Of course every organization strives to satisfy customers. As an organization, ISO is no different. However, the experience many have had with ISO 9001 provides us with a lesson about the assumption of invariable customer correctness. To satisfy customers, sometimes they need to be educated instead of being presumed correct.
If its customers are misusing an organization’s product—they are using it incorrectly and experiencing bad results—it seems the organization has some responsibility to provide adequate guidance about proper use of the product. ISO may finally now be offering a new guidance document in the form of a technical specification intended to help organizations understand how to apply the standard (potentially numbered ISO TS 9002). Will it be enough?
It didn’t help that the authors of the standard garbled the intent of ISO 9001 between the 1987/1994 versions and the 2000/2008 versions. It seems they allowed a group of unintended users influence the standard.
The original version of ISO 9001 was very clearly intended as audit criteria. It was not for management. Of course nobody was supposed to write 20 procedures pandering to the elements of the standard and call the resulting mess of documentation a QMS. ISO 9001 was not supposed to be implemented as a QMS by management, it was supposed to be applied as audit criteria by auditors. Yet clearly most organizations used it to “implement their QMSs”—evidenced by the same 20 standard-based procedures defining the management systems of thousands and thousands of organizations.
CUSTOMER CONFUSION
The intended users of ISO 9001—auditors—often promoted the idea that the standard was intended for use by management. “Here, management, these requirements are for you to implement, we’ll check back later to see how well your procedures match” as opposed to “Here, management, these requirements are what you will be assessed against, we’ll use them to see if your system conforms.” The former urges management to implement ISO 9001; the latter hopes management will implement a system that complies with ISO 9001, or, more accurately, they will document the existing system as it is implemented and enhance it as necessary to meet the requirements of ISO 9001.
Incorrectly thinking that they were the proper users of ISO 9001, management developed standard-based systems of 20 procedures to address the 87/94 requirements. Specific requirements were subsumed beneath 20 general elements, while each element called for documented procedures addressing its requirements (thus allowing objective definition appropriate for assessment). A standard-based mindset concludes that the standard required 20 procedures—one for each element—to satisfy the requirements for documented procedures.
A process-based mindset, on the other hand, concludes that documented procedures—whatever their number—must address the requirements of the 20 elements. So, an organization operating 10 processes would document those processes using 10 procedures—one for each process. These 10 procedures would need to appropriately address the requirements of the 20 elements as they apply to the defined 10 processes.
So, many were confused about who the implementers of ISO 9001 really were. ISO 9001 was intended to be implemented by auditors to assess QMSs. It was not intended for use by management to establish QMSs. Organizational management were not supposed to be the implementers of ISO 9001; they were often confused customers.
‘THE SURVEY SAYS’
Based on surveys and observations of widespread misuse of the standard, the authors of the standard recognized organizations were often using ISO 9001 to establish their QMSs. So many of them were doing it that way, ISO seemed to accept this new group of unintended customers. “Since that’s how our product is being used,” the thinking seems to be, “then we must respond to the demands of these unintended, uniformed customers.”
So in response to survey results and feedback, ISO seemed to acknowledge that its “customers” were using the standard to develop QMSs. So ISO seemed to rise to the occasion and cater to this previously unintended audience.
With the 2000 revision of ISO 9001, the authors of the standard seemed to do two things: one, it made a move toward addressing this new audience, while two, making it clear that the standard requires a process approach. “If organizations are going to use ISO 9001 as the basis of their systems, okay—but they must be clear that the standard is supposed to be applied using a process approach.”
Resigned to the fact that management was going to use the standard as a basis for QMS design, the authors did what they could to promote application of a process approach by an audience with a standard-based mindset. The first attempt to stymie a standard-based mindset is in the introduction (ISO 9001:2000, 0.1), where it tells us that it is NOT the intent of the standard to compel uniform QMS structure and documentation (e.g., by using it as a foundation for QMS definition).
Then at “0.2, Process approach” the standard explains that plan-do-check-act (PDCA) is the basis of the process approach. The supposition is that QMSs will be structured with PDCA in mind, not with the uniform requirements of ISO 9001 in mind. Process-based procedures describe processes—the proper subject of PDCA application. A process-based procedure represents the plan for processing pursuant to the plan phase of PDCA; a standard-based procedure is merely written in response to an ISO 9001 requirement. Procedures raised in response to ISO 9001 requirements cannot effectively describe the plan for any core business process. Merely describing conformity with individual ISO 9001 requirements, standard-based procedures offer the DCA phases of PDCA no real basis upon which to operate. From an organizational perspective, PDCA operates on processes, not requirements.
Then at 4.1, the standard provides requirements presumed adequate to determine if a defined system demonstrates a process approach. However, the requirements at 4.1 were apparently not adequate to overcome the standard-based mindset. Many read the standard to mean that only 6 procedures were required to define a QMS, since there were now only 6 requirements expressly calling for documented procedures (basically to cover support processes).
BAD TO WORSE
If an organization was going to use the standard that way, the authors seemed to think that an admonishment against the standard-based approach (0.1), an endorsement of the process approach (0.2), followed by requirements effectively demanding a process approach (4.1) would solve the problem.
Since 2000, the intent of the standard could be construed to include QMS development guidance as demanded by the originally unintended users. It could now in sense speak to those who think they need it to define their management systems. I believe this was a mistake.
The original idea of ISO 9001 wasn’t to specify requirements so quality management in each organization around the globe would consist of the same dysfunctional set of documents. ISO needed to make it more clear to auditors—the intended audience of the standard—that a standard-based approach was not acceptable. The standard itself needed to be more clear on this point, apparently. If it were adequately clear, systems demonstrating a standard-based approach would not pass assessments, so organizations would migrate toward the process approach rather quickly. Instead, the authors seemed to choose to allow the bad mindset to persist, while trying to adjust the standard to accommodate it. The mindset is what needed to be changed. Changing the standard to accommodate a standard-based mindset has been unsuccessful in promoting a process approach.
So, the 2015 standard will continue to clarify and emphasize the requirement to apply a process approach.
A STUBBORN MINDSET
Post 2000, organizations simply took the reduced emphasis on documentation to mean that a QMS needed less documentation–from 20 procedures now to 6.
However, a good QMS may have been defined by only 10 procedures under 1994, thus already having reduced documentation from that needed by the conventional 20-procedure wisdom. When the standard reduced emphasis on documentation in 2000, a system previously defined by 10 procedures is still defined by 10 procedures. Definition of the system and its processes does not depend on ISO 9001, nor should documentation describing a defined system. No system was ever properly defined by 20 standard-based procedures or merely by the “6 mandatory” procedures.
To overcome the standard-based mindset, it seems it was a mistake to allow the inmates to take over the asylum. ISO seems to have shot itself in the foot trying to achieve customer satisfaction—catering to customers who were misapplying the standard.
Think of ISO 9001 as an open book test. ISO authored the test, auditors proctor the test, and organizations take the test. Basically, it seems that since the organizations didn’t understand the test (unwitting cheating on it), while proctors (not understanding it either) routinely pass those who should be failing, ISO chose to combat the problem by changing the test to match the bad mindset causing the problem, while including requirements to overcome the problem. But these requirements went unrecognized by those ensconced in a standard-based mindset.
With the release of ISO 9001:2000, it’s like ISO was saying:
“Okay, if you all insist on using this standard for assessing QMSs to establish QMSs (which is actually very cheeky cheating), then we are including a requirement to apply a process approach. (We’ve actually sold many more copies of the standard than we anticipated due to this misuse of our product, but having become accustomed to the income, we don’t mind it so much.)
So, if an organization uses ISO 9001 as a basis for its QMS, management can’t miss this endorsement of, and requirement to apply, a process approach. (See 0.1, 0.2, and 4.1 et al.)
So, we are reducing the emphasis on documentation to make it more clear that this exercise is not merely about writing voluminous documentation to claim conformity with the individual requirements of the standard (as has been done thus far). Nobody liked that documentation, nor should they have—it was misguided and not required in the first place. So, an ISO 9001-based QMS will be a process-based QMS—documented according to operations, not according to the requirements of ISO 9001.”
What everyone seemed to hear:
“The process approach requires only 6 procedures, but clause-by-clause procedures are still okay.”
Bio:
T. D. (“Dan”) Nelson has been closely involved with ISO 9000 since 1994 as a technical writer, quality manager, management representative, consultant, author, and CB auditor. Holding an MA in Business Administration from the University of Iowa, Dan also has 12 years of experience as an IRCA-certified QMS Lead or Principal Auditor, conducting registration audits and surveillance audits, and training Lead Auditor candidates in accredited courses. Using a process approach, Dan has taken several scores of clients of various shapes and sizes through registration to ISO 9001:1994/2000/2008 and related sector schemes (e.g. QS 9000, AS9100, ISO 13485, and ISO 17025). Dan’s numerous articles about the process approach have also been published by Quality Digest, Inside Quality, ASQ’s Quality Management Division, the Society for Manufacturing Engineers (SME), and the South African Quality Institute (SAQI); Dan has been featured as a guest blogger by RABQSA, and has been featured on Quality Digest Live. Dan is available for management consulting, training, and coaching, as well as auditor training and coaching. Contact: dan@tdnelson.com 319.210.2642