History and Evolution of ISO 9000 Standards

Pre ISO 9000
During World War II, there were quality problems in many British industries such as munitions, where bombs were exploding in factories during assembly. The solution adopted to address these quality problems required factories to document their manufacturing procedures and to prove by record-keeping that the procedures were being followed. The standard was BS 5750, and it was known as a management standard because it specified not what to manufacture, but how the manufacturing process was to be managed. In 1987, the British Government persuaded the International Organization for Standardization (ISO) to adopt BS 5750 as an international standard. The international standard was named ISO 9000.

ISO 9000: 1987 Version
ISO 9000:1987 had the same structure as the British Standard BS 5750, with three ‘models’ for quality management systems, the selection of which was based on the scope of activities of the organisation:
• ISO 9001:1987 Model for quality assurance in design, development, production, installation, and servicing was for companies and organisations whose activities included the creation of new products
• ISO 9002:1987 Model for quality assurance in production, installation, and servicing had basically the same material as ISO 9001 but without covering the creation of new products.
• ISO 9003:1987 Model for quality assurance in final inspection and test covered only the final inspection of finished product, with no concern for how the product was produced.
ISO 9000:1987 was also influenced by existing U.S. and other Defense Standards (MIL SPECS), and so was well-suited to manufacturing. The emphasis tended to be placed on conformance with procedures rather than the overall process of management—which was likely the actual intent.

ISO 9000:1994 (Year 1994 Revision)
ISO 9000:1994 emphasised quality assurance via preventive actions, instead of just checking final product, and continued to require evidence of compliance with documented procedures. As with the first edition, the down-side was that companies tended to implement its requirements by creating shelf-loads of procedure manuals, and becoming burdened with an ISO bureaucracy. In some companies, adapting and improving processes could actually be impeded by the quality system.

ISO 9000:2000 (Year 2000 Revision)
ISO 9001:2000 combines the three standards 9001, 9002, and 9003 into one, called 9001. Design and development procedures are required only if a company engages in the creation of new products. The 2000 version sought to make a radical change in thinking by placing the concept of process management front and centre (”Process management” was the monitoring and optimising of a company’s tasks and activities, instead of just inspecting the final product). The Year 2000 version also demands involvement by upper executives, in order to integrate quality into the business system and avoid delegation of quality functions to junior administrators. Another goal is to improve effectiveness via process performance metrics — numerical measurement of the effectiveness of tasks and activities. Expectations of continual process improvement and tracking customer satisfaction were made explicit.

ISO 9000:2008 (Year 2008 Revision)
The new ISO 9001:2008 was published on 15 November 2008. ISO 9001:2008 uses the same numbering system as ISO 9001:2000 to organise the standard. As a result, the new ISO 9001:2008 standard looks very much like the old standard. No new requirements have been added. However, some important clarifications and modifications have been made.

As with the release of previous versions, organisations registered to ISO 9001:2000 will be given a period to transition to the ISO 9001:2008 standard, assuming changes are needed.

ISO 9000 — a way of managing for conformance
Quality assurance, according to the Standard, is a way of managing that prevents non-conformance and thus “assures quality”. This is what makes ISO 9000 different from other standards: it is a management standard, not a product standard. It goes beyond product standardisation: it is standardising not what is made but how it is made. To use standards to dictate and control how organisations work was to extend the role of standards to new territory. To take such a step we might have firstly established that any such requirements worked — that they resulted in ways of working which improved performance.
Yet the plausibility of this Standard, and the fact that those who had an interest in maintaining it were (and still are) leading opinion, prevented such enquiries. In simple terms the Standard asks managers to say what they do, do what they say and prove it to a third party.
ISO 9000 (1994) paragraph 1: “The requirements specified are aimed primarily at achieving customer satisfaction by preventing non-conformity at all stages from design through servicing.”
To put it another way, the Standard asserts that preventing non-conformance achieves customer satisfaction. But does it? Of course it matters to customers that a product works. But there is no guarantee that the Standard will ensure even that. Furthermore, customers take a total view of an organisation — how easy it is to do business with — in respect of all things of importance to each and every customer.
ISO 9000 requires managers to “establish and maintain a documented quality system as a means of ensuring that product conforms to specified requirements”. Loosely translated this is “say what you do”. Management is supposed to “define and document its policy for quality . . . including its commitment to quality”.
What management would not declare its commitment to quality? But would they know what it means? Would they argue (as they should) that quality management is a different and better way to do business, or would they believe that ISO 9000 will take care of quality? The Standard encourages managers to think of “quality” and “business as usual” as separate and distinct. It helps managers avoid the revelation that quality means a wholly different view of management. Instead, the organisation “shall appoint a management representative who, irrespective of other responsibilities, shall have defined authority and responsibility” [for ISO 9000]. At a practical level this means only one executive might decide he or she had better learn a thing or two about quality. However, would being responsible for ISO 9000 lead to learning about quality or simply enforcing the ISO 9000 regime in an organisation?
Key to the regime is auditing. The Standard requires organisations to conduct internal quality audits to “verify whether quality activities comply with planned arrangements”. This can be loosely translated as “do you do as you say?” and the purpose of the audit is to see that you do. It was not until the 1994 review that the words were changed to “quality activities and related results”. It was a Standard which was rooted in the philosophy of inspection: fifteen years after its initial promulgation the promoters sought to extend the focus to results. But results or improvements assessed by what means? Inspection. By the time the Standard was adopted world-wide, quality thinking had moved a long way from the philosophy of inspection. It is now understood, at least by a few, that quality is achieved through managing the organisation as a system and using measures which enable managers to improve flow and reduce variation (which we explore in chapters 5 and 7). The defenders argue that there is nothing stopping a company having ISO 9000 and implementing methods for managing flow and reducing variation, but where are such companies? Few of the companies we researched, formally and informally, knew anything about this thinking. The Standard does not talk about it; moreover, the Standard effectively discourages managers from learning about it by representing quality in a different way.
According to ISO 8402 (quality vocabulary), quality is:
“The totality of features and characteristics of a product or service that bear on its ability to satisfy stated or implied needs.”
Everything we have learned about ISO 9000 suggests that the people who created this definition were thinking about the things which need to be controlled, those things which “bear on its ability . . .”. The builders of the Standard assumed that customer needs would be listed in contractual agreements between the supplier and customer. ISO 9000 has a “make” logic — procedures for “how you do what you do” — and a “control” logic — check to see that it is done. It is a relic of the era when contractual agreements were perceived to be an important device for regulating the behaviour of suppliers. In these ways, ISO 9000 encouraged “planning for quality”.
Planning for quality sounds plausible, but it assumes many things: that the plan is the right plan, that it is feasible, that people will “do it”, that performance will improve. It is an approach which, paradoxically, leads to poor decisions. Planners of quality systems, guided by ISO 9000, start with a view of how the world should be as framed by the Standard. Understanding how an organisation is working, rather than how someone thinks it should, is a far better place from which to start change of any kind.