NISO: A Standard That Parallels, Complements and Exceeds ISO 9001:2000
by James Lamprecht
Over the past 10 to 12 years, much has been written about the virtues of the ISO 9000 quality system. Despite praise for the system, the ISO 9000 implementation and registration process is, no doubt to the chagrin of many devoted fans, certainly not immune to criticism.
Indeed, one of the unfortunate side effects of the ISO 9000 implementation process is that it has turned into a documentation exercise partly designed to satisfy the anticipated requests of third-party auditors.
While many may question this opinion, the fact remains that if an organization does not have all of the expected procedures or has not followed an ISO 9000 requirement the "proper way," the perceived deficiencies will have to be addressed before registration can be achieved.
Another unfortunate and undeniable side effect of third-party registration is that many registrars expect their auditors to find at least one nonconformance (no matter how minor) during an audit. Although it is true that nonconformances can be found in most any quality system, this implicit pressure often forces auditors to report nonvalue added, if not absurd or ridiculous, observations that must be addressed by the organization--at the organization's cost.
Two sets of ISO 9000 requirements
After nearly 11 years of association with the ISO 9000 standards, I have observed that there are at least two sets of ISO 9000 requirements: 1) those written in the standards and 2) those perceived as being written in the standards.
This second set of requirements, which has evolved over the past eight to 10 years and is unwritten, has come about because of the various ways third-party auditors have been taught (either by their registrars or through the myriad of lead assessor courses), to interpret what the standards say. Naturally then, this perception regarding requirements varies from registrar to registrar and from auditor to auditor. The latest revision of the ISO 9001:2000 standard, due in late 2000, will mitigate but, unfortunately, will not eliminate the syndrome.
NISO: A modest proposal
When drafts of the ISO 9001:2000 standard began to circulate last year, I found myself more irritated than pleased by some of the suggested changes. Although countless people have spent a fair amount of time offering suggestions on how the ISO 9001:2000 standards could be improved, it occurred to me that the best way to proceed was not to offer any more recommendations but to write my own standard--the NISO standard.
Originally, the acronym NISO was intended to mean Non-Intrusive Standard for Organization. The motivation behind the acronym was driven by what I perceived to be tendencies not only to lengthen the revised standards, but to introduce requirements that are more prescriptive. I am aware that, as far as some individuals are concerned, ISO 9001:2000 is not prescriptive enough. It is hoped that the international community will not give in to these dictatorial minds.
I have since come to realize that the acronym NISO could have a variety of other meanings: Next ISO, New ISO, Never ISO, Nice ISO or a multitude of other creative options. NISO was written by a committee of one and includes several requirements that parallel, complement or even exceed the ISO 9001:2000 standard; yet unlike the international standard, it does not prescribe how things must be done.
NISO is also more holistic than the international standard in that it recognizes and emphasizes different aspects of an organizational quality system. Most importantly, NISO is very short.
NISO: Fundamental Assumptions
The fundamental assumptions of NISO are that:
1. The primary and universal objective of all for profit organizations is to operate in a socially responsible way and provide a reasonable return on investment to their owners and/or shareholders.
2. To operate as a socially responsible entity, an organization must obey local, state and national laws and/or regulatory requirements relating to occupational health and safety, labor relations and the environment.
To ensure a reasonable return (that is, remain profitable) on investment, an organization must satisfy its customers.
3. To satisfy its customers an organization must provide product(s) that will satisfy customers' needs.
4. To remain profitable, an organization must periodically assess its performance with regard to its customers and modify its documented quality system (management, production, assembly, delivery, training and so forth) to reflect fluctuations in customers' needs or market trends.
Customer's commitment. To minimize customer's risk, customers must cooperate with their suppliers and/or vendors to ensure that all customer needs are clearly specified and understood. To ensure that the supplying organization can guarantee its contractual commitment, customers acknowledge that changes to an agreed upon set of conditions (as specified in a contract) shall be communicated to the supplying organization prior to the next delivery.
General requirement. To ensure that delivered products satisfy contractually agreed upon customer requirements, the organization shall design, document and implement a quality management system.
Contract requirements. NISO recognizes that organizations either: 1) provide standard "catalog products" designed for a generic customer, 2) provide products that must be modified or otherwise customized according to specific customer needs or, 3) provide products that can satisfy conditions from 1 and 2.
For standardized (also known as generic) products, an organization shall minimize the producer's risk via its contract review process. This process shall ensure that all requirements needed to clearly identify the product, including applicable delivery requirements, be specified.
For customized products, an organization shall minimize the producers' risk via its contract review process. The contractual process shall ensure that all internal departments associated with the production, scheduling, testing, delivery and/or installation of the product be involved with the contract review process until a final contract is approved to the mutual satisfaction of the producer and the customer. Amendments to contracts shall be subject to the same contractual verification process.
Management's responsibility and review
The interrelationship between each internal customer department shall be defined. In addition, the nature of these interrelationships shall be defined in terms of inputs and outputs from/to other departments.
Each department manager shall establish a list of performance measurements. The purpose of these performance measurements shall be, at a minimum, twofold:
1) To ensure that customer satisfaction is maintained at an acceptable level.
2) To ensure that profitability is maintained at an acceptable level.
Acceptable levels of customer satisfaction and profitability shall be determined by upper management.
Departmental performance measures shall be periodically reviewed by executive management. The purpose of these reviews shall be to ensure that business objectives and customer satisfaction indexes satisfy predetermined targets.
Management commitment to its employees
For each job title, a job description shall be prepared. The job description shall include:
- A description of the tasks or duties (responsibilities).
- If applicable, a list of the occupational, health, safety and environmental training requirements of local, state or national agencies.
- A list of the minimum skills and education and/or training required to perform the various tasks associated with the job.
Management shall periodically evaluate job performance to assess whether further training or other process improvements are required.
Tasks involved with the administration, production, assembly, testing, delivery and/or installation of a product shall be documented. This may include any combination of video, audio and written documents.
As a requirement of this standard, all documents produced shall be controlled to ensure that only the latest revision is available for reference. The organization shall also ensure that it has the latest applicable industry or national standards and any related documents needed for the operation, production, assembly and testing of its products.
Customer's risk: The risk that the customer will fail to define one or more important product characteristics or needs.
Environment: 1) An organization's infrastructure. 2) The soil, water and air surrounding an organization.
Need: That which is necessary.
Organization: Two or more persons whose business is to provide customers with a product. In the well known book The Functions of the Executive, Chester I. Barnard also defines an organization as "A system of consciously coordinated activities or forces of two or more persons."1
Performance measure: A quantitative measure used to assess performance, such as the number of customer complaints received in a week, machine downtime in hours per month, number or invoice errors per day or number of rejected products per unit of time.
Periodically: Repeated with regular frequency. The time intervals need not be equal.
Producer's risk: The risk that a producer (a supplier or vendor) will fail to extract one or more important characteristics and/or needs from the customer.
Product: A collection of one or more pieces of hardware and/or software. Hardware implies that the product is tangible and is likely to be either manufactured or assembled. Software is understood to mean both the coded language used to program computers and the conceptual purpose of the product (consulting, teaching and service activities, for example).
Reasonable return on investment: Any rate of return found adequate by the owners of an organization.
Responsibility: The combination of three distinct definitions yields an understanding of responsibility where NISO is concerned. 1) The late philosopher Hans Jonas said that responsibility is a function of power and authority. To be responsible also means that one can be held accountable for one's action. In that sense, responsibility is thus the "precondition of morality but not yet itself morality."2 2) As Chester Barnard noted, "there cannot be authority without responsibility."3 Barnard, who distinguishes between authority of position and authority of leadership (a wiser form of authority), offers a complex and tortuous definition of authority. 3) Herbert Simon's definition is much more precise and to the point. Simon wrote that "Authority is exercised whenever a person allows his decisions to be guided by decision premises provided to him by some other person."4
Satisfy: To operate at a suboptimal level. This definition is derived from Simon's concept of man as a satisfier agent rather than an optimizer.5 Satisfier decisions are suboptimal decisions because they are based on imperfect knowledge about past and future events. For further explanation, see "Study Suggests Customers Prefer Familiarity Over Quality," which states that customers may be more likely to select a product or service they have had a past experience with than an unknown product or service proven to have superior quality. 6
Socially responsible way: To operate, function or otherwise produce products in a manner that will not knowingly injure or otherwise harm persons.
- Chester I. Barnard, The Functions of the Executive (Cambridge, MA: Harvard University Press, 1968), p. 81.
- Hans Jonas, The Imperative of Responsibility (Chicago: Chicago Press, 1984), pp. 123-192.
- Chester I. Barnard, The Functions of the Executive (see reference 1).
- Herbert Simon, The New Science of Management Decision (Englewood Cliffs, NJ: Prentice Hall, 1977), p. 96.
- "Study Suggests Customers Prefer Familiarity Over Quality," Quality Progress, October 1999, p. 21.
James Lamprecht is an ISO 9000, ISO 14000 and process control consultant. He has a doctorate in regional economics from the University of California, Los Angeles. Lamprecht has written several books for ASQ Quality Press and is an ASQ member. He can be reached at firstname.lastname@example.org.