IX Международная студенческая научная конференция Студенческий научный форум - 2017
МЕЖДУНАРОДНЫЙ СТАНДАРТ ISO 9000
Полная версия работы доступна во вкладке "Файлы работы" в формате PDF
Third-party certification bodies provide independent confirmation that organizations meet the requirements of ISO 9001. Over one million organizations worldwide are independently certified, making ISO 9001 one of the most widely used management tools in the world today. However, the ISO certification process has been criticized as being wasteful and not being useful for all organizations.
Background
ISO 9000 was first published in 1987 by ISO (International Organization for Standardization). It was based on the BS 5750 series of standards from BSI that were proposed to ISO in 1979. However, its history can be traced back some twenty years before that, to the publication of the United States Department of Defense MIL-Q-9858 standard in 1959. MIL-Q-9858 was revised into the NATO AQAP series of standards in 1969, which in turn were revised into the BS 5179 series of guidance standards published in 1974, and finally revised into the BS 5750 series of requirements standards in 1979 before being submitted to ISO.
Reasons for use
The global adoption of ISO 9001 may be attributable to a number of factors. A number of major purchasers require their suppliers to hold ISO 9001 certification. In addition to several stakeholders' benefits, a number of studies have identified significant financial benefits for organizations certified to ISO 9001, with a 2011 survey from the British Assessment Bureau showing 44% of their certified clients had won new business. Corbett et al. showed that certified organizations achieved superior return on assets compared to otherwise similar organizations without certification. Heras et al. found similarly superior performanceand demonstrated that this was statistically significant and not a function of organization size. Naveha and Marcus claimed that implementing ISO 9001 led to superior operational performance in the U.S. automotive industry. Sharma identified similar improvements in operating performance and linked this to superior financial performance. Chow-Chua et al. showed better overall financial performance was achieved for companies in Denmark. Rajan and Tamimi (2003) showed that ISO 9001 certification resulted in superior stock market performance and suggested that shareholders were richly rewarded for the investment in an ISO 9001 system.
While the connection between superior financial performance and ISO 9001 may be seen from the examples cited, there remains no proof of direct causation, though longitudinal studies, such as those of Corbett et al. (2005) may suggest it. Other writers, such as Heras et al. (2002), have suggested that while there is some evidence of this, the improvement is partly driven by the fact that there is a tendency for better performing companies to seek ISO 9001 certification.
The mechanism for improving results has also been the subject of much research. Lo et al. (2007) identified operational improvements (e.g., cycle time reduction, inventory reductions) as following from certification. Internal process improvements in organizations lead to externally observable improvements. The benefit of increased international trade and domestic market share, in addition to the internal benefits such as customer satisfaction, interdepartmental communications, work processes, and customer/supplier partnerships derived, far exceeds any and all initial investment.
ISO 9000 series Quality Management Principles
The ISO 9000 series are based on seven quality management principles (QMP)
The seven quality management principles are:
QMP 1 – Customer focus
QMP 2 – Leadership
QMP 3 – Engagement of people
QMP 4 – Process approach
QMP 5 – Improvement
QMP 6 – Evidence-based decision making
QMP 7 – Relationship management
Principle 1 – Customer focus
Organizations depend on their customers and therefore should understand current and future customer needs, should meet customer requirements and strive to exceed customer expectations.
Principle 2 – Leadership
Leaders establish unity of purpose and direction of the organization. They should create and maintain the internal environment in which people can become fully involved in achieving the organization's objectives.
Principle 3 –Engagement of people
People at all levels are the essence of an organization and their full involvement enables their abilities to be used for the organization's benefit.
Principle 4 – Process approach
A desired result is achieved more efficiently when activities and related resources are managed as a process.
Principle 5 – Improvement
Improvement of the organization's overall performance should be a permanent objective of the organization.
Principle 6 – Evidence-based decision making
Effective decisions are based on the analysis of data and information.
Principle 7 – Relationship management
An organization and its external providers (suppliers, contractors, service providers) are interdependent and a mutually beneficial relationship enhances the ability of both to create value.
Contents of ISO 9001:2015
A fish wholesaler in Tsukiji, Japan advertising its ISO 9001 certification.
ISO 9001:2015 Quality management systems — Requirements is a document of approximately 30 pages which is available from the national standards organization in each country. Only ISO 9001 is directly audited against for third party assessment purposes. Outline requirements for ISO 9001:2015 are as follows:
Requirements
Section 4: Context of the Organization
Section 5: Leadership
Section 6: Planning
Section 7: Support
Section 8: Operation
Section 9: Performance evaluation
Section 10: Improvement
Essentially the layout of the standard is similar to the previous ISO 9001:2008 standard in that it follows the Plan, Do, Check, Act cycle in a process based approach, but is now further encouraging this to have risk based thinking. (section 0.3.3 of the introduction)
Before the certification body can issue or renew a certificate, the auditor must be satisfied that the company being assessed has implemented the requirements of sections 4 to 10. Sections 1 to 3 are not directly audited against, but because they provide context and definitions for the rest of the standard, not that of the organization, their contents must be taken into account.
The standard no longer specifies that the organization shall issue and maintain documented procedures, however ISO 9001:2015 requires the organization to document any other procedures required for its effective operation. The standard also requires the organization to issue and communicate a documented quality policy, a Quality Manual (which may or may not include documented procedures) and numerous records, as specified throughout the standard. New for the 2015 release is a requirement for an organization to assess risks and opportunities (section 6.1) and to determine internal and external issues relevant to its purpose and strategic direction (section 4.1) Interpretations of how the standards requirements are a matter for the organization to demonstrate, and an external auditor to determine, the effectiveness of a quality management system. Further detail, interpretation and examples of implementation are often sought by organizations seeking more information in what can be seen as a very technical area.
Certification
International Organization for Standardization (ISO) does not certify organizations itself. Numerous certification bodies exist, which audit organizations and, upon success, issue ISO 9001 compliance certificates. Although commonly referred to as "ISO 9000" certification, the actual standard to which an organization's quality management system can be certified is ISO 9001:2015 (ISO 9001:2008 will expire by around September 2018). Many countries have formed accreditation bodies to authorize ("accredit") the certification bodies. Both the accreditation bodies and the certification bodies charge fees for their services. The various accreditation bodies have mutual agreements with each other to ensure that certificates issued by one of the accredited certification bodies (CB) are accepted worldwide. Certification bodies themselves operate under another quality standard, ISO/IEC 17021, while accreditation bodies operate under ISO/IEC 17011.
An organization applying for ISO 9001 certification is audited based on an extensive sample of its sites, functions, products, services and processes. The auditor presents a list of problems (defined as "nonconformities", "observations", or "opportunities for improvement") to management. If there are no major nonconformities, the certification body will issue a certificate. Where major nonconformities are identified, the organization will present an improvement plan to the certification body (e.g., corrective action reports showing how the problems will be resolved); once the certification body is satisfied that the organization has carried out sufficient corrective action, it will issue a certificate. The certificate is limited by a certain scope (e.g., production of golf balls) and will display the addresses to which the certificate refers.
An ISO 9001 certificate is not a once-and-for-all award, but must be renewed at regular intervals recommended by the certification body, usually once every three years. There are no grades of competence within ISO 9001: either a company is certified (meaning that it is committed to the method and model of quality management described in the standard) or it is not. In this respect, ISO 9001 certification contrasts with measurement-based quality systems.
Evolution of ISO 9000 standards
The ISO 9000 standard is continually being revised by standing technical committees and advisory groups, who receive feedback from those professionals who are implementing the standard.
1987 version
ISO 9000:1987 had the same structure as the UK Standard BS 5750, with three "models" for quality management systems, the selection of which was based on the scope of activities of the organization:
ISO 9001:1987 Model for quality assurance in design, development, production, installation, and servicing was for companies and organizations whose activities included the creation of new products.
ISO 9002:1987 Model for quality assurance in production, installation, and servicing had basically the same material as ISO 9001 but without covering the creation of new products.
ISO 9003:1987 Model for quality assurance in final inspection and test covered only the final inspection of finished product, with no concern for how the product was produced.
ISO 9000:1987 was also influenced by existing U.S. and other Defense Standards ("MIL SPECS"), and so was well-suited to manufacturing. The emphasis tended to be placed on conformance with procedures rather than the overall process of management, which was likely the actual intent.
1994 version
ISO 9000:1994 emphasized quality assurance via preventive actions, instead of just checking final product, and continued to require evidence of compliance with documented procedures. As with the first edition, the down-side was that companies tended to implement its requirements by creating shelf-loads of procedure manuals, and becoming burdened with an ISO bureaucracy. In some companies, adapting and improving processes could actually be impeded by the quality system.
2000 version
ISO 9001:2000 replaced all three former standards of 1994 issue, ISO 9001, ISO 9002 and ISO 9003. Design and development procedures were required only if a company does in fact engage in the creation of new products. The 2000 version sought to make a radical change in thinking by actually placing front and centre the concept of process management (the monitoring and optimisation of a company's tasks and activities, instead of just inspection of the final product). The 2000 version also demanded involvement by upper executives in order to integrate quality into the business system and avoid delegation of quality functions to junior administrators. Another goal was to improve effectiveness via process performance metrics: numerical measurement of the effectiveness of tasks and activities. Expectations of continual process improvement and tracking customer satisfaction were made explicit.
ISO 9000 Requirements include:
Approve documents before distribution;
Provide correct version of documents at points of use;
Use your records to prove that requirements have been met; and
Develop a procedure to control your records.
2008 version
ISO 9001:2008 in essence re-narrates ISO 9001:2000. The 2008 version only introduced clarifications to the existing requirements of ISO 9001:2000 and some changes intended to improve consistency with ISO 14001:2004. There were no new requirements. For example, in ISO 9001:2008, a quality management system being upgraded just needs to be checked to see if it is following the clarifications introduced in the amended version.
ISO 9001 is supplemented directly by two other standards of the family:
ISO 9000:2005 "Quality management systems. Fundamentals and vocabulary"
ISO 9004:2009 "Managing for the sustained success of an organization. A quality management approach"
Other standards, like ISO 19011 and the ISO 10000 series, may also be used for specific parts of the quality system.
2015 version
In 2012, ISO TC 176 - responsible for ISO 9001 development - celebrated 25 years of implementing ISO 9001, and concluded that it is necessary to create a new QMS model for the next 25 years. This is why they commenced the official work on creating a revision of ISO 9001, starting with the new QM principles. This moment was considered by important specialists in the field as "beginning of a new era in the development of quality management systems." As a result of the intensive work from this technical committee, the revised standard ISO 9001:2015 was published by ISO on 23 September 2015. The scope of the standard has not changed, however, the structure and core terms were modified to allow the standard to integrate more easily with other international management systems standards.
The 2015 version is also less prescriptive than its predecessors and focuses on performance. This was achieved by combining the process approach with risk-based thinking, and employing the Plan-Do-Check-Act cycle at all levels in the organization.
Some of the key changes include:
Greater emphasis on building a management system suited to each organization's particular needs
A requirement that those at the top of an organization be involved and accountable, aligning quality with wider business strategy
Risk-based thinking throughout the standard makes the whole management system a preventive tool and encourages continuous improvement
Less prescriptive requirements for documentation: the organization can now decide what documented information it needs and what format it should be in
Alignment with other key management system standards through the use of a common structure and core text
Inclusion of Knowledge Management principles
Auditing
Two types of auditing are required to become registered to the standard: auditing by an external certification body (external audit) and audits by internal staff trained for this process (internal audits). The aim is a continual process of review and assessment to verify that the system is working as it is supposed to; to find out where it can improve; and to correct or prevent problems identified. It is considered healthier for internal auditors to audit outside their usual management line, so as to bring a degree of independence to their judgments.
Under the 1994 standard, the auditing process could be adequately addressed by performing "conformance auditing":
Tell me what you do (describe the business process)
Show me where it says that (reference the procedure manuals)
Prove that this is what happened (exhibit evidence in documented records)
The 2000 standard uses a different approach. Auditors are expected to go beyond mere auditing for rote conformance by focusing on risk, status, and importance. This means they are expected to make more judgments on what is effective, rather than merely adhering to what is formally prescribed. The difference from the previous standard can be explained thus:
Under the 1994 version, the question was broad: "Are you doing what the manual says you should be doing?", whereas under the 2000 version, the questions are more specific: "Will this process help you achieve your stated objectives? Is it a good process or is there a way to do it better?"