This article has multiple issues. Please help improve it or discuss these issues on the talk page . (Learn how and when to remove these messages)
|
The ISO 9000 family is a set of international standards for quality management systems. It was developed in March 1987 by International Organization for Standardization. The goal of it is to help organizations ensure that they meet customer and other stakeholder needs within the statutory and regulatory requirements related to a product or service. [1] The ISO refers to the set of standards as a "family", bringing together the standard for quality management systems and a set of "supporting standards", [2] and their presentation as a family facilitates their integrated application within an organisation. [3] ISO 9000 deals with the fundamentals and vocabulary of QMS, [4] including the seven quality management principles that underlie the family of standards. [4] [5] [6] ISO 9001 deals with the requirements that organizations wishing to meet the standard must fulfill. [7] A companion document, ISO/TS 9002, provides guidelines for the application of ISO 9001. [8] ISO 9004 gives guidance on achieving sustained organizational success. [9]
Third-party certification bodies confirm that organizations meet the requirements of ISO 9001. Over one million organizations worldwide [10] are independently certified, making ISO 9001 one of the most widely used management tools in the world today. However, the ISO certification process has been criticised [11] [12] [ self-published source? ] as being wasteful and not being useful for all organizations. [13] [14]
ISO 9000 was first published in 1987 by the International Organization for Standardization (ISO). [15] It was based on the BS 5750 series of standards from BSI that were proposed to ISO in 1979. [16] However, its history can be traced back some twenty years before that, to the publication of government procurement standards, such as the United States Department of Defense MIL-Q-9858 standard in 1959, and the United Kingdom's Def Stan 05–21 and 05–24. Large organizations that supplied government procurement agencies often had to comply with a variety of quality assurance requirements for each contract awarded, which led the defense industry to adopt mutual recognition of NATO AQAP, MIL-Q, and Def Stan standards. Eventually, industries adopted ISO 9000 instead of forcing contractors to adopt multiple—and often similar—requirements. [17]
The global adoption of ISO 9001 may be attributable to several factors. In the early days, the ISO 9001 (9002 and 9003) requirements were intended to be used by procuring organizations, such as contractors and design activities, as the basis of contractual arrangements with their suppliers. This helped reduce the need for subcontract supplier quality development by establishing basic requirements for a supplier to assure product quality. The ISO 9001 requirements could be tailored to meet specific contractual situations, depending on the complexity of the product, business type (design responsibility, manufacture only, distribution, servicing, etc.), and risk to the procurer. For example, the food industry combined the ISO 9000 series with HACCP as a single management system. [18] [19] If a chosen supplier was weak in the controls of their measurement equipment (calibration), and hence QC/inspection results, that specific requirement would be invoked in the contract. Adopting a single quality assurance requirement also leads to cost savings throughout the supply chain by reducing the administrative burden of maintaining multiple sets of quality manuals and procedures.
A few years later, the UK Government took steps to improve national competitiveness following the publication of a white paper on Standards, Quality and International Competitiveness, Cmd 8621, [20] and Third-Party Certification of Quality Management Systems was born under the auspices of the National Accreditation Council of Certification Bodies (NACCB), which has become the United Kingdom Accreditation Service (UKAS).
In addition to many stakeholders' benefits, several studies have identified significant financial benefits for organizations certified to ISO 9001, with an ISO analysis of 42 studies showing that implementing the standard enhances financial performance. [21] Corbett et al. showed that certified organizations achieved a superior return on assets [22] compared to otherwise similar organizations without certification. [23]
Heras et al. found similarly superior performance [23] and demonstrated that this was statistically significant and not a function of organization size. [24] Naveha and Marcus claimed that implementing ISO 9001 led to superior operational performance in the U.S. automotive industry. [25] Sharma identified similar improvements in operating performance and linked this to superior financial performance. [26] Chow-Chua et al. showed better overall financial performance was achieved for companies in Denmark. [27] Rajan and Tamimi (2003) showed that ISO 9001 certification resulted in superior stock market performance and suggested that shareholders were richly rewarded for the investment in an ISO 9001 system. [28]
While the connection between superior financial performance and ISO 9001 may be seen from the examples cited, there remains no proof of direct causation, though longitudinal studies, such as those of Corbett et al. (2005), [23] may suggest it. Other writers, such as Heras et al. (2002), [24] have indicated that while there is some evidence of this, the improvement is partly driven by the fact that there is a tendency for better-performing companies to seek ISO 9001 certification.
The mechanism for improving results has also been the subject of much research. Lo et al. (2007) identified operational improvements (e.g., cycle time reduction, inventory reductions) as following from certification. [29] Internal process improvements in organizations lead to externally observable improvements. [30] [31] The benefit of increased international trade and domestic market share, in addition to the internal benefits such as customer satisfaction, interdepartmental communications, work processes, and customer/supplier partnerships derived, far exceeds any and all initial investment. [32]
The increase in ISO 9001 certification is shown in the tables below.
2000 [33] | 2001 [33] | 2002 [33] | 2003 [33] | 2004 [34] | 2005 [34] | 2006 [34] | 2007 [34] |
---|---|---|---|---|---|---|---|
409,421 | 510,616 | 561,747 | 567,985 | 660,132 | 773,867 | 896,929 | 951,486 |
2008 [35] | 2009 [35] | 2010 [36] | 2011 [36] | 2012 [37] | 2013 [38] | 2014 [38] | |
982,832 | 1,064,785 | 1,118,510 | 1,111,698 | 1,096,987 | 1,126,460 | 1,138,155 |
Rank | Country | No. of certificates |
---|---|---|
1 | China | 342,801 |
2 | Italy | 168,960 |
3 | Germany | 55,363 |
4 | Japan | 45,785 |
5 | India | 41,016 |
6 | United Kingdom | 40,200 |
7 | Spain | 36,005 |
8 | United States | 33,008 |
9 | France | 29,122 |
10 | Australia | 19,731 |
Rank | Country | No. of certificates |
---|---|---|
1 | China | 297,037 |
2 | Italy | 138,892 |
3 | Russian Federation | 62,265 |
4 | Spain | 59,854 |
5 | Japan | 59,287 |
6 | Germany | 50,583 |
7 | United Kingdom | 44,849 |
8 | India | 33,250 |
9 | United States | 25,101 |
10 | Korea, Republic of | 24,778 |
Rank | Country | No. of certificates |
---|---|---|
1 | China | 257,076 |
2 | Italy | 130,066 |
3 | Japan | 68,484 |
4 | Spain | 59,576 |
5 | Russian Federation | 53,152 |
6 | Germany | 47,156 |
7 | United Kingdom | 41,193 |
8 | India | 37,493 |
9 | United States | 28,935 |
10 | Korea, Republic of | 23,400 |
The ISO 9000 series are based on seven quality management principles (QMP), [40] namely:
QMP 1 | Customer focus | Organizations depend on their customers and therefore should understand current and future customer needs, should meet customer requirements and strive to exceed customer expectations. |
QMP 2 | Leadership | Leaders establish unity of purpose and direction of the organization. They should create and maintain the internal environment in which people can become fully involved in achieving the organization's objectives. |
QMP 3 | Engagement of people | People at all levels are the essence of an organization and their full involvement enables their abilities to be used for the organization's benefit. |
QMP 4 | Process approach | A desired result is achieved more efficiently when activities and related resources are managed as a process. |
QMP 5 | Improvement | Improvement of the organization's overall performance should be a permanent objective of the organization. |
QMP 6 | Evidence-based decision making | Effective decisions are based on the analysis of data and information. |
QMP 7 | Relationship management | An organization and its external providers (suppliers, contractors, service providers) are interdependent and a mutually beneficial relationship enhances the ability of both to create value. |
Status | Published |
---|---|
Latest version | 5 Sep 2015 |
Organization | International Organization for Standardization |
Committee | ISO/TC 176/SC 2 Quality systems |
Series | ISO 9000 family |
Domain | Quality management systems |
Website | www |
ISO 9001:2015 Quality management systems — Requirements is a document of approximately 30 pages available from the national standards organization in each country. Only ISO 9001 is directly audited against for third-party assessment purposes.
Contents of ISO 9001:2015 are as follows:
Essentially, the layout of the standard is similar to the previous ISO 9001:2008 standard in that it follows the Plan, Do, Check, Act cycle in a process-based approach but is now further encouraging this to have risk-based thinking (section 0.3.3 of the introduction). The purpose of the quality objectives is to determine the conformity of the requirements (customers and organizations), facilitate effective deployment, and improve the quality management system. [41] [42]
Before the certification body can issue or renew a certificate, the auditor must be satisfied that the company being assessed has implemented the requirements of sections 4 to 10. Sections 1 to 3 are not directly audited against, but because they provide context and definitions for the rest of the standard, not that of the organization, their contents must be taken into account.
The standard no longer specifies that the organization shall issue and maintain documented procedures, but ISO 9001:2015 requires the organization to document any other procedures required for its effective operation. The standard also requires the organization to issue and communicate a documented quality policy, a quality management system scope, and quality objectives. The standard no longer requires compliant organizations to issue a formal Quality Manual. The standard does require the retention of numerous records, as specified throughout the standard. New for the 2015 release is a requirement for an organization to assess risks and opportunities (section 6.1) and to determine internal and external issues relevant to its purpose and strategic direction (section 4.1). The organization must demonstrate how the standard's requirements are being met, while the external auditor's role is to determine the quality management system's effectiveness. More detailed interpretation and implementation examples are often sought by organizations seeking more information in what can be a very technical area.
The International Organization for Standardization (ISO) does not certify organizations themselves. Numerous certification bodies exist that audit organizations and issue ISO 9001 compliance certificates upon success. Although commonly referred to as "ISO 9000" certification, the actual standard to which an organization's quality management system can be certified is ISO 9001:2015 (ISO 9001:2008 expired around September 2018). Many countries have formed accreditation bodies to authorize ("accredit") the certification bodies. Both the accreditation bodies and the certification bodies charge fees for their services. The various accreditation bodies have mutual agreements with each other to ensure that certificates issued by one of the accredited certification bodies (CB) are accepted worldwide. Certification bodies themselves operate under another quality standard, ISO/IEC 17021, [43] while accreditation bodies operate under ISO/IEC 17011. [44]
An organization applying for ISO 9001 certification is audited based on an extensive sample of its sites, functions, products, services, and processes. The auditor presents a list of problems (defined as "nonconformities", "observations", or "opportunities for improvement") to management. If there are no major nonconformities, the certification body issues a certificate. Where major nonconformities are identified, the organization presents an improvement plan to the certification body (e.g., corrective action reports showing how the problems will be resolved); once the certification body is satisfied that the organization has carried out sufficient corrective action, it issues a certificate. The certificate is limited by a particular scope (e.g., production of golf balls) and displays the addresses to which the certificate refers.
An ISO 9001 certificate is not a once-and-for-all award but must be renewed, in accordance with the requirements of ISO 17021, at regular intervals recommended by the certification body, usually once every three years. [45] There are no grades of competence within ISO 9001: either a company is certified (meaning that it is committed to the method and model of quality management described in the standard) or it is not. In this respect, ISO 9001 certification contrasts with measurement-based quality systems.
The ISO 9000 standard is continually being revised by standing technical committees and advisory groups, who receive feedback from those professionals who are implementing the standard.
Year | Edition of ISO 9001 |
---|---|
1987 | 1st Edition |
1994 | 2nd Edition |
2000 | 3rd Edition |
2008 | 4th Edition |
2015 | 5th Edition |
ISO 9000:1987 had the same structure as the UK Standard BS 5750, with three "models" for quality management systems, the selection of which was based on the scope of activities of the organization:
ISO 9000:1987 was also influenced by existing U.S. and other Defense Standards ("MIL SPECS"), and so was well-suited to manufacturing. The emphasis tended to be placed on conformance with procedures rather than the overall process of management, which was likely the actual intent.
ISO 9000:1994 emphasized quality assurance via preventive actions, instead of just checking final product, and continued to require evidence of compliance with documented procedures. As with the first edition, the down-side was that companies tended to implement its requirements by creating shelf-loads of procedure manuals, and becoming burdened with an ISO bureaucracy. In some companies, adapting and improving processes could actually be impeded by the quality management system.
ISO 9001:2000 replaced all three former standards of 1994 issues, ISO 9001, ISO 9002, and ISO 9003. Design and development procedures were required only if a company does, in fact, engage in the creation of new products. The 2000 version sought to make a radical change in thinking by actually placing front and center the concept of process management (the monitoring and optimization of a company's tasks and activities, instead of just inspection of the final product). The 2000 version also demanded involvement by upper executives in order to integrate quality into the business system and avoid delegation of quality functions to junior administrators. Another goal was to improve effectiveness via process performance metrics: numerical measurement of the effectiveness of tasks and activities. Expectations of continual process improvement and tracking customer satisfaction were made explicit.
ISO 9000 Requirements include:
ISO 9001:2008 in essence re-narrates ISO 9001:2000. The 2008 version only introduced clarifications to the existing requirements of ISO 9001:2000 and some changes intended to improve consistency with ISO 14001:2004. There were no new requirements. For example, in ISO 9001:2008, a quality management system being upgraded just needs to be checked to see if it is following the clarifications introduced in the amended version.
ISO 9001 is supplemented directly by two other standards of the family:
Other standards, like ISO 19011 and the ISO 10000 series, may also be used for specific parts of the quality system.
In 2012, ISO/TC 176 – responsible for ISO 9001 development – celebrated 25 years of implementing ISO 9001 [46] and concluded that it was necessary to create a new QMS model for the next 25 years. They subsequently commenced the official work on creating a revision of ISO 9001, starting with the new QM principles. This moment was considered by important specialists in the field as the "beginning of a new era in the development of quality management systems". [47] As a result of the intensive work from this technical committee, the revised standard ISO 9001:2015 was published by ISO on 23 September 2015. The scope of the standard has not changed; however, the structure and core terms were modified to allow the standard to integrate more easily with other international management systems standards. [48]
The new ISO 9001:2015 management system standard helps ensure that consumers can secure reliable, desired quality goods and services. This further increases benefits for a business. [49]
The 2015 version is also less prescriptive than its predecessors and focuses on performance. This was achieved by combining the process approach with "risk-based thinking", and employing the Plan-Do-Check-Act cycle at all levels in the organization. [50]
Some of the key changes include:
"Risk-based thinking" is seen as a development from a traditional approach to risk management, seen as the responsibility of a "risk manager", to an approach which sees risk management as "a fundamental way of thinking and decision making throughout [an] entire organization. [52] The ISO and the International Accreditation Forum (IAF) have issued joint guidance on auditing practices covering risk-based thinking. [53]
Two types of auditing are required to become registered to the standard: auditing by an external certification body (external audit) and audits by internal staff trained for this process (internal audits). The aim is a continual review and assessment process to verify that the system is working as it is supposed to, find out where it can improve, and correct or prevent identified problems. It is considered healthier for internal auditors to audit outside their usual management line to bring a degree of independence to their judgements. Supporting papers are provided by the ISO 9001 Auditing Practices Group. This is constituted as an informal group of quality management system (QMS) experts, auditors, and practitioners, drawn from the ISO Technical Committee 176 Quality Management and Quality Assurance (ISO/TC 176) and the International Accreditation Forum (IAF).
The ISO 9001 standard is generic; its parts must be carefully interpreted to make sense within a particular organization. Developing software is not like making cheese or offering counseling services, yet the ISO 9001 guidelines, because they are business management guidelines, can be applied to each of these. That being said there is no requirement to cite scientific or industrial guidelines/textbooks/journals. Diverse organizations—police departments (United States), professional soccer teams (Mexico), and city councils (UK)—have successfully implemented ISO 9001 systems.
Over time, various industry sectors have wanted to standardize their interpretations of the guidelines within their own marketplace. This is partly to ensure that their versions of ISO 9000 have their specific requirements, but also to try and ensure that more appropriately trained and experienced auditors are sent to assess them and even certify according to that interpretation.
This section possibly contains original research .(May 2013) |
The debate on the effectiveness of ISO 9000 commonly centers on the following questions:
The effectiveness of the ISO system being implemented depends on a number of factors, the most significant of which are:
Proper quality management can improve business, often having a positive effect on investment, market share, sales growth, sales margins, competitive advantage, and avoidance of litigation. [59] The quality principles in ISO 9000:2000 are also sound, according to Wade [60] and Barnes, who says that "ISO 9000 guidelines provide a comprehensive model for quality management systems that can make any company competitive". [61] Sroufe and Curkovic, (2008) found benefits ranging from registration required to remain part of a supply base, better documentation, to cost benefits, and improved involvement and communication with management. [59] According to the ISO, [62] the 2015 version of the standard brings the following benefits:
A common criticism of ISO 9000 and 9001 is the amount of money, time, and paperwork required for a complete implementation, and later, when needed, ISO 9001 certification. [11] Dalgleish cites the "inordinate and often unnecessary paperwork burden" of ISO, and says that "quality managers feel that ISO's overhead and paperwork are excessive and extremely inefficient". [63] The level of minimum documentation for a minimum scope organization has been greatly reduced,[ clarification needed ] going from ISO 9001:2000 to ISO 9001:2008 to ISO 9001:2015.[ citation needed ]
According to Barnes:
"Opponents claim that it is only for documentation. Proponents believe that if a company has documented its quality systems, then most of the paperwork has already been completed." [61]
Wilson suggests that ISO standards "elevate inspection of the correct procedures over broader aspects of quality", and therefore, "the workplace becomes oppressive and quality is not improved". [12]
One study showing reasons for not adopting this standard include the risks and uncertainty of not knowing if there are direct relationships to improved quality, and what kind and how many resources will be needed. Additional risks include how much certification will cost, increased bureaucratic processes and risk of poor company image if the certification process fails. [59] According to John Seddon, ISO 9001 promotes specification, control, and procedures rather than understanding and improvement. [13]
Wade argues that ISO 9000 is effective as a guideline, but that promoting it as a standard "helps to mislead companies into thinking that certification means better quality, ... [undermining] the need for an organization to set its own quality standards". [60] In short, Wade argues that reliance on the specifications of ISO 9001 does not guarantee a successful quality system.[ citation needed ]
The standard is seen as especially prone to failure when a company is interested in certification before quality. [13] Certifications are in fact often based on customer contractual requirements rather than a desire to actually improve quality. [61] [64] ISO's Roger Frost suggested:
"If you just want the certificate on the wall, chances are you will create a paper system that doesn't have much to do with the way you actually run your business." [64]
Certification by an independent auditor is often seen as the problem area, and according to Barnes, "has become a vehicle to increase consulting services". [61]
Dalgleish argues: "...[while] quality has a positive effect on return on investment, market share, sales growth, better sales margins, and competitive advantage,...taking a quality approach is unrelated to ISO 9000 registration." [65] In fact, ISO itself advises that ISO 9001 can be implemented without certification, simply for the quality benefits that can be achieved. [66]
Abrahamson argues that fashionable management discourse such as Quality Circles tends to follow a lifecycle in the form of a bell curve, possibly indicating a management fad. [67]
Dytz argues that ISO 9001 certification is based on 7 management principles and that companies are free to develop their internal tools and working methods, however, the model adopted to audit and certify companies does not evaluate the effectiveness of these methods. Even when there is still a superficial analysis of this effectiveness, mainly due to the time available to audit these companies, the certifications do not distinguish two companies with the same business model, with regard to their internal capacity and quality of management. [68]
Pickrell argues[ citation needed ] that ISO systems merely gauge whether the processes are being followed. It does not gauge how good the processes are or whether the correct parameters are being measured and controlled to ensure quality. Furthermore, when unique technical solutions are involved in the creation of a new part, ISO does not validate the robustness of the technical solution—a key part of advanced quality planning. It is not unheard of for an ISO-certified plant to display poor quality performance due to poor process selection and/or poor technical solutions.[ citation needed ]
Lastly, the standard itself is proprietary, and not open to inspection by the general public.[ citation needed ]
ISO 9001 certification has a three-year validity period. At the end of this period, every certified organization must renew its certificate. Not all organizations are successful in their renewal. Some organizations are not able to renew the certificate, because they do not conform to all requirements, and others simply decide not to renew the certificate. [69] There are several reasons why an organization may lose or decide not to renew its ISO 9000 certification:
According to the latest data made available by ISO, approximately 60,000 organizations lose the certification every year. [69] [72] [75] Given that there are approximately 1,000,000 certified organizations worldwide, and that 1/3 of these (approx. 333,333) must renew the certificate every year, the yearly average propensity for ISO 9001 withdrawal can be estimated roughly at 18% (60,000/333,333). [75] The propensity of a given organization to lose its certification can be estimated, depending on several factors specific to the organization:
A quality management system (QMS) is a collection of business processes focused on consistently meeting customer requirements and enhancing their satisfaction. It is aligned with an organization's purpose and strategic direction. It is expressed as the organizational goals and aspirations, policies, processes, documented information, and resources needed to implement and maintain it. Early quality management systems emphasized predictable outcomes of an industrial product production line, using simple statistics and random sampling. By the 20th century, labor inputs were typically the most costly inputs in most industrialized societies, so focus shifted to team cooperation and dynamics, especially the early signaling of problems via a continual improvement cycle. In the 21st century, QMS has tended to converge with sustainability and transparency initiatives, as both investor and customer satisfaction and perceived quality are increasingly tied to these factors. Of QMS regimes, the ISO 9000 family of standards is probably the most widely implemented worldwide – the ISO 19011 audit regime applies to both and deals with quality and sustainability and their integration.
The ISO 14000 family is a set of international standards for environment management systems. It was developed in March 1996 by International Organization for Standardization. The goal of it is help organizations (a) minimize how their operations negatively affect the environment ; (b) comply with applicable laws, regulations, and other environmentally oriented requirements; and (c) continually improve in the above.
Quality management ensures that an organization, product or service consistently functions well. It has four main components: quality planning, quality assurance, quality control, and quality improvement. Quality management is focused both on product and service quality and the means to achieve it. Quality management, therefore, uses quality assurance and control of processes as well as products to achieve more consistent quality. Quality control is also part of quality management. What a customer wants and is willing to pay for it, determines quality. It is a written or unwritten commitment to a known or unknown consumer in the market. Quality can be defined as how well the product performs its intended function.
ISO/IEC 20000 is the international standard for IT service management. It was developed in 2005 by ISO/IEC JTC1/SC7 and revised in 2011 and 2018. It was originally based on the earlier BS 15000 that was developed by BSI Group.
ISO/IEC 17025General requirements for the competence of testing and calibration laboratories is the main standard used by testing and calibration laboratories. In most countries, ISO/IEC 17025 is the standard for which most labs must hold accreditation in order to be deemed technically competent. In many cases, suppliers and regulatory authorities will not accept test or calibration results from a lab that is not accredited. Originally known as ISO/IEC Guide 25, ISO/IEC 17025 was initially issued by ISO/IEC in 1999. There are many commonalities with the ISO 9000 standard, but ISO/IEC 17025 is more specific in requirements for competence and applies directly to those organizations that produce testing and calibration results and is based on more technical principles. Laboratories use ISO/IEC 17025 to implement a quality system aimed at improving their ability to consistently produce valid results. Material in the standard also forms the basis for accreditation from an accreditation body.
Aero Space 9100 is an international standard for aerospace management systems that is a widely adopted and standardized quality management system for the aerospace sector. It was released in 1999 by Society of Automotive Engineers.
International Automotive Task Force 16949 is an international standard for automotive management systems that is a widely adopted and standardized quality management system for the automotive sector. It was released in 1999 by International Organization for Standardization based on ISO 9001, and the first edition was published in June 1999 as ISO/TS 16949:1999. IATF 16949:2016 replaced ISO/TS 16949 in October 2016 by International Automotive Task Force. The goal of it is provides for continual improvement, emphasizing defect prevention and the reduction of variation and waste in the automotive industry supply chain and assembly process.
ISO 22000 is a food safety management system by the International Organization for Standardization (ISO) which is outcome focused, providing requirements for any organization in the food industry with objective to help to improve overall performance in food safety. These standards are intended to ensure safety in the global food supply chain. The standards involve the overall guidelines for food safety management and also focuses on traceability in the feed and food chain.
ISO 13485Medical devices -- Quality management systems -- Requirements for regulatory purposes is a voluntary standard, published by International Organization for Standardization (ISO) for the first time in 1996, and contains a comprehensive quality management system for the design and manufacture of medical devices. The latest version of this standard supersedes earlier documents such as EN 46001 and EN 46002 (1996), the previously published ISO 13485, and ISO 13488.
The British Standards Institution (BSI) is the national standards body of the United Kingdom. BSI produces technical standards on a wide range of products and services and also supplies standards certification services for business and personnel.
An environmental audit is a type of evaluation intended to identify environmental compliance and management system implementation gaps, along with related corrective actions. In this way they perform an analogous (similar) function to financial audits. There are generally two different types of environmental audits: compliance audits and management systems audits. Compliance audits tend to be the primary type in the US or within US-based multinationals.
In business, engineering, and manufacturing, quality – or high quality – has a pragmatic interpretation as the non-inferiority or superiority of something ; it is also defined as being suitable for the intended purpose while satisfying customer expectations. Quality is a perceptual, conditional, and somewhat subjective attribute and may be understood differently by different people. Consumers may focus on the specification quality of a product/service, or how it compares to competitors in the marketplace. Producers might measure the conformance quality, or degree to which the product/service was produced correctly. Support personnel may measure quality in the degree that a product is reliable, maintainable, or sustainable. In such ways, the subjectivity of quality is rendered objective via operational definitions and measured with metrics such as proxy measures.
ISO 31000 is a family of international standards relating to risk management codified by the International Organization for Standardization. The standard is intended to provide a consistent vocabulary and methodology for assessing and managing risk, resolving the historic ambiguities and differences in the ways risk are described.
ISO 28000:2022, Security and resilience – Security management systems – Requirements, is a management system standard published by International Organization for Standardization (ISO) that specifies requirements for a security management system including aspects relevant to the supply chain.
ISO 10007 "Quality management — Guidelines for configuration management" is the ISO standard that gives guidance on the use of configuration management within an organization. "It is applicable to the support of products from concept to disposal." The standard was originally published in 1995, and was updated in 2003 and 2017. Its guidance is specifically recommended for meeting "the product identification and traceability requirements" introduced in ISO 9001:2015 and AS9100 Rev D.
Nigel Howard Croft is a globally recognized authority on quality management and conformity assessment. He retired as Chairman of the ISO Joint Technical Coordination Group for Management System Standards in December 2023 after serving a three-year term, having been appointed by ISO's Technical Management Board in December 2020. During his tenure, he coordinated the deployment of the ISO London Declaration on Climate Action into all ISO Management System Standards, requiring organizations that implement these standards to determine the extent to which climate change can affect their results and the ways in which their activities can have a impact on climate change. This can then lead to the implementation of risk-based adaptation and mitigation strategies. Dr Croft was previously Chair of the ISO Technical Committee TC 176/SC 2 from February 2010 until December 2018, with overall responsibility for the ISO 9001 standard, used worldwide as a basis for certification of quality management systems, and the ISO 9004 guidelines standard aimed at improving organisational performance, among others. In 2019 and 2020 he led the revision of "Annex SL" of the ISO Directives, that forms the basis for over 40 management system standards including those on environmental management, Occupational Health and Safety, Information Security, Anti-bribery, Food Safety, Artificial Intelligence and many more.
DQS Holding GmbH based in Frankfurt am Main is the holding company of the worldwide DQS Group. The group provides assessments and certifications of management systems and processes of any type.
ISO 50001Energy management systems - Requirements with guidance for use, is an international standard created by the International Organization for Standardization (ISO). It supports organizations in all sectors to use energy more efficiently through the development of an energy Management System. The standard specifies the requirements for establishing, implementing, maintaining, and improving an energy management system, whose purpose is to enable an organization to follow a systematic approach in achieving continual improvement of energy performance, including energy efficiency, energy security, energy use, and consumption.
Environmental certification is a form of environmental regulation and development where a company can voluntarily choose to comply with predefined processes or objectives set forth by the certification service. Most certification services have a logo which can be applied to products certified under their standards. This is seen as a form of corporate social responsibility allowing companies to address their obligation to minimise the harmful impacts to the environment by voluntarily following a set of externally set and measured objectives.
ISO/IEC 27001 is an international standard to manage information security. The standard was originally published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in 2005, revised in 2013, and again most recently in 2022. There are also numerous recognized national variants of the standard. It details requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS) – the aim of which is to help organizations make the information assets they hold more secure. Organizations that meet the standard's requirements can choose to be certified by an accredited certification body following successful completion of an audit. A SWOT analysis of the ISO/IEC 27001 certification process was conducted in 2020.