ISO 9001 The Standard Interpretation - A Peek Between the
Published by Simply Quality
ISO 9000 is a series of documented standards prescribing
quality assurance management. Written by the International
Organization for Standardization, the series has been adopted by
80 countries, including the United States, Canada, the European
Union and Japan. ISO 9001 has the broadest scope of these
standards and is intended to be used for four purposes:
- As guidance for quality management-it contains
useful advice for managing a business;
- In contractual situations, between first and second
parties-it can be part of a legal contract between
customers and suppliers providing the customer assurances
that the supplier will carry out work in a controlled
manner and that the product will consistently meet
- As part of a second-party approval or registration
system-a customer gives formal recognition to a
supplier of conformance with the Standard;
- In a third-party certification or registration
situation-recognized assessment firms, called
registration agencies, register companies that are
compliant with the Standard. This reduces the need for
customers to perform assessments of their suppliers'
Quality Systems. The Standard Interpretation concentrates
on third-party registration because it is the primary use
of the Standard.
The 9001 Standard presents a basic model for Quality
Assurance. When requirements of the Standard are met, customers
can be confident of the quality of products and services they
The ISO 9001 Standard is used in legally binding contracts, so
its language must be precise. However, it must also be general
enough to apply to all industries. The result is that although
the Standard is fewer than ten pages long, it is difficult to
read and understand. The purpose of this book is to present each
paragraph of the Standard, then increase the reader's
understanding with a discussion and checklist.
In its most basic form, the Standard requires that you:
- Say what you do-Have documented procedures for
performing the work that affects product or service
- Do what you say-Carry out the work in accordance
with the written procedures.
- Record what is done-Retain records of activities,
providing objective evidence of compliance to auditors.
- Improve, based on results-Compare what has
actually happened to what was planned. Use this
information to identify and correct shortcomings in the
The bulk of the book is made up of units, each consisting of
the following four sections:
ISO 9001 Heading Simple Heading
The exact text of the ISO 9001 A simplified rephrasing of the
Standard. Standard heading followed by a
simplified introduction to the text
of the Standard. This is intended to
provide the reader with an overview
of the text of the Standard. Because
simplifications and interpretations
are made here, the actual text of
the Standard should be referred to
for critical decision-making.
Notes on, or examples of, the best or most common practices to
use in carrying out the Standard.
A list of questions, based on this section of the Standard,
that is representative of those asked by an auditor. These may be
used as a checklist to assess your organization's readiness
during compliance efforts or may be used as the basis for
internal audits. To be in compliance, you must be able to provide
objective evidence supporting a "yes" answer to any
checklist question. Note that although these are valid questions
and the list is intended to be comprehensive, currently no
checklists are sanctioned by the International Organization for
Standardization (ISO). The actual questions asked by any auditor
will differ from those on this list.
Changing each question into a positive statement for action
will provide a list of practical directives on how to implement
each paragraph of the Standard.
Special Use Terms:
Several terms throughout the Standard have a more precise
meaning than they do in common usage. They can be defined as
- Customer-Your paying customer. The person with
whom you signed the contract.
- Supplier-Your company. The company that employs
- Sub-contractor-A supplier, vendor or consultant to
- Shall-You must follow this requirement to comply
with the Standard.
These definitions are used throughout this book instead of the
original terms. Other terms used in the Standard may be
unfamiliar, and are defined in a glossary at the end of the book.
It is helpful to know that the scope of the Standard is work
affecting the quality of a product or service. And the test for a
sufficient Quality System is its "effectiveness."
Therefore, in assessing compliance, the auditor, who is trained
to evaluate compliance with the Standard, will determine whether
a person's work affects product and service quality and if the
Quality System is effective in preventing errors. In an effective
Quality System, if errors do happen, they are quickly detected
and corrected .
Interpretation of the Standard will vary from one auditor or
consultant to the next and from one registration agency to the
next. This book describes an interpretation based on the
practices of several auditors. The exact interpretation used by
any individual auditor can only be made by that auditor.
Summary and Afterword
The twenty paragraphs, 4.1 through 4.20, of the Standard are
interrelated and form a Quality Assurance System. The table on
the last page of this book is an overview of those paragraphs,
showing how they support each other. The figures on pages 97 and
98 illustrate the interrelationships between several elements.
It is vital that top management actively support the
achievement of product and service quality by creating and
deploying a written quality policy; defining the organization and
structure of staff responsible for product and service quality;
providing for inspectors, independent auditors and reviewers;
assigning an ISO 9001 Management Representative with the
authority to carry out the requirements of the Standard, and
personally reviewing the results of the internal audits.
A Quality System is created and maintained by keeping a
comprehensive set of controlled procedures documents, and having
the resources needed to achieve quality.
All phases of product design, development, manufacture,
installation and service, from review of the sales agreement with
the customer, through all intermediate stages of product design,
selection and control of suppliers, identifying, testing and
controlling the product during its creation, handling, storage,
packaging and delivery and providing customer service, are
carried out with care for product and service quality.
Work that affects product and service quality is conducted
through controlled processes. This requires that the processes
are effectively managed by establishing defined procedures,
controlling documentation, maintaining records of results and
authorizations, auditing the Quality System to keep it current,
taking corrective and preventive action, calibrating measuring
and test equipment and using only valid statistical techniques.
To allow all of this to happen, people are qualified to carry
out their work based on their education, training or experience.
ISO 9001 presents a basic model for quality assurance. I hope
this book helps you to understand and appreciate the Standard.
Deciding to obtain registration is an excellent next step, or
first step, in your quality journey. I hope you will take that
step, it is well within your reach.
When you do obtain registration, please tell me your
experiences. Let me know how this book was most helpful and where
it can be improved.
Changes Made in the 1994 Version of ISO 9001
Directives of the International Organization for
Standardization require that all standards be reviewed every five
years. The purpose of this review is to ensure that:
- The standards reflect experience gained from its
- The standards remain stable to facilitate ongoing
training and use.
- The standards are usable by companies regardless of size,
industry or product offering.
As a result, the ISO 9000 series of standards has been revised
and officially adopted in July 1994. The most significant changes
from the 1987 version of ISO 9001 are as follows:
- The importance of using third-party registration agencies
is now recognized by the language of the Standard.
- The term "customer" replaces the term
- The introduction mentions the assessment of quality
capabilities by external parties (i.e., third party
- Subclause 4.1.1, Quality policy, includes
reference to customers' expectations and needs, and the
supplier's internal organizational goals. The quality
policy must be defined by "management with executive
- Subclause 188.8.131.52, Resources, is now broader
than"verification resources and personnel" was.
It now includes reference to management, trained
personnel, work performance, and verification activities.
The requirement for independent personnel carrying out
design reviews has been removed. The requirement for
independence of audit personnel has been moved to 4.17.
- Subclause 184.108.40.206, Management representative, must
now be appointed by "management with executive
responsibility." The Management Representative is
now explicitly required to report on the Quality System
for the purpose of management review and improvement.
- Subclause 4.2.1, Quality system-General, now
includes an explicit requirement for a quality manual
that defines the documentation structure of the Quality
System, including "reference to the quality system
procedures and outline [of] the structure of the
documentation used in the quality system."
- Subclause 4.2.2, Quality system procedures, now
clarifies the degree of documentation required for the
Quality System. It states that the extent of documented
procedures required for work activities shall depend upon
"the complexity of the work, the methods used, and
the skills and training needed by personnel involved in
carrying out the activity."
- Subclause 4.2.3, Quality planning is entirely new.
It covers Quality System planning and product quality
plans. It states that the quality plan for a product,
project, or contract may be in the form of a detailed
reference to those documented procedures of the Quality
System that are appropriate to providing complete
assurance of product quality. Most of the information to
be considered was in the "Note" in the 1987
version of the Standard.
- Subclause 4.3, Contract review, now includes
pre-contract tender arrangements as well as contracts and
ordering requirements within its scope. It also includes
provisions for orders received by verbal means and
requires identifying how amendments to a contract will be
- Subclause 4.4, Design control, has been expanded
to include design validation, and separate requirements
for design review and design verification.
- Subclause 4.4.4, Design input, must include
applicable statutory and regulatory requirements.
- Subclause 4.4.5, Design output, specifically
states that documents shall be reviewed before release.
- Subclause 4.4.6, Design Reviews, is a new section
stating that design reviews are mandatory and must be
planned, conducted and documented.
- Subclause 4.4.7, Design Verification, states that
design verification must be carried out at appropriate
stages of design and must ensure that "design stage
output meets the design stage input requirements."
- Subclause 4.4.8, Design Validation, is new and is
in addition to "design verification." Design
validation must ensure that the product conforms to
defined user needs or requirements. This is in addition
to design verification which must ensure that design
stage output meets design stage input requirements.
Design validation follows successful design verification
and is normally performed on the final product.
- Subclause 4.4.9, Design changes, still requires
controls, but no longer requires design control
"procedures", since this control naturally
falls within the requirement for document and data
- Subclause 4.5, Document and data control, is
expanded to include "data" and "documents
of external origin such as standards and customer
drawings." The use of electronic media is recognized
in a note. Fortunately, "obsolete documents"
may be "retained for legal or knowledge-preservation
purposes" if they are "suitably
- Subclause 4.6.1, Purchasing, General, now requires
documented procedures to "ensure that purchased
product (see 3.1) conforms to specified
- Subclause 220.127.116.11, Supplier verification at
subcontractor's premises, is new. It requires that if
source inspection is to be used, it must be specified in
the purchasing documents.
- Subclause 4.8, Product identification and traceability,
requires traceability, where applicable, to begin at
receipt rather than during production.
- Subclause 4.9, Process control, now includes
servicing and has added requirements for maintaining
process equipment to ensure continuing process
capability. The previous section 4.9.2 on "special
processes" has been incorporated into the text of
section 4.9. The requirements for qualification of
equipment and personnel to carry out process operations
shall be specified.
- Subclause 4.10.1, Inspection and testing, General,
requires the quality plan or documented procedures to
specify the required inspection, testing, and quality
- Subclause 4.12, Inspection and test status,
specifies that status "shall be maintained , as
defined in the quality plan and/or documented procedures,
throughout production, installation and servicing of the
- Subclause 4.14, Corrective and preventive action,
now includes separate requirements for corrective and
preventive action. Corrective action refers to
eliminating the causes of actual nonconformities, and
preventive action refers to eliminating the causes of
potential nonconformities. Requirements to implement and
record changes in documented procedures and the use of
formal procedures for handling customer complaints have
been clarified and strengthened.
- Subclause 4.14.3, Preventive action, now requires
that "relevant information on actions taken is
submitted for management review."
- Subclause 4.16, Control of quality records, allows
for storage on electronic or other media. Procedures must
address access to quality records. Records no longer have
to be "identifiable to the product involved."
- Subclause 4.18, Training, now requires documented
- Subclause 4.20 Statistical techniques, requires
statistical techniques to be identified.