ISO 9000 Quality Management Standards (Archived Report)

PDF version of this report
You must have Adobe Acrobat reader to view, save, or print PDF files. The reader
is available for free

ISO 9000 Quality
Management Standards

by James G. Barr

Docid: 00016571

Publication Date: 1310

Report Type: STANDARD


The International Organization for Standardization
(ISO) Series 9000 Quality Management Standards are a group of general and
industry-specific concepts and guidelines, designed as a means to certify
that organizations were complying with quality control processes to deliver
quality products to their customers. ISO 9001:2008 is the latest iteration
of the compliance-measurement standard. It is the only one of the standards
that is subject to certification and registration. The most recent standard,
ISO 9004:2009, was officially published in November 2009 and replaces the
ISO 9004:2000 standard. ISO 9004:2009 was adopted to help management assure
the continued improvement and sustained success of Quality Management System
implementations. This report details the ISO 9000 series standards and their
implications for process management.

Report Contents:


[return to top of this report]

ISO 9000 is a family of standards that
provides general and industry-specific guidelines for quality management

Faulkner Reports
14000 Quality Management Standard
Quality Management Tutorial
Sigma Methodology Tutorial

The general standard, ISO
9000:2005, provides fundamental concepts and key definitions that are used in
subsequent ISO standards and provides guidance for their use. It is a
standard meant for use by the business or government sector, although there are
industry-specific sub-standards. ISO 9001:2008 is the only standard of the
series that is subject to certification and registration, although
certification is not required to claim “compliance”. When a company
states that it is ISO 9000 certified, it means that an accredited
third party inspected the company’s processes and found them to be
in compliance with the current ISO 9001 standard. The accredited
third party then issues a certificate to the company and records the
certification in a client registry. The ISO does not issue
certifications or accreditations.

ISO 9001-2008 was adopted on November 14,2008 and is the latest
iteration of the QMS Requirements. Certificates for ISO 9001:2008 began to be
issued 12 months after publication, and 24 months
after publication, all certificates issued against 9001:2000 were invalidated.

There are four main components of the ISO 9000 family.

  1. ISO 9000:2005 – Quality
    Management Systems (QMS) Fundamentals and Vocabulary. This standard provides
    the definition of fundamental terms for the entire family of standards. This is
    the initial starting point for all organizations. The update was issued in
    October 2005 but does not change the basic definitions of ISO 9000. The new
    umbrella standard does add some explanation to the definitions.

  2. ISO 9001:2008 – QMS Requirements. In November 2008, ISO
    released the latest ISO 9000 standard, which replaces ISO 9001:2000.
    The 2008 standard is evolutionary over the previous version and does
    not include any new requirements but merely clarifies portions of the
    2000 version. The four distinct areas that are most likely to affect
    enterprises are: Governance, Supply Chain, Working Environment, and
    Measurement. The standard is used to assess whether an organization is
    able to meet customer and regulatory requirements and address customer

  3. ISO 9004:2009 – QMS Guidelines for Sustained Success. The
    standard provides a QA approach for continued improvement over time.

  4. ISO 19011:2011 – Guidelines on QMS
    or Environmental Management Systems Auditing. The standard provides guidance on internal and
    external audits to be used to manage QMS and/or EMS.
    It provides the auditing foundation for both ISO 9000 and ISO 14000.

ISO 9000 Compliance

ISO 9000 is the most sought after standard
to indicate an organization’s dedication to quality management. The need
for quality standards was brought about because vendors were being asked
to justify their internal quality control procedures to their customers,
and each customer had a different view of "quality". The repeated demand for quality in the production cycle significantly
increased a company’s operating costs. The International Organization for
Standardization (ISO) responded by promoting a single, consistent
international quality standard and ultimately reducing the compliance
costs for multi-national enterprises. This effort lead to the creation
of the ISO 9000 quality management series, first developed in the
late 1980s. The ISO 9000 series represents an
internationally supported compilation of the best quality practices in

the requirements of ISO 9001:2008 is time consuming and often requires
fundamental changes to a company’s production and business processes.
investment provides a return-on-investment, in time, because being qualified
indicates that a
company’s manufacturing or service processes passed a rigid set of
internationally developed quality standards, eliminating most of the need for QMS demonstrations for customers. A customer selecting an
ISO 9000 supplier is reasonably assured of receiving a quality product or service.

ISO 9001 compliance is also beneficial to a company because it helps to
formalize a quality control program and to reduce production costs through
the standardization of operations. It also aids in training new employees,
allowing a manager to show a recruit “the book” that
illustrates the steps required to be performed in any given job.

Competing Standards &

[return to top of this report]

The ISO 9000 standards are not only international, but virtually universal.
In fact,
ISO 9001:2008 is implemented by over one million companies and organizations
in over 170 countries.

While there are no actual competing standards for QMS, there are
several methodologies that are being used by organizations in lieu of or in
conjunction with the
requirements if ISO 9001. The following are the two most

  • Total Quality Management – Comprises a philosophy of
    management accountability for the quality of goods and services
    delivered by an enterprise. TQM advocates assert that any product,
    process, service, or methodology can be improved by continuing to focus
    on customer needs, developing and using the potential of employees, managing
    business processes, and using reliable data to improve procedures. TQM
    can be seen as an over-arching program that could include ISO 9001
    compliance, but is not a necessity.
  • Six Sigma Methodology – Can be seen as a program, methodology,
    and ideal to implement and work with on an ongoing basis. It promises
    improved product quality at a lower cost than ISO 9001. Primarily for
    quality control in manufacturing processes, Six Sigma seeks to Define,
    Measure, Analyze, Improve, and Control (DMAIC) businesses processes in much
    the same way as ISO 9001 does.

Current Version

[return to top of this report]

The successful implementation of an ISO 9000 program relies on several
simple but extremely important underlying principles, including the
following: customer focus, quality definition, process improvement,
standardization, measurement, variation reduction, continuous improvement,
open communications, empowerment, and teamwork.

Customer focus is the most important concept behind ISO 9000. Quality,
according to ISO 9000, means satisfying the needs of the customer; under
some circumstances quality can include exceeding the expectations of the
customer. If the customer is satisfied, it signifies that the supplier
provided a quality product. Unlike business re-engineering, which often
requires that new processes be put in place, ISO 9001 improves on existing
processes. No process is taken for granted, and none are considered meaningful unless
leading to customer satisfaction.

ISO 9000 requires an element of predictability in processes, implying
standardization, which applies to a wide range of “elements”
within a process, such as the tools used in producing a product or
providing a service, and the specific techniques involved. Without
standardization, process improvement becomes complex, if not impossible. With standardization comes the capability to measure the performance of
one or more processes. With effective measurements, managers can address
the cause or causes of a problem rather than its symptoms. Tools
such as flow charts, cause-and-effect diagrams, Pareto diagrams, control
charts, scatter diagrams, and checklists are available to represent process performance and to help identify
improvements. Raw statistical data is collected, analyzed, and put into
the tools.

Standardization and measurement allow employees to improve
processes. They can look for deviations from the standards, determine the
true cause, and take corrective action. The tools enable the
identification of areas that slow or obstruct process performance,
which could allow delivery of a product that fails to address the
requirements of the customer. The effort to reduce significant deviation
can lessen waste, shorten lead times, and lower costs.

The ISO 9000 series of standards, especially the recently adopted ISO
9004:2009, stresses the need to continually challenge the status quo.
Essentially, it requires employees to recognize that there is always a
better way to accomplish a task; nothing is “etched in stone.”
Continuous improvement requires the unrelenting questioning of processes.
The “old way” of doing business is not necessarily the best way.
The best approach to improve product quality and increase customer
satisfaction is to constantly ask: Is this the best way to satisfy the
customer’s needs? This requires teamwork. ISO 9004:2009 is designed to provide
sustained success for an organization over the long haul.

For teamwork to occur, open communication is a prerequisite. Different
business and technical specialists must exchange information to define,
implement, and maintain an improved process. Open communications must also
exist vertically as well as laterally. Management must encourage dialog
to allow the free exchange of ideas to improve processes. Failure to keep
the dialog open between a company and its customers, for example, may
result in a product that the company thought that the customers would want
(but in reality do not).

Management participation and commitment are important in implementing
any quality program, ISO 9000 included, because proper implementation is a
company-wide process. Not only does management have to offer verbal
support for the initiative, but also monetary, budgetary, and
strategic support, asking the question “how does quality
management fit into our business?” Without these support elements,
employees may treat the quality initiative as a passing fad. Not only is participation from management staff and industrial
engineers important, but also that of the “rank-and-file.” The
idea is that the people doing the work may know best how to fix problems.
This comes about when employees have the autonomy, skills, and knowledge to
address issues affecting the quality of output. This empowerment affords
two benefits: it engenders greater involvement and commitment by
employees, and it encourages accountability for their actions and
self-management. Management must adhere to less traditional views
concerning its workforce. It must view employees as a reservoir of
knowledge and expertise, and it must trust their judgment.

Quality control and improvement programs require that everyone function
as a team to study and improve processes. Each member plays a significant
role in understanding existing processes and identifying improvements.
Teamwork, however, does not end there. It is required to establish
improved processes, employ measurement criteria, and execute standards for
implementing an improved process. This cooperation is even necessary after
an improved process goes into effect.


basis of ISO management system standards is the Plan-Do-Check-Act
(PDCA) cycle. The concept is deceptively simple. First, Plan your
implementation. Part of the plan is to determine the expected results and
the metrics to indicate whether the process is successful or if it is

Next comes the implement (Do) step. This consists of putting the process and the measurement implementation into place.

Check the obtained results with the expected results and the planning
metrics. Determine if the process is nominal or out of compliance.

Finally, Act on the information to correct any deficiencies in the process and to make
the improvements that affect the customer.

ISO 9001:2008. The latest version of the ISO 9001 quality requirements
standard makes improvement in four areas that were not well defined by ISO

  • Governance – There are two new
    distinctions in governance. The first has to do with management
    representation. The 2000 standard called for "management representation"
    throughout the documentation and quality assurance processes, but did
    not dictate the form of management representation. Consequently, in many
    organizations, management appointed staffers to be their representative. The 2008
    standard is more restrictive and requires that the representative be a
    member of the management  team. The second major change in governance is mandating management’s
    relationship to findings by the accredited third-party audit teams. The
    latest standard specifies that management is responsible for any corrective
    or mitigating actions to bring non-conforming processes into

  • Supply Chain

    Similarly, there are two significant changes affecting the management of
    suppliers. The first is that a firm is responsible for monitoring the
    risks to quality associated with its suppliers’ compliance with statutory
    requirements. For example, if a supplier is known to be out of compliance
    with laws about emissions, that supplier could be shut down and unable to
    deliver critical components. The second
    change is that processes that are purchased or outsourced are subject to
    the quality management system; while management can choose to transfer the
    operation of a process to a supplier of one sort or another, management is
    always responsible for maintaining end-to-end quality.
  • Working Environment
    – One of the big changes involving the 2008 standard is expansion of
    what constitutes the working environment. In addition to traditional
    concerns like machine safety, employers need to monitor environmental
    factors such as noise level, temperature, and humidity. In fact, all
    relevant factors that can affect employees’ health must be tracked and
  • Measurement
    The new standard expands product realization
    activities to include measurement. Quality must be tracked
    throughout the manufacturing (or other realization) process and not just
    assessed at the final stages. In fact, management is responsible for the instrumentation and measurement
    of all processes and the corresponding impact
    that out-of-conformance processes have on quality.

ISO 9004:2009. ISO 9004:2009 adds information on managing for
the sustained success of an organization. The standard has undergone
substantial changes to its structure and contents. ISO 9004 is intended to
go beyond ISO 9001 and examine satisfaction for interested parties.
Sustained success for an organization is the result of its ability to
achieve and maintain its objectives in the long term. The achievement of
sustained success for any organization is a complex and demanding
challenge in an ever-changing environment. ISO 9004:2009 lists four
necessities to achieve sustained success:

  • Meeting the needs and expectations of an organization’s customers.
  • Effectively managing the organization.
  • Realizing thorough awareness of the organization’s environment.
  • Continuing to learn and improve for the long term.

The ISO 9004:2009 standard is designed to:

  • Provide organizations with guidance and support to achieve sustained
    success by the QMS approach. It can be used by any organization,
    regardless of size, type, and activity.
  • Promote self-assessment as an important tool to discover the
    maturity level of an organization. It covers leadership, strategy,
    management systems, resources, and processes to identify areas of
    strength and weakness and opportunities for improvements and
  • Provide a wider focus on quality management than ISO 9001,
    addressing the needs and expectations of all relevant interested
  • Be used alongside ISO 9001 and other management system standards,
    but can also be used independently.

ISO 9004:2009 Is not intended for certification, regulatory, or
contractual use.

ISO 19011:2011. ISO 19011:2011 provides guidance on auditing
management systems, including the principles of auditing, managing an
audit program, and conducting management system audits, as well as
guidance on the evaluation of competence of individuals involved in the
audit process, including the person managing the audit program,
auditors, and audit teams.

The standard is considered a part of both the ISO 9000 family of Quality
Management standards and the ISO 14000 family of Environmental Management standards.


A company’s ISO 9001 compliance is audited
either by ISO member organizations or third parties that have been
recognized by the ISO as qualified examiners. Companies seeking ISO
registration may even employ third-party quality consultants to assist
in the preparation and review of compliance documentation prior to the actual site assessment visit by the ISO
examiner. If the company passes the site assessment, the ISO examination
firm issues a certificate evidencing that the company is compliant with
the applicable ISO standards.


[return to top of this report]

ISO technical committee ISO/TC 176, Quality
management and quality assuranc
e, subcommittee SC 2, Quality
, is preparing the next generation of quality management
standards with ISO 9001:2015.

ISO/TC 176/SC 2’s vision is for its quality products
(primarily ISO 9001 and ISO 9004) to be "recognized and respected worldwide,
and used by organizations as an integral component of their sustainable
development initiatives."

The revised 9001 standard, due in 2015, should,
according to its preliminary design:

  • Provide a
    stable core set of requirements for the next ten (10) years or more.
  • Remain generic, and
    relevant to all sizes and types of organization operating in any sector.
  • Maintain the current focus
    on effective process management to produce desired outcomes.
  • Take account of changes in
    quality management systems practices and technology since the last major
    revision in 2000.
  • Reflect changes in the
    increasingly complex, demanding, and dynamic environments in which
    organizations operate.
  • Enhance compatibility and alignment with other ISO
    management system standards.
  • Facilitate effective
    organizational implementation and effective conformity assessment by
    first, second, and third parties.
  • Use simplified language
    and writing styles to aid understanding and consistent interpretations
    of its requirements.1


1 Nigel H. Croft. "ISO 9001:2015 and beyond – Preparing for the
next 25 years of quality management standards." ISO. August 28, 2012.

[return to top of this report]

About the Author

[return to top of this report]

James G. Barr is a leading business continuity analyst and

business writer with more than 30 years’ IT experience.  A member of

"Who’s Who in Finance and Industry," Mr. Barr has designed,

developed, and deployed business continuity plans for a number of Fortune

500 firms.  He is the author of several books, including

[return to top of this report]