Should I be ISO 9000 certified?

Factual Questions
1

I see this printed on some business cards, most recently on the card of an instructor who taught a class at our facility on high speed data pipes (we’re getting ready to deploy gigaswitches, in case anybody’s interested). Anywho, I thought to myself- hey, I used to be an instructor. Taught some fairly heavy stuff, if I do say so myself. Semiconductor physics, microprocessor architecture and more, but I never had to become ISO 9000 certified to do it.

Then I had a revelation: go look it up and see what it means, knucklehead. Here’s what I got:

*In its simplest and most basic form, an ISO 9001/2/3-based quality management system contains a series of documents that require a company to:

•document what it does
•perform to that documentation
•ensure the process is effective
•record the results of the work*

Don’t all reasonably successful companies do this in some way? What’s so magical about being “certified” that you behave in this manner? Do I personally go out and get certified or does my company get certified and then it sort of trickles down and causes me to become certified by association? I heard that it was a gastly expense (thousands of dollars), but can’t really find anything online about it.

Did my instructor have this on his business card to say that he, personally was certified (and if so, why would I care?) or that the company he worked for was certified?

In high school, voted most likely to get stuck in a clarinet.

2

Typically, large companies become certified; I don’t think you can as an individual.

Certification is costly and takes a long time.

Basically, ISO 9000 certification verifies that you have good processes in place, and everybody adheres to them. They come in and ask you “how does x happen?” You show them some document that describes how it happens. Then they ask all the people involved how it happens. Their answers need to match the document.

I’m a startup guy myself, and all that paper is not for me. But sometimes you have to do it, especially if your customers demand it. It’s important for customers, especially in the manufacturing area, to ensure consistant quality.

3

It’s a hedged bet on caveat emptor. A number of companies have declared that they will purchase only from vendors who are ISO 9000 (or 9001 or 9002) certified. Since the certification allegedly requires the certified company to meet a goodly number of standards set and audited by an independent outside agency, a purchaser knows that there is a certain base line quality that has been met by the vendor. Since this process is international in scope, it allegedly makes the world trade playing field more level. (If a company gets the certification in country A, competing vendors in country B cannot claim “Well, you know how shoddy the products from A are.”)

The reason I have included all those "allegedly"s is not that there is anything wrong with the process. I have seen a couple of companies go through this and the auditing is thorough. Not only does the certified company have to prove that their manufacturing standards are high, they must prove that they buy their resources or components from quality vendors (usually ISO 900x certified, as well). They must also prove that their internal business practices are reliable and ethical, providing full documentation for their design and manufacturing processes and fully auditable records for their finances (A/R, A/P, G/L) and even marketing.

However, (you knew there had to be a however), the ISO people are up to their chins in certification requests. Once a company gets certified, there is not a strong probability that they will get a surprise audit from the ISO people. Also, since the process requires so much paperwork, the ISO people have not yet gotten to the point of running real-time audits on the systems of the companies undergoing certification. The process is sufficiently thorough that I doubt that many companies would actually be able to bluff their way through the process. They do have to be able to prove any assertion they make, allowing the ISO people to look at their books.

There is not a sufficient incentive to keep the process in place once the certification is complete. I suspect that many companies perform a lot of manual labor to acquire certification without investing the same money and energy into modifying their information systems to keep up the good work. I do not think that there is a lot of fraud behind ISO (yet), but I suspect that there is a lot of “slop” within many certified companies.

I have no idea what a human does to be ISO 9000 certified. (I would guess that it is a matter of demonstrating the appropriate education and job experience, but I’m guessing.)

4

Opus:

I spent a couple of months last year shepherding our company through the ISO9000 registration, so I can tell you bit about it. When I first confronted the ISO documentation I was hopelessly lost. Everything seemed so nebulous that it as like trying to grab smoke. Eventually I began to make sense of it.

In essence, you are correct. Any reasonably functioning company will already have much of the ISO practices in place. The point is to convince a regulatory party that this is the case. There are certain companies which will (for a fee, of course) come in to “audit” your company and agree that your practices meet the requirements set by the ANSI (American National Standards Institute) document outlining ISO9000. There are other companies that will coach you through the auditing process, nd sill others that will sellcourses, software, etc. to make the process easier. I sometimes seems as if the purpose of ISO9000 is to provide opportunities to let your company spend money on things it’s not clear that you need. But let’s not be cynical.

The point of ISO is to show that you have a clear procedure, can document the procedue, and can produce documents to show that you follow these procedures. You prodce a lot of paperwork in the couse of ISO certification, bcause this is the only vidence you have tha will convince your auditor that you are, in fact, doing what you say you are.

The fun part is that you get to say what your procedures are. The auditor doesn’t know your business, so YOU write the inspection procedures, manufacturing instructions, etc. YOU get to decide where and how yo store records on ever process. It’s a blank slate. Once you realize this, everything seems OK. After a while, though, you realze that you aren’t completely free. There are certain things that the auditor expects, and if you dn’t have outlined a procedure (backed up by documentation) you won’t pass inspection.

This probably sounds vague, still. But the est of the system is that you can trace your operations. If, three months from now, a customer discovers that a left-handed widget doesn’t work because part of it was assembled with a mis-calibrated tool, you are supposed to be able to track down the errant tool that caused the mess, and can locate the OTHER broken widgets that haven’t been reported yet, and can recall them.
To satisfy the auditor, you show them that you can produce such a paper trail – Customer Complaint Forms, Sales Records, Calibration Certificates, Purchase Orders, etc. You need a written procedure that tells how you deal with the Customer Complaint, and Procedures that tell how the Sales Recrds are written up, and how often you Calibrate your equipment, and Log Books that prove this. You have to perform “internal adits” on regular basis to show that your employees know an understand these rules, and to provide a way of self-correcting problems before the auditor shows up.

This is less complex than it sounds. The real challenge is in keeping the bureaucracy to a minimum – it’s easy to abuse the system an produce too much paperwork. That’s counterproductive. If you require too much, no one will fill it ut, so it won’t get done anyway. Do too little paperwork, and you won’t convince the Auditor that you’re adhering to the rules.

The payoff is that you can deal with any other SO certified company, and you don’t have to worry about the traceability of their material – after all, they’re keeping records, too.

Is it worth it? If other companies decide to only deal with other ISO certified cmpanies, this gives you an advantage over the competition. It’s an added expense, and you have to weigh the costs in time and money against what might be a market advantage. I’d rather spend my time doing other things personally. But it can be done without drowning in a swamp of paper and time-wasting procedures.

Oh, yeah – don’t read the chapter in Dilbert’s Guide to Business until you’ve passed your certification audit.

5

tomndebb said "There is not a sufficient incentive to keep the process in place once the certification is complete. "

Have to disagree with that. Recertification yearly and audits in between are required to keep the certification. The company I work for found keeping the certification was more difficult than getting it in the first place. People tend to slack off and require consistant monitoring to insure compliance with the spec.

6

Actually, ISO 9000 certification requires that your standards exist and be consistently followed. At least in theory, you can make crap repeatably and consistently and be ISO 9000 certified.

I’ve been involved in a few ISO 9000 certification efforts. I’m told (by one who should know) that a well-known high-tech electronics firm in the Boston area went through ISO 900 certification. Around that time, they bought a five-person garage-shop compnay, partly for the technology and partly because they were ISO 9000 certified. The big company hoped to learn some ISO tricks from the small company.

The Engineering Change Order procedure was the equivalent of “go tell Al and let him deal with it”. The Returned Material Handling procedure was the equivalent of “give it to Ruth and she’ll log it in and do something appropriate.” And so on.

The procedures were written down and they could prove that they followed them.

7

Oh, and if you don’t believe that ISO 900x companies can’t produce crap … there’s a very similar standard (9001? 9002?) that covers quality software. I don’t think Microsoft is certified, but there are a lot of software compnaies that are.

jrf

8

Everyone here has brought up some great and valid points - don’t disagree with any of them…

All I would add is that it makes some sense to do a little research… are your competitors (or your industry in general) making use of ISO? For instance, I work for a global manufacturing company that has not universally taken the ISO plunge - our factories in Australia have done so, but it was motivated primarily from customer and governmental urging, and in my personal opinion, getting on the band-wagon… that is: it’s better to have it than not. It’s a badge of esteem that you can market in a variety of ways.

However, in all the other countries we operate within, there is very little interest in ISO. For one, our business does not require extremely tight tolerances or utilize complex manufacturing processes. Secondly, and perhaps more importantly, our customers aren’t demanding it, and don’t appear to be moving in that direction any time soon - neither are our competitors. Lastly, and to reference the OP, the documentation and audit processes that ISO brings to the table is, by and large, in place already, and has been for years (driven primarily from early in-house developed TQM efforts, which stole shamelessly from ISO technique). In essence, you can have ISO, or at least the process control and improvement part of it, without having to pay gobs of money to an outside source. Admittedly, this approach is difficult if not impossible to market, since it’s home-grown, it has no pedigree.

To summarize: if ISO is something your customers want, your industry uses, and you need new marketing angles, then give it serious consideration (first make sure you have enough people and money resources to do it). If, on the other hand, you take a look around and see that you may be an ISO pioneer in your line of work, save yourself the money and let someone else kick the ball first.

9

Minor nit: ANSI may publish materials related to ISO 9000, but ISO 9000 is an ISO standard. ISO is usually said to mean “International Standards Organization”; in reality, it means “Organisation Internationale de Normalisation” or “International Organization for Standardization”.

ISO 9000 information can be found at ISO 9000 and ISO 14000 as well as many other places on the net.

My experience has been that European companies care more about purchasing fron ISO 9000 certified suppliers than United States companies do.

10

I’ll defer to your experience in the matter. My experiences were that the guy in the next cubicle lost a bitter 13 month long fight to not gut the Purchasing Sytem he maintained because it had provided a lynchpin of the ISO 9000 certification and that the two people in the general offices who spent two years providing documentation never had to look at an ISO document once the original certification was complete.

In retrospect, since ISO 9000 was applied at the manufacturing plant level, it is more probable that the plants simply turned the record-keeping into a manual operation (they were frequently willing to do things the hard way if it meant that they did not have to store information on the corporate computer) and that the general office people had only provided direction and historical collection for information that the plants could then keep up on a daily basis without help.

From my ivory tower it may have appeared that the company was less involved than it actually was.

11

I my opinion, ISO 9000 is a very basic, almost worthless standard. Let me explain - when the first ISO gurus went to japan to sell their stuff, most Japanese companies laughed them out the door! They (the Japanese) were so far ahead of ISO, that there was no value in being certified). The fact is, being certified DOES NOT GUARANTEE product quality.
The other thing to remember-there are TONs of organizations doing certification audits-this activity is EXTREMELY profitable for the auditing/certifying organizations. In fact, every european country has its own “notified body” to do this. So, in theory, being certified by the Belgian standards organization is as good as the (German) TUV-NOT SO! German companies want TUV certifications-they do not trust the other european NBs.
Lastly-which country has the most ISO certied companies? (A) Great Britain
Who has the least? (A) Japan
Who makes BETTER cars, TVs, appliances?

12

EGKelly, the Japanese were actually the first to embrace things like quality standards. Don’t forget that after WWII, they didn’t have a (non-radioactive) pot to piss in or a window to throw it out of, and their manufacturing sucked. The founder of that quality movement was Joseph Juran (an American who was laughed out of American factories at the time) and he changed all that with America only figuring it out sometime in the 80s (even later for US car makers)

That said, however, I don’t put alot of faith in ISO certified firms. In fact, I read a paper talking about how firms that won the Malcolm Baldridge award for Quality have gone down the crapper only a few years after they’ve won, and I can certainly say I’ve witnessed that on more than one occasion personally since getting my MBA