| definitions | iso 9000 hit list | iso intro | iso auditor interview |

This article was written by myself after consulting with Sidney Vianna. At the time, Sidney was a Lead Auditor for Det Norske Veritas, a company specializing in the certification of companies to the ISO 9000 series of standards.

Over time, there are a few things that begin to stick in the mind of an auditor like Sidney. There are many misconceptions that implementors of an international quality system have. This essay is intended to clear up a few of those misconceptions. There are many companies in the United States that are currently seeking, or plan to seek, the certification of their quality system to the 9000 series of international standards. Many of these companies (also referred to as “applicants” throughout the text) could possibly benefit from what will be stated here.

The first point, like those that follow, can be considered an axiom to most quality professionals but is still a major stum­bling block to any implementation process.

1.   The upper management should be fully committed to the process of certification. This cannot be said enough times or loud enough. Varying degrees of upper management support can directly effect the duration of implementation. Less Support = Longer Duration.

2.   Many companies believe they will be certified by ISO and not by an independent certification agency. The International Standards Organization (ISO) is exactly what its title claims to be, an organization for the creation, maintenance, and revision of international standards. The ISO is made of national member bodies throughout many nations, including the American National Standards Institute (ANSI) within the United States.

Independent certification agencies are a group of many private companies that certify supplier compliance with the 9000 series standards. These standards are created and maintained by the ISO.

3.   Many believe that quality is the responsibility of the Quality Department. This truly American belief is quickly being left behind by forward-looking companies. These companies know that quality is the responsibility of everyone that effects the product, service, or reputation of the company. The Quality Department plays a very important role in organizing and implement­ing departmental interfaces, but only those people actually working within the system can truly be responsible for their own jobs.

4.   Many believe they should have “ISO” manuals and procedures. This misconception is usually held by corporations who serve more than one type of customer. Take, for example, a large aerospace company that services both the government and private sector. Each type of cus­tomer requires different quality systems. Therefore, the aerospace company develops more than one set of manuals and procedures. This usually leads to physical division within the company for each quality system.

This is not the scenario the ISO auditor wants to encounter. It is both counterproductive and confusing. One company should have one quality system that belongs to that one company. It would be difficult for any company to claim ownership of their quality system when more than one system exists within the company (i.e., one system belongs to the government and one to the private customer).

The ISO 9000 series is intended as a bridge for situations such as the aerospace company with two quality systems. By adopting one quality system that is recognized by both types of cus­tomers, the work in maintaining both quality systems is reduced. This does not intend to say a 9000 series standard is the end all to all quality requirements, only that it should serve as something to build upon.

5.   Many companies misunderstand the differences between the ISO 9000 series standards. There are three standards within the ISO 9000 series to which a company can become certi­fied. These are the 9001, 9002, and the 9003. For a more detailed description of the differences between these standards, refer to Essay 3, Overview of ISO 9000 Related Standards.

6.   Companies must have a Management Representative, not an ISO Representative. In many situations, a position is created to represent the ISO program within a company. This is ex­actly opposite from what is really required. The “Management Representative” should repre­sent the management within the company’s quality system. This person does not have to be the Quality Manager. The position is responsible for ensuring that the requirements of the 9000 series standards are implemented and maintained.

7.   The quality policy must be followed, whether the Production Manager is the Quality Man­ager or not. The rules that a company makes regarding quality do not solely apply to the Quality Department.

In a case where a conflict of interest arises with a person with more than one job responsibility (i.e., Production and Quality Manager), the hat of Quality Manager cannot be removed to per­form a task that otherwise could not perform with the hat on.

An example of this scenario would be the release of substandard product when company specifications clearly state otherwise. The pressures of the Production Manager may out­weigh the pressures of being a Quality Manager so the hat of the Quality Manager is set aside.

8.   Many believe that once a system is certified to the 9000 series, the documents cannot be changed. It’s almost as if some believe that once the documents have been reviewed and ap­proved that they have been blessed and should never be altered. We’re not talking about the Bible here; simply procedures to help run a company. If documents can never be changed, the possibility for continuous improvement will be impaired.

The best document control program will allow a company to revise, approve, and distribute controlled documents quickly and with a minimum of heartache. This does not intend to say that procedures should be changed on a whim. The revision of procedures should be a thoughtful process.

9.   Quality records are not only inspection records. Quality records also are those records that demonstrate that the quality system is functional. Some examples of this include manage­ment review and internal quality audit reports.

10. The word "accreditation" often confuses potential applicants when referring to an accredited certification body. The accreditation portion of this description means that a certification body has demonstrated its independence, integrity, and technical competence to a higher source. This higher source is usually a national body that approves all certification bodies operating within that country.

When choosing an accredited certification body, attention should be paid to where the body receives is accreditation. The importance of the applicant’s decision is usually determined by the reason the company is applying for certification in the first place. For example, if an American company wanted to sell product in the European Community, that company should choose a certification body that was accredited within the European community.

11. Companies should be aware of the certification body’s procedures. Confusion usually re­sults in this area when information is passed to a company about a particular certification body’s procedures and the company receiving mistakenly understand the data to be general. The certification process may vary from one certification body to another but there are some steps that are commonly followed:

A)   Documentation Review -- The documented quality system must be reviewed to verify that all of the applicable elements of the standard have been addressed. If the docu­mented portion of the quality system is lacking, the certification body will usually re­quire the applicant to correct the documentation before proceeding to the next step.

B)   Initial Visit/Preliminary Assessment -- The purpose of the initial visit is to discuss the results of the document review, confirm the scope of the certificate, and to make plans for the initial audit. This is usually accomplished by meeting the individuals who are in­volved with the applicant’s quality process and obtaining a plant tour.

C)   Initial Audit -- The initial audit will verify the effective implementation of the appli­cant’s quality system based on documented evidence. This evidence includes the quality docu­ments that were initially reviewed and any other quality documentation that exists within the company.

D)   Follow-up Audit -- The follow-up audit will verify effective implementation of correc­tive actions taken to fix non­conforming situations observed during the initial audit. The scope of the follow-up audit will usually depend on the number of nonconformities found during the initial audit. If many nonconformities were found, an entire audit with the same scope of the initial may be the result. Otherwise, only the corrective actions issued during the initial audit will be verified.

E)   Surveillance Audits (un)scheduled -- Periodic surveillance audits will be either sched­uled or unscheduled depending on the certification body’s policies and the agree­ment be­tween the certification body and the applicant. These periodic audits are used to verify the continuous operation of the company’s quality system. The scope of the surveillance audits usually includes portions of the 9000 standard at any one time.

F)   Renewal Audit -- Renewal audits are used to comprehensively re-verify the conformance of the quality system. Because of continuous review and revision in the 9000 series standards, this audit may be against a revised set of standards.