customer and applicable statutory & regulatory requirements . This is similar to Philip Crosby’s definition that quality is conformance to customer requirements. ISO 9001:2008 also seeks to enhance customer satisfaction through continuous improvement using the Plan-Do-Check-Act scientific model.
Yes, this is easier said then done. Most people think that conformance to ISO 9000 is quality. The reality is that conformance to ISO 9000 says your company is ready to deliver quality. Now you have to improve and actually do it. You have to strive for continuous improvement.
2. ISO 14001 Environmental
The next of the ISO quality standards that came was ISO 14001:2004 Environmental Quality. This was really a response to the environmental movement, which lead to rising environmental regulatory compliance. I do not know why we had to force corporations to be good corporate citizens. But the idea is to completely understand how your manufacturing process interacts with the environment and then eliminate harmful effects to produce sustainable development.
The Environmental Standard ISO 14001:1996 was revised effective November 15, 2004.
3. ISO/TS 16949 Automotive
But wait, now we have the latest ISO/TS 16949 automotive standard designed to integrate the old QS9000 with the ISO 9001:2000 standard. Why does it use the “ISO/TS” designator? Because it is a Technical Specification (TS) and as such it was developed by a working group from the automotive industry. ISO/TS 16949 was revised effective June 15, 2009.
4. SAE AS9100 Aerospace
Well, these ISO quality standards were not enough so the aerospace industry decided it needed its own standard to address specific sector requirements such as safety. It was developed by the International Aerospace Quality Group (IAQG) and is technically equivalent to AECMA prEN 9100 for European aerospace suppliers. It was developed in the United States as AS 9000 in 1997 and later updated to AS9100 in 2001. Most recently, AS9100 was revised effective January 15, 2009.
The Aerospace quality standard has about 80 additional requirements plus 18 clarifications for the aerospace industry. Mostly the changes reflect issues for safety and manufacturability so although it is an aerospace standard it does not contain specific language for aerospace. Think of it as a more detailed, safety conscious manufacturing standard.
5. ISO 13485 Medical Device
The ISO 13485:2003 standard is based on the ISO 9001:2000 quality standard like all the rest (and includes the old ISO 13488). But, Unlike ISO 9001:2000 Continuous Improvement and Customer Satisfaction are not as stressed in ISO 13485 instead the emphasis is on regulatory requirements and device safety. I guess the idea is that if the device is safe then the customer should be satisfied — not exactly my definition of quality.
6. ISO 22000 Food Safety
ISO 22000:2005 is for organizations that operate within any part of the food chain. It is based on the HACCP (Hazard Analysis and Critical Control Point System) principles of food safety risk management and includes the use of prerequisite programs to make a safe food supply.
The standard does not address corrective and preventive action because the use of HACCP and prerequisite programs address this within the food industry. Nor does the standard stress product design and realization. Otherwise it is aligned with ISO 9001:2008 and Plan, Do, Check, Act (PDCA).
7. ISO 27001 Information Security
Today information security is an ever increasing and growing problem. ISO 27001:2005 is the specification for an Information Security Management System (ISMS). The standard replaces the long standing BS7799 standard first published in the nineties.
Some may be familiar with ISO/IEC 17799:2005 and wonder what’s the difference? Well, ISO/IEC 17799 is an advisory information security standard and not an auditable standard like ISO 27001. If you want to certify your organization’s information security system then you will need to pursue ISO 27001. Most recently, AS9100 was revised effective in 2013.