ISO 9001 Okay Now You Have It How Do You Market It?

Marketing ISO 9001 2000.

Lately we’ve been seeing a lot of press releases from wineries and suppliers touting their ISO certifications. “We’ve obtained ISO 9001: 2000,” they trumpet. Great! But what exactly does that mean?

In simple terms, ISO certification verifies a company’s compliance to a set of globally accepted s tandards for quality management and operational systems. The name ISO refers to both the Greek word for equal, and the International Organization for Standardization, a worldwide federation established in 1947 with a mission to facilitate the international exchange of goods and services. More than 90 countries use the ISO standard.

According to Anke Varcin, head of public relations for ISO, the organization’s function is to develop the standards that auditors use to evaluate companies seeking certification. “ISO … does not audit organizations and does not issue certificates attesting to the fact that they conform to ISO standards,” Varcin explained. “Certification is carried out independently of ISO by some 750 certification bodies around the world. ISO does not control their activities.”

How does ISO determine its standards? “What happens is that the need for a standard is felt by an industry or business sector which communicates the requirement to one of ISO’s national members,” Varcin said. “The latter then proposes the new work item to ISO as a whole. If accepted, the work item is assigned to an existing technical committee. Proposals may also be made to set up technical committees to cover new scopes of technological activity. In order to use resources most efficiently, ISO only launches the development of new standards for which there is clearly a market requirement.”

There are many different types of certification, depending on the company’s function and the year in which certification was issued. “Previously, ‘ISO 9000-certified’ organizations were actually certified to one of the three standards in the 1994 version of the ISO 9000 series: ISO 9001, ISO 9002 and ISO 9003,” Varcin said. “The scope of these standards differed, but they were of equal rank.” (For more information about the various certifications, visit the ISO Web site: iso.org.)

In 2000, the revised and improved ISO 9001:2000 standard was introduced to replace the 1994 versions. Organizations certified to the 1994 versions were given until Dec. 15, 2003, to upgrade to ISO 9001:2000. Both ISO 9000 and ISO 14000 concern the way a company goes about its work–but not directly the result of this work. However, the way in which a company manages its processes will obviously affect its final product.

So why seek ISO certification? “Deciding to have an independent audit of a management system … is a decision to be taken on business grounds,” Varcin said. Companies may decide to seek ISO certification for any number of reasons, including market requirements, customer preferences or staff motivation. Companies that adhere to ISO standards may benefit from increased demand for their products, more positive customer feedback and a reduction in costs.

On the subject of cost, there is no set price for certification. According to Varcin, it varies depending on such factors as the company’s current quality management system, the size and complexity of the organization and the attitude and commitment of the top management.

Setting An Example

If anyone knows how the ISO certification process works, it’s Lisa Farrell, director of communications for New York’s Canandaigua Wine Company. Two of Canandaigua’s wineries–Mission Bell, in Madera, Calif., and New York’s Widmer’s Wine Cellars–have obtained ISO 9001:2000, and several more of the company’s California, New York and Washington wineries are scheduled to follow.

“Canandaigua Wine is making a concerted effort toward standardizing its processes throughout the production environment to gain discipline and sustainability,” Farrell explained. “The ISO certification provides us with standard operating procedures, which include valuable communication and system feedback loops among Canandaigua Wine and its customers, employees and managers. It helps us document and control our manufacturing processes to help exceed customer expectations and ensure quality processes within our production environment.”

To get the process rolling, Canandaigua worked with Dr. Judy Luchsinger, who consulted with Fetzer during its ISO certification in 1994. With Luchsinger’s help, Mission Bell and Widmer’s completed the following steps leading to their ISO 9001:2000 certifications.

Applied to approved ISO-certifying bodies and selected Lloyd’s Register Quality Assurance for auditing toward certification

Formation of ISO leadership teams at both wineries

Kick-off meetings held with employees at both wineries

Quality manuals created at both wineries

Employee training at both wineries

Audit and certification process, including all areas of production, bottling and distribution, including internal and external audits conducted by an assessor representing Lloyd’s Register Quality Assurance.

“After the external audit, the assessor then makes a recommendation for or against certification, which is reviewed by the management team of (the certifying body),” Farrell said. Both Mission Bell and Widmer’s were approved after about a year.

“The (certification) standards are challenging to meet,” Farrell said. “To pursue them, you must follow standard operating procedures as outlined in your quality manual and have the discipline and focus needed to follow these consistently and in a highly efficient manner. This process demands strong leadership from senior management and a sense of commitment and teamwork among employees at all levels.”

Is Getting Certified Worth The Effort?

To get the inside scoop, we asked wine industry suppliers (listed in the W & V Buyer’s Guide/Directory) to tell us why their companies took the plunge, and whether or not they’re happy with the results. This partial list represents a random sampling.

Supreme Corq, Inc. Kent, Wash.

According to marketing manager Joyce Steers-Greget, Supreme Corq decided to pursue ISO certification “to ensure a consistent, quality product … to ensure continuing customer satisfaction and effective process controls … and to receive a globally recognized quality process certification.” The company earned ISO 9001:2000 in July of 2002. “Our customers are pleased that we have taken this proactive step … Some larger wineries or grocers require compliance to quality and food standards to be an approved supplier. As the wine industry becomes more global, ISO certification will likely be necessary to compete in this international arena.”

M.A. Silva Corks, USA Santa Rosa, Calif.

“Our supplier in Portugal felt that the market was looking for companies that had that certification, that (it would give them) some sort of competitive advantage. They also felt that it would greatly improve the company’s performance and (help it to) operate at a better standard,” said company representative Neil Foster. After meeting the requirements for ISO 9001, Foster said, the company’s product improved and business increased. “And also new markets opened up for us…and we noticed that we saw increasing business from (existing) customers. It’s a positive thing, without a doubt.”

Novembal San Francisco, Calif.

Though Novembal itself is not ISO certified, its supplier–TetraPak Plastics in Mexico–obtained ISO 9001:2000 in Nov., 2002. “We (felt) that is was important for our company to adopt a quality system like ISO, because this system permits us to integrate all of the company’s processes–human resources, maintenance and management,” said TetraPak ISO coordinator Adriana Flores. Since adopting ISO standards, Flores said, her company’s clients feel more secure and the company’s processes run more smoothly. “The most important improvement is the process standardization.”

Scott Laboratories, Inc. Petaluma, Calif.

“In order for our growing company to continually improve we needed a good documented quality management system,” said ISO lead auditor Mary Ann Changnon. “Also some of our customers were requiring ISO certification from their vendors.” The company’s cork and laboratory sectors were awarded ISO 9000:1994 in July of 1999, and all company sectors obtained ISO 9001:2000 in August of 2001. “We use ISO certification as a sales tool. We open our quality system to our customers so they can see our commitment to continually improve both our products and services. We have noticed improvements in many of our products due to improved processes as a result of customer input.”

A Few Basics of Digital Camera Technology

Digital camera technology has made a huge step forward over past few years. Digital cameras became advanced with a number of enhanced features, and easier to use at the same time. Photography has become more fun with the possibility of taking pictures without using a film, previewing them on a liquid crystal display screen before printing them, and storing all the pictures in a computer or laptop. Digital camera technology also made taking photos less expensive than it was with the film-based cameras.

New terminology used in digital camera technology may seem too complicated and hard to learn, especially for those who spent years learning and using film cameras. However, while the terminology may be new, it is not that difficult to understand the principles of digital camera technology, if you are willing to learn a few basics.

For example, the term pixel, in digital camera technology, means picture element and is the leading indicator of how smooth the picture will look when printed. Digital cameras are all rated in pixels and inform the user how many millions of tiny square make up the picture. A one mega-pixel camera will have one million squares included in it, while a five mega-pixel camera will contain five million. In simpler terms, the more mega-pixels (MP) a picture has, the smoother it will appear.

Color is rendered in a combination of colors, noted as one to 255 in each pixel. Each pixel is defined by a combination of red, blue and green and a different shade of each color combined to provide accuracy. For example, a pixel defined in the digital camera technology of 125-blue, 37-red and 76-green would show as Navy blue. This color rendering is used in each pixel that makes up the color photograph, and provides over 16 million combinations for each color.

When working with film, it was rated for speed, or light-gathering capability. The higher was the ISO number, which used to refer to as ASA, the less light was needed to take the picture. In digital camera technology there are similar capabilities, expressed in the same ISO ratings. Most digital cameras have a pre-set ISO rating of 400. Meaning it will take decent pictures in the ISO ranges of 100, 200 and 400. Above that, the lack of light will affect the picture quality. More expensive digital cameras, may offer settings up to 6,400 ISO. Cameras of this type are normally used by professionals who work in a variety of lighting conditions.

Digital camera technology has advanced zoom capability in optical and digital zoom. Digital zoom may seem to be somewhat the same as optical zoom, but in fact it doesn’t bring objects closer – it is merely enlarging the entire picture and selecting a section from it to make bigger. Usually, with the use of digital zoom the picture loses its quality.

Are You Meeting ISO 27000 Standards for Information Security Management?

The ISO 27000 standard was developed by The International Electrotechnical Commission (IEC) and International Standards Organization (ISO). The ISO 27000 is an industry standard and internationally accepted for information security management.

The ISO 27000 family provides an extensive list of requirements and codes of practice. Of which, ISO 27001 is a specification that sets out the specific requirements that must be followed that a companies information security management system (ISMS) can be audited and certified against. All the other ISO 27000 standards are codes of practice. Therefore ISO 27002, 27003, 27004, 27005, and 27006 will provide non-mandatory but considered as best practice guidelines that companies can choose to follow as required.

With the surge of hack’s and website breaches that have involved many large organizations and their customers information being obtained and leaked has cause for many to realize that no matter how protected you think you are it may require much more consideration than previously thought. This is why there is legislation and requirements in place to help protect that data and all consumers from having their data stolen. As such all companies dealing with sensitive information must comply with the following regulations.

The ISO 27001 currently will help any organization to protect information and is increasingly being adopted and many are now choosing to be compliant regardless of the implementation costs that may be required.

There are many agencies that exist who will perform independent and expert reviews on current systems in place to help show pitfalls and compare against the current industry standards. The benefits of becoming compliant for a business can be that after any iso 27001 gap analysis, based on the information that is obtained from the review an information security framework can be established and recommendations can be made to help bring the security levels up to an industry standard and being accredited with certification can be very advantageous for customers. Once the security levels have been raised there will be an option to educate internal staff with the knowledge to help maintain and progress the internal security infrastructure.

Although being compliant with the ISO 27001 requirements there are other legislative requirements that exist for any company who are store, process or transmit payment card data must be compliant within the following areas of information security management known as the Payment Card Industry Data Security Standard (DSS PCI).

This is just the beginning of the requirements on not just companies but local councils and anyone who is dealing with sensitive information. As technology is ever advancing and changing the legislation and requirements are updating and keep up-to-date to ensure that there is minimal risk to users information.

Hot Off the Press – ISO 9004-2009! A Review

It’s here. A year after the publication of ISO 9001:2008 the companion document ISO 9004 has been updated. And whilst the most recent changes to ISO 9001 have been minimal and to all intents and purposes largely cosmetic, the changes to ISO 9004 have not. The changes are big. In fact the revised standard is barely recognisable from its predecessor. It’s different…

So what are the changes?

… Where do we start?

OK, gone is the old title “Guidelines for Performance Improvement”. The new title for ISO 9004:2009 is “Managing for the sustained success of an organisation – a quality management approach”. Gone is the old familiar format that mirrored ISO 9001. The ISO 9001 requirements as “boxed text” accompanied by some general hints and tips outside the boxed text, there to help us understand and apply the various requirements of ISO 9001. That is gone

In fact, ISO 9004 no longer follows the structure and requirements of ISO 9001 in any real way. It no longer goes through the ISO 9001 requirements and offers specific clause by clause advice. It actually does more or less what the title implies, it offers guidance on a more general “quality management approach”.

This calls into question what the intended application of ISO 9004 actually is. It can no longer really function as an implementation guide to ISO 9001, firstly because it no longer tries to, but secondly because the scope of its content is now fundamentally different. It contains, for example, guidance on such matters as:

  • Strategy and policy formulation
  • Strategy and policy deployment
  • Financial resources
  • Knowledge, information and technology
  • Natural resources
  • Innovation & learning

Wow. That’s different. Good topics though these might be for any management system, they are, arguably, out-with the current scope of ISO 9001:2008. What is more, it appears that ISO 9004 is starting to use some established terms in a different way to ISO 9001. “Policy” for instance. If we look at the way ISO 9001 uses the term “Policy” (with reference to clause 5.3) it deals very much with the one page “statement of intent” that we all know and (maybe) love. ISO 9004 appears to be using the term “Policy” in a broader sense, something more detailed, meaningful and less neutral. And strategy? Well, ISO 9001 currently does not even go there

The most obvious “hit you in the face” feature of ISO 9004:2009, however, is that it borrows very heavily from the EFQM Excellence Model

All of those new topics I listed above feature heavily in the excellence model, and have done for a couple of decades. We saw a small movement to an “excellence model approach” in 2000 when the “8 Principles” were introduced. These principles were lifted, more or less, from the principles that underpinned the EFQM excellence model at the time. Some of them (Continual Improvement, Customer Focus) even generated some significant new requirements within ISO 9001:2000. Many people expected ISO 9001:2008 to move a little further in that general “excellence” direction. It did not, of course. Some of us were pleased, some of us were disappointed. Maybe ISO 9004:2009 is a kind of half-way house? Maybe it has been developed this way as a means of placating those of us that maintain ISO 9001 standards are old fashioned or not challenging enough? Maybe ISO is saying, “OK you want something more challenging? There you are. Next time be careful what you wish for!”

Either way, as a general observation, I have to say that I am detecting some initial confusion. Not that the contents are in any way badly written or irrelevant, just that practitioners are simply confused as to what the intent of ISO 9004:2009 actually is. How are we to use it? Will certification bodies develop a certification scheme for it? (there’s a thought), how are ISO 9001 auditors meant to use it? All these questions remain for the moment, so far as I can see, unanswered

So, yes, it appears to be a “quality” document, but will it be used in a “quality” way? Only time will tell

Digital Photography – A Quick Guide to ISO

ISO should be one of the easiest aspects of digital photography to master, but many beginners in photography still have a hard time understanding this fundamental camera setting.

I suspect this is because of the way it is being taught. You see, ISO started out as a property of film, and it was much easier to visualise it in terms of the old technology. So that’s where I want to start my explanation, before bringing you into the 21st century with ISO today.

ISO actually started out as ASA, which stands for American Standards Association. Decades ago, a commercial film manufacturer came up with a set of numbers to define the sensitivity of different types of film. That set of numbers was accepted by the American Standards Association, so all American manufacturers could use the same system. Later, the American standard was adopted by the International Standards Organization, so ASA became ISO.

What does all that mean? Well, it means that the letters ISO didn’t really stand for anything except for the name of an organization.

What is important is what ISO referred to, which was the sensitivity of the film. The emulsion on some films reacted quite slowly to light, and on other films much faster. Slower films had a smaller ISO number, like 25, 64, 100. Faster films had a higher number, like 200, 400, 800.

A slow film needed a relatively high level of light to create a well-exposed photo. That meant that to take a photo in darker conditions, you would need to use a fairly wide aperture and/or a fairly slow shutter speed to get a result. On the other hand, a faster film reacted to light a lot more quickly, so it needed much less exposure to light to take a photo.

Fast film sounds pretty good, doesn’t it? A chance to take a photo in any conditions without a tripod, and to freeze moving subjects with very fast shutter speeds. So why didn’t everyone just use fast films all the time?

The answer is that the advantages of fast films came with a trade-off; loss of image quality. The grains of emulsion on a fast film were larger, so a photo taken on a film with ISO 400 or 800 had a rougher, ‘grainier’ look. This may not have been a problem in a small print, but became quite apparent with big enlargements. Consequently, most professional photographers preferred to use slower films of 100 or 64 ISO for most of their work.

So is this just a lesson in ancient history? After all, you have a digital camera, so what does all this have to do with you. Well, it may surprise you to know that despite the huge revolution in technology, the essentials of ISO have not changed one bit.

Your camera should allow you the option of adjusting your ISO setting. Just like in the days of film, if you set your ISO to a low number like 100, you will need more light to create a correct exposure. That means that you may need to keep a tripod handy for cloudy days, and in certain low-light situations you may not always get the aperture and shutter speed settings you want. If you set your ISO to 400 or 800, your camera will become much more sensitive to light; you will be able to shoot in exactly the same conditions without a tripod, and with greater flexibility to choose the aperture and shutter speeds you want.

But here is the amazing part. Higher ISO settings still come with the same trade-off that once existed with film. Along with the speedier sensitivity to light, you can also expect the image to have a grainier finish. I don’t know if it is pixellation, or digital noise, or a combination of both, but it is generally understood that for all their advantages, high ISO photos come with a reduction of image quality that becomes more obvious the more you enlarge the image.

So there you have a quick introduction to what ISO is all about. Perhaps I am just showing my age, but I find this subject easier to explain in old-technology terms. For many people it is easier to visualise when related to something solid like film, rather than something that happens on a computer chip. Anyway, I hope this helps you if you have had trouble understanding what ISO is all about.

ISO 9000 Software Products

For most companies, adhering to the strict regulations regarding document management and implementation of ISO 9000 standards can be a monotonous task. Luckily, since ISO 9000 was first developed almost 20 years ago, a variety of ISO 9000 software products are now available for purchase.

ISO 9000 software is available to suit any business’ needs. Whether it is a large or small company, a software program can be selected from over 300 products to meet the specific requirements of the quality process. Prices range from a couple hundred dollars to a few thousand dollars depending on the resources needed. Even a small start-up company can afford some of the options, and ISO 9000 software solutions can make it easier to implement quality procedures.

On the lower end of the price spectrum is 3C Technologies’ Rapid Start Up Kit. Prices for this program begin at around $145 and include all of the features that are currently available for ISO 9000 software. This program is only compatible with Windows operating systems. A few of the areas in which the program can manage are quality control documents, training, contract review and product identification. This is an ideal program for small or start-up businesses that need assistance in complying with ISO 9000 regulations.

One example of ISO 9000 software designed for medium-sized businesses is designed by Advanced Technologies. This product begins at $395 and is perfect for businesses ready to take the next step in quality control management. Like other programs, it offers a wide range of solutions for the management process. Process control, testing and inspection, and corrective and preventative management represent only a few of the areas covered.

For larger corporations and those with advanced needs, a more expensive and thorough program should be considered. Blue Mountain software is one ISO 9000 software management system for large companies. With prices beginning at $1500, the cost may be a little steep for small businesses. This program is designed as a calibration manager and has been praised as an asset in maintaining the rigid standards of ISO 9000 certification.

Competition among businesses is fierce. ISO 9000 certification can give your company an advantage of the competition because customers know they can expect a high level of service from both the company and the products. The standards set forth for ISO 9000 certification and management thereof can become overwhelming and daunting tasks. Reviewing and purchasing a comprehensive ISO 9000 software program can make the process of implementing and managing your quality processes much easier.

How Much Does ISO 27001 Implementation Cost?

This is usually one of the first questions I receive from the potential client. To their disappointment, I cannot give them the exact figure right away – here is why.

First of all, the total cost of implementation will depend on the size of your organization (or the size of the business unit(s) that will be included in the ISO 27001 scope), the level of criticality of information (for instance, information in banks is considered more critical and demands a higher level of protection), the technology the organization is using (for instance, the data centers tend to have higher costs because of their complex systems), and the legislation requirements (usually the financial and government sectors are heavily regulated with regards to information security).

Second, you won’t be able to calculate the exact costs before you know which level of protection you need – first you have to perform risk assessment, because such analysis will tell you which security measures are required.

When you know the results of risk assessment, you will have to take into account the following costs:

1. The cost of literature and training

Implementation of ISO 27001 requires changes in your organization, and requires new skills. You can prepare your employees by buying various books on the subject and/or sending them to courses (in-person or online) – the duration of these courses varies from 1 to 5 days.

And don’t forget to buy the ISO 27001 standard itself – too often I run across companies implementing the standard without actually seeing it.

2. The cost of external assistance

Unfortunately, training your employees is not enough. If you don’t have a project manager with deep experience in ISO 27001 implementation, you’ll need someone who does have such knowledge – you can either hire a consultant or get some online alternative (this is what we do at Information Security & Business Continuity Academy ).

The greatest value of someone with experience helping you with this kind of project is that you won’t end up in dead end streets – spending months and months doing activities that are not really necessary or developing tons of documentation not required by the standard. And that really costs.

However, be careful here – do not expect the consultant to do the whole implementation for you – ISO 27001 can be implemented by your employees only.

3. The cost of technology

It might seem funny, but most companies I’ve worked with did not need a big investment in hardware, software or anything similar – all these things already existed. The biggest challenge was usually how to use existing technology in a more secure way.

However, you do need to plan such investment if it proves to be necessary.

4. The cost of employees’ time

The standard isn’t going to implement itself, neither can it be implemented by a consultant only (f you hire one). Your employees have to spend some time figuring out where the risks are, how to improve existing procedures and policies or implement new ones, they have to take some time to train themselves for new responsibilities and for adapting to new rules.

5. The cost of certification

If you want to obtain public proof that you have complied with ISO 27001, the certification body will have to do a certification audit – the cost will depend on the number of man days they will spend doing the job, ranging from under 10 man days for smaller companies up to a few dozen man days for larger organizations. The cost of man day depends on the local market.

You have to be very careful not to underestimate the true cost of ISO 27001 project – if you do, your management will start looking at your project in a negative light. On the other hand, forecasting all costs correctly will show your level of professionalism; and don’t forget – you always have to present both the cost and the benefits.

ISO 9001 – 2008 Frequently Asked Questions (FAQ)

What Is The ISO 9001: 2008 Standard?

The latest edition of the ISO 9001 standard ISO 9001: 2008, Quality Management Systems Requirements, was officially published by (ISO) the International Organization for Standardization on November 14, 2008. It is the fourth edition of the ISO 9001 standard since it was first published in 1987.

ISO 9001:2008 is a standard that provides a generic set of requirements for organizations wishing to develop a quality management system (QMS). The ISO 9001:2008 standard focuses on improving an organizations business processes. It does not specify any requirements for product or service quality.  Customers typically set product and service quality requirements. However, the expectation is that an organization with an effective ISO 9001 based QMS will indeed improve its ability to meet customer, statutory and regulatory requirements.

This is the only QMS standard to which an organization may obtain formal third party certification. Because requirements are generic and not specific, organizations have flexibility in tailoring their QMS to fit their business, culture and risks.

ISO 9001 requirements complement contractual and applicable statutory and regulatory requirements. Those implementing a QMS conforming to ISO 9001 must ensure that the specific requirements of their customers and relevant statutory and regulatory agencies are met.

Who Is Responsible For Revising QMS Standards?

The ISO Technical Committee no.176, Sub-committee no.2 (ISO/TC 176/SC 2) is responsible for the revision process in collaboration with consensus among quality and industry experts nominated by ISO Member bodies, and representing all interested parties.

Does ISO 9001:2008 Have Additional Requirements Beyond ISO 9001:2000?

This latest (4th) edition of ISO 9001 contains no new requirements compared to the (3rd) year 2000 edition, which it replaces. What it does is provide clarification to the existing requirements of ISO 9001:2000 based on eight years experience of worldwide implementing of the standard and introduces changes intended to improve consistency with the environmental management system standard, ISO 14001:2004.

The clarifications and changes in ISO 9001:2008 represent fine-tuning, rather than a thorough overhaul. It focuses on changes that organizations might make to better comply with the spirit of the standard without adding, deleting, or altering its requirements. The changes are minor in nature and address such issues as the need to clarify, provide greater consistency, resolve perceived ambiguities, and improve compatibility with ISO 14001. The numbering system and the structure of the standard remain unchanged. As a result, the new standard looks much like the old standard.

ISO has organized the changes incorporated in this ISO 9001:2008 edition into the following categories:

– No changes or minimum changes on user documents, including records

– No changes or minimum changes to existing QMS processes

– No additional training required or minimal training required

– No effects on current certifications

In contrast, the 3rd edition, ISO 9001:2000 published in 2000, represented a major overhaul of the standard, including new requirements and a sharpened customer focus, reflecting developments in quality management and experience gained since the publication of the initial version.

Then Why Was It Necessary To Introduce This Revision?

All ISO standards, currently more than 17 400, are periodically reviewed. To ensure that ISO standards are maintained at the state of the art, ISO has a rule requiring them to be periodically reviewed and a decision taken to confirm, withdraw or revise the documents. The review process must be initiated within 3 years of publication of a standard. The review considers several factors such as technological evolution, new methods and materials, new quality and safety requirements, or questions of interpretation and application.

The review of ISO 9001 resulting in the 2008 edition was carried out by subcommittee SC 2 of ISO/TC 176. This subcommittee, which is responsible for the ISO 9000 family, unites expertise from 80 participating countries and 19 international or regional organizations, plus other technical committees.

This review has a number of inputs that help it:

o A global user questionnaire/survey 

o A market Justification Study 

o Suggestions arising from the ISO/TC 176 interpretation process 

o Opportunities for increased compatibility with ISO 14001 

o The need for greater clarity, ease of use, and improved translation

o Current trends – keeping up with recent developments in management system practices.

How Does The New ISO 9001 Standard Affect Existing ISO 9001 Quality Management Systems?

As currently certified organizations start looking at ISO 9001:2008, they will wonder to what extent the changes will affect them. To a large extent, the new standard will not result in significant change to existing quality management systems (QMS).

ISO/TC 176 was careful in not making change for change sake. The changes that have been incorporated into this edition of the ISO 9001 standard include changes that should lead to a better understanding across a broader range of product types, including service organizations; use of deliberate wording to minimize the potential for incorrect user interpretation; and reflect nuances of similar word concepts. Lastly, some of the changes to specific clauses were made based on the 2004 International User Feedback Survey. This survey was conducted after the publication of ISO 9001:2000 and had invited respondents to identify areas they most wanted to see improved.

What Is The Transition Time Frame To Comply With This Revision And Does My Organization Require Full Re-Assessment For Certification?

Certification to ISO 9001:2008 is not considered an upgrade.  The rules for transition are as follows:

1. The new edition will not require any specific reassessment for certification. Certification Bodies will evaluate conformity to the new ISO 9001:2008 standard during regular surveillance visits and full reassessment will only take place once your current certificate expires.

2. ISO and the IAF have agreed that all certificates to ISO 9001 should be transitioned to ISO 9001:2008 within 2 years of publication date, (i.e., by November 14, 2010). Your organization can request your Certification Body (Registrar) to asses your QMS to ISO 9001:2008 at your next Surveillance audit.

3. One year after publication of ISO 9001:2008 (i.e., by November 14, 2009), all certifications issued (new certifications and re-certifications) must be to ISO 9001:2008.

4. Two years after publication of ISO 9001:2008 (i.e., by November 14, 2010), existing ISO 9001:2000 certifications will not be valid.

5. Organizations in the process of certification to ISO 9001:2000 are recommended to apply for certification to ISO 9001:2008.

This transition plan is deemed realistic, because ISO 9001:2008 introduces no new requirements. So basically, you have a two year transition window starting from November 14, 2008, so don’t leave it to the last moment to make the transition.

What Will Happen To The Other Standards And Documents In The Current (2000) ISO 9000 Family?

The four primary standards of the current ISO 9000 family are the following:

o ISO 9000:2005 already published  – no major changes expected for 2009 

o ISO 9001:2000 to be superseded by ISO 9001:2008 

o Significant changes are planned for ISO 9004 with a planned publication date of late 2009. 

o ISO 19011:2002 is currently in the initial stages of the revision process, with a new version expected in 2011.

The other standards and documents will be reviewed and updated as necessary.

How Much Is The Implementation Of The New Standard Going To Cost?

One of the goals of ISO/TC 176/SC 2 is to produce standards that will minimize any potential costs in implementation or transition.  Any additional costs may be considered as a value-adding investment. A key factor in the development of ISO 9001:2008 was to limit the impact of changes and costs on users. So don’t flinch at negotiating with your certification / registration body, if they try to increase costs of certification.

What Do Auditors Need To Know About ISO 9001:2008 Standard? 

Auditors, whether external or internal, should be able to demonstrate their competence on the structure, content and terminology of the standards listed below, and also on the underlying Quality Management Principles.

The standards require that auditors are able to understand the organization’s activities and processes and appropriately audit against the requirements of the ISO 9001 in relation to the organization’s objectives. Auditors should be able to demonstrate competency in:

o The requirements of the ISO 9001:2008. 

o The concepts and terminology of the ISO 9000:2005. 

o The eight Quality Management Principles 

o A general understanding of  ISO 9004 

o Familiarity with the auditing guidance standard ISO 19011. 

How Will ISO 9001:2008 Relate To The Needs Of Specific Business Sectors? 

ISO 9001:2008 remains compatible with existing management systems standards for specific business sectors like ISO/TS 16949, AS 9000/EN 9100 and TL 9000. 

Users of a specific sector scheme should refer to the organization that is responsible for that sector scheme, e.g. for:

o           ISO/TS 16 949 refer to the IATF, 

o           TL 9000 refer to the QuEST Forum 

o           For AS 9000/EN 9100 refer to the IAQG

The ISO Brand

The ISO brand has several features that characterize the development process and nature of its standards. Some of these features have been enumerated below:

1. Democratic: Every member of the ISO is entitled to participate in the developmental procedure of all standards that are considered important by the member for the economy of its country. Regardless of the strength or size of that country’s economy, every member of the ISO has a vote. Thus, every country has an equal footing in terms of being able to influence the practical content of ISO’s individual standards as well as the course of ISO’s efforts at a strategic level

2. Market-driven: ISO develops only those standards that have some market requirement. Thus, most work is performed under the surveillance of professionals from the technical, business, and industrial sectors which require standards, and which are subsequently going to put them into practice.

3. Voluntary: ISO resembles a non-governmental organization in that it has no lawful authority to impose its standards. It does not legislate or regulate. However, nations may decide to accept ISO standards – mostly those concerning health, environment, or safety – either as policies or use them for providing a technical basis to the legislation.

4. Globally Relevant: ISO standards can be considered technical agreements that offer a framework for technology that is compatible all over the world. Thus, they have been specifically planned to be useful everywhere i.e. be globally applicable.

5. Consensus: ISO standards have been developed after obtaining international consensus from experts in every field. Like technology, consensus also continues to evolve and hence, ISO takes both into consideration – the evolving interests and evolving technology by taking a periodic evaluation of all its standards every five years in order to plan whether they must be updated, withdrawn, or maintained.