ISO 9000 STANDARDS SERIES, A CONTINUOUS SUBJECT TO WIDE INTERNATIONAL INTEREST AND APPLICATION
How to apply standards in an innovative way for organizational performance excellence and sustained success?

Introduction

ISO 9000 quality management standards are based on a long term international cooperation and broad consensus, and they have achieved a wide recognition all over the world. ISO 9000 standardization started in 1979. After that there has been a continuous work going on in the standardization committee ISO TC 176 (Quality management and quality assurance) for updating and revising the ISO 9000 standards family and its parts on a regular basis according to the international standardization rules. In addition to the current standard versions there are also always available drafts for the next editions that may be taken into consideration when organizations are developing quality approaches for their business challenges.

ISO 9000 standards are applicable to all kinds of organizations, and they may be recognized as a world-wide phenomenon of the professional quality development. Hence, there is also a broad continuous discussion how to get a maximized benefit of the standards. In this sense standards set particular challenges on the comprehensive understanding among the appliers. According to the general standardization definitions (ISO Guide 2) standardization conceptually means an activity giving solutions for repetitive application, to problems essentially in the spheres of science, technology and economics, aimed at the achievement of the optimum degree of order in a given context. Generally, the activity consists of the processes of formulating, issuing and implementing standards.

ISO 9000 standards were aimed to be - and really can be - useful, practical, and recognized reference material for the innovative development of any organization's business performance towards the level of excellence. ISO 9000 standards also promote world-widely referred TQM (Total Quality Management) movement within organizations. Factually the concept QM (quality management) of ISO 9000 equals the concept TQM, although conceptually TQM is quite vague and not any more widely used in business environments.

It is very typical that organizations use simultaneously with the ISO 9000 standards also other general and well-known reference models of business management (figure 1), e.g. Performance excellence models (quality award criteria), Kaizen, SixSigma, Lean, Balanced Scorecard (BSC), etc. All these may be seen as sub-domains of a comprehensive organizational business-integrated QM approach and ISO 9000 standards.


Figure 1. Organizations should use simultaneously multifarious sources of information for developing their quality approach and aiming at satisfaction of all interested parties (stakeholders) in a competitive way.

ISO 9000 standards present the internationally recognized foundation for QM. The standards emphasize a continual and systematic improvement of the organizational business systems for ensuring organizations' sustainable success and providing confidence among stakeholders or interested parties (i.e. persons or groups having interest in the performance or success of the organization). However, one cannot be pleased with the standardization process and the current practice of applying the standards. There is much criticism and even cynicism against the standards implementation and the achieved results. This is mainly due to intentional or accidental misunderstanding of the objectives, nature, structure, and substance of the standards.

Business management requires knowledge and practices of many different specialized disciplines. QM is one of those disciplines, and even within itself it has links to various areas of knowledge. In addition to the ISO 9000 standards, there are also many other different management standards for specialized areas of the business management. In organizational business environments all these standards should be able to use simultaneously.

General management standards do not aim at striving for similar business systems. All organizations and their stakeholders have unique needs and business environments. Standards should be applied with integration, responsiveness, collaboration, and innovation. Top management’s personality has a crucial impact on the performance and development of an organization. Hence, in order to use ISO 9000 standards effectively and efficiently, the major responsibility is squarely on the business leaders and quality experts have the role of professional facilitation. Standards realizations should be done through selecting and implementing modern, innovative and superior managerial means to strive for organizations' own business goals. Organizations should use with ISO 9000 standards also all other appropriate and useful sources (figure 1) of relevant information, especially sector specific standards, business excellence models (quality awards criteria), and benchmarking references. In this way the real purpose of the standards will take place.

The basic standards of the ISO 9000 family are ISO 9004 and ISO 9001 that form a complementary pair of standards for quality management (QM) and quality assurance (QA). ISO 9004 represents the organizational QM broadly and ISO 9001 its part for providing QA to organization's interested parties. ISO 9001 cannot operate effectively or efficiently without taking into account the foundation of ISO 9004 and understanding clearly the key concepts and principles of the standards. There are additionally a lot of other related and supplementing standards in the ISO 9000 series. Standard ISO 9000 defines the main concepts that are used in the whole ISO 9000 standards family. Also the auditing standard ISO 19011 is closely related to ISO 9000 basic standards.

ISO 9000 standards are voluntary standards, and they can be understood and applied in many different ways depending on the needs, know-how, the degree of progress, and decisions of the organization in question. The requirement standard ISO 9001 for QA may become binding if it is referred to in a contract, other agreements, or regulatory requirements.

Long term and broad-based development of the standards

ISO 9000 standards have been internationally compiled and continually revised and updaated during the recent decades and commonly used in more than one hundred countries and in multitude different fields of business. The standards have been translated into a lot of languages. ISO 9000 standards are bestsellers of the standardization bodies. Hence, people are talking about ISO 9000 phenomenon.

We can recognize the following mile stones and phases in the development of the ISO 9000 standards:
- Incoherence in international QM / QA practices in the 1970's
- The committee ISO TC 176 (Quality management and quality assurance) founded in 1979
- The first series of ISO 9000 (General introduction), 9001/9002/9003 (QA), 9004 (QM) and ISO 8402 (Vocabulary) published concurrently in 1987
- Many supplementary standards published to the series ('ISO 9000 family')
- Large distribution and usage of the standards in various countries, industries, and business branches ('ISO 9000 phenomenon')
- Overly emphasized QA and crisis of the certification due to the erosion of the credibility of quality system certificates
- Uncontrolled proliferation of the creation of the standards family and countermeasures for it ("ISO 9000 family planning")
- The second version of the basic standards: Corrections and cosmetic clarifications in 1994
- Criticism to quality of the standards and standardization process. Problems due to many different sector-specific QM standards and management standards of many other management disciplines (proliferation), and commercialization of the certification
- Strengthening the work of ISO TC 176 and clarifying user needs and expectations in 1995
- "Vision 2000" of the ISO 9000 stndardization in 1999
- Publishing the quality management principles (QMP's) for the foundation of the ISO 9000 standardization and standards (2000)
- The third version of the standards: Renewal of the whole ISO 9000 family, simplification and emphasis of the - consistent pair of QM / QA standards, and a new understanding of the standards in 2000, the vocabulary standard ISO 8402 was combined with the standard ISO 9000
- The vision and strategy for the ISO 9000 standardization: Horizon 2010
- The fourth version of the standards: Amending ISO 9001 (2008) and revising ISO 9004 (2009) with no more concurrency and clear consistency in the ISO 9004 and ISO 9001 development. In rewriting the standard ISO 9004 also the title was expanded to "Managing for sustainable success - A quality management approach" providing a new emphasis, sustainable business success ino the standard.
- Revising the QMP's (2012)
- Starting (in 2012) the work of the fifth generation of the ISO 9000 family. The first task is the revision of the ISO 9001 standard and adopting in the standard the new high level structure and core text, and common terms and core definitions that should be used in all management system standards of the different managerial disciplines.

Development of the ISO 9000 standards in the ISO TC 176 committee has been projected according to the Horizon 2010 strategic decisions that include the vision, goals, and strategic intents and strategies:
Vision:
- Establishing worldwide acceptance and use of QM standards
- Facilitating global and local trade
- Contributing to the prosperity and improvement of individual and organizational well-being
Goals:
- Aiming for wide acceptance of the QMP's
- Remaining dedicated to the development of generic quality management system (QMS) standards
- Continuing to offer QMS standards recognized as the leading means of providing confidence that an organization can provide products, which meet customer and regulatory requirements
- Continuing to offer QMS standards suitable for improving the performance of an organization and enhancing satisfaction of its interested parties
- The committee ISO TC 176 being the recognized advisory body when a sector-specific application of generic QMS standards is considered
- Being recognized for providing valuable contributions on issues related to management systems including: standards, conformity assessment, the developing concept of quality, the impact of technology, and business excellence models
Strategic intents and strategies:
- Ensuring the continuing relevance of ISO 9000 family of standards to their users
- Considering changes in and dynamics between societal values and needs, organizational practices, and technology
- Focusing on developing and improving a limited but effective family of products applicable to all organizations
- Aiming for minimizing proliferation and harmonizing QM documents within different industry sectors
- Enhancing the understanding and implementation of QMS standards
- Encouraging the use of QMS standards in emerging economies
- Promoting the use of a process-based QMS model in the management system standards
- Collaborating on mechanisms to preserve the credibility of ISO 9001 when used in 1st, 2nd, and 3rd party declarations of conformity
- Establishing a mechanism for regular dialogue with key organizations developing business excellence models
- Ensuring the application of the QMP's

The ISO 9000 standardization, and particularly ISO 9001 and ISO 9004 standards, have had an enormous impact on the development of quality practices globally in all kinds of organizations. However, this has not taken place without problems and drawbacks:
- There has been stagnation in the development of the ISO 9001 standard. Factually there has been no essential development during the recent 20 years in the standard. However, organizational business environments and communities are changing at increasing pace.
- Standard ISO 9004 is too general, vague, and customary and therefore hardly can provide enough practical guidance or support for organizations' business development. There is better other literature available for this purpose. Assessment model in the standard is theoretical and does not reflect the needs of organizations. It cannot compete with the recognized performance excellence models (quality awards criteria).
- ISO 9000 standardization process is too slow and poorly managed and cannot follow the general development and trends of business environments and society at large (figure 2).
- Standardization bodies have very weak means to control the use of the standards. The use of the standards is directed strongly by commercial consulting / certification business but not by genuine business needs.

Figure 2. Ability of the ISO 9000 standardization to adapt to business and societal environments

Consensus process is the core feature of standardization practices. It is the strength of the international standardization, but in the same time it is the major reason to the problems and deficiencies of the standards. Everyone involved has possibility to voice his or her opinion and all opinions should also be taken into account. The most important consensus practices in the standardization include the following possibilities:
a) Someone’s proposal is accepted although it is not the best possible solution or not even similarly understood by different experts.
b) A text is edited together in a working group (or by the opposites) in order to get consensus.
c) “Competing” alternative texts are included in the standard although they may be contradictory and hence confusing.
d) Disputed issues are not mentioned in the standard.
Users of standards should be aware of these practices.

Unsatisfactory development of the ISO 9000 standardization has negative effects:
- ISO 9000 standards and even more generally the quality discipline are losing their attraction and interestingness.
- There are disappointments towards quality professionalism.
- Commercialized certification business based on stagnant ISO 9001 has endangered diversity and proactive innovations in QM and QA.
- There is threat to the future of the whole QM thinking and ISO 9000 standardization.

In spite of all the existing problems one may also see some weak signals of the new views in ISO 9000 standardization. That relates to the following aspects that have been under consideration during the recent standardization work:
- Striving for business integration through harmonization of the different management system standards
- Considering the simultaneous use of ISO 9000 standards and performance excellence models
- Mapping organization profile to find out an organization's identity as a basis for organization-dedicated and comprehensive performance development
- Incorporating time, speed and agility, and related aspects like networked collaboration, complexity, knowledge, learning, serendipity, etc., to the ISO 9000 standardization
- Considering the concepts and ideas for the future revision of ISO 9001

However, in all cases clever organizations have always possibilities to apply the standards in a meaningful and creative way. A key issue for that is that standards are understood as unlimited opportunities and not as specific targets ("The trapoline approach", figure 3).

Figure 3. The "tampoline approach" for applying the standards

Quality management principles, the profound basis of the standards

As such, the ISO 9000 standards don't bring about much new special measures to well-functioning organizations that already utilize an effective and efficient management and leadership approach in an innovative manner. However, the standards ought to be viewed for inspiring to organization-specific superior solutions (figure 3). Regarding the standards as obligatory requirements (and especially as so-called minimum requirements) ought to be eliminated as that is not according to ISO 9000's aim and cannot lead to the challenging objectives embodied in the ISO 9000 standards.

When utilizing ISO 9000 standards, one should take into account seven QMP's, which have been drawn up as a basis for the entire ISO 9000 standards series. With the help of these one can breathe the "spirit of business life" into ISO 9000 realization and development. These principles are:
1. Customer focus
2. Leadership
3. Engagement and competence of people
4. Process approach
5. Improvement
6. Informed decision making
Relationship management

Definitely the QMP's for an essential basis for the ISO 9000 standardization, ISO 9000 standards and the implementing the standards. However, we should be clearly aware how to do that. “Principle” is a basic belief, theory, or rule that has a major influence on the way in which something is done. “Quality management principles” are a set of fundamental belief, norms, rules and values that are accepted as true and that can be used as a basis for QM. QMP's emphasize what we should take into account in all contexts of ISO 9000 standards. QMP's provide the profound knowledge for understanding all the standard clauses. The word principle is originated from the Latin word 'principium' that literally means, 'which is first'.Thus QMP's should be as the starting point of the standards' creation and implementation.

The QMP's of the ISO 9000 standards also point out clearly how the standards aim at implementing TQM as it is considered in a lot of literature. These principles also are very similar with the basic concepts and principles of the well-known performance excellence models (quality award criteria). Thus the standards and the performance excellence models are both promoting the same issues, quality of management, and excellent business performance and sustained success realized in a systematic way in an organization's management system.

ISO 9000 QMP's should be utilized together with the recognized good management principles presented by many business management thinkers and teachers from the creators of the classical school of management theory, e.g. F.W Taylor and H. Fayol, to today’s influential persons who have defined their own management principles according their own experiences and insights. These may be used as references for managerial development in any organization. The standardized QMP’s may be used in this context to emphasize quality viewpoints for developing a business integrated approach for the professional QM approach.

Multidimensional business environments and different managerial disciplines

The QM is applied in a multidimensional business environment. Figure 4 presents our holistic view to the major factors related to the QM. All organizations operate in complex business and social communities, and hence in the QM realizations we should take into account phenomena related to the business networks and ecosystems of these communities. In practice QM elements are realized in business processes. Organizations' people and particular business leaders have key roles. There are a lot of technical means that can be used to enhance efficiency of the organizational QM.



Figure 4. A comprehensive approach to QM. Behavior models and memes (learned cultural items in brains) of employees and business leaders have an essential impact on the organizational realization of QM.

Business leaders have the responsibility to cope with all managerial branches of knowledge, “disciplines”, required in their business and used within their organization’s business processes. QM is one of these specialized disciplines that  are handled in various international management system standards for directing and guiding the development of organizational practices.

We should consider disciplines from both theoretical and practical viewpoints. Theoretical approach gives depth to understand individual disciplines and relationships of different disciplines. Theoretical methodology of multidimensional information-based discipline (MID) is derived from the philosophical definitions of how the real world is seen and how the information may be reached for understanding its diversity and multiple disciplines. The MID can be used for treating both substance and methodological questions in its framework. Substance questions deal with the essence and meaning of information, and how to process information. The methodology aims at managing conceptual and theoretical elements for building theoretical and practical frameworks, for example to cope with interrelated aspects between different disciplines. MID affects in organizational cases in such a way that it allows to identify (describe) the relevant factors of the topic, as well as ontological and epistemological choices. With MID one can design and implement QM applications, so that it is possible to examine in the same context the management and employee activities, and technological solutions. Practical questions of the disciplines should be considered within the business management framework from the viewpoints of various management system standards

Organizations’ business systems and their processes of management cannot be standardized in general standards because they always must fulfill organizations’ specific business needs and fit to organizations’ business situations. However, aspects and requirements of specialized disciplines have become an important area of management system standardization. Quality discipline and ISO 9000 standards family is one example in this field. General international standardization for the management systems started just with ISO 9000 standards. Later a lot of other standards have been created for many specialized areas of the business management, including environmental management, social responsibility management, risk management, occupational health and safety management, information systems/service management, information security management, dependability management, etc. For these areas there are general standards but also sector specific standards, e.g. those for automobile industry, software industry, aviation industry, military applications, health care, etc.

There are many challenges in creating, maintaining, and applying the requirements of these discipline specific management standards in practice in organizations. All those standards are based on particular traditions of different disciplines. The experts of the different expertise - who do not often have close contacts or communication with business leaders or with each other - have been responsible for drafting and finalizing these specialized standards. Hence, those standards and also their application in organizations may become rather isolated from the business system and management processes, and from each other.

Typically organizations apply simultaneously standards of many different disciplines and integrate them within organization’s business system. Different structures and terminologies in the standards cause problems in integration, and lead to isolated discipline management systems that are ineffective and inefficient; and may even be rejected or cause disturbance in the normal business management. All disciplines must adapt themselves to general management practices of an organization.

ISO/IEC Directives (published as Annex SL and also as ISO Guide 83) define a high level structure and identical core text, and common terms and core definitions to be used in all discipline specific management standards. The high level structure consists of key issues of the business management that is significant for promoting the business integration in applying the standards. The guide follows very normal business language and practices. It requires different disciplines to adapt themselves into these concepts and framework but also allows them to add their own specific requirements to this framework. The new harmonized approach will be applied in the fifth revision of the ISO 9001 standard.

The harmonized approach may be of great help to organizations in their integration initiatives. However, this requires that discipline experts, e.g. information security experts, must learn organizational business imperatives and collaborate with other expert colleagues and business leaders. The business strategies and management must be the main drivers to the discipline specific initiatives and development (figure 5).

Figure 5. Both managerial, and technical decisions and actions are needed for QM solutions for the business needs.

All specialized leadership and management areas, which are analogous to QM, should be implemented in an organization with a uniform systematic approach (figure 6). In this way the general principles of the ISO 9000 standards would be applicable as a general guidance also in the areas of e.g. social responsibility, environmental management, occupational health and safety, information security, risks management, and financial management. There is no justification for creating separate systems only for these areas, as they should all be integral parts of organization's business activities. Distinct systems are in fact harmful to the overall business performance. The key issue of this our integration approach is that all organizations have always only one business system to be managed and all specialized discipline issues must be embedded within this system. This integration principle is different from the model acciording to which the specialized disciplines, e.g. quality and environmental protection, form a single management system within an organization.

Figure 6. The Finnish model for integrating different specialized areas of business management

Quality management and quality assurance, and integration

The ISO 9000 standards texts delineate an organizational quality approach with two principal and consistent areas within business management (figure 7):
- Quality Management, QM, which is for the internal use of an organization and the goal of which is to develop business performance towards excellence and sustained success. In fact, QM equals the quality of management. Standard ISO 9004 provides guidelines for the effectiveness and efficiency of the QM. The aim of this standard is to enhance the performance of the organization through awareness of the organisation's environment, the effective management of opportunities and risks, learning from experience, and the application of improvement and innovation, and to enhance satisfaction of customers and other interested parties over the long term and in a balanced way.
- Quality Assurance, QA, the purpose of which is to provide the customer with factual information when an organization needs to demonstrate its ability to provide products that fulfill customer and applicable regulatory requirements and aims to enhance customer satisfaction. That is especially needed in the situations of orders and contracts to generate confidence in the organization's business operations. Standard ISO 9001 defines general QA requirements for organizations' QM. QA is on a part of QM.

Figure 7. QM and QA have two different purposes but they must be consistent with each other. ISO 9000 QM principles form the standardized foundation for the both.

These two areas have differing purposes. However, QA can in practice never succeed unless QM is in proper order. External certification based on ISO 9001 standard is a by-plot of QA and in many cases there is not even any real need to it. The most organizations using the ISO 9000 standards, however, have no intention of ever being certified. These companies want to utilize the standards (especially ISO 9004) internally in order to improve their business performance. Certifications have simply been granted with too big (and even an erroneous and deleterious) a role in the media and general discussion.

Many users of the standards do not clearly understand the fundamental difference between ISO 9004 and ISO 9001. If, for example, the ISO 9001 standard only were used for developing a QMS for an organization, the basic purpose of ISO 9000 will not be realized and the results will remain ineffective and inefficient. Organizations need both QM internally and QA externally for operations with all stakeholders (figure 8).

Figure 8. Two principal management domains for the quality approach in organizations' business

QM (as presented in ISO 9004) and QA (as presented in ISO 9001) should in no case be distinct issues separated from one another as they should form a consistent pair of the two managerial areas. In practice this can be achieved most effectively only if both are grounded directly in the actual activities of the organization's business system and processes of management. This is the approach of quality integration that we invented as a concept and introduced to practical business solutions in the 1990's. All organizations have always a certain level of QM and QA realizations and there are always possibilities to improve the situation.

ISO 9000 standards are widely used and widely misunderstood and misused

When considering standardization we should look at both standards creating process and the use of standards. According to the general standardization definitions (ISO Guide 2) standardization is an activity giving solutions for repetitive application, to problems essentially in the spheres of science, technology and economics, aimed at the achievement of the optimum degree of order in a given context. Generally, the activity consists of the processes of formulating, issuing and implementing standards. Standards creating and standards applying are two very different worlds (figure 9). Standards creating is based on voluntary experts and consensus process but in standards application responsibility is on business leaders and the core of the process is innovation.


Figure 9. Standards creating is based on consensus and application on innovation.

Generally there have been great expectations concerning quality all around the world and one can refer to a multitude of success stories pertaining to systematically implemented quality development projects. However, at the same time recognized experts have indicated that even the majority of development initiatives which are undertaken under the name of quality have failed. ISO 9000 standards have been for many years one of the most significant references for quality development in organizations. When subjecting results gained from these applications to critical examination, one can say that the results are, to say the least, contradictory. While others praise the standards, others are deeply disappointed and even frustrated with them. The standards applications have not necessarily had significant effects to the overall business performance. The most critical allegations concern organizations' quality system certifications made by external third parties. There are tree fundamental quality problems embedded in these certifications: (a) Lack of concrete business integration, (b) Lack of direct linkages to the real needs and satisfaction of customers and organizations' other stakeholders, and (c) Lack of innovations in the creation and the use of standards. Certifications and annual third party audits are also too slow way to respond to the market needs.

On the national level, there is not necessarily any justified relation between the number of certified companies and the general competitiveness in terms of economic performance, and no significant difference between certified and non-certified suppliers with respect to reliability of deliveries and the number of complaints. Furthermore, certification does not seem to guarantee high quality of goods or services. In cases with positive effects of ISO 9000 applications there are normally no experiences about the other possible alternative - and even better - approaches and means. In fact, in very early and undeveloped phases of an organization's quality approach, all systematic means are normally seen useful.

Mostly the problems are originated in the insufficient understanding of the purpose, nature, or fundamental principles of the standards. One can find a lot of practical cases from organizations applying ISO 9000 standards where the standards are not understood in the comprehensive way they have been defined in the standards themselves. There are also many misleading articles, consultants, and training programmes.

Problems in use of the standards have also reflected to the standardization work within the responsible committee ISO TC176. Negative effects include e.g.:
- Contradictory opinions and understandings of the standards within the committee experts
- Being up with irrelevant issues
- Stagnation of the development of ISO 9001 standard
- Confusion and illogicality in terminology, definitions, and standard texts
- Trivialities in the standards interpretation activity

According to ISO Guide 2, standard is a technical specification or other document available to the public, drawn up with the cooperation and consensus or general approval of all interests affected by it, based on the consolidated results of science, technology and experience, aimed at the promotion of optimum community benefits and approved by a standardization body. In standardization practices, it has been difficult to get the results of science, technology and experience influence on the standard texts in an innovative way. However, standardization deficiencies can be corrected by the smart application.

Often ISO 9000 standards are being wrongly understood as obligatory requirements, and also standardization organizations are seen as some kind of official authorities to define those requirements. Also very misleading is often heard statement that ISO 9001 defines minimum requirements for QM. There are no arguments for that in the standard texts. These may be reasons why companies' implementations so often reflect passive and reactive ways to realize standard issues. But that is not the purpose of ISO 9000 standards. One should use proactive and innovative means to realize standards clauses (figure 10). The standards set no restrictions for that.



Figure 10. Innovation means that new things are done and old things are done in new ways. In ISO 9000 context this means that standard issues should be supplemented and adjusted by organizations by their own unique business related "What" and "How" elements. From organization's performance point of view "How" is more important than "What".

However, it is unfortunate that mainly due to the working resources and practices of the standardization committee (especially voluntary basis of the experts, many committee experts are not - or no more - directly working in business organizations, and the consensus principle in working practices), the existing ISO 9000 standards are not particularly clear, neither with respect to their form, nor their contents. One can find a lot of practical cases from organizations applying ISO 9000 standards where the basic objectives, structure, and fundamental principles of the standards series are not understood clearly. Of course one reason is the text of the standards because in many places it seems to be artificial and unpractical from many real business organization's points of view. Thus, standards texts and their backgrounds are difficult to understand. In addition, translations into different languages make the situation still more troublesome.

According to the ISO 9000 standard vocabulary, QM means coordinated activities to direct and control an organization with regard to quality. Quality is an abstraction, it is related to the characteristics of the results or outputs of certain activities or processes to fulfill needs and expectations, and managing quality is not possible directly. Hence, the phraseology management of quality does not give any practical clarification for the concept of QM. QM is clearly an essential part of the management of an organization. All the activities needed for managing quality are included in the managing processes of an organization. Even within the ISO 9000 standardization community, there have been long discussions on the clarifying statement for the concept of QM. In these discussions, statements like quality for management, quality in management, and quality of management have been used without any consensus conclusion. Our conclusion is that quality of management is the most suitable and also the most practical and challenging interpretation, and we have used that approach in practical company cases, too. Hence, quality in this context is an attribute of management depicting certain favorite and successful characteristics of management. Here the management covers all activity levels within an organization, from top management to management of operational activities and individual self-management of employees (figure 11).

Figure 11. Organizational management covers activities and responsibilities over the whole organization

Quality management system (QMS), which is absolutely central concept in the ISO 9000 standards, has largely been misused. According to ISO 9000, a QMS system refers specifically to the management system, i.e. the system used for business management and leadership, comprised of organizational structures, approaches, processes, and resources, and which meets primarily business needs of the organization. "Quality" is an attribute of the management system implying that appropriate professional management and leadership principles and means are applied within the organization's management and leadership processes in order to ensure and increase its effectiveness and efficiency. The standards present a standardized approach for these principles and means.

Also the management system may be confusing because organizations are managed by people, business leaders, and not by systems. In fact, an organization is a system to be managed through systematic managing processes.

ISO 9000 QMS is not defined by ISO 9001 only. One must necessarily take into account also ISO 9004 topics. Factually ISO 9001 activities are a part of ISO 9004 scope. Those standards do not describe in the full what the a QMS is about. ISO 9004 presents aspects of the effectiveness and efficiency and ISO 9001 general requirements of the QMS. QMS is always something more. Here we may refer to Aristotle who says in the Metaphysics: "The whole is more than the sum of its parts" and to Russell's paradox: “Whatever involves all of a collection of objects must not be one of the collection”. QMS is always organization-specific issue. Each organization can have only one holistic business system, and when that system creates business success and fulfills relevant requirements it can be called "quality management system". In fact, the concept QMS is not at all needed for practical quality approaches in organizations. In order to differ from the others an organization could use a particular title for its QMS. An example: A company that emphasizes innovativeness in its business calls QMS IBR – Innovative Business Realization.

Still many organizations use the obsolete expression "quality system"(QS) although it does not exist any more in the ISO 9000 standards. QMS is very different from QS. In real business environments the genuine QMS can never be a distinct system. Actually, the real QMS is always seamlessly integrated into the business system and its management (figure 12). Thus, it is appropriate to speak about quality "systematicity" that is realized through business management and business processes. The QMS is a concept of systematic approach for quality of management. It is more a thinking model, mental system, metaphor, or even illusion than any physical system. A distinctly built quality system can even be detrimental.


Figure 12. A typical structure and the major management elements of a business system of any organization. In practice this is always in its details an organization-specific solution. This structure is the basis for integration of the QMS. In the real situation one cannot see any distinct QMS justified.

Many organizations and even quality experts have difficulties to recognized the difference between standards ISO 9001 and ISO 9004. Still more problematic is define relationships of the other models or appreoaches that are used in organizations simulaneously closely with the ISO 9000 standards. That includes the application of the performance excellence models (quality award criteria), Kaizen, SixSigma, Lean, Balanced Scorecard (BSC), etc. All these may be seen as sub-domains of a comprehensive organizational business-integrated QM approach and ISO 9000 standards (figure 13) but this kind of understanding can even cause bitter disagreement.



Figure 13. Seeking differences between the performance excellence models (PEM), Kaizen, SixSigma, Lean, Balanced Scorecard (BSC) and the standards ISO 9001 and ISO 9004 according to their roles in a business system.

Standardized QM / QA elements

Only certain major topic areas, or "QMS elements", of an organization's business system and its management for QM and QA realization are explicitly considered in the standard texts (figure 14). This does not, however, mean that in the ISO 9000 standards QM and QA would refer solely to these issues. Organizations must naturally supplement the standard topics in accordance with their own needs and circumstances, and realize them in a superior manner on the basis of their own innovative decisions. Sector specific applications of the ISO 9000 standards, including automotive, telecom, aviation, software, military, etc. industries, may provide useful information and details for the organization-specific solutions. The real QMS consists of all these issues being in use in an organization.


Figure 14. ISO 9000 QM / QA elements within an organization's business system

In the ISO 9000 standards, very little emphasis has been given to the means on how to implement these QM / QA elements. In the ISO 9004 standard only some commonly known standard means, on which the experts of the standardizing committee have been unanimous upon, are presented at quite a general level. On the other hand, the presentation of means in the ISO 9001 standards was not allowed at all, in order to prevent anyone from interpreting them as requirements. How things are implemented in practice in an organization depends precisely on what its performance is like with respect to the needs of QM and QA. Hence it seems questionable whether e.g. the expressions "in compliance with ISO 9001" or "fullfil ISO 9001 requirements" have any real meaning with respect to an organization's performance.

All ISO 9000 QM / QA elements discussed in the standards are factually parts of organizations' business system and are realized in business processes. The process-like performance model constitutes in fact the business-like basis of the ISO 9000 standards. This means that realization of the standards ought to take the business processes of an organization, and not the standards clauses, as its starting point.

When utilizing ISO 9000 standards, one also should take into account with each QM / QA element the seven ISO 9000 QMP's.

Challenging excellence in the QA services

ISO 9001 represents QA requirements in the ISO 9000 family of standards. The purpose of QA is to create and strengthen confidence among organizations' customers and other stakeholders. QA refers to measures, through which both customers as well as other stakeholders become convinced that the specified product requirements are being met. An overly emphasized QA issues should be avoided so that they do not turn to be excessive and expensive or superficial and not meet the real QA purpose and the relevant needs. In QA between two parties, the most natural and sound approach is to utilize QA agreements and related QA plans, for which ISO 9001 may serve as a general model.

Even QA should be realized in a way that is efficient and suitable in the light of the business requirements and takes into account the competitive aspects of the market-place. That is the real challenges in using ISO 9001 standard. ISO 9001 standard-text considers only effectiveness of the QA but not at all efficiency aspects. In real business cases, however, the organization itself must take also efficiency seriously into consideration. That means particularly the "How"-issues in ISO 9001 realization. The ISO 9001 standard does not present any "How"-issues, they must be decided by the organizations themselves.

A problem among the ISO 9001 application-organizations is that they understand ISO 9001 covering the whole scope of QM. That means that neither practical QA purposes nor challenging QM solutions may be achieved.

Certification or registration refers to indicating with a certificate that a product is or will be in accordance with the specific requirements (e.g. according to a standard or specification). A certificate relates primarily to a product and through that also to those activities of business processes determined to assure the specific product features. Certifications concerning the QA typically adhere to the standard ISO 9001. The standard ISO 9004 cannot be used for certifications. The general kind of certification does not ensure the quality of a product or the business performance of an organization. Certification is closely linked with market and customer communication. A third party certification of a QMS apart from the product and the customer is questionable from the business benefits' point of view.

When considering QA the needs and expectations of the interested parties should be taken into account. In many businesses the following is typical:
- Consumers: They expect good service performance and low price; they are not interested in formal QA issues.
- Business-to-business customers: They expect confidence relating to company-dedicated advanced solutions and for them very general ISO 9001 standard and third party certifications are too vague for a real QA. They are interested in customer-tailored QA solutions. This is also valid in professional supplier partnerships.
- National authorities: They are responsible about the minimum national performance level of basic services. In competitive business environments fullfilling only the regulatory requirements is not enough for business competitiveness.
Conclusion in this kind of business situation is that there are no justification and no needs for a general third party certification of the QMS. That even could hinder an innovative development of customer-focused QA approaches.

External certification in connection with ISO 9001 standard - if it is really needed - should only be one of the means for QA and it can be a by-product of an organization's holistic business-integrated quality approach. Only a part of the organizations using ISO 9000 standards are certified and many of the organizations may have no intention of ever being certified. These organizations want to utilize the standards internally in order to improve their business performance and to use them as general agenda for QA in contractual situations. Certifications have simply been granted with too big (and even an erroneous and deleterious) role in the media. Today there is a credibility crisis in certification business and in some areas the number of certificates has started to decrease.

In fact, there are also different options for certifications. A certification can be performed by the first party (the company itself, i.e. self-certification or self-declaration), the second party (customers), or the third party (a service company specialized in certifying services). The most genuine and natural way to proceed is self-certification, which gains interest due to the flaws associated with third party certifying. However, self-certification requires a strong personal and professional commitment and visibility to QM from the top business leadership of an organization. Hence, an organization's strong focus on certification by an external third party may be a sign of weak, ineffective, and old-fashioned QM and outsourcing this important management responsibility. One cannot distinguish from the competitors only by leaning on general third party certifications.

When realized seriously the self-certification may provide for remarkable strengths compared with the third-party certification. Certifications provided by customers are especially recommended and an organization should strive towards gaining certifications from their key referring customers. With regard to third-party certifications - should this become necessary in the light of marketing efforts - it is worthwhile to examine them by restricting them only to questions pertaining to safety, health, environmental protection, and product liability. Serious criticism has been directed at certifications made by third parties due to the fact that these often entail an emphasis on the business objectives of the company (certification body) doing the certifying. This is a disadvantage of the commercialized certification. Advanced organizations may proactively get advantages from all different kinds of certifications simultaneously according to the needs of the various business cases.

Confidence, the core purpose of QA, is most critical factor for success in cooperating between partnering organizations. It is also a competitive advantage because it is difficult to imitate a genuine confidence and to create it in a short term. Transparency is the core element for building confidence among cooperating organizations and individuals. Increased risks and uncertainties within the operational environment set raised requirements for confidence. Key measures for development of situation focus on effective communication solutions.

Historically QA standardization was grounded in the requirements of major customers (e.g. defense, nuclear energy, automotive, etc. industries). The new and modern approach is, however, for an organization (a supplier) to view QA as a service to its customers and to seek to provide this service in a superior manner, and at least to be better than the competitors. The key strategy for this is the "Win / Win" partnership between the organization and its interested parties. Thus QA can be seen as a value-adding part (a service-element) in organization's products-offerings (figure 15). The new e-business technology creates completely new cutting-edge solutions (e.g. "e-certificate") for QA. E-certificate consists of Internet site(s) or portal solution providing for assurance that an organization conforms to a standard or specification indicated by the certificate.



Figure 15. QA is based on factual process-based information for customers' confidence. It can be understood as a communicational service-element to the customer. Modern Internet facilities may be used for QA communication.

Communicational QA services give also an opportunity to personalize and create partnership-dedicated efficient solutions with collaborative extranet technology or social software. These solutions may facilitate flexible real time and bilateral multi-media communication between cooperating partners according to the principle of "Enterprise one to one" (figure 16). With these means an organization may act individually to fullfil QA needs of separate stakeholders.

Figure 16. Customer's differentiation and organization's capabilities for an "enterprise one to one" approach is a challenge for QA.

Performance evaluations of the QM and improvement

Organizations are interested in their overall business performance which is a broad concept including four categories of performance:
- Customer focused performance
- Operational performance
- Product performance
- Financial and market performance
All these organizational performance dimensions are important also from the QM and QA point of view, and they depend squarely on the performance of the business processes. Financial performance is the foundation for the organizational survival and development.

In practice, both business performance and performance of QM are fuzzy concepts (figure 17). This implies that an overly simplified ON/OFF way of thinking - implying that there is or isn't a QMS - is not a fruitful approach. The QM performance can be evaluated through self-assessments with performance excellence models (quality awards criteria). Also ISO 9004 suggests a simple method for a self-assessment of an organization's QM approach.



Figure 17. Performance of a business system as a whole including QM and of the individual business processes is a fuzzy concept.

Performance management includes that business and management performance are evaluated internally by organization's own resources for performance improvement and also for QA. Both strategic and operational evaluations are needed. Aiming at business excellence requires that also relevant references of competitors and best practices and benchmarks in other organizations are taken into account in the evaluations.

Strategic evaluations cover business units and their businesses as a whole. They are made as self-assessments by the management teams of the units. Performance excellence models are most suitable tools for that purpose. The operational performance evaluations are for for daily business management and are focused on diagnostics and analysis for corrective and preventive actions, and on the needs of QA.

Audits are empirical evaluations of the business performance. It is useful to carry out internal audits per business processes that are the operational elements of the business system and the "carriers" of the QM and QA elements. Audits are more operational than self-assessments. Audits are made by people who are independent from the processes being audited. Internal auditing is very different compared with external, e.g. third party, auditing. It should cover both QM and QA issues and emphasize organization's comprehensive business needs (as covered e.g. by ISO 9004). In external auditing one is interested in QA (as covered by ISO 9001) issues and customers' viewpoints. External third party certifications assure the performance only in a weak manner (figure 17). Performance evaluations are significant business management activities.

Auditing is based on the ISO 19011 standard definition and principles. Internal auditing is a comprehensive task that should be both reactive and proactive by nature. Its purpose is not only to search for nonconformities (non-fulfillment of specified requirements) or defects (non-fulfillment of intended usage requirements or reasonable expectations under the existing circumstances) but there is a broader business related scope. Also performance strengths of the processes must be noted in internal audits.

The both methods, self-assessments and audits, support well each other.

The most important purpose of the performance measurements and evaluations is that they make possible a fact-based improvements. Figure 18 demonstrates that there are lots of different kinds of business related facts of different business phenomena and especially in business processes. The facts are often hidden in the business activities. If you apply appropriate measurement means, you may get data describing interesting and relevant facts. After that data may be analyzed with suitable analysis methodology in order to get information that is meaningful to the acute business case and situation. Information may be used for managerial actions - according to the PDCA model - to the operations and business processes. However, the deliberation and decisions of the business leaders are always starting points to the actions. That means that empirical fact-based information must be combined with the skills, knowledge and even the wisdom of the business management.



Figure 18. Organization's actual business situation is composed of facts in the business processes. Management's decisions and interventions are based on information from these facts combined with the management's previous information and tacit knowledge (understanding). Managerial knowledge develops mainly through the collaborate learning. "Ba" is a Japanese name for collaborative knowledge creating and learning environment.

There are two ways to the improvements. Reactive development is achieved through problem solving. However, more can be achieved when opportunities, challenges and innovations are the basis of performance development and the organization takes proactively into account the existing strengths, competitive advantages, and opportunities. The reactive method in its backward-looking nature is never as effective as the future-orientation. The improvement is carried out through utilizing well established methods including e.g. performance analyses, corrective and preventive actions, innovations, and benchmarking (see figure 19).



Figure 19. A comprehensive QM approach for establishing foundations of continual improving business performance

Organization's QM model for a comprehensive ISO 9000 integration

Every organization has always its own existing realization of QM and QA that can be gradually improved according to the organization's business development strategies and practices. The integration of QM related measures can be made more effective if the business management infrastructure is clearly and innovatively defined, and the organization has adopted its own QM framework within the management infrastructure. This is also a natural basis for excellent ISO 9000 applications.

Both vertical (strategic) and horizontal (operational) integration of QM issues with business management is needed. This takes place in a natural way at four levels of the leadership (figure 20):
- The normative and cultural level (corporate or business community at large), where the general principles ("the common insight"), goals, shared tools and practices concerning quality are created, including how these principles are to be applied in practice on the basis of the organization's business requirements. At this level the company's superior insight of ISO 9000 standards and their application with other beneficial tools is established and articulated. Responsible person is always the CEO. This responsibility cannot be delegated.
- The strategic level (strategic business areas and units), where decisions are made by the general manager of the business unit and the other top business leaders, and measures undertaken concerning the entire particular business and especially the future competitiveness of the business and management of the whole business system are addressed. The business system is composed of the interrelated operational business processes. Very often in corporations there are different business areas that may be at different development stages. All these need different strategic quality approaches but they may operate within one corporate culture.
- The operational level (individual business processes), where decisions and measures concerning daily management are made and undertaken, and products (goods and services) are realized in real time for customer needs, just "now and here". Responsible person is the process owner.
- The human level (people and teams), where the personal contribution of each member of the organizations's personnel (including the top management) is provided in natural working environments. Responsibility is on the person him/herself.



Figure 20. A comprehensive organization-wide model for QM and QA integration including the ISO 9000 family of standards

Within these levels, the management tasks include business planning, control, improvement, and assurance that should all be realized in a harmonized and systematic way and in accordance with the organization's business objectives and leadership practices. Integration of QM will not take place unless its elements have been included within these normal leadership tasks. Also with QA - e.g. application of ISO 9001 - factual information from all these infrastructure levels and management activities can be used to create solutions for the interests of the customers and other interested parties.

Conclusion

In order to realize all ISO 9000 standards' opportunities one should use the whole ISO 9000 standards family in a consistent and innovative manner. Commonly defined guiding ideas of QM, especially the seven ISO 9000 QMP's, and tools should be employed in a natural and modern fashion integrated with company-specific emphases. This implies e.g. the following for an organization's quality approach:
- Aiming at business performance and excellence issues instead of particular quality-labeled items
- Applying flexible quality of management and leadership practices instead of formal and distinct QM
- Approaching systematically for the quality of leadership instead of distinct quality systems
- Setting stretched business objectives instead of following minimum standard requirements
- Striving for proactive and broad organizational learning instead of reactive continual remedies or improvements originated only by noted non-conformities
- Emphasizing innovative and unique solutions instead of stereotyped systems
- Using effectively internal performance self-assessments instead of trusting only on third party audits and certifications of quality systems

Basically, effective implementing the ISO 9000 standards (consisting of both QM and QA) equals an excellent business management and amounts to the same thing as innovatively company-dedicated business integrated TQM. Thus standards application should be seen as a strategic issue of the organization. ISO 9000 standards do not call for any extra measures or investments, but the standards can function as reference materials for measures pertaining to, for example, weaknesses and strengths discovered through a self-assessment performed by using performance excellence models (quality award criteria). Organization should not start any development actions only due to the ISO 9000 standards, but to do that on the basis of actual business requirements and their own quality enlightenment. This could also demonstrate the profound basis for unlimited opportunities for ISO 9000 applications to create competitive solutions for confidence within organizations' customers and other stakeholders.

References

(1) ISO (2007). ISO TC/176/SC2 Home Page
(2) C A Cianfrani, J J Tsiakalis, and J J West (editors) (2002). The ASQ ISO 9000:2000 handbook. M Bird and J Anttila: Using ISO 9004 to achieve excellence. Milwaukee: ASQ Quality Press
(3) J S Ahluwalia (editor) (2001). Changing role of TQM in the knowledge economy. J Anttila: Getting ISO 9000 happened more efficiently without a quality system and third party certificates. New Delhi: Institute of Directors
(4) J Anttila (1998). What TQM is and what should it be? The Best on Quality, Vol. 9, Milwaukee: ASQ Quality Press.
(5) M Hannula, A-M Järvelin, and M Seppä (editors) (2001). Frontiers of e-business research: J Anttila and Vakkuri J. Business Integrated e-Quality, FeBR 2001, Tampere
(6) M N Sinha (editor) (2001). Best on Quality, Vol. 12: J Anttila, A Aune, O Hartz, and K Jönson: Contributions of ISO 9000 and Quality Awards. International Academy for Quality. Milwaukee: ASQ Quality Press
(7) J Anttila and J Vakkuri (2001). ISO 9000 for the creative leader. Helsinki: Sonera Corporation.

Annex

Work in the international standardization committee for creating and maintaining the ISO 9000 standards

[This material has been presented in different forms in different international seminars, conferences, or education programmes, e.g. in Vaasa, Finland 1999, Mumbai, India 2000, Budapest, Hungary 2000, Lahti, Finland early 2000's (several times), New Delhi, India 2001, Antalya, Turkey 2002, Cape Canaveral, USA 2002, Ostrava, Czech Republic 2002, Kashira, Russia 2003, and Fribourg, Switzerland several times in 2004-2011. The text has been updated regularly and on the case by case basis and in accordance with the standards development.]