Many people believe that ISO 9001 should be categorized as a business management system standard, rather than a quality management system document. The word quality, in their opinion, confuses the users of the document and make it for a harder engagement with top management of the organization. In this very forum, I have had numerous exchanges with very clever and knowledgeable people on this subject. So, let me be as clear as I can, from the outset: I still believe that ISO 9001 (and all the other Industry sector augmentations, such as AS9100, ISO 13485, ISO/TS-16949, TL-9000, etc.) are appropriately classified as Quality Management System Standards.
The proliferation of other discipline-specific standards, such as ISO 14001 for Environmental management, OHSAS 18001 for Occupational Health & Safety management, ISO 27001 for Information Security management, ISO 22000 for Food Safety management, ISO 28000 for Security management, ISO 50001 for Energy management, etc. just prove the point that there is much more for a business to manage, other than quality. Even ISO 9001 in itself is not the end-all, all encompassing model for quality management. When we realize that ISO 9004 addresses many additional aspects of a high-performing quality management system, not touched upon by ISO 9001, we should reach a conclusion that ISO 9001 is a relatively unsophisticated approach to quality.
I have been in the management system conformity assessment business for over 20 years and acted in many different roles, such as a lead auditor, instructor, business developer, account manager and trainer, I have had the chance to work with hundreds of organizations, over these last two decades. From very small mom & pop shops to Fortune 100 organizations. From organizations in the very early steps of their quality journey to Malcolm Baldrige Award winners. From high tech to low tech to no tech. Irrespective of size, maturity, industry sector, ownership, etc., most organizations struggle with an effective implementation and maintenance of a quality management system. Most quality professionals report significant challenges in getting and maintaining top management connected to the QMS, interested, supportive and involved. Many organizations have a difficult time making a business case for maintaining ISO 9001 (or any other QMS standard) certification when economic hardship sets in. Most quality professionals resent the fact that other departments and functions don’t buy in and support ISO 9001 implementation. Why is that?
Folks, there are several reasons for this to happen, but, by and large, the primary culprit is the misunderstanding of how ISO 9001 should be implemented. Going straight to the point, most quality programs fail because organizations don’t understand the difference of managing of quality and managing for quality.
Managing for quality is the concept that the organization business processes are designed, maintained and improved to incorporate proper quality principles and practices. So, quality and customer satisfaction become the natural result of running the organization’s business processes. Managing for quality requires that each process owner will ensure their processes have the appropriate requirements for effective and efficient quality, environmental, occupational health & safety (to name a few disciplines) embedded in the process. For example, a New Product Introduction Process (which is a key process for many organizations) goes across several departments and functions and transcends the requirements of ISO 9001 section 7.3. But, instead of developing, maturing and improving the NPI process, what do many organizations do? They have a procedure to comply with 7.3 of ISO 9001. Instead of someone at the Engineering function being appointed as the NPI process owner, someone in the quality function will be responsible to baby-sit the organization for compliance against 7.3. There are tremendous implications in the different approaches. While the first approach promotes process ownership by the appropriate individuals, the second approach promotes the unsustainable path of someone from quality “policing” other departments (such as Engineering) to ensure they go through their necessary steps of planning, input, review, output, verification and validation. Such path is ineffective and can not be sustained over time.
Any organization has business process to operate. The key for effective and sustainable ISO 9001 implementation and certification is to make ISO 9001 INVISIBLE to most people working there. Comply with the standard(s) by embedding the applicable requirements into the business processes. That is the way to do it. Conformance with voluntary standards should be similar with compliance with legal requirements: it should happen as a natural deployment of a process that was designed to comply with the law. The operator on the shop floor should not be required to know the law(s) (such as FDA, EPA, OSHA, etc.). S/he should simply be required to follow the established process.
So, why don’t more organizations experience this epiphany? Unfortunately, in many cases ISO 9001 implementation and certification is misperceived by top management, as something that the quality folks can do in isolation and “in absentia” of the rest of the organization. And, in many cases, the quality professionals “tasked” with ISO 9001 implementation and certification are not proficient either in “business-process-language”.
So, in summary, I contend that if you want to have an effective ISO 9001 conforming QMS, make ISO 9001 invisible to most of the workforce. A few people should be aware of the requirements, in order to ensure that the business processes comply with the standard, but most of the workforce should not have to be exposed to ISO 9001, just like most people in a company are not trained in regulatory and statutory legal requirements which must be adhered, by the organization.
Comments, anyone?
The proliferation of other discipline-specific standards, such as ISO 14001 for Environmental management, OHSAS 18001 for Occupational Health & Safety management, ISO 27001 for Information Security management, ISO 22000 for Food Safety management, ISO 28000 for Security management, ISO 50001 for Energy management, etc. just prove the point that there is much more for a business to manage, other than quality. Even ISO 9001 in itself is not the end-all, all encompassing model for quality management. When we realize that ISO 9004 addresses many additional aspects of a high-performing quality management system, not touched upon by ISO 9001, we should reach a conclusion that ISO 9001 is a relatively unsophisticated approach to quality.
I have been in the management system conformity assessment business for over 20 years and acted in many different roles, such as a lead auditor, instructor, business developer, account manager and trainer, I have had the chance to work with hundreds of organizations, over these last two decades. From very small mom & pop shops to Fortune 100 organizations. From organizations in the very early steps of their quality journey to Malcolm Baldrige Award winners. From high tech to low tech to no tech. Irrespective of size, maturity, industry sector, ownership, etc., most organizations struggle with an effective implementation and maintenance of a quality management system. Most quality professionals report significant challenges in getting and maintaining top management connected to the QMS, interested, supportive and involved. Many organizations have a difficult time making a business case for maintaining ISO 9001 (or any other QMS standard) certification when economic hardship sets in. Most quality professionals resent the fact that other departments and functions don’t buy in and support ISO 9001 implementation. Why is that?
Folks, there are several reasons for this to happen, but, by and large, the primary culprit is the misunderstanding of how ISO 9001 should be implemented. Going straight to the point, most quality programs fail because organizations don’t understand the difference of managing of quality and managing for quality.
Managing for quality is the concept that the organization business processes are designed, maintained and improved to incorporate proper quality principles and practices. So, quality and customer satisfaction become the natural result of running the organization’s business processes. Managing for quality requires that each process owner will ensure their processes have the appropriate requirements for effective and efficient quality, environmental, occupational health & safety (to name a few disciplines) embedded in the process. For example, a New Product Introduction Process (which is a key process for many organizations) goes across several departments and functions and transcends the requirements of ISO 9001 section 7.3. But, instead of developing, maturing and improving the NPI process, what do many organizations do? They have a procedure to comply with 7.3 of ISO 9001. Instead of someone at the Engineering function being appointed as the NPI process owner, someone in the quality function will be responsible to baby-sit the organization for compliance against 7.3. There are tremendous implications in the different approaches. While the first approach promotes process ownership by the appropriate individuals, the second approach promotes the unsustainable path of someone from quality “policing” other departments (such as Engineering) to ensure they go through their necessary steps of planning, input, review, output, verification and validation. Such path is ineffective and can not be sustained over time.
Any organization has business process to operate. The key for effective and sustainable ISO 9001 implementation and certification is to make ISO 9001 INVISIBLE to most people working there. Comply with the standard(s) by embedding the applicable requirements into the business processes. That is the way to do it. Conformance with voluntary standards should be similar with compliance with legal requirements: it should happen as a natural deployment of a process that was designed to comply with the law. The operator on the shop floor should not be required to know the law(s) (such as FDA, EPA, OSHA, etc.). S/he should simply be required to follow the established process.
So, why don’t more organizations experience this epiphany? Unfortunately, in many cases ISO 9001 implementation and certification is misperceived by top management, as something that the quality folks can do in isolation and “in absentia” of the rest of the organization. And, in many cases, the quality professionals “tasked” with ISO 9001 implementation and certification are not proficient either in “business-process-language”.
So, in summary, I contend that if you want to have an effective ISO 9001 conforming QMS, make ISO 9001 invisible to most of the workforce. A few people should be aware of the requirements, in order to ensure that the business processes comply with the standard, but most of the workforce should not have to be exposed to ISO 9001, just like most people in a company are not trained in regulatory and statutory legal requirements which must be adhered, by the organization.
Comments, anyone?
Last edited: