Is ISO 9004:2009 an Implementation Guide?

ISO documentation practices, requirements

Q: I am looking to purchase the latest ISO 9001:2008 Quality management systems–Requirements. However, in the past, ISO 9004:2000 Managing for the sustained success of an organization — A quality management approach,  included the ‘requirements’ of ISO 9001 in boxes as a reference in ISO 9004 (used for implementation assistance). Is that still the case? I would much rather buy the revision, ISO 9004:2009 if the ISO 9001 requirements were in the standard…it’d be one less standard to have around.

A: We have consistently promoted the concept that ISO 9004 is NOT an implementation guide to ISO 9001. It is designed to provide guidance to organizations that desire to go beyond meeting minimum requirements towards achieving higher levels of performance.

There is much that is required of organizations today to sustain themselves and the next edition did try to focus on addressing issues that were essential to sustainability, perhaps at the expense of revisiting the old ground of content related to 9001 compliance which, by now, have become well understood by many organizations.

So, ISO 9004 is about going beyond ISO 9001. ISO 9004 is still consistent with ISO 9001, but it places more intensity on going beyond and less on hard line-by-line congruence.

Charlie Cianfrani
Consulting Engineer
Green Lane Quality Management Services
Green Lane, PA
ASQ Fellow; ASQ CQE, CRE, CQA, RABQSA Certified QMS-Auditor (Q3558)
ASQ Quality Press Author

Merging With a Non-ISO 9001 Certified Organization

Reporting, best practices, non-compliance reporting

Q: My federal agency is comprised of many different internal organizations. We have a scenario where a recently certified organization to the ISO 9001:2008 Quality management systems–Requirements is planned to be merged with a non-certified organization that has no type of management system. The certified organization’s certification runs for three years but it will be more closely integrated with the non-certified organizations. Will the merger affect the certified organization’s certification? Do you have any insights on how these types of occurrences typically affect the management system itself when an organization that is certified for 100% of its operations now becomes 50% of a larger organization? It’s quite likely that the certified organization’s name will change at least in part.

A: With regard to your question, if company “A” is already ISO 9001:2008 certified and is now being merged with a non-certified company here’s what should be considered.  First, the current ISO certification is only applicable to company “A” as defined in the scope of the quality manual as well as on the ISO 9001 certification issued by the ISO registrar.

Your ISO registrar needs to be immediately informed of changes effecting the company name, top management and/or processes.  The registrar may very likely require the newly merged companies to be reevaluated for ISO certification and listed under one ISO certification.

Most ISO registrars will not issue ISO certification for just a portion of a company.  All processes that comprise the quality system must be identified and included as a part of the QMS unless specific exclusion is stated in the quality manual as permitted by ISO 9001.  The management representative will need to ensure that top management is aware of how this merge may affect the current QMS so effective actions can be taken to bring company “B” in line with the established QMS procedures and other ISO requirements.  I hope this helps.

Bill Aston
ASQ Senior Member
Managing Director of Aston Technical Consulting Services
Kingwood, TX
www.astontechconsult.com

ISO 9001 Management Representative

About ASQ's Ask the Standards Expert program and blog

Q: ISO 9001:2008 Quality management systems — Requirements defines the responsibilities of the management representative (MR). To carry out these responsibilities, the MR needs certain defined authorities. What principle authorities should a MR posses to meet the responsibilities defined? I am a quality manager and I report to the project director, who reports to the CEO. While auditing other directors in the organization, my boss (the project director), requested from me to discuss with him the audit results of other director’s’ audit findings since I am reporting to him. I pointed out that the MR Role is independent and it is not a part of the function of Quality Manager where I report to him.

How can I make it clearer that I need independent authorities to perform the role of the MR?
 
A: Section 5.5.2 Management Representative: defines the appointment and responsibilities of the management representative. He/she is appointed by top management. The implication is that top management can ask for reports on the MR’s responsibilities. A summary of these are:

  • Ensure QMS process are established, implemented and maintained
  • Reporting to top management on performance of QMS and need for improvement
  • Ensure promotion of customer Requirements in the Org.

It is true that management representative responsibilities are not those of the quality manager. But, ISO 9001 does not define responsibilities of the quality manager.

My suggestion is to go to the person who appointed you management representative and ask him if you should provide the information requested.

Sandford Liebesman, Ph.D.
Voting member of the U.S. TAG to ISO/TC 176
ASQ Fellow
Morristown, NJ