ISO 9001 Compliance
A Core Business Solutions article in the ISO Explained series
July 24, 2008
ISO 9001 Done Right!
Leveraging ISO 9001 to Achieve Real Business Value
by scott dawson
Executive SummaryOver the years, ISO Champions have come to realize that there are common threads in their ISO success stories. This article reviews and analyzes these successes and provides practical suggestions for those who want to get their ISO project off to the right start. The three magic pills to achieve genuine value from ISO are what we call "ISO Done Right". They are:
This article speaks to those who are just beginning their ISO 9001 journey, and to those who already have quality systems that may not be providing satisfactory results.
ISO Done Right!
"The number one 'mistake' companies make in implementing ISO 9001 is to make things too complicated."
When I got back from a week of "ISO boot camp" (Lead Assessor Training) I was somewhat overwhelmed. Not only was I confused by all of the new terminology (why can't they write this stuff so mere mortals can understand it?) but I was sure we were going to need some help. Even if we could pull everything together and somehow pass the audit, we'd be left with a boatload of procedures, meetings and administrative work to maintain the certification.
I met with my boss the following week for a debrief meeting. "We can certainly get this done", I said (just HOW wasn't clear to me), "but I'm going to need two or three new staff people in QA to keep up with everything." My boss glanced over my draft project plan and said simply, "I believe I said I wanted YOU to get the ISO certification. You'll have to make do with the staff you have." Gulp. I knew that I'd have to get creative in terms of getting everyone involved and to keep everything as simple as possible.
A lot has changed in the world of ISO since those early days (including the elimination of ISO 9002 - everyone gets an ISO 9001 certification these days) and many of us think we've finally figured out what all the technical jargon really means. It's also helped to actually see ISO in action in real companies. I have now had the opportunity as a consultant for the past 8+ years to see ISO in companies big and small in many industries such as manufacturing, service, technology, education and others. I've grown to appreciate a few things that seem to make all the difference in how ISO impacts an organization, whether positively or negatively.
On The One Hand ...
Is your IS0 system ...
(... now be honest)
Slightly better are those companies who try to keep up with everything through the year unless a "crisis" comes up or everyone gets too busy. Unfortunately the crisis-of-the-month and the too-busy-with-the-customer excuses are quite routine and, worse, acceptable justification to "work around the system". In too many cases these short term lapses become the standard operating procedure. Once the dust settles things get mostly caught up until the next "all hands on deck" is signaled. These companies commonly think of ISO as a "necessary evil" that has to be tolerated.
... On The Other HandWhile all of this seems rather cynical, there are happily a large number of ISO certified companies who appear to "get it" when it comes to achieving real value from their ISO QMS (quality management system) and have integrated it nicely into their daily business operations. In these companies, the management team has learned how to use the discipline imposed by IS0 to their advantage in solving real problems and consistently achieve genuine improvements in business performance. These organizations report tangible and intangible benefits by using ISO as a lever for improving both customer satisfaction and their own bottom line.
I have personally worked with many of these ISO Champions over the years and have come to realize that there are a few common threads evident in their success stories. The remainder of this article will review some practical suggestions for those who either want to get their ISO project "off to the right start" or get their QMS "back on the right track".
In either case, the three "magic pills" to achieve genuine value from IS0 are what we call "IS0 Done Right". They are:
Keep it SimpleEvery Registrar I've worked with has repeatedly said that the number one "mistake" companies make in implementing IS0 9001 is to make things too complicated. When procedures and processes are complicated they are cumbersome and expensive to maintain and create a stumbling block for getting the job done. The result is that these complicated and confusing processes are simply bypassed with "work arounds" when time is short or the pressure is on.
Why do we complicate our IS0 systems?
A common reason for overly-complicated QMS processes is a misunderstanding about what is REALLY required for certification. When a new ISO implementer is faced with his/her initial ISO learning curve there is a lot of fear regarding "passing" or "failing" the audit. This fear, coupled with an uncertainty about ISO requirements, often leads to a "better safe than sorry" mentality when setting up the company's ISO system.
Another source of overcomplicating ISO stems from those who previously worked in a "big company" that was ISO certified and they bring the same processes into their current smaller companybecause "that's what ISO expects". The assumption is that if itworked in another company it must be the "right" way to satisfy the auditor. What is not necessarily appreciated or understood is that IS0 9001 is merely a general framework of good quality practices, not a script to be followed identically in every business. The general (and some would say "vague") language in the ISO standard is purposely non-prescriptive to allow for a great deal of flexibility when applying the requirements to your specific business. There is not "one size fits all" when it comes to how to set up an effective ISO QMS.
A third reason ISO is often made too complicated comes from those of us who have been exposed to ISO for years. In the year 2000 the ISO 9001 standard was overhauled to be more adaptable to more types of businesses. For business folks like myself who have worked with the old ISO (1994 version and previous) we remember the inordinate number of documented procedures required and the overall over-kill that was found in nearly every "clause" of the standard. But in the new "IS0 for the 21st century" the requirements were opened up to work not only for big manufacturing companies but for service companies, schools, technology firms, consulting firms and even one-man shops (yes, we've worked with a growing number of one-man shops to achieve ISO certification!). In making the certification more adaptable, there are many areas of the standard that were greatly simplified. For this alone, many of us give thanks!
How then can we simplify our ISO systems? Here are some suggestions that we've seen work in dozens of companies, large and small, in many different industries:
Drive Business ValueIn addition to simplifying your QMS wherever possible, there is a second major area of focus in terms of the overall approach to ISO that will maximize your return-on-investment. From a big picture perspective, ISO is intended to improve business performance, especially as it impacts your customers. It is common for practitioners to miss seeing the forest for the trees. The ISO 9001 process model starts with customer requirements (business opportunities!) and translates them into customer satisfaction (leading to more business opportunities!) through excellent performance.
A critical weakness in many companies who don't see ISO as an integral part of business success is that the big picture gets lost with all of the attention given to compliance. A better perspective would be to see compliance with ISO requirements as a means to a more important end - better performance for customers.
To make this practical, there are two key things that a management team can do to keep their QMS focused on what really matters to the business (see 5.2 in the standard).
Whether you are just starting out on your first ISO implementation or have had your system in place for years, (re)aligning your QMS so that it actually produces measureable business value will help to sucessfully integrate ISO into the heart of your organization.
Don't Do It For the AuditorA third key to getting the biggest bang-for-the-buck from your ISO efforts is to avoid the "just do it because the auditor will want to see it" mentality. That's the kiss of death for any company trying to make ISO relevant and important.
You'll hear this attitude in comments such as:
This last one makes me laugh - as if the entire International Organization for Standardization in Geneva, Switzerland is standing over your shoulder to force you to do something that's simply a waste of time. I assure you that the folks in Geneva have better things to do.
To combat that "victim" mentality, stay focused on our first two points: Keep it Simple and Drive Business Value. Always ask:
Staying focused on making every aspect of IS0 a true benefit to your company will pay huge dividends in terms of commitment and end results.
The Road Less TravelledEvery ISO certified company faces the same challenges - avoiding bureaucracy, eliminating wasted effort, maintaining relevancy, achieving results that matter. The past 20+ years of the World's ISO 9001 experience has shown that there are two implementation paths that a company can take. The all too common approach is the obvious, myopic focus on "just get certified". The other approach is "The Road Not Taken" (Robert Frost) by many companies, but promises to "make all the difference" in terms of measurable benefits to your company beyond the "certificate on the lobby wall".
This second path is labeled "IS0 Done Right." Which will you take?
EpilogueIt was the discovery that there are a few practical steps any company can take to gain real ROI from ISO that led to the launch of the 9000World website with the theme of "ISO Done Right". Thanks to all of our past clients who taught us these lessons. We have attempted to create simple, practical tools and professional support services designed to help companies get the most from their ISO certification. Everything we do with our clients is aimed at a single objective: aligning the focus of ISO implementation with achieving real business value so that you get more out of your ISO certification efforts than you put into it.