ISO 9000 is a family of standards for quality management systems. ISO 9000 is maintained by ISO,the International Organization for Standardization and is administered by accreditation and certificationbodies. Some of the requirements in ISO 9001 (which is one of the standards in the ISO 9000 family)include:-
A company or organization that has been independently audited and certified to be in conformance
with ISO 9001 may publicly state that it is “ISO 9001 certified” or “ISO 9001 registered.”ISO 9000
includes the following standards:
ISO 9000:2008, Quality management systems – Fundamentals and vocabulary. Covers the
basics of what quality management systems are and also contains the core language of the ISO
9000 series of standards. A guidance document, not used for certification purposes.
ISO 9001:2008 Quality management systems – Requirements is intended for use in any
organization which designs, develops, manufactures, installs and/or services any product or
provides any form of service. It provides a number of requirements which an organization needs to
fulfill if it is to achieve customer satisfaction through consistent products and services which meet
customer expectations. It includes a requirement for the continual (i.e. planned) improvement of the
Quality Management System, for which ISO 9004:2000 provides many hints.
This is the only implementation for which third-party auditors may grant certification. It should be noted
that certification is not described as any of the ‘needs’ of an organization as a driver for using ISO
9001 (see ISO 9001:2008 section 1 ‘Scope’) but does recognize that it may be used for such a
purpose (see ISO 9001:2008 section 0.1 ‘Introduction’).
ISO 9004:2000 Quality management systems – Guidelines for performance improvements.
covers continual improvement. This gives you advice on what you could do to enhance a mature
system. This standard very specifically states that it is not intended as a guide to implementation.
Note that the previous members of the ISO 9000 family, 9001, 9002 and 9003, have all been
integrated into 9001. In most cases, an organization claiming to be “ISO 9000 registered” is referring
to ISO 9001.
Contents of ISO 9001
ISO 9001:2008 Quality management systems — Requirements is a document of approximately 30
pages which is available from the national standards organization in each country. Outline contents
are as follows:
Page iv: Foreword
Pages v to vii: Section 0 Introduction
Pages 1 to 14: Requirements
Section 1: Scope
Section 2: Normative Reference
Section 3: Terms and definitions (specific to ISO 9001, not specified in ISO 9000)’
Pages 2 to 14
Section 4: Quality Management System
Section 5: Management Responsibility
Section 6: Resource Management
Section 7: Product Realization
Section 8: Measurement, analysis and improvement
In effect, users need to address all sections 1 to 8, but only 4 to 8 need implementing within a QMS.
Pages 15 to 22: Tables of Correspondence between ISO 9001 and other standards
Page 23: Bibliography
The standard specifies six compulsory documents:
Control of Documents (4.2.3)
Control of Records (4.2.4)
Internal Audits (8.2.2)
Control of Nonconforming Product / Service (8.3)
Corrective Action (8.5.2)
Preventive Action (8.5.3)
In addition to these, ISO 9001:2008 requires a Quality Policy and Quality Manual (which may or may
not include the above documents).
Summary of ISO 9001:2008 in informal language
The quality policy is a formal statement from management, closely linked to the vision, mission,
business and marketing plan and to customer needs. The quality policy is understood and followed
at all levels and by all employees. Each employee needs measurable objectives to work towards.
Decisions about the quality system are made based on recorded data and the system is regularly
audited and evaluated for conformance and effectiveness.
Records should show how and where raw materials and products were processed, to allow
products and problems to be traced to the source.
You need a documented procedure to control quality documents in your company. Everyone must
have access to up-to-date documents and be aware of how to use them.
To maintain the quality system and produce conforming product, you need to provide suitable
infrastructure, resources, information, equipment, measuring and monitoring devices, and
You need to map out all key processes in your company; control them by monitoring, measurement
and analysis; and ensure that product quality objectives are met. If you can’t monitor a process by
measurement, then make sure the process is well enough defined that you can make adjustments
if the product does not meet user needs.
For each product your company makes, you need to establish quality objectives; plan processes;
and document and measure results to use as a tool for improvement. For each process, determine
what kind of procedural documentation is required (note: a “product” is hardware, software,
services, processed materials, or a combination of these).
You need to determine key points where each process requires monitoring and measurement, and
ensure that all monitoring and measuring devices are properly maintained and calibrated.
You need to have clear requirements for purchased product.
You need to determine customer requirements and create systems for communicating with
customers about product information, inquiries, contracts, orders, feedback and complaints.
When developing new products, you need to plan the stages of development, with appropriate
testing at each stage. You need to test and document whether the product meets design
requirements, regulatory requirements and user needs.
You need to regularly review performance through internal audits and meetings. Determine
whether the quality system is working and what improvements can be made. Deal with past
problems and potential problems. Keep records of these activities and the resulting decisions, and
monitor their effectiveness (note: you need a documented procedure for internal audits).
You need documented procedures for dealing with actual and potential nonconformances
(problems involving suppliers or customers, or internal problems). Make sure no one uses bad
product, determine what to do with bad product, deal with the root cause of the problem and keep
records to use as a tool to improve the system.
History of ISO 9000
Pre ISO 9000
During WWII, there were quality problems in many British industries such as munitions, where bombs
were exploding in factories during assembly. The adopted solution was to require factories to
document their manufacturing procedures and to prove by record-keeping that the procedures were
being followed. The name of the standard was BS 5750, and it was known as a management standard
because it specified not what to manufacture, but how the manufacturing process was to be managed.
According to Seddon, “In 1987, the British Government persuaded the International Organization for
Standardization to adopt BS 5750 as an international standard. BS 5750 became ISO 9000.”
ISO 9000:1987 had the same structure as the UK Standard BS 5750, with three ‘models’ for quality
management systems, the selection of which was based on the scope of activities of the organization:
ISO 9001:1987 Model for quality assurance in design, development, production, installation, and
servicing was for companies and organizations whose activities included the creation of new
ISO 9002:1987 Model for quality assurance in production, installation, and servicing had basically
the same material as ISO 9001 but without covering the creation of new products.
ISO 9003:1987 Model for quality assurance in final inspection and test covered only the final
inspection of finished product, with no concern for how the product was produced.
ISO 9000:1987 was also influenced by existing U.S. and other Defence Standards (“MIL SPECS”),
and so was well-suited to manufacturing. The emphasis tended to be placed on conformance with
procedures rather than the overall process of management — which was likely the actual intent.
ISO 9000:1994 emphasized quality assurance via preventive actions, instead of just checking final
product, and continued to require evidence of compliance with documented procedures. As with the
first edition, the down-side was that companies tended to implement its requirements by creating shelfloads of procedure manuals, and becoming burdened with an ISO bureaucracy. In some companies,
adapting and improving processes could actually be impeded by the quality system.
ISO 9001:2008 combines the three standards 9001, 9002, and 9003 into one, now called 9001.
Design and development procedures are required only if a company does in fact engage in the
creation of new products. The 2008 version sought to make a radical change in thinking by actually
placing the concept of process management front and centre (“Process management” was the
monitoring and optimizing of a company’s tasks and activities, instead of just inspecting the final
product). The 2008 version also demands involvement by upper executives, in order to integrate
quality into the business system and avoid delegation of quality functions to junior administrators.
Another goal is to improve effectiveness via process performance metrics — numerical measurement
of the effectiveness of tasks and activities. Expectations of continual process improvement and
tracking customer satisfaction were made explicit.
ISO does not itself certify organizations. Many countries have formed accreditation bodies to authorize
certification bodies, which audit organizations applying for ISO 9001 compliance certification. Although
commonly referred to as ISO 9000:2000 certifications, the actual standard to which an organization’s
quality management can be certified is ISO 9001:2008. Both the accreditation bodies and the
certification bodies charge fees for their services. The various accreditation bodies have mutual
agreements with each other to ensure that certificates issued by one of the Accredited Certification
Bodies (CB) are accepted world-wide.
The applying organization is assessed based on an extensive sample of its sites, functions, products,
services and processes; a list of problems (“action requests” or “non-compliances”) is made known to
the management. If there are no major problems on this list, the certification body will issue an ISO
9001 certificate for each geographical site it has visited, once it receives a satisfactory improvement
plan from the management showing how any problems will be resolved.
An ISO certificate is not a once-and-for-all award, but must be renewed at regular intervals
recommended by the certification body, usually around three years. In contrast to the Capability
Maturity Model there are no grades of competence within ISO 9001.
Two types of auditing are required to become registered to the standard: auditing by an external
certification body (external audit) and audits by internal staff trained for this process (internal audits).
The aim is a continual process of review and assessment, to verify that the system is working as it’s
supposed to, find out where it can improve and to correct or prevent problems identified. It is
considered healthier for internal auditors to audit outside their usual management line, so as to bring a degree of independence to their judgments.
Under the 1994 standard, the auditing process could be adequately addressed by performing
Tell me what you do (describe the business process)
Show me where it says that (reference the procedure manuals)
Prove that that is what happened (exhibit evidence in documented records)
How this led to preventive actions was not clear.
The 2008 standard uses the process approach. While auditors perform similar functions, they are
expected to go beyond mere auditing for rote “compliance” by focusing on risk, status and importance.
This means they are expected to make more judgments on what is effective, rather than merely
adhering to what is formally prescribed. The difference from the previous standard can be explained
Under the 1994 version, the question was broadly “Are you doing what the manual says you
should be doing?”, whereas under the 2008 version, the question is more “Will this process help
you achieve your stated objectives? Is it a good process or is there a way to do it better?”.
The ISO 19011 standard for auditing applies to ISO 9001 besides other management systems like
EMS ( ISO 14001), FSMS (ISO 22000) etc.
The ISO 9001 standard is generalized and abstract. Its parts must be carefully interpreted, to
make sense within a particular organization. Developing software is not like making cheese or
offering counselling services; yet the ISO 9001 guidelines, because they are business
management guidelines, can be applied to each of these. Diverse organizations—manufacturing
companies, software development companies, trading organizations, service organizations, police
departments, professional soccer teams and city councils —have successfully implemented ISO
Over time, various industry sectors have wanted to standardize their interpretations of the
guidelines within their own marketplace. This is partly to ensure that their versions of ISO 9000
have their specific requirements, but also to try and ensure that more appropriately trained and
experienced auditors are sent to assess them.
The TickIT guidelines are an interpretation of ISO 9000 produced by the UK Board of Trade to
suit the processes of the information technology industry, especially software development.
AS 9000 is the Aerospace Basic Quality System Standard, an interpretation developed by major
aerospace manufacturers. The current version is AS 9100.
PS 9000 is an application of the standard for Pharmaceutical Packaging Materials.
QS 9000 is an interpretation agreed upon by major automotive manufacturers (GM, Ford,
Chrysler). It includes techniques such as FMEA and APQP. QS 9000 is now replaced by
ISO/TS 16949:2002 is an interpretation agreed upon by major automotive manufacturers
(American and European manufacturers); the latest version is based on ISO 9001:2008. The
emphasis on a process approach is stronger than in ISO 9001:2008. ISO/TS 16949:2002
contains the full text of ISO 9001:2008 and automotive industry-specific requirements.
TL 9000 is the Telecom Quality Management and Measurement System Standard, an
interpretation developed by the telecom consortium, QuEST Forum. The current version is 4.0
and unlike ISO 9001 or the above sector standards, TL 9000 includes standardized product
measurements that can be benchmarked.
ISO 13485:2003 is the medical industry’s equivalent of ISO 9001:2008. Whereas the standards
it replaces were interpretations of how to apply ISO 9001 and ISO 9002 to medical devices,
ISO 13485:2003 is a stand-alone standard. Compliance with ISO 13485 does not necessarily
mean compliance with IS0 9001:2008.
Advantages of ISO 9001 certification
It is widely acknowledged that proper quality management improves business, often having a
positive effect on investment, market share, sales growth, sales margins, competitive advantage,
and avoidance of litigation. The quality principles in ISO 9000:2008 are also sound, according to
Wade, and Barnes, who says “ISO 9000 guidelines provide a comprehensive model for quality
management systems that can make any company competitive.” Barnes also cites a survey by
Lloyd’s Register Quality Assurance which indicated that ISO 9000 increased net profit, and
another by Deloitte-Touche which reported that the costs of registration were recovered in as less
as three months. According to the Providence Business News, implementing ISO often gives the
1. Create a more efficient, effective operation
2. Increase customer satisfaction and retention
3. Reduce audits
4. Enhance marketing
5. Improve employee motivation, awareness, and morale
6. Promote international trade
7. Increases profit
8. Reduce waste and increases productivity
In today’s service-sector driven economy, more and more companies are using ISO 9000 as a
business tool. Through the use of properly stated quality objectives, customer satisfaction surveys
and a well-defined continual improvement program companies are using ISO 9000 processes to
increase their efficiency and profitability.
What We Offer?
With a team of highly qualified consultants and trainers having vast industrial experience, we partner organizations across the world to implement and achieve ISO 9001 Certification.
Our consulting approach is highly professional, time bound and effective resulting in ease of implementation and adds value to the business processes of the client organization.
Contact us at firstname.lastname@example.org to get your organization ISO 9001 certified