ISO 9001: Why It Still Matters

Generally, there is no one right way to apply the standard – as long as it conforms to the requirements.

Are you aware that when you Google ISO 9001:2015, you will get over 76 million results? There are about 209 million hits if you type ISO 9001 (without the date). For a document that has been around for more than 35 years and only has 29 pages, that’s not bad at all.

There are 1.2 million organisations around the world who are certified to the ISO 9001 quality management system (QMS). Why do organisations continue to implement this quality management system (QMS)? Has the model stayed the course? Why is it valuable – what makes it appealing? Is there a reason why companies still rely on ISO 9001 certification as a benchmark for managing their supply chains?

In a nutshell, it works. It fulfils its commitments. A solid yet flexible foundation is established. As well as being generic enough to apply to a variety of industries and service sectors, it is specific enough to provide global homogeneity of some key concepts. In addition, the institute has continually monitored and revised it to ensure its relevance over the years.

ISO 9001’s hallmarks for success can be gleaned from a short overview. All organisations are affected by the concepts and processes described in the document. Topics covered include:

• Definition of operations

• Identification of processes

• Provisions for training and/or qualification of personnel

• Ability to understand and fulfill customer requirements

• Controlled design and development activities

• Maintenance of an adequate infrastructure

• Supply chain management

• Performance monitoring and metrics

• Established practices for dealing with problems

• Structured and protected documentation

  No matter if it is a single shop or a multi-site operation, simple or complex – these ideas are somehow manifested. Both small and large companies can benefit from the standard. This is regardless of whether they manufacture one product in modest quantities or sell millions of skews manufactured by dozens of subcontractors. In addition, it applies to service organisations whose services are their “products.” There is no one single right way to apply the standard, as long as it complies with the requirements.

Despite its overuse in this international standard, doing what you say and saying what you do remains a core principle.

In order for a QMS to be effective, these activities must be woven into the fabric of the whole. If it doesn’t create value for the organisation or isn’t effective, it’s worthless. In order to get from where we are to where we need to be, monitoring becomes a crucial part of the process.

It may vary from company to company how they monitor their QMS’s effectiveness. If a company states, “Our quality objectives are on-time delivery and zero rejects,” then those are their performance metrics. Large corporations may have dashboards that track dozens of activities, product attributes, environmental controls, labor standards, customer calls, quotation turnaround rates, and carbon footprints. That’s okay, too. Monitoring methods and the resulting analysis must be appropriate, consistent, reliable, and usable in every instance.

ISO 9001:2015, the current revision, emphasises concepts that can contribute to effectiveness. These concepts are briefly summarised below.

Risk-based thinking

The standard is peppered with references to risk. Risk refers to the possibility of something going wrong. The opportunity for improvement is paired with it, which is interesting. There is the possibility of unexpected consequences in both instances, and taking action to mitigate a risk or take advantage of an opportunity is necessary. Taking action or anticipating a risk is directly related to the next three concepts.

Identify internal and external issues

You must consider these factors in order to sustain your organisation and serve your customers. Depending on your industry, they may be fairly common and ongoing or unique. Staffing shortages, equipment obsolescence, new technology, and competitive designs are examples of these factors. Scarcity of a precious raw material, a drought, or the retirement of several key technicians may be very specific or short-lived. Of course, a pandemic is also possible. As described in ISO 9001:2015, “…consistently provide products and services that meet customer and applicable statutory and regulatory requirements.” if you fail to address the issues.

Interested parties

The term stakeholders is also used to refer to interested parties. A problem can’t exist without interested parties, whether it’s internal or external. Consider them to be the who behind the what (an issue). There are three types of interested parties: those who affect your organisation, those who are affected by your organisation, and those who perceive themselves to be affected by your organisation. Among the examples are:

• competitors who slash their prices

• customers who revise their requirements to address climate change initiatives

• suppliers who have been negatively impacted by international logistical problems

• regulators who revise product specifications or material restrictions

• financial institutions who revamp their lending policies

• temp employment agencies that discontinue pre-qualification protocols

• baby boomers retiring

• local zoning board changing by-laws where you were intending to build a new facility

• technical school that provides interns going out of business

Identifying relevant factors from the ultra-critical to the humdrum is easier through consistency and control. In the same way, interested parties should be treated equally. With vigilance, it is possible to mitigate instances in which interested parties inadvertently cause harm to your business. In actualising the requirements related to internal and external issues, as well as interested parties, the biggest benefit is bringing consistency to these monitoring activities. The organisation can better manage the output of this monitoring: change.

Change control

There is no such thing as a positive or negative change in and of itself. Depending on how it affects planned results or intended outputs, it can lead to either a risk or an opportunity. It is the degree to which the output of the change can be predicted, while considering both internal and external factors. This determines whether the change leads to an unforeseen problem or an actualised opportunity. It is clearly stated in the standard that the organisation should consider the purpose of the change, potential consequences, the availability of resources, and the authority and responsibility for the change. In spite of the fact that there is one clause of the standard specifically relating to planning changes to the QMS, the concept of change permeates throughout multiple sections. The ISO 9001 standard provides companies with a blueprint for handling change: determining what needs to be done, deciding who is in charge, delegating authority, providing resources, executing the plan, then checking the results – all while keeping an eye out for problems that could interfere with your plans or interested parties that could be affected.

The perpetual cycle of monitoring issues, processes and interested parties continues as processes change, product is shipped out the door, staff turnover occurs, and the supply chain shrinks or grows.

All in all, an ISO 9001 system that is well managed isn’t just a nice idea. This is a sound business decision. It remains a simple, elegant, and uncomplicated model for ensuring customer satisfaction while achieving success for your organisation.