ISO 9000 and Total Quality

1. ISO 9000: the international standard for quality management systems

ISO 9000 is a family of standards and guidelines related to the quality management system (QMS). It sets the require­ments for the assurance of quality and for management’s involvement. The thrust of ISO 9000 is for organizations to implement a QMS conforming to the standard’s require­ments and, through the consistent, rigorous employment of the QMS, to

  • Improve customer satisfaction by fulfilling customer requirements;
  • Achieve continual improvement of organizational perfor­mance and competitiveness;
  • Continually improve its processes, products, and services; and
  • Comply with regulatory requirements.

It is important to note that ISO 9000 does not specify a level of quality or performance for any product or service provided by an organization. That is left to the organiza­tion to determine with its customers. ISO 9000 is about standardizing the approach organizations everywhere use to manage and improve the processes that ultimately result in their products and services. ISO 9000 is applicable to any organization, whether in the private or the public sector, whether large or small, and applies to those components of the organization that can have an impact on product or service quality. These typically include the departments responsible for engineering/design, purchasing, manufac­turing, quality assurance, and delivery of the organization’s products and services.

When an organization demonstrates conformity to ISO 9001 to an independent (third party) registrar firm, the registrar can certify (or register) the organization. Registration provides assurance to customers worldwide that products or services from the organization can be expected to consistently meet customer requirements. To maintain its registration, the organization must constantly strive to ensure that the QMS continues to function ef­fectively and that it is continually improved. That is done through consistent and rigorous application of the QMS and a system of formal, documented internal audits in interaction with the organization’s top management, in­terspersed with periodic independent audits by the regis­trar firm. Registration may be lost if the registrar’s audits determine that the organization is not conforming to the requirements of its registered QMS.

1.1. The Eight Principles: ISO 9000’s Basis

ISO 9000 QMS is based on eight principles from total quality management (TQM):

  1. Understand the customer’s needs, meet the custom­er’s requirements, and strive to exceed the customer’s expectations.
  2. Establish unity of purpose and organizational direction and provide an environment that promotes employee in­volvement and achievement of objectives.
  3. Take advantage of fully involved employees, using all their abilities for the benefit of the organization.
  4. Recognize that things accomplished are the results of processes and that processes along with related activities and resources must be managed.
  5. The multiple interrelated processes that contribute to the organization’s effectiveness are a system and should be managed as a system.
  6. Continual improvement should be a permanent objec­tive applied to the organization and to its people, pro­cesses, systems, and products.
  7. Decisions must be based on the analysis of accurate, rel­evant, and reliable data and information.
  8. Both the organization and the supplier benefiting from one another’s resources and knowledge results in value for all.

1.2. Plan-Do-Check-Act: ISO 9000’s Operating Principle

Plan-Do-Check-Act is now the operating principle of ISO’s management system standards. Its function is to op­erate in a never-ending loop, as described in the following steps and shown in Figure 14.1, resulting in continual im­provement for products/services, processes, and systems of processes.

  1. Plan. Establish objectives and develop the plans to achieve them.
  2. Do. Put the plans into action.
  3. Check. Measure the results of the action; that is, is the planned action working, or were the objectives met?
  4. Act (or Adjust). Learn from the results of the third (Check) step, make any necessary changes to the plans, and repeat the cycle.

2. ISO 9000’S OBJECTIVE Aims of ISO 9000

The original aim of ISO 9000 was to ensure that the prod­ucts or services provided by registered organizations were consistently fit for their intended purpose. Then the cur­rent version of ISO 9000 raised the standard’s aim to a new level. Customer focus and continual improvement, along with the other six quality management principles that have been incorporated into the standard, are intended to make registered organizations more competitive. This is essentially the same objective as that of total quality management.


No organization is required by any government to use ISO 9000. Some government and corporate customers may well require their suppliers to be ISO 9000 registered (or at least conforming), but usually whether to adopt the ISO 9000 QMS is strictly up to the organization’s management. Once management decides to go with ISO 9000, then it is faced with the task of developing its QMS to conform to the re­quirements of ISO 9001. ISO 9001 lays down the require­ments for what an organization’s QMS must do but does not dictate how the QMS should do it in any particular orga­nization. The organization determines that for itself and, if seeking registration, employs an accredited registrar firm to verify its conformance to ISO 9001. Without getting into details beyond the scope of this chapter, the organization, once registered, must

  • Apply its QMS to its operations according to the standard and exactly as the QMS states.
  • Continually assess the effectiveness of the QMS and make changes to improve it.
  • Conduct periodic internal QMS audits.
  • Submit to external (third party) surveillance audits at least annually by its registrar.
  • Submit to a new registration audit every third year by a registrar.

As mentioned earlier, customer requirements for their suppliers to be registered to ISO 9001 have become wide­spread in several industrial sectors. The U.S. government routinely requires ISO 9001 in its contracts to the defense industry, replacing military requirements (e.g., MIL-Q- 9858A, Quality Program Requirements) having the same or similar objectives. Several global business sectors have adopted ISO 9001 as the basis for quality management sys­tems mandated throughout their supply chains. Each sec­tor has adapted the standard to its unique requirements and renamed the standard accordingly. Organizations in the concerned industrial sectors are required to operate under these tailored standards. For example, an organiza­tion supplying products to the automotive industry should be registered to QS 9000, the auto industry’s version of ISO 9001. Similarly, organizations within the aerospace sector would be registered to AS 9100, the tooling and equipment sector to TE 9000, and the telecommunications sector to TL 9000. ISO 9001 is embedded in each of these standards, along with additional requirements to satisfy the sector’s unique needs.


To secure registration, organizations must develop and use quality management systems conforming to the require­ments of ISO 9001. The first question asked by someone unfamiliar with ISO 9000 is “What is a quality management system?”

We provide the following definition:

The quality management system is composed of all the organizations policies, procedures, plans, resources, pro­cesses, and delineation of responsibility and authority, all deliberately aimed at achieving product or service qual­ity levels consistent with customer satisfaction and the organization’s objectives. When these policies, procedures, plans, and so forth are taken together, they define how the organization works and how quality is managed.

The quality management system will include this documentation:

  1. A quality policy. This statement describes how the organization approaches quality.
  2. The quality manual. This must address each clause of the ISO 9001 standard. It will also typically include an organization chart, or some such device, illustrating management responsibility for operating the quality system. Quality procedures may be part of this manual, or they may be referenced.
  1. Quality objectives. These are the goals related to quality and must be in harmony with the quality policy. Quality objectives are assigned to the relevant orga­nizational functions and levels and are tracked by top management.
  2. Quality procedures. These describe step by step what the company does to meet the quality policy. As a minimum, there will be a procedure for each of the ISO 9001 clauses outlining requirements. There may also be procedures for any processes that can impact quality.
  3. Forms, records, and so on. These provide proof of activities for the firm and for the auditors.

This documentation is used to ensure the necessary consis­tency in the firm’s operations and processes. Auditors use it to verify conformance.


When an organization says it is certified or registered to ISO 9001, one may ask, “By what authority?” You under­stand by now that registration (or certification—they are synonymous, with registration more commonly used in the United States) is awarded by a registrar firm. These firms, sometimes referred to as certification bodies, are almost always private companies that have auditing ex­pertise. Well, then, who gives them the authority to grant ISO 9000 registration certificates? How do we know that they are competent to determine which organizations get registered and which do not? The answer is that all certi­fication bodies for ISO 9000 must themselves be accred­ited by a higher level group called—you guessed it—an accreditation body. There are lots of certification bodies (the registrars) but far fewer accreditation bodies. Now one would think that the authority of the accreditation bodies must emanate from the International Organization for Standardization (ISO), but that is not the case. There is another level of oversight connected with ISO conformity assessment: the International Accreditation Forum (IAF), made up of accreditation bodies, industry representatives, and other stakeholders. Members of the IAF are required to give assurance that they will comply with the interna­tional standards and IAF guidance. The IAF takes its au­thority from Article 6 of the World Trade Organization’s Agreement on Technical Barriers to Trade, which stated the need for bodies involved in conformity assessments (i.e., the registrars) to be proven technically competent through a process of accreditation. The flow of certifica­tion authority from the IAF to the registrar is shown in Figure 14.2.


ISO 9001 standard is intentionally generic so that it can be applied to any given organization, public or private. However, selected industries have found it helpful to tailor ISO 9001 standard specifically for their use. The benefits of developing industry-specific versions of the ISO 9001 standard are that it encourages: (1) the training and de­ployment of auditors with industry-specific knowledge rather than ISO 9000 generalists and (2) a more accurate interpretation of the standard for a given industry. The most widely used industry-specific applications of ISO 9001 are as follows:

  • Developed by the United Kingdom’s Board of Trade specifically for the information technology industry.
  • AS Developed specifically for the aerospace industry.
  • PS 9000. Developed specifically for the pharmaceutical packaging materials industry.
  • ISO/TS 16949. Developed specifically for the automo­tive industry (replaced QS 9000, an earlier version).
  • TL 9000. Developed specifically for the telecommuni­cations industry.
  • ISO 13485. Developed specifically for the medical industry.
  • ISO/TS 29001. Developed specifically for the petro­leum, petrochemical, and natural gas industries.


Whether an organization manufactures a product or provides a service, whether it is a company or a governmental agency, whether it is large or small, ISO 9000 can apply and be used to advantage. There is nothing to prevent an organization from implementing and using a conforming QMS without going through the rigors and expense of actually registering. However, without being registered, credibility becomes an issue. The re­sults could conceivably be the same, whether registered or not— except for a couple of factors. The organization that is registered by a recognized certification body will have more credibility in the world’s marketplace, something that may be crucially im­portant. In addition, the registered organization must conform to ISO 9001 and have an independent third party (the registrar) continually observe its conformance in order to maintain its ISO 9001 certificate. Without that impetus, the unregistered organization may not always feel the pressure to maintain con­formance and may overlook issues that need attention or cor­rection. We recommend that any organization going to an ISO 9000 QMS take the extra step of registration. Either way, the organization that wants a conforming ISO 9000 QMS must go through a process that includes the following steps (steps 5 and 7 are omitted for nonregistering organizations):

  1. Develop (or upgrade) a quality manual that describes how the organization will assure the quality of its prod­ucts or services.
  2. Document procedures (or upgrade existing documenta­tion) that describe how the various processes for design, production, continual improvement, and so on will be operated. This must include procedures for manage­ment reviews and audits.
  3. The organization must secure (and provide evidence of, if registering) top management’s commitment to the QMS and continual improvement.
  4. The organization’s top management must ensure that customer requirements are determined and met.
  5. If registering, the organization must hire an accredited registrar company to examine its systems, processes, procedures, quality manual, records, and related items. If everything is in order and if the registrar is satisfied that the organization is effectively using the QMS, reg­istration will be granted. Otherwise, the registrar will inform the organization of the areas requiring work (but will not tell the company specifically what must be done), and another audit will be scheduled.
  6. Whether registered or not, the organization must con­duct its own internal audits to ensure that the systems, processes, and procedures are working effectively.
  7. Once registered, the outside registrar will make peri­odic audits for the same purpose. These audits must be passed to retain registration.

An important point to remember about ISO 9000 is that the organization has to respond to all ISO 9001 requirements and tell the registrar specifically what it is going to do and how it is to be done. ISO does not tell the organization what it must do or how to do it. To retain registration, the organiza­tion must do what it said it would do.


8.1. Organizational Benefits

ISO claims that beyond customer satisfaction, cost and risk- management benefits will also accrue to the organization. These benefits translate to improved competitiveness—the same as TQM’s objective. ISO claims these benefits result from emphasizing the eight quality management principles on which the standard is based.

8.2. Customer Benefits

Customers want products or services that meet their re­quirements, and they want them at a competitive price. Like TQM, ISO 9000 can help the organization in both areas. Customer requirements will be met if the organiza­tion listens to customers and designs and manufactures its products accordingly. Prices can be more competitive be­cause waste is minimized as improved processes become more efficient, benefiting both the organization and its customers. Customers have increased confidence in the products and services of ISO 9000-registered organizations because they know that appropriate quality management processes are employed and that an independent registrar ensures that this continues to occur.


ISO 9000 and total quality management originated inde­pendently of each other, for different reasons, in differ­ent parts of the world, and at different times. From earlier chapters, you are already familiar with the post-World War II origins in Japan of the total quality movement. ISO 9000 series of standards was originally developed in response to the need to harmonize dozens of national and interna­tional quality standards that then existed throughout the world. To that end, the ISO, a worldwide federation of na­tional standards organizations from more than 158 nations, formed Technical Committee 176 to develop ISO 9000.

ISO 9000 was developed by this international team that includes the American National Standards Institute (ANSI), the U.S. member of ISO. The ANSI was repre­sented by the American Society for Quality (ASQ), its affiliate responsible for quality management and related standards. The first version of ISO 9000 was released in 1987. By that time, the total quality management move­ment was more than 35 years old. As a result of this stan­dard, suppliers of products and services are able to de­velop and employ a QMS that is recognized by all their customers regardless of where on the planet those cus­tomers might be.


There are two principal quality initiatives at work in the world today: ISO 9000 and Total Quality Management. Consequently, it is helpful to explain the relationship be­tween the two. The following statements outline the rela­tionship. Each statement is explained in the sections that follow in this chapter.

  • ISO 9000 and TQM are not interchangeable.
  • ISO 9000 is compatible with, and can be viewed as a sub­set of, TQM.
  • ISO 9000 is frequently implemented in a non-TQM environment.
  • ISO 9000 can improve operations in a traditional environment.
  • ISO 9000 may be redundant in a mature TQM environment.
  • ISO 9000 and TQM are not in competition.

10.1. ISO 9000 and TQM Are Related but Not Interchangeable

Although ISO 9000 made a great leap toward TQM with the 2000 and 2008 releases, they are not yet the same, and probably never will be. By definition, ISO 9000 is concerned only with quality management systems for the design, devel­opment, purchasing, production, installation, and servicing of products and services.

On the other hand, total quality management, by defi­nition, encompasses every aspect of the business or orga­nization, not just the systems used to design, produce, and deploy its products and services. This includes all support systems such as human resources, finance, and marketing. Total quality management involves every function and level of the organization, from top to bottom.

Total quality management also means that manage­ment is responsible for developing the organization’s vision (what it hopes to be at a point in the future), establishing guiding principles (a code of conduct for the organization and all of its employees), and setting the strategy and tactics for achieving the vision within the constraints of the guid­ing principles. In a TQM organization, the vision is pursued with input from an empowered workforce that cooperates and collaborates with management.

Total quality management, based on the teachings of Deming, Juran, Ishikawa, and others, with criteria defined by Deming’s Fourteen Points, Juran’s Ten Steps to Quality Improvement, and the Malcolm Baldrige National Quality Award, is more pervasive and demanding—literally requir­ing the transformation of the organization.

The primary difference between ISO 9000 and TQM is in the degree to which the total organization is involved. Whereas TQM requires the involvement of all functions and levels of the organization, ISO 9000 does not require the QMS to include functions and levels that play only indirect roles in the management and execution of the product or service realization processes. Functions that typically are not involved under the QMS include human resources, finance (accounting), sales, and marketing.

Figure 14.3 illustrates how close ISO 9000’s evolution has brought it to TQM.

TQM is defined as an approach to doing business that attempts to maximize the competitiveness of an organiza­tion through the continual improvement of the quality of its processes, products, services, people, and environments by emphasizing the characteristics listed in Figure 14.3.

10.2. ISO 9000 Is Compatible with, and Can Be Viewed as a Subset of, TQM

Clearly, TQM and ISO 9000 are not quite the same thing. However, there is nothing inherent in ISO 9000 that would prevent it from becoming part of a larger total quality man­agement environment. There are many examples today of companies that have successfully included ISO 9000 as part of a larger total quality effort. Organizations that are already at some level of TQM maturity typically have found it easy to implement ISO 9000. This is because a TQM environment, with its infrastructure of top-management commitment, documented processes and procedures, continuous improve­ment, obsession with quality, and so on, easily supports the requirements of ISO 9000.

10.3. ISO 9000 Is Frequently Implemented in a Non-TQM Environment

Although total quality is compatible with and may well fa­cilitate an ISO 9000 implementation, it is by no means a prerequisite for ISO 9000. In fact, it is safe to say that the majority of ISO 9001-registered organizations have not fully adopted total quality—at least, not yet.

10.4. ISO 9000 Can Improve Operations in a Traditional Environment

By “traditional environment,” we mean an organizational en­vironment that has persisted in companies for decades, until the total quality management movement began to change things. A traditional organizational environment is one that still operates according to the “old way of doing things” rather than according to the principles of TQM.

When ISO 9000 is implemented by a traditional organi­zation, the company should be the better for it. We will not go so far as to say it will be the better for it because much depends on the organization’s reasons for adopting ISO 9000 and the degree of executive-level commitment to it. Put another way, if ISO 9000 is approached inappropriately and for the wrong reasons, it can become nothing more than a marketing ploy, and the organization’s functional departments might develop even more problems than they had before ISO 9000.

10.5. ISO 9000 May Be Redundant in a Mature TQM Environment

Just as ISO 9000 should help traditional organizations, it should also benefit TQM organizations. However, in an organization that has achieved a high level of maturity in its total quality journey—say, in the 400-600 range on the Baldrige scale of 1,000 points—all ISO 9000 criteria may already be in place. In such a case, the only compelling reason for registration under ISO 9001 would be for mar­keting purposes. What would a company such as Toyota gain from ISO 9000 registration? Probably nothing. It al­ready does everything required by ISO 9000. Its products and processes are recognized as world class. Consequently, it wouldn’t gain even a marketing advantage. However, there are many fine TQM organizations that are not as well known as Toyota. Such organizations, even though they may already meet or exceed the requirements of ISO 9000, may find it necessary to register in order to let potential customers know that their products or services satisfy the international standard.

10.6. ISO 9000 and TQM Are Not in Competition

This is not a case of one or the other. Organizations can adopt TQM or ISO 9000, or both. While there may be those who advocate one to the exclusion of the other, in the larger scheme of things the two concepts fit well with each other. Both have worthwhile and similar aims. Our view is that not only are TQM and ISO 9000 compatible but they also actually support each other and are complementary. There are good reasons for using both in a single management system.


Management motivation for adopting either ISO 9000 or TQM can vary widely. There are both appropriate and in­appropriate motives. For example, if a company seeks ISO 9001 registration merely to obtain a marketing advantage, its motive is inappropriate. As a result, the organization will likely give little more than lip service to adopting the stan­dard. Appropriate motives for adopting ISO 9000 include the following:

  • To improve operations by implementing a QMS that satisfies the ISO 9000 requirements for management responsibility; resource management; product real­ization; and measurement, analysis, and continual improvement
  • To create or improve a QMS that will be recognized by customers worldwide
  • To improve product or service quality or the consistency of quality
  • To improve customer satisfaction
  • To improve competitive posture
  • To conform to the requirements of one or more major customers (although adoption would be better motivated by internal considerations, such as the preceding five)

What we are saying here is that, ideally, management will adopt ISO 9000 as a way to make real improvements in the company’s operations, serve its customers in a more responsible way, and, as a result, be more successful. This approach is more likely to ensure commitment and partici­pation by top management. Approaching ISO 9000 from a strictly marketing perspective may result in a negative reac­tion to the amount of work required by the functional de­partments and in only enough management commitment to do the bare minimum for registration. In other words, if ISO 9000 is viewed as a necessary evil that one must adopt to compete in certain markets, every dollar and every hour spent on ISO 9000 will be seen as a burden to be endured rather than an investment in the organization’s future. By definition, a burden is a load that is difficult to bear; the connotation is negative. When negative feelings abound among employees, commitment to ISO 9000 will suffer. It may be possible to fool the ISO 9000 registrar’s auditor, but we guarantee that customers will not be fooled for long. Newfound markets will soon wither and disappear. If ISO 9000 is to have a real and permanent effect, it must be ap­proached with a positive attitude and the unwavering com­mitment of top management.


We have discussed the fact that ISO 9000 and TQM are different in scope and were developed from different per­spectives but now have similar requirements and objectives. Today, more than ever, the two concepts are compatible. With the exception of certification and audits, TQM requires everything required by ISO 9000 registration. However, even a mature TQM organization, one that does everything it would do under ISO 9000 and more, may not have the worldwide recognition afforded by ISO 9000 registration. There is no corresponding international certification for TQM. For this reason, even the mature TQM organization may find it necessary to seek ISO 9000 registration as a way to satisfy the demands of its customers. On the other hand, a traditional organization that is registered under ISO 9001 may find that it needs the larger TQM implementation to become or stay competitive. ISO 9001 registration can be a good first step into TQM.

In fact, people who understand both ISO 9000 and total quality have concluded that the two are compatible and that ISO is properly seen as a subset of total quality.

12.1. Movement from ISO 9000 to TQM and Vice Versa

An organization that has its processes documented and under control, such as a company involved in total quality management, should find it relatively easy to prepare for ISO 9000. Correspondingly, a traditional organization that has successfully registered under ISO 9001 will have a head start, should it decide to implement total quality. The major issues with ISO 9000 are securing top-management commit­ment, focusing on customer requirements and satisfaction, and documenting processes and procedures. Total quality management requires the same.

12.2. ISO 9000 as an Entry into Total Quality Management

How to get started is always an issue for organizations just beginning their total quality journey. Organizations begin­ning the process may find that a good strategy is registration to the ISO 9001 standard. ISO 9000 preparation projects can be pursued as the entry projects for implementing total qual­ity management.

We have already discussed the fact that ISO 9000 and total quality are compatible, making many of the same de­mands on the organization, and also that ISO 9000 is, for all practical purposes, a subset of total quality. For an organiza­tion that is attempting to adopt total quality and that would also benefit from ISO 9000, our 20-step implementation pro­cess should be considered (see section “An Implementation Approach That Works” in Chapter 22). At the planning phase, steps 12 through 15, the initial implementation ap­proach should be designed to include the steps necessary for ISO 9001 registration. By adopting this strategy, the organi­zation will be engaged in both a total quality management implementation and an ISO 9000 preparation. ISO 9000 ef­fort will benefit from the total quality preparation phase by having the following components: an executive-level steer­ing committee, a vision with the attendant guiding prin­ciples, a set of broad objectives, baselines on employee and customer satisfaction, an objective view of the organization’s strengths and weaknesses, and an indication of which em­ployees at all levels can be counted on for support during the implementation. In addition, the organization will have a well-thought-out means of communicating with employ­ees and all other stakeholders to keep them apprised of the changes taking place, why they are happening, and what they will mean to everyone.

The recommendations in the preceding paragraph apply to organizations that have not yet implemented total quality or ISO 9001 but that are thinking about it. However, what about the organization that has already started working on ISO 9000 or has already achieved registration? How should such an organization approach the larger task of implement­ing total quality? The effort expended on ISO 9001 clearly should be seen as a head start, assuming ISO 9001 registra­tion is approached as a way to improve the organization and not simply as a marketing gimmick. To the degree that the organization has already accomplished the early steps of the 20-step implementation process for total quality man­agement, count it as progress toward the eventual complete implementation of TQM.

This organization should go back and execute any steps that have not already been completed before moving on. For example, there is no requirement in ISO 9001 for forming a steering committee (Step 2) composed of the top manag­ers, so it is doubtful one has been established. Similarly, steps 3 (team building for the steering committee) and 4 (total quality training for the steering committee) are not required by ISO 9000 and will not have been done. The same may be said for steps 5, 8, 9, 10, and 11. ISO 9001 does not re­quire registered organizations to have a vision statement or a set of guiding principles under which the organization will operate.

Nothing in ISO 9001 would require an examination of organizational strengths and weaknesses or the baselining of employee and customer satisfaction. All of these should be done for TQM, and all will benefit ISO 9000. Having gone back to complete steps 1 through 11, the steering committee should start its planning phase by incorporat­ing its ISO 9001 activities into the total quality initiative, using steps 12 through 17, and then expand beyond ISO 9000 from there.

In summary, the organization that is already involved in ISO 9000 should see itself as having a head start on the larger TQM implementation. One that has started neither, although seeing TQM and ISO 9000 as beneficial, might ap­proach ISO 9001 as a logical part of the initial total quality journey.


13.1. Credibility of the Standard

Consider for a moment the importance of credibility as related to ISO 9000 registrations. ISO 9000 is viable as a standard only as long as its registrations are honestly and competently issued. If that cannot be assured, then ISO 9000 will die. Many, including the authors, believe that the cred­ibility of ISO certification has become diluted because there has been insufficient oversight of the registrars. Some are excellent, but others have been less than stellar in their as­sessments and awarding of certificates. To correct this prob­lem, ISO, together with the International Electrotechnical Commission (IEC), has issued standard ISO/IEC 17021, which is designed to assure confidence in the registration process. It places rigorous requirements for competence and impartiality on the certifying bodies. Registrar conformity will be verified by the accrediting bodies, both by reviewing the registrar’s organization, personnel, and procedures and by observing actual audits performed by the registrar. With this step, ISO has implemented a critical safeguard for the credibility of ISO 9000.

13.2. Updating ISO 9000

ISO 9000 has been revised three times since its original re­lease. The 2000 version incorporated major changes in the standard as it was being developed and improved through the incorporation of features from total quality manage­ment. The 2008 version has few significant changes.


Since the development of the first ISO standard in 1987, the standard has been updated periodically to reflect lessons learned and changes in the international business arena. The various updates to ISO 9000 are summarized as follows:

  • ISO 9000:1987. This initial version of the ISO 9000 standard contained three models for quality management systems. It was structured like the United Kingdom’s BS 5750 Standard. The three models for quality management systems were: (1) ISO 9001:1987—Quality Assurance in Design, Development, Production, and Installation Services; (2) ISO 9002:1987—Quality Assurance in Production, Installation, and Servicing (did not cover the development of new products); and (3) Quality Assurance in Final Inspection and Test. This version re­quired mountains of paperwork as evidence of compli­ance with documented procedures. Many organizations thought the “cure” was worse than the “disease” when ap­plying this version of the standard.
  • ISO 9000:1994. This version continued to require comprehensive evidence of compliance with properly documented procedures, but it did begin to move toward process improvement by emphasizing preventive actions rather than just checking the final product. However, it was a burdensomely bureaucratic standard in which the “cure” was still worse than the “disease.”
  • ISO 9001:2000. This version combined ISO 9001, 9002, and 9003 into one document that is ISO 9001. The dis­tinguishing feature of this version is that it was brought more closely in line with the basic tenets of quality man­agement. For example, the most significant change is that this version of the standard makes process management its centerpiece. It also requires active involvement of an organization’s executives. In other words, it does not allow responsibility for ISO registration to simply to be delegated to mid-ranking personnel and forgotten about. A final significant change in this version is its goal of im­proving organizational effectiveness through the applica­tion of performance metrics.
  • ISO 9001:2008. This version is not substantively differ­ent from ISO 9001:2000, but there are several additional requirements that are important. These are as follows: (1) The quality policy must be a formal statement from upper management that is linked to the organization’s business and management plan, (2) The quality policy must be understood and used by all personnel at all levels, (3) All personnel must have measureable work objectives, (4) The quality system is audited regularly for confor­mance and effectiveness, (5) Decisions about the qual­ity system are based on recorded data, (6) Records allow problems to be traced to their source by including where and how raw materials were processed, (7) The organi­zation must have a comprehensive system for commu­nicating with customers about any and all aspects of the relationship, (8) Product development must have planned stages with testing at every stage, and test results must be documented to indicate whether the product meets all applicable requirements, (9) Organizational performance must be regularly reviewed, and (10) The organization must have documented procedures for dealing with nonconformances.
  • ISO 9001:2015. As of this writing, the new ISO 9001:2015 standard will be a major revision that will bring quality more in line with business and the strate­gic aspects of an organization rather than treating it like a separate entity. For example, the Quality Policy and Quality Objectives in the QMS will have to be compatible with the strategic direction of the company. A major re­vision will be in the area of ISO 9001:2015 intro­duces the concept of risk-based thinking and requires organizations to consider and plan for four types of risk: (1) organizational risk, (2) strategic risk, (3) compliance risk, and (4) operational risk.

ISO 9001: The Contents

When the original three ISO standards—9001, 9002, 9003— were combined to create ISO 9001:2000, the contents of the new document were also standardized. The contents of ISO 9001 are now as follows:

  • Foreword
  • Introduction
  • Requirements

Section 1: Scope

Section 2: Normative Reference

Section 3: Terms and Definitions

Section 4: Quality Management System

Section 5: Management Responsibility

Section 6: Resource Management

Section 7: Product Realization

Section 8: Measurement, Analysis, and Improvement

Organizations seeking ISO 9000 registration are re­quired to address all eight sections of the standard, but only sections 4 through 8 require implementation within the QMS.

Source: Goetsch David L., Davis Stanley B. (2016), Quality Management for organizational excellence introduction to total Quality, Pearson; 8th edition.

Leave a Reply

Your email address will not be published.