We expect a standard to be definitive. Products that conform to standards for electrical safety, for example, are safe. But management system standards specify general requirements for parts of the system without guaranteeing the performance of all management systems that conform to the standard. Some say this is because standards for management systems generate widely differing interpretations according to the circumstances of use.
So, is a management system standard like ISO 9001 really a standard?
To answer this we first need to examine the relationship between products, processes and systems. Products depend on their processes. Processes depend on their system. The organization is the system that nurtures or disrupts its processes.
By focusing on product standards, we can verify products for conformity and reject those products that do not conform. But an inspection-led approach to quality increases costs for customers. Some processes result in products that would be too expensive to verify fully. Consequently, for processes that could result in products with hidden defects, we had to have process standards too. These special processes include sampling, testing, brazing, auditing and anodizing.
Then we realized that if standards work for special processes, why not capture a model of how the best organizations actually deliver quality assurance?
This led to the first quality system standards that customers could specify in their contracts. Adherence to these early system standards enabled their contractors to focus their time and effort on prevention to reduce the cost of poor quality. Contractors now paid costs of poor quality so they invested more in the prevention of nonconformity. Customers (and contractors) saw quality improve and their costs reduce. A win for all parties involved.
Customers pre-qualified new contractors by auditing their quality systems. Contractors, having to entertain a customer audit every month or so, found this very expensive. Customers had to reduce the number of second party audits. In 1979, the UK issued BS 5750 as a civilian model for quality systems. In 1987, this standard became ISO 9001. LRQA (Lloyd Register Quality Assurance) was the first registrar accredited in 1985 to certify quality systems resulting in one certificate that was recognized everywhere.
Guidelines like ISO 9004 are not standards because they recommend rather than specify acceptance criteria. Documents that specify requirements for management systems are standards but they need a real customer’s requirements and a real system to be fully useful as standards. When combined with the contractor’s management system the standard’s requirements are usually sufficient to determine conformity or cite evidence of nonconformity for corrective action.
Using ISO 9001 with real external requirements driving use and improvement of the management system we see that it becomes an effective standard. It is possible for a well-trained thinking auditor to gather and evaluate evidence to verify conformity of that system to the standard.