The quality world is entranced by ISO9001 and certification, almost essential in western business, and it employs many in compliance auditing. Even first and second party audits focus on compliance. Inspection is frequently reduced to pass or fail judgements. But is that the only way to think, or even the best way?
I’ve previously written about different types of audit and, with the renewed interest in ISO9001 with its 2015 update, I think it’s time to remind ourselves that it’s only an assessment standard, not the Holy Grail of management systems. It’s not a management system, nor a model of one. It shouldn’t be used as a template when designing a system, either…
When first released to the world as BS5750:1979 (Parts 1, 2 and 3) it was as a benchmark for use by purchasers assessing their suppliers. Until then, each purchaser/auditor had to develop their own standards of what was required and acceptable. This meant suppliers were faced with multiple and, often, contrary requirements. BS5750 gave everyone a common playbook and suppliers could start to plan systems that could meet everyone’s needs. However, it was not a standard for the system – just a standardised set of requirements the system should meet.
Bear in mind, too, that it was used by purchasers who knew what they needed from suppliers and could focus on what was key, ignoring what didn’t matter to them. Nowadays, ISO9001 is primarily used by third parties who have no knowledge of what may be critical for purchasers so they have to treat everything as critical; even aspects that are of little interest to any of its customers have to be addressed by each supplier.
I’m not saying ISO9001 is bad, irrelevant or wrong. It’s a valuable document that sets down the minimum standard for systems being assessed. But note: it’s the “minimum”, not the ultimate – organisations need to design and run a management system that meets the needs of itself in order to satisfy its stakeholders – customers, employees, owners, regulators, etc. ISO9001 provides a baseline of commonly agreed external expectations but that’s as far as it goes.
I like analogies so think of somebody learning to drive. They need to pass a driving test but everyone recognises that only checks a critical subset of skills – it establishes a minimum competence to be let loose on the road but doesn’t guarantee a good driver.