ISO 9001 at The Highest Level
As we continue the EBS ISO 9001 DIY implementation article series, let’s take a deeper dive and look at ISO 9001 from a chief executive point of view. We provide an executive summary and look at the ISO 9001 standard and its requirements from a 40,000-foot level while explaining why the major ISO building blocks actual form a strong foundational structure of core fundamental business practices.
It’s easy to get bogged down in the minutia of the ISO 9001 requirements and lose site of the bigger picture. When we step back and look at the forest rather than the trees, it becomes apparent that many of the general processes associated with ISO 9001 just make good business sense and bring significant value to an organization when implemented and utilized correctly. It is often surprising to me that so many companies we work with have not already implemented many of these fundamental practices, even without ISO 9001 or other similar management system certifications.
When you look at the major building blocks of an ISO 9001 management system, you begin to see the system for what it really is; a set of interconnected good business practices that focus organizational resources toward meeting customer requirements and expectations. Add to that, an internal continuous improvement orientation that utilizes goals, objectives, and metrics to measure, monitor, and improve key organizational processes and systems. How can these basic practices be wrong for any organization!
The Core of ISO 9001
Let’s take a closer look at some of the core ISO 9001 building blocks by distilling down the requirements into their basic intentions and meaning. Jumping right to the core of the ISO 9001 standard (sections 4-10) we’ll attempt to interpret each of these sections in general layman’s terms and define the basic intentions of the standard.
Section 4 – Context of the Organization: This initial set of requirements focuses on the business as a whole and requires some level of strategic analysis and planning activities. Based on these defined strategies, the organization must define the scope of the management system along with the fundamental operational and administrative business processes which drive the organization on an ongoing basis. Please note that ISO doesn’t specifically require strategic planning activities, but we just don’t see the point in completing all the required environmental analysis without actually using this information to generate and implement some type of business strategy.
Section 5 – Leadership: It all starts at the top and ISO 9001 requires executive management to not only be directly involved with the management system, but to also take a significant leadership role to demonstrate that leadership throughout the organization. Much of this section really deals with management setting the tone and culture for the organization and management system through communication, actions, support, and accountability. Specific actions include establishing a high-level quality policy, defining organizational roles and responsibilities, and promoting a focus on end customer satisfaction.
Some of the key ISO 9001 leadership requirements include:
- Ensuring that the ISO 9001 management system is effectively implemented and achieves its intended results,
- Establishing policies and objectives, and ensuring that they are compatible with the organization’s strategic direction,
- Ensuring that the ISO 9001 requirements are integrated into the organization’s existing business processes,
- Promoting a culture which facilitates the process approach, risk-based thinking, customer focus, and continuous improvement,
- Determining and providing adequate and competent resources, and
- Engaging and communicating with employees concerning the importance of and need to contribute towards the effectiveness of the ISO 9001 management system.
Section 6 – Planning: It is always a good idea to create a plan before taking action. This section adds a new requirement for completing some form of risk management based on the strategic planning activities established under section 4 (Context of the Organization). Planning also involves establishing key business objectives and plans to achieve those objectives. When changes are implemented to the business and management system, ISO requires that you have some type of established process and plan for managing those changes (change management).
The following list of ISO 9001 clauses demonstrates the importance of planning throughout the ISO standard:
- 6.1.2 – Planning of actions to address risks and opportunities (Risk Management)
- 6.2 – Quality objectives and planning to achieve them
- 6.3 – Planning of Changes (Change Management)
- 8.1 – Operational Planning and Control
- 8.3.2 – Design and Development Planning (Project Management)
- 9.2.3 – Verification of Effective Planning
- 9.2.1 – Planning for Internal Audits
- 9.3.1 – Planning for Management Reviews
Section 7 – Support: The organization is required to provide adequate resources to operate the business. This includes people, infrastructure (buildings, equipment, utilities, etc.), an appropriate work environment, information, and documentation. The ISO standard takes people resources a step further and requires them to be competent for their assigned duties and responsibilities. The organization must provide adequate communication to ensure that everyone is aware of the core business policies, objectives, and the management system. One new set of requirements addresses the need to determine and manage organizational knowledge where needed throughout the organization.
Section 8 – Operation: This section covers what usually constitutes the core value chain or main operations for an organization. Requirements address operational planning, management of customer orders, design and development activities, and supply chain management. Controls must be established to ensure products (or services) meet specifications and those that don’t meet specs (nonconforming outputs) aren’t used, shipped, or delivered to customers. Materials and product must be identified and controlled throughout production and where warranted, equipment and processes must be validated.
Production activities don’t stop when the product is shipped or services are provided as the organization must define and control any post-delivery activities such as installation, servicing, and repair. Any changes to products or operational processes must be controlled and planned.
Section 9 – Performance Evaluation: The only way to know how the organization is performing is to measure it. This section addresses the need to implement methods and processes focused on measuring product, process, and overall business performance. This includes assessment of customer satisfaction levels, management system performance through self-audits, and evaluation of the overall business performance by executive management.
Analysis and evaluation of the management system and organization is monitored and measured through established performance metrics at all levels of the organization. All information and data associated with objectives, measures, and metrics is analyzed and evaluated with the results provided to appropriate leadership and management functions.
Section 10 – Improvement: This is a continuation of section 9 where the results of performance evaluation activities are used to determine where and how the organization needs to make changes and drive improvements. When changes are needed or nonconformities exist, corrective actions must be formally completed and documented.
Based on all the outputs and results of sections 4 – 10 of the ISO standard, the organization must continuously identify and execute improvements throughout the entire organization which loops us back the start of section 4. This is all about maturing the management system and growth of the organization.
After considering all that this ISO 9001 executive summary offers, anyone with good general business knowledge considering these basic requirements would have to agree that these practices are fundamental to operating any business in a responsible and effective manner. Consider this list of fundamental business practices which are widely accepted beyond ISO 9001:
- Strategic Analysis & Planning
- Risk Management
- Resource Management
- Control of Operations
- Performance Management & Improvement
- Customer Focus and Satisfaction
As you develop and implement your ISO management system keep your eye on the big picture and what ISO is really asking for. Consider how each requirement or clause from the ISO standard fits into the big picture and how it can impact and help your organization perform more effectively.