Increase ISO 9001’s Value
by Sandford L. Liebesman
ISO 9001 describes a basic, effective quality management system (QMS). Compliance to its requirements is the starting point toward achieving excellence in an organization.
Some, but not many, organizations use ISO 9004 to go beyond the basic QMS. Additions to an ISO 9001 compliant QMS can act as the first steps toward excellence.
I have been auditing organizations to ISO 9001 since 1992. A part of my philosophy has been to suggest opportunities for improvement. Here, I’ll focus on the most effective add-ons to an ISO 9001 compliant QMS.
Clause 8.5.1 of ISO 9001 deals with continual improvement and says an organization should continually improve the effectiveness of its QMS through use of the quality policy, quality objectives, audit results, analysis of data, corrective and preventive action and management review.1
There are four major problems with the way this clause is written:
- It does not include QMS planning.
- It has no requirement for a process to accomplish continual improvement.
- It does not state who is responsible for compliance with this requirement.
- It does not suggest a defined measurement of effectiveness to show improvement.
First, clause 8.5.1 does not reference 5.4.2, QMS planning. Certainly the planning of the QMS should be part of the improvement process and is a simple addition to any QMS.
Second, as an added value, I suggest organizations document an improvement program similar to the one in TL 9000, the sector specific ISO 9000 spin-off for the telecommunications industry.2 TL 9000 requires organizations to establish and maintain a documented quality improvement program to improve customer satisfaction; quality and reliability of the product; and other processes, products or services used within the organization.
Two issues remain: the responsibility for the improvement program and measuring the effectiveness of the QMS. I suggest specifically identifying top management as the responsible party and adding a quality objective for quality system effectiveness in clause 5.4.1, quality objectives. Top management would have to define the measure, which could be as simple as an index developed from a balanced scorecard.
Customer and Supplier Communication
Some ISO 9001 requirements can be improved through better communication between an organization and its customers and suppliers. Clause 5.2, customer focus, requires top management to ensure “customer requirements are determined and met with the aim of enhancing customer satisfaction.” This ties directly into three clauses: 7.2.1, determination of requirements related to the product; 7.2.3, customer communication; and 8.2.1, customer satisfaction.
My experience with these requirements is that well-run quality organizations have innovative ways to communicate with their customers. Again, TL 9000 provides tools for improving customer communication by requiring top management’s active involvement in relationship development, a strategy and criteria for customer selection, methods for sharing joint expectations and holding regular joint reviews that include resolution of issues.
A key to customer communications is use of an effective method of determining customer satisfaction. I’ve found this to be weak in many organizations I audit, the excuse being that very few customers respond to surveys. I also occasionally hear, “The number of customer complaints is down this month.”
The added value I usually suggest is for each salesperson to take along a copy of the satisfaction survey when visiting a customer and have the customer complete the survey at that time. This generally results in improvements in customer satisfaction information.
Communication with suppliers is also a key factor in well-run organizations. Clause 4.1, general requirements, says organizations should ensure control over outsourced processes. I suggest to organizations that compliance with clause 5.4.2, QMS planning, should include inputs from suppliers, outsourced processes and customers. The overall added value of communication with customers and suppliers is to make them part of the planning process. This is especially important during the design and development of new products.
Clause 4.1, general requirements, requires identification of the processes needed for the QMS; their sequence and interaction; methods of assuring their effectiveness; provision of necessary resources and information required for their operation; and monitoring, measurement, operation and improvement of the processes.
For an organization wanting to strengthen its process approach, the following suggested add-ons have proven effective:
- Identify an owner for each process, making that person responsible for assuring effective operation of the process.
- Define the inputs and outputs of each process as part of the QMS.
- Define the constraints on the operation of each process, in addition to the resources needed.
- Identify the activities of each process in terms of the plan-do-check-act (PDCA) cycle, thus providing a tool for continual improvement of each process.
The process approach also should have an effect on internal auditing. An added value for internal audits is to structure each audit around the organization’s processes. Process auditing built on PDCA provides a much more effective feedback mechanism than checklist audits because organizations operate in terms of their processes. Opportunities for improvement will be more readily identified when auditing these processes.
Product Realization Planning
In ISO 9001, product realization planning covers activities such as determining objectives and requirements for the product; establishing needed processes, documents and resources; lifecycle activities such as verification, validation, monitoring, inspection and tests; and establishing records that show that product requirements have been met.
What is missing is a view of products—and services—over time.
The added value for product realization is to include a life cycle model of the product or service.
TL 9000’s life cycle model provides a good example that includes “the processes, activities and tasks involved in the concept, definition, development, production, operation, maintenance and disposition of the product.”
TL 9000 also describes new product introduction and end of life planning.
Another aspect of product realization planning in TL 9000 that should be included in an ISO 9000 QMS is disaster recovery. Hurricane Katrina in New Orleans illustrates the need for development of disaster recovery plans as a part of any effective QMS. In addition to natural disasters, problems such as loss of key suppliers, homeland security issues, failure of manufacturing equipment, loss of computer systems, software virus attacks and loss of key personnel should be considered.
Risk management has gained national prominence with the passage of the Sarbanes-Oxley Act.3 One aspect of the law is a requirement that an organization have a system of internal controls, including a risk management element.4 Risk management should be added to ISO 9001, clause 5.4.2, covering QMS planning.
A leading risk for any organization today is the supply chain. I’ve suggested that clients add specific requirements on identifying supply chain risk to clause 5.4.2.
Clause 8.4 of ISO 9001 requires analysis of data gathered on the following:
- Customer satisfaction.
- Conformity to product requirements.
- Characteristics and trends of processes and products including opportunities for preventive action.
The information obtained as a result of data
analysis provides opportunities for risk identification. The
trends observed in the data are good predictors of future risks.
They should be used as major inputs to the organization’s
risk analysis process. Identi-
fication of risks should lead to preventive actions managed using clause 8.5.3 of ISO 9001.
One set of tools for identifying preventive actions for manufacturing organizations is called Design for X.5
An example is design for manufacture in which mock-ups or simulations of manufacturing processes are used to develop designs that consider the ability to manufacture the product. Other examples are design for test and design for assembly.
Customer Supplied Documents and Data
TL 9000 requires control of customer supplied documents and data. This should be added to ISO 9001 because it is essential for maintaining good customer relationships. Most organizations use the same tools for control of customer supplied information as for control of internal documents and data but have ways to identify customer documents and data.
Competence, Awareness And Training
In clause 6.2.2, competence, awareness and training, I suggest adding train-the-trainer classes for all instructors and developing good methodology for on-the-job training that periodically requires trained employees to demonstrate competence to other members of the organization.
The current revision of ISO 9001 scheduled for completion in 2008 is an amendment of the current standard. The changes are minimal and do not address some of the needs of organizations wanting to extend their QMS toward excellence.
The additions I’ve identified can be used by quality managers as a first step toward excellence of their QMSs. They also should be considered by the standards committee drafting the revision to ISO 9004.
- ISO 9001:2000, Quality Management Systems—Requirements, International Organization for Standardization, 2000.
- The QuEST Forum, TL 9000 Quality Management System Requirements Handbook, release 3.0, ASQ Quality Press, 2001.
- Sarbanes-Oxley Act of 2002, U.S. House of Representatives, 2002.
- Sandford Liebesman, “Mitigating SOX Risk With ISO 9001 and 14001, Quality Progress, September 2005, pp. 91-93;
- Design for X, www.betterproductdesign.net/guide/design4X.htm.
SANDFORD L. LIEBESMAN has more than 30 years’ experience in quality at Bell Laboratories, Lucent Technologies and Bellcore (Telcordia) and is currently a quality management system consultant with the Kohl Group and an auditor with KEMA Registered Quality. He is the author of TL 9000, Release 3.0: A Guide to Measuring Excellence in Telecommunications, second edition, and Using ISO 9000 To Improve Business Processes. Liebesman is a member of ISO Technical Committee 176 and the ANSI Z-1 Committee on Quality Assurance. He is certified by RABQSA as an ISO 9000 lead auditor.