ISO 9000 Has Gone Off The Rails


When I first started hearing about the ISO 9000 quality system in the 1990’s there was a lot of resistance to it. A lot companies were unhappy about being pressured or required to adopt the ISO 9000 system by their customers. It was not looked at as being a benefit to their businesses; it was looked at as a giant hoop that you had to jump through in order to be able to get business opportunities from some larger companies. I never agreed with this viewpoint. I saw the benefits of at least some parts of the ISO 9000 standard pretty early on.

Since the 1990’s, the ISO 9000 standard has gone mainstream. Numerous industries have adopted it. No one more vigorously than the auto industry which has their own version which they call TS 16949 (basically ISO 9000 plus some specific auto industry requirements).

However, since then, some cracks have developed that are causing the ISO 9000 system to not only become just a hoop that companies have to jump through, but a series of flaming hoops. Some changes need to be made in order for this system to achieve its goals and actually work for the companies trying to adopt it.

It was a wonderful idea originally. ISO is short for ISOS meaning “same”. The idea was that all companies globally who adopted the ISO 9000 system would be on the same page. They would have quality systems based on a single standard. A company’s ISO 9000 or TS 16949 certification would be good as gold, assuring customers and potential customers that they had the systems in place to provide high quality products and services. The ISO certification was proof from a third party that this was true. Many large companies put requirements in place that all suppliers must be third party registered to ISO 9000.

I first started becoming aware of the failings of the ISO 9000 standard when I was working closely with an automotive injection molder that was trying to expand their customer base. They were aggressively calling on tier one suppliers to gain new business. They were TS 16949 registered as is required but before a tier one supplier would even consider sending them a quote package, they would send a team of quality auditors to give them a thorough anal exam. The audits would take from several days to a week and require the time of the entire management team. This was just to see if they could quote new work.

The company would have quality problems because their management team was tied up in these audits for one third of the year trying to prove that their third party registered quality system was up to snuff. At a certain point, I suggested that they prequalify these customers to see if it was worth going through the audits. At one point, I half jokingly suggested that they send an invoice to one of these companies for the audit. I figured $10,000 ought to cover the costs.

I realized that the reason that these companies had lost trust in the third part audit system utilized by the ISO 9000 system.  They are sending their teams of auditors to basically check the work of the third party auditors that the company uses to become ISO 9000 registered. The ISO 9000 certifications that companies spent enormous time and money to achieve are not worth the paper they are printed on. Obviously there is a problem here.

This got me to thinking about what could be done to the ISO 9000 system to improve it. Here are a few things that I would suggest:

  1. Stop continually changing and updating the standard

The ISO 9000 standard came out in 1987 but the first version that anyone was aware of was the 1994 revision. They then massively revised the standard in 2000, 2008 and 2015. I am sure that there is another new version in the works right now.

The upheaval caused by having to restructure your business because someone decided that the ISO 9000 standard needed to be thrown out and rewritten is of no benefit to anyone except consultants and auditors. Having to adapt to a whole new standard just disrupts a company’s operations and throws away all of the refinements and improvements that they have made under the current revision of the standard.

When companies are forced to reorganize simply because the ISO 9000 standard is revised, management begins to view the standard as a hoop that they have to jump through as opposed to a quality system that benefits their company. I can’t tell you how many times that I have heard people say things like “well, they have to justify their jobs so they just keep rewriting the standard” or “they have to make work for themselves”.

What does it say about this great global quality standard that every seven or eight years, it has to be thrown out and replaced with a completely different standard?

The standard is now 29 years old. It should not need to be rewritten any more.

  1. Scrap the quality policy

The establishment of the quality policy has been a part of the ISO 9000 standard from the beginning. The company must establish a policy that defines their quality goals and objectives. Let me make this real simple, the goal for every company is the same. It’s continuous improvement of their quality. Nothing more needs to be said.

Currently, companies write some policy that states that they are customer focused, or that they want 100% customer satisfaction or some nonsense about how they care about their employees. They then print this off on paper and hang it all over the office including the lobby. Then, all of the employees are required to memorize it before the quality audit so they can regurgitate it to the auditor who relentlessly asks everyone down to the janitor if they know what it is. I used to print off the policy on little cards and just have everyone carry it in their pockets for audits.

This is a silly bit of symbolism that just wastes everyone’s time. I do however enjoy reading these ridiculous policies while waiting in people’s lobbies.

  1. Internal audit functions should be internal

The ISO 9000 standard requires that companies perform internal audits of their systems in advance of third party audits. The idea being that the company’s employees, knowing the internal systems of the company better than an outside auditor, might be able to find things that the third party auditor will not. The third party auditor typically reviews the internal audit findings to learn more about the company and its processes.

The problem is that the standard requires that processes can only be audited by staff members that are completely unrelated to the process being audited. For small companies, this is not even possible. Small companies often have employees that wear multiple hats. All of their employees have some involvement in every process at the company. To get around this requirement, they end up hiring external auditors to come in and perform internal audits. Think about that for a second. It defeats the whole purpose of the internal audit.

For the purposes of internal audit, it is hard to understand how a person from accounting or maintenance would be better able to audit the receiving inspection function than someone who is in quality. At least quality personnel would know what they were looking at. I also would not suggest that quality personnel audit the accounting department. The internal audit function should be different than the third party audit system instead of being redundant.

  1. Scrap the third party registration system

This will be a bit controversial but I think that the third party audit and registration system has jumped the shark. As I mentioned before, most of your customers do not trust the third party auditors findings and with good reason.

The third party auditors usually have very little understanding of your business and therefore spend most of their time looking at the wrong things. For instance it is perfectly acceptable for your receiving inspection procedure to say something like this: We look at the shipper from the supplier and then we add up the weight that we received and if they match, we give it a pass. The auditor only looks to see that you have a procedure in place and that you are following it. They have no ability to understand if the system that you have in place is adequate because they don’t really understand what you do.

Also, because the registration company works for you, they have a conflict of interest. If they are too tough on you, you might not pay them to come back.

That brings to me to the cost of this registration. Companies spend thousands and even tens of thousands of dollars to get their quality system certified by a third party registrar. At the end they get a piece of paper that they can send to their customer who checks a box, puts the piece of paper in the file and then sends a team of auditors out to double check the work of the registrar. This is pointless.


Despite everything that I have said here, I still think that the ISO 9000 standard is a good quality system on balance. I have seen companies that have been improved by adoption of the standard. Also,  most third party quality auditors are very knowledgeable and I always learned something in the several dozen quality audits that I have been involved in for both ISO 9000 and ISO 17025.

Unfortunately, I have also seen many companies that have adopted the standard at great expense not see the benefits they were hoping for. Many studies have also failed to find clear benefits to companies who have adopted the standard (although some studies do show benefits).

I think that the changes outlined above would help to improve the results as well as make adoption less cumbersome and expensive. I’m a big believer in simplification and I really have a problem with symbolic measures.

Making the process clearer and less symbolic would also help to convince upper management that the standard is not just some hoop that they have to jump through but rather system that will improve the profitability of the company. Improving the bottom line is always the goal of any company after all despite what the framed documents in the lobby say.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: