Courtesy: ISO 9001 2015 Certification
The International Organization for Standardization (ISO) does not certify organizations themselves. Numerous certification bodies exist, which audit organizations and upon success, issue ISO 9001 compliance certificates. Although commonly referred to as “ISO 9000” certification, the actual standard to which an organization’s quality management system can be certified is ISO 9001:2015 (ISO 9001:2008 expired around September 2018). Many countries have formed accreditation bodies to authorize (“accredit”) the certification bodies. Both the accreditation bodies and the certification bodies charge fees for their services. The various accreditation bodies have mutual agreements with each other to ensure that certificates issued by one of the accredited certification bodies (CB) are accepted worldwide. Certification bodies themselves operate under another quality standard, ISO/IEC 17021, while accreditation bodies operate under ISO/IEC 17011.
An organization applying for ISO 9001 certification is audited based on an extensive sample of its sites, functions, products, services, and processes. The auditor presents a list of problems (defined as “nonconformities”, “observations”, or “opportunities for improvement”) to management. If there are no major nonconformities, the certification body issues a certificate. Where major nonconformities are identified, the organization presents an improvement plan to the certification body (e.g., corrective action reports showing how the problems will be resolved); once the certification body is satisfied that the organization has carried out sufficient corrective action, it issues a certificate. The certificate is limited by a certain scope (e.g., production of golf balls) and displays the addresses to which the certificate refers.
An ISO 9001 certificate is not a once-and-for-all award but must be renewed, in accordance with ISO 17021, at regular intervals recommended by the certification body, usually once every three years. There are no grades of competence within ISO 9001: either a company is certified (meaning that it is committed to the method and model of quality management described in the standard) or it is not. In this respect, ISO 9001 certification contrasts with measurement-based quality systems.
1987 version
ISO 9000:1987 had the same structure as the UK Standard BS 5750, with three “models” for quality management systems, the selection of which was based on the scope of activities of the organization:
- ISO 9001:1987 Model for quality assurance in design, development, production, installation, and servicing was for companies and organizations whose activities included the creation of new products.
- ISO 9002:1987 Model for quality assurance in production, installation, and servicing had basically the same material as ISO 9001 but without covering the creation of new products.
- ISO 9003:1987 Model for quality assurance in final inspection and test covered only the final inspection of finished product, with no concern for how the product was produced.
ISO 9000:1987 was also influenced by existing U.S. and other Defense Standards (“MIL SPECS”), and so was well-suited to manufacturing. The emphasis tended to be placed on conformance with procedures rather than the overall process of management, which was likely the actual intent.
1994 version
ISO 9000:1994 emphasized quality assurance via preventive actions, instead of just checking final product, and continued to require evidence of compliance with documented procedures. As with the first edition, the down-side was that companies tended to implement its requirements by creating shelf-loads of procedure manuals, and becoming burdened with an ISO bureaucracy. In some companies, adapting and improving processes could actually be impeded by the quality management system.
ISO 9001:2000 replaced all three former standards of 1994 issues, ISO 9001, ISO 9002, and ISO 9003. Design and development procedures were required only if a company does, in fact, engage in the creation of new products. The 2000 version sought to make a radical change in thinking by actually placing front and center the concept of process management (the monitoring and optimization of a company’s tasks and activities, instead of just inspection of the final product). The 2000 version also demanded involvement by upper executives in order to integrate quality into the business system and avoid delegation of quality functions to junior administrators. Another goal was to improve effectiveness via process performance metrics: numerical measurement of the effectiveness of tasks and activities. Expectations of continual process improvement and tracking customer satisfaction were made explicit.
ISO 9000 Requirements include:
- Approve documents before distribution;
- Provide correct version of documents at points of use;
- Use your records to prove that requirements have been met; and
- Develop a procedure to control your records.