President and CEO
Field Consultant Eagle Group USA Inc.
Since it was originally devised in 1987, some 250,000 organizations around the world have registered to ISO 9000, a series of international standards that establish quality-management-system (QMS) requirements. It is, far and away, the most influential initiative that grew from the quality movement of the early '90's.
Beginning the fourth quarter of this year, ISO 9000 will be radically revised and all the organizations that had been ISO registered must update their current quality systems if they want to retain certification. National standards bodies, registrars, consultants, and the rest of the apparatus that has grown up around the standard now face a new set of challenges and opportunities.
The revised standard, called ISO 9000:2000, is actually three interrelated documents: ISO 9000, which lays out the fundamentals and vocabulary; ISO 9001, which states system requirements; and ISO 9004, which provides guidance for implementation and fleshes out ISO 9001.
In view of the impact of this revision and the costs it will entail, organizations understandably have many questions and concerns.
How does ISO 9000:2000 compare to the original version?
The previous standard defined quality using 20 key elements a company must use to produce goods and services. Its purpose was to assure customers that certified companies turned out products with a consistent quality level.
ISO 9000:2000 is based on a Process Model any enterprise can use whether it manufactures parts, processes chemicals, or provides services. All requirements in the new ISO are stated in more generic and less prescriptive terms rather than the previous version. This lack of specificity should make it easier for enterprises to fit their operations into the new ISO.
Although the new model is simpler and less prescriptive than its predecessor, the requirements are a quantum leap forward and in line with progressive thinking in the quality field. The Model's four sections function similar to the Plan-Do-Check-Act (PDCA) improvement process popularized by quality expert W. Edwards Deming. This is much more rigorous than the previous ISO standards' watchwords: "Do what you document, document what you do, and prove it."
The key improvements in ISO 9000:2000 are:
It includes the voice of the customer. In the new standards, Customer Requirements drive input and Customer Satisfaction drives output. Certified organizations will need methods in place to describe and monitor what each customer wants when they place an order, and processes to measure and analyze customer satisfaction.
It backs continual improvement. Under ISO 9000:2000, it won't be enough for organizations simply to measure customer satisfaction, they will have to improve it. Organizations must also measure and improve internal processes. Although many people believe continual improvement was always implied in ISO 9000, it is now a clearly defined requirement.
Management has greater responsibility. Management's role in the previous ISO 9000 was to establish and review the quality policy, commit adequate resources to it, and appoint a management representative to supervise the QMS. But, for the most part, the QMS was largely the responsibility of quality professionals.
Executive management plays a far more central role with the new standard, including the set up and review of a multistep version of the PDCA process to ensure continual improvement and customer satisfaction.
Where does this leave currently certified organizations?
Every element of the previous ISO standard can be mapped onto ISO 9000:2000, and an organization's current ISO system should serve as the foundation for the new standards. But much of the existing documentation may need remapping and expanding to meet new requirements. In many cases, these revisions can be substantial. Some companies will need procedures for the new requirements. For example, nothing in the old standards addresses elements in its successor such as customer focus, planning, internal communication, human resources, identifying customer requirements, customer communication, customer satisfaction, and improvement.
But this need not be as overwhelming as it seems. Much of what is new in ISO, will not be new to well-run companies. Their processes are already designed around some of the ISO 9000:2000. These processes, once formalized and disciplined, become part of the QMS required by ISO 9000:2000.
The transition to the new standard is essentially the same whether a company is regis-tered ISO 9001, 9002, or 9003. Companies registered under the old ISO 9002 and ISO 9003 can change their QMSs to ISO 9001:2000. ISO 9002 and 9003 will become obsolete.
After publication in the fourth quarter of this year, organizations will have three years to adopt it. In that time, QMSs conforming to either the 1994 or 2000 standard will be considered certified. Organizations should start adopting new requirements during surveillance audits. The conversion process should therefore be complete by the beginning of 2004.
Currently, registrars and other certifying infrastructure for the new standard have not been established. Registrations based on draft documents will not be acceptable. Therefore, no registrations can be made until the standard is published.
Organizations in the process of registering to ISO 9000 or who plan on registering by the end of this year can register to the current 1994 version. However, they should model their QMS around ISO 9000:2000 in anticipation of the conversion that follows.
What are the benefits?
By incorporating issues such as continual improvement and customer satisfaction, the standard becomes a more effective tool. It will help companies improve operations and increase competitiveness, which should benefit customers. As a result, ISO 9001:2000 will carry far more weight with customers than did its predecessor.
Additional benefits will accrue to companies with both a QMS and a business management system. ISO 9000:2000 encourages enterprises to combine the two. Such a combination should streamline the organization and get everyone pulling together.
The new standard is also purposely more generic so that it will apply universally rather than just to manufacturing companies. It is as applicable to a medical facility or a school as it is to a factory.
The new standard's downside is that it requires currently certified organizations to invest more time and resources in meeting its requirements. Some organizations will find this less of a challenge than others. For example, well-run companies with strategic business planning processes and procedures to measure customer satisfaction will have a head start.
Companies that have made only a minimal commitment to ISO 9000 and embraced it only as a necessary evil to gain a marketing advantage or meet customer demands, may feel the new ISO hurts them. They may have a point, but it doesn't change the fact that ISO 9000:2000 offers considerable advantages to them and their customers.
How should companies implement the new standard?
In general, implementation should not be significantly different for the 2000 revision than it was for the previous version. However, under the previous standard, organizations could exclude activities such as design control from the scope of registration and still seek ISO certification. Under ISO 9001:2000, businesses no longer have that option. If a company performs an operation, it must be included.
Here are the basic steps for a conversion:
1. Get copies of the standard and review them. Although ISO 9001, which contains requirements is key, ISO 9004 is also important. It provides guidance and fleshes out the sparsely written and generic ISO 9001.
2. Set up a conversion team to manage the process. If possible, use the same team used in previous registration efforts.
3. Contact registrars to discuss options. If you don't have the expertise internally to carry out the transition, consider hiring out-side consulting and training organizations.
4. Analyze the gaps between your current systems and ISO 9000:2000. It's useful to start with Annex B of ISO 9001 which provides tables showing how the 1994 and 2000 versions differ.
This analysis should not be confined to QMS. Consider the elements of your business management system and other business processes that could be incorporated into ISO 9000:2000. For example, if you survey customers for feedback on your products and performance, you also have the initial groundwork for monitoring customer satisfaction as required in the new standard.
5. Determine how you should structure your documentation. The simplest way to convert documentation is to remap it to the new system without changing the existing numbering or organization. An index or matrix could then show relationships between the two systems. This may be simpler, but could create complexities down the road.
The alternative is to renumber and restructure your documentation into the new system. This takes more up-front work but creates a more streamlined system.
6. Determine training needs. You may, for example, seek out instructions for setting up a PDCA process, establishing a continuous improvement system, or designing customer satisfaction processes.
By incorporating such factors as customer satisfaction and continual improvement, ISO 9000:2000 moves closer to the principles of TQM. At the same time, it retains the discipline of third party assessment, registration, and surveillance that has made ISO 9000 so successful. It's an inevitable evolution that offers substantial benefits to organizations, their customers, and suppliers.