In America, the law is written in English. Lawyers speak English. Yet they require training for how to properly understand and apply the law.
ISO 9001 is no different in this regard. The standard assumes proper training to understand ISO 9001 requirements, good enough training to assure a consistent understanding of the requirements’ intent.
The challenge is that professionals in the ISO 9000 business don’t seem to consistently understand or appreciate the fundamental importance of the process approach and its implications for QMS implementation and assessment. So even between two ISO 9000 professionals discussing ISO 9001-certified QMSs, unknown to both, they might be talking about completely different things. One might be talking about systems of ill-conceived documents, while the other might be talking about an actual systems of processes outputting product. (Only the latter is really talking about QMS)
It’s not the standard’s fault that a consistent understanding of ISO 9001 has not been imparted to professionals in the industry. If a lawyer doesn’t understand the law, do we blame the law for being unclear?
USER CONFUSION
The standard was never intended to educate management all over the world about quality management, but to provide auditors all over the world with a consistent set of criteria with which to assess a quality management system.
For decades, ISO 9001 professionals have been promoting the idea that ISO 9001 itself was supposed to be implemented by management. As if ISO 9001 represents a quality management implementation guide from some faraway, misguided international perspective. So, given that ISO 9001 contains requirements for QMSs (ignoring the fact that these requirements are intended merely to assess QMSs), ISO 9001 was and is commonly used as a guide or basis for QMS development.
Perceived to be intended for use by management, its use as a QMS development tool was perceived to require no special training. Apparently it was supposed to be clear to top management, from reading the requirements of ISO 9001, how they were supposed to establish a QMS. Of course, it wasn’t management who needed training to implement ISO 9001 in the first place; auditors needed training to audit ISO 9001.
Again, ISO 9001 was never intended to be implemented by management to define, establish, or implement QMSs, but by auditors simply to assess QMSs. Systems of processes outputting quality product or service are already in place within organizations staying in business. These become QMSs when these systems are recognized, defined, and managed systemically using plan-do-check-act (PDCA). ISO 9001 is used to determine if established systems meet a defined set of quality principles, meted out in specific ISO 9001 requirements.
ISO 9001 TRAINING FOR STANDARD USERS
Proper application of the standard assumes training of those expected to use (or implement) ISO 9001. Who is supposed to use ISO 9001? Auditors. They use it as audit criteria, to determine if a QMS demonstrates conformity to a set of common criteria against which QMSs all over the world are assessed. Take a look below:
“A certification body should ensure that all its auditors have received sufficient training regarding the requirements in ISO 9001, particularly those on the process approach.” –ISO/IAF ISO 9001 Auditing Practices Group Guidance on: Understanding the process approach, June 5, 2009. (http://isotc.iso.org/). (Similar guidance was available from TC 176 back in 1998, in preparation for the release of ISO 9001:2000. But that was over fifteen years ago now . . .)
In 2009, this official guidance was directed at CBs to ensure its auditors understood the process approach. Understanding the process approach is important to understanding ISO 9001. Proper training would also presumably include exposure to ISO 19011, which provides guidelines for conducting QMS audits.
On the other hand, management is supposed to use (or implement) QMSs. A QMS is a system of processes working together to output quality product. Management implements a QMS to assure customer satisfaction; auditors use ISO 9001 to determine if a QMS meets ISO 9001 requirements. I believe that the moment management decides to implement ISO 9001 (instead of implementing a QMS), the trouble starts.
BASIS OF A QMS
ISO 9001 is properly implemented (‘put into use’) by auditors. It is being misapplied when management implements it as a basis for a QMS. When ISO 9001 is implemented as quality management, QMS documentation is written to address ISO 9001 requirements. The objective of QMS documentation becomes to pass ISO 9001 audits. The resulting ISO 9001-based documentation is then bolted on to operations, basically nothing more that an audit solution. But a QMS is supposed to be an endoskeleton, not an exoskeleton. A QMS is supposed to be built into processes, not bolted onto processes. A QMS should be raised to promote quality in operations, but also to pass ISO 9001 audits.
Dr. Nigel Croft, Chair of TC 176, echoes the following sentiment:
“Certification to ISO 9001 should be a result of a well-implemented quality management system!” A QMS should be defined and implemented first, THEN comes ISO 9001. When ISO 9001 comes first, definition and implementation of the resulting QMS suffers. (See http://www.dnvba.com/us/DNV%20%20Downloads/2012%2009%2014%20Nigel%20Croft%20Webinar.pdf .)
The basis of a QMS is provided by the very processes that are working together as a system to output quality product every day. A QMS is integrated (built into) those very processes. While the objective of a mere production process might be to ‘get it done,’ it becomes a QMS process when its objective becomes to ‘get it done properly’ and it is managed as a QMS process, pursuant to PDCA, as one of a system of processes.
Quality management is naturally built into successful operations already; a QMS is naturally operating in any successful organization. QMSs do not owe their definition to ISO 9001. In defining the management of their own operations (describing how to ‘get it done properly’), organizations ARE defining their QMSs. I believe that using ISO 9001 to define management of their own operations is simply a misapplication of the standard.
ISO BIGGEST CHALLENGE
ISO 9001 presupposes an understanding of PDCA and its implications for QMS implementation and assessment. Failure to understand this is probably the biggest problem with ISO 9001. PDCA is at the heart of the process approach of ISO 9001. Not understanding the process approach and its implications for QMS design, process definition, sensible procedural support, etc. foils proper application of the standard. Not understanding how the process approach relates to ISO 9001 is basically not understanding ISO 9001.
It seems trouble can be expected anytime a simple, organic concept becomes codified and institutionalized. Simply, PDCA is a WAY of managing. But when it becomes a discreet requirement couched in technical terms of the standard (e.g., ‘process,’ ‘system,’ ‘procedure,’ ‘requirement,’), the risk of misapplying it appears to be greater than those in industry appreciate.
People using a laymen’s concept of ISO 9001, without a trained perspective of these technical terms and requirements, have taken quality management far afield from that envisioned by the authors of ISO 9001. THAT seems to be the problem with ISO 9001, more than ISO 9001 itself. The standard has been misapplied by those who have not been trained to apply it properly.
A consistent understanding of the standard and its terms is imperative for those who use it. A thorough understanding of its terms and the fundamental importance of PDCA (process approach) needs to be consistently imparted to auditors during audit training. Otherwise, auditors will fail to consistently know what they are talking about.
Bio:
T. D. (“Dan”) Nelson is a quality management consultant, author, and trainer specializing in the process approach, ISO 9001, and related sector schemes. Dan has roughly 20 years of experience with ISO 9000 and over 15 years’ experience with the process approach. Dan holds an MA in Business Administration from the University of Iowa. Dan can be reached at:
dan@tdnelson.com
319.210.2642