APPENDIX III A EXAMINATION
WORKSHOP ACCOUNTS
NOTES SUBMITTED BY D XAVIER GNANARAJ AFA/WII/PER
ISO 9000
ISO 9000 is a family of standards for quality management systems. ISO 9000 is maintained by ISO, the International Organization for Standardization and is administered by accreditation and certification bodies. Some of the requirements in ISO 9001 (which is one of the standards in the ISO 9000 family) include
a set of procedures that cover all key processes in the business;
monitoring processes to ensure they are effective;
keeping adequate records;
checking output for defects, with appropriate corrective action where necessary;
regularly reviewing individual processes and the quality system itself for effectiveness; and
facilitating continual improvement
A company or organization that has been independently audited and certified to be in conformance with ISO 9001 may publicly state that it is "ISO 9001 certified" or "ISO 9001 registered." Certification to an ISO 9000 standard does not guarantee the compliance (and therefore the quality) of end products and services; rather, it certifies that consistent business processes are being applied.
Although the standards originated in manufacturing, they are now employed across a wide range of other types of organizations. A "product", in ISO vocabulary, can mean a physical object, or services, or software. In fact, according to ISO in 2004, "service sectors now account by far for the highest number of ISO 9001:2000 certificates - about 31% of the total." [1]
ISO 9001 certification does not guarantee that the company delivers products of superior (or even decent) quality. It just certifies that the company engages internally in paperwork prescribed by the standard. Indeed, some companies enter the ISO 9001 certification as a marketing tool.

//
ISO 9000 family
ISO 9000 includes the following standards:
ISO 9000:2000, Quality management systems - Fundamentals and vocabulary. Covers the basics of what quality management systems are and also contains the core language of the ISO 9000 series of standards. A guidance document, not used for certification purposes.
ISO 9001:2000 Quality management systems - Requirements is intended for use in any organization which designs, develops, manufactures, installs and/or services any product or provides any form of service. It provides a number of requirements which an organization needs to fulfill if it is to achieve customer satisfaction through consistent products and services which meet customer expectations. It includes a requirement for the continual (i.e. planned) improvement of the Quality Management System, for which ISO 9004:2000 provides many hints.
This is the only implementation for which third-party auditors may grant certification. It should be noted that certification is not described as any of the 'needs' of an organization as a driver for using ISO 9001 (see ISO 9001:2000 section 1 'Scope') but does recognise that it may be used for such a purpose (see ISO 9001:2000 section 0.1 'Introduction').
ISO 9004:2000 Quality management systems - Guidelines for performance improvements. covers continual improvement. This gives you advice on what you could do to enhance a mature system. This standard very specifically states that it is not intended as a guide to implementation.
There are many more standards in the ISO 9001 family (see "List of ISO 9000 standards" from ISO), many of them not even carrying "ISO 900x" numbers. For example, some standards in the 10,000 range are considered part of the 9000 family: ISO 10007:1995 discusses Configuration management, which for most organizations is just one element of a complete management system. ISO notes: "The emphasis on certification tends to overshadow the fact that there is an entire family of ISO 9000 standards ... Organizations stand to obtain the greatest value when the standards in the new core series are used in an integrated manner, both with each other and with the other standards making up the ISO 9000 family as a whole".
Note that the previous members of the ISO 9000 family, 9001, 9002 and 9003, have all been integrated into 9001. In most cases, an organization claiming to be "ISO 9000 registered" is referring to ISO 9001.
Contents of ISO 9001
ISO 9001:2000 Quality management systems — Requirements is a document of approximately 30 pages which is available from the national standards organization in each country.
Summary of ISO 9001:2000 in informal language
The quality policy is a formal statement from management, closely linked to the business and marketing plan and to customer needs. The quality policy is understood and followed at all levels and by all employees. Each employee needs measurable objectives to work towards.
Decisions about the quality system are made based on recorded data and the system is regularly audited and evaluated for conformance and effectiveness.
Records should show how and where raw materials and products were processed, to allow products and problems to be traced to the source.
You need a documented procedure to control quality documents in your company. Everyone must have access to up-to-date documents and be aware of how to use them.
To maintain the quality system and produce conforming product, you need to provide suitable infrastructure, resources, information, equipment, measuring and monitoring devices, and environmental conditions.
You need to map out all key processes in your company; control them by monitoring, measurement and analysis; and ensure that product quality objectives are met. If you can’t monitor a process by measurement, then make sure the process is well enough defined that you can make adjustments if the product does not meet user needs.
For each product your company makes, you need to establish quality objectives; plan processes; and document and measure results to use as a tool for improvement. For each process, determine what kind of procedural documentation is required. (Note: a “product” is hardware, software, services, processed materials, or a combination of these.)
You need to determine key points where each process requires monitoring and measurement, and ensure that all monitoring and measuring devices are properly maintained and calibrated.
You need to have clear requirements for purchased product.
You need to determine customer requirements and create systems for communicating with customers about product information, inquiries, contracts, orders, feedback and complaints.
When developing new products, you need to plan the stages of development, with appropriate testing at each stage. You need to test and document whether the product meets design requirements, regulatory requirements and user needs.
You need to regularly review performance through internal audits and meetings. Determine whether the quality system is working and what improvements can be made. Deal with past problems and potential problems. Keep records of these activities and the resulting decisions, and monitor their effectiveness. (Note: you need a documented procedure for internal audits.)
You need documented procedures for dealing with actual and potential nonconformances (problems involving suppliers or customers, or internal problems). Make sure no one uses bad product, determine what to do with bad product, deal with the root cause of the problem and keep records to use as a tool to improve the system.
2000 version
ISO 9001:2000 combines the three standards 9001, 9002, and 9003 into one, now called 9001. Design and development procedures are required only if a company does in fact engage in the creation of new products. The 2000 version sought to make a radical change in thinking by actually placing the concept of process management front and centre. ("Process management" was the monitoring and optimizing of a company's tasks and activities, instead of just inspecting the final product.) The 2000 version also demands involvement by upper executives, in order to integrate quality into the business system and avoid delegation of quality functions to junior administrators. Another goal is to improve effectiveness via process performance metrics — numerical measurement of the effectiveness of tasks and activities. Expectations of continual process improvement and tracking customer satisfaction were made explicit.
Future Version: 2008
TC 176, the ISO 9001 technical committee , has started its review on the next version of ISO 9001, which will in all likelihood be termed the ISO 9001:2008 standard, assuming its planned release date of 2008 is met. Early reports are that the standard will not be substantially changed from its 2000 version.
As with the release of previous versions, organizations registered to ISO 9001 will be given a substantial period to transition to the new version of the standard, assuming changes are needed; organizations registered to 9001:1994 had until December of 2003 to undergo upgrade audits.
Certification
ISO does not itself certify organizations. Many countries have formed accreditation bodies to authorize certification bodies, which audit organizations applying for ISO 9001 compliance certification. Although commonly referred to as ISO 9000:2000 certification, the actual standard to which an organization's quality management can be certified is ISO 9001:2000. Both the accreditation bodies and the certification bodies charge fees for their services. The various accreditation bodies have mutual agreements with each other to ensure that certificates issued by one of the Accredited Certification Bodies (CB) are accepted world-wide.
The applying organization is assessed based on an extensive sample of its sites, functions, products, services and processes; a list of problems ("action requests" or "non-compliances") is made known to the management. If there are no major problems on this list, the certification body will issue an ISO 9001 certificate for each geographical site it has visited, once it receives a satisfactory improvement plan from the management showing how any problems will be resolved.
An ISO certificate is not a once-and-for-all award, but must be renewed at regular intervals recommended by the certification body, usually around three years. In contrast to the Capability Maturity Model there are no grades of competence within ISO 9001.
Auditing
Two types of auditing are required to become registered to the standard: auditing by an external certification body (external audit) and audits by internal staff trained for this process (internal audits). The aim is a continual process of review and assessment, to verify that the system is working as it's supposed to, find out where it can improve and to correct or prevent problems identified. It is considered healthier for internal auditors to audit outside their usual management line, so as to bring a degree of independence to their judgments.
The TickIT guidelines are an interpretation of ISO 9000 produced by the UK Board of Trade to suit the processes of the information technology industry, especially software development.
AS 9000 is the Aerospace Basic Quality System Standard, an interpretation developed by major aerospace manufacturers. The current version is AS 9100.
PS 9000 is an application of the standard for Pharmaceutical Packaging Materials.
QS 9000 is an interpretation agreed upon by major automotive manufacturers (GM, Ford, Chrysler). It includes techniques such as FMEA and APQP. QS 9000 is now replaced by ISO/TS 16949.

Debate on the effectiveness of ISO 9000
The debate on the effectiveness of ISO 9000 commonly centres on the following questions:
Are the quality principles in ISO 9000:2000 of value? (Note that the version date is important: in the 2000 version ISO attempted to address many concerns and criticisms of ISO 9000:1994.)
Does it help to implement an ISO 9001:2000 compliant quality management system?
Does it help to obtain ISO 9001:2000 certification?
Advantages
It is widely acknowledged that proper quality management improves business, often having a positive effect on investment, market share, sales growth, sales margins, competitive advantage, and avoidance of litigation.[4][5] The quality principles in ISO 9000:2000 are also sound, according to Wade,[6] and Barnes, [5] who says "ISO 9000 guidelines provide a comprehensive model for quality management systems that can make any company competitive." Barnes also cites a survey by Lloyd's Register Quality Assurance which indicated that ISO 9000 increased net profit, and another by Deloitte-Touche which reported that the costs of registration were recovered in three years. According to the Providence Business News [7], implementing ISO often gives the following advantages:
Create a more efficient, effective operation
Increase customer satisfaction and retention
Reduce audits
Enhance marketing
Improve employee motivation, awareness, and morale
Promote international trade
Increases profit
Reduce waste and increases productivity
However, a broad statistical study of 800 Spanish companies [8] found that ISO registration in itself creates little improvement because companies interested in ISO have usually already made some type of commitment to quality and were performing just as well before registration.[4]
In today's service sector driven economy, more and more companies are using ISO 9000 as a business tool. Through the use of properly stated quality objectives, customer satisfaction surveys and a well-defined continual improvement program companies are using ISO 9000 processes to increase their efficiency and profitability.
Problems
A common criticism of ISO 9001 is the amount of money, time and paperwork required for registration.[9] According to Barnes, "Opponents claim that it is only for documentation. Proponents believe that if a company has documented its quality systems, then most of the paperwork has already been completed."[5]
According to Seddon, ISO 9001 promotes specification, control, and procedures rather than understanding and improvement. [2] [3] Wade argues that ISO 9000 is effective as a guideline, but that promoting it as a standard "helps to mislead companies into thinking that certification means better quality, ... [undermining] the need for an organization to set its own quality standards." [6] Paraphrased, Wade's argument is that total, blind reliance on the specifications of ISO 9001 does not guarantee a successful quality system.
The standard is seen as especially prone to failure when a company is interested in certification before quality.[2] Certifications are in fact often based on customer contractual requirements rather than a desire to actually improve quality.[5][10] "If you just want the certificate on the wall, chances are, you will create a paper system that doesn't have much to do with the way you actually run your business," said ISO's Roger Frost.[10] Certification by an independent auditor is often seen as the problem area, and according to Barnes, "has become a vehicle to increase consulting services." [5] In fact, ISO itself advises that ISO 9001 can be implemented without certification, simply for the quality benefits that can be achieved. [11]
Another problem reported is the competition among the numerous certifying bodies, leading to a softer approach to the defects noticed in the operation of the Quality System of a firm.
Summary
A good overview for effective use of ISO 9000 is provided by Barnes: [5]
"Good business judgment is needed to determine its proper role for a company... Is certification itself important to the marketing plans of the company? If not, do not rush to certification... Even without certification, companies should utilize the ISO 9000 model as a benchmark to assess the adequacy of its quality programs."
ISO 10006
ISO 10006:2003, Quality management systems - Guidelines for quality management in projects, is an international standard developed by the International Organization for Standardization.
ISO 10006:2003 gives guidance on the application of quality management in projects.
It is applicable to projects of varying complexity, small or large, of short or long duration, in different environments, and irrespective of the kind of product or process involved. This can necessitate some tailoring of the guidance to suit a particular project.
ISO 10006:2003 is not a guide to "project management" itself. Guidance on quality in project management processes is discussed in this International Standard. Guidance on quality in a project's product-related processes, and on the "process approach", is covered in ISO 9004.
Since ISO 10006:2003 is a guidance document, it is not intended to be used for certification/registration purposes.
ISO 14000

The ISO 14000 environmental management standards exist to help organizations minimize how their operations negatively affect the environment (cause adverse changes to air, water, or land), comply with applicable laws and regulations.
ISO 14001 is the international specification for an environmental management system (EMS). It specifies requirements for establishing an environmental policy, determining environmental aspects and impacts of products/activities/services, planning environmental objectives and measurable targets, implementation and operation of programs to meet objectives and targets, checking and corrective action, and management review.
ISO 14000 is similar to ISO 9000 quality management in that both pertain to the process (the comprehensive outcome of how a product is produced) rather than to the product itself. The overall idea is to establish an organized approach to systematically reduce the impact of the environmental aspects which an organization can control. Effective tools for the analysis of environmental aspects of an organization and for the generation of options for improvement are provided by the concept of Cleaner Production.
As with ISO 9000, certification is performed by third-party organizations rather than being awarded by ISO directly. The ISO 19011 audit standard applies when auditing for both 9000 and 14000 compliance at once.
Standards
The material included in this family of specifications is very broad. The major parts of ISO 14000 are:
ISO 14001 is the standard against which organizations are assessed. ISO 14001 is generic and flexible enough to apply to any organization producing and/or manufacturing any product, or even providing a service anywhere in the world.
ISO 14004 is a guidance document that explains the 14001 requirements in more detail. These present a structured approach to setting environmental objectives and targets and to establishing and monitoring operational controls.
These are further expanded upon by the following:
ISO 14020 series (14020 to 14025), Environmental Labeling, covers labels and declarations.
ISO 14030 discusses post-production environmental assessment.
ISO 14031 Evaluation of Environmental Performance.
ISO 14040 series (14040 to 14044), Life Cycle Assessment, LCA, discusses pre-production planning and environment goal setting.
ISO 14050 terms and definitions.
ISO 14062 discusses making improvements to environmental impact goals.
ISO 14063 is an addendum to 14020, discussing further communications on environmental impact.
ISO 14064-1:2006 is Greenhouse gases – Part 1: Specification with guidance at the organization level for the description, quantification and reporting of greenhouse gas emissions and removals.
ISO 14064-2:2006 is Greenhouse gases – Part 2: Specification with guidance at the project level for the description, quantification, monitoring and reporting of greenhouse gas emission reductions and removal enhancements.
ISO 14064-3:2006 is Greenhouse gases – Part 3: Specification with guidance for the validation and verification of greenhouse gas assertion.
ISO 19011 which specifies one audit protocol for both 14000 and 9000 series standards together. This replaces ISO 14011 meta-evaluation—how to tell if your intended regulatory tools worked. 19011 is now the only recommended way to determine this.