The ISO 9000 family of standards relates to quality management systems and is designed to help organizations ensure they meet the needs of customers and other stakeholders (Poksinska et al, 2002 ). The standards are published by ISO, the International Organization for Standardization, and available through National standards bodies. ISO 9000 deals with the fundamentals of quality management systems , including the eight management principles (Beattie and Sohal, 1999; Tsim et al, 2002 on which the family of standards is based. ISO 9001 deals with the requirements that organizations wishing to meet the standard have to fulfill.
Third party certification bodies provide independent confirmation that organizations meet the requirements of ISO 9001. Over a million organizations worldwide are independently certified, making ISO 9001 one of the most widely used management tools in the world today. Despite widespread use, however, the ISO certification process has been criticizedas being wasteful and not being useful for all organizations.
The ISO family of standards is the only international standard that addresses systemic change. The global adoption of ISO 9001 may be attributable to a number of factors. A number of major purchasers require their suppliers to hold ISO 9001 certification. In addition to several stakeholders’ benefits, a number of studies have identified significant financial benefits for organizations certified to ISO 9001, with a 2011 survey from the British Assessment Bureau showing 44% of their certified clients had won new business. Corbett et al (2005) showed that certified organizations achieved superior return on assets compared to otherwise similar organizations without certification. Heras et al (2002) found similarly superior performance and demonstrated that this was statistically significant and not a function of organization size. Naveh and Marcus (2007) showed that implementing ISO 9001 led to superior operational performance. Sharma (2005) identified similar improvements in operating performance and linked this to superior financial performance. Chow-Chua et al (2002) showed better overall financial performance was achieved for companies in Denmark. Rajan and Tamimi (2003) showed that ISO 9001 certification resulted in superior stock market performance and suggested that shareholders were richly rewarded for the investment in an ISO 9001 system.
While the connection between superior financial performance and ISO 9001 may be seen from the examples cited, there remains no proof of direct causation, though longitudinal studies, such as those of Corbett et al (2005) may suggest it. Other writers, such as Heras et al (2002), have suggested that while there is some evidence of this, the improvement is partly driven by the fact that there is a tendency for better performing companies to seek ISO 9001 certification.
The mechanism for improving results has also been the subject of much research. Lo et al (2007) identified operational improvements (cycle time reduction, inventory reductions, etc.) as following from certification. Buttle (1997) and Santos (2002) both indicated internal process improvements in organizations leading to externally observable improvements. Hendricks and Singhal (2001)results indicate that firms outperform their control group during the post-implementation period and effective implementation of total quality management principles and philosophies leads to significant wealth creation. The benefit of increased international trade and domestic market share, in addition to the internal benefits such as customer satisfaction, interdepartmental communications, work processes, and customer/supplier partnerships derived, far exceeds any and all initial investment, according to Alcorn.
BSI has been certifying organizations for their quality management systems since 1978. Its first certification (FM 00001) is still extant and held by Tarmac, a successor to the original company which held this certificate. Today BSI claims to certify organizations at nearly 70,000 sites globally. The development of the ISO 9000 series is shown in the diagram to the right.
ISO 9000:1987 had the same structure as the UK Standard BS 5750, with three ‘models’ for quality management systems, the selection of which was based on the scope of activities of the organization:
ISO 9000:1987 was also influenced by existing U.S. and other Defense Standards (“MIL SPECS”), and so was well-suited to manufacturing. The emphasis tended to be placed on conformance with procedures rather than the overall process of management, which was likely the actual intent.
ISO 9000:1994 emphasized quality assurance via preventive actions, instead of just checking final product, and continued to require evidence of compliance with documented procedures. As with the first edition, the down-side was that companies tended to implement its requirements by creating shelf-loads of procedure manuals, and becoming burdened with an ISO bureaucracy. In some companies, adapting and improving processes could actually be impeded by the quality system.
ISO 9001:2000 combined the three standards—9001, 9002, and 9003—into one, called 9001. Design and development procedures were required only if a company does in fact engage in the creation of new products. The 2000 version sought to make a radical change in thinking by actually placing the concept of process management front and center (“Process management” was the monitoring and optimisation of a company’s tasks and activities, instead of just inspection of the final product). The 2000 version also demanded involvement by upper executives in order to integrate quality into the business system and avoid delegation of quality functions to junior administrators. Another goal was to improve effectiveness via process performance metrics: numerical measurement of the effectiveness of tasks and activities. Expectations of continual process improvement and tracking customer satisfaction were made explicit.
The ISO 9000 standard is continually being revised by standing technical committees and advisory groups, who receive feedback from those professionals who are implementing the standard.
ISO 9001:2008 only introduced clarifications to the existing requirements of ISO 9001:2000 and some changes intended to improve consistency with ISO 14001:2004. There were no new requirements. For example, in ISO 9001:2008, a quality management system being upgraded just needs to be checked to see if it is following the clarifications introduced in the amended version.
Two types of auditing are required to become registered to the standard: auditing by an external certification body (external audit) and audits by internal staff trained for this process (internal audits). The aim is a continual process of review and assessment to verify that the system is working as it is supposed to; to find out where it can improve; and to correct or prevent problems identified. It is considered healthier for internal auditors to audit outside their usual management line, so as to bring a degree of independence to their judgments.
Under the 1994 standard, the auditing process could be adequately addressed by performing “compliance auditing”:
The 2000 standard uses a different approach. Auditors are expected to go beyond mere auditing for rote compliance by focusing on risk, status, and importance. This means they are expected to make more judgments on what is effective, rather than merely adhering to what is formally prescribed. The difference from the previous standard can be explained thus:
The ISO 9001 standard is generalized and abstract; its parts must be carefully interpreted to make sense within a particular organization. Developing software is not like making cheese or offering counseling services, yet the ISO 9001 guidelines, because they are business management guidelines, can be applied to each of these. Diverse organizations—police departments (US), professional soccer teams (Mexico) and city councils (UK)—have successfully implemented ISO 9001:2000 systems.
Over time, various industry sectors have wanted to standardize their interpretations of the guidelines within their own marketplace. This is partly to ensure that their versions of ISO 9000 have their specific requirements, but also to try and ensure that more appropriately trained and experienced auditors are sent to assess them.
The debate on the effectiveness of ISO 9000 commonly centers on the following questions:
Effectiveness of the ISO system being implemented depends on a number of factors, the most significant of which are:
It is widely acknowledged that proper quality management improves business, often having a positive effect on investment, market share, sales growth, sales margins, competitive advantage, and avoidance of litigation. The quality principles in ISO 9000:2000 are also sound, according to Wade and also to Barnes, who says that “ISO 9000 guidelines provide a comprehensive model for quality management systems that can make any company competitive.” Implementing ISO often gives the following advantages:
A common criticism of ISO 9001 is the amount of money, time, and paperwork required for registration. According to Barnes, “Opponents claim that it is only for documentation. Proponents believe that if a company has documented its quality systems, then most of the paperwork has already been completed.” Wilson suggests that ISO standards “… elevate inspection of the correct procedures over broader aspects of quality,” and therefore, “the workplace becomes oppressive and quality is not improved.”
According to Seddon, ISO 9001 promotes specification, control, and procedures rather than understanding and improvement.Wade argues that ISO 9000 is effective as a guideline, but that promoting it as a standard “helps to mislead companies into thinking that certification means better quality, … [undermining] the need for an organization to set its own quality standards.” Paraphrased, Wade’s argument is that reliance on the specifications of ISO 9001 does not guarantee a successful quality system.
While internationally recognized, most consumers are not aware of ISO 9000 and it holds no relevance to them. The added cost to certify and then maintain certification may not be justified if product end users do not require ISO 9000. The cost can actually put a company at a competitive disadvantage when competing against a non-ISO 9000-certified company.
The standard is seen as especially prone to failure when a company is interested in certification before quality. Certifications are in fact often based on customer contractual requirements rather than a desire to actually improve quality.”If you just want the certificate on the wall, chances are you will create a paper system that doesn’t have much to do with the way you actually run your business,” said ISO’s Roger Frost. Certification by an independent auditor is often seen as the problem area, and according to Barnes, “has become a vehicle to increase consulting services.” In fact, ISO itself advises that ISO 9001 can be implemented without certification, simply for the quality benefits that can be achieved.
Another problem reported is the competition among the numerous certifying bodies, leading to a softer approach to the defects noticed in the operation of the Quality System of a firm.
Abrahamsonargues that fashionable management discourse such as Quality Circles tends to follow a lifecycle in the form of a bell curve, possibly indicating a management fad.