You can hardly open an industry-related magazine without seeing an article on or reference to ISO 9000. The debate surrounding the value of the standard has taken on near-theological dimensions, with separation into "believers" and "nonbelievers," both of whom argue their position with fervor and intensity in an attempt to prove the other side wrong. As sometimes happens in these cases, the myth, ideology and rhetoric usually mask a misunderstanding of the standard's intent and create a hopeless muddle of conflicting information.
Myths
Common myths include:
It's a European standard-ISO 9000
is actually not a "European standard"; the International Organization
for Standardization, based in Switzerland, is comprised of industry groups
from many industries worldwide. In fact, the ISO 9000 series is written
by ISO's Technical Committee 176, whose U.S. industry representation is
substantial. The standard, in its entirety, has been adopted by more than
80 countries, including the United States, Mexico and Canada. It's only good for large companies-ISO
9000 is not designed only for large companies that can afford the cost of
adopting the standard. When companies realize the standard's intent, it
becomes clear that the standard requires a simple, logical quality system,
appropriate to any size company. It doesn't foster continuous improvement
or improve product quality-One common criticism of the standard is all that
a company needs to receive and maintain compliance is paperwork and a bureaucracy
to guard it, while the product quality remains unimportant. This is far
from correct. Though the standard does not explicitly require continuous
improvement, it does require a system for review and correction, and implementation
of corrective and preventive actions, which in essence form the Deming plan-do-check-act
continuous-improvement loop. Thus, companies making bad product will undoubtedly
hear about it either from their customers (customer complaints), or their
own process (nonconformities and corrective actions) or from problems related
to suppliers through the purchasing system. A company should be able to
use its review-and-correction system, consisting of corrective actions,
internal audits and management reviews, to ensure that its system weeds
out the problems and can assure consistency in producing those products
or services it deemed of good quality. It's outdated and meaningless-Some
of the more outspoken critics of ISO 9000 argue that the quality industry
has moved beyond the standard's requirements. As an example, these critics
point to the leaders in quality (whose superlative quality systems are usually
the result of several decades and many millions of dollars) and claim that
these organizations will not realize any benefit from registration because
their quality system is at a much higher level. However, analysis of this
argument reveals that the concern is not with ISO 9000 compliance, but with
ISO 9000 registration. Actually, these companies' quality systems probably
already contain the elements of ISO 9000, but they feel that industry knowledge
of their reputation nullifies the need for registration.In fact, Motorola and Hewlett-Packard, which have proposed another route of ISO 9000 registration (Supplier Audit Confirmation), have modified their proposal. Initially, their (especially Motorola's) criticism was mainly about ISO 9000 being an "inferior" standard. The criticism shifted toward the third-party registration practice being too rigid and not giving credit to the companies' excellence. The latest Supplier Audit Confirmation communiqué (dated May 5), which includes feedback from registrars, incorporates the fact that companies at the level of Hewlett-Packard and Motorola are a minority within U.S. industry and that for the Supplier Audit Confirmation to function properly, it should contain a well-defined criteria for eligibility.
Organizations such as these represent only a small minority of U.S. companies; the remaining vast majority are likely to find that not only are they missing some elements of the basic quality system defined by the standard, but also that registration will provide the necessary proof of their quality system level for their customers (and potential customers).
ISO 9000's main strength, and the value of its adoption worldwide, is that customers purchasing from firms that comply with the standard can be assured two things: Their suppliers have at least a fundamental quality system that will help ensure quality in products or services produced, and that it's based on the same standard used by their other suppliers worldwide (instead of each country having different standards, with different criteria and different results).
Compliance or registration?
Some confusion regarding the standard comes from a misunderstanding of two aspects associated with ISO 9000, compliance and registration. Compliance means having a system that meets the requirements of the relevant ISO 9000 standard (9001, 9002 or 9003). Registration involves the third-party assessment of this compliance and issuance of a certificate if compliance is indeed verified. While often not mandated, registration is popular because it represents a convenient way of proving that a company's quality system meets the standard.
How should we use it?
The ISO 9000 standard (namely 9001, 9002 and 9003) should be viewed as a template consisting of 20 elements (see Figure 1). Every company, large or small, has basic processes, which are those processes transparent to the customer, i.e., from order entry through design (if applicable), purchasing, process control, handling, storage, packaging and delivery, and servicing (if applicable).
In general, the customer is not concerned with the identity of the company's manager or quality assurance manager, or whether the suppliers' employees have job descriptions. The rest of the standard, however, ensures that not only does the company identify and measure those processes for consistency, but is also learning, reviewing, correcting and controlling those processes. In order to secure the system's effectiveness, the company's management should be committed to the process.
Ample evidence exists showing that compliance with the standard is beneficial to any size company. For example, using the standard as a tool resulted in one company achieving significant reduction in cycle time (from order to delivery) on its five products (see Figure 2). Interestingly, the major reduction in cycle time was attributed to "nonproductive" issues such as improved purchasing (subcontractor qualification) and better understanding of customers' wants and needs (contract review/order entry).
Compliance with the standard can be beneficial for small and large companies alike. Tad Chapman of Analytical Solutions, a small, eight-employee company, says: "Compliance with the standard meant we had to understand our entire process better than we did before. One unexpected benefit was the actual reduction in paper [due to "housecleaning" and streamlining of proc-esses and procedures] rather than having a paperwork increase."
Earl Major, quality director of AlliedSignal Aerospace, who currently has 60 percent of the company's facilities registered, views ISO 9000 as a quality system "housecleaning tool."
"As an aerospace supplier, the need to comply is not new to us," explains Major. "ISO 9000 is a great catalyst to update quality processes and streamline the interface between the various activities in the organization."
AlliedSignal Aerospace implemented the standard during a period of consolidation and reorganization. They found that utilizing ISO 9000 as a tool led to "risk abatement" during the period. This assured that as expertise changed, the knowledge remained with the job.
But should we get registered?
Understanding that registration is only one way to demonstrate compliance is important, and as applicable to small companies as to large ones. One of the most common misconceptions was and still is the notion that the European Union requires registration. While the Legislative Directives (required by governments for products affecting safety, health and the environment) may specify the need to comply with ISO 9000, it does not require registration. Understanding that ISO 9000 is only a tool rather than an end is even more important for small businesses, which otherwise would incur an unacceptable cost of setting up a system to only maintain ISO 9000 without seeing the needs of its overall business perspective.
Demand for registration nowadays is primarily market-driven; it is usually the customer that specifies that they wish a company to be registered. While currently compliance to the Big Three's QS-9000 requirements is required immediately, the deadline for registration (mandatory for Chrysler and GM suppliers) ranges from the middle to the end of 1997. Other customers are prescribing ISO 9000 registration to their supplier base as a means to assure the consistency described earlier and as a prerequisite to those suppliers' product certification. This is particularly prevalent in companies that rely on continuous or high-frequency shipment of supplies from their vendors to be incorporated into their products. Such product certification alleviates the need to perform receiving inspection. Government entities are vacillating on the issue of registration. NASA's Johnson Space Center is among the first government agencies to require registration for a certain level of suppliers.
Other hybrid incentive/requirements have emerged. For example, among the customers that promote their suppliers' improvement is Allen-Bradley Corp., which has established an excellence-enhancement program for its authorized system integrators. While many integrators (nearly 250 in the United States and Canada) have more than 100 employees, the majority are small companies (20 to 40 employees). Allen-Bradley, one of the first U.S. companies to be registered in its entirety, has sought a way to promote the concept of project methodology among the system integrators. Allen-Bradley achieves this through a joint program. Allen-Bradley provides the project methodology and necessary training, and DNV provides the registration.
"While we do not mandate either our project methodology or registration, we realize that our authorized system integrators are benefiting from this win-win relationship," says Ray McKinney, director of system integrators' sales at Allen-Bradley. "They get the best of an experience-based project methodology coupled with the discipline of ISO 9000."
Industry's de-facto acceptance of registration as the way to demonstrate compliance with the ISO 9000 standard raised the ire of many critics. Critics of registration include those who have a problem with the principle of allowing third parties too much power, those who have problems with the bureaucracy and perceived high cost of registration, those who have specific problems with particular registrars and those who vent their problems with the registration process by blaming the standard itself.
Registrar accreditation has become the market requirement for acceptance of registrars and certificates. Accreditation means that a registrar has been scrutinized by a recognized and accepted entity, such as the RAB (United States) or the RvC (Netherlands). Also, a registrar, in a free market like ours, is limited in power as the market allows emergence of as many registrars as the market bears. It is not a monopoly or an oligopoly that unduly influences the market. Like any other supplier to an industry, registrars abide by the same market forces that control a given industry. There is no doubt that the question of who "accepts the acceptors" will always be an issue. Again, the market sends the signals that lead to formation of accreditation body forums (IAF, QSAR) as well as accredited registrar forums (IAAR), the intent of which is to assure and enhance the credibility of the registration process.
The cost of registration, i.e., the perceived high cost, has come under attack. It includes not just the cost of registration but also the internal cost of implementation of the standard and preparation for the audit. While registration costs are easily discernible within organizations, internal preparatory cost is not. It is difficult to place an exact figure on such costs since some companies attach a cost to every meeting and activity that "smells" of ISO 9000, while others consider it a cost of doing business.
"The average cost of registration, both initial cost and maintenance cost, is about half a man per year per facility," says Major. "As far as internal costs are concerned, it really depends on how much improvement is needed in the quality system itself. What is not measured is the prevention cost, i.e., the elimination of 'quality escapes' that result in recalls, where prevention of even one such escape in the aerospace industry can pay for the whole registration process."
Other critics base their criticism on a legitimate or perceived problem with a registrar. If and when problems occur, they relate primarily to differences of opinion on interpretation of the standard made by the auditors and to arguments that the auditors are trying to run the auditee's business by telling the latter what to do. This, unfortunately, is a by-product of the generic nature of the standard, which is designed to fit all industries and is thus open to interpretation.
There is a two-fold solution to this problem. First, the registrar must send in an audit team experienced in the company's industry, so that they understand the industry's normal practices. Second, the audit performed by the registrar should check the compliance of that company's quality system to the ISO 9000 or QS-9000 requirements; the system must meet the requirements, but the methodology used is in most cases not specified (QS-9000 is one exception to this).
Those who blame all the ills on the standard itself often base their opinion on the "fact" that ISO 9000 negates the concepts of TQM. The arguments supporting this view are more philosophical in nature and as such are sometimes more grounded in emotion and belief than fact. The ISO 9000 standard is not TQM, but it is a good tool that can form the basis for TQM. Understanding the system as it was intended and statistically evaluating companies that went through the process (such as the survey performed by "Quality Systems Update" and Deloitte & Touche, in which more than 600 companies stated the benefit from the process) should count for more than sporadic examples of dissatisfied "subscribers" to the process.
From our vantage point of involvement with the registration process of more than 800 companies in the United States, we have seen almost a direct correlation between companies that may have problems during registration and those who seek registration for the wrong reasons.
Some of the "wrong" reasons that may cause problems for a company include:
The only thing we need is the certificate. Get the certificate and be done
with it. Getting the certificate is the
responsibility of the quality assurance manager only. ISO 9000 and QS-9000 are separate
from the company's daily business. We only need enough to satisfy
the auditors.Some philosophies that have served companies well include:
ISO 9000 or QS-9000 compliance,
proven by a certificate, improves the way we do business. The resulting discipline yields
significant cost reductions. Registration gives us a competitive
edge over nonregistered competitors. Compliance raises morale because
employees clearly understand what is required of their position.Compliance with ISO 9000 enhances companies' understanding and control of their processes. Registration, being a convenient and preferred way to prove such compliance, is fast becoming a customer requirement. The combination gives industry the basis for a quality system that's logical, attainable and verifiable, improving quality worldwide and ultimately industry's future.
About the author
Yehuda Dror is general manager of DNV Certification Inc., a U.S. corporation wholly owned by Det Norske Veritas. Dror's group is responsible for all DNV certification in the United States. He also holds status as a Professional Engineer-Texas, is a committee leader for the Independent Association of Accredited Registrars and is an IQA-registered lead assessor.
