Frequently Asked Questions (FAQ's)  


In developing this list of Frequently Asked Questions (FAQ's), input has been obtained from experts and users of the ISO 9000 standards from around the world. The list will be reviewed and updated on a regular basis to maintain its accuracy, and to include new questions where appropriate.  It is intended that this list will also provide a good source of information for new users of the standards.

What is ISO?

The International Organization for Standardization (ISO) was established in 1947 and is (currently) an association of approximately 149 National Standards Bodies, which each represent their own country. ISO employs a system of Technical Committees, Sub-committees and Working Groups to develop International Standards. Besides the National Standards Bodies, ISO permits other international organizations that develop standards to participate in its work, by accepting them as Liaison members. ISO works in accordance with an agreed set of rules of procedure, the ISO/IEC Directives, which also include requirements on the presentation of standards. For further details please refer to ISO's own web site at http://www.iso.org
[FAQ 001, April 2004]

Who are the National Standards Bodies, and who represents my country at ISO?

Please use the link on ISO's web site that gives details, including contact information, of the National Standards Bodies: http://www.iso.org/iso/en/aboutiso/isomembers/index.html
[FAQ 002, April 2004]

What are the ISO 9000 standards ?

The ISO 9000 standards are a collection of formal International Standards, Technical Specifications, Technical Reports, Handbooks and web based documents on Quality Management and Quality Assurance. There are approximately 25 documents in the collection altogether, with new or revised documents being developed on an ongoing basis.

(It should be noted that many of the International Standards are numbered in the ISO 10000 range.)
[FAQ 003, April 2004]

Who is responsible for developing the ISO 9000 standards?

ISO Technical Committee (TC) number 176 (ISO/TC 176), and its Sub-committees, are responsible for the development of the standards. The work is conducted on the basis of "consensus" among quality and industry experts nominated by the National Standards Bodies, representing a wide range of interested parties.
[FAQ 004, April 2004]
 
Where can copies of the standards be obtained?

Copies of the standards may be purchased from your National Standards Body, or from ISO itself (sales@iso.org). Many National Standards Bodies have them available in local-language versions.
[FAQ 005, April 2004]
 
Where can information be obtained on the ISO 9000 standards?

There are a number of sources of information on the ISO 9000 quality management system standards, including this web site and ISO's web site, which carry information on the standards.  Your National Standards Body should be able to provide copies of the standards, and registrars/certification bodies will be able to provide guidance on registration arrangements.
[FAQ 006, April 2004]
 
Where should an organization go if it needs clarification or interpretation of the standards?
.
The starting point for an interpretation should be with your National Standards Body. ISO Central Secretariat and ISO/TC 176 cannot accept direct requests from individuals for interpretations of the ISO 9000 standards. Instead, ISO/TC 176 has established a Working Group for interpretation, with a formal procedure to provide answers to the questions that are forwarded by the National Standards Bodies. Details of agreed interpretations are now being published on the ISO/TC 176 web site at http://www.tc176.org.
[FAQ 007, April 2004]

What happened to the 1994 editions of ISO 9001, ISO 9002 and ISO 9003?

Following extensive consultation with users and National Standards Bodies, it was agreed that the 1994 editions of ISO 9001, ISO 9002 and ISO 9003 should be consolidated into a single revised document, which is now represented by ISO 9001:2000.
[FAQ 008, April 2004]

What are the main benefits to be derived from implementing an ISO 9000 quality management system?

The ISO 9000 standards give organizations an opportunity to increase value to their activities and to improve their performance continually, by focusing on their major processes. The standards place great emphasis on making quality management systems closer to the processes of organizations and on continual improvement.  As a result, they direct users to the achievement of business results, including the satisfaction of customers and other interested parties.

The management of an organization should be able to view the adoption of the quality management system standards as a profitable business investment, not just as a required certification issue.

Among the perceived benefits of using the standards are:

-          the use of the Quality Management Principles

-          the adoption of a "process approach"

-          emphasis of the role of top management

-          requirements for the establishment of measurable objectives at relevant functions and levels

-          being orientated toward "continual improvement" and "customer satisfaction", including the monitoring of information on "customer satisfaction" as a measure of system performance.

-          measurement of the quality management system, processes, and product

-          consideration of statutory and regulatory requirements.

-          attention to resource availability

The concept of organizational self-assessment as a driver for improvement (see ISO 9004:2000)
[FAQ 009, April 2004]

What benefits are there to an organization implementing ISO 9004?

If a quality management system is appropriately implemented, utilizing the eight Quality Management Principles, and in accordance with ISO 9004, all of an organization's interested parties should benefit. For example:

Customers and users will benefit by receiving the products (see ISO 9000:2000) that are:

People in the organization will benefit by:

Owners and investors will benefit by:

Suppliers and partners will benefit by:

Society will benefit by:

[FAQ 010, April 2004]

Are the standards compatible with national quality award criteria?

The standards are based on 8 Quality Management Principles, which are aligned with the philosophy and objectives of most quality award programs. These principles are:

ISO 9004:2000 recommends that organizations perform self-assessments as part of their management of systems and processes, and includes an annex giving guidance on this approach. This is similar to many quality awards programmes.

[FAQ 011, April 2004]
 
Do the standards address financial issues?

Financial issues are not directly addressed in ISO 9001:2000, but may be inferred though the requirements for the provision of resources. ISO 9004:2000 gives guidance that emphasizes the financial resources needed for the implementation and improvement of a quality management system. ISO/TR 10014:1998 "Guidelines for managing the economics of quality" also gives further guidance.
[FAQ 012, April 2004]
 
How will implementation of the standards help an organization to improve its efficiency?

ISO 9001:2000 aims at guaranteeing the effectiveness (but not necessary the efficiency) of an organization.  For improved organizational efficiency, however, the best results can be obtained by using the guidance given in ISO 9004:2000 in addition to ISO 9001:2000.  Additionally, the guiding Quality Management Principles are intended to assist an organization in continual improvement, which should lead to efficiency throughout the organization.
[FAQ 013, April 2004]
 
Why is the requirement for monitoring "customer satisfaction" included in ISO 9001?

"Customer satisfaction" is recognized as one of the driving criteria for any organization. In order to evaluate if a product meets customer needs and expectations, it is necessary to monitor the extent of customer satisfaction. Improvements can be made by taking action to address any identified issues and concerns.
[FAQ 014, April 2004]
 
Can the standards improve "customer satisfaction"?

The quality management system details that are described in the standards are based on Quality Management Principles that include the "process approach" and "customer focus".  The adoption of these principles should provide customers with a higher level of confidence that products will meet their needs and increase their satisfaction.
[FAQ 015, April 2004]
 
What is the "process approach"?

 

The "process approach" is a way of obtaining a desired result, by managing activities and related resources as a process. The "process approach" is a key element of the ISO 9000 standards. For further guidance, please refer to the ISO 9000 Introduction and Support Package module: N544 - Guidance on the Concept and Use of the Process Approach for management systems.
[FAQ 016, April 2004]

 

Can the "process approach" be applied to other management systems?

 

Yes. The "process approach" is a generic management principle, which can enhance an organization’s effectiveness and efficiency in achieving defined objectives.
[FAQ 017, April 2004]

 

How can the PDCA cycle be used in the "process approach"?

 

The PDCA cycle is an established, logical, method that can be used to improve a process.

 

This requires:

         (P) planning (what to do and how to do it),

         (D) executing the plan (do what was planned),

         (C) checking the results (did things happened according to plan) and

         (A) act to improve the process (how to improve next time).

 

The PDCA cycle can be applied within an individual process, or across a group of processes.
[FAQ 018, April 2004]

 

Can any organization apply the "process approach"?

 

Yes. Many organizations already apply a "process approach" without recognizing it. They could achieve additional benefits by understanding and controlling it.
[FAQ 019, April 2004]

 

Why should an organization apply the "process approach"?

 

By applying the "process approach" an organization should be able to obtain the following types of benefits:

         The integration and alignment of its processes to enable the achievement of its planned results.

         An ability to focus effort on process effectiveness and efficiency.

         An increase in the confidence of customers and other interested parties as to the consistent performance of the organization.

         Transparency of operations within the organization.

         Lower costs and shorter cycle times through effective and efficient use of resources.

         Improved, consistent and predictable results.

         The identification of opportunities for focused and prioritized improvement initiatives.

         The encouragement and involvement of people, and the clarification of their responsibilities.

         The elimination of barriers between different functional units and the unification of their focus to the objectives of the organization.

         Improved management of process interfaces.

[FAQ 020, April 2004]

What is meant by the “sequence” of processes and their "interactions"?

 

The "sequence" of processes shows how the processes follow, or link, to each other to result in a final output.

For example, one process may become the output of the next process or processes.

 

The "interactions" show how each process affects or influences one or more of the other processes. For example, the monitoring or controlling of a process may be established in a separate process.
[FAQ 021, April 2004]

 

How can the processes in an organization be determined?

 

         Identify the organization's intended outputs, and the processes needed for achieving them. These will need to include processes for Management, Resources, Realization and Measurement and Improvement.

         Identify all process inputs and outputs, along with the suppliers and customers, who may be internal or external.

         Identify the sequence and interactions of the processes.

[FAQ 022, April 2004]

Should an organization define and document all its processes?

 

The main purpose of documentation is to enable the consistent and stable operation of an organization's processes.

Although statutory, standards' or customer requirements may require certain documentation, there is no defined “catalogue”, or list of processes that has to be documented in ISO 9001, apart from the 6 indicated ones.

The organization should determine which processes are to be documented on the basis of:

         The size of the organization and type of its activities,

         The complexity of its processes and their interactions,

         The criticality of the processes and

         Availability of competent personnel.

 

A number of different methods can be used to document processes, such as graphical representations, written instructions, checklists, flow charts, visual media, or electronic methods.
[FAQ 023, April 2004]

 

How much detail is required in process documentation?

 

The extent of detail is likely to depend upon factors such as:

         the size of an organisation and its types of activities,

         the complexity of its processes and their interactions, and

         the competence (level of education, training, skills and experience) of its personnel.

[FAQ 024, April 2004]

Is there a standard way of describing a process?

 

No, there is no standard way to describe a process. It depends on the culture, management style, staff literacy, personal attributes and their interactions.

 

A process may be described using a flow chart, block diagram, responsibility matrix, written procedures or pictures.

 

Process flowcharts or block diagrams can show how policies, objectives, influential factors, job functions, activities, material, equipment, resources, information, people and decision making interact and/or interrelate in a logical order.
[FAQ 025, April 2004]

 

What should an organization do to adopt the "process approach"?

 

To adopt the "process approach" an organization should apply the following steps:

         Identify the processes of the organization,

         Plan the processes,

         Implement and measure the processes,

         Analyse the processes,

         Improve the processes.

[FAQ 026, April 2004]

What is a "process owner"?

 

A person who is given the responsibility and authority for managing a particular process is sometimes referred to as the "process owner".

 

It may be useful for an organization's Management to appoint individual "process owners" and to define their roles and responsibilities; these should include the responsibility for ensuring the implementation, maintenance and improvement of their specific process and its interactions.

 

It should be noted, however, that ISO 9001:2000 does not specifically require the appointment of "process owners".
[FAQ 027, April 2004]

 

How can a process be measured?

 

There are various methods of measuring process controls and process performance, ranging from simple monitoring systems up to sophisticated statistically based systems (e.g. Statistical process control, or SPC, systems). The selection and use of any particular method will be dependent on the nature and complexity of an organization's processes and products. The effectiveness of an individual process may be measured by the conformity of its output or product to customer requirements. Its efficiency may be measured from its use of resources. In all cases the measurement of the process determines if its (measurable) objectives have been achieved. Sometimes it only requires monitoring to confirm process operations.

Typical factors that are useful to consider when identifying measures of process control and process performance include:

         Conformity with requirements,

         Customer satisfaction,

         Supplier performance,

         On time delivery,

         Lead times,

         Failure rates,

         Waste,

         Process costs.

         Incident frequency

[FAQ 028, April 2004]

What is the difference between a "process" and a "procedure"?

 

A "process" may be explained as a set of interacting or interrelated activities, which are employed to add value. A "procedure" is a method of describing the way in which all or part of that process is to be performed.

 

ISO 9000:2000 defines a procedure as a "specified way to carry out an activity or a process", which does not necessarily have to be documented.
[FAQ 029, April 2004]

 

An organization has a well-established set of procedures. Can these procedures be used to help describe its processes?

 

Yes, if the procedures describe inputs and outputs, appropriate responsibilities, controls and resources needed to satisfy customer requirements.
[FAQ 030, April 2004]

What is meant by "continual improvement"?

ISO 9001 requires an organization to focus on continually increasing the effectiveness of its quality management system, to fulfil its policies and objectives. One way of doing this is for the organization to improve its processes. The organization may also wish to consider improving the efficiency of its processes, for which ISO 9004:2000 provides guidance. Continual improvement (where "continual" highlights that an improvement process requires progressive consolidation steps) responds to the growing needs and expectations of customers and ensures a dynamic evolution of the quality management system.
[FAQ 031, April 2004]

What documentation is required by ISO 9001?

ISO 9001:2000 refers specifically to only 6 documented procedures; however, other documentation (including more documented procedures not specifically mentioned in ISO 9001:2000) may be required by an organization, in order to manage the processes that are necessary for the effective operation of the quality management system.  This will vary depending on the size of the organization, the kind of activities in which it is involved and their complexity. For further guidance, please also refer to the ISO 9000 Introduction and Support Package module "N525 - Guidance on the Documentation Requirements of ISO 9001:2000"
[FAQ 032, April 2004]

Which standard are organizations registered/certified to?

Organizations have their quality management system registered/certified to ISO 9001:2000. The scope of registration/ certification will need to reflect precisely and clearly the activities covered by the organization's quality management system; any exclusion to non-applicable requirements of the standard (permitted through ISO 9001 clause 1.2 "Application") will need to be documented and justified in the quality manual (see also the ISO/TC 176/SC2 ISO 9000 Introduction and Support Package module " N524 - Guidance on ISO 9001:2000 clause 1.2 'Application' ").
[FAQ 033, April 2004]
 
What does an organization need to do to comply with ISO 9001?

When initially starting to use ISO 9001, an organization should familiarize its personnel with the Quality Management Principles, analyze the standards (especially ISO 9004), and consider how their guidance and requirements may affect your activities and related processes. If it then wishes to proceed to registration/certification, it should perform a gap analysis against the requirements of ISO 9001 to determine where its current quality management system does not address the applicable ISO 9001:2000 requirements, before developing and implementing additional processes to ensure that compliance will be achieved.
[FAQ 034, April 2004]
 
Can an organization be certified/registered to ISO 9004:2000?

ISO 9004:2000 is a guidance standard, which is not intended to be used for third party registration/certification purposes.  A key element of ISO 9004 is the ability to perform self-assessments. Third party quality management system certifications/ registrations are performed to ISO 9001:2000.
[FAQ 035, April 2004]
 
What is the purpose of having ISO 9001 and ISO 9004 as a "consistent pair" of standards?

The idea of a "consistent pair" of standards is central to ISO 9001:2000 and ISO 9004:2000.  The aligned structures of ISO 9001 and ISO 9004 have been designed to encourage organizations to look at their activities from a process standpoint, and also to look beyond the achievement of registration/certification to ISO 9001, to the implementation of a quality management system that will be truly beneficial in improving operational performance.
[FAQ 036, April 2004]
 
How does ISO 9001:2000 relate to the needs of specific business sectors?

The text of ISO 9001:2000 is applicable to organizations that provide different types of product and to organizations of different sizes.  Due to this generic nature, some industrial or commercial sectors find that they need to identify additional requirements to attend to their specific requirements, so develop their own standards or related documents.

To assure consistency between the ISO 9001 requirements and sector requirements, ISO's rules of procedure require that ISO/TC 176 be invited to review sectoral documents while they are being developed by ISO. A successful example of such a document is ISO Technical Specification ISO/TS 16949, which was developed in conjunction with representatives from the automotive industries. 
[FAQ 037, April 2004]

Is an organization's ISO 9001 certificate applicable to all of its products ?

When an organization seeks to have its quality management system registered/certified to ISO 9001:2000, it is required to agree a "scope of certification" with its registrar/certification body. This will define the products to which the organization's quality management system is applicable, and against which it will be assessed. An organization is not obliged to include within its "scope of certification" all the products that it provides (note that the ISO 9000:2000 definition of "Product" includes "services"), but may be selective about those that are included.  All applicable requirements of ISO 9001:2000 will need to be addressed by the organization's quality management system that covers those products that are included in the "scope of certification".

Customers should ensure that a potential supplier's "scope of certification" covers the products that they wish to order. Caveat Emptor!
[FAQ 038, April 2004]

What can an organization do if it is not able to comply with all of the requirements of ISO 9001?

ISO 9001 allows for the exclusion of some of its requirements (via clause 1.2 “Application”), but only if it can be shown that these requirements are not applicable to the organization.

Exclusions are limited to the requirements given in Section 7 ("Product Realization"), where individual requirements may only be excluded if it can be shown that they do not affect the organization's ability to provide product that meets customer and applicable statutory or regulatory requirements. Justification for such exclusions is also required to be detailed within the organization's quality manual.

For example, if design activities are not required by an organization to demonstrate its capability to meet customer and applicable statutory /regulatory requirements, or if its product is provided on the basis of established design, then it may be able to exclude some of the "design" requirements but still be able to be registered/certified to ISO 9001:2000.

For further guidance, see the ISO 9000 Introduction and Support Package module: N524 - Guidance on ISO 9001:2000 clause 1.2 'Application'.
[FAQ 039, April 2004]

How will a small organization be able to adapt the requirements of ISO 9001?  What flexibility will be allowed?

The requirements of ISO 9001 are applicable to small, medium, and large organizations alike.  ISO 9001:2000 provides some flexibility, through clause 1.2 “Application”, on the exclusion of certain requirements for specific processes that may not be performed by the organization.

If, for example, the nature of your products does not require you to perform design activities, or if your product is provided on the basis of established design, you could discuss and justify the exclusion of these requirements with your certification/registration body (see also the ISO 9000 Introduction and Support Package module N524 - Guidance on ISO 9001:2000 clause 1.2 'Application'). However, individual organizations will still need to be able demonstrate their capability to meet customer and applicable statutory or regulatory requirements for their products, and will need to consider this when determining the complexity of their quality management systems.

Further guidance for small businesses may be found in ISO Handbook: ISO 9001:2000 for Small Businesses – What to do, Advice from ISO/TC 176
[FAQ 040, April 2004]

 What is the relationship between ISO 9001 and ISO 14001?

ISO 9001 has been developed to be "compatible" with ISO 14001 Environmental management systems – Requirements with guidance for use, particularly with regard to terminology and content. 

There is close collaboration between the technical experts of ISO/TC 176 and ISO/TC 207 (the Technical Committee responsible for the ISO 14000 series of standards) during the development of their respective standards, to ensure that the level of compatibility is maintained or enhanced.

A recent review of ISO 14001 and ISO 14004 by ISO/TC 207/SC 1 has led to the initiation of a revision of these standards, which is targeted for completion by the end of 2004.  This has provided an opportunity for further enhancement of the "compatibility" between the ISO 9000 and ISO 14000 standards.
[FAQ 041, April 2004]
 
Are there any guidelines covering joint implementation of ISO 9001 and ISO 14001?

ISO has just initiated a project to prepare a guideline on this subject at this present time (January 2004). This will take account of the revision to ISO 14001, due towards the end of 2004. 

For guidance on the auditing of both quality and environmental guidance management systems, the two responsible ISO technical committees (ISO/TC 176 and ISO/TC 207) jointly developed a single common auditing standard (ISO 19011) that replaced their own unique sets of auditing standards.
[FAQ 042, April 2004]
 
Is there a common guideline standard for auditing QMS and EMS according to ISO 9001 and 14001?

ISO 19011:2002 Guidelines for quality and/or environmental management systems auditing gives guidance on auditing that is applicable to both quality management systems and environmental management systems.
[FAQ 043, April 2004]
 
How are the standards applicable to organizations that provide services. ?

The standards are applicable to all types of organizations, operating in all types of sectors, including service providers.
(Note: the definition of the term 'product' in ISO 9000:2000 also includes 'services'. ISO 9001:2000 and ISO 9004:2000 have been written to reflect this definition.)
[FAQ 044, April 2004]
 
What do quality management practitioners (consultant, auditor, or trainer) need to know about the standards?

As a minimum, quality management practitioners should familiarize themselves with the requirements of ISO 9001:2000, and also with the content and philosophies of ISO 9000:2000, ISO 9004:2000 and the Quality Management Principles.  They should understand their client’s activities and processes, before providing appropriate interpretations of the requirements of the standards, to add value to the client's operations. ISO/TC 176 is currently developing ISO 10019 Guidelines for the selection of quality management system consultants and use of their services, which may be useful to refer to for further guidance.
[FAQ 045, April 2004]
 
How should regulatory bodies use the standards?

Regulatory bodies should review their regulations currently in effect (or under development) and identify points where reference to the quality management system standards would be appropriate, before making recommendations to the legislative body.
[FAQ 046, April 2004]
 
What do auditors need to know about the standards?

Auditors, whether external or internal, should be able to demonstrate their competence on the structure, content and terminology of the standards, and also on the underlying Quality Management Principles

The standards require that auditors are able to understand the organization's activities and processes and appropriately audit against the requirements of the ISO 9001 in relation to the organization's objectives.  According to joint advice from the International Accreditation Forum (IAF), ISO's Policy Committee for Conformity Assessment (ISO-CASCO) and ISO TC 176, auditors should be able to demonstrate competency in:

A recent initiative between ISO/TC 176, ISO/CASCO and the IAF has been the establishment of an ISO 9001 Auditing Practices Group, which has issued a number of web based guidance notes to assist auditors.

[FAQ 047, April 2004]