What’s the Difference Between ISO 9001 and ISO 19011?

Reporting, best practices, non-compliance reporting

Q: What is the difference between the ISO 9001:2008 and ISO 19011:2011 literature on your web site? Please provide a detailed explanation and their use.

A: I can see where the confusion might arise, as the numbers are very similar! But the contents are quite different.

ISO 9001 Quality management systems–Requirements is the mother of all quality management systems. It lays out the minimal requirements for an acceptable way of managing your business for quality. In the beginning, it was developed as a requirements document to lay on your suppliers. Then it became the foundation for registration (other countries might call this certification) of your own management approach to quality. About a decade ago, various business sectors – aerospace, automotive, medical devices, laboratories, etc., all used the ISO 9001 document as the base for their specific approaches. They didn’t take anything away, but added additional requirements. By far, the greatest use today is for registration/certification. This is somewhat sad, in that the standard itself is a beautiful way of managing the resources within the enterprise. Registration can get quite bureaucratic and not worth the expense.

ISO 19011:2011 Guidelines for the auditing management systems is the international auditing standard (my specialty). It was first developed as a means to get all the various registration agencies around the world to do their audits in a consistent manner. It also had support from the multinational companies that had factories – and thus registrations – all around the world and often with different cultures. Norms in Canada are not the same as China! Unfortunately, this registration emphasis in the standard made it somewhat hard for internal auditors and supplier auditors to use it. Plus, there is no requirement to use the standard, other than within the registration industry.

For these reasons, the U.S. wrote a supplement for the 2002 version of this standard, giving guidance on how to use the principles for internal audits and small organizations [note: development is underway to offer similar supplements for the ISO 19011:2011 version  — anticipated end of 2012/early 2013.]. ASQ is the only place to get this version, which  includes the supplement, along with the base document. As this auditing standard was revised, it picked up environmental auditing and safety auditing in the scope.

Dennis Arter
ASQ Fellow
The Audit Guy
Columbia Audit Resources
Kennewick, WA
http://auditguy.net

Is ISO 9004:2009 an Implementation Guide?

ISO documentation practices, requirements

Q: I am looking to purchase the latest ISO 9001:2008 Quality management systems–Requirements. However, in the past, ISO 9004:2000 Managing for the sustained success of an organization — A quality management approach,  included the ‘requirements’ of ISO 9001 in boxes as a reference in ISO 9004 (used for implementation assistance). Is that still the case? I would much rather buy the revision, ISO 9004:2009 if the ISO 9001 requirements were in the standard…it’d be one less standard to have around.

A: We have consistently promoted the concept that ISO 9004 is NOT an implementation guide to ISO 9001. It is designed to provide guidance to organizations that desire to go beyond meeting minimum requirements towards achieving higher levels of performance.

There is much that is required of organizations today to sustain themselves and the next edition did try to focus on addressing issues that were essential to sustainability, perhaps at the expense of revisiting the old ground of content related to 9001 compliance which, by now, have become well understood by many organizations.

So, ISO 9004 is about going beyond ISO 9001. ISO 9004 is still consistent with ISO 9001, but it places more intensity on going beyond and less on hard line-by-line congruence.

Charlie Cianfrani
Consulting Engineer
Green Lane Quality Management Services
Green Lane, PA
ASQ Fellow; ASQ CQE, CRE, CQA, RABQSA Certified QMS-Auditor (Q3558)
ASQ Quality Press Author

Merging With a Non-ISO 9001 Certified Organization

Reporting, best practices, non-compliance reporting

Q: My federal agency is comprised of many different internal organizations. We have a scenario where a recently certified organization to the ISO 9001:2008 Quality management systems–Requirements is planned to be merged with a non-certified organization that has no type of management system. The certified organization’s certification runs for three years but it will be more closely integrated with the non-certified organizations. Will the merger affect the certified organization’s certification? Do you have any insights on how these types of occurrences typically affect the management system itself when an organization that is certified for 100% of its operations now becomes 50% of a larger organization? It’s quite likely that the certified organization’s name will change at least in part.

A: With regard to your question, if company “A” is already ISO 9001:2008 certified and is now being merged with a non-certified company here’s what should be considered.  First, the current ISO certification is only applicable to company “A” as defined in the scope of the quality manual as well as on the ISO 9001 certification issued by the ISO registrar.

Your ISO registrar needs to be immediately informed of changes effecting the company name, top management and/or processes.  The registrar may very likely require the newly merged companies to be reevaluated for ISO certification and listed under one ISO certification.

Most ISO registrars will not issue ISO certification for just a portion of a company.  All processes that comprise the quality system must be identified and included as a part of the QMS unless specific exclusion is stated in the quality manual as permitted by ISO 9001.  The management representative will need to ensure that top management is aware of how this merge may affect the current QMS so effective actions can be taken to bring company “B” in line with the established QMS procedures and other ISO requirements.  I hope this helps.

Bill Aston
ASQ Senior Member
Managing Director of Aston Technical Consulting Services
Kingwood, TX
www.astontechconsult.com

ISO 9001 Management Representative

About ASQ's Ask the Standards Expert program and blog

Q: ISO 9001:2008 Quality management systems — Requirements defines the responsibilities of the management representative (MR). To carry out these responsibilities, the MR needs certain defined authorities. What principle authorities should a MR posses to meet the responsibilities defined? I am a quality manager and I report to the project director, who reports to the CEO. While auditing other directors in the organization, my boss (the project director), requested from me to discuss with him the audit results of other director’s’ audit findings since I am reporting to him. I pointed out that the MR Role is independent and it is not a part of the function of Quality Manager where I report to him.

How can I make it clearer that I need independent authorities to perform the role of the MR?
 
A: Section 5.5.2 Management Representative: defines the appointment and responsibilities of the management representative. He/she is appointed by top management. The implication is that top management can ask for reports on the MR’s responsibilities. A summary of these are:

  • Ensure QMS process are established, implemented and maintained
  • Reporting to top management on performance of QMS and need for improvement
  • Ensure promotion of customer Requirements in the Org.

It is true that management representative responsibilities are not those of the quality manager. But, ISO 9001 does not define responsibilities of the quality manager.

My suggestion is to go to the person who appointed you management representative and ask him if you should provide the information requested.

Sandford Liebesman, Ph.D.
Voting member of the U.S. TAG to ISO/TC 176
ASQ Fellow
Morristown, NJ