ISO 9000 is a series of quality management systems standards created by the
International Organization for Standardization (ISO), a federation of 132 national
standards bodies. The ISO 9000 quality management systems (QMS) standards are
not specific to products or services, but apply to the processes that create them.
The standards are generic in nature so that they can be used by manufacturing
and service industries anywhere in the world. First released in 1987 and revised
in a limited manner in 1994, they underwent a major overhaul in 2000.
The most important revised standard, ISO 9001:2000, uses a simple process-based
structure, which is more generic than the old 20-element structure of ISO 9001:1994,
is consistent with the plan-do-check improvement cycle used in the ISO 14000 environmental
management systems standards, and adopts the process management structure widely
used in business today. ISO 9001:2000 addresses an organizationís quality management
system requirements, in order to demonstrate its capability to meet customer requirements,
and applies to all generic product categories, such as hardware, software, processed
materials and services.
ISO 9001:2000 registration gives the organization the benefit of an objectively
evaluated and enforced quality management system. It is a tangible expression
of a firmís commitment to quality that is internationally understood and accepted.
ISO 9001:2000 registration is carried out by registrars, accredited organizations
that review the organizationís quality manual and other documentation to ensure
that they meet the standard, and audit the firmís processes to ensure that the
quality management system described in the documentation is in place and is effective.
ISO 14000, released in 1996, is a global series of environmental management
systems (EMS) standards, providing a framework for organizations to demonstrate
their commitment to environmental responsibility.
An EMS enables an organization to control the environmental aspects and impacts
of its activities, products and services by establishing targets and objectives
related to identified environmental management goals. Once implemented, an EMS
will improve compliance with legislative and regulatory requirements, reduce exposure
to liability, prevent pollution, reduce waste and create a more positive public
Organizations that register to ISO 14001, the most important of the ISO 14000
standards, demonstrate sound environmental management practices, are able to prevent
environmental disasters and government sanctions, and experience fewer regulatory
audits by correcting environmental problems. ISO 14000 supporting documents include
environmental labeling, life-cycle assessment, environmental aspects in product
standards, and environmental performance evaluation.
ISO/TS 16949 is the international automotive quality management systems (QMS)
standard, released in 1999 and revised in 2002 to align with ISO 9001:2000. This
standard combines ISO 9001:2000 with automotive sector-specific requirements from
the American QS-9000, German VDA 6.1, French EAQF and Italian AVSQ quality standards.
British and Japanese automakers also contributed to its development.
ISO/TS 16949 applies to all internal and external suppliers of production or
service parts; production materials; and heat treating, painting, plating or other
finishing services directly relating to original equipment manufacturer (OEM)
customers. International automotive suppliers no longer have to satisfy multiple
national automotive quality standards, which were often contradictory and led
to redundant audits.
Each participating automaker has customer-specific requirements for unique
and specific product needs that could not be harmonized. Applicable customer-specific
requirements are audited as part of ISO/TS 16949 registration and the particular
automaker(s) are listed on the supplierís registration certificate.
The TE (Tooling and Equipment) Supplement to QS-9000, released in 1996, sets
forth quality system requirements for Big Three tooling and equipment suppliers.
Developed by the Chrysler/Ford/General Motors Supplier Requirements Task Force,
it fully embraces ISO 9001:1994, includes many of the QS-9000 sector-specific
requirements, and contains sector- and customer-specific requirements for manufacturers
of tools, dies, molds, plating, robotics and assembly, along with some coolants
Big Three tooling and equipment suppliers must conform to the TE Supplement.
Chrysler has mandated that its tooling and equipment suppliers register to this
VDA 6.1, released in 1991, is the quality system standard of the German automobile
industry. It was developed by the Verbrand der Automobilindustrie e.V. (VDA),
with input from major manufacturers and suppliers.
The majority of VDA 6.1 is based on the ISO 9000 quality management systems
standards, but is organized into a distinct set of elements in two areas: Management,
and Product and Process. These elements incorporate portions of the ISO 9001:1994
quality system model and the ISO 9004-1 quality system guidelines, along with
automotive sector-specific requirements.
VDA 6.1 has also incorporated requirements from QS-9000 and the French EAQF
automotive quality standard. In addition, suppliers with design responsibility
must comply with German Road Traffic Law.
This standard affects companies that manufacture or supply components and other
products to such German automotive manufacturers as Volkswagen, Audi, Mercedes-Benz,
BMW, Porsche, Adam Opel and Ford-Were.
The Volkswagen Group, consisting of Volkswagen, Audi, Seat and Skoda, requires
all of its production and service parts suppliers to register to VDA 6.1.
OHSAS 18001, developed by a group of European standards bodies, is an occupational
health and management systems (OHSMS) standard designed to create a safer workplace.
OHSAS 18001 contains requirements in such areas as planning, risk assessment and
hazard identification, consultation and communication, operational control, emergency
preparedness and response, and accidents and incidents.
OHSAS 18001 is ideal for a company that wants to make occupational health and
safety a priority; reduce liability, workersí compensation and medical treatment
costs; eliminate or minimize workplace injuries, and increase employee productivity;
and decrease absenteeism and lost work hours by preventing injuries and accidents.
Debate over the International Organization for Standardization (ISO) developing
an OHSMS standard continues. ISO may revisit the matter in the future, with OHSAS
18001 offering a possible framework for such a standard.
Hazard Analysis of Critical Control Points (HACCP)
Hazard Analysis of Critical Control Points (HACCP), enforced by such agencies
as the US Department of Agriculture's Food and Safety Inspection Service (FSIS)
and the Food and Drug Administration (FDA), is a scientific process control system
for eliminating contaminants at critical areas in the food production and distribution
HACCP helps to prevent, as close to 100 percent as possible, harmful contamination
in the food supply. To ensure safer food, HACCP requires the following seven principles
to be followed:
- Conduct a hazard analysis
- Identify critical control points (CCPs)
- Establish critical limits for CCPs
- Establish monitoring procedures
- Establish corrective actions
- Establish verification procedures
- Establish record keeping procedures
HACCP requirements, endorsed by the United Nations Codex Alimentarius, European
Union, Canada, Australia, New Zealand and Japan, apply to meat, seafood and poultry
plants; grocery stores; restaurants; and other food processing and handling facilities.
AS9100, released in 1999 and revised in 2001 to align with ISO 9001:2000, is
the international ISO 9000 derivative for suppliers to the aerospace industry.
AS9100 takes the ISO 9001:2000 quality management systems standard covering every
step and department of the manufacturing process, and inserts aerospace industry-specific
requirements. AS9100 also addresses flowdown of aerospace prime contractorsí quality
management system requirements to suppliers and their subcontractors. Flowdown
includes specifications for parts or assembly designs, characteristics, inspections,
and other process functions and product features.
The prime aerospace contractors consider AS9100 a major step in the history
of quality management in the aerospace field. Government agencies, such as the
Defense Department and the Federal Aviation Administration (FAA), also support
AS9100, though suppliers still have to meet additional federal requirements. The
major difference is a drop in compliance costs and time for suppliers, due to
the elimination of multiple audited governmental standards. This industry-generated
standard also takes the place of programs the government has dropped.
AS9100 is designed to reduce defects in the supplier chain, continually improve
quality and boost customer satisfaction. By becoming registered to AS9100 and
ISO 9000, companies dealing with aerospace prime contractors and the government
enjoy a competitive advantage. The regulatory burden is lightened, so suppliers
can spend more time improving the manufacturing process in an industry that puts
a top priority on safety and quality.
The CE Marking is required to sell any product manufactured or distributed
under European Union (EU) New Approach Directives in the European Economic Area
(EEA). The EEA consists of the 27-nation EU. In addition, Switzerland, although part of
European Free Trade Association (EFTA), is not part of EEA. The other 3 non-EU countries in EFTA, Liechtenstein, Iceland and Norway, are members of the EEA.
The New Approach Directives, designed to eliminate technical barriers to trade
in Europe, set product safety technical requirements. The most important of these
apply to medical devices. Other directives include low voltage, simple pressure
vessels, toys, construction products, electromagnetic compatibility, machinery,
personal protection equipment, telecom terminal equipment, boilers, explosives
and recreational craft.
The CE Marking is affixed to products after they are successfully tested for
conformity to applicable directives.
Current Good Manufacturing Practices (CGMP)
Manufacturers of medical devices that plan to distribute products in the U.S.
are required to adhere to Food and Drug Administration (FDA) Current Good Manufacturing
Practices (CGMP), under which the company must establish a quality assurance program
and its medical devices must meet specifications and controls to guarantee they
are safe and effective for intended use.Ē
CGMP covers quality assurance programs and organization, buildings, equipment,
components, production and process controls, packaging and label control, distribution
and installation, device evaluation and records.
The FDA monitors medical device problem data and inspects the operations and
records of device manufacturers to determine CGMP quality assurance compliance.
ISO/IEC 17025, released in 1999, contains all the requirements that testing
and calibration laboratories must meet to demonstrate that they operate quality
management systems (QMS), are technically competent and can generate technically
valid results. All ISO 9000 requirements that are relevant to the scope of testing
and calibration laboratory QMS have been incorporated into ISO/IEC 17025, along
with technical competency requirements.
ISO/IEC 17025 covers such matters as quality system; personnel; document control;
review of requests, tenders and contracts; subcontracting of tests and calibrations;
purchasing services and supplies; services to the client; control of records;
internal audits; accommodation and environmental conditions; test and calibration
methods and method validation; equipment; measurement traceability; sampling;
handling of test and calibration items; and reporting the results.
ISO/IEC 17025 accreditation is a more thorough process than ISO 9000 registration
because it recognizes a laboratoryís competence to produce technically valid results
as well as its QMS conformance. When a laboratory is part of a larger facility,
ISO/IEC 17025 accreditation can occur at the same time as ISO 9000, QS-9000 or
ISO/TS 16949 registration if the auditor is working for both an accreditation
body and a registrar.
BS 7799, developed by the British Standards Institution (BSI), provides a comprehensive
set of information security management systems (ISMS) controls, which apply to
information systems used by organizations in industry and commerce, including
information processing technology in the area of networks and communications.
There are two parts to the standard. BS 7799-2 is a specification standard
that sets ISMS requirements that can be implemented, audited and used for registration.
BS 7799-1 is a guidance document that is the basis for the international information
security guidance standard, ISO/IEC 17799.
The standard covers such areas as document control, security policy and organization,
asset classification and control, physical and environmental security, communications
and operations management, access control and compliance with legal requirements.
Organizations seeking BS 7799 registration must assess security risks, select
controls and develop guidelines.
TL 9000, released in 1999 and revised in 2001 to align with ISO 9001:2000,
is the telecommunications industry derivative of ISO 9000. This standard harmonizes
telecommunications quality management system (QMS) requirements for the design,
development, production, delivery, installation and maintenance of hardware, software
products, and services. Conformance to TL 9000 decreases time to market and improves
the total cost of ownership throughout the supply chain.
TL 9000ís structure contains five levels of QMS requirements and measurements.
They are ISO 9001:2000; common telecommunications industry quality system requirements
(QSRs); hardware, software and services specific QSRs; common telecommunications
industry measurements; and hardware, software and services specific quality system
TL 9000ís telecommunications sector-specific QSRs are divided into six categories
and marked accordingly: common (C), hardware (H), software (S), services (V),
hardware and software (HS), and hardware and services (HV). There are no services
and software (VS) elements. A supplier is only required to implement the additional
elements that fit its scope of operations. Only a hardware and software company
that offers a service must implement all sector-specific requirements.
TL 9000 breaks ground by establishing cost and performance based measurements
that measure the reliability and quality performance of hardware, software and
services. These performance measurement tools are important from the customerís
point of view and include hardware return rates, system outages, number of problem
reports, software update quality, on-time delivery, invoice accuracy, and the
efficiency and level of success of the supplierís business processes and activities.
TL 9000 registration may encompass an entire company, an organizational unit,
a combination of units, several facilities, an individual facility, or a limited
and defined product line. The registration scope may be for hardware, software,
services or any combination thereof.
Social Accountability (SA) 8000, released in 1997, is the first international
standard dealing with the workplace environment. It requires employers to pay
wages sufficient to meet workers' basic needs, provide a safe working environment,
not employ child or forced labor, and not force employees to regularly work more
than 48 hours a week. Other SA 8000 elements address health issues, freedom of
association, discrimination, disciplinary practices and management.
Developed by the nonprofit Council on Economic Priorities Accreditation Agency
(CEPAA), with the assistance of a wide range of business, industry, labor, human
rights, certification and audit experts, and based on several existing international
human rights standards, including the United Nations Universal Declaration of
Human Rights and the Convention on the Rights of the Child, SA 8000 provides a
means to improve working conditions and meet the social challenges of economic
SA 8000 certification enables a company to project a positive image and good
reputation to clients, employees, suppliers, shareholders and consumers. This
standard gives the general public confidence in the ethical production of the
products they buy, contains mechanisms for continuous improvement and provides
a marketing edge with better labor practices. Enforcing humane conditions in factories
may also lead to higher quality products on the market.
ISO/IEC 15408, released in 1999, is the first international information technology
security evaluation criteria standard, defining Common Criteria (CC) used to evaluate
security properties of information technology (IT) products and systems, such
as operating systems, computer networks, distributed systems, applications and
other hardware, firmware and software.
These requirements apply to both security functions of IT products and systems,
and assurance measures used during security evaluation and validation. The CC
can also be used as a guide by IT consumers, developers and evaluators in developing
or procuring products or systems with IT security functions.
During a security evaluation or validation, an IT product or system is known
as a Target of Evaluation (TOE). A set of security requirements and specifications
used to evaluate or validate a TOE is a developer Security Target (ST). An implementation-independent
set of security requirements for a category of TOEs that meet specific consumer
needs is a user Protection Profile (PP). Evaluation and validation is an assessment
of a PP, ST or TOE against CC security requirements.
The ISO/IEC 15408 CC is implemented in the U.S. by the National Information
Assurance Partnership (NIAP) Common Criteria Evaluation and Validation Scheme
(CCEVS), which sets standards; monitors the quality of evaluations; and assures
that the Common Evaluation Methodology (CEM), which addresses evaluation methodology
and procedures, is used consistently across government-accredited, product testing
and evaluation facilities.
Information technology security evaluations are conducted by Common Criteria
Testing Laboratories (CCTLs), commercial testing laboratories accredited by National
Voluntary Laboratory Accreditation Program (NVLAP), approved by the NIAP Validation
Body and placed on the NIAP Approved Laboratories List
Supply Chain Management
Supply Chain Management recognizes that competition is now across supply chains,
not individual companies. A supply chain is the network of companies linked together
in supplier to customer relationships across a product life cycle from raw material
to final consumption. Supply Chain Management integrates every aspect of product
development and design, producing competitive advantages throughout the product
Supply Chain Management optimizes and synchronizes material, process, information
and cash flow from raw material to final consumption, while driving out excess
inventory and unnecessary costs. The right product gets delivered to the right
place, at the right time and at the right price.
Any organization in the supply chain network can initiate a supply chain program
and realize benefits. However, the closer a company is to the final customer,
the better it is positioned to lead a Supply Chain Management program.
Six Sigma is a statistically oriented approach to process improvement, designed
to reach a quality level of less than 3.4 Defects Per Million Opportunities (DPMO)
for Critical-To-Quality (CTQ) characteristics in a manufacturing or service process.
Achieving this Six Sigma level reduces the cost of defects from 20-30 percent
to 1 percent of revenues. There is a reduced need for testing and inspection,
costs go down, cycle time decreases and customer satisfaction goes up as companies
are able to deliver the highest quality product, on time and at the right price.
Six Sigma uses a variety of tools, including Statistical Process Control (SPC),
Total Quality Management (TQM) and Design of Experiments (DOE). It can be coordinated
with other major initiatives and systems, such as new product development, Materials
Requirement Planning (MRP) and Just-In-Time (JIT) Inventory Control.