The International Organization for Standardization (ISO) was established in 1947 and is (currently) an association of approximately 157 members, which each represent their own country. ISO employs a system of Technical Committees, Sub-committees and Working Groups to develop International Standards. Besides the National Standards Bodies, ISO permits other international organizations that develop standards to participate in its work, by accepting them as Liaison members. ISO works in accordance with an agreed set of rules of procedure, the ISO/IEC Directives, which also include requirements on the presentation of standards.
The ISO 9000 standards are a collection of formal International Standards, Technical Specifications, Technical Reports, Handbooks and web based documents on Quality Management. There are approximately 25 documents in the collection altogether, with new or revised documents being developed on an ongoing basis. (It should be noted that many of the International Standards in the ISO 9000 family are numbered in the ISO 10000 range.)
ISO Technical Committee (TC) number 176 (ISO/TC 176), and its Sub-committees, are responsible for the development of the standards. The work is conducted on the basis of "consensus" among quality and industry experts nominated by the National Standards Bodies, representing a wide range of interested parties.
Copies of the standards may be purchased from your National Standards Body (see list with contact details), or from ISO Central Secretariat through the ISO Store of by contacting the Marketing and Communication department (firstname.lastname@example.org). Many National Standards Bodies have them available in local-language versions.
Copies of the ISO 9000 Introduction and Support Package modules:
Guidance on ISO 9001:2008 Sub-clause 1.2 'Application'
Guidance on the Documentation Requirements of ISO 9001:2008
Guidance on the Terminology used in ISO 9001 and ISO 9004
Guidance on the Concept and Use of the Process Approach for management systems
Guidance on 'Outsourced Processes' as well as details of the Quality Management Principles
can be found at: www.iso.org/tc176/sc2. Copies of the ISO 9001 Auditing Practices Group guidance notes. Copies of the sanctioned ISO/TC 176 sanctioned "Interpretations" of ISO 9001 can be found at: http://www.tc176.org/
There are a number of sources of information on the ISO 9000 quality management system standards, including ISO's web site (www.iso.org), which carry information on the standards. Your National Standards Body should be able to provide copies of the standards, and registrars/certification bodies will be able to provide guidance on registration arrangements.
ISO's formal review process:
Requires continual review to keep standards up to date. Must be initiated within 3 years of publication of a standard.
User inputs from:
A global user questionnaire/survey
A market Justification Study
Suggestions arising from the interpretation process
Opportunities for increased compatibility with ISO 14001
The need for greater clarity, ease of use, and improved translation
Keeping up with recent developments in management system practices.
The revision process is the responsibility of ISO Technical Committee no.176, Sub-committee no.2 (ISO/TC 176/SC 2) and is conducted on the basis of consensus among quality and industry experts nominated by ISO Member bodies, and representing all interested parties.
The revised quality management system standards (ISO 9000, 9001 and 9004) are scheduled as follows:
ISO 9000:2005 already published - no major changes expected for 2009
Current plan is for small changes to ISO 9001 (an "amendment") to be published in November 2008.
More significant changes are planned for ISO 9004 (a "revision") to be published in mid 2009.
One of the goals of ISO/TC 176/SC 2 is to produce standards that will minimize any potential costs during a smooth implementation. Any additional costs may be considered as a value-adding investment. A key factor in the development of ISO 9001:2008 was to limit the impact of changes on users.
See the ISO Catalogue on ISO Online web site that carries general information on the revision program. Your National Standards Body will give you additional information and the certification/registration bodies will be able to provide guidance on transitional arrangements in due course.
The starting point for any individual request for an interpretation should be with the enquirer's National Standards Body. ISO Central Secretariat and ISO/TC 176/SC 2 cannot accept direct requests from individuals for interpretations of the ISO 9000 standards. ISO/TC 176 has a Working Group that only accepts formal requests for interpretations from the National Standards Bodies. The agreed interpretations can be found athttp://www.tc176.org/.
This is primarily an issue between your organization and your registration/certification body. ISO/TC 176 is working with the IAF (International Accreditation Forum) and ISO/CASCO (the ISO Policy Committee for Conformity Assessment) in order to provide relevant information in a timely manner. ISO/CASCO is responsible for the standards to which the Certification Bodies work (ISO/IEC 17021), and the Accreditation Bodies are responsible for monitoring and approving the performance of Certification Bodies within their geographical area.
It is expected that conformity to the new ISO 9001:2008 standard will be evaluated by certification bodies during regular surveillance visits and that full reassessment will only take place once current certificates expire. However, it should be noted that ISO and the IAF have agreed that all certificates to ISO 9001 should be upgraded to ISO 9001:2008 within 2 years of publication of the amended standard. By Now you should have upgraded.
The active participation of experts from around the world in the preparation of the new standards, and the broad distribution of the draft standards, will facilitate the timely translation of the International Standards.
Given the global importance of the quality management system standards, many National Standards Bodies are already working on the translation issue. ISO itself will publish the new standards in English and French, but if national language translations of the standards are currently available from your National Standards Body, we expect that they will have the translation of the revised standards ready at the time of publication by ISO or very soon thereafter.
For further details contact your National Standards Body.
No. ISO 9001:2008 doesn't introduce major changes to the requirements, when compared to ISO 9001:2000. However, to benefit from the changes, we suggest you get acquainted with the new version of the standard and the clarifications introduced. If, during your analysis of the clarifications you find there are differences from your current interpretation of ISO 9001:2000, then you should analyse the impact on your current documentation and make the necessary arrangements to update it. It is intended that the amendment of ISO 9001 will have minimal or no impacts on documentation.
Financial issues are not addressed in ISO 9001:2008, which is a requirements standard. The ISO 10014:2006 and ISO 9004:2000, Guidelines for performance improvements standards will emphasize the financial resources needed for the implementation and improvement of a quality management system.
For ISO 9001:2008 the major benefits are:
Simple to use
Clear in language
Readily translatable and easily understandable
Compatibility with other management systems such as ISO 14001.
For ISO 9004 : Facilitates improvement in users' quality management systems.
Provides guidance to an organization for the creation of a quality management system that:
- creates value for its customers, via the products it provides
- creates value for all other interested parties
- balances all interested-party viewpoints.
- Provides guidance for managers on leading their organization towards sustained success.
- Forward compatibility to allow organizations to build on existing quality management systems.
ISO 9001:2008 has been developed in order to introduce clarifications to the existing requirements of ISO 9001:2000 and changes that are intended to improve compatibility with ISO 14001:2004. ISO 9001:2008 does not introduce additional requirements nor does it change the intent of the ISO 9001:2000 standard.
Certification to ISO 9001:2008 is not an "upgrade", and organizations that are certified to ISO 9001:2000 should be afforded the same status as those who have already received a new certificate to ISO 9001:2008 All changes between ISO 9001:2000 and ISO 9001:2008 are detailed in Annex B to ISO 9001:2008.
The ISO 9000 standards give organizations an opportunity to increase value to their activities and to improve their performance continually, by focusing on their major processes. The standards place great emphasis on making quality management systems closer to the processes of organizations and on continual improvement. As a result, they direct users to the achievement of business results, including the satisfaction of customers and other interested parties.
The management of an organization should be able to view the adoption of the quality management system standards as a profitable business investment, not just as a required certification issue.
Among the perceived benefits of using the standards are:
The connection of quality management systems to organizational processes
The encouragement of a natural progression towards improved organizational performance, via:
- the use of the Quality Management Principles
- the adoption of a "process approach"
- emphasis of the role of top management
- requirements for the establishment of measurable objectives at relevant functions and levels
- being orientated toward "continual improvement" and "customer satisfaction", including the monitoring of information on "customer satisfaction" as a measure of system performance.
- measurement of the quality management system, processes, and product
- consideration of statutory and regulatory requirements.
- attention to resource availability
ISO 9001:2008 aims at guaranteeing the effectiveness (but not necessarily the efficiency) of the organization. For improved organizational efficiency, however, the best results can be obtained by using ISO 9004 in addition to ISO 9001:2008. The guiding quality management principles are intended to assist an organization in continual improvement, which should lead to efficiencies throughout the organization.
If a quality management system is appropriately implemented, utilizing the eight Quality Management Principles, and in accordance with ISO 9004, all of an organization's interested parties should benefit. For example:
Customers and users will benefit by receiving the products (see ISO 9000:2005, Fundamentals and vocabulary) that are:
Conforming to the requirements
Dependable and reliable
Available when needed
People in the organization will benefit by :
Better working conditions
Increased job satisfaction
Improved health and safety
Improved stability of employment
Owners and investors will benefit by :
Increased return on investment
Improved operational results
Increased market share
Suppliers and partners will benefit by :
Partnership and mutual understanding
Society will benefit by :
Fulfilment of legal and regulatory requirements
Improved health and safety
Reduced environmental impact
The standards are based on 8 Quality Management Principles, which are aligned with the philosophy and objectives of most quality award programs. These principles are: Customer focus, Leadership, Involvement of people, Process approach, System approach to management, Continual improvement, Factual approach to decision making, and Mutually beneficial supplier relationships. ISO 9004 recommends that organizations perform self-assessments as part of their management of systems and processes, and includes an annex giving guidance on this approach. This is similar to many quality awards programmes.
"Customer satisfaction" is recognized as one of the driving criteria for any organization. In order to evaluate if a product meets customer needs and expectations, it is necessary to monitor the extent of customer satisfaction. Improvements can be made by taking action to address any identified issues and concerns.
The quality management system details that are described in the standards are based on Quality Management Principles that include the "process approach" and "customer focus". The adoption of these principles should provide customers with a higher level of confidence that products will meet their needs and increase their satisfaction.
Continual improvement is the process focused on continually increasing the effectiveness and/or efficiency of the organization to fulfil its policies and objectives. Continual improvement (where "continual" highlights that an improvement process requires progressive consolidation steps) responds to the growing needs and expectations of the customers and ensures a dynamic evolution of the quality management system.
Any activity or operation, which receives inputs and converts them to outputs, can be considered as a process. Almost all activities and operations involved in generating a product or providing a service are processes.
For organizations to function, they have to define and manage numerous inter-linked processes. Often the output from one process will directly form the input into the next process. The systematic identification and management of the various processes employed within an organization, and particularly the interactions between such processes, may be referred to as the 'process approach' to management.
For further information, refer to the paper Guidance on the Concept and Use of the Process Approach, available from www.iso.org/tc176/sc2.
The "process approach" is a way of obtaining a desired result, by managing activities and related resources as a process. The "process approach" is a key element of the ISO 9000 standards. For further guidance, please refer to the ISO 9000 Introduction and Support Package module: Guidance on the Concept and Use of the Process Approach for management systems.
Yes. The "process approach" is a generic management principle, which can enhance an organization's effectiveness and efficiency in achieving defined objectives.
The PDCA cycle is an established, logical, method that can be used to improve a process.
(P) planning (what to do and how to do it),
(D) executing the plan (do what was planned),
(C) checking the results (did things happened according to plan) and
(A) act to improve the process (how to improve next time).
The PDCA cycle can be applied within an individual process, or across a group of processes.
Yes. Many organizations already apply a "process approach" without recognizing it. They could achieve additional benefits by understanding and controlling it.
By applying the "process approach" an organization should be able to obtain the following types of benefits: The integration and alignment of its processes to enable the achievement of its planned results. An ability to focus effort on process effectiveness and efficiency. An increase in the confidence of customers and other interested parties as to the consistent performance of the organization.
Transparency of operations within the organization.
Lower costs and shorter cycle times through effective and efficient use of resources.
Improved, consistent and predictable results.
The identification of opportunities for focused and prioritized improvement initiatives.
The encouragement and involvement of people, and the clarification of their responsibilities.
The elimination of barriers between different functional units and the unification of their focus to the objectives of the organization.
Improved management of process interfaces.
The "sequence" of processes shows how the processes follow, or link, to each other to result in a final output. For example, the output from one process may become the input of the next process or processes. The "interactions" show how each process affects or influences one or more of the other processes. For example, the monitoring or controlling of a process may be established in a separate process.
Identify the organization's intended outputs, and the processes needed for achieving them. These will need to include processes for Management, Resources, Realization and Measurement and Improvement. Identify all process inputs and outputs, along with the suppliers and customers, who may be internal or external. Identify the sequence and interactions of the processes.
The main purpose of documentation is to enable the consistent and stable operation of an organization's processes.
Although statutory, standards' or customer requirements may require certain documentation, there is no defined "catalogue", or list of processes that has to be documented in ISO 9001, apart from the 6 indicated ones.
The organization should determine which processes are to be documented on the basis of:
The size of the organization and type of its activities,
The complexity of its processes and their interactions,
The criticality of the processes and
Availability of competent personnel.
A number of different methods can be used to document processes, such as graphical representations, written instructions, checklists, flow charts, visual media, or electronic methods.
The extent of detail is likely to depend upon factors such as: the size of an organisation and its types of activities, the complexity of its processes and their interactions, and the competence (level of education, training, skills and experience) of its personnel.
No, there is no standard way to describe a process. It depends on the culture, management style, staff literacy, personal attributes and their interactions. A process may be described using a flow chart, block diagram, responsibility matrix, written procedures or pictures. Process flowcharts or block diagrams can show how policies, objectives, influential factors, job functions, activities, material, equipment, resources, information, people and decision making interact and/or interrelate in a logical order.
To adopt the "process approach" an organization should apply the following steps:
Identify the processes of the organization,
Plan the processes,
Implement and measure the processes,
Analyse the processes,
Improve the processes.
A person who is given the responsibility and authority for managing a particular process is sometimes referred to as the "process owner".
It may be useful for an organization's Management to appoint individual "process owners" and to define their roles and responsibilities; these should include the responsibility for ensuring the implementation, maintenance and improvement of their specific process and its interactions.
It should be noted, however, that ISO 9001:2008 does not specifically require the appointment of "process owners".
There are various methods of measuring process controls and process performance, ranging from simple monitoring systems up to sophisticated statistically based systems (e.g. statistical process control, or SPC, systems). The selection and use of any particular method will be dependent on the nature and complexity of an organization's processes and products. The effectiveness of an individual process may be measured by the conformity of its output or product to customer requirements. Its efficiency may be measured from its use of resources. In all cases the measurement of the process determines if its (measurable) objectives have been achieved. Sometimes it only requires monitoring to confirm process operations.
Typical factors that are useful to consider when identifying measures of process control and process performance include:
Conformity with requirements,
On time delivery,
A "process" may be explained as a set of interacting or interrelated activities, which are employed to add value. A "procedure" is a method of describing the way or How in which all or part of that process activities shall/should be performed. ISO 9000:2005 defines a procedure as a "specified way to carry out an activity or a process", which does not necessarily have to be documented.
Yes, if the procedures describe inputs and outputs, appropriate responsibilities, controls and resources needed to satisfy customer requirements.
ISO 9001:2008 refers specifically to only 6 documented procedures; however, other documentation (including more documented procedures not specifically mentioned in ISO 9001:2008) may be required by an organization, in order to manage the processes that are necessary for the effective operation of the quality management system. This will vary depending on the size of the organization, the kind of activities in which it is involved and their complexity. For further guidance, please also refer to the ISO 9000 Introduction and Support Package module "Guidance on the Documentation Requirements of ISO 9001:2008"
Organizations have their quality management system registered/certified to ISO 9001:2008. The scope of registration/ certification will need to reflect precisely and clearly the activities covered by the organization's quality management system; any exclusion to non-applicable requirements of the standard (permitted through ISO 9001 clause 1.2 "Application") will need to be documented and justified in the quality manual (see also the ISO/TC 176/SC2 ISO 9000 Introduction and Support Package module Guidance on ISO 9001:2008 clause 1.2 'Application').
When initially starting to use ISO 9001, an organization should familiarize its personnel with the Quality Management Principles, analyze the standards (especially ISO 9000 and ISO 9004), and consider how their guidance and requirements may affect your activities and related processes. If it then wishes to proceed to registration/certification, it should perform a gap analysis against the requirements of ISO 9001 to determine where its current quality management system does not address the applicable ISO 9001:2008 requirements, before developing and implementing additional processes to ensure that compliance will be achieved.
ISO 9001:2008 will supersede ISO 9001:2000 However, noting the IAF/ISO-CASCO/ISO TC176 agreement that accredited certification to the 2000 edition should remain possible for up to 2 years after the publication of ISO 9001:2008, copies of the 2000 edition will still be available on request from ISO and the national standards bodies during that period, and possibly for even longer.
Yes. Certification to ISO 9001:2008 is not an "upgrade", and organizations that are certified to ISO 9001:2000 should be afforded the same status as those who have already received a new certificate to ISO 9001:2008. However, certificates to ISO 9001:2000 will only remain valid until 2 years after the publication of ISO 9001:2008. Contact your certification/registration body to get details on the certificates transition process.
The four primary standards of the current ISO 9000 family are the following:
ISO 9000:2005 already published - no major changes expected for 2009
ISO 9001:2000 to be superseded by ISO 9001:2008
More significant changes are planned for ISO 9004 with a planned publication date of late 2009.
ISO 19011:2002 is currently beginning the revision process, with a new version expected in 2011.
The other standards and documents will be reviewed and updated as necessary
ISO 9001: 2008 certificates can only be granted after its publication as an International Standard.
Since ISO 9004:2009 will be a guidance document, it is not intended to be used for third party certification purposes.
No, you should not delay the introduction of the quality management system in your organization. Like those who are currently in the process of being registered/certified, anything you do now to lay the foundation of a quality management system within your organization will be beneficial.
Organizations in the process of certification to ISO 9001:2000 are recommended to apply for certification to ISO 9001:2008, as soon it is published. Up to its publication you can still apply for certification to ISO 9001:2000.
ISO 9004 is a guidance standard, which is not intended to be used for third party registration/certification purposes. A key element of ISO 9004 is the ability to perform self-assessments. Third party quality management system certifications/ registrations are performed to ISO 9001:2008.
When an organization seeks to have its quality management system registered/certified to ISO 9001:2008, it is required to agree a "scope of certification" with its registrar/certification body. This will define the products to which the organization's quality management system is applicable, and against which it will be assessed. An organization is not obliged to include within its "scope of certification" all the products that it provides (note that the ISO 9000:2005 definition of "Product" includes "services"), but may be selective about those that are included. All applicable requirements of ISO 9001:2008 will need to be addressed by the organization's quality management system that covers those products that are included in the "scope of certification".
Customers should ensure that a potential supplier's "scope of certification" covers the products that they wish to order. Caveat Emptor!
ISO 9001 allows for the exclusion of some of its requirements (via clause 1.2 "Application"), but only if it can be shown that these requirements are not applicable to the organization.
Exclusions are limited to the requirements given in Section 7 ("Product Realization"), where individual requirements may only be excluded if it can be shown that they do not affect the organization's ability to provide product that meets customer and applicable statutory or regulatory requirements. Justification for such exclusions is also required to be detailed within the organization's quality manual.
For example, if design activities are not required by an organization to demonstrate its capability to meet customer and applicable statutory /regulatory requirements, or if its product is provided on the basis of established design, then it may be able to exclude some of the "design" requirements but still be able to be registered/certified to ISO 9001:2008.
For further guidance, see the ISO 9000 Introduction and Support Package module: Guidance on ISO 9001:2008 clause 1.2 'Application'.
The requirements of the amended ISO 9001:2008 remain applicable to small, medium, and large organizations alike, and such organizations should acquaint themselves with the clarifications in ISO 9001:2008. ISO/TC 176 has published a handbook "ISO 9001 for Small Businesses - What to do ?" giving specific advice to small businesses.
The requirements of ISO 9001 are applicable to small, medium, and large organizations alike. ISO 9001:2008 provides some flexibility, through clause 1.2 "Application", on the exclusion of certain requirements for specific processes that may not be performed by the organization.
If, for example, the nature of your products does not require you to perform design activities, or if your product is provided on the basis of established design, you could discuss and justify the exclusion of these requirements with your certification/registration body (see also the ISO 9000 Introduction and Support Package module Guidance on ISO 9001:2008 clause 1.2 'Application'). However, individual organizations will still need to be able demonstrate their capability to meet customer and applicable statutory or regulatory requirements for their products, and will need to consider this when determining the complexity of their quality management systems.
Further guidance for small businesses may be found in the ISO handbook: ISO 9001 for Small Businesses - What to do, Advice from ISO/TC 176
It remains fully applicable. A project has been started to update the handbook to reflect the changes in ISO 9001:2008.
Compatibility with ISO 14001:2004 has been maintained and enhanced. "Compatibility" means that common elements of the standards can be implemented by organizations in a shared manner, in whole or in part, without unnecessary duplication or the imposition of conflicting requirements.
The two standards are compatible. It is not expected that an ISO guideline will be prepared on this subject at the present time. If the need for such a document arises, ISO will consider the request as a new project. However, both ISO 9001 and ISO 14001 include an annex to show the correspondence between the two standards.
Yes, ISO 19011:2002 provides guidelines for quality and/or environmental management systems auditing. Note that a project to revise ISO 19011 was started in 2008, and is expected to be completed in 2011.
The standards are applicable to all types of organizations, operating in all types of sectors, including service providers. " (Note: the definition of the term 'product' in ISO 9000:2005 also includes 'services'. ISO 9001:2008 and ISO 9004:2000 have been written to reflect this definition.)
ISO 9001 is equally appropriate to all sectors, including service providers. The standard is applicable to all types of organizations.
As a minimum, quality management practitioners should familiarize themselves with the requirements of ISO 9001:2008, and also with the content and philosophies of ISO 9000:2005, ISO 9004 and the Quality Management Principles.
Practitioners whoa are already familiar with ISO 9001:2000 should become aware of the clarifications introduced in ISO 9001:2008, and their implications, prior to conducting audits to that standard, or giving training and consultancy.
They should understand their client's activities and processes, before providing appropriate interpretations of the requirements of the standards, to add value to the client's operations.
ISO/TC 176 has developed the standard ISO 10019 Guidelines for the selection of quality management system consultants and use of their services, which may be useful to refer to for further guidance.
Regulatory bodies should review their regulations currently in effect (or under development) and identify points where reference to the quality management system standards would be appropriate, before making recommendations to the legislative body.
Auditors, whether external or internal, should be able to demonstrate their competence on the structure, content and terminology of the standards, and also on the underlying Quality Management Principles.
The standards require that auditors are able to understand the organization's activities and processes and appropriately audit against the requirements of the ISO 9001 in relation to the organization's objectives. According to joint advice from the International Accreditation Forum (IAF), ISO's Policy Committee for Conformity Assessment (ISO-CASCO) and ISO TC 176, auditors should be able to demonstrate competency in:
The requirements of the ISO 9001:2008.
The concepts and terminology of the ISO 9000:2005.
The eight Quality Management Principles
A general understanding of ISO 9004
Familiarity with the auditing guidance standard ISO 19011.
ISO/TC 176, ISO/CASCO and the IAF have established an ISO 9001 Auditing Practices Group, which has issued a number of web based guidance notes to assist auditors (see www.iso.org/tc176/ISO9001AuditingPracticesGroup)
ISO 9001:2008 remains compatible with the existing management systems standards for specific business sectors like ISO/TS 16949, AS 9000/EN 9100 and TL 9000.
Users of a specific sector scheme are recommended to refer to the organization that is responsible for that sector scheme, e.g. for:
ISO/TS 16 949 refer to the IATF,
TL 9000 refer to the QuEST Forum
For AS 9000/EN 9100 refer to the IAQG
An organization who's QMS fulfils the requirements of ISO 9001:2000 should check that they are following the clarifications introduced in the amended standard ISO 9001:2008. ISO 9001:2008 has been developed in order to introduce clarifications to the existing requirements of ISO 9001:2000. It does not introduce additional requirements nor does it change the intent of the ISO 9001:2000 standard.
Certification to ISO 9001:2008 is not an "upgrade", and organizations that are certified to ISO 9001:2000 should be afforded the same status as those who have already received a new certificate to ISO 9001:2008.
ISO and the International Accreditation Forum (IAF) have agreed the following "Implementation Plan" with respect to accredited certification toISO 9001:2008:. "Accredited certification to the ISO 9001:2008 shall not be granted until the publication of ISO 9001:2008 as an International Standard.
Certification of conformity to ISO 9001:2008 and/or national equivalents shall only be issued after official publication of ISO 9001:2008 (which should take place before the end of 2008) and after a routine surveillance or re-certification audit against ISO 9001:2008. Validity of certifications to ISO 9001:2000 One year after publication of ISO 9001:2008 all accredited certifications issued (new certifications or re-certifications) shall be to ISO 9001:2008. Twenty four months after publication by ISO of ISO 9001:2008, any existing certification issued to ISO 9001:2000 shall not be valid."
Yes. If you are interested you should contact your National Standards Body for further details.