ISO standards are in use today by over 1,000,000 companies, worldwide. So what are they for and what is the real difference between ISO Quality Standards and the others?
With quality you get what you focus on. In other words, the ISO Quality standards try to focus your organization on saying what you do and then doing what you say, while at the same time keeping the customer in mind. The idea is to eliminate variation within your organization.
Let’s see what each standard is and how they relate to each other. There are a number of ISO quality standards you could seek registration for, but lets look at the top seven:
- ISO 9001 2015 Procedures
- ISO 14001 Environmental
- SAE AS9100 Aerospace
- ISO/TS 16949 Automotive
- ISO 13485 Medical Device
- ISO 22000 Food Safety
- ISO 27000 Computer Security
1. ISO 9001 Quality
First there was the ISO 9001 Quality Standard. It was based on the US military standards (MIL-STD) and the British BS5750, both of which evolved from work done during Word War II to ensure safe and reliable creation of weapon systems. Eventually, as the efforts to unify industrial standards gained momentum under the watch of the International Organization of Standardization (ISO), a new standard of the ISO quality standards was born.
The latest ISO 9001:2015 standard defines guidelines for establishing a management system that provides confidence in the conformance of your product to customer and applicable statutory & regulatory requirements . This is similar to Philip Crosby’s definition that quality is conformance to customer requirements. ISO 9001:2015 also seeks to enhance customer satisfaction through continuous improvement using the Plan-Do-Check-Act scientific model.
Yes, this is easier said then done. Most people think that conformance to ISO 9000 is quality. The reality is that conformance to ISO 9000 says your company is ready to deliver quality. Now you have to improve and actually do it. You have to strive for continuous improvement.
The next of the ISO quality standards that came was ISO 14001 Environmental Quality. This was really a response to the environmental movement, which lead to rising environmental regulatory compliance. I do not know why we had to force corporations to be good corporate citizens. But the idea is to completely understand how your manufacturing process interacts with the environment and then eliminate harmful effects to produce sustainable development.
The Environmental Standard ISO 14001:1996 was revised November 15, 2004, and again to the latest ISO 14001:2015 and supports ISO 14006:2011. For an overview of ISO 14001:2015 checkout this PowerPoint presentation.
3. IATF 16949 Automotive
But wait, now we have the latest IATF 16949:2016 (formerly ISO/TS 16949:2009) automotive standard designed to integrate the old QS9000 & ISO/TS 16949 with ISO 9001:2015 standard. Why did it use the “ISO/TS” designation? Because it is a ISO Technical Specification (TS) and as such it was developed by a working group from the automotive industry. ISO/TS 16949 was published on October 3, 2016 by the International Automotive Task Force members and is now IATF 16949.
Well, these ISO quality standards were not enough so the aerospace industry decided it needed its own standard to address specific sector requirements such as safety. It was developed by the International Aerospace Quality Group (IAQG) and is technically equivalent to AECMA prEN 9100 for European aerospace suppliers. It was developed in the United States as AS 9000 in 1997 and later updated to AS9100 in 2001. Most recently, AS9100 was revised effective September 20, 2016 to the latest Rev D.
The Aerospace quality standard has additional requirements plus clarifications for the aerospace industry. Mostly the changes reflect issues for safety and manufacturability so although it is an aerospace standard it does not contain specific language for aerospace. Think of it as a more detailed, safety conscious manufacturing standard for small lot production.
5. ISO 13485 Medical Device
The ISO 13485:2016 standard is based on ISO 9001:2015 quality standard like all the rest (and includes the old ISO 13488). But, Unlike ISO 9001 Continuous Improvement and Customer Satisfaction are not as stressed in ISO 13485 instead the emphasis is on regulatory requirements and device safety. I guess the idea is that if the device is safe then the customer should be satisfied — not exactly my definition of quality.
6. ISO 22000 Food Safety
ISO 22000:2018 is for organizations that operate within any part of the food chain. It is based on the HACCP (Hazard Analysis and Critical Control Point System) principles of food safety risk management and includes the use of prerequisite programs to make a safe food supply.
The standard does not address corrective and preventive action because the use of HACCP and prerequisite programs address this within the food industry. Nor does the standard stress product design and realization. Otherwise it is aligned with ISO 9001:2015 and Plan, Do, Check, Act (PDCA).
7. ISO 27001 Information Security
Today information security is an ever increasing and growing problem. ISO 27001:2018 is the specification for an Information Security Management System (ISMS). The standard replaces the long standing BS7799 standard first published in the nineties.
Some may be familiar with ISO/IEC 17799:2005 and wonder what’s the difference? Well, ISO/IEC 17799 is an advisory information security standard and not an auditable standard like ISO 27001. If you want to certify your organization’s information security system then you will need to pursue ISO 27001.