Value Adds to ISO 9001:2000 Compliance

For Pharmaceuticals and Biotechnology

I've been auditing to ISO 9000 since 1992. A part of my auditing philosophy has been to add value to the audited organizations by suggesting opportunities for improvement. I will describe the most effective "value adds" in this article.

Continual Improvement

Look at ISO 9001:2000 Clause 8.5.1, Continual Improvement. The statement of this requirement is "The organization shall continually improve the effectiveness of the quality management system through use of the quality policy, quality objectives, audit results, analysis of data, corrective and preventive action and management review."
"...well-run quality organizations have innovative methods of communicating with their customers."

There are three major ways 8.5.1 can be improved. Who is responsible for compliance to this requirement? Top management should have the responsibility. Also, there is no requirement for a process to accomplish continual improvement. Finally, how does one measure the effectiveness of the quality management system? Without a defined measurement of effectiveness it will be difficult to show improvement.

As a "value add" I suggest that the organization document an improvement program similar to that defined in TL 9000. Adder 8.5.1.C.1 in TL 9000 reads as follows: "The organization shall establish and maintain a documented Quality Improvement Program to improve: a) customer satisfaction; b) quality and reliability of the product, and c) other processes/products/services used within the organization."

There remains two issues: the responsibility for the improvement program and measuring the effectiveness of the quality management system. I suggest specifically identifying top management as responsible and adding a quality objective for quality system effectiveness in clause 5.4.1, Quality Objectives. Top management should define a measure which could be as simple as an index developed from a balanced scorecard.

Customer and Supplier Communication

There are a number of ISO 9001:2000 requirements that are aimed at better communication with customers and suppliers. Clause 5.2, Customer Focus, requires top management to "ensure that customer requirements are determined and met with the aim of enhancing customer satisfaction." This ties directly into Clause 7.2.1, Determination of Requirements Related to the Product, Clause 7.2.2., Review Requirements Related to the Product, Clause 7.2.3, Customer Communication, and Clause 8.2.1, Customer Satisfaction.

My experience with these requirements is that well-run quality organizations have innovative methods of communicating with their customers. Again, TL 9000 provides tools to use for improving customer communication. Adder 5.2.C.1, Customer Relationship Development, requires top management's active involvement in relationship development; and adder 5.2.C.2, Customer Communication Procedures, requires a strategy and criteria for customer selection, methods for sharing joint expectations and quality improvement of products, and regular joint reviews which include resolution of issues.

A key to customer communications is use of an effective method of determining customer satisfaction. I've found this to be weak in many organizations. I get comments from the audited organization that they send out surveys and get very few responses. Also I hear "the number of customer complaints is down this month." The "value add" that I usually provide is for the sales force to bring a copy of the surveys with them when they visit the customer and ask the customer to fill it out before they leave. This generally results in improvements in customer satisfaction information.

Communication with suppliers is also a key factor in well-run organizations. Clause 4.1, General Requirements, requires organizations to ensure control over outsourced processes. I suggest to organizations that quality management system planning, Clause 5.4.2, include inputs from suppliers, outsourced processes and customers. The overall" value add" for communication with customers and suppliers is to find innovative ways of communicating with them as part of the planning process. This is especially important during the design and development of new products.

The Process Approach

Clause 4.1, General Requirements, requires identification of the processes needed for the quality management system, their sequence and interaction, methods of assuring their effectiveness, provision of necessary resources and information required for their operation, monitoring, measurement, operation, analysis and improvement of the processes.

I suggest improvements as follows: First, the organizations should identify an owner who is responsible for assuring effective operation of each process. Second, the inputs and outputs of each process should be defined as part of the quality management system. Third, in addition to the resources needed, the constraints on the operation of each process should be defined. Finally, the activities of each process should be identified in phases of plan, do, check and act (PDCA). This will provide a tool for continual improvement of each process.

The process approach should also have an effect on internal auditing. Each audit should be developed based on the organization's processes. Process auditing built on PDCA provides a much more effective feedback mechanism than check-list audits. This is because organizations operate in terms of their processes and opportunities for improvement will be more readily identified when auditing these processes.

Product Realization Planning

Product realization planning covers activities such as determining objectives and requirements for the product; establishing needed processes, documents and resources; lifecycle activities such as verification, validation, monitoring, inspection and tests; and establishment of records that show that product requirements have been met. What is missing is a view of products (and services) over time.

The "value add" for product realization is to include a life-cycle model of the product (or service). TL 9000 adder 7.1.C.1, Life Cycle Model, provides a good example of such a model. The framework identified in TL 9000 includes "the processes, activities, and tasks involved in the concept, definition, development, production, operation, maintenance and disposition of the product." TL 9000 also has separate adders describing New Product Introduction (7.1.C.2) and End of Life Planning (7.1.C.4)

Another aspect of product realization planning in TL 9000 that should be included in a quality management system is Disaster Recovery (7.1.C.3). A whole variety of disasters should be considered. In addition to the natural disasters, there are problems such as homeland security issues, failure of manufacturing equipment, loss of computer systems, software virus attacks and loss of key personnel.

Risk Management

Risk management has gained national prominence with the passage of the Sarbanes-Oxley Law. One aspect of the law is a requirement that an organization have a system of internal control, including a risk management element. Risk management should be added to ISO 9001:2000, Clause 5.4.2, Quality Management System Planning.

A leading risk for any organization today is the supply chain. A "value add" that I've suggested to clients is to add specific requirements on identifying supply chain risk to Clause 5.4.2 of ISO 9001:2000.

Clause 8.4 of ISO 9001:2000 requires analysis of data gathered on customer satisfaction, conformity to product requirements, characteristics and trends of processes and products, and suppliers. Clause 8.4 provides opportunities for risk identification. The trends observed in the data are good predicators of future risks. They should be used as major inputs to the organization's risk analysis process. Identification of risks should lead to preventive actions managed using Clause 8.5.3 of ISO 9001:2000.


The revision of ISO 9001:2000 completed in 2008 is an amendment to the current standard. The changes are minimal and do not address some of the needs of organizations wanting to extend their quality management systems toward excellence.

During my years as an internal and external auditor I've identified additions to the quality management systems which added value. In this article, I've described a few additions ("value adds") to 9001 which can improve the quality management system and reduce risks to the organization. These additions should be considered by the standards committee drafting the next revision of ISO 9001:2008.

Sandford Liebesman is president of Sandford Quality Consulting LLC, Morristown, NJ, following more than 30 years of experience in quality at Bell Laboratories, Lucent Technologies and Bellcore (Telcordia). He is an author of "TL 9000, Release 3.0: A Guide to Measuring Excellence in Telecommunications," second edition, and "Using ISO 9000 to Improve Business Processes." Liebesman, a fellow of ASQ and chairman of the ASQ Electronics and Communications Division, is a member of ISO technical committee 176 and the ANSI Z-1 committee on quality assurance and a RABQSA International certified ISO 9000 and TL 9000 lead auditor.


i. ISO 9001:2000, Quality Management Systems - Requirements, Geneva, Switzerland, International Organization for Standardization, 2000.
ii. The QuEST Forum, TL 9000 Quality Management System Requirements Handbook, Release 3.0, Milwaukee, ASQ Quality Press, 2001.
iii. The U. S. House of representatives, Sarbanes-Oxley Act of 2002, July 24, 2002 (9:07 PM)
iv. Internal Control - Integrated Framework, Executive Summary, http://www.

Read More

ISO Link

ISO 9000 and ISO 14000

Additional Article

Ketola, Jeanne and Roberts, Kathy. "ISO 9001:2000 Update." Quality Digest. Accessed 3/6/09.