How ISO 9000 and 9001-2000 have an impact on measurement systems

What is ISO 9000

ISO 9000 is a series of international standards establishing global requirements for quality management systems. These standards were developed by a technical committee of the International Organization for Standardization (ISO) in Geneva, Switzerland. More and more, compliance to ISO 9000 is becoming a prerequisite for doing business with countries in the European Economic Community.

Registration to ISO 9000 

An organization’s quality management system, not its products, is registered to ISO 9000 standards—specifically to either ISO 9001, 9002, or 9003. Registration is accomplished through an independent third party that conducts an audit or series of audits with a company. Initial registration must be confirmed with semi-annual follow-up audits to assure continued compliance.

Types of Registration

Registration of a company’s quality management system can be approached in several ways: by individual facility, individual business group, or by the entire organization. The approach to take is the decision of the company pursuing registration. It should be based on the organization’s level of autonomy and control and the relative status of each unit.

Allen-Bradley pursued registration for a combination of business groups and facilities, most of which, including DataMyte, was registered to ISO 9001. This encompassed more than 20 separate sites representing over 25 major product families.

A Strategic Objective

Registration to ISO 9000 standards is a strategic corporate objective and is an integral part of Allen-Bradley’s Total Quality for Customer Satisfaction (TQCS) system, which focuses on continuous improvement. Senior Allen-Bradley management decided to focus on ISO 9000 standards and develop TQCS after an extensive reassessment of the existing quality management system.

Allen-Bradley’s Registrars 

Allen-Bradley plants in the United States have been audited by Det norske Veritas (DnV), an international registrar with U.S. offices in Houston, Texas. Allen-Bradley’s Canadian facilities were audited by the Quality Management Institute (QMI) of the Canadian Standards Association (CSA). Allen-Bradley’s United Kingdom manufacturing facilities in Milton Keynes, Coventry, and Poole were audited by the British Standards Institution (BSI), also located in Milton Keynes. 

ISO 9001-2000 Impact on Measurement Systems

ISO 9001-2000’s section 8, Measurement, analysis and improvement, will challenge most organizations. Although most understand that management review, internal audits, and corrective and preventive action form an important integrated triangle for evaluating quality systems, many have done only a fair or inadequate job of facilitating improvement activities from the information that resides within their systems. As with section 5, Management responsibility, management must play an active role in section 8, as it requires making decisions about key measures and analyzing the results of information from sources such as audits, customer feedback and analysis of other information relating to products, trends and suppliers.

What’s new 

The brief summary that follows provides simple explanations of the new requirements within section 8 of the ISO 9001- 2000 draft international standard (DIS). Refer to Figure 9.7.1 to see where revisions are found in the new standard and how they compare to the 1994 version.

Section 8.2.1 Customer satisfaction

The requirement states that organizations will monitor information on customer satisfaction and/or dissatisfaction as one of the performance measurements of their quality management systems (Some organizations will monitor information on both. Check with your registrar for a detailed interpretation). Furthermore, organizations must determine the methodologies for obtaining and using this information. The intent of this requirement is to ensure that organizations have a system for addressing customer complaints and general feedback and that it’s effective for addressing customer concerns. The standard has also been broadened to include customer satisfaction, which many organizations don’t measure. The goal is continual improvement.

The ease with which organizations are able to comply with these requirements will depend upon the maturity of the organizations and their relationships with their customers. It will also depend upon whether the organizations have a customer satisfaction measurement system in place and how effective it is.

“A company that is currently driven by the philosophy of producing product that meets or exceeds the customers’ requirements and expectations should not have to make any changes to monitor customers’ satisfaction and/or dissatisfaction,” says Robert Chandler, international quality coordinator of Lincoln Electric in Cleveland, Ohio. “Current procedures may have to be rewritten, but the basic approach should not require changes.”

But this section might be challenging for some organizations, says Curt DeVries, corporate ISO 9000 manager of Polaroid Corp. (Cambridge, Massachusetts). “Part of the issue will be in the definition of the customer, the end user or the next person in the product realization chain,” DeVries explains. “As so much of our product is consumer oriented, most of our manufacturing facilities have defined their customers as the marketing department, which is the group that defines the production requirements based on their forecast of sales. Some, but not all, of our end product manufacturing operations have created customer satisfaction groups that collect end-user satisfaction/dissatisfaction data and analyze it to provide the basis for corrective actions or future product improvements.” DeVries further explains that it becomes difficult—and effectively, cost prohibitive—when there’s a fragmented, geographically diverse and shrinking end-user customer base, as is the case with some of the company’s older product lines. Finally, says DeVries, “More and more we are working to get ‘voice of the customer’ input on problems and new design issues, because it has proven very successful for those who were visionary enough to do it in the first place.” 

Section 8.4 Analysis of data

Organizations must collect and analyze data to determine the suitability and effectiveness of the system so that improvements can be made. Furthermore, measuring and monitoring activities are sources of data. The data analysis must provide information on customer satisfaction and dissatisfaction, conformance to customer requirements, process and product characteristics and their trends, and suppliers.

Section 8.5 Improvement

The revised standard is more specific in its requirement for attaining improvement. Organizations must facilitate continual improvement through the use of the quality policy, objectives, audit results, analysis of data, corrective and preventive action, and management review. They must also plan and manage the processes necessary for continual improvement.

Chandler believes that if a company is serious about continual improvement, the requirements in ISO 9001-2000’s section 8 will be very easy to meet. “Regardless of whether a company is ISO 9000 certified, the requirements in this section are the basic tools that should be used for continual improvement,” says Chandler

When asked how Polaroid intended to demonstrate that it meets this requirement, DeVries says he plans to recommend that the company clearly define one or more metrics relating to the most value-added improvement needed in its quality management system (QMS) and utilize the components of the QMS to make it happen. 

What’s the same or clarified

Section 8.1 Planning 

Although most organizations talk about measurement and improvement activities, many companies don’t define formal plans. The standard now requires that measurement and monitoring activities needed to ensure conformity and achieve improvement must be defined, planned and implemented. This must include appropriate measurement methods. 

Section 8.2.2 Internal audit 

All of the requirements have been carried over from ISO 9001:1994. The revision requires organizations to review their internal audit procedures to ensure the inclusion of responsibilities, requirements and methodologies for conducting the audits. Audit results are now an explicit requirement for management review and for the facilitation of continual improvement activities.

The auditing techniques that internal auditors use may change slightly. Namely, auditors will need to determine a systemauditing methodology that takes a cross-functional, process-oriented approach to developing checklists, conducting audits and reporting the results. It’s recommended that the internal auditors receive additional training, as appropriate, on new auditing techniques for ISO 9001-2000.

Section 8.2.3 Measurement and monitoring of processes and Section 8.2.4 Measurement and monitoring of product

Many organizations may first struggle with the overall concept of these subsections. Both incorporate components of 1994’s 4.10 Inspection and testing and 4.20 Statistical techniques clauses. Quite a bit of the text from 4.10 has been moved to ISO 9004; however, the intent of 4.10 has remained: Organizations are required to determine what measurement and monitoring methods will be employed to ensure that both process and product requirements are met. ISO 9001-2000 doesn’t specify inspection and testing activities for incoming, in-process and final product. Documented evidence must still demonstrate that products and/or services conform to specifications and evidence must show what acceptance criteria are used. Furthermore, the methods employed must demonstrate that the processes and the products satisfy their intended purpose. “A company should not have difficulty meeting the requirements of section 8.2.3, Measurement and monitoring of processes,” says Chandler. “This section is again very basic and permits the organization to determine what suitable methods shall be used to meet customer requirements.”

Section 8.3 Control of nonconformity 

Overall, the message of ISO 9001:1994’s 4.13 Control of nonconforming product has remained the same: Product that does not conform to specified requirements should not be used or shipped. The requirements for the control of nonconforming product no longer contain the specific requirements for review and disposition of nonconforming product as in ISO 9001:1994. However, the intent remains the same. A new requirement has been added for organizations to address nonconforming product that is detected after delivery. Specifically, organizations must take action related to the consequences of nonconformity.

ISO 9001-2000 has removed “where required by contract” prefacing the section relating to the reporting of the repair of nonconforming product to the customer. Instead, the passage now states that organizations are “often required” to report the “rectification” to the customer, end-user, regulatory body or other body. 

Section 8.5.2 Corrective action and Section 8.5.3 Preventive action 

The requirements for these sections have remained basically the same as in the 1994 version. The discussion of corrective and preventive action from the 1994 version has been reworded rather than changed. Corrective and preventive actions are now specifically referred to as tools that organizations must use to facilitate improvements. Furthermore, by requiring that the review of these actions be used as an input to management reviews, ISO 9001-2000 clearly establishes top management’s responsibility for an organization’s improvement. It also states that actions taken must prevent recurrence. When reviewing actions taken over time, organizations must ensure that repeat occurrences are addressed.

Due to the greater emphasis on documenting the results of corrective and preventive actions, organizations should consider what format will be the easiest to use and understand. Many organizations document the problem-solving steps involved for the investigation of nonconformities using some type of methodology. Typically, this methodology includes problem identification, root-cause analysis, determination and implementation of corrective and preventive actions, follow-up, and closure. This information is documented and considered a quality record, which should be submitted in a summary format for management review.

The challenges organizations will face

For many organizations, implementation of section 8 will be a challenge. The maturity of an organization’s measurement systems will determine the amount of effort and development required. In other words, if organizations have measurements in place, they will need to evaluate those measurements and the results they will provide. The main point to remember is that ISO 9001-2000 focuses on using measurements and their results to drive continual improvement.

The standard now requires that organizations analyze data to determine the suitability and effectiveness of their systems. One issue many companies have difficulty with is the ability to sort through data to find meaningful information. This may not be the fault of the data itself, but of management’s ability to perform the analysis. Data should always be looked at in terms of the story it’s telling. For instance, when looking at nonconforming reports or customer data, one should ask: How many times has the same problem occurred? Is the problem occurring with the same product or customer? Does it occur on certain shifts, certain times of the month or year, etc.? The organization needs to scrutinize data in this fashion to prevent the organization from jumping to conclusions or fabricating the story it wants to hear.

Another area of difficulty organizations may face in pursuing continual improvement is recognizing that the QMS should reflect each company’s method of operation. Companies continue to separate out the ISO 9000 requirements from their daily business. This is often evident in how a company handles its management reviews. Separating out the results from audits, corrective actions and customer complaints and missing the opportunity to correlate these results to the needs of the organization inhibits the organization from seeing viable improvement activities. The more rapidly an organization can accept its QMS as its preferred method of operation, the faster it will move away from day-to-day maintenance and into the improvement arena.

The major challenge Polaroid’s registered organizations will face will be shoring up those areas where they are currently weak, says DeVries. Furthermore, he adds, “I think this section will actually be perceived as more of a help than a problem because it more clearly lays out some requirements that were pretty vague in the earlier revision. This helps the site ISO 9000 coordinator or management representative when dealing with those members of management who are not committed to the QMS process.”

What the registrars think

While many registrars are just getting themselves up to speed on how the revisions will be audited, many are developing approaches for the revisions. For instance, in auditing conformance to the requirements for planning continual improvement, auditors will be investigating how management has used audit results, corrective and preventive action results, the quality policy and objectives, management review, and analysis of data in their continual improvement process. Auditors will look more carefully at management review to see the types of actions and achievements that have been documented in the review. 

In assessing conformance to data analysis requirements, auditors will want to see some evidence of how data is collected, e.g., types of data, responsibilities for collection and how the data is reported back to management. They will also be interested in how the results of the data are used and in the existence of measurements that help the organization determine whether or not its quality management system is effective.

The requirements of the customer satisfaction section will also be scrutinized. While the standard does allow an organization to use customer dissatisfaction results as the measure of customer satisfaction, auditors will want to look at the types of data, collection frequency, when and how the information is analyzed, and the analysis results. Information used by an organization to determine customer satisfaction may include customer complaints, customer surveys, customer meetings and report cards. Auditors will also want to ensure that the organization has converted its customer data into meaningful indicators and trends.