The phrase “ISO 9001-based system” can be confusing if ISO 9001 is not understood properly. It’s not uncommon to hear people use the phrase—including Dr. Nigel Croft (who chairs TC 176). For example, Dr. Croft recently participated in a ‘hangout’ session where he addressed ISO 9001, its intentions, and its development. You can see the session in its entirety here (roughly 33 minutes):
https://www.youtube.com/watch?v=BrP94_ogRSY
At 3:14, where Dr. Croft speaks of “. . . organizations who implement an ISO 9001-based quality management system . . .” Personally, I agree with almost everything I hear from Dr. Croft, but the phrase ‘ISO 9001-based system’ seems problematic. While there’s a sense in which it makes sense, there is also a sense in which the phrase is misleading.
Any company staying in business has a system for satisfying customers. If no such system were in place, customers would not be satisfied consistently enough for a company to stay in business, let alone seek ISO 9001 certification. The standard assumes that a company seeking ISO 9001 certification has a system in place, a system outputting product or service that satisfies customers. The standard happens to call this system for satisfying customers a ‘quality management system.’
To become certified to ISO 9001, an organization must establish, implement, and document its system in order to demonstrate it has a system—one meeting the requirements of ISO 9001. Of course, any organization consistently satisfying customers must have already established and implemented a system. Consistently satisfying customers doesn’t happen by accident, but as the result of successfully planned, managed actions (ideally).
To become certified (or compliant), the (quality management) system must demonstrably meet all requirements of ISO 9001. Many effective systems may not meet all requirements of ISO 9001, thus they require enhancement to achieve the robustness required of ISO 9001.
The actual system of operations keeping a company in business—by outputting quality product to customers—was not based upon ISO 9001 in any way before ISO 9001 came along. An organization’s pre-ISO 9001 successes demonstrate an independent arrival at the principles of quality management contained in ISO 9000. Organizations aren’t successful by accident. Instead, they are well managed. Management understood quality before ISO 9000 was released.
Yet when ISO 9001 is applied to a system and the system is found to be ISO 9001-compliant, it’s now considered to be ISO 9001-based. This seems to usurp credit for sensible quality management resident in any successful company, taking it away from management who established and implemented its system, and giving that credit to ISO 9001.
ISO 9001 can be properly applied to an organization that has never heard of ISO 9001 to assess to what degree its system meets a standard set of requirements. It’s conceivable that a sophisticated, robust system could conform to ISO 9001 requirements without major nonconformity even without any knowledge of ISO 9001. Once this system is found to comply with ISO 9001, however, it’s now an ISO 9001-based system?
The phrase ‘Implementing ISO 9001’seems similarly objectionable. At 3:03 of his presentation, Dr. Croft speaks of “implementing the requirements of ISO 9001.” This, too, is a problematic phrase. ISO 9001 assumes ‘real’ system implementation before the requirements are applied. Again, management of any organization implemented a system well before ISO 9001 came along. At best, ‘ISO 9001 implementation’ is an enhancement exercise, not a start-from-scratch exercise.
When management gets the idea that they need to ‘implement ISO 9001’ requirements, the clause-by-clause option seems viable, perhaps even preferable since they think they need something to base their system upon, something other than the system already in operation. Of course, this approach opposes the process approach required of the standard (and by good sense).
ISO 9001 requirements themselves are not supposed to be implemented by management. Instead, planned arrangements (e.g., operating procedures) meeting the requirements are supposed to be implemented. Their planned way of carrying out operations to result in conforming product is implemented. ISO 9001 itself is implemented by auditors tasked with determining if a system satisfies the requirements of the standard. ISO 9001 provides a basis for consistent assessment, not for consistent system structure and documentation.
In no case is ISO 9001 supposed to provide a (clause-by-clause) basis or implementation guide for any management system. How can ISO 9001 be the basis for a system that was in operation (and successful) before the standard was applied?
Those on TC 176 may regard systems to be ISO 9001-based because they somehow comply with ISO 9001, or to distinguish between ISO 9001 (quality) systems and ISO 14001 (environmental) or ISO 27001 (security) systems. However, most people aren’t on TC 176 and so many don’t use the phrase ‘ISO 9001-based system’ to distinguish their systems, but to (errantly) define their systems.
ISO 9001 is merely supposed to provide confidence that an organization’s products will meet requirements by providing (basic) criteria to objectively assess systems expected to output quality product. ISO 9001 itself does not provide a basis for quality management in any organization. It seems wrong to give ISO 9001 credit for the success of every management system that happens to be ISO 9001 certified by calling them ‘ISO 9001-based systems.’
Bio:
T. D. (“Dan”) Nelson has been closely involved with ISO 9000 since 1994 as a technical writer, quality manager, management representative, consultant, author, and CB auditor. Holding an MA in Business Administration from the University of Iowa, Dan also has 12 years of experience as an IRCA-certified QMS Lead or Principal Auditor, conducting registration audits and surveillance audits, and training Lead Auditor candidates in accredited courses.
Using a process approach, Dan has taken several scores of clients of various shapes and sizes through registration to ISO 9001:1994/2000/2008 and related sector schemes (e.g. QS 9000, AS9100, ISO 13485, and ISO 17025). Dan’s numerous articles about the process approach have also been published by Quality Digest, Inside Quality, ASQ’s Quality Management Division, the Society for Manufacturing Engineers (SME), and the South African Quality Institute (SAQI); Dan has been featured as a guest blogger by RABQSA, and has been featured on Quality Digest Live.
Dan is available for management consulting, training, and coaching, as well as auditor training and coaching. Contact: dan@tdnelson.com 319.210.2642