Shri G.S.

Institute of Technology and Science

Department of Industrial & Production Engineering
A Project Report
on

ISO 9000

Submitted to: Submitted by:

Prof. Ravi Varma Abbas haider

Quality control and reliability engineering 0801IP161001

IPE 3 rd Year

Submitted by:

Samriddhi Gupta

0801BM161047
ISO-International Organization for Standardization

The International Organization for Standardization is an international standard-

setting body composed of representatives from various national standards
organizations.

Founded on 23 February 1947, the organization promotes worldwide proprietary,

industrial and commercial standards. It is headquartered in Geneva, Switzerland, and
works in 164 countries.

It was one of the first organizations granted general consultative status with the
United Nations Economic and Social Council.

The International Organization for Standardization is an independent, non-

governmental organization, the members of which are the standards organizations of
the 164 member countries. It is the world's largest developer of voluntary
international standards and facilitates world trade by providing common standards
between nations. Over twenty thousand standards have been set covering
everything from manufactured products and technology to food safety, agriculture
and health care.
Use of the standards aids in the creation of products and services that are safe,
reliable and of good quality. The standards help businesses increase productivity
while minimizing errors and waste. By enabling products from different markets to be
directly compared, they facilitate companies in entering new markets and assist in
the development of global trade on a fair basis. The standards also serve to
safeguard consumers and the end-users of products and services, ensuring that
certified products conform to the minimum standards set internationally

1
Introduction
The International Organization for Standardization is an independent, non-
governmental organization, the members of which are the standards organizations of
the 164 member countries. It is the world's largest developer of voluntary
international standards and facilitates world trade by providing common standards
between nations. Over twenty thousand standards have been set covering
everything from manufactured products and technology to food safety, agriculture
and health care.
Use of the standards aids in the creation of products and services that are safe,
reliable and of good quality. The standards help businesses increase productivity
while minimizing errors and waste. By enabling products from different markets to be
directly compared, they facilitate companies in entering new markets and assist in
the development of global trade on a fair basis. The standards also serve to
safeguard consumers and the end-users of products and services, ensuring that
certified products conform to the minimum standards set internationally.The three
official languages of the ISO are English, French, and Russian.

2
History

The organization today known as ISO began in 1928 ] as the International Federation
of the National Standardizing Associations (ISA). It was suspended in
1942 during World War II, but after the war ISA was approached by the recently
formed United Nations Standards Coordinating Committee (UNSCC) with a proposal
to form a new global standards body. In October 1946, ISA and UNSCC delegates
from 25 countries met in London and agreed to join forces to create the new
International Organization for Standardization; the new organization officially began
operations in February 1947.

3
Commonly used ISOs
ISO 9001
By far the most popular family is that of ISO 9000. A family of quality management
standards, there are fourteen in total. Of these, ISO 9001:2015 is the only one that
can be certified to. It was first published in 1987, and has since been updated about
every 7 years. The standard details how to put a Quality Management System (QMS)
in place to better prepare your organization to produce quality products and services.
It is customer focused, and places an emphasis on continuous improvement and top
management processes that extended throughout the organization.

The standard was updated in 2015, and now places a greater emphasis on risk
management. The standard is generic, and can be used in any organization in any
sector. Over 1,000,000 ISO certifications have been given out in over 170 countries
according to the ISO Survey of Management System Standard Certifications.

ISO 14001
ISO 14000 is a family of standards relating to the environment. It includes multiple
standards, similar to ISO 9000. ISO 14001:2015 is the most popular in the family, and
is the only one in which an organization can be certified.

It establishes requirements for an Environmental Management System (EMS) and is

based on the continuous improvement model PDCA (Plan-Do-Check-Act). It is a
voluntary standard, put in place by companies who want to improve their processes,
and is very popular, with over 300,000 certifications in 171 countries worldwide.

ISO 27000
This family of standards concerns information technology, with the goal of improving
security and protecting company assets. Started in 2005, the two most popular
standards are ISO 27001:2013 and 27002:2013. 27001 is management-based system,
whereas 27002 is a technical document, focused on the individual and putting a code
of conduct in place.

Organizations can choose either standard; ISO 27001 has over 22,000 certifications
worldwide. It is a broad standard, and for this reason the certification can be
customized to fit the needs of the organization, and is not mandatory.

4
ISO 22000
This standard is focused on the development and implementation of a food safety
management system, and can help any organization that works in the food chain.
With multiple standards including 22001 for food and drink, 22002 for food
manufacturing, and more, this family is used in a variety of organizations directly or
indirectly involved with food. These include obvious choices such as restaurants of
any kind, and also companies such as food manufacturers or even food
transportation services such as caterers.

With over 26,000 certifications, ISO 22000:2005 is one of the more common
standards. It can be applied on its own or integrated with ISO 9001. 22000 is
currently under revision with the updated version expected to be released early
2017.

ISO 50001
One of the newest standards, the energy standard ISO 50001:2011 is nevertheless
becoming increasingly important. Released in 2011, the standard is meant for
companies to put in place an Energy Management System (EMS) dedicated to
improving energy usage and efficiency. This includes reducing an organization’s
energy footprint by reducing greenhouse gas emissions as well as energy cost.

It is not required, but with over 5,000 certifications and a 234% certification increase
in the past calendar year according to the Office of Energy Efficiency & Renewable
Energy, it is clear that companies are finding benefits and think the standard
improves their business processes.

ISO 13485
The medical equipment standard ISO 13485 is a single document and does not
belong to a family like many of the ISO standards. Published in 2003, with one
revision published in 2016. It puts a QMS in place for the production of medical
devices and equipment, and is very specific to the health industry.

It is a regulated standard, and has over 25,000 certifications. It is often implemented

with ISO 9000 to show that an organization is qualified to do business with, and the
document can be catered to the needs of a specific organization.

5
ISO 31000
It is very important for an organization in any field to be able to manage risk
effectively. ISO 31000:2009 puts in place a risk-management system to do just that. It
was created in 2009 as an attempt to create a universally recognized program to
reduce risk, eliminating the need for the many standards in other industries that
include risk. The standard allows a company to better identify threats before they
occur, and effectively allocate and use resources for risk treatment.

ISO 26000
A relatively new standard, ISO 26000 focuses on social responsibility and was
released in 2010. It cannot be certified to, but rather provides guidance on how
businesses can operate in a socially responsible way. It helps clarify what social
responsibility is, and helps organizations put in place the methodology to take
effective actions relating to global social responsibility. The certification is used in
over 60 countries.

ISO 20121
The newest standard on this list, ISO 20121 was started in 2012. It came about due to
overwhelming support of BS 8901, an event sustainability standard put in place with
support from the Head of Sustainability at the London 2012 Olympics. It is a
voluntary event sustainability management system.

ISO 20121 is relevant to all members of an event’s supply chain, from organizers to
caterers, and assists these organizations in reducing their environmental footprint
while still being a financial success. These can be of any size, from music festivals to a
school function, even something on a scale as large as the Olympics. To read more
about the history of ISO 20121, check out our blog post.

6
ISO 9000

Objectives
 To state what is meant by ISO 9000 certification.
 To identify the different industries to which the different types of ISO 9000
quality standards can be applied.
 To differentiate between the characteristics of software products and other type of
products that make managing a software development effort difficult.
 To identify the reasons why obtaining ISO 9000 certification is beneficial to a
software development organization.
 To explain the main requirements that a software development organization must
satisfy for getting ISO 9001 certification.
 To identify the salient features of ISO 9001 certification.
 To identify the shortcomings of ISO 9000 certification.

7
ISO 9000 certification
ISO (International Standards Organization) is a consortium of 63 countries established
to formulate and foster standardization. ISO published its 9000 series of standards in
1987. ISO certification serves as a reference for contract between independent parties.
The ISO 9000 standard specifies the guidelines for maintaining a quality system. We
have already seen that the quality system of an organization applies to all activities
related to its product or service. The ISO standard mainly addresses operational
aspects and organizational aspects such as responsibilities, reporting, etc. In a
nutshell, ISO 9000 specifies a set of guidelines for repeatable and high quality product
development. It is important to realize that ISO 9000 standard is a set of guidelines for
the production process and is not directly concerned about the product itself.

Types of ISO 9000 quality standards

 ISO 9000 is a series of three standards: ISO 9001, ISO 9002, and ISO 9003.
The ISO 9000 series of standards is based on the premise that if a proper
process is followed for production, then good quality products are bound to
follow automatically. The types of industries to which the different ISO
standards apply are as follows.
 ISO 9001 applies to the organizations engaged in design, development,
production, and servicing of goods. This is the standard that is applicable to
most software development organizations.
 ISO 9002 applies to those organizations which do not design products but are
only involved in production. Examples of these category industries include
steel and car manufacturing industries that buy the product and plant designs
from external sources and are involved in only manufacturing those products.
Therefore, ISO 9002 is not applicable to software development organizations.
 ISO 9003 applies to organizations that are involved only in installation and
testing of the products.

8
Evolution of ISO 9000 standards
The ISO 9000 standard is continually being revised by standing technical committees
and advisory groups, who receive feedback from those professionals who are
implementing the standard.

1987 version
ISO 9000:1987 had the same structure as the UK Standard BS 5750, with three
"models" for quality management systems, the selection of which was based on the
scope of activities of the organization:

ISO 9001:1987 Model for quality assurance in design, development, production,

installation, and servicing was for companies and organizations whose activities
included the creation of new products.
ISO 9002:1987 Model for quality assurance in production, installation, and servicing
had basically the same material as ISO 9001 but without covering the creation of new
products.
ISO 9003:1987 Model for quality assurance in final inspection and test covered only
the final inspection of finished product, with no concern for how the product was
produced.
ISO 9000:1987 was also influenced by existing U.S. and other Defense Standards
("MIL SPECS"), and so was well-suited to manufacturing. The emphasis tended to be
placed on conformance with procedures rather than the overall process of
management, which was likely the actual intent.[citation needed]

1994 version
ISO 9000:1994 emphasized quality assurance via preventive actions, instead of just
checking final product, and continued to require evidence of compliance with
documented procedures. As with the first edition, the down-side was that companies
tended to implement its requirements by creating shelf-loads of procedure manuals,
and becoming burdened with an ISO bureaucracy. In some companies, adapting and
improving processes could actually be impeded by the quality system.[citation
needed.

9
2000 version
ISO 9001:2000 replaced all three former standards of 1994 issue, ISO 9001, ISO 9002
and ISO 9003. Design and development procedures were required only if a company
does, in fact, engage in the creation of new products. The 2000 version sought to
make a radical change in thinking by actually placing front and centre the concept of
process management (the monitoring and optimisation of a company's tasks and
activities, instead of just inspection of the final product). The 2000 version also
demanded involvement by upper executives in order to integrate quality into the
business system and avoid delegation of quality functions to junior administrators.
Another goal was to improve effectiveness via process performance metrics:
numerical measurement of the effectiveness of tasks and activities. Expectations of
continual process improvement and tracking customer satisfaction were made explicit.

ISO 9000 Requirements include:

Approve documents before distribution.

Provide correct version of documents at points of use.
Use your records to prove that requirements have been met and Develop a procedure
to control your records.
2008 version
ISO 9001:2008 in essence re-narrates ISO 9001:2000. The 2008 version only
introduced clarifications to the existing requirements of ISO 9001:2000 and some
changes intended to improve consistency with ISO 14001:2004. There were no new
requirements. For example, in ISO 9001:2008, a quality management system being
upgraded just needs to be checked to see if it is following the clarifications introduced
in the amended version.
ISO 9001 is supplemented directly by two other standards of the family:
ISO 9000:2005 "Quality management systems. Fundamentals and vocabulary"
ISO 9004:2009 "Managing for the sustained success of an organization. A quality
management approach"
Other standards, like ISO 19011 and the ISO 10000 series, may also be used for
specific parts of the quality system.

10
2015 version
In 2012, ISO TC 176 - responsible for ISO 9001 development - celebrated 25 years of
implementing ISO 9001,[38] and concluded that it was necessary to create a new
QMS model for the next 25 years. They subsequently commenced the official work
on creating a revision of ISO 9001, starting with the new QM principles. This moment
was considered by important specialists in the field as "beginning of a new era in the
development of quality management systems.As a result of the intensive work from
this technical committee, the revised standard ISO 9001:2015 was published by ISO
on 23 September 2015. The scope of the standard has not changed; however, the
structure and core terms were modified to allow the standard to integrate more easily
with other international management systems standards.
The new ISO 9001:2015 management system standard helps ensure that consumers
get reliable, desired quality goods and services. This further increases benefits for a
business.
The 2015 version is also less prescriptive than its predecessors and focuses on
performance. This was achieved by combining the process approach with risk-based
thinking, and employing the Plan-Do-Check-Act cycle at all levels in the
organization.

Some of the key changes include:

High-Level Structure of 10 clauses is implemented. Now all new standards released
by ISO will have this high-level structure greater emphasis on building a management
system suited to each organization's particular needs a requirement that those at the
top of an organization be involved and accountable, aligning quality with wider
business strategy risk-based thinking throughout the standard makes the whole
management system a preventive tool and encourages continuous improvement less
prescriptive requirements for documentation: the organisation can now decide what
documented information it needs and what format it should be in
Alignment with other key management system standards through the use of a
common structure and core text inclusion of Knowledge Management principles
Quality Manual & Management representative (MR) are no longer mandatory.

11
Need for obtaining ISO 9000 certification
There is a mad scramble among software development organizations for obtaining
ISO certification due to the benefits it offers. Some benefits that can be acquired to
organizations by obtaining ISO certification are as follows:

 Confidence of customers in an organization increases when organization

qualifies for ISO certification. This is especially true in the international
market. In fact, many organizations awarding international software
development contracts insist that the development organization have ISO 9000
certification. For this reason, it is vital for software organizations involved in
software export to obtain ISO 9000 certification.
 ISO 9000 makes the development process focused, efficient, and cost-
effective.
 ISO 9000 certification points out the weak points of an organization and
recommends remedial action.
 ISO 9000 sets the basic framework for the development of an optimal process
and Total Quality Management (TQM).

12
Salient features of ISO 9001 certification
The salient features of ISO 9001 are as follows:

• All documents concerned with the development of a software product should be

properly managed, authorized, and controlled. This requires a configuration
management system to be in place.
• Proper plans should be prepared and then progress against these plans should be
monitored.
• Important documents should be independently checked and reviewed for
effectiveness and correctness.
• The product should be tested against specification.
• Several organizational aspects should be addressed e.g., management reporting
of the quality team.

13
Why ISO 9000?
 Management Responsibility
• The management must have an effective quality policy.
• The responsibility and authority of all those whose work affects quality must
be defined and documented.
• A management representative, independent of the development process, must
be responsible for the quality system. This requirement probably has been put
down so that the person responsible for the quality system can work in an
unbiased manner.
• The effectiveness of the quality system must be periodically reviewed by
audits.

 Quality System
A quality system must be maintained and documented.

 Contract Reviews
Before entering into a contract, an organization must review the contract to
ensure that it is understood, and that the organization has the necessary
capability for carrying out its obligations.

 Design Control
• The design process must be properly controlled, this includes controlling
coding also. This requirement means that a good configuration control system
must be in place.
• Design inputs must be verified as adequate.
• Design must be verified.
• Design output must be of required quality.
• Design changes must be controlled.

 Document Control
• There must be proper procedures for document approval, issue and removal.
• Document changes must be controlled. Thus, use of some configuration
management tools is necessary.

 Purchasing
Purchasing material, including bought-in software must be checked for
conforming to requirements.

14
 Purchaser Supplied Product
Material supplied by a purchaser, for example, client-provided software must
be properly managed and checked.

 Product Identification
The product must be identifiable at all stages of the process. In software terms
this means configuration management.

 Process Control
• The development must be properly managed.
• Quality requirement must be identified in a quality plan.

 Inspection and Testing

In software terms this requires effective testing i.e., unit testing, integration
testing and system testing. Test records must be maintained.

 Inspection, Measuring and Test Equipment

If integration, measuring, and test equipments are used, they must be properly
maintained and calibrated.
 Inspection and Test Status
The status of an item must be identified. In software terms this implies
configuration management and release control.

 Control of Nonconforming Product

In software terms, this means keeping untested or faulty software out of the
released product, or other places whether it might cause damage.

 Corrective Action
This requirement is both about correcting errors when found, and also
investigating why the errors occurred and improving the process to prevent
occurrences. If an error occurs despite the quality system, the system needs
improvement.

 Handling
This clause deals with the storage, packing, and delivery of the software
product.

 Quality records
Recording the steps taken to control the quality of the process is essential in
order to be able to confirm that they have actually taken place.

15
Shortcomings of ISO 9000 certification
Even though ISO 9000 aims at setting up an effective quality system in an
organization, it suffers from several shortcomings. Some of these shortcomings of the
ISO 9000 certification process are the following:

 ISO 9000 requires a software production process to be adhered to but does not
guarantee the process to be of high quality. It also does not give any guideline
for defining an appropriate process.

 ISO 9000 certification process is not fool-proof and no international

accreditation agency exists. Therefore it is likely that variations in the norms
of awarding certificates can exist among the different accreditation agencies
and also among the registrars.

 Organizations getting ISO 9000 certification often tend to downplay domain

expertise. These organizations start to believe that since a good process is in
place, any engineer is as effective as any other engineer in doing any particular
activity relating to software development. However, many areas of software
development are so specialized that special expertise and experience in these
areas (domain expertise) is required. In manufacturing industry there is a clear
link between process quality and product quality. Once a process is calibrated,
it can be run again and again producing quality goods. In contrast, software
development is a creative process and individual skills and experience are
important.

 ISO 9000 does not automatically lead to continuous process improvement, i.e.
does not automatically lead to TQM.

16
Conclusion
So, what is ISO 9000? In short, it is a principle-based international standard that
describes a quality management system that organizations can use to be more
efficient and improve customer satisfaction. ISO 9001 is a standard, against which
one may be certified, that specifies the requirements an entity needs to meet in
order to achieve a quality management system within their organization.

There are ISO standards for just about every sector in business, and even can be
applied to non-business organizations. These standards are being revised constantly
to account for the changes in our environment, technology, social attitude, and
legislation.

If your organization wants to be certified to any of these, there are many great
registrars out there who certify, NQA and Eagle Certification Group are two great
examples. If you are new to implementing a Quality Management System, or want to
improve your current process, our Competency Manager software can help you
capture employee competencies and training information to better adhere to ISO
and OSHA standards.

17