If you are like me, you remember the banners that large companies put up years ago when they achieved ISO 9001 compliance. It seemed at the time that this was something only for large companies. Since its introduction in 1987 ISO 9001 has both evolved as a standard and has become an achievement that not just large manufacturing companies can attain. There have been updates to the standard in 1994, 2000, 2008 and the most recently in 2015. The latest version of the standard is approximately 30 pages long. However, it differs from the previous version in several important ways.
First off – some of the basics. W. Edwards Deming is famous for saying that if something is not measured, it cannot be improved. The ancillary observation is that once something is measured, it will improve. ISO 9001 aims to allow an organization of any size determine what efforts are necessary to improve quality and then undertake and improve those efforts over time to continuously increase quality. Another of Deming’s ideas is Plan-Do-Check-Act (PDCA), which is a circular way to carry out processes. By embracing PDCA, a mechanism for continuous improvement is built into ISO 9001.
Companies need to define and perform processes to meet this objective. It worth noting that a process is not a procedure. A procedure is a step by step way of doing something. As such it tends to be a static list of steps for a given task. A process is established by defining in the inputs and desired results. The actual method is left open, with the assumption that there is expertise possessed by those performing the process. ISO 9001 relies on processes not procedures for the very reason that there can be evolution and improvement.
ISO 9001 starts with “context of the organization”, which essentially is a thorough way of identifying all the things that affect quality and that are affected by quality. The categories that these are drawn from is extensive. There is an external context and an internal context. These include suppliers, contractors, regulatory agencies, customers, competitors, management, employees, etc. Context can include social, technological, environmental, ethical, political, legal, and economic factors. The ISO 9001 process entails documenting these and then exploring the relationships with all of them. This can lead to open ended thinking about how to improve customer satisfaction, increase business, improve products, improve marketplace goodwill, or positively affect other tangible or intangible success metrics.
One of the biggest changes in ISO 9001:2015 is the shift to “risk based thinking” instead of the narrower “preventative action” from earlier revisions. One counterintuitive notion in ISO 9001:2015 is that “risk” can include the possibility of a positive or beneficial outcome. Risk is defined broadly as an effect of uncertainty. Any source of uncertainty, internal or external, can affect the quality of a result. Companies adopting ISO 9001:2015 need to thoroughly think through and document all sources of risk. To manage risk various actions can be taken. With the broader net that risk based thinking encourages, organization may identify risks proactively, instead of waiting for problems to manifest before taking preventative action.
ISO 9001:2015 puts increased emphasis on engagement with the highest levels of management. If a quality management system (QMS) is an afterthought carried out with no high-level sponsorship, it will not have the aegis or resources to be effective. ISO 9001:2015 requires up front involvement with the organization’s leadership. If this is baked in at the outset, the likelihood of success is dramatically improved.
Companies have wide latitude in how they initially document their quality management system and how they use it in practice. However, certification is becoming increasingly important. The ISO organization does not do the certification themselves. ISO published the standard which is drafted by a technical committee known at TC 176. There are accredited third parties that perform certification. An organization seeking certification would use one of them.
As I began this article – it’s not just the big car makers or telecom companies that are taking advantage of ISO 9001:2015; rather a number of smaller companies are seeing the advantages for themselves and their customers in adopting the standard. In EDA and IP there is an increasing number of these. Nowhere is this more important than for IP that relates to security and storage of vital information. One such company that has adopted ISO 9001:2015 is Sidense – supplier of IP for one time programmable non-volatile memory.
It’s easy to see why IP consumers would want to have assurance that the IP they are using in their designs is designed, test and supported with processes that focus on continuous improvement. To see more about how an ISO certified supplier operates, take a look at the Sidense website.