Since it was originally conceived in 1987, some 250,000 organizations around the world have registered to ISO 9000.

In 1994, the standard was changed, but only around the edges. Now for 2000, ISO 9000 has again been revised. But the new standard, called ISO 9000:2000, is a radical revision.

It will require organizations that have previously been certified to update their current quality systems. It will also change the ground rules for organizations that are seeking or will seek registration in the future. National standards bodies, registrars, consultants and the rest of the apparatus that has grown up around the standard now have to contend with a whole new set of challenges and opportunities.

Like its predecessor, ISO 9000:2000 is a series of interrelated documents (three for ISO 9000:2000), each of which has a different function. ISO 9000 deals with fundamentals and vocabulary; ISO 9001, which is the heart of the new revision, states the requirements for the new system; ISO 9004 provides guidance for implementation and fleshes out ISO 9001.

In view of the impact of this revision and the costs it will entail, organizations have many questions and concerns: Do we have to register to the new standard? How long is our current certification good for? Why the change? What’s the difference between the old ISO and the new ISO? How will it change the way we run our business? Who will benefit from the new standard? Who will be hurt? Will it be more difficult to implement the new ISO than the old ISO?

This article will address these and other key issues.

Figure 1/ Process Model for ISO 9000:2000

ISO 9000:2000 and ISO 9000:1994: A Comparison

The two standards offer a different model for quality. ISO 9000:1994 defines quality around 20 key elements a company uses to effectively and consistently produce products and services it provides. The standard was originally designed for application to manufacturing companies that produce widgets, although it can and has been adapted to apply to processing companies and service organizations. The primary purpose is to assure customers that the certified company produces products at a consistent level of quality.

The quality model in ISO 9000:2000 is quite different. Instead of 20 elements, it is based on a process model that any effective enterprise can use, whether it manufactures parts, processes chemicals or provides services. Instead of 20 elements, the model, as laid out in the new ISO 9001, has four sections: Section 5: Management Responsibility; Section 6: Resource Management; Section 7: Product Realization; and Section 8: Measurement, Analysis, Improvement.

The other sections in ISO 9001 support the model: Sections 0 through 3 provide background. Section 4: Quality Management System is a precursor to the process model itself, describing the obligations of the organization in establishing a documented QMS.

The four sections in the standard contain all the requirements for the new ISO stated in more generic and less prescriptive terms than in the previous 20 element model. This lack of specificity makes it easy for enterprises of all sorts to fit their operations to the new ISO.

Although the new model may be simpler and less prescriptive than its predecessor, the requirements are a quantum leap forward and in line with progressive thinking in the quality field. The model’s four sections function similar to the Plan-Do-Check-Act (PDCA) improvement process popularized by W. Edwards Deming. This is much more rigorous than the 1994 ISO’s watchwords: “Do what you document, document what you do and prove it.”

How Does ISO 9000:2000 Exceed its Predecessor? Where is the Quantum Leap?

In comparison to its predecessor, ISO 9000:2000 actually features several quantum leaps forward. Following are the key changes.
  • Voice of the Customer. The graphic depiction of the process model in Figure 1 shows the power of the customer in the new standard. It’s bookended by two drivers: “Customer Requirements” drive the input and “Customer Satisfaction” drives the output. The organization will need methods in place to describe and monitor the needs and desires of each customer for each order, and will need processes and procedures in place to measure and analyze customer satisfaction.

    Critics have long complained that a company could make “concrete life preservers” and still be registered to ISO 9000. ISO 9000:2000 helps put that criticism to rest.

  • Continual Improvement. Under ISO 9000:2000, it won’t be enough for an organization simply to measure customer satisfaction; it will need to improve the level of satisfaction. It will also have to measure and improve internal processes. Continual, or continuous, improvement is a core theme in the new version of ISO 9000 and inherent in the model’s PDCA structure.

    Continual improvement is one of the essential goals of quality. Continually improving defect rates, with consequent increased customer satisfaction, is a core value of Deming and TQM. Although many — including the authors of this article — believe that continual improvement was always implied in ISO 9000, continual improvement is now a clearly defined requirement throughout the 2000 revision.

  • Management Responsibility. Management’s role in the previous ISO 9000 was that it was required to establish quality policy, commit adequate resources, conduct a management review and appoint a management representative to supervise the QMS. But, for the most part, under ISO 9000:1994, the QMS was largely the responsibility of quality professionals.

  • Executive management plays a far more central role with the new standard. In ISO 9000:2000, management responsibility is expanded so that management presides over a multi-step version of the Plan-Do-Check-Act process. This process includes the following requirements.



Step 1. Policy. Management is obligated to establish an appropriate quality policy that incorporates a commitment to continual improvement and meeting customer requirements.

Step 2. Objectives. This policy must establish a framework for reviewing quality objectives that are set “at relevant functions and levels within the organization.”

Step 3. Planning. Objectives are set in conjunction with a plan that identifies the activities and resources necessary to achieve it. The planning “shall be consistent with other requirements of the quality system.”

Step 4. Quality-Management System. Management is responsible for the organization establishing a QMS as a means of implementing the quality policy with its associated objectives and plans, as well as the requirements of the standard.

Step 5. Management Review. Although ISO 9000:1994 required a management review, this element is much expanded in the new version. In this new model, management’s check of the QMS specifically includes a review of policy and objectives to find opportunities for continual improvement. On the basis of this review, management is required to take actions — among other things — “relating to the improvement of the quality-management system.”

This process, which begins with setting policy and moves to management review with continual improvement as the output, is similar to the way the PDCA process is outlined in ISO 14001, the Environmental Management System Standard. The compatibility between ISO 14001 and the new ISO 9000 should permit organizations to develop complementary systems for the two standards. [Appendix A of ISO 9001:2000 offers tables that show the correspondence between ISO 9001 and ISO 14001.]

  • Resource Management. The 1994 standard contains a paragraph (4.1.2.2) that requires management to provide necessary resources. It also contains requirements for training (4.18). These kernels are expanded in the 2000 revision to be one of the four clauses, “6.0 Resource Management,” in the Process Model. The section spells out a range of specific resources, including human resources, management leadership must provide or make available, i.e., adequate numbers of competent people, the training necessary to ensure competence, infrastructure, work environment, suppliers and partners, and financial resources.

    These advances are embodied in the standard’s eight Quality Management Principles (see Figure 2). They emphasize the importance of customer focus, leadership, involvement of people at all levels, the process approach, systems and objectives, continual improvement, importance of accurate data and analysis, and the significance of supplier relationships — a mirror image of the focus on the customer.



Updating to ISO 9000

Every element of its predecessor can be mapped onto the new ISO 9001. Moreover, since the new version requires written procedures, the familiar four-tier pyramid structure for documentation need not change, although it can be simplified under the new standard, e.g., Policy Manual and Tier 1 procedures can be combined. Thus, an organization’s current ISO system can be the foundation for its successor.

However, much of the existing documentation may need to be remapped and expanded to meet the requirements of the new standard. In many cases, these revisions can be substantial. As an indication of the degree of change, 12 of the elements in ISO 9000:1994 have been reduced to sub-clauses in its successor.

Also, some new procedures will need to be produced to accommodate new requirements and subject matters. For example, there is nothing in ISO 9000:1994 that addresses elements in its successor such as 5.2 Customer Focus, 5.4 Planning, 5.5.4 Internal Communication, 6.2 Human Resources, 7.2.1 Identification of Customer Requirements, 7.2.3 Customer Communication, 8.2.1 Customer Satisfaction, and 8.5 Improvement.

This need not be as overwhelming as it seems. Much of what is new in ISO will not be new to many well-run companies. Virtually every business enterprise or entrepreneur understands that to be successful an organization must do the following.

  • Have an effective strategic business planning process in place.

  • Carefully monitor the needs and requirements of its customers.

  • Satisfy its customers.

  • Have an array of metrics to measure the performance of its internal processes and its success at satisfying its customers.

  • Continually seek to improve its operations, products, and services to succeed, grow, and prosper.

Organizations may already have business processes in place to reach at least some of these objectives, which correspond to the requirements of ISO 9000:2000. Under the new standard, once formalized and disciplined, these business processes will become procedures folded into the business or quality-management system required by ISO 9000:2000. Many companies may be far closer to satisfying the requirements of ISO 9000:2000 than simple comparison to their current ISO 9000-based QMS suggests.

Advantages and Disadvantages of the New Standard

The following describes how the new ISO will benefit everyone the old ISO did, except more so. By incorporating such advances as continual improvement and customer satisfaction, the new standard yields a more effective platform. It will help companies improve their operations and increase their competitiveness. With the improvements, customers will benefit. As a result, ISO 9000:2000 will have far more weight with customers than its predecessor.

Many companies have a QMS and a business-management system. ISO 9000:2000 encourages enterprises to combine the two. Such a combination should result in a streamlined organization devoted to a single model with everyone pulling together.

ISO 9000 was originally designed for manufacturing plants. Over the years it’s been adapted to other types of organizations, such as service companies. But in many cases the fit was problematic and results seemed inadequate. So in many areas, ISO 9000 hasn’t really caught on. It’s not surprising that the majority of certifications have been to manufacturing organizations, particularly to those that produce discreet parts/products.

By contrast, the new version is more generic so that it will apply universally, thereby increasing its appeal to large new classes of enterprise. With this broader appeal, the number of certifications under the 2000 revision is expected to double.

The downside of the new standard is that it will, over time, require currently certified organizations to invest additional time and resources in meeting the requirements of the new standard.

Some organizations will find this less of a challenge than others. For example, companies with strategic/ business planning processes and procedures in place to measure customer satisfaction will have a head start. Companies that have achieved ISO 9000 as a means of improving their business processes will also have an edge, since the new standard will move them further down the path they were already on.

Companies that have made only a minimal commitment to ISO 9000, who embraced it as a necessary evil — only to gain a marketing advantage or meet the demands of customers — may think the new ISO 9000 hurts them. This may be true, but it doesn’t change the fact that ISO 9000:2000 offers considerable advantages to them and their customers.

The Transition to ISO 9001:2000 from Previous Standards

The transition is essentially the same whether a company was registered ISO 9001, 9002 or 9003. ISO 9001:2000 contains a clause (1.2 Permissible Exclusions) for excluding or modifying requirements so that companies registered under ISO 9002 and ISO 9003 can adapt their quality-management systems to ISO 9001:2000. ISO 9002 and 9003 thus become obsolete.

The three ISO 9000:2000 documents — ISO 9000, ISO 9001, and ISO 9004 — have been circulating in various draft forms since December 1998. ISO 9000:2000 is scheduled to be published as an International Standard in the fourth quarter of 2000.

Upon publication, an organization will have a maximum of three years to adopt the new standard. In that time, QMSs conforming to either the 1994 or 2000 standard will be acceptable. To meet the deadline, organizations should start adopting the new requirements during their surveillance audits. Thus, if all goes according to plan, the conversion process should be complete by the beginning of 2004.

The Draft International Standard, which was published at the end of 1999, is expected to be the same as the final draft, except for cosmetic changes. As a result, companies, registrars and consultants can begin taking steps to anticipate the transition. But at this point, the registrars and other apparatus that oversees certification is not yet set up. No certifications based on the draft documents will be acceptable. So, no registrations can be made until the international standard is published, targeted year-end 2000.

As a rule of thumb, organizations that are either already in the process of registering to ISO 9000 or need to get registered by the end of 2000 could register to the current 1994 version. However, they should begin modeling their system around ISO 9000:2000 in anticipation of the conversion that follows.

Implementing the New Standard

In general, the implementation process should not be significantly different for the 2000 revision than it was for the previous version.

However, a key point should be considered. Under ISO 9000:1994 an organization could choose to exclude activities they performed such as design control (4.4) from the scope of their registration and seek certification to ISO 9002. Under ISO 9001:2000, businesses will no longer have the option of excluding activities they actually perform. Under the new regime, if you do it, you must include it as part of your ISO 9001 system.

Following are the basic steps for a conversion.

1. Get copies of the standard and review them. Although ISO 9001 is the key document, since it contains the requirements, ISO 9004 is also central. ISO 9004 provides guidance and fleshes out ISO 9001, which is generic and sparsely written.

2. Set up a core implementation or conversion team. If possible, reconstitute the team used in your original registration effort. This team will bear the primary responsibility for managing the initiative.

3. Contact your registrar to discuss options and obtain input. If you don’t have the expertise internally to carry out the transition, consider hiring an outside consulting and training organization.

4. Conduct a gap analysis to determine the gaps between your current systems and the requirements of the new ISO 9000. It’s useful to start with Annex B of ISO 9001, which provides tables that show the correspondences between the 1994 and 2000 versions.

Gap analysis should not be confined to your QMS. You should also consider the elements of your business-management system and other business processes that may be candidates for incorporation into ISO 9000:2000. For example, if you survey your customers to get feedback on your organization’s products and performance, you have, at least, the initial groundwork for the customer satisfaction process required in the new version.

5. Determine how you should structure your documentation. The simplest way to organize the conversion of your current documentation is to revamp it to the new system without changing the existing numbering or organization. You could then use an index or matrix, which shows how the two systems relate. This may be simpler in the short term, but could create complexities down the road.

The alternative is to renumber and restructure your current documentation into the new system. This will take more work up front but will create a more streamlined system in the long run.

6. Determine whether you have new training needs. You may wish, for example, to seek out instruction in setting up a business operating system based on the Plan-Do-Check-Act process, in establishing a continuous improvement system or in designing customer satisfaction processes.

By incorporating such factors as customer satisfaction and continual improvement, ISO 9000:2000 moves closer to the principles of TQM than its predecessor. At the same time, it retains the discipline of third party assessment, registration and surveillance that has made ISO 9000 so successful. It’s an inevitable evolution that offers substantial benefits to organizations, their customers and their suppliers.

For more information on ISO certification, call 800/508.9044; e-mail eaglegus@aol.com; visit www.eaglegroupusa.com.

Links