Magazines & Journals
Informed Outlook

Printer Friendly
I Want To

Volume 9 · Issue 2 · February 2004


The ABCs of QMS Management
What Is Your Next Step With ISO 9001:2000

Fact: The ISO 9001:2000 transition ended on December 15, 2003.
Fact: Between 51.0% and 77.5% of all US organizations registered to ISO 9001:2000 are likely to have their first surveillance audit for conformity with the new standard between now and June 2004. And between now and December 2004, up to 90.8% of registered organizations will have had only two surveillance audits by their quality management system (QMS) registrar.

If your organization is among the vast majority that made the transition to ISO 9001:2000 since June 2003, are you—and your organization’s QMS—prepared for those audits?

The expectation is that, when the dust has settled and the final registration numbers are known, approximately 95% of US organizations previously registered to ISO 9001/2/3:1994 have replaced those certificates with ones for ISO 9001:2000 or sought a sector registration that involves ISO 9001:2000 conformity or eventually will. For those of you who made the ISO 9001:2000 transition, the first question you may want to ask now that the transition is over is: So, what happens now?

From both a requirements and opportunity standpoint, that is the wrong question, because it conveys passivity. But your organization cannot be passive—waiting for something to happen to it—if it is going to maintain its ISO 9001:2000 registration, never mind survive as a going concern. Your organization and its QMS will face surveillance audits from its registrar in the coming months, and the likelihood is that those surveillance audits will become more challenging over time for some organizations. Why? Because ISO 9001:2000 explicitly requires your QMS and organization to do things that the registrar auditors will eventually expect to see evidence of. And the expectations of your customers will be increasing as well.

In reality, the question you need to be asking 3, 6, 9 and 12 months (and so on) after your organization completed the transition is: So, what do we do now? If it has not already, your organization will face those QMS surveillance audits in the next few months, which will seek evidence of conformity with the 2000 edition of ISO 9001. ISO 9001:2000 specifically requires two things the 1994 editions of ISO 9001/2/3 did not: customer satisfaction and continual improvement of QMS effectiveness.

Those involved in developing ISO 9001/2:1994 will tell you that these were always expected results if you really followed through on what the 1994 standards required, but ISO 9001:2000 is explicit in its requirements. The problem is knowing how to satisfy these requirements and how soon the registrar’s auditors will expect to see evidence of your organization’s success in satisfying them. The reality is that some registrar auditors do not yet fully understand the concept of a process approach-based QMS and how to audit it, but experience and persistence will equip many of them to conduct upcoming surveillance audits with an eye for what constitutes conformity to these and other requirements and what does not.

In the past, maintaining registration to ISO 9001/2:1994 meant that you could keep the QMS pretty much as it was and that was enough to satisfy the auditors, but the following clauses/subclauses of ISO 9001:2000 include requirements that mean the registrar auditors—and your organization’s internal auditors—should be looking for activity aimed at management of that management system and change:

  • 5.2, Customer Focus—“with the aim of enhancing customer satisfaction”
  • 5.3, Quality Policy—“includes a commitment to comply with requirements and continually improve the effectiveness of the [QMS]”
  • 5.4.1, Quality Objectives—“The quality objectives shall be measurable and consistent with the quality policy.”
  • 5.6.1, Management Review—General—“This review shall include assessing opportunities for improvement and the need for changes to the [QMS], including the quality policy and quality objectives.”
  • 5.6.2, Review Input—“The input to management review shall include information on a) results of audits, b) customer feedback, c) process performance and…g) recommendations for improvement.”
  • 5.6.3, Review Output—“The output from the management review shall include any decisions and actions related to a) improvement of the effectiveness of the [QMS] and its processes, b) improvement of product related to customer requirements,….”
  • 7.2.3, Customer Communications—“The organization shall determine and implement arrangements for communicating with customers in relation to…c) customer feedback, including customer complaints.”
  • 7.4.1, Purchasing Process—“The organization shall evaluate and select suppliers based on their ability to supply product in accordance with the organization’s requirements. Criteria for selection, evaluation and re-evaluation shall be established.”
  • 8.1, Measurement, Analysis and Improvement—General—“The organization shall plan and implement the monitoring, measurement, analysis and improvement processes needed a) to demonstrate conformity of the product, b) to ensure conformity of the [QMS], and c) to continually improve the effectiveness of the [QMS].”
  • 8.2.1, Monitoring and Measurement—Customer Satisfaction—“As one of the measurements of performance of the [QMS], the organization shall monitor information relating to customer perception as to whether the organization has met customer requirements.”
  • 8.2.2, Internal Audits—“The organization shall conduct internal audits at planned intervals to determine whether the [QMS] a) conforms to the planned arrangements, to the requirements of [ISO 9001:2000] and to the [QMS] requirements established by the organization,….”
  • 8.2.3, Monitoring and Measurement of Processes—“The organization shall apply suitable methods for monitoring and…measurement of the [QMS] processes. These methods shall demonstrate the ability of the processes to achieve planned results.”
  • 8.4, Analysis of Data—“The organization shall determine, collect and analyse data to demonstrate the suitability and effectiveness of the [QMS] and to evaluate where continual improvement of the effectiveness of the [QMS] can be made…. The analysis of data shall provide information relating to a) customer satisfaction…, c) characteristics and trends of processes and products including opportunities for preventive action,….”
  • 8.5.1, Continual Improvement—“The organization shall continually improve the effectiveness of the [QMS] through the use of the quality policy, quality objectives, audit results, analysis of data, corrective and preventive actions and management review.”

These 14 instances specify requirements that expect your organization to manage its processes in a way that leads to changes that represent effective business management, not just quality management. However, it is up to you and your organization as a whole to manage that system and to pursue change after completing the ISO 9001:2000 registration process that will not just satisfy the registrar auditors on the next surveillance audit, but will produce a return on the investment made to implement and transition the QMS and obtain/retain registration. Without that, you might face the loss of the ISO 9001:2000 registration certificate, and you will certainly lose the opportunity to improve business performance, process efficiency, customer satisfaction and the product itself in doing what is required for registration.

This article will not begin to examine the clauses and subclauses listed above from a “post-transition” perspective, but it will put the concepts into perspective with the expectation that the examination will occur through the months ahead from a number of different perspectives. However, it may help to put what your organization must—and really needs to—do into some sort of focus.

The ABCs of QMS Management
Yes, it makes a catchy title, but it means a lot more if you seek to capture the concepts behind effective use of ISO 9001:2000 registration. Obtaining the certificate simply means your QMS conforms with minimal requirements that everyone else registered to ISO 9001:2000 is meeting. Nothing has actually changed in this light from the 1994 and 1987 editions of ISO 9001/2/3—you are still using a standard to set up a system, and that system needs to be customized so that it really meets your organization’s needs and fits the corporate culture so that employees and management can understand it and will find it helpful to follow.

As noted above, ISO 9001:2000 specifically requires proactive efforts through the QMS to make the system more effective over time (i.e., you have to manage the management system so that it improves) and this will result, with management commitment to and effective use of the QMS, in enhanced customer satisfaction.

Are there really ABCs for QMS management? Actually, your organization has to meet all the requirements (and more) in the clauses and subclauses of ISO 9001:2000 listed above, but the following may serve as a good way to remember some of those key requirements and tools:

  • A—Analysis (of data), Auditing and Actions (Corrective and Preventive)—These are three of the key activities an organization must take to both maintain and manage the system and to pursue its improvement as well as enhanced customer satisfaction. They are requirements, but they represent tools that go beyond mere conformity. In this issue is one article on auditing and one on the use of management systems to manage risk.
  • B—Baseline, Benchmarking and Bottom-Line—These are three measurements and measurement tools that provide the basis for improvement. If you don’t know where you are starting from—your organizational baseline—it will be difficult to know what needs attention first, where opportunities lie and what has been achieved as a result of improvement efforts. Benchmarking is a means of determining what opportunities for improvement might be available to your QMS and organization by measuring your organization against similar and/or very different organizations. If your organization is in business to make money so as to make employees, suppliers, owners and investors “satisfied customers”, the QMS must be maintained and improved so that its bottom-line benefits. Therefore, you need to measure performance improvement in terms of the impact on the bottom-line, including consideration of the negative impacts on the bottom-line if the QMS had not been in place and effective.
  • C—Commitment (of Top Management), Continual Improvement and Customer Satisfaction—These are three outcomes your QMS must produce to meet and exceed ISO 9001:2000’s requirements, both to satisfy the registrar auditors to make implementation and registration worth the investment. You may be surprised to see commitment of Top Management to the QMS as a desired outcome, but this is how you need to be thinking about the QMS if you are the management representative, an auditor or even a process owner. The QMS has to be a value-adding tool for the organization to use and one that even the busiest employees will not find a burden to adhere to, but rather a way of doing things that will lift some of the burden of their workloads through increased efficiency. How do you achieve these outcomes with a QMS? There are many ways, and one of them begins with a B (Baldrige criteria).

There is one more C that needs to be mentioned: Communication. THE OUTLOOK will be seeking out and developing articles in coming months to address ISO 9001:2000 usage in the post-transition world, particularly in light of the ABCs, but there are many topics to cover. It is up to you, the reader, to communicate with THE OUTLOOK in two ways to make the outcome worth the investment in ISO 9001:2000.

First, communicate what issues and/or tools you need to see addressed, which will help guide content development in future issues so that your needs are met. If there is a topic that is causing you trouble or that you want to learn more about, communicate that need.

Second, communicate your willingness to be a contributor to the coverage on QMS management. If your organization has used quality management tools, you are encouraged to contact THE OUTLOOK about serving as a case study or providing your observations about your organization’s experiences with the tools.

You can contact Jim Mroz, the Senior Editor, by e-mail ( or phone (703-239-9044) to discuss issues and tools or to contribute your insights. The future is yours to make and it is never too late to communicate.