ISO Certification: Understanding The New ISO Standards
ISO certification can be a tricky process at best—and a bureaucratic nightmare at worst. Many ceramic manufacturers are reluctant to get involved, simply because they don’t understand the implementation process and can’t see how the standards will benefit their company. Complicating the situation is the fact that the standards are once again changing, making them even more difficult to understand.
When implemented properly, however, ISO systems can provide a real benefit to a company’s bottom line by streamlining both business and manufacturing processes. The publication of ISO 9000:2000 brings a stronger focus on the delivery of bottom line benefits, together with a reduction in documentation and a more flexible approach. In this new quarterly column, I will provide an overview of the ISO 9000:2000 standard and outline how ceramic manufacturers can achieve the maximum benefit from its implementation.
The New Standard—ISO 9000:2000ISO 9000:2000, the newest standard in the ISO family, is in the process of being published. While full implementation is not required until 2003, the changes in the new series are significant. They are based upon eight proven quality management principles: customer satisfaction, the rule of leadership, the involvement of people, the business process approach, a systematic approach to management, continual improvement, a factual approach to decision-making, and mutually beneficial supplier relationships.
For the ceramic industry, the change that is likely to be most significant in terms of both opportunity and resources is the business process approach. This principle is also the least understood.
By reviewing the historical implementation of ISO 9000 within the industry, along with an explanation of the business process approach, ceramic manufacturers can ensure a smooth and effective implementation over the three-year transition period.
Typical ISO 9000 ImplementationIn very general terms, ISO 9000 systems have been implemented in a manner somewhere between the following two scenarios. The type A scenario is to develop a quality system appropriate to the complexity of the organization and competence of its personnel, the main emphasis of the system being continuous improvement. Once established, adjustments are made and activities formalized in documented procedures. A quality manual is written around the system and ISO 9000 certification applied for. The result is a system that is appropriate to the company’s needs.
A far more common approach, however, has been the type B scenario. Here the aim is to achieve ISO 9000 certification as quickly as possible. Often this involves bringing in consultants with a ready-made system. The consultants usually come from outside the industry, typically from an engineering background. Everything is driven toward achieving the ISO 9000 badge. The main problem with this approach is that the focus of the system tends to be on paperwork and bureaucracy, not improvement. Companies have implemented a system that is not tailored to their needs and is written around the requirements of ISO 9000 rather than the way the company works.
The initial assessment and ongoing surveillance required by the certification process can either improve or compound the problem highlighted in the type B scenario. If the certification process is to add value to a company, the key issue is the competence of the auditor, particularly in terms of industry experience.
While accreditation organizations such as the Registrar Accreditation Board (RAB) are tightening up on the experience criterion, the net result can be a focus on bureaucracy. For an auditor who has no real work experience within the industry, somewhere between 30 to 40 days of direct auditing experience per annum should typically be considered the minimum to conduct a value-adding audit. If you place an auditor unfamiliar with the industry into a type B scenario, the audit is likely to focus purely on following established procedures. Questions as to the value or relevance of the procedures are unlikely to be asked. A disproportionate amount of time is also likely to be spent on document control and calibration. A system that may not have been totally appropriate to the company can, in fact, be made worse. The auditor who is unfamiliar with the industry simply pushes the company toward generating more procedures, or actually prevents it from developing its system into a more suitable form.
Structural Changes to ISO 9000:2000There are three essential structural changes to ISO 9000:2000. First, ISO 9001 will be the only certifiable standard, i.e., ISO 9002 will no longer exist. Second, the standard, in theory, is now structured around the Deming Plan—a do, check, act model—with the practical implementation being that ISO 9000:2000 will be structured in a very similar format to ISO 14000 and health and safety standards. Finally, ISO 9004 becomes a standard for quality improvement—not a guideline to ISO 9001. The idea is that instead of becoming certified to ISO 9002 or ISO 14000, all companies will become certified to ISO 9001 but with “permissible exclusions,” tailoring ISO 9001 to exclude clauses that are not deemed applicable. However, exclusions are only permitted from clauses within one section of the standard, Section Seven, and are not permitted from the other four sections that specify requirements.
In contrast, the increased emphasis of ISO 9000:2000 on compliance with legal and regulatory issues means that there is less flexibility when it comes to the choice of including or excluding the design function within an organization. It is no longer acceptable to exclude the design function within a company where true design and development is conducted. For example, some companies within the industry, particularly in the whitewares sector, may have excluded the design function under their current certification. However, if the design of the product affects the company’s ability to meet regulatory requirements, the design function will need to be brought back into the quality management system to meet the ISO 9000: 2000 requirements.
The Business Process ApproachOne of the key changes in ISO 9000:2000 relates to the business process approach—the requirements for a company to identify, control and measure its core and support business processes.
An example of possible core processes for a generic tile plant is given in Figure 1. One of the key decisions to make is which processes should be included in the system. The diagram suggests that activities such as business planning and invoicing should be included. In terms of ISO 9001, what to include is, to a degree, the company’s choice. However, many companies are reluctant to include areas not specifically required by the standard. This is often based upon the logic that the less there is for the auditor to look at, the fewer problems there will be. However, this practice also excludes critical areas of business performance from the continuous improvement process. It would be far better to work with the certification body to draw up an audit program that excludes these from a third party audit but leaves them as an integral part of the company’s system.
Business Processes Aligned with IntegrationWith respect to quality manuals, a company can proceed to ISO 9000:2000 by making a number of updates to a currently approved quality manual. However, given the likely long-term direction of much of the industry toward environmental management systems, it would be a wise investment to consider re-writing the manual. The traditional quality manual is written around the 20 clauses of ISO 9001:1994, typically providing a brief description of how each clause is met. To meet the requirements of ISO 9000:2000, it might be better to re-write the manual based around each of the core and support business processes, providing a brief overview of each. This structure provides an ideal framework for integration. By including an appropriate cross-reference chart and policy statement for each new standard covered, the need for separate manuals disappears. Although this approach creates more work up front, it should save a considerable amount of time in the future.
A More Flexible ApproachCurrently ISO 9000 requires a documented procedure for individual department activities. However, the revised standard focuses on the cross-functional business processes that deliver the product to the client. The formal requirements for documented procedures have been significantly reduced and replaced with a more flexible and practical approach. Any one process can now be looked at in more detail, using the model shown in Figure 2. Each process is focused on what outputs it has to achieve. The necessary inputs are then defined to achieve these outputs. Control is achieved by an appropriate balance of:
- Procedures or methods.
- Competence of personnel.
- Equipment and facilities.
- Rules and regulations.
Control Versus DocumentationMore significantly, each core and support process is required to have some quantifiable measure of performance. The focus of the new standard is that the business processes shall meet the required objectives or targets and be subject to continual improvement. The question of demonstrating to third party auditors that documented procedures are not required is best achieved by the results of the process against the objectives set. While this allows considerable flexibility to a company, it will require a significant change in the approach of most auditors.
The current draft of ISO 9001:2000 clearly states that “procedures may be in any form, type or medium.” This is not a change, but rather an increase in emphasis. It can offer significant reductions in administration for the larger multi-sited companies. Reductions in administration costs can readily be achieved in document control. Storing procedures on an intranet, with general read only access, can eliminate the bureaucracy of change control. Authorization can be conducted electronically, with multiple user approval via e-mail. This makes better use of the recent and ongoing investment in IT that we see in many companies in the industry. In its more radical sense, many new software packages will allow publication direct to internal or external websites. These often put procedures into easy to understand flowcharts and allow links to multimedia solutions such as pictures, diagrams or video clips. When published to websites, they allow ready access from anywhere in the world.
Again, this move away from traditional documentation requires a different approach to that offered by many of today’s third party auditors.
A Focused Approach to ImprovementEffective implementation of the business process approach requires:
- Identification of critical core and support processes.
- Establishment of effective measures of process performance.
- Establishment of objectives for measures of process performance.
- Linking objectives to the quality policy and the requirement for continuous improvement.
Dealing with the TransitionAs many companies experienced with the implementation of ISO 9000, the transition to ISO 9000:2000 brings with it both significant opportunity and risk. If implemented properly, the business process approach of ISO 9000:2000 will provide a proven framework for tangible bottom line improvements, as well as the marketing benefits ISO 9000 certification brings.
Achieving the maximum benefit at minimal cost will require a good understanding of process management principles. This applies both to the company implementing the changes and the auditor verifying them. To achieve this successfully within the transition period, companies should follow these three key recommendations:
- Give implementation of the business process approach top priority in transition plans. Work should begin on this early in 2001. This should ideally include training of key personnel, where required, on the introduction of this technique.
- Take the opportunity for change to develop a quality system that will form the foundation of a business management system capable of being easily developed to cover environmental requirements.
- Ensure that your third party auditor is competent to audit against ISO 9000:2000. A minimum of 30-40 days of direct audit experience in the industry sector per annum, along with formal training to the new ISO 9000:2000 requirements, is recommended.