15 Introduction to ISO 9000

INTRODUCTION TO ISO 9000

 

A quality assurance system may be defined as the organizational structure, responsibilities, procedures, processes, and resources for implementing quality management. Quality assurance systems are created to help organizations ensure their products and services satisfy customer expectations by meeting their specifications.

 

These systems cover a wide variety of activities encompassing a product’s entire life cycle including planning, controlling, measuring, testing and reporting, and improving quality levels throughout the development and manufacturing process. ISO 9000 describes quality assurance elements in generic terms that can be applied to any business regardless of the products or services offered. The ISO 9000 standards have been adopted by many countries including all members of the European Community, Canada, Mexico, the United States, Australia, New Zealand, and the Pacific Rim. Countries in Latin and South America have also shown interest in the standards.

 

After adopting the standards, a country typically permits only ISO registered companies to supply goods and services to government agencies and public utilities. Telecommunication equipment and medical devices are examples of product categories that must be supplied by ISO registered companies. In turn, manufacturers of these products often require their suppliers to become registered. Private companies such as automobile and computer manufacturers frequently require their suppliers to be ISO registered as well.

 

To become registered to one of the quality assurance system models contained in ISO 9000, a company’s quality system and operations are scrutinized by third party auditors for compliance to the standard and for effective operation. Upon successful registration, a company is issued a certificate from a registration body represented by the auditors. Semi-annual surveillance audits ensure continued compliance to the standard.

 

THE ISO APPROACH TO QUALITY ASSURANCE SYSTEMS

 

The ISO 9000 quality assurance models treat an enterprise as a network of interconnected processes. For a quality system to be ISO compliant, these processes must address the areas identified in the standard and must be documented and practiced as described. ISO 9000 describes the elements of a quality assurance system in general terms. These elements include the organizational structure, procedures, processes, and resources needed to implement quality planning, quality control, quality assurance, and quality improvement. However, ISO 9000 does not describe how an organization should implement these quality system elements. Consequently, the challenge lies in designing and implementing a quality assurance system that meets the standard and fits the company’s products, services, and culture.

 

THE ISO 9001 STANDARD

 

ISO 9001 is the quality assurance standard that applies to software engineering. The standard contains 20 requirements that must be present for an effective quality assurance system. Because the ISO 9001 standard is applicable to all engineering disciplines, a special set of ISO guidelines (ISO 9000-3) have been developed to help interpret the standard for use in the software process.

 

The requirements delineated by ISO 9001 address topics such as management responsibility, quality system, contract review, design control, document and data control, product identification and traceability, process control, inspection and testing, corrective and preventive action, control of quality records, internal quality audits, training, servicing, and statistical techniques. In order for a software organization to become registered to ISO 9001.

 

QUALITY MANAGEMENT PRINCIPLES

 

The eight quality management principles are:

 

1 Customer focus

 

Organizations can establish this focus by trying to understand and meet their customers’ current and future requirements and expectations.

 

2 Leadership

 

Organizations succeed when leaders establish and maintain the internal environment in which employees can become fully involved in achieving the organization’s unified objectives.

  3 Involvement of people

 

Organizations succeed by retaining competent employees, encouraging continuous enhancement of their knowledge and skills, and empowering them, encouraging engagement and recognizing achievements.

 

4 Process approach

 

Organizations enhance their performance when leaders manage and control their processes, as well as the inputs and outputs that tie these processes together.

 

5 System approach to management

 

Organizations sustain success when processes are managed as one coherent quality management system.

 

6 Continuous improvement

 

Organizations will maintain current levels of performance, respond to changing conditions, and identify, create and exploit new opportunities when they establish and sustain an ongoing focus on improvement.

 

7 Factual approach to decision making

 

Organizations succeed when they have established an evidence-based decision making process that entails gathering input from multiple sources, identifying facts, objectively analyzing data, examining cause/effect, and considering potential consequences.

 

8 Mutually beneficial supplier relationships

 

Organizations that carefully manage their relationships with suppliers and partners can nurture positive and productive involvement, support and feedback from those entities.

These principles form the conceptual foundation for the ISO portfolio of quality management standards and serve as the basis for the Good Manufacturing Practices (GMP), Good Clinical Practices (GCP), and Good Laboratory Practices (GLP) required by most government regulatory bodies. But these principles are not just the backbone of quality systems; they’re also simply good business principles to put into practice across an enterprise. The standardization of management approach based on them will be driving global improvement and process excellence for at least the next 10 years.

ISO 9000 based Quality

 

Quality is defined by customer needs, defined in terms of fitness for purpose, achieved through continuous improvement, managed through prevention not detection, getting it right at the first time’ measurable.

 

ISO defines Self Manageable P-D-C-A Plan what you do, Do what you planned & record what you did Check the results, Act on the difference.

Plan

 

The first logical step in the PDCA cycle is planning. You have to sit down and think. You have to think about the final outcome you want to achieve or the problem you want to solve.

 

By planning, you want to clarify what kind of improvements you want to implement, decide which opportunity to follow, and write down your assumptions (hypotheses or educated guesses) about what kind of a behavioral change will probably lead you to the desired result.

 

You need to set measurable and attainable goals, and you need a strong why that emotionally empowers you and reminds you why you want to achieve something.

 

The basic idea of the planning phase is to design a set of controllable experiments, where you implement a change on a manageable scale, so you can analyze possible effects on a greater level.

 

The fact is that only by doing and putting the assumptions to the test and then reflecting on the results, are they able to see if their assumptions in the plan are right or wrong. By doing and reflecting, they can decide to validate or reject (confirm or negate) the hypotheses. That leads us to the do and check phases of the PDCA cycle.

 

Do

 

In the doing phase, you implement the plan. In a very controlled way, you change your behavior that will potentially lead to a different result. With doing, the plan meets reality. When you change your behavior, you interact differently with your environment and that reshapes the relationships and the direction in which the environment is evolving. Thus any change causes friction and stress to the established system, and consequently that leads to a polarization of external factors.

 

Polarization means that every external factor has to become a blocker or a backer of your change. When you act differently, you have supporters of change and forces that want to put things back as they were. And you never know how polarization will happen. That means your plan mustn’t consider only how the change will affect you and your life, but also how it will affect your environment. But only when you do things in real life and you get the first-hand experience (Genchi Genbutsu), you finally see things as they are in reality and then you can compare them to your plan and assumptions.

The properly executed do phase is very easy to spot. You always:

  • Start with a new behavior
  • Stop with an old behavior
  • Or do both

Check

 

The next step is analyzing the results. The check step is not about auditing, but about reflecting. That’s why some people prefer to call it the PDSA cycle, where check is swapped with study. With reflection (or introspection, as it’s often called) one must analyze how the change affected one and their environment after changing their behavior.

 

In the check phase, one must analyze which things went well, what didn’t go as planned and expected, and what could have been done differently to get better results. It is also possible to brainstorm ideas for potential next improvements and changes. So in the check phase, one needs a clear answer to the following questions:

  • What went well during an experiment?
  • What didn’t go that well?
  • How could I do things differently?
  • How can I implement a new change?

In scientific terms, it is necessary to do the evaluation and to compare the results with the plan. It must be validated or rejected based on the hypotheses. One must convert data into information, so that they can draw final conclusions and insights and act accordingly. In the check phase, one can learn how to act based on testing and experimenting.

 

One can do validated learning. The 5 Whys analysis can be a great help when you are performing the check phase.

Act

 

The final step in the PDCA cycle is acting based on the conclusions one got from the experiment. It’s about implementing corrective actions (new behavior) based on their plan, experiment’s results and reflection insights. There is a simple decision they have to make:

  • Persevere
  • Restore
  • Pivot

If the change brought the results they wanted, they persevere. The new behavior becomes the new baseline, the new standard how they operate. We often say that new behavioral patterns are enACTed.

 

If the change didn’t work as expected and had negative effects, they have two choices. One can either go back to their old behavior (restore) or they can pivot to something completely new.

ISO 9000 Requirements

 

Plan, Do, Check & Act with consistency include the following:

  • Customer Satisfaction
  • Management Supports
  • Resources Management
  • Process Management
  • Results Analysis

Continuous improvement can be provided by analyzing the following:

  • Unsatisfactory Outcome
  • Work Improvement Team
  • Cause Investigation
  • Corrective Action
  • Preventive Action
  • Review
  • Quality Plan
  • Quality Manual
  • Q Procedures
  • Working Instructions
  • Reference documents

ISO 9000 recommends 20 Elements for quality improvement

 

  1. Management Responsibility
  1. Quality System
  1. Contract Review
  1. Design Control
  1. Document & Data Control
  1. Purchasing
  1. Control of Customer Supplied Product
  1. Product Identification and Traceability
  1. Process Control
  1. Inspection and Test Status
  1. Control of Inspection, Measuring and Test Equipment.
  1. Inspection and Test Status
  1. Control of Nonconforming Product
  1. Corrective & Preventive Action
  1. Handling , Storage, Packaging, Preservation and Delivery
  1. Control of Quality Records
  1. Quality Audits
  1. Training
  1. Servicing
  1. Statistical Techniques

Stages

 

The stages for quality improvement based on ISO are as follows:

  • Setting up Steering Committee
  • Design of Management System
  • Training all Staff
  • Setting up documentation system
  • Implementation
  • Monitoring and Evaluation
  • Internal Audit and Pre-assessment audit
  • Certification Audit
  • Registration
  • Maintenance of the system
  • Internal Q Audit
  • Surveillance Visit

Standardized & Systematic

 

They are two types of techniques namely standardized and systematic techniques for quality improvement. The standardized method requires clearly listed requirements / guidelines and it has world-wide acceptance. On the other hand, the systematic technique considers inter-relationship of elements. Therefore, it is comprehensive in nature and requires team work for its success. There are three types of mechanisms for planning the quality systematically. They are customer oriented, objectively assessed and clearly documented. In the customer oriented mechanism the requirements are defined by the customers and the expected quality will put more stress due to the need to satisfy the customer fully. On the other hand in objectively accessed mechanism, internal audit for self-assessment, and audit by 3rd party are used by the management system for governing. In the clearly documented mechanism, data and record control and documenting process are the major components.

 

SUMMARY

 

Based on ISO the quality can be improved by incorporating the following:

  • Quality management policies
  • Planning for quality
  • P-D-C-A for guide line
  • Quality Circles for discussion
  • Quality Elements for validation