ISO 9000 family of standards was published for the first time in 1987 and since then has undergone several reviews to meet the ever-changing challenges of global trade. Its 6th version is undergoing review and likely to be finalized by the end of 2015. During its journey of close to three decades, ISO has not limited itself to quality management, but seen the emergence of various other standards like ISO1400 (Environment, Health and Safety), OHSAS 1800 (Occupational Health and Safety), ISO 20000 (IT Service Management), ISO 22000 (Food Safety), ISO 27000 (Information Security) etc., to stay current with technological and societal changes and challenges with time. In spite of these variations and digressions into the areas of other than quality, ISO still remains a synonym for quality management.
Notwithstanding its wider participation by 164 countries in implementation of the standards and very structured and robust review mechanism every five years by technical councils of member countries, the question arises today is “Is ISO as effective today as it was in 90’s to manage quality?” The following are few debatable issues perhaps because of which ISO is perceived as an ineffective management system.
1) ISO is a generic system:
ISO 9000 is a generic system which gives the same standards and guidelines to all kinds of industries be it manufacturing or service. There are lots of variations in the processes and practices from manufacturing to the service sector. Such variations are seen within the same sector as well. For example, processes and quality issues of Automobile industry are not comparable to that of FMCG. Though there are special guidelines/standards like ISO/TS 16949 for automobile and ISO 22000 for Food Safety, the basic Quality Management System remains to be ISO 9000.
What ISO expects is the company going for certification needs to adopt the standard in principle and apply as it suits its business. This is where many companies falter; it requires a lot of commitment and management time to do this. For example, ISO clause no. 5.1 insists on the importance of statutory and regulatory requirements. It does not and cannot tell the company going for certification what statutory and regulatory requirements are necessary and applicable for them. It is the sole responsibility of the company to identify and adhere to them. This gives a choice to them not to include certain uncomfortable regulations in ISO documentation which probably could deprive them from certification.
2) ISO talks what to do and not how to do
ISO initially started as a system that insisted on “Document what you do, do what you document and show the evidence that you are doing in accordance with what you are documenting”. In subsequent reviews of the standard it has moved from this to see the impact on meeting customer’s satisfaction and strengthening internal processes to deliver better, faster and cost effective products and/or services. Revised and refurbished ISO provides a framework for establishing, implementing, reviewing and correcting quality management system. But one serious shortcoming is it does not have in its armor, problem-solving tools and techniques. This is one reason, why the other quality initiatives like Lean and Six Sigma are gaining much more popularity.
3) More focus on audits
Clause 8.5.1 of ISO 9001:2008 insists on continual improvement. It mentions data analysis, audit results, management review etc., as a way for improvement. In reality in many companies lot of emphasis is given on external audits and all the preparations for facing the audit are around closing the non-conformities of the earlier audit rather than demonstrating genuine intent for improvement based on current data analysis using statistical tools. Management sees ISO as a tool to gain market reputation and will not be prepared to lose certification. Under pressure from top management, management representative and other departmental ISO representatives do last minute preparations to see the success of the audit. External audits happen once or twice a year. Rest of the time other business pressures and firefighting will leave little time for building the culture of continual improvement. This is where other initiatives like TQM, TPM, Lean and Six Sigma score high as data analysis, frequent cross-functional team meetings, brainstorming sessions are part of their framework.
4) Unfair practices of the third-party certifying agencies
Certification against ISO standards is a multilayer system with ISO body, national accreditation body and third-party certification body involved in the process. However, third-party certification body is a direct interface between the business entity going for certification and accreditation body and certification decision largely depends on the recommendation from this body. This third party is supposed to be independent and not affiliated in any way with those companies that they audit. However, the company has a right to choose a third party and it normally chooses one which makes certification an easy job. There is a commercial interest for the third party too, a company can engage another third party if the current one makes the audit stringent. This is one of the biggest reasons to make ISO an ineffective system for quality management.
The issues highlighted above are some of the reasons why ISO 9000 is perceived by many as an ineffective system to manage quality. However, these inherent loopholes in the framework can be overcome with subsequent reviews by technical committees. Still, it is one of the most accepted and recognized certifications world over for Quality Management System.