The ISO 9000 group of standards promote quality standards across a wide variety of disciplines. Although it was originally designed for use in manufacturing, it is now used in several areas, including software development. Administered by the International Organization for Standardization (ISO), it encompasses procedures for all business processes and methodologies for monitoring those processes, record keeping, defect tracking, periodic review, and continuous improvement.
There are several standards within the ISO 9000 group, but ISO 9001 is the one most often referred to. ISO 9001 in particular states the requirements necessary for quality management systems. There is an independent process for auditing and certifying an organization for compliance with ISO 9001; this process certifies that the processes stated within the standard are being used by the certified company. Consumers purchasing products from a company may see the ISO 9001 certification as an advantage and may make their buying decisions based on the existence of this certification.
The standard has a set of six documents that are mandatory; these are Control of Documents, Control of Records, Internal Audits, Control of Nonconforming Product/Service, Corrective Action, and Preventive Action. Also required are a Quality Policy and a Quality Manual.
The basics of ISO 9000 certification includes the creation of a Quality Policy, documentation of all processes, and the implementation of solid performance metrics. A Quality Policy is a formal document that is created as part of the ISO 9000 process. This policy document should be understood and distributed throughout the organization at all levels, so that it is universally followed. Furthermore, the policy should be monitored to ensure that all employees are following it. Ideally, a Quality Policy should not be entirely subjective and should dictate objectives that include solid metrics that need to be achieved.
Every organization has a certain level of informal, institutional knowledge throughout all levels. This informal knowledge is often undocumented, and as a result, when there is a staff turnover, some of that institutional knowledge may be lost. This is unfortunately a very common problem within many organizations, and the natural tendency of employees is often to resist documenting procedures and cross-training.
However, doing so will naturally result in a higher level of quality and uniformity, and part of the ISO 9001 process is thorough documentation of all processes across all levels of the organization. Furthermore, these documents should be widely available and updated regularly.
To say that a process or procedure is “working” is inadequate. Solid metrics need to be assigned to every process so that performance can be more readily evaluated. Subjective analysis that yields comments like “doing well” or “everything’s working fine” do very little in terms of giving management real information that is actionable. Towards this end, performance and goals should be monitored and assigned very specific goals.
Once metrics are in place, both internal and external audits are carried out on a regular basis. These audits serve two purposes. First, they verify compliance with the standard; and second, they identify areas that can be improved.
ISO 9000 certification is often a key component of ongoing quality assurance. Although formal certification may be costly, the advantages are many. In addition to helping an organization achieve higher levels of quality, there is also a distinct marketing advantage in being able to claim the ISO 9000 designation.