Looking Ahead at ISO 9001

ISO 9001 has proactively kept up with various industry expectations, over the years, to allow

application by a broad spectrum of industry including the defense forces. The 2015 revision was

a thoughtfully planned giant step. It defined risk (ISO 9001 Clause 6.1) in the context of the

organization (ISO 9001 Clause 4.1 & 4.2) and removed exclusions provision from certification by

redefining what an organization does not do or outsources in the scope (ISO 9001 Clause 4.3). It

also removed preventive action, a reactive concept, and introduced proactive risk appreciation

(Clause 6.1 of ISO 9001 & Clause 8.1 in industry specific standards as AS9100).

This took preventive action from the delayed “Act” stage of the PDCA (Plan-Do-Check-Act) stage

to the more logical sensible “Plan” stage. After all, “look before you leap”, as the historical

fundamental, could not be left as a preventive action decision. It had to be at the look – plan

stage! Risk also needed not just mitigation, but also acted as an input, to be used to bring in

innovation in terms of OFI (opportunity for improvement).

These were all positive steps in keeping with technical advancements and computerization and

AI (artificial intelligence) tools. The HLS (high level structure), later updated to HS (harmonized

structure), recognized the need to enable ease of implementation of integrated management

systems. This in turn leading to efficiency, ROI (return on investment) and where applicable

environmental protection, security of the global supply chain, business continuity, cyber

security and health and safety.

The differentiating of knowledge (ISO 9001 Clause 7.6) from competence (ISO 9001 Clause 7.2)

was also a clever needed change. Organizations needed to define their corporate knowledge

aspects and differentiate it from the individual knowledge of personnel. Knowledge and

competence needed merging and a healthy marriage but needed recognition that they were

different. Removal of the reference to Quality Manager (QM) and Quality Manual from the

standard, took away the narrowness of thinking in quality, and brought the clarity to leadership

to remain accountable and to differentiate authority delegation from retaining the

accountability.

I am a member of the TAG-176 group, and yet have not really contributed much to the next

expected changes to ISO 9001. I am sure the TC-176 is working on this. Nevertheless, it is time

to debate and consider updating the standard.

Since the 2015 version was a major fundamental change, I doubt there would be a significant

departure from this 2015 version in the next major update. Unlikely that the next version may

have revolutionary updates. The emphasis, I think would be to clarify and strengthen the

present thoughts in the 2015 version. I would consider the following:

1. Two Standard Concept: I have over the years thought about the two prongs:

manufacturing and service, approach. Both the service and the manufacturing industry

have been using the standard. Some may consider the need for a separate

manufacturing and a service standard as the next step. However, over the years I have

feared too much bureaucracy which the two standards approach brings. I think the two

standard approaches may actually cause more issues than to resolve them. Might I

opine that Clauses under 8.3 for D&D can, if needed, be strengthened, clarified or more

useful notes as applicable to service version incorporated to assist implementers,

consultants and auditors?

2. Risk be better defined and OFI be clarified, to avoid auditors using it as a tool to sneak in

recommendations. OFI is the outcome of considering risk as an input for innovation. It is

not a recommendation.

3. The knowledge clause needs meat to strengthen it, and to better make it inclusive to

systematizing the requirements for organizations to systematize lessons learnt.

4. An annex added to bring clarity and ease to designing and implementing a combined

management system for an organization.

5. Clause 4.3 Scope, in defining scope requires consideration of the context of the

organization, which is based on Clauses 4.1 and 4.2. However, while the scope has to be

available as documented, 4.1 and 4.2 do not require documentation. I would suggest

both clauses 4.1 & 4.2 to have context as a documented requirement.

In conclusion, I think, updating the standard ground up is not a wise idea at this stage. Perhaps

slight tweaking to include some minor changes would give stability in implementation of an

already robust standard.

How to Alleviate Common Management System Pain Points

Implementing ISO standards is not mandatory, however a management system conforming to a standard can have numerous benefits. Some benefits include increased efficiencies, proactive risk management, better interaction among departments and alignment with the needs of interested parties. However, once you are actually in the process of implementation, you may experience the following pain points: 

  1. Lack of top management commitment 
  1. Limited resources to effectively implement the program 
  1. Lack of buy-in from the workforce  
  1. Over documented systems  
  1. Lack of measurable objectives driving improvement  
  1. Teams lack adequate interaction and alignment  
  1. Company is focused on keeping certification at all costs  

Quality Management International, Inc (QMII), having over 37 years of providing sustainable solutions for our clients, recognized how these hurdles can impact an effective management system. QMII has developed and provided solutions to address and alleviate these pain points that continue to benefit our clientele. 

A management system consulting project cannot start without top management present to map the process of what they do (core process) and to identify the core objectives for the system. Policies, objectives, and motivation must be demonstrated from the top-down and evidenced by all the team players. To further reinforce commitment, we get top managers to develop a presentation to launch the system and that will then be used for awareness training as the system progresses. This is done using our Awareness Leaders Workshop. Without authority, responsibility, and resources, middle management and individual contributors cannot improve the business management system.  

We understand that companies have financial restrictions. With a mission to get organizations to appreciate the benefits of a process-based management system, we provide multiple options to work around this challenge. 

(1) We provide free information on our website so you can carry out ISO implementation at your organization.  

(2) Attending a lead auditor training course is a relatively minimal cost. You and your team will gain a comprehensive understanding of the desired ISO standard and gain the skills necessary to implement requirements and conduct audits to determine conformity.  

(3) If you need a little more guidance, we provide scalable consulting services. Our consultants are here to assist you with exactly what you need. You will not have to pay for the full package.  

(4) Our alumni have free email and phone support, for life, to get over average hurdles.  

As far as reluctance among employees, it’s human nature to be reluctant towards change. Keeping this in mind, QMII consultants get key process owners to evidence top management’s commitment and ensure that they are involved in QMS (Quality Management System) development. We analyze with them to capture the system AS-IS and what-should-be. It is essential to get the team buy-in during this process and get their input on the process’s actualities. Teams must also interact and be aligned. We provide team-building workshops where we align objectives to the vision and processes to meet objectives. 

ISO implementation is not an overnight process, it may even seem daunting. QMII’s Action Plan Checklist is readily available, and it focuses on the big picture to simplify the process. If you need more assistance, our consultants would be happy to work with you through the checklist. We appreciate the system you already have; we are simply helping you enhance it to meet requirements and set objectives. Documentation is a significant part of ISO implementation. To remove complexities, we incorporate existing documentation and use a format that works best for you. 

At the end of the day, ISO certification is primarily a marketing decision. QMII strives to help you develop a resilient, integrated management system so that you receive actual benefits. Once set up, your system will work independently and continue to improve while managing risk proactively.  

Myths Debunked: Understanding the ISO 9001 Implementation Process

ISO 9001 has become an increasingly popular quality management system (QMS) standard for companies around the world. However, there are many myths surrounding the implementation and certification process that can discourage organizations from pursuing it. In this article, we will debunk these myths and explain why the ISO 9001 based QMS is an important investment for any company.

Myth #1: Interested parties do not have adequate understanding of ISO 9001

It is often assumed that interested parties do not have the necessary appreciation of the ISO 9001 standard. This is a myth. While it may appear that implementing an ISO 9001 conforming system and getting certified is complex, there are many resources available to help companies understand and implement it successfully. In fact, many companies have achieved ISO 9001 certification without any prior knowledge of the standard.

Myth #2: It is expensive to establish quality management system (QMS).

Another common myth is that establishing a QMS is expensive. While there are costs associated with implementing a QMS, these costs are often offset by the benefits that a QMS can provide. For example, a QMS can help companies improve their processes, reduce waste, and increase customer satisfaction, which can ultimately lead to increased revenue and profitability.

Myth #3: It requires heavy emphasis on documentation.

There is a misconception that an ISO 9001 QMS requires a heavy emphasis on documentation. While documentation is an important component of the certification process, it is not the only component. The standard also requires companies to demonstrate that they have effective processes in place to ensure quality, which can be achieved through various means such as employee training, process improvement initiatives, and customer feedback mechanisms.

Myth #4: Period to achieve ISO certification is very lengthy and requires months of efforts.

Another myth surrounding the ISO 9001 implementation and certification process is that it takes a very long time to achieve certification. While it is true that the process can take several months, this timeframe can vary depending on the size and complexity of the organization. The time taken to achieve the end goal also depends on the commitment of personnel at all levels.

Myth #5: System is prone to failure when the company pursues certification

Finally, there is a myth that the ISO 9001 based QMS is prone to failure when a pursues certification. This is simply not true. In fact, certification provides an external validation of the effectiveness of the system.  Companies that approach ISO 9001 implementation and certification with a genuine commitment to quality are more likely to achieve success than those who view certification as a box to tick. The system must sustain achieved improvements beyond certification.

In conclusion, the ISO 9001 based QMS is an important investment for any company that is committed to improving their quality management systems. While there are many myths surrounding the implementation and certification process, these myths can be easily debunked. With the right resources and commitment, any company can successfully implement and achieve ISO 9001 QMS and its certification.

Why we need ISO 9001

Quality! Who does not want it. We read through hundreds and thousands of reviews each day just so we can buy a quality product or service. Even those searching for an ISO 9001 training are looking to identify a training provider that will provide a quality training. ISO 9001 is an international standard set by the International Organization for Standardization (ISO) that defines the framework for a quality management system. Organizations looking to deliver a quality product or service can use the framework to build a management system that helps them attain this goal.

So why do we need ISO 9001? Why not rely on this framework of reviews. After all many people have not even heard of ISO let alone ISO 9001. However, those who relied on reviews will find that they are not a sure-shot formula to guarantee success in decision making. ISO 9001 also need not necessarily guarantee this. However, ISO 9001 is not meant for the customer but for the organization implementing it. While it is centered around the customer requirements, with a focus on the customer, the benefit is to the organization implementing it. ISO 9001 training provides an in-depth overview of the standard and how it is to be implemented.

ISO 9001 has come to signify a global base minimum for a quality management system. Inherent in the certification that customers see is a commitment from the organization to continually improve, to identify and segregate non-conforming outputs and to design controls to ensure the process can deliver per requirements. An organization purchasing from another half way around the world has some level of confidence now. ISO 9001 training will demonstrate that ISO themselves say don’t just rely on certification. Determine the type and extent of control on the outsourced provider based on their impact to your processes.

ISO 9001 training can be tailored for all levels of the organization. For management who want to understand their role in the system as also why they should spend the money and invest in it. The workforce wants to understand how it benefits them and why they should adapt to the changes as they take place. Auditors need to understand the interpretation so they can assess if the system is being well run. So while an organization may not need ISO 9001 certification they can surely benefit from ISO 9001 and ISO 9001 training.

QMII provides ISO 9001 lead auditor training in a unique format that allows all levels of the organization to sit in on the same class and to leave as and when their relevant section is complete. Join us in a class and learn more about what ISO 9001 can do for you.

Mapping the sequence and interaction of processes

ISO 9001 training is a great starting point for those that do not have a good understanding of the ISO 9001 standard and are looking to implement it within their organization. The standard provides the framework for implementing a quality management system and defines requirements around the plan-do-check-act framework. ISO 9001 is also the basis for many other ISO standards such as ISO 13485 and IATF 16949.

ISO 9001 places responsibility on the leadership to take accountability for the effectiveness of the system. In order to start the system implementation, the standard ask organizations to define the context of the organization. What is context? It is the business environment within which an organization operates and consists of various aspects that may impact the continuity of operations of an organization. ISO 9001 training will provide inputs into how a SWOT analysis or a PESTLE analysis may be use to define the context. The analysis account for the aspects of economic, technological, legal and others that may impact business if not accounted for and acted against. The context also accounts for internal aspects that may pose a risk such as the non-availability of competent personnel or loss of knowledge.

Once the context and needs of the stakeholders are defined the organization needs to clearly state the purpose of their business and how they achieve it. This includes documenting the sequence and interaction of their processes. This is a great exercise for an organization to bring leadership on board as also for leadership to gain clarity on how the business runs. At QMII, this is referred to as the core process. In order to capture this core process, the leadership and executive team must be present. The top management provides the objective of the process or their vision for the business. ISO 9001 training is a great method to introduce leadership to their role in the system and what is expected of them per the standard.

The remaining executive team helps the leadership map out the remaining processes of the system that enable the organization to meet the vision of the leadership. The team must clearly be able to see where interactions take place between the different departments for each key process to achieve its goal and be successful. Once all the key processes are identified they can be mapped in further detail with the help of the process owners. QMII’s ISO 9001 training includes a lecture on developing a process-based management system that covers how to map the core process of your organization.
Once the different departments can see how they contribute as a team to the goals and vision of the organization the quality management system will be better implemented as working in silos has not helped any organization.

ISO 9001:2015 – Exclusions

Exclusions to what an organization does were integral to the ISO 9001 standard prior to the 2015 version update. After all an organization cannot do all the work. Clause 7.1.1 lays the foundation on this thought by accepting that an organization must determine and provide resources. In doing so it determines the constraints and capabilities of the existing resources and what needs to be obtained from external providers. As such in previous standards, the organization, when seeking certification, requested exclusion on those processes that it did not perform.

The drawback of this was a major flaw. Over the period of time, some of these organizations, sheltered under the exclusion provision even lost the ability to pick the correct outsourced party! For example, if the organization builds highways, but outsources bridges and tunnels, then it must have the ability to be able to pick the correct vendor/ contractor who will not let the customer down. The revised 2015 version of the standard therefore in the wisdom of TC-176, removed this exclusion provision. It does not imply now the organization cannot outsource what it does not do. All that it means that the organization can review the applicability of the requirements based on its size, complexity and decide on the activities it needs to outsource.

With the exclusion provision removed, the organization would need to do due diligence in appreciating the range of its activities and the risks and opportunities it encounters as also the effect if any of the outsourced vendors not performing to accepted requirements. The organization then remains accountable for the outcome of the outsourced processes and products and services externally obtained. To ensure their consistency and levels of acceptance, it would need to take measures as required by clauses 8.4.1, 8.4.2, and 8.4.3 of the ISO 9001 in enforcing monitoring and measuring to protect its customer and clients.

This assurance that an organization can not and will not outsource those activities which by its decision will not result in failure to achieve conformity of products and services. Clause 4.3 of ISO9001 in determining the scope of the quality management system clearly requires that conformity to the ISO 9001 can only be claimed if the requirements determined as not being applicable do not have an adverse impact on the promises made by the organization. The products it provides, based on externally obtained subproducts or services must not affect customer satisfaction.

In terms of auditing, it is incumbent upon auditors that they carefully seek conformity to this requirement when auditing. Internal audits to ISO 9001 must provide the objective inputs to top management to make better decisions and appreciate the risks of outsourcing to nonperforming and or underperforming outside organizations, remembering they remain accountable and answerable for the final product or service. Ensuring the organization’s accountability for the conforming products and services whether outsourced or not is the responsibility of the organization.

QMII’s ISO 9001 EG (Exemplar Global) certified lead auditor training designed carefully to meet the objectives as envisaged in the standard.

ISO 9001 certification decline – Does quality still matter?

ISO 9001 certification have seen a decline in the past two years per data from ISO. Some say that the standard has gotten too complicated with the introduction of organizational context, risk-based thinking and the removal of mandatory documented procedures. Even a few of QMII’s clients had considered letting their certification lapse as conformity to the new standard was perceived as too complex.

To certify or not

Let us begin by looking at the purpose of ISO 9001. ISO 9001 provides a framework for organizations looking to put in place a system that will enable them to consistently deliver products/services to customers that meet their requirements and enhance customer satisfaction. ISO 9001 certification is external validation that the system meets the requirements of ISO 9001. However, ISO 9001 allows organizations to use the standard and self-declare conformity without incurring the cost of certification. Many argue that there is no value in doing this. This is probably correct if you are implementing a system to meet a contractual or customer requirement. In these cases, certification is a requirement.

Waning trust in the system

Organizations that implement ISO 9001 for the benefits it will deliver in improved productivity, reduction in process waste and management of risks have seen the bottom line improve with time [1]. If implementing the standard enables consistent quality, why then the reluctance? Perhaps the trust in the ISO 9001 certification process has declined over time. Often have we heard from quality managers of the challenges faced when they raise non-conformities in internal audits. These are often viewed as “finger pointing” exercises since the certification body has already audited and “cleared” (certified) the system.

We have also heard from clients of certification bodies and auditors wanting to view documented evidence of organizational context, stakeholder needs and risks. The standard however does not require these to be documented and leaves it up to the organization to determine the risk of not doing so. Some auditors, however, struggle with auditing undocumented systems and auditing to the new standard [2]. As a result, organizations start documenting their system for the auditors and certification bodies resulting in a system tailored for auditors and  forced down on the organization by auditors. The auditors were to provide inputs to TM (top management) to make better decisions, instead now the auditors and audits have become the product. The system must be designed for the employees not for the auditors. The intent of the standard to act as a preventive tool gets lost in this compliance process.

Supplier audits

Over the past two decades there have been several mergers and acquisitions leading to larger multi-site organizations and perhaps as a result a reduction in certifications. As these organizations have grown, and maybe in part owing to the declining trust in the certification system, they have decided to conduct their own supplier audits. As such suppliers have chosen to let their certification lapse since they are nevertheless being audited by the customer and that is the audit that really counts for them.

Supplier audits are more focused on the customer contractual requirements. Organizations who perceive ISO 9001 as a documentation burden will then only document the parts of the system to meet contractual requirements rather than document the system to meet the organization’s requirements based on ISO 9001. They fail to see that ISO 9001 leaves the extent of system documentation up to the organization and often perceive it as everything needs to be documented.

Conclusion

While quality does matter and customers are still looking to receive a quality product, oft incorrect interpretation of the standard leads many to choose against ISO 9001 certification. At times other certification requirements like CE marking may be more desired and certification to two standards be burdensome. Also methodologies like Six Sigma and Lean have gained prominence. So, ISO 9001 certification gets the boot.

Those looking to gain the benefits of a quality management system need not re-invent the wheel. ISO 9001 provides the framework that essentially reflects business 101. If you do not need ISO 9001 certification then you can self-declare and let the doubters come and assess for themselves. In the meantime, you will still gain from a well implemented management system. Remember, you already have a system that has brought you thus far, align ISO 9001 to your system and not your system to ISO 9001.

[1] Guasch, Luis J.; Racine, Jean-Louis; Sanchez, Isabel; Diop, Makhtar. 2007. Quality systems and standards for a competitive edge (English)

[2]Quality Progress October 2017, Article: The results are in…