Quality Management System Certification

About this Article
This paper by Larry Hermone and Leslie McCoy was first published August 1994 and revised July 1995, and presented at the 1995 NCSL Workshop & Symposium. At that time the Test and Measurement business of Agilent Technologies was part of Hewlett-Packard.

ISO9000 -- Bureaucracy or Added Value ?

The intent of this paper is to share our (Hewlett-Packard, Golden Gate Service Center) experiences with ISO9000. We will discuss the decision process, preparation, third-party assessment, registration and the evolution of our internal audit and corrective action process.

We will also discuss the added value that the ISO9000 Quality System can bring to your organization or the bureaucratic jungle it can create.

What is ISO 9000?

ISO 9000 is a set of standards created by the 91 nation International Standards Organization (ISO) to define the basics of a Quality System for manufacturing and service, including documentation, controls, and worker training. It may also be referred to as a global standard for doing business. It serves as an international protocol for documenting the processes and procedures used to establish a consistent quality program within your organization. It is not product certification or a quality assurance system, and it does not replace existing product specific regulations.

Why become ISO 9000 registered?

Obviously, the decision to pursue ISO 9000 registration will be one of many important business decisions you must make. However, it may well be the most important business decision you make this year. Consider it carefully. Fundamental questions to help you determine if your business needs ISO 9000 registration:

• Are your customers demanding it?
• Do you presently, or do you plan to do business in the European market?
• Will ISO 9000 certification give you a significant competitive advantage?

If the answer to one or more of the above questions is yes, the next step is to evaluate the potential alternatives you have.

If you decide to pursue registration, the next step is the selection of a registrar. This is a critical decision. Although critics see the ISO approach as yet another attempt to keep foreign competitors out of the European countries unified market, ISO registration appears to becoming a de facto market requirement for companies who wish to do business in the European community. If this is your situation, customer acceptance/recognition of your registrar in the various European countries is critical. Today, having ISO registration is a competitive advantage. Tomorrow, it could be the ante to the global poker game.

During this early stage of the evaluation process, it is wise to establish your vision, set your objectives for ISO 9000, and determine how it can affect your company or business entity. Areas to consider in determining your strategy and objectives are:

• Cost - We hear about the cost of pre-registration fees and registration assessment cost, but little attention is given to the internal cost of establishing and documenting your Quality System, processes and training your employees.
• Thirty-five to forty percent fail the first assessment.
• Management commitment is critical, not just top management, but commitment and participation by your entire management team. The commitment or resources will be critical to your success.
• Employee involvement and commitment is also crucial and instills a greater sense of their role in the overall Quality System.
• Customer audit reduction is typically listed among the benefits of ISO registration. ISO registration may eventually limit the scope and the frequency of audits, but it will not eliminate the ultimate need for them.
• Can the ISO Quality System bring added value to your business or will it just mean more useless structure and bureaucracy? If you believe that an ISO 9000 Quality System can add value in the form of process efficiency, quality, and improved customer satisfaction, then ISO is the right thing for you.

If your customers want quality and value (not just the lowest price), then you can be among the companies delivering ISO 9000 level performance and winning business at the expense of those firms which do not embrace quality concepts.

Hewlett-Packard's Strategy

The decision to pursue ISO registration was a given for Hewlett-Packard Company. Since we have manufacturing and service entities in Europe and all of our US origin products are sold there, ISO registration came in the form of a customer requirement. While this decision is left to the business entity General Manager, the strategic business direction for Hewlett-Packard was established at the corporate level. In December 1992 Lew Platt, Hewlett-Packard President & CEO, made the following statement: "Hewlett-Packard believes that conformance to the ISO 9000 standards support its objectives of continually increasing customer satisfaction through improved process control. General managers responsible for business strategy will anticipate their customer's requirement for ISO 9000 conformance and gain certification in order to meet those needs."

The decision was ours, but it was just a matter of timing.

Since there is a very strong implication for Test & Measurement (Section 4.11), we felt that our customers would ultimately require ISO 9000 registered suppliers. Our decision was to make the commitment early, and once again demonstrate to our customers that Hewlett-Packard was totally committed to quality products and services. Our commitment was to not only implement a quality system to achieve ISO 9002 Registration, but to implement a quality system that would improve the quality of our service, improve our efficiency and add value to our organization and customers.

The move to ISO 9000 registration was a very natural evolution for Hewlett-Packard and complements the quality design philosophies and programs like Total Quality Management that Hewlett-Packard has had in place for years. At Hewlett-Packard quality always comes first. Our second corporate objective states, "To provide products and services of the highest quality and the greatest possible value to our customers".

Quality at Hewlett-Packard is so paramount that four of the ten corporate business fundamental metrics are quality related: 1) Total Quality Management, 2) Software Product Quality, 3) Hardware Product Quality, 4) ISO 9000.

ISO 9000 is the latest in a long line of Hewlett-Packard's commitment to quality. In 1980, then President and CEO, John Young, issued his "10X Challenge" to improve the reliability of our hardware products by 10 times over the next 10 years (as measured by annual failure rates per $1K selling price). He followed the hardware challenge with another in 1986 on software to improve the quality by 10 times in the next five years.

How did Hewlett-Packard do against these two very aggressive quality challenges? Very well! Hardware quality was improved from a failure rate of 1.0 per $K in 1981 to 0.2/$K in 1991. Likewise, software quality was also greatly improved moving from 1 post-release Defect Density in 1987 to less than 0.2 in 1992. These exceptional results are a win/win for Hewlett-Packard and our customers.

In order to implement an effective quality system that will add value, not bureaucracy, you must set your objectives carefully and obtain and keep the commitment of management, especially top management.

Now that the decision has been made, the real work of implementation begins. Remember, commitment is the key to your new Quality System.

Training

We mentioned previously that management commitment in working toward ISO registration is critical to the success of the project. One of the best ways to obtain this commitment is to train the management team on ISO 9000. This should be one of the first steps in the overall process of working toward registration. Training the management team to ensure they understand the requirements of ISO 9000 as well as explaining how each manager and each department will play into the overall scheme of becoming registered, will help the management team to understand the large scope of this project. It also will help them understand the resources needed to ensure proper implementation.

Additionally, it is highly recommended that at least one person from the organization (generally the Quality Manager) attend "lead assessor training" from a third party assessment company. While this is certainly not a requirement, the benefits are well worth the expense. Lead assessor training not only focuses on how to assess a business, but it also give an in depth explanation of the intent of the ISO standards. After attending this course, the Quality Manager will be able to act as the ISO expert for your facility. He/she will have better insight into the clauses within the standard and will be able to interpret how these clauses fit into your organization.

Core Team Formation

So, you have decided to go for ISO registration. The management team has been trained. Now what? How do you get started?

The most common approach is to create a team of people to drive this project. We called this our "core team". Other names have been used such as steering committee, ISO project team, quality team, etc.. This team should be comprised of the following:

• Team Leader - commonly the Quality Manager
• Management Representative(s)
• At least one representative for different functions in your organization.

"The core team is really the driving force behind your quest for ISO registration. Along with setting the pace for the project by determining the overall project schedule (who does what by when), it serves several additional purposes:

• Communication and decision making.
• Representation of each department's interest.
• Sharing of best practices.
• Minimization of duplication" (Smith, 1994, p.4)

Creating a Quality System

Many companies cringe at the thought of "creating" a quality system. It is a common misconception that everything currently in place must go out the window to make way for an ISO-type quality system. This is a huge misconception.

It is critical for the core team to review the quality system and processes that are currently in place. Compare them to the ISO standard you are seeking and identify what can be used intact and what can be used with slight modifications. There will be areas within the standard that are not addressed, either partially or completely. These "holes" are the pieces of your Quality System you will need to create.

There are several benefits to using this approach. First, you will save time and resources by using or modifying what you already have in place. Second, employees will feel more comfortable about ISO implementation as they realize that this does not mean a complete new way of doing business. It really is just a modification or restructuring of what is currently in place. While this may not seem like an important benefit, it was for our facility. Once employees realized that we did not have to change everything we were doing (as originally explained to us), we found more acceptance. People began to look for ways to modify our current processes to meet the standards. They felt much more comfortable knowing we had a starting place which made it easier to understand what needed to be done.

A third (and possibly most important) benefit to using what is currently in place is that you will be more apt to create a system that makes sense to your business. Rather than trying to create a quality system only to satisfy the assessors, create one that makes sense to your organization. Do this by modifying your current system to the standard rather that creating a system to meet the standard and then changing your business. The intent of this paper is to show several ways to resist bureaucracy throughout the implementation of ISO 9000. Take note. This may be the most important lesson you will learn.

Developing the Quality System

The actual development of the quality system can be overwhelming. It is wise to break this task into smaller pieces allowing you to see progress overall and not be overwhelmed by the sheer volume of work you may anticipate.

Most companies get to work on the Quality Manual immediately. This is a good idea. The quality manual is a very high level explanation of your organization. It explains the overall objectives and philosophy of the organization; how the organization is structured and managed; and how the different quality functions present in the organization impact the overall business. This should be one of the first tasks done but it does not have to be completed before you continue on with the development of the quality system.

As you get started in the development/reorganization of your Quality System, it is very important to stop and think about the following (perhaps this is lesson number 2 for this paper):
The spirit by which you approach ISO determines what it will become to you and to your organization.

If you see ISO as a bureaucratic mess that will not benefit the organization, that is what you will create. If you see it as a set of standards that will enhance your organization and help provide a method for the continuous improvement of your processes, that is what it will be.

When we first started investigating ISO registration, we were told that every single process would have to be documented to the level that a new employee could come into the organization and function well. To me, that seemed impossible and bureaucratic.

There are too many variables in day to day business which make it unrealistic to expect that level of documentation. While I disagree with the statement in most respects, it does have some merit in helping to determine how to strike a balance between documentation and training. When a new employee begins work, think about what training he/she must have to understand the organization and the processes. What documentation is needed to supplement this training to ensure the processes are carried out properly and consistently?

It is not necessary to document every single thing you do. Each company must determine the level of documentation necessary, walking a fine line between training and documentation. It is important to document thoroughly, yet still leave enough flexibility in the documentation to allow for individual process interpretation while achieving consistent results. In general, the assessors will not expect that every single step and every single decision be documented. They understand this is unrealistic. In many cases it is necessary to leave certain decisions to the judgment of your employees. It is important in this case to provide them with the tools and training to make these calls. This can be done many different ways such as training, past experience, educational background, documented processes, lists, criteria and so on.

The last recommendation regarding documentation is to make it reflect reality. Do not write the documentation based on how you think the assessors want to see it. Write down what you really are doing. It is helpfully to have the employees involved in documenting their work instructions. They know best how they do their jobs. This has been a stumbling block in many organizations. The managers write the documentation based upon what they think the employees are doing. In reality, the employees are doing something quite different.

It is common at this point to feel that the processes as they are may not be adequate. In this case, work with the employees to improve the processes as appropriate. In any process improvement course, it is continually stressed that you must begin by documenting how the process is being done in the present - not how you want it to be. The assessors will expect to see improvement in processes. They understand that the documentation will not remain static.

Internal Audits

When people think about ISO 9000, many think about the bureaucracy of the system, the mountains of required documentation, and often the bureaucracy of the internal audit program. However, an internal audit program can be very beneficial. "Not only is internal auditing required by ISO 9002, it is essential for bringing about change in the organization and in proving that the quality system works. The auditing process must be comprehensive and have a built-in corrective action mechanism so that quality system discrepancies and non-conformities to the ISO standard are cleared in a timely manner".(Smith, 1994, p.3)

We are living proof that internal audits can be effective and do not have to be bureaucratic. We originally built an audit program that we could not keep up because it was too time consuming and too specific. We have since migrated to a very useful, time sensitive program that immediately added value to our quality system.

When we first put together our internal audit program, we determined we had four key areas that needed the bulk of the auditing. We also identified two other areas that we do not feel were very important, but we thought the assessors would, so we created audits.

We built the internal audit program around checklists. We created several checklists, one for each of the four key areas that needed auditing, and one for each of the other two areas that we thought the assessors would want to see. Each checklist had 8-10 questions.

Every week, the Quality Manager completed 20 of each of the four checklists for the four key processes. This totaled 80 checklists a week! The other two, less important checklists were completed at the rate of one a week. This took 20-25% of the Quality Managers time - completing checklists, addressing any non-conformities found, tracking any necessary follow up to ensure completion in a timely manner.

As the months passed, the employees caught on to this little game. They saw the Quality Manager walking around the Service Center with a clip board and a pile of checklists and they began to run around frantically, making sure their orders met the questions on the checklists. The number of audit non-conformities began to drop slightly so it seemed like the audits were successful, right? Not necessarily.

We were spending a large amount of time each week on these audits, yet were we really improving our process? Once the 10 questions on the checklist were asked and answered, we did not continue to look at the process to see if there was anything else that may be out of order. We were only looking at a very small portion of our overall process, so problems in other areas of the process continued to happen and were not being addressed. The processes stopped being improved, and we just were not seeing the return on this large investment of our time. In essence, we built the most bureaucratic system imaginable.

After finally reaching this conclusion, we completely changed the internal audit process, discontinuing the use of checklists. Now, the Quality Manager goes into one section of the Service Center at a time and begins asking open ended questions involving the ISO 9002 standard and how they relate to our processes. We no longer are confined to a list of predetermined questions. Instead we have a list of the clauses in the standard that must be covered as well as a list of the non-conformities found throughout the Service Center on previous assessments. Questions are generally formulated on the spot based on the responses of the previous questions.

Immediately, the internal audit program improved. The Quality Manager's time spent on this program has dropped dramatically. We have uncovered some process problems that were not evident with the previous auditing method. All areas critical to our business and to the success of our organization are audited. As a result, we have made some positive improvements to our overall quality system. We stopped worrying about trying to figure out what the assessors wanted to see and started worrying about how we could make improvements to our own system while ensuring we covered the entire Service Center.

There is a second part of our internal audit program. We are fortunate to have multiple Service Centers in the United States which have all recently achieved ISO registration. The Quality Managers in each Center worked together to develop a system that allows us to audit each other annually. Each Service Center will host a Quality Manager from another Center who will audit the entire facility.

Several benefits have been realized through this process. First, there is another person, objectively evaluating the quality system, who may have opinions different from our own. Second, it gives the Service Centers the opportunity to share ideas and learn from each other. This sort of process is widely used in many different companies.

One last thing to keep in mind as you create your internal audit programs - design it to add value to your organization. It should be a tool to help find where improvement to the PROCESS is needed. This point should be stressed to auditors and auditees so that those being audited do not feel they have caused a nonconformity. It is important that those being audited feel comfortable to explain what is really happening with a process so it can be determined if the PROCESS is adequate. If the auditee tries to cover up problems, the process will not be improved.

Corrective Action Program

Corrective action programs vary widely throughout different companies. Some companies have very formal programs with guidelines on what type of issues may be submitted into the corrective action program. Other companies, such as our Service Center, have put no limitations on the submissions. We have opened this tool to any type of process improvement need or idea such as audit results, customer feedback issues, employee ideas on how to improve a process, and process breakdowns to name a few. The results have been positive, adding to our efficiency, quality, and productivity.

There are several key issues to remember when devising a corrective action program. First, all entries must be traced somehow to ensure you can tell whether an item is open or if it has been closed. When it has been closed, it is important to ensure the originator understands what action has been taken and/or why the corrective action has been closed.

As each item is submitted, try to determine the root cause of the issue. It is very easy to get into the trap of solving the immediate issue but not looking to see what caused the problem. Therefore, it is likely that the same type of issue will resurface since the actual cause of the problem has not been addressed.

This brings us to "preventive action". In 1994 the ISO 9000 standard was revised. One of the more notable changes is in the area of Corrective Action. The name of the clause was changed to "Corrective and Preventive Action". Along with the name change, the clause itself was rewritten to separate corrective action and preventive action, forcing registered companies to address how they ensure issues addressed will not continue to reappear. While preventive action was in the 1987 version of the standard, it was not strongly emphasized as it is in the 1994 version.

The corrective action program is really meant to foster an environment that encourages continuous process improvement. By keeping track of all issues raised, you have an avenue to ensure that each one is resolved. By focusing on identifying the root cause of the issue at the time of the resolution of the corrective action, you are addressing preventive action. Then, by going back periodically to analyze all issues raised to look for common trends, you are further looking for ways to prevent those issues from resurfacing.

Assessment

Third party registration assessments are handled differently at each company and differently by each registrar. The length of time of the assessment depends on the size and scope of your business.

Registration entities each have different processes for determining the number of assessors and length of time needed for a full assessment. The assessor we chose used two assessors for three days to assess our Service Center with 115 employees. The audit began with an opening meeting designed to explain to us the intent and format of the audit as well as the agenda. We then gave the assessors an overview of our business and introduced them to our management team. (Our registration company required that we send a copy of our Quality Manual several months before the audit for them to read and approve.)

The actual assessment began with the auditors speaking with upper management. During this time they discussed our quality policies and business objectives. They moved on to work with the various people responsible for the different clauses within ISO 9002. After that, they moved on to the employees who actually do the work. With each set of interviews conducted, the assessors looked for consistency in our answers and policies. They also looked for evidence that polices/processes flowed throughout the Service Center from management to front line employees.

Throughout the assessment, our assessors collected findings which were discussed at the end of each day. Our assessor rated non-conformities in classes of major and minor. Minor non-conformities, slight breakdowns in the process, are commonly found during this initial assessment. Examples include inconsistent answers and interpretations of policies, examples of people not following documented processes correctly... Major non-conformities are issues of a more serious nature, where perhaps a clause within the ISO standard is not covered either completely or partially. If a major nonconformity is found, a company is generally not recommended for registration at that time.

Other companies have different rating systems. One rates non-conformities on a scale of 1 to 3. The numbers are added together and a certain number is the decision point as to whether or not a company should be registered.

The fact that the registrars all use different rating systems lead some critics to believe that the whole assessment process is too subjective. It further reinforces the critics' belief that companies can be registered without really being a quality organization and having quality products. This issue is addressed later in this paper.

Our assessors insisted they have a "guide" from our office with them at all times. The role of the guide, other than to physically bring the auditor from department to department, is twofold. First, the guide is the "interpreter". Every company has its own internal "language". The auditors also have their own "language". For example, "contract review" to the auditors is the same thing as "purchase order review" to us. The guide is expected to step in to clarify questions and answers if it appears there is confusion with one party or the other. Often having a familiar person nearby who can intervene should questions arise also makes the employee feel more comfortable.

The second purpose for the guide is to "witness" any non-conformities found during the course of the audit. This is to help avoid any confusion about the nonconformity at the end of the day.

Once the "interviews" are completed, the auditors write their audit report and present it to the management team. If requested, they will review the audit report in detail, discussing each nonconformity at length. It is at this point it is made clear whether or not the company is recommended for registration. Since most companies will have some minor non-conformities to address, it is generally not stated that they absolutely will be registered. Once the auditors leave, the company must create an action plan which addresses the non-conformities found and send it to the registrar. If this plan is acceptable to the registrar, registration is approved and the registration certificate is sent.

All registrars have some sort of "continuing assessment" plan which is geared toward assessing smaller portions of the quality system at prescribed intervals. This will vary depending on the company chosen. The most common intervals are every 6 or 12 months, however, there are some registrars who will not come back for a two or three year period !

How has our Service Center benefited from being registered to ISO 9002?

When we first began this project three years ago, there were debates as to whether or not registration would benefit our business. Many people felt we would just go through the motions of becoming registered and then we would revert back to our old way of doing things. It was a common opinion that ISO was just the next thing to come along and that as soon as we got the certificate, we would move on to the next project or audit.

Now, after two years of being registered, we can see the benefits. We already had a quality system in place, although we did not use that term. The system was pretty loose, however. We did not have all processes documented thoroughly, and it was up to each department to decide how much documentation was necessary for them. This created a problem in the departments that had similar processes yet slight variations in their work instructions. Depending on what group serviced a product, the customer may have received a slightly different end product.

Through our work toward ISO registration, we determined that consistency in our process is a must. The different technical departments worked together to come up with a process in which all the details would be completed the same way. We documented the processes and then trained the technicians how to use this new process ensuring consistency among all groups. A similar program was used in the administrative functions.

This has created a more consistent process which leads us to a more consistent end product. All of our service documentation looks the same. All of the small details are handled the same way. All of the checkpoints within the process are the same no matter what department completes the work.

A second benefit is that we have a formal method of collecting and reviewing our customer feedback. For years we have conducted surveys and collected information from our customers. We would resolve the issues as they happened and take care of any root causes. What we did not do was to analyze all of the customer complaints on a periodic basis. Now we analyze the customer feedback and discuss it at our quarterly management review meetings. Once we step back and look at the data, we look for trends that were not visible when resolving the issues one at a time. At this point, we take action as appropriate to resolve the trends or root causes we find during these management reviews.

Another benefit we now have is a formal process in place for continuous process improvement. We had been through process improvement training and had been involved in process improvement projects. These projects, however, were generally initiated at the whim of different employees. We now have several programs in place that lead us toward process improvement in a more structured way. Our corrective action program helps highlight areas that require action and improvement. We also measure our business objectives more stringently. Whenever our control charts show a negative trend, investigation and/or process improvement is put into place. While we measured and tracked our business objectives before we were registered, our reaction to negative trends was not as automatic as it is now.

A fourth large benefit realized is in the area of training. As new employees are brought into our organization, it is much easier to bring them up to speed. When they start, they are given an employee handbook which contains information about our Service Center including our Quality Manual, work instructions, and pricing information. We also have a training plan that helps the manager and the new employee know what training is required and in what time frames. We did not have this type of a program in place before registration. Each manager was on his own to ensure new employees were trained.

What have we learned after two years of registration, and what are we changing?

The first, and possibly most important, thing we have learned after two years of being registered is that we still have room for improvement. There are several processes we put into place to meet the ISO standard that we have since found can be done differently, in a manner that is more conducive to our environment. Our internal audit program, which was previously discussed, is just one example. We tried a process to meet the standard, found it was too cumbersome, and worked on improving the process. We now have a very solid process that has helped in finding other areas for improvement.

We also learned that training records can be handled in many different ways. As we designed our training records, we created a system which required that every single model number a technician has been trained on be listed on the training history. In our environment, the technicians are trained on new products constantly - at a pace faster than their training records were updated. We found we were spending too much time trying to ensure each individual model number was listed on the records. Finally, it hit us that individual model number was not the only way to record training. We are in the process of moving to a much simpler method of tracking training, one that works well with our business and, at the same time, satisfies the ISO standard.

We determined that we had over documented our Quality System. From what we have heard, this is quite common. We identified many areas of duplication as well as some areas that we simply put in too many details and eliminated this duplication by flattening the documentation. Instead of having three levels of documentation with each level containing more details that the previous level, we eliminated one level of documentation entirely, leaving our Quality Manual and working instructions.

In the areas where we put too much detail, we eliminated some of the information. We found in some areas we made procedures too specific. The problem is that we left no room for variances and judgment on the part of the employees. In some cases this may be ideal. In other situations, specifically those dealing with customers directly, we need to allow for variance.

One of our assessors chuckled as he used the following analogy to describe some of our more detailed processes. He said documentation is something like transportation in San Francisco where cable cars are used. The cable cars are set on rails which take the car on a very specific path. If something happens to block the rails, the cable car is stopped in its tracks until that obstacle is removed. An automobile or bus, however, has room for variance. In general, they follow a path (the streets) yet if something blocks this path, the car or bus can maneuver around the obstacle and continue on the path. Our processes are becoming more like the automobiles where possible, not so specific that there is no room for judgment where obstacles are presented.

Main criticism of ISO 9000

The critics of ISO 9000 have focused on several aspects of the program which we will explore below. In most cases, we had the same concerns when we first began working toward registration. Throughout the process of building our quality system and after being registered for a year, we have changed our way of thinking and truly believe our business and our services have improved from the experience.

The most widely spread criticism is that ISO focuses only on the quality of the PROCESS of how a business runs instead of the quality of the end product. It has been stated that a company can consistently produce bad widgets, yet, because their process is designed to create these bad widgets, they can become registered to ISO 9000.

In theory, this could possibly happen, however, it would be very difficult for this company to remain registered for very long. The registrars are specifically interested in the process used to create your product. However, they will also expect that you:

1. Define your product or service.
2. Identify, track, and measure your business goals and objectives, and then take corrective action if those goals and objectives are not met consistently.
3. Audit your process for compliance and take corrective action to resolve any issues (including the root cause).
4. Solicit, collect and analyze feedback from your customers, and take corrective action to resolve any issues (including the root cause).
5. Inspect your process and output, and take corrective action to resolve any issues (including the root cause).
6. Effective August 1994, not only is "corrective action" required, but PREVENTIVE action is also required. This means companies are required to take action to ensure the same issues do not continue to surface.

With all of the above expectations, it would be very difficult for a company to continue to produce bad widgets and still remain registered. (It would be difficult for them to remain in business also!)

A second widely spread criticism is the alleged bureaucracy of the system. It is true that many companies have designed bureaucratic systems. The key to remember is that these companies have built their quality systems to include the bureaucracy - the ISO standards do not call for it.

As we built our quality system, we made an effort to resist bureaucracy. We thought we had done a pretty good job. Over the last two years, however, we found that, even with our conscious efforts, we still created a great deal of bureaucracy. Now our task is to replace the bureaucratic portions with streamlined processes that are realistic and beneficial to our company.

Another concern people have had about ISO 9000 is the cost. It is true that this program is expensive. Not only is there a cost associated with the actual registration and continuing assessments, but there is a significant amount of time and energy necessary to get an organization compliant with the standards.

The cost associated with the registration itself will vary. There are ways to keep this cost down but they are not for ever company. The most common method is to use local registrars. Each company pays for the registrar's travel and expenses during the assessment. Using a local registration company can decrease this cost since travel is not necessary. It is critical to investigate this option before choosing it. Because there are customers who do not accept all registrars, it is important to ensure your choice is widely accepted, at least to your customer base.

The most effective method to keep cost down in the overall process is to build a realistic system. Determine what the standard actually means and build a system that suits your company. Once the system is in place, ask yourself where the benefits and the resource drains are. Focus on those resource drains to change the process and make that area a benefit too. The key is to build a system that works well with your company and that centers around continuous process improvement.

The last criticism addressed in this paper is the notion that ISO 9000 equals mountains of paperwork. While it is true that a company will most likely end up with more documentation than when they started, hopefully, this documentation will add to their overall processes by clarifying issues and directions. Once our documentation was put in place, we recognized the following benefits.

First, we have seen an increased sense of consistency in the output of our products. Everyone had a slightly different way of doing things. Once work instructions were developed, some of the guesswork and interpretation of the procedures was taken out of the process. Everyone now knows what to do and how to do it.

The completion of our work instructions helped in finding ways to improve our processes. Once we physically wrote down the process and analyzed it on paper, we recognized the duplications and bureaucracy we had built into the process. Identifying these problems gave us a head start on improving the processes and designing them better.

A third benefit we realized is in the documentation control area. Before we defined a method to control our procedures, each group within our Service Center was informed of changes through their manager. Each manager had different schedules and, if one manager was on vacation, we did not have a systematic method to consistently ensure process changes were explained to his group in a timely manner. We now have a program that ensures the appropriate employees are made aware of process changes at the same time.

Potential Pitfalls

When working toward ISO registration, there are some potential pitfalls that can hinder the progress of any company.

First and foremost, it will be extremely difficult to lead a company to ISO registration without management commitment. It is critical for the management team to lead the efforts of registration. This does not mean the management team must do all the work. To the contrary, the management team is necessary in leading the organization and setting an example in taking the project seriously, devoting the appropriate resources to develop the quality system, and setting the urgency and priority of this project.

A large pitfall is developing a bureaucratic quality system. Bureaucratic processes hinder productivity and often foster frustration. While it seems like common sense to avoid bureaucracy, even those with the best intentions have inadvertently added it to their system. Do your best to avoid it up front. Build continuous process improvement methods into your system so you are constantly looking for better ways to do things. Additionally, always question why things are done as they are when it appears a procedure does not add value overall.

Another large problem is not keeping up with the quality system once it is in place. Complying with the ISO standards is not a one time event, it is a change in doing business. The registration entity will set a time frame for continuing assessments. This means they will be back to reassess your business whether that is in six months or in one year. Whatever the time frame, they will expect to see that all processes in the quality system are maintained accordingly.

The easiest way to ensure this happens is to build a realistic quality system: one that is built around processes and programs that really add value to your business, not one that is put in place only to satisfy the ISO requirements; one that is built around your business, not just the 20 clauses of ISO; one that is grounded in the reality of your everyday business and that your employees helped write, not one that is built around "ideal" processes that are not being followed by the folks actually doing the work.

In Summary

We feel that our ISO 9002 Quality System has and will continue to add value. However, you must be ever vigilant to ensure that creeping bureaucracy doesn't overtake your quality system process. The areas of benefit are:

• Uniform structure and process
• Corrective action/change process that facilitates continuous improvement.
• Employee involvement and commitment.
• Internal audit process that identifies process/technical problems that, when corrected, improve product quality.
• Customer Feedback program that gives us better customer satisfaction information and helps us determine where to focus improvements.

Although we are very encouraged and positive about our ISO 9000 Quality System experience, please remember that ISO 9000 is bureaucracy waiting to happen if not carefully planned and managed. As we reflect back on the last two years of registration, we found that we built massive bureaucracy and wasted effort into our internal audit and employee training processes. In addition, our processes were documented in far too much detail. This was despite our strong intentions not to create bureaucracy. Only through continually improving our processes have we created a truly viable system.

ISO 9000 will be what you make it. It can result in added value or bureaucracy, the choice is yours. One last thought -- this program takes time and commitment -- it is not a Quick Fix !

References

1. Abell, D. "You Attained ISO 9000...So Now What? Internal Audit and Maintenance". Proceedings: National Conference of Standards Laboratories. Annual Conference 1993. Boulder, CO: NCSL. 281-295.
2. Burrows, Peter. "Behind The Facade Of ISO 9000". Electronic Business. January 27, 1992. 40-44.
3. Cirulli, Carol. "Adventures In The ISO Jungle". Journal of European Business. March 1993. 22-30.
4. Grund, Howard. "Can Registration Stand In For Supplier Auditing?". Chemical Week. 49-52.
5. Mullin, Rick. "ISO 9000 Viewpoint". Chemical Week. November 10, 1993. 4, 40-42.
6. Nichols, Don. "The Seal Of Approval". International Strategies. September 1993. 57-61.
7. Russell, John F. "The Stampede to ISO 9000". Electronic Business Buyer. 101-134.
8. Schaef, Dick. "The Case Against ISO 9000". Training Magazine. September 1993. 5-10.
9. Smith, Benny R. "Manufacturing Microwave and RF Test Equipment to Meet the Requirements of ISO9002". NCSL Meeting, San Diego 1994. March 18, 1994.
10. Witt, Clyde E. "ISO 9000: A Road Map For World-Class Manufacturing". Material Handling Engineering. January 1993. 49-54.