Quality Magazine

ISO 9000 for a Small Planet

May 5, 2003
With ISO 9000 achieving worldwide acceptance, here's a look at some regional differences, with tips on selecting a registrar as ISO 9001: 2000 kicks in.

ISO 9000, the international standard for quality management, is truly becoming a worldwide standard. By December 2001, there were more than 510,616 businesses certified in 161 countries. While 10 industrialized nations accounted for nearly 62% of that total (see Figure 1), ISO 9000 registrations are now being reported from many smaller countries as well, including Azerbaijan, Kyrgyzstan, Myanmar and Zambia.

This worldwide acceptance is fueling a growing demand for services linked with ISO 9000 registration, defined as documented evidence that a company's quality management system (QMS) conforms to the standard. While efforts are underway to ensure that the ISO registration process is applied consistently across the globe, regional differences still exist.

Certification/registration takes place when an independent and competent body certifies that a product, process, service or system conforms to specific requirements. In the ISO 9000 context, registration and certification are used interchangeably, and bodies that issue conformity certificates are, in the United States, referred to as registrars and elsewhere as certification or registration bodies. Since the registrar is independent of both the organization seeking certification (the first party) and its customers (second parties), the registration process is known as third-party assessment, and its value is based on the proven competence of the registrar.

Steps to registration
U.S. organizations seeking registration must select from among more than 100 registrars. While multinational organizations normally prefer known brand names such as Bureau Veritas (France), Lloyd's Register (UK), SGS (Switzerland), T¿ (Germany) or the American National Standards Institute (United States), smaller companies may prefer a local outfit, which may be able to provide more personalized service. In any case, organizations shopping for a registrar should consider the following factors:

  • Price. This is a free market, as there is no set policy for pricing. Some registrars base their rates on the organization size while others may charge a daily rate. Get comparative bids before making a final decision.
  • Location. All things being equal, a registrar located close to the organization should be preferred to a distant registrar. Otherwise, be prepared to budget for additional expenses such as hotel and travel costs.
  • Compatibility. Finally, the most important issue is whether the registrar is familiar with the nature of the organization's business and is comfortable with its culture.

While some registrars may offer value-added services such as training and consulting, most prefer to focus on registration audits. In other words, they will primarily check whether all processes are documented and being implemented as documented. Organizations can make best use of registrars during the following two steps prior to an on-site audit:

  • Desktop Study. Virtually every registrar does a desktop study, which will include a review of the company's quality manual to see whether it meets requirements. Ensure that any issues raised by the auditor are addressed by either changing procedures or documents.
  • Preassessment. A company will have to pay for this practice audit, but it is highly recommended. Because the results do not count, the registrar can be directed to areas that the company wants covered to address potential weak points.

While preassessment gives an idea of how the system is performing, there is little margin for error during the on-site audit that follows. The registrar's team will follow a predetermined checklist and note noncompliances. A survey conducted among registrars revealed that more than 50% of American companies had noncompliances reported during their registration audits. These must be settled before a registration certificate can be issued.

Cumbersome standard
Since ISO 9000's inception in 1987, there have been many debates about the effort in implementing a standard that does not necessarily guarantee quality improvement. Critics claim that the standard introduced complex procedures, increased paperwork and was expensive to implement.

As their documentation procedures tend to be more elaborate, European companies, on average, spend more on ISO 9000 implementation than American companies, say industry sources. J.D. Richard, quality assurance manager with Brown & Sharpe TESA SA (Renes, Switzerland), a metrology equipment supplier with sales of about $50 million last year, estimates that his company spent around $300,000 in ISO 9000 implementation costs. Equivalent-sized U.S. companies, by contrast, spend approximately $100,000 in ISO 9000-related registration costs, according to Marcel Bila, general manager at Brown & Sharpe Inc. (North Kingstown, RI).

Smaller companies are penalized because they often lack the financial and human resources for registration. Many consequently rely on software packages that provide electronic versions of quality manuals with a set of standard documents designed to meet the ISO requirements. This makes it appear that such companies are primarily interested in registration for the marketing advantages that it provides, as opposed to any real value that the system may impart to the organization's processes. Indeed, it is not uncommon for organizations that have implemented the original standard to report that it has had no impact on their product quality.

Part of the problem may lie in the fact that the old standard was conformance-based, meaning that specific requirements had to be met. Auditors would audit a management system using a clause-by-clause approach, commonly called the element method, to evaluate for the presence of 20 elements. Within each element, even a minor infringement -- such as the signing of a document by a person not having the requisite authority -- could result in a noncompliance remark. The focus was on following procedures rather than developing better processes.

It is not surprising, perhaps, that for many years, the Japanese evinced little interest in ISO 9000 registration, preferring the total quality management (TQM) approach with a focus on continuous improvement.

Performance measurement
Required to update its standards every five years, the International Organization for Standardization (ISO) released ISO 9000: 2000 with additional clauses covering areas such as measuring customer satisfaction and continuous improvement.

ISO's revised ISO 9000: 2000 has incorporated TQM principles and is already changing the thinking process. For one thing, it is intended to be applicable to all organizations, regardless of type, size or product category. For another, there is a move from conformance thinking to performance thinking. In the old standard, the presence of 20 elements was evaluated; now it must be determined whether the processes are effective.

In the case of continuous improvements, ISO 9001: 2000 requires that an organization use its quality policy, objectives and management reviews to mea-sure performance. Doris Prims, sales and marketing support at TUV Management Service GmbH, Group TUV Suddeutschland, recommends that companies use Dr. W. Edwards Deming's built-in "plan-do-check-act" cycle in the procedure to establish a plan and then take corrective measures when quality results such as warranty costs or defects exceed set objectives. Thus, the standard is moving organizations toward Japanese-style continuous improvement.

Another new requirement pertains to measuring customer satisfaction. Most American companies are developing questionnaires that can be used to assess whether customers are satisfied with products and services. European registrars are wary of the paperwork created by questionnaires, and Dagmar Blaha, marketing and communications manager at DQS (Frankfurt, Germany) prefers that customers instead develop a set of indices to measure customer satisfaction.

Karey Cwiekowski, vice president/registration manager at Great Western Registrar LLC (Phoenix), says that registrars should not be telling customers how to measure customer satisfaction. "I just need objective evidence that customers have processes for assessing customer satisfaction, even if it means that they just record telephone calls made to customers," says Cwiekowski.

This could mean that some companies are likely to comply by taking simple actions that, while achieving registration, may have little positive impact on their businesses as a whole. Other companies that want measurable business results can use registration to integrate quality and overall business objectives into their day-to-day processes.

With this enhanced registrar focus on business processes and the results of those processes, companies are already rating ISO 9001: 2000 registration's contribution in a more positive manner.

This is better
Pedro Caceres, senior vice president of operations at Hasbro Games (Pawtucket, RI), says that registration to the revised standard has resulted in improved process consistency, reliability and predictability. Caceres adds, "Process-driven methodology now provides an opportunity to implement wide-scale continual improvement activities."

On the other side of the Atlantic, Dietmar Miethling, Ph.D., head of quality for Hahn & Kolb (Stuttgart, Germany), an industrial products distributor, says that top management is now setting quality improvement objectives in quantifiable terms so that performance can be measured. By mandating top management involvement in quality goal setting, ISO 9000: 2000 also has strengthened the role of the quality function within each organization.

As 90% of ISO 9001: 1994 registered companies have indicated that they will make the transition to ISO 9001: 2000 before the December 2003 deadline, be prepared for a change in the way companies will relate customer satisfaction and process improvement to quality.

ISO 9000: 2000's influence also is being felt in industry-specific standards such as ISO/TS 16949 for the automotive industry and AS 9001 for the aerospace industry.

The earlier QS-9000 standard, based 60% on ISO 9001: 1994 and 40% on quality-related practices in the auto industry, is being phased out, and the Big Three -- DaimlerChrysler, Ford and General Motors -- and will soon mandate that their suppliers switch to ISO/TS 16949 based on ISO 9001: 2000. As QS-9000 has been the major driver for registrations in North America, ISO/TS 16949 will recreate the QS-9000 requirement and provide considerable business for U.S. registrars.

While European registrars also are bracing for an onslaught of requests for ISO/TS 16949 registrations, they are less enthusiastic about training auditors for other industry-specific standards such as AS 9001.

Such standards might oblige European suppliers such as Bosch and Siemens, who supply electronic components to the aerospace and automotive industries, to go in for multiple registrations. "Customers do see the multicertification requirements as a financial burden and would welcome a simplification of the process," says Renate Aliah, Ph.D., chief executive officer of Lloyd's Register Quality Assurance.

Some European registrars are advising their clients to go in for ISO 9000 registration and then set up special accords with their customers to conform to industry-specific standards. While continuing the focus on ISO 9000, Robert Schmitt, chief executive officer of SKZ-Cert GmbH (Wurzburg, Germany), a registration body, sees a growth opportunity in what he calls "combi-audits," which are audits that combine registration for ISO 9000 and ISO 14000, for environmental management. This is an increasing requirement in the European automobile sector, where there is a growing emphasis on "green," or more environmentally friendly vehicles and recycling of scrapped autos.

On the other hand, market-driven North American registrars see opportunities in meeting industry-specific registrations, given that industry standards such as QS-9000 have driven the market in the past. Certification bodies such as the Registrar Accreditation Board (RAB) are actively working with industry associations to train auditors for such types of registrations. Working with the Americas Aerospace Quality Group, RAB has established a process and requirements for auditors performing audits to AS 9100. Robert H. King Jr., president of RAB, says that one of the major challenges facing RAB in the auditor certification field is to provide "continuing education units for auditing in the various industry-specific standards."

Accepted everywhere
There are more than 3,000 RAB-certified ISO 9000 auditors in North America, and most registrars indicate that they have enough auditors to meet the market demand. Those aspiring to work as quality auditors must have a minimum of eight years of on-the-job experience with a minimum of three years experience in a decision-making position. Certification candidates are expected to undergo training courses and pass examinations before starting on audits (see Figure 3). RAB has several grades of auditors. The top grade is Quality Management Systems Lead Auditor, for persons who have completed the necessary training courses and have demonstrated the ability to manage audit teams, as well as co-ordinate all aspects of a complete quality management system audit according to ISO 10011, guidelines for auditing quality systems.

RAB also recognizes any training course approved by the International Auditor & Training Certification Association (IATCA), an organization whose objective is to establish a better level of uniformity in the standards for auditor certification and recognition. Thus, there are now possibilities for auditors to obtain training in Europe or Asia and still get recognition in North America.

Toward worldwide conformity
RAB also is a partner of the U.S. accreditation body known as American National Standards Institute-Registrar Accreditation Board National Accreditation Program (ANSI-RAB NAP).

An accreditation body is to a registrar what a registrar is to an organization seeking registration. In other words, ANSI-RAB NAP is authorized to give formal recognition that registrars are competent to carry out their tasks. There are more than 50 ANSI-RAB NAP-accredited registrars in North America. In the area of registrar accreditation, King says that one challenge is "to increase the attention of management system audits to confirming that registered organizations have increasingly improved outputs in terms of better product quality or better environmental performance."

ANSI-RAB NAP is one of 40 accreditation bodies worldwide that are members of the International Accreditation Forum Inc. (IAF), which has been set up with two objectives. The first is to ensure that its accreditation body members only accredit registrars that are competent to do the work they undertake. The second is to establish Mutual Recognition Arrangements between its accreditation body members so that an accredited certificate or registration may be relied upon throughout the world. One challenge for ANSI-RAB NAP in this area is "managing registrars that offer registrations globally," says King.

As multinational corporations increasingly use registrars with international branches, apex bodies -- an association that is at the highest level within organizational hierarchies -- will need to ensure that the standard is being applied on a consistent basis.

As noted by Noel Matthew, IAF's secretary, "The greatest challenge facing IAF during the next couple of years is to further develop the integrity of the whole conformity assessment system to give customers a high level of assurance that a certificate means what it says and that they can rely on a certified business to meet their expectations."

TECH TIPS

  • On average, European companies spend more on ISO implementation than U.S. companies.
  • ISO 9001: 2000 moves from conformance-based thinking to performance-based thinking.
  • Process-driven methodology provides an opportunity to implement wide-scale continual improvement activities.
  • 90% of registered companies have indicated that they will make the transition to ISO 9001: 2000 before the December 2003 deadline.