Introduction to ISO 9000 Quality Management


Quality is ...

The everyday use of the word "quality" conjures notions of excellence, luxury and high price - high quality cars, appliances, homes, clothes, ...

Various "professional" definitions have been used to allay confusion and introduce objectivity to the discussion; e.g. "meeting customer needs or expectations", "fitness for use", "fitness for purpose", "customer satisfaction" or "conformance to requirements".

ISO 9000:2005 defines quality as the "degree to which a set of inherent characteristics fulfils requirements".

In practice, the "requirements" are translated into product or service characteristics and specifications to enable measurement and control of the production processes. The process of translation is itself a complex discipline. For more information, search the literature for "Quality Function Deployment" and "Voice of the Customer".

The term "quality" can be used with adjectives such as poor, good or excellent but these refer to the degree to which requirements are met, not to a standard of luxury. To avoid this confusion we use the term "grade" to describe different quality requirements for things having the same functional use.

Notwithstanding the technical definitions, the customer's usage is important and valid. Quality continues to have a variety of common meanings. It is vital for designers and producers to understand the customer's meaning regardless of professional usage.



When one person, or a small group, possesses high skill and communicates well with the customer, the result is a correct definition of customer needs, and an effective interpretation and execution of the requirements. Familiar examples are custom tailoring and personal services, such as hairdressing and personal training.

Larger organizations often have great difficulty recreating this craftsmanship paradigm because of the fragmentation of skills and breakdown of communication.

On the other hand, the quality and price of most goods and services available today in industrialized countries far surpasses what was available even half a century ago.



Without due care, things can go wrong at any stage of the business process. Quality Assurance standards have evolved out of the effort by corporate customers and regulators to ensure that suppliers take control of their processes to ensure satisfactory results at minimum cost.

Quality Management (QM) is defined as "the coordinated activities to direct and control an organization with regard to quality". It includes all the management activities to determine and implement policies, objectives, processes and responsibilities to prevent things from going wrong while designing, producing and delivering a product or service, as well as to detect and fix things that do go wrong.

Quality Assurance (QA) is the "part of quality management focused on providing confidence that quality requirements will be fulfilled". It ensures and demonstrates the effectiveness of processes to give customers and other interested parties confidence in the quality of the final result.

The Quality Management System (QMS) is defined as the "management system to direct and control an organization  with regard to quality". It encompasses the organization, structure, procedures, processes, resources and activities needed to define and achieve the organization's quality objectives. (definitions abstracted from ISO 9000:2005)



Frederick W. Taylor (1856-1915) is credited with inventing industrial engineering and the model of "scientific management" that included, among other features, separation of the quality control function from other aspects of production.

His system is blamed by detractors for the compartmented, adversarial environment that characterized industry through the '50s and beyond.

Arguably, it was an incomplete and perverted application of Taylorism that produced the quality vs. productivity dichotomy. The fundamental mistake made by many managers was to hold a quality control inspector accountable for quality while failing to ensure that the production processes met requirements. This is analogous to making the accountant solely responsible for the company's profitability while allowing other managers to spend without restraint.

For a provocative, sympathetic view of Taylor's contribution, see Marvin R. Weisbord, Productive Workplaces, Jossey Bass, 1987.



A standard is an agreed set of general specifications and criteria applied to materials, products, processes and services to ensure that they meet the requirements of the users. Standards like ISO 9001 are voluntary unless imposed by agreement or law.

The original meaning of "standard" was the flag used by armies as a rallying point in the confusion of battle. The present meaning is analogous.

Daily life depends heavily on standards for convenience and safety; such as, weights and measures to ensure fair trade, traffic conventions to avoid collisions, threads on light bulbs, bolts and pipes to ensure fit, etc.

Standards for quality became necessary because of disagreements between suppliers and customers, and between producers and inspectors, as to what constituted an acceptable product or service.

Quiz: List at least ten standards that have affected your life in the past 24 hours.

Hint: Did you drive a car? Change a light bulb? Watch TV? Phone someone? Use the internet? ...


Too many standards

In an effort to resolve the conflicts over quality, major companies and government agencies have imposed quality assurance standards on their suppliers. The expectation was that by dictating certain practices to the supplier, the customer would be more likely to receive a fully acceptable product that could be used without fear of waste or failure, and that need not be exhaustively tested and inspected before use.

Quality assurance standards appeared first in those areas where risk of death, injury, or financial loss were greatest; the military, aerospace, pharmaceutical, medical device and nuclear power sectors.

By the 1980s, the need to comply simultaneously with several similar but different standards had become a major impediment to companies doing business with multiple customers, and the multiple audits to verify conformance were costly and disruptive to both customer and supplier.



The International Organization for Standardization (ISO) is a worldwide federation of national standards bodies from over 150 countries, one from each country. It is a non-governmental organization established in 1947 with a mission to promote the development International Standards with a view to facilitating the international exchange of goods and services, and to developing cooperation in the spheres of intellectual, scientific, technological and economic activity.

International standardization began with the International Electrotechnical Commission (IEC) in 1906 and the International Federation of the National Standardizing Associations (ISA) in 1926. In 1946, delegates from 25 countries met in London, to create a new international organization, ISO, "the object of which would be to facilitate the international coordination and unification of industrial standards". ISO began to function officially on 23 February 1947, and published its first standard in 1951 ("Standard reference temperature for industrial length measurement ").

ISO is the short form name of the International Organization for Standardization, not an acronym. "ISO" is a word, derived from the Greek "isos", meaning "equal ", which is the root of the prefix " iso-" that occurs in a host of terms, such as "isometric" and "isotherm". The name has the advantage of being valid in all languages.

(See the ISO web site for the full story.)


ISO membership

ISO's active members are the "member bodies". Each is the national body "most representative of standardization in its country"; one per country.

In addition there are "correspondent members", from countries that lack a fully developed national standards activity, and "subscriber members", from countries with very small economies.

The total membership presently includes over 150 countries.


Writing standards

ISO has nearly 3000 technical bodies (technical committees, subcommittees, working groups and study groups) responsible for over 15,000 International Standards on a wide range of subjects.

The technical committee responsible for the ISO 9000 family of standards is TC 176, with a mandate for "Generic quality management, including quality systems, quality assurance, and generic supporting technologies".



The objective of ISO technical committee TC 176 is to develop standards for generic quality management, including quality systems, quality assurance, and generic supporting technologies, excluding standards related to specific products, services or industry sectors.

The committee also strives to prevent proliferation of sector-specific standards that may lead to fragmentation of the quality systems of companies and increased costs due to multiple assessments of the separate quality systems.

The closely related TC 210 addresses "Quality management and corresponding general aspects for medical devices".


ISO 9000 family

Major revisions of ISO 9000, 9001 and 9004 were released December 15, 2000. ISO 9000 was again revised in 2005. Among other changes, the 1994 versions of ISO 9001, 9002 and 9003 were replaced by the single standard ISO 9001:2000. Related Guidelines and Technical Reports have been revised to harmonize with these changes. 

As standards are revised, the older versions typically continue to be used for a crossover period of up to three years. Check the ISO website for complete, up-to-date information on standards in force and under development.


Quality Co$t

One way of assessing the economic impact of quality is by determining and classifying the associated costs. 

Costs of Quality are conventionally grouped into a) the costs of making certain that customers receive quality products and services and b) the costs incurred when we fail to do so. These are called, respectively, costs of conformance and costs of nonconformance or failure. ("failure" means any nonconformance to requirements, not just the physical failure of the product.)

It is useful to further divide each of these two categories. The costs of conformance include both the costs of appraisal of quality and the costs of prevention of unacceptable quality. The costs of nonconformance are divided into internal failure (before delivery) and external failure (after delivery). The latter are invariably much more expensive to rectify.

Appraisal: Costs associated with measuring, evaluating or auditing products or services, components or purchased items to assure conformance with quality standards and performance requirements.

Prevention: Costs associated with planning, implementing, maintaining and auditing a quality system that will assure conformance to quality requirements at economic levels.

Internal failure: Costs incurred when products, services, components and materials fail to meet quality requirements before transfer or release to the customer or user.

External failure: Costs incurred when products or services fail to meet quality requirements after transfer or release to the customer or user.


Who uses ISO standards

The expected benefits of standardized Quality Assurance systems include better product quality and reliability at a reasonable price and, as a byproduct, improved health, safety and environmental protection, and reduced waste. There is a close relationship between the ISO 9000 standards on quality management and the ISO 14000 standards on Environmental Management.

Corporations specify quality assurance requirements in contracts with their suppliers and require objective evidence of conformance.

Regulatory bodies increasingly require registered quality systems as a condition of business. (e.g., Canadian medical devices manufacturing.)

Independent agencies, called quality system registrars, verify conformance to the standards and issue certificates attesting to the fact. Registered companies use these certificates to support their efforts in marketing, sales and contract negotiation.

Independently of external requirements, many companies develop quality assurance systems based on ISO 9000, with or without registration, in order to improve management control and implement better business systems.


9001 intent

The full title of the ISO 9001:2000 International Standard is: "Quality management systems - Requirements"

An organization following these requirements acts to define and control its processes, prevent problems, rectify their causes and retain convincing proof to assure its customers and its own management of the effectiveness  and ongoing improvement of its management system.

The 9001 Scope statement is: "This International Standard specifies requirements for a quality management system where an organization
a) needs to demonstrate its ability to consistently provide product that meets customer and applicable regulatory requirements, and
b) aims to enhance customer satisfaction through the effective application of the system, including processes for continual improvement of the system and the assurance of conformity to customer and applicable regulatory requirements."


Why register?

Any organization may adopt all or part of the ISO 9000 series of standards for internal guidance. In fact, the ISO 9004 standard is intended for just that purpose.

ISO 9001 has the specific purpose of demonstrating the effectiveness of the quality management system to customers and other parties. Particularly where the consequences of poor quality are severe, customer corporations maintain exhaustive, and expensive, supplier surveillance systems to ensure full compliance.

The scheme of third party auditing and registration was pioneered in the Canadian nuclear power industry using the CSA Z299 series of Quality Standards. Both the supplier and customer organizations benefit as costs and disruption of multiple audits are reduced by accepting the opinion of an competent, independent auditor.

An added benefit is realized when seeking new sales and contracts. Many major corporations now strongly favour registered suppliers and some even refuse to consider approaches from unregistered companies.

Considerable effort is presently being devoted to harmonizing auditing and registration practices internationally. The ultimate goal is to permit companies to obtain one registration of their quality management system that will be accepted worldwide.


Documentation 1 - theory

CLICK to enlarge; BACK to return here.

Management systems are conventionally documented and administered hierarchically. Senior management sets goals and policy and delegates the responsibility for implementation and execution.

A document system naturally arises consisting of a policy manual, procedures for implementing the policies, detailed instructions for performing tasks and forms for collecting and exchanging data.

The pattern is common in Accounting and Human Resources as well as in Quality.

ISO/TR 10013, Guidelines for quality management system documentation, provides recommendations for documentation.


Documentation 2 - reality

CLICK to enlarge; BACK to return here.

Despite the theoretical organization of documented policies, procedures and records, the reality for many companies is a dynamic exchange of information both within the organization and with external stakeholders.

The job of organizing and controlling this knowledge is, by turns, both complicated and facilitated by modern electronic communication and computing.

To succeed in modern Quality Management, most organizations will need to analyze and control their management information systems.


The Registrar

Registrars are typically "accredited" by the national standards authority in their home country, and many have obtained multiple accreditations to enhance their acceptance internationally. They are independent of both the registered organization and the consultant.

The Standards Council of Canada accredits management system registration bodies. A list with scope of accreditation is accessible on the SCC website. Registrars must themselves conform to a standard similar to ISO 9001.

The RAB QSA International in the USA maintain lists of accredited auditors and the industry sectors they are competent to assess. National Quality Institute (NQI) in Canada has now assigned its auditor accreditation duties to RAB QSA.

Assessment and registration of a company's quality system is based on two principles:

1 The documented system must conform to every relevant requirement of the appropriate International Standard.

2 There must be objective evidence that the company's activities and records conform to the documented system.

<>On the initial assessment, the registrar assigns auditors to review and compare the company's policies and procedures to the requirements of ISO 9001.

If these are compliant, the auditors visit the company's offices and plants and observe activities, interview personnel and examine records for agreement with policy and procedure.

Any significant discrepancies in either documentation or practice must be corrected before registration is granted.

The registrar conducts regular surveillance audits to verify continuing conformance and is authorized withdraw registration from companies who fail to maintain an acceptable system.