WHITEPAPER

QUALITY MANAGEMENT
WITH ISO 9001
How to implement a smart quality approach

STEFAN LANGHAMMER
Senior Consultant & External Auditor
stefan.langhammer@sqs.com
Stefan Langhammer has been with SQS since 2007. He holds a degree in
Business Administration and is a Certied ISO 9001:2008 External Auditor.
As Senior Consultant in the Process Intelligence Competence Centre, his
responsibilities focus on the implementation of assessments and on the organisation and support of process changes for SQS customers. He has many
years of experience as Project Manager, Process Manager, Quality Manager,
and Banking Auditor, working for military organisations, IT organisations,
as well as shipping and logistics companies. Over the last 15 years, he has
conducted more than 200 quality audits as External Auditor.

Quality Management with ISO 9001

Page 2

1 MANAGEMENT SUMMARY
Many organisations, even big ones, suffer from
a lack of process transparency and process control: often, process responsibilities and process
interfaces are not clearly dened, and there is
no systematic approach as to how processes are
to be managed. Typically, appropriate process
documentation does not exist, not to mention
the absence of a systematic approach ensuring continual improvement. If there is no process documentation, you automatically have a
lack of transparency since business and process
knowledge is not available to the entire organisation but merely a privilege reserved for a select
group of key players. As a consequence, process
control including the cost and management of
process interfaces is getting rather difcult and
involves taking high risks.

the elds of business, government and relevant

organisations.
ISO 9001 or ISO 9000 which is the generic
name for the ISO 9000 family of standards was
published in 1987. It had been inuenced by the
British Standard BS 5750 and by a series of national Canadian standards known as CSA Z299,
which were already widely used at the time. (2)
The number 9000 was chosen since it matched
the already existing number of ISO standards and
seemed memorable.

Of course, organisations can be successful with no

documentation at all, but systematic improvement
and learning require both a clear view of the processes involved and a systematic approach.

The ISO 9000 family of standards represents an

international consensus on good quality management practices. It consists of standards and guidelines relating to quality management systems and
related supporting standards. ISO 9001 is the only
standard in the ISO 9000 family against which organisations can be certied, and it has been successfully implemented in more than one million
organisations worldwide.

Furthermore, there are external requirements:

customer and stakeholder demands for improved
controls, process compliance and risk controls are
rising due to an increasing number of regulations
and laws in particular in the nancial sector, e.g.
regulatory frameworks like the SarbanesOxley
Act and Basel II. (1)

ISO 9001 focuses on what an organisation has to

do:
Full the customers quality requirements
Full the applicable regulatory requirements
Enhance customer satisfaction
Achieve continual improvement of its performance in pursuit of these objectives

In an attempt to address the aforementioned issues, many organisations started projects documenting their processes and key controls and
establishing quality and process management
systems.
In doing so, organisations can build upon an international standard called ISO 9001. ISO standards
are being developed by technical committees
comprising national delegations of experts from

The elements of ISO 9001 help establish a wellbalanced view of all important processes of an organisation. These processes are documented and
focused on customer needs by identifying drivers
and measures for cost, quality and customer satisfaction. Process controls are clearly identied
including the associated responsibility for conducting and documenting the respective control
activities (see Figure 1).

Quality Management with ISO 9001

Page 3

Moreover, organisations can improve their external recognition with regard to customers, competitors and external stakeholders by fullling the
ISO 9001 requirements within an external audit
process in order to obtain an ISO 9001 certicate.
In many markets and industrial sectors, ISO 9001
certicates are well-established and recognised
standards of good practice.
WHAT IS ISO?
ISO = International Organization for Standardization is the worlds largest developer
of standards. ISO is a network of the national
standards institutes of 163 countries, on the
basis of one member per country, with a Central Secretariat in Geneva, Switzerland, that
coordinates the system.

This whitepaper gives an overview of the principles of quality management according to ISO
9001, of the implementation strategy for a quality
management system chosen by successful organisations, and of the main steps to obtain certication based on many years experience in consulting and auditing organisations. Furthermore,
practical examples will show how organisations
can improve process transparency and quality
control.

Denition 1: ISO (3)

Continual improvement of the

quality management system

ENT RESPONSIB
GEM
ILIT
NA
Y
MA

Input
Requirements

Customers
REMENT, ANALYS
ASU
ME ND IMPROVEMEN IS
T
A

RCE MANAGEMEN
SOU
T
RE

Customers

PR

ODU

CT REALISATIO

Satisfaction

Output
PRODUCT

Value-adding activities
Information ow

Figure 1: Model of a process-based quality management system (2)

Quality Management with ISO 9001

Page 4

2 INTRODUCTION
2.1 A BRIEF HISTORY OF ISO 9001
Since 1987, the hour of birth of the ISO 9001 quality management standards, countless organisations have begun to implement quality management systems. Along with the establishment of
certication bodies, a new industry emerged.
Starting with just a handful of organisations
dealing with ISO 9001 certications in Germany,
more than 100 accredited certication bodies are
counted today. (4)
At the very beginning, the ISO 9000 approach
had a controversial reception. Some experts regarded ISO 9000 as too formal, too static and
somehow bureaucratic. Furthermore, the set of
ISO 9000 standards was very much focused on

industrial needs and did not really seem applicable to service organisations.
With the second revision to the ISO 9001 standards conducted by the ISO organisation in the
year 2000, a fundamental breakthrough was
achieved. The ISO 9001 standard received a new
structure suitable for all kinds of organisations including the service sector, and gained a processoriented focus. The requirements of continual
improvement of the quality management system
and of measuring customer satisfaction became
compulsory. Consequently, ISO 9001 became
much more than just a heap of documentations
(which somehow still remains a fundamental misconception): it turned into a rigid and customerfocused approach aimed at improving quality.

THE EVOLUTION OF ISO 9000

1994

2000

First revision of ISO 9000. Emphasis was

laid on failure prevention.
ISO 9000:1994 was still rather focused on
production environments.

Second revision of the standard, now ISO

9001:2000. Substantial changes regarding
process management. Applicability for service organisations was enhanced. Continuous
improvement and customer focus became
core principles of the revised standard.

1987

2008

Initial ISO 9000 certication standard is

published as ISO 9000:1987.

Latest version of the standard is published

as ISO 9001:2008 with minor adjustments.

1980

1990

2000

Figure 2: Evolution of the ISO 9000 standard for quality management systems

2010

Quality Management with ISO 9001

Gloomy predictions of the early 1990s that ISO

9000 would be short-lived proved wrong. The
triumphant success of ISO 9001 began with the
industrial sectors, it grew when it became increasingly applicable to service organisations,
and it is still going strong. Today, ISO 9001 is
considered the most established quality framework worldwide. (5) However, implementing
ISO 9001 in an organisation still remains quite
a challenge for quality itself with all its different aspects and inuencing factors is not easy
to capture.
2.2 THE QUALITY CHALLENGE
When you ask employees working at different levels within an organisation to dene quality, you
will probably get a wide range of answers. And
rightly so, for quality can be dened rather differently, depending on the point of view. The ISO
9000:2005 understanding of quality is given in
the following denition:
QUALITY
Degree to which a set of inherent
characteristics fulls requirements
Denition 2: Quality (2)

So quality is about fullling requirements. According to ISO 9001, these need to be combined
with the creation and enhancement of customer
satisfaction. In fact, there is a correlation between
the fullment of requirements and customer satisfaction, which was analysed and expressed in
a model by Dr Noriaki Kano, a Japanese quality
expert: (6)
The Kano Model, developed in the early 1980s,
shows the relation between customer satisfaction
and the fullment of requirements (aka quality,
see above) understood as a broader concept. Re-

Page 5

quirements converted to offerings can be differentiated into the factors delighter, must be and
more is better:
The factor must be does not help increase
customer satisfaction since it refers to criteria
taken for granted yet, on the other hand,
these criteria are essential preconditions for
any satisfaction.
More is better is a one-dimensional factor
since it will only increase customer satisfaction
as long as an over-fullment of requirements
is ensured.
The category delighter, however, includes the
criteria that make the difference. Delighter
comprises the innovative and unexpected factors of quality. This means you should surprise
the customer in a manner that is perceived as
positive, and not achieve satisfaction only but
create enthusiasm and customer loyalty.

Unfortunately, from the customers point of view,

all of these factors undergo a kind of life cycle.
They change over time, and even a delighter can
eventually degenerate to t the category more is
better or even must be (see Figure 3).
Furthermore, it is important not only to understand the full range of requirements but their
respective owners as well. Requirements can be
quite different and even contradictory depending
on the views of their owners.
Quality has many different stakeholders: not only
the customers but many other interested parties
like shareholders, employees, suppliers, etc. have
their stakes in it as well. For each of these stakeholders, dozens of standards, regulations or quality models could be relevant.

Quality Management with ISO 9001

Page 6

MORE

satisfied

More is better

CUSTOMER SATISFACTION

Delighter

included
omitted
Must be

dissatisfied
OFFERINGS

MORE

Figure 3: The Kano Model

So regarding the quality challenge, there is much

to consider:
What is our view on our services, the
underlying requirements and quality
fullment regarding the Kano Model?
Where are our strengths and what are
our weaknesses?
What are the most important areas and
processes for quality improvement?
How can quality and customer satisfaction
be improved?
How can quality be measured?
Who are the stakeholders for quality?
Which external needs and recognition for
quality do exist for our organisation?

Depending on the answers to these questions and

the analysis of strengths and areas for improvement, organisations should dene their individual
quality approach.

In this context, it is important to dene the expectations and deliverables regarding quality
management. This should be done by the senior
management and take into account the involvement of respective stakeholders for quality (see
Section 4.4).
For some organisations, obtaining and keeping an
ISO 9001 certicate is still the one and only target. In this case, the quality management system
is more or less limited to producing just this one
deliverable.
On the other hand, an increasing number of organisations expect to get more value from a
quality management system than just obtaining
a certicate. Regular surveys conducted by the
ISO organisation indicate that both the motivation and the expectations for quality management are rising. The following section will explain
this in more detail.

Quality Management with ISO 9001

Page 7

2.3 MOTIVATION FOR QUALITY

MANAGEMENT
In the rst ten years of quality management based
on ISO 9001, most organisations were driven by
market needs regarding the decision to establish
a quality management system. Nearly all of them
aimed at obtaining an external certication.
The latest survey, in which more than 11,000 participants from 122 countries answered questions
regarding ISO 9001 issues, was carried out by the
ISO organisation in February 2011. (7) The results
show that market needs and mandated customer
requirements still rank highly, but the most important criterion now is customer satisfaction
(see Figure 4).
Regarding the applied benets of an ISO 9001
certication, the results show that apart from increased customer satisfaction the advantages of
standardised business processes, increased management commitment and business data usage
are top-ranked as well (see Figure 5).
The experience SQS gained in consulting and auditing organisations is in line with the results from
this survey. Undoubtedly, external recognition is

important for many organisations and quite often

the main driver for starting quality initiatives, but
there are many more expectations, especially regarding cost reduction and process efciency.
In order to express the view on quality and overall
quality objectives aligned with business strategy,
ISO 9001 requests a so-called quality policy:
QUALITY POLICY
Top management shall ensure that the
quality policy is appropriate to the purpose
of the organization, includes a commitment
to comply with requirements and continually improve the effectiveness of the quality management system, provides a framework for establishing and reviewing quality
objectives, is communicated and understood
within the organization and is reviewed for
continuing suitability.
Denition 3: Quality policy (2)

The following quality policy was dened within an

SQS quality management project and provides a
good example of the management expectations
for quality management and the comprehensiveness of the chosen approach (see Figure 6).

WHICH OF THESE FACTORS INFLUENCE YOUR ORGANISATION IN ISO 9001

CERTIFICATION? (NO. OF ANSWERS)
4222

Customer satisfaction
3689

Market need
3290

Mandated customer requirement

2272

Self-declared conformance
500

Other

0
Figure 4: Factors inuencing ISO 9001 certication (7)

4500

Quality Management with ISO 9001

Page 8

QUALITY POLICY EXAMPLE

Continually maintaining and improving the
effectiveness of our Quality Management
System (QMS). Periodic review of current
quality policy and objectives to ensure its
effectiveness and suitability.
Meeting or exceeding customer and
organisational requirements. Constantly
striving for quality products and services
that meet or exceed the customers
and / or organisational requirements.
Effectively communicating up and down
the Supply Chain effective communication of quality policy and objectives to
customers, suppliers, and our employees.
Hiring the best people in the industry
training those people on our systems and
procedures, and focusing those people on
executing our processes awlessly.
Creating and managing the best processes
in the industry. These processes are documented and described in a comprehensive
Quality Management System (QMS).

Aligning ourselves with the most competent base of suppliers available in the
industry. The ability of our suppliers to
provide us with quality services is critical
to our success. We will strive to achieve
excellence in our supply chain with a
common vision in the areas of quality,
continuous improvement and excellence
in customer service.
Increasing process effectiveness and efciency. Quality must provide and deliver
measurable results and benets for our
organisation.
Figure 6: Quality policy example

The quality policy should have a direct link to the

particular strategy of an organisation, for strategic goals and quality policy must interact with
each other and be consistent. Furthermore, it is
important to actively communicate a companys
quality policy across all organisational levels.

WHAT ARE THE MOST IMPORTANT BENEFITS OF APPLYING ISO 9001

TO YOUR ORGANISATION? (NO. OF ANSWERS)
Improved customer satisfaction

5889

Standardised business processes

5821

Increased management commitment

4125

Effective use of data as management tool

4112

More effective management reviews

3975

Improved customer communication

3577

Increased supplier performance

2289

It is a customer requirement

2262

Improved supplier communication

2216

Improved financial performance

1241

Other

354

No benefit at all

161

0
Figure 5: Benets of applying 9001 (7)

1000

2000

3000

4000

5000

6000 7000

Quality Management with ISO 9001

The following statement is an example of a

strategic message and its interaction with the
aforementioned quality policy. It was made by
the managing director of a transaction bank

Page 9

and became fundamental to the realignment of

the quality and process management of IT-related
processes: (8)

We must recognise that we are in the software business. Our services

are embedded in a technology driven business. For example, software
schedule delays impact product and service delivery dates and product
delivery dates drive cost, revenue and prot. Unless we can manage
revenue and prot, we cannot manage our business. If we do not treat
software as a critical success factor for our organisations future, we
cannot manage software, and then we might not even be able to manage our business.

3 MARKET CURRENT STATUS

AND OUTLOOK
Since the kick-off for the rst ISO 9000 certication in Germany, which took place almost 25
years ago, more than one million organisations
worldwide (7) have implemented a quality management system according to ISO 9001.
One might assume that large organisations, especially in the nancial market industries, would
already have had ISO 9001 quality management
systems in place for years. But, in fact, this is not
the case.
Today, many IT organisations have not even started implementing quality management systems
but do feel a growing need for better cost, process and quality management as many of them
try to position themselves as a service organisation. Figure 7 gives a country-specic overview of
ISO 9001 certicates.

As a matter of fact, business for ISO 9001 quality

management consulting is still growing. The annual growth rate of certicates is between 8 %
and 10 %, as Figure 8 shows.
Apart from the nancial sector with banks and
insurance companies, there is another rather substantial market for quality management systems
in Germany: the public sector. Quality management for public administration and military organisations has become a big talking point over
the last three years. This trend has been enforced
by respective regulations and by the declared
aim to improve process transparency and process
control in order to raise efciency and effectiveness in the public sector. (10)

Quality Management with ISO 9001

Page 10

TOP 10 COUNTRIES FOR ISO 9001 CERTIFICATES 2009

China:
257076

Japan:
68484

Russian Fed.:
53152

Italy:
130066

Spain:
59576

UK:
41193

Germany:
47156

USA:
28935
India:
37493

Rep. of Korea:
23400

Figure 7: Top 10 countries for ISO 9001 certicates (9)

ISO 9001 CERTIFICATES (ABSOLUTE NUMBERS)

YEAR

2004

2005

2006

2007

2008

2009

660132

773867

896929

951486

982832

1064785

Africa / West Asia

31443

48327

71438

78910

73104

77408

Central / South America

17016

22498

29382

39354

39940

36551

49962

59663

61436

47600

47896

41947

Europe

320748

377196

414232

431479

455332

500319

Far East

220966

247091

300851

345428

356559

398288

19997

19092

19590

8715

10001

10272

TOTAL

North America

Australia / New Zealand

Figure 8: Trend of absolute numbers of ISO 9001 certicates between 2004 and 2009 (9)

+ 61 %

+ 56 %

Quality Management with ISO 9001

Page 11

4 QUALITY MANAGEMENT IN PRACTICE

4.1 STRUCTURE AND PRINCIPLES
OF ISO 9001
One of the main advantages of the ISO 9001
standard is that it is applicable to all organisations, no matter what size or branch. ISO 9001
does not include specic requirements for specic
branches but rather generic demands which need
to be interpreted by the respective organisation
or business sector. In order to help organisations
tailor these generic demands to their specic
set-up, ISO 9004 was developed. ISO 9004 is a
guideline and therefore not mandatory in the
context of certication intended to support the
application of ISO 9001 and giving practical advice how to understand and use ISO 9001 within
organisations.
Although ISO 9001 in general is not sectorspecic, an additional guideline was developed
especially for the demands of IT organisations:
standard ISO 90003. Like ISO 9004, it does not
include mandatory requirements for certication,
it merely gives advice how to apply ISO 9001 in
the software development business.
Basically and irrespective of whether organisations decide to take advice from guidelines ISO
9004/ISO 90003 or not ISO 9001 has ve important chapters containing the requirements to
comply with:
Quality Management Systems
Management Responsibility
Resource Management
Product Realisation
Measurement, Analysis, Improvement

Figure 9 gives an overview of the structure of

ISO 9001, including the sub-chapters, starting
with Chapter 4 as the concrete requirement sec-

tion. (Chapters 1 to 3 are not displayed as they

comprise generic explanations, the scope of ISO
9001, and the process model of ISO 9001, but no
requirements.)
The structure is usually reected by the quality
manual, which is a mandatory part within a quality management system.
THE QUALITY MANUAL
The organization shall establish and maintain
a quality manual that includes
(a) the scope of the quality management
system, including details of and justications for any exclusions
(b) the documented procedures established
for the quality management system,
or reference to them
and
(c) a description of the interaction between
the processes.
Denition 4: Quality manual (2)

In order to provide a practical view on the requirements of ISO 9001, the ISO Technical Committee
ISO/TC 176, which is responsible for developing
and maintaining the ISO 9000 standards, derived
eight quality management principles.
THE EIGHT ISO PRINCIPLES
1 Customer focus
2 Leadership
3 Involvement of people
4 Process approach
5 System approach to management
6 Continual improvement
7 Factual approach to decision making
8 Mutually benecial supplier relationship
Figure 10: Quality management principles (2)

Quality Management with ISO 9001

Page 12

4 QUALITY MANAGEMENT SYSTEMS

4.1 General requirements

4.2 Documentation requirements

5 MANAGEMENT RESPONSIBILITY
5.1 Management commitment
5.2 Customer
focus

5.3 Quality policy

5.4 Planning

6 RESOURCE MANAGEMENT

5.5 Responsibility,
authority and
communication

5.6 Management
review

8 MEASUREMENT, ANALYSIS,
IMPROVEMENT

6.1 Provision of resources

8.1 General
6.2 Human
resources

6.3 Infrastructure

6.4 Work
environment

8.2 Monitoring and measurement

8.4 Analysis
of data

8.5 Improvement

8.3 Control of nonconforming product

7 PRODUCT REALISATION
7.1 Planning of product realisation
7.2 Customer-related
processes

7.3 Design and

development

7.4 Purchasing

7.6 Control of monitoring and measuring devices

Figure 9: The structure of ISO 9001

7.5 Production and

service provision

Quality Management with ISO 9001

These principles can be used by senior management as a guidance to navigate their organisations towards an improved performance.
4.2 MAIN STEPS FOR IMPLEMENTATION
In order to realise the ISO 9001 principles in practice, the implementation of a quality management
system according to ISO 9001 should be planned
and organised as a project including corresponding project roles and responsibilities. The top
management (e.g. a board member) should act as
project sponsor.

Page 13

Depending on the size of the organisation, complexity of processes, and available resources, the
project time for achieving ISO certication readiness will require a minimum of between six and
nine months. SQS experience shows that most
ISO 9001 projects take between twelve and 15
months. Usually, creating the process documentation will require the most time, so there should
be special focus on the methods and approaches
for doing so (see Section 4.3).
The following 14 steps describe the main activities SQS recommends to perform in the proposed
sequence in order to implement a QM system and
establish readiness for external certication.

14 STEPS
1. ESTABLISH ISO STEERING
COMMITTEE
Ensure top management buy-in
Ensure availability of resources
Conduct regular project meetings and
progress report
2. BUILD UP QM KNOWLEDGE
Select quality staff and ensure
appropriate training
Inform all staff about project goals and
motivation for quality improvement
3. APPOINT QUALITY REPRESENTATIVE
Dene role and tasks of a quality
representative
Ensure direct reporting line to top
management
Select a strong character with
excellent communication and
management skills

4. DEFINE STRUCTURE FOR QUALITY

MANUAL AND PROCESS DESCRIPTION
Focus on organisational and
customer needs
Include and describe all relevant
key controls
Involve internal audit and risk department
For process documentation, use a
modelling tool
Decide about process measurements
interact with controlling department
5. INVOLVE ALL STAKEHOLDERS
Identify relevant internal and external
stakeholders for quality and identify
their requirements
Derive quality policy from strategic
objectives and stakeholder requirements
Derive measurable quality objectives
from quality policy
Set up and maintain communication
processes with stakeholders

Quality Management with ISO 9001

6. DEFINE AND CREATE

DOCUMENTATION
Create high-level process landscape
Dene process layers and necessary
level of detail
Appoint process owners and train them
Conduct workshops with process owners
and experts in order to draft the processes
Start with process modelling using a
modelling notation (e.g. BPMN)
7. WRITE QUALITY MANUAL
Decide usage of quality manual (just
internal or external usage as well?)
Dene structure
Reconcile with relevant stakeholders
Get formal approval by top management / board
8. ESTABLISH DOCUMENT AND DATA
CONTROL
Identify all relevant types of documents,
forms, checklists, etc.
Dene and document a method for
document and data control and apply it
on all selected documents and data
9. TRAIN ALL STAFF IN QM
Ensure that all staff get appropriate
training depending on the respective
organisational level and role
10. ESTABLISH QUALITY ASSURANCE
TEAMS
Ensure that, depending on the size and
processes of an organisation, employees
get special training and take responsibility for specic quality tasks (e.g. quality
assurance ofcer, test manager, code
reviewer)

Page 14

Organisations with different sites

should appoint quality representatives
for each site
Ensure that overall steering of quality is
under control of the corporate quality
representative
11. ESTABLISH PROCESS FOR
CONTINUAL IMPROVEMENT
Dene appropriate method and approach for continual improvement.
These could be, for example:
Regular Kaizen Workshops
Using Six Sigma Methodologies
SPICE or CMMI Assessments
Peer Reviews
12.TRAIN INTERNAL AUDITORS
Select appropriate staff and focus
on the following skills:
Communicative
Common-sense-driven
Persuasive
Persistent
Accurate
Conduct training based on ISO 19011
Set up coaching measures for initial
audits
Ensure regular assignment of auditors
13. INTERNAL EVALUATION AND
VALIDATION
Dene internal evaluation criteria and
conduct internal audits or assessments
Derive improvement measures
Set up a management review process
(at least yearly) focused on:
Results of internal and external audits
Customer feedback and measures
for customer satisfaction
Stakeholder feedback

Quality Management with ISO 9001

Process performance based on facts

and data
Status of measures for improvement /
improvement plans
Review of quality policy and
quality objectives
Necessary budget and resources
for quality management

Page 15

Content for a quality management plan

for further improvement of the quality
management system
14. EXTERNAL EVALUATION
Select appropriate certication body for
the organisation (criteria are reputation
and specic knowledge)

Figure 11: 14 steps for the implementation of ISO 9001

Steps 8 to 12 remain relevant for the maintenance

of a quality management system and thus also for
annual external audits and recertication (periodically, every three years). These steps need to
be enforced on a regular basis.
4.3 GOOD PRACTICES FOR ESTABLISHING
PROCESS DOCUMENTATION
Regarding the implementation steps described
above, SQS experience shows that the most timeconsuming part of documentation and the biggest investment denitely is the creation of process documentation. This, of course, depends on
the amount and complexity of the processes and
the maturity of the organisation. Some organisations will stoutly resist the introduction of quality
management and process documentation.
Typical arguments are:
It takes too much time to prepare.
The customer does not pay for it.
We are successful anyway.
Staff is trained for what they are doing.
It is too bureaucratic.
It is too expensive.
Others tried and failed.
This only works for big / small organisations.
In practice, things are always different.
It cannot be maintained in the long run.
We do not have the resources to do this.

We need a tool. We do not need a tool.

We have the wrong tool.

Though all of these arguments can be handled,

they are at least quite time-consuming and can
make quality management projects fail to achieve
their targets. For some organisations, quality
management and process documentation means
a fundamental change. Although creating or improving transparency seems to be a desirable
objective from a management point of view, staff
may have a completely different understanding of
transparency and consider it a threat:
Why should I agree to make my knowledge
visible to others?
Why should I be happy that things I do
become measurable?
Why pursue objectives now when there
have never been any in the past?
Why should I be responsible for an entire
process do they intend to penalise me if
failures occur?

Such issues are change management issues.

The symptoms might become visible during the
implementation phase, but the root causes are
somewhere else and can only be solved by the
management of an organisation. Sometimes or-

Quality Management with ISO 9001

ganisations are not ready for this kind of change

or are not sufciently aware of it. In that case,
quality management and creating a meaningful
and reliable process documentation and management of processes cannot work.
On the other hand, if this kind of change is being
successfully managed, the process documentation can become the most value-adding part of a
quality management system altogether.
A quality management system demands descriptions of the process ows in general, as well as
their interaction with each other and respective
interfaces. Making these relationships visible by
creating a process ow is already an achievement in itself. Process charts are fundamental to
changing and improving processes. Just having a
picture of a process in your mind, but not documented, does not help if you want to share your
views with others and discuss a process.
Furthermore, there is a special focus on all activities linked to testing, inspection and the control of
process results. In these cases, respective control
criteria, the control execution including responsibilities, and the results of the control should be
documented. So this is all about process control.
Apart from the fullment of these ISO 9001 requirements, SQS recommends following a broader approach to process documentation than just
process visualisation in order to get maximum
value from processes. For example, process documentation can be utilised to identify cost drivers,
to dene measure points for service level agreements, and for many other useful purposes. In
order to get a clear view on the results process
documentation could deliver, SQS recommends
dening the general objectives of process documentation rst, as shown in the following example based on an SQS project.

Page 16

OUR BUSINESS PROCESS

DOCUMENTATION MAINLY AIMS AT:
Providing a specic denition and
description of a standardised approach
allowing for comparability and a
consistent evaluation
Providing the basis for quality management, the analysis of weak points and process improvements (also taking customer
satisfaction surveys into consideration)
Providing the basis for the training of
new employees
Providing the basis for benchmarking and
process reengineering including measurement and process control data in interaction with the controlling department
Supporting the departments in conducting their day-to-day business by providing
them with recognised documentation
standards
Describing the competencies and responsibilities, and dening the process owners
within our organisation
Establishing control mechanisms to
ensure process execution in compliance
with SOX (SarbanesOxley Act) and our
internal process control system
Establishing the reference documentation
for the internal audit department
Establishing an interface between business
processes and IT domains and applications
Improving transparency in general which
will ultimately result in an increased exibility of business processes
Figure 12: Project example of general objectives of process
documentation

Quality Management with ISO 9001

Depending on the particular objectives, the method

used for modelling (process notation) and the selected process modelling tool, process documentation becomes a multi-purpose tool for the organisation with various stakeholders, for example:
Quality Management Department (quality
control, internal audit, process improvement)
Managers & Employees (process control,
process transparency, process improvement)
Controlling Department (process data,
process cost)
Internal Audit (description of key controls,
e.g. SOX, COSO framework)
External Accountants (description of key
controls, e.g. SOX, COSO framework)
Sales & Customers (precondition for creation
of service level agreements)
IT Department (input for IT strategy and IT
architecture)

In order to follow a multi-purpose approach to

process documentation, the usage of professional process modelling tools is recommended. Furthermore, a suitable modelling notation should
be dened or selected. This could be EPC (Eventdriven Process Chain), UML (Unied Modelling
Language), BPMN (Business Process Modelling
Notation) or other notations, as ISO 9001 does
not make any provisions regarding the usage of
process management tools.
An increasing number of organisations uses BPMN,
which has become a de facto standard for process
modelling. BPMN is independent of any process
modelling tool but works with nearly all of them. (11)
4.4 STAKEHOLDER-ORIENTED QUALITY
The results of the ISO 9000 Survey 2010 (7) show
that the expectations organisations have with
respect to quality management go much further
than just being ISO 9001-compliant. Furthermore,

Page 17

there are various views on quality by a number of

different stakeholders.
Quality management can foster the deployment
of corporate strategic objectives. No doubt, quality has an impact on customer satisfaction (see
above, Section 2.2), external recognition, cost
and prot. Because quality management and corporate strategy interact with each other, quality
measures should be derived from the corporate
strategy accordingly.
The following example, which is part of the SQS
approach within quality management projects,
shows a way to align quality management measures with corporate strategy. By means of a twodimensional matrix approach, stakeholders and
so-called quality classes including all potential
quality dimensions and content are combined.
The vertical axis displays the stakeholders, the
horizontal axis the quality classes. The questions
regarding the respective intersections are:
What is the as is of quality for this
particular stakeholder?
What is the should be? (What should
we do in future?)

The gap between as is and should be denes

the required quality measures for a particular
stakeholder. As a result, a corporate view on quality can be developed and used to dene and prioritise appropriate measures for a corporate quality
management plan (see Figure 13).
4.5 QUALITY IMPROVEMENT
As outlined in Section 4.2 (see Figure 9, Step 11),
continual improvement of the quality management system needs to become a fundamental
part of said system. This requirement has been incorporated since the year 2000 as part of a major
revision of the standard.

Quality Management with ISO 9001

Page 18

QUALITY CLASSES
Targets &
Strategy

Business
Map

Plans

Measure- Benchmarking &

ments
Assessment &
Certication

Contracts

Standards Methods
& Policies

Customers
Prospective
Customers
Employees

QUALITY
ITEM

What sort of quality activities

are we undertaking? (Quality
Classes / Quality Activities)

STAKEHOLDER TYPES

Shareholders

Who are the recipients

of these quality activities?
(Stakeholder Types)

Governance
Bodies
Outsourcing
Organisation
Corporate
Audit
External
Regulators

What kind of as is for what cost?

What kind of should be for what
cost, timeline, owner?
Regular reporting on the
way from as is to should be

Auditors

Suppliers
Professional
Bodies
Competitors
Public /
Media

Figure 13: Stakeholder-based view on quality

How do we do a quality
activity?
What are the costs / efforts?

Quality Management with ISO 9001

SQS experience shows that some organisations

nd it extremely difcult to realise improvements
within their quality approach. There are various
reasons for that, but one crucial issue is the way
in which objectives are dened and managed.
Many so-called objectives do not full the basic
requirements for objectives, meaning they are
neither measurable nor time-bound. Improvements can hardly be controlled without having
properly dened objectives.
Quality objectives should be S-M-A-R-T, meaning:
Specic
Measurable
Achievable
Relevant
Time-bound

Furthermore, organisations need appropriate

methods for quality improvement. Compared
with service businesses, the industrial sector
is very much ahead in this respect. For example, the FMEA (Failure Mode and Effects Ana lysis) (12) method or statistical process control
have been well-known methods in the industrial field for decades but are almost unknown
or considered unsuitable within the service
sector.
As a consequence, many service organisations
struggle to employ the appropriate quality methods and do not succeed in developing their quality management system accordingly.
This can become crucial for the entire quality system. If the management expects a quality
management system to deliver not just an ISO
certicate but a measurable value to the company, the whole undertaking might be stopped as
soon as commercial concerns arise.

Page 19

In fact, almost all known industrial methodologies for process analysis and improvement work
for service businesses as well. Their employment
is mainly dependent on appropriate training and
the availability of respective tools. Successful organisations clearly recognised that the dedicated
training of staff in quality methods is a key factor for quality improvement. Just having a quality department and making them responsible for
quality denitely is not enough. Ultimately, in an
organisation, each and every one is responsible
for quality.
So once again, there is a mind change. Quality
no longer is just expert knowledge represented
by a few colleagues in the quality department. It
needs to become common knowledge, part of the
way people think and how they interact with each
other and with their customers.
4.6 OBTAINING VALUE FROM EXTERNAL
CERTIFICATION
The nal step (see Section 4.2, Step 14) for implementing a quality management system is about
external certication. And as already outlined
above, most organisations take this step.
On the other hand, SQS experience shows that
some organisations decide to establish a quality
management system but do not target certication. These organisations do not have any external requirements or incentives to seek certication. They are just convinced of the value of a
quality management system in itself and do not
want to focus too much on an external certicate
or external audits.
These concerns are understandable as there is
a risk that quality might be reduced to a mere
certicate as a matter of fact, there are organ-

Quality Management with ISO 9001

isations that do have rather limited quality objectives, only focused on obtaining the certicate.
Nevertheless, SQS strongly recommends doing
both: implementing a quality management system and obtaining external certication. This is
for the following reasons:
An external audit can strongly support the
quality objectives of an organisation. External
auditors may deliver valuable input. They are
well-trained experts in their eld, have a neutral view on the organisation and usually have
broad experience regarding good practices.
Audit results provide a good overview of the
QMS's implementation status, conveying information about the strengths and weaknesses
of an organisation.
External audits are conducted on a regular
(yearly) basis and thus support the process of
continual improvement.
External audits enforce management and staff
commitment regarding the quality objectives
of an organisation.
Finally, the ISO certicate is a visible result
and achievement not only for external stakeholders but for internal ones as well.

To ensure a well-prepared initial audit process,

SQS recommends to consider the following steps:
Select a generally well-known (with regard to
your business and customers), respected and
independent certication body.
Conduct preliminary talks with representatives of the certication body in order to identify a suitable external audit team providing
specic necessary business know-how.
Conduct a stage 1 audit (a kind of pre-audit for
preparation purposes) in order to check preconditions for ISO 9001 and create a detailed
audit plan.

Page 20

Inform and train all staff members everyone should understand the external auditors
approach and be happy to present his / her
process and how to manage it.
After successfully passing the external audit:
plan and conduct internally and externally focused marketing measures (i.a. press releases,
internal newspaper, Internet, intranet, business paper with certication logo, brochures).
And last but not least: celebrate your success
with all employees and selected customers
and suppliers.

The revolving annual external audits should be

prepared with the same accuracy. The experience
of many organisations shows that in order to
strengthen the quality focus and quality thinking
of staff, it is sensible to involve them appropriately. In the end, involvement and engagement is important to ensure getting maximum value from
the external audit. As outlined above, external
auditors are seasoned experts with respective
business knowledge. Therefore, it makes sense to
let the auditors approach a good number of employees, giving them the opportunity to learn and
benet from the auditors experience.

Quality Management with ISO 9001

Page 21

5 CONCLUSION AND OUTLOOK

For almost 25 years, ISO 9000/9001 has been
providing a framework for quality management.
Within this period of time, the standard received
several changes.
ISO 9001 remains successful: deployment rates
are still rising, especially in the services sector.
The secret of success of ISO 9001 probably is its
wide range of applicability and surely its comprehensiveness. It is not focused on specic parts
of an organisation or specic processes. Quality
management covers the entire organisation, and
using a stakeholder-oriented approach makes it
an instrument to identify and deploy strategic initiatives.
On the other hand, there are some aspects about
ISO 9001 that are questionable: ISO 9001 still is
based on the results of the revision in the year
2000. The last revision in the year 2008 did not
produce any relevant changes regarding its content (see Figure 1). The next revision is expected
for 2015. (13)
Maybe it is in the nature of standards that they
should stay stable for a certain period of time,
but in view of the increasing and sometimes swift
changes organisations need to face, it may be
doubted that ISO 9001 will stay up to date.
For some businesses, it is already out of date.
The automotive industry reacted by supporting
a different standard. ISO/TS 16949 was originally
based on ISO 9001 but includes several additional
requirements. (14)
Other organisations achieved remarkable improvements through their quality management
over time and wish to make these visible to
stakeholders. External certication cannot help
in this matter because the ISO 9001 require-

ments are static. There are no maturity levels

so, once the goal of achieving ISO certication is
reached, there is no new challenge.
Nevertheless, SQS experience clearly shows that
organisational maturity, especially in the services
sector, often is a far cry from fullling the ISO
9001 requirements. Meeting the existing requirements of ISO 9001 rather than those of the future,
already is a big challenge.
For countless companies, ISO 9001 was the rst
step they made to achieve a quality basis from
which further improvements and developments
could be undertaken.
The idea behind ISO 9001, expressed by the eight
ISO principles, still is up to date.
There are no processes which are not relevant for
quality quality is everywhere in an organisation.
And last but not least, quality is a peoples business, so management commitment and involvement of staff are absolutely indispensable.

The hard stuff is the easy stuff.

The soft stuff is the hard stuff.
Total Quality is 90 % a people deal.

Tom Malone, President, Milliken Mills,

1st Year Malcolm Baldrige Award

Bibliographical References

United States Securities and Exchange Commission, 2009. http://www.sec.

gov/news/studies/2009/sox-404_study.pdf. [Online] 2009. [Cited: 18/11/2011.]

International Organization for Standardization, Geneva. ISO 9001:2008.

Germany: Beuth Verlag, Cologne, 2011.

ISO, International Organization for Standardization, 2011. About us, ISO Org.
[Online] 23/11/2011. [Cited: 23/11/2011.] http://www.iso.org/iso/about.htm.

4 Deutsche Akkreditierungsstelle GmbH (DAkkS), List of Accredited Organisations for Quality Management Systems (2011). www.dakks.de. [Online]
03/11/2011. [Cited: 03/11/2011.] http://www.dakks.de/content/verzeichnisseakkreditierterstellen.
5 British Standard Institution (BSI Group), 2011. www.bsigroup.com. [Online]
[Cited: 21/11/2011.] http://www.bsigroup.com/en/Assessment-and-certication-services/management-systems/Standards-and-Schemes/ISO-9001/.
6 Wikipedia and Noriaki Kano, 2011.en.wikipedia.org/wiki/Noriaki_KanoIm
Cache- hnliche Seiten. Wikipedia, the free encyclopedia.
[Online] 2011. [Cited: 23/11/2011.] 7.
7

ISO 9000 User Survey Report (2010/11), Secretariat of ISO/TC 176/SC 2.

www.iso.org. [Online] 19/07/2011.

8 Bernd Sperber. Quality within European Transaction Bank. Frankfurt: 2004.

9 ISO 9000 User Survey Report (2009), Secretariat of ISO/TC 176/SC 2.
www.iso.org. [Online] 2009. [Cited: 19/11/2011.] http://www.iso.org/iso/survey2009.pdf.
10 European Institute of Public Administration, May 2005. Study on the Use of
the Common Assessment Framework in European Public Administrations.
Luxembourg: 2005.
11 BPMN, Object Management Group (2011). OMG. [Online] 15/11/2011. [Cited:
15/11/2011.] www.omg.org.
12 Wikipedia. FMEA. Wikipedia, the free encyclopedia. [Online] 23/11/2011.
[Cited: 23/11/2011.] de.wikipedia.org/wiki/FMEA.

Page 22

Bibliographical References

13 Der Qualittsmanager aktuell, 2010. Gesellschaft fr Wirtschaftsinformation. Der Qualittsmanager aktuell. [Online] 2010. [Cited: 23/11/2011.] http://
www.qm-aktuell.com/newsletterarticle.asp?his=2833.2233.7104&id=13001&y
ear=0.
14 Wikipedia and 2011. de.wikipedia.org/wiki/ISO/TS_16949. Wikipedia, the free
encyclopedia. [Online] [Cited: 23/11/2011.]

Page 23

SQS Software Quality Systems AG

Phone: +49 (0)2203 9154-0
Stollwerckstrasse 11
51149 Cologne / Germany
www.sqs.com