ISO 9000
AN INTRODUCTION
ISO 9000 is rapidly becoming the most important quality
management standard in the world. Thousands of companies in
over 100 countries have already adopted it, and many more are
in the process of doing so. Why? Because it controls quality.
It saves money. Customers expect it. And competitors use it.
ISO 9000 applies to all types of organizations. It doesn't matter
what size they are or what they do. It can help both product and
service oriented organizations achieve standards of quality that
are recognized and respected throughout the world.
ISO is the International Organization for Standardization.
It is located in Switzerland and was established in 1947 to
develop common international standards in many areas.
Its members come from over 150 national standards bodies.
What is ISO 9000?
The term ISO 9000 unfortunately has two different meanings:
it refers to a single standard (ISO 9000) and it refers to a set
of three standards (ISO 9000, ISO 9001, and ISO 9004). All three
are referred to as quality management system standards.
ISO 9000 discusses definitions and terminology and is used
to clarify the concepts used by the ISO 9001 and ISO 9004
standards. ISO 9001 contains requirements and is often used
for certification purposes while ISO 9004 presents a set of
guidelines and is used to develop quality management
systems that go beyond ISO 9001.
ISO's purpose is to facilitate international trade by
providing a single set of standards that people
everywhere would recognize and respect.
The ISO 9000 standards apply to all kinds of organizations in
all kinds of areas. Some of these areas include manufacturing,

processing, servicing, printing, forestry, electronics, steel,
computing, legal services, financial services, accounting,
trucking, banking, retailing, drilling, recycling, aerospace,
construction, exploration, textiles, pharmaceuticals, oil and
gas, pulp and paper, petrochemicals, publishing, shipping,
energy, telecommunications, plastics, metals, research,
health care, hospitality, utilities, pest control, aviation,
machine tools, food processing, agriculture, government,
education, recreation, fabrication, sanitation, transportation,
software development, consumer products, product design,
instrumentation, tourism, communications, biotechnology,
chemicals, engineering, farming, entertainment, consulting,
insurance, and so on.
How does ISO 9000 Work?
Here's how it works. You decide that you need to develop a
quality management system that complies with the ISO 9001
requirements. That's your mission. You choose to follow
this path because you feel the need to control or improve the
quality of your products and services, to reduce the costs
associated with poor quality, or to become more competitive.
Or, you choose this path simply because your customers
expect you to do so or because a governmental body has
made it mandatory. You then develop a quality management
system that meets the requirements specified by ISO 9001.
In the course of doing so, you may also wish to consult the
ISO 9000 definitions and the ISO 9004 guidelines.
But how do you develop such a quality management
system? There are at least two approaches. You can either
do a gap analysis or follow a detailed quality management
system development plan.

If you've already got a functioning quality management
system, we suggest that you carry out a gap analysis.
A gap analysis will tell you exactly what you need to do to
meet the ISO 9001 standard. It will help you to identify the
gaps that exist between the ISO 9001 standard and your
organization's processes. Once you know where the gaps
are, you can take steps to fill your gaps. By following this
incremental approach, you will not only comply with the
ISO 9001 standard, but you will also improve the overall
effectiveness of your organization's quality management
system. A gap analysis will also help you to figure out how
much time it will take and how much it will cost to bring your
QMS into compliance with the ISO 9001 standard.
However, if you don't have a quality management system
or you're starting from scratch, we suggest that you use an
ISO 9001 process-based QMS development plan to develop
your quality management system.
Once your QMS has been fully developed and implemented,
you may wish to carry out an internal compliance audit to
ensure that it complies with the ISO 9001 2008 requirements.
Once you're sure that your QMS is fully compliant, you're ready
to ask a registrar (certification body) to audit the effectiveness
of your QMS. If your auditors like what they see, they will
certify that your QMS has met ISO's requirements.
While ISO 9001 is specifically designed to be used for
certification purposes, you don't have to become certified.
ISO does not require formal certification (registration). You
can simply establish a compliant QMS and then announce
to the world that it complies with the ISO 9001 standard. Of
course, your compliance claim may have more credibility

in the marketplace if an independent registrar has
audited your QMS and agrees with your claim.
Why is ISO 9000 Important?
ISO 9000 is important because of its orientation. While
the content itself is useful and important, the content
alone does not account for its widespread appeal.
ISO 9000 is important because of its international orientation.
Currently, ISO 9000 is supported by national standards bodies
from more than 150 countries. This makes it the logical choice
for any organization that does business internationally or that
serves customers who demand an international standard
of excellence.
ISO is also important because of its systemic orientation.
We think this is crucial. Many people wrongly emphasize
motivational and attitudinal factors. The assumption is that
quality can only be created if workers are motivated and have
the right attitude. This is fine, but it doesn't go far enough.
Unless you institutionalize the right attitude by supporting
it with the right policies, procedures, records, technologies,
resources, and structures, you will never achieve the standards
of quality that other organizations seem to be able to achieve.
Unless you establish a quality attitude by creating a quality
management system, you will never achieve a world-class
standard of quality.
Simply put, if you want to have a quality attitude you must
have a quality system. This is what ISO recognizes, and
this is why ISO 9000 is important.
ISO 9000 2005 Quality Management
Principles Translated into Plain English
According to ISO 9000, the ISO 9001 and 9004 standards are based on

eight quality management principles. These principles were chosen
because they can be used to improve performance and achieve success.

But how can you ensure that your organization applies these principles?
The answer is to establish a quality management system that meets the
ISO 9001 2008 standard. If you do so, your organization will automatically
apply these principles. This is because they permeate the ISO 9001
standard and will therefore be built into any quality system that is
based on this standard. So if you want to improve the performance
of your organization, you need to develop and implement an
ISO 9001 2008 quality management system that
applies the eight principles listed below.
1 Focus
on your
customers
Organizations rely on customers. Therefore:
• Organizations must understand customer needs.
• Organizations must meet customer requirements.
• Organizations must exceed customer expectations.
2 Provide
leadership
Organizations rely on leaders. Therefore:
• Leaders must establish a unity of purpose and
set the direction the organization should take.
• Leaders must create an environment that encourages
people to achieve the organization's objectives.
3 Involve
your
people
Organizations rely on people. Therefore:

• Organizations must encourage the
involvement of people at all levels.
• Organizations must help people to
develop and use their abilities.
4 Use a
process
approach
Organizations are more efficient and effective
when they use a process approach. Therefore:
• Organizations must use a process approach
to manage activities and related resources.
5 Take a
systems
approach
Organizations are more efficient and effective
when they use a systems approach. Therefore:
• Organizations must identify interrelated
processes and treat them as a system.
• Organizations must use a systems approach
to manage their interrelated processes.
6 Encourage
continual
improvement
Organizations are more efficient and effective
when they continually try to improve. Therefore:
• Organizations must make a permanent commitment
to continually improve their overall performance.
7 Get the facts
before you
decide

Organizations perform better when their
decisions are based on facts. Therefore:
• Organizations must base decisions on the
analysis of factual information and data.
8 Work
with your
suppliers
Organizations depend on their suppliers
to help them create value. Therefore:
• Organizations must maintain a mutually
beneficial relationship with their suppliers.

ISO 9001 2008 vs ISO 9001 2000

ISO 9001 2008 and ISO 9001 2000 use the same numbering system
to organize the ISO 9001 2008 and ISO 9001 2000 use the same numbering
system
to organize the standard. As a result, the new standard looks much
like the old standard. However, some important clarifications and
modifications were made. These changes are summarized below.

Outsourced Processes
The process approach continues to be of central importance to
ISO 9001. And since outsourcing has become increasingly common
during the last few years, the new ISO 9001 standard has expanded
its discussion of outsourced processes (see ISO 9001 Part 4.1).
The new standard makes it clear that an outsourced process is
still part of your QMS even though it is performed by a party that
is external to your organization. The new standard emphasizes
the need to ensure that outsourced processes comply with all

customer and legal requirements. While the responsibility for
a process may have been outsourced, your organization is,
nevertheless, still responsible for ensuring that it meets all
customer, regulatory, and statutory requirements.
While the old standard said that outsourced processes must be
controlled, the new standard goes further by expecting you also
to specify the type, nature, and extent of control. ISO 9001 2008
also wants you to think carefully about how you’re going to control
outsourced processes. How you choose to control an outsourced
process should be influenced by the potential impact it could have
on your products, whether or not process control will be shared
with the process supplier, and whether or not adequate controls
can be contractually established using your purchasing process.
Documentation
ISO 9001 2008, Part 4.2.1, makes it clear that QMS documentation
includes not only the records required by the standard but also the
records that your organization needs to have in order to be able to
plan, operate, and control its QMS processes. So the new standard
has expanded the definition of documentation to include all QMS
process records.
Part 4.2.1 makes it clear that a single document may contain several
procedures or several documents may be used to describe a single
procedure. While this has always been an option, the new standard
makes this possibility explicit.
ISO 9001 2000 Part 4.2.3 gave the impression that all external
documents needed to be identified and controlled. This has now
been clarified. The new standard says that you need to identify and
control the distribution of only those external documents that you
need in order to be able to plan and operate your QMS. In other
words, only relevant external QMS documents need to be

controlled, not all of them.
Management Representative
ISO 9001 2000, Part 5.5.2, allowed you to appoint any member
of management to oversee the organization’s QMS. Since the old
standard did not explicitly say that the management representative
must be a member of the organization’s own management, outsiders
were sometimes appointed, instead. This loophole has now
been closed.
ISO 9001 2008 now makes it clear that the management representative
must be a member of the organization’s own management. Outsiders
may no longer perform this important function.
Competence
While both old and new standards stress the importance of
competence, the old standard wasn’t very clear about who they
were talking about. Now it’s pretty clear that all QMS personnel must
be competent. ISO 9001 2008, Part 6.2.1, makes it clear that any task
within the QMS may directly or indirectly affect the organization’s
ability or willingness to meet product requirements. Since any
QMS task could directly or indirectly influence product quality,
the competence of anyone and everyone who carries out
any QMS task must be assured.
Infrastructure
For ISO 9001 2000 (Part 6.3) the term infrastructure includes
buildings, workspaces, equipment, software, utilities, and support
services like transportation and communications. ISO 9001 2008
has now added information systems to the previous list of support
services. Both old and new standards expect you to provide the
infrastructure (including information systems) that your
organization needs in order to ensure that product
requirements are being met.

Work Environment
According to ISO 9001 2000, Part 6.4, you are expected to
manage the work environment that your organization needs
in order to be able to ensure that all product requirements are
being met. However, it failed to indicate exactly what they were
talking about. This problem has now been solved. ISO 9001 2008
says that the term work environment refers to working conditions.
These working conditions include physical and environmental
conditions, as well as things like noise, temperature, humidity,
lighting, and weather. According to the new standard, all of
these conditions need to be managed in order to help
ensure that product requirements are being met.
Customer Requirements
According to ISO 9001 2000, Part 7.2.1, you are expected to identify
your customers’ specific delivery and post delivery requirements.
Since some people weren’t sure about what post delivery meant,
the new standard has tried to clarify this.
According to ISO 9001 2008, post delivery requirements include
things like warranty provisions, contractual obligations (such as
maintenance), and supplementary services (such as recycling
and final disposal).
Design and Development Planning
Both old and new standards expect organizations to plan and
perform product design and development review, verification,
and validation activities (Part 7.3.1).
While each of these three activities serves a different purpose,
ISO 9001 2008 makes it clear that these three activities can be
carried out and recorded separately or in any combination as
long as it makes sense for the product and the organization.
Design and Development Outputs

Part 7.3.3 of ISO 9001 2000 wants you to make sure that the
design and development process generates information
(outputs) that your purchasing, production, and service
provision processes need to have.
ISO 9001 2008 now also says that design and development
outputs could include information that explains how products
can be preserved during production and service provision.
Monitoring and Measuring Equipment
While ISO 9001 2008, Part 7.6, refers to the need to control
monitoring and measuring equipment, the old standard talked
about controlling devices. Since the term device can refer to
almost anything from a literary contrivance to a machine, its
meaning wasn’t exactly clear. The new ISO 9001 standard
has removed this ambiguity by using the term equipment.
Both the old and the new standard wants you to confirm that
monitoring and measuring software is capable of doing the job
you want it to do. In addition to this requirement, the new standard
suggests (in a note) that configuration management and well
established verification methods can be used to ensure the
ongoing suitability of monitoring and measuring software.
However, this is not a requirement, just a statement that
explains how the ongoing suitability of software can
be maintained.
Customer Satisfaction
Both old and new standards want you to monitor and
measure customer satisfaction (perceptions). A new note to
ISO 9001 2008, Part 8.2.1, explains that there are many ways
to monitor and measure customer satisfaction. You could use
customer satisfaction and opinion surveys. And you could collect
product quality data (post delivery), track warranty claims, examine

dealer reports, study customer compliments and criticisms, and
analyze lost business opportunities.
Internal Audit Records
Both old and new standards refer to the need to establish
a procedure to define how internal audits should be planned,
performed, reported, and recorded (Part 8.2.2). However, the old
standard did not explicitly state that audit records must actually be
maintained. This oversight has now been corrected. ISO 9001 2008
now explicitly says that you must maintain a record of your internal
audit activities and results.
Process Monitoring and Measurement
Both old and new standards expect you to monitor and
measure your QMS processes. A new note to ISO 9001 2008,
Part 8.2.3, wants you to consider the impact each process has
on the overall effectiveness of your QMS and the impact it has
on your ability to meet product requirements (when you’re
making decisions about what kinds of process monitoring
and measurement methods should be used).
Release of Product
According to ISO 9001 2000, Part 8.2.4, you must make sure
that product monitoring and measuring records indicate who
was responsible for authorizing the release of products. However,
the old standard did not specify who must be on the receiving end.
This has now been clarified.
ISO 9001 2008 now makes it clear that products are released for
delivery to customers. Records must now indicate who releases
products for delivery to customers.
standard. As a result, the new standard looks much
like the old standard. However, some important clarifications and
modifications were made. These changes are summarized below.

ISO 9001 2000 versus ISO 9001 1994

New Standard In the past, ISO had three standards:
ISO 9001:1994, ISO 9002:1994,
and ISO 9003:1994. Now there's only one standard: ISO 9001:2000!
ISO 9002 and ISO 9003 have been dropped.
So, if you are currently ISO 9002:1994 or ISO 9003:1994 certified,
you will now need to become ISO 9001:2000 certified. And if you're
now ISO 9001 certified, you're going to have to update your quality
system in order to meet the new ISO 9001:2000 requirements.
New Structure When you compare ISO 9001:1994 and ISO
9001:2000 you’ll notice
that ISO has abandoned the 20-clause structure of the old standard.
Instead of 20 sections, the new standard now has 5 sections.
ISO reorganized the ISO 9001 standard in order to create a
more logical structure, and in order to make it more compatible
with the ISO 14001 environmental management standard. While
this reorganization is largely a cosmetic change, it could have
some rather profound implications if you’ve organized your
current quality manual around the old 20-part structure.
New Emphasis
In general, the new standard is more customer-oriented than the old
standard. While the old standard was also oriented towards meeting
customer requirements and achieving customer satisfaction, the new
standard addresses this in much greater detail. In addition, it expects
you to communicate with customers and to measure and monitor
customer satisfaction.
The new standard also emphasizes the need to make improvements.
While the old standard did implicitly expect organizations to make
improvements, the new standard makes this explicit. Specifically,

ISO 9001 now wants you to evaluate the effectiveness and suitability
of your quality management system, and to identify and implement
systemic improvements.
New Definitions
In the past, organizations that wished to be certified were referred
to as suppliers because they supplied products and services to
customers. Since many people were confused by this usage,
ISO has decided to use the word organization instead. Now
the ISO standards focus on the organization, not the supplier.
The term supplier now refers to the organization’s supplier. The new
redefined term supplier replaces the old term subcontractor (which
has now been dropped). While this may sound a bit confusing, this
new usage simply reflects the way these words are normally used.
While you’re probably familiar with the previous concepts, you may
not have heard of the next one. ISO now uses the phrase product
realization. While this is a rather abstract concept, it is now central
to ISO’s approach. In fact, ISO devotes an entire section to this new
concept (Section 7). So what does it mean?
In order to grasp what it means you need to recognize that a product
starts out as an idea. The idea is realized or actualized by following a
set of product realization processes. Product realization refers to the
interconnected processes that are used to bring products into being.
In brief, when you start out with an idea and end up with a product,
you’ve gone through the process of product realization.
New Requirements
The new ISO 9001:2000 standard introduces some new requirements
and modifies some old ones. These requirements are summarized
below. For more detail, please see the associated ISO 9001:2000
clauses (in brackets).
• Communicate with customers (7.2.3).

• Identify customer requirements (5.2, 7.2.1).
• Meet customer requirements (5.2).
• Monitor and measure customer satisfaction (8.2.1).
• Meet regulatory requirements (5.1).
• Meet statutory requirements (5.1).
• Support internal communication (5.5.3).
• Provide quality infrastructure (6.3).
• Provide a quality work environment (6.4).
• Evaluate the effectiveness of training (6.2.2).
• Monitor and measure processes (8.2.3).
• Evaluate the suitability of quality management system (8.4).
• Evaluate the effectiveness of quality management system (8.4).
• Identify quality management system improvements (5.1, 8.4).
• Improve quality management system (5.1, 8.5).
New Flexibility
Under the new ISO 9001:2000 standard, you may ignore or exclude
some requirements. Requirements that may be ignored under special
circumstances are known as exclusions. According to ISO, you may
ignore or exclude any of the requirements found in Section 7 Product
realization as long as you meet certain conditions.
You may exclude a Section 7 requirement if you cannot apply it.
More precisely, you may exclude or ignore a requirement if:
• You cannot apply it because of
the nature of your organization, or
• You cannot apply it because of the
nature of your products or services
However, you may not exclude or ignore Section 7 requirements
if doing so will compromise your ability or willingness to meet the
requirements set by customers and regulators.
We believe that this permissible exclusion clause is a very

important improvement. We think it’s important because it makes
implementation more flexible and conformance less rigid. Because
of this significant innovation, you’re more likely to end up with a
quality management system that not only complies with ISO’s
standards but also meets your organization’s unique needs.
This new, more flexible, approach is further demonstrated in another
way. When you study the new ISO 9001 standard, you’ll notice that it
is less prescriptive than the old standard. In general, the new
standard tells you what to do not how to do it.
This is particularly evident when you look at how many times
procedures are required. When you compare the old and the new
standard, you’ll notice that procedures are much less often required
by the new standard. This more flexible approach gives you more
freedom to decide how you’re going to meet the requirements. In
general, this should make it easier for you to develop a more
suitable and effective quality management system.
New Approach In order to understand ISO 9001:2000 at a
deeper level, you need to
recognize that ISO uses a process approach to quality management.
While the process approach is not new, the increased emphasis ISO
now gives to it is new. It is now central to the way ISO thinks about
quality management systems.
According to this approach, a quality management system can
be thought of as a single large process that uses many inputs to
generate many outputs. This large process is, in turn, made up of
many smaller processes. Each of these processes uses inputs
from other processes to generate outputs which, in turn, are
used by still other processes.
In summary, an ISO 9001:2000 Quality Management System
is made up of many processes, and these processes are glued

together by means of many input-output relationships. These
input-output relationships turn a simple list of processes into
an integrated system. Without these input-output relationships,
you wouldn't have a Quality Management System.
ISO 9001 2008*
Plain English Overview
This page presents a plain English overview of the ISO 9001 2008
Quality Management Standard. To see a more detailed version,
please visit ISO 9001 2008 Translated into Plain English.
NOTE: ISO presents its requirements in
sections 4 to 8 of ISO 9001 2008. Therefore,
the following material begins with section 4.

4. General Requirements
4.1
Develop
your QMS
• Establish your organization's QMS.
• Document your organization's QMS.
• Implement your organization's QMS.
• Maintain your organization's QMS.
• Improve your organization's QMS.
4.2
Document
your QMS
4.2.1 Manage QMS documents.
4.2.2 Prepare QMS manual.
4.2.3 Control QMS documents.
4.2.4 Establish QMS records.


5. Management Requirements
5.1
Show your
commitment
to quality
• Support the development of your QMS.
• Support the implementation of your QMS.
• Support efforts to continually improve your QMS.
5.2
Focus on
customers
• Identify customer requirements.
• Meet your customers' requirements.
5.3
Support your
quality policy
• Ensure that quality policy expects requirements to be met.
• Ensure that quality policy makes a commitment to improve.
• Ensure that quality policy actively supports quality objectives.
• Ensure that quality policy is communicated and discussed.
• Ensure that quality policy is periodically reviewed.
5.4
Carry out your
QMS planning
5.4.1 Establish your quality objectives.
5.4.2 Plan your quality management system.
5.5
Allocate QMS
responsibility
and authority

5.5.1 Define responsibilities and authorities.
5.5.2 Create management representative role.
5.5.3 Support internal communication.
5.6
Perform QMS
management
reviews
5.6.1 Review quality management system.
5.6.2 Examine management review inputs.
5.6.3 Generate management review outputs.

6. Resource Requirements
6.1
Provide required
QMS resources
• Identify the resources that your QMS needs.
• Provide the resources that your QMS needs.
6.2
Provide
competent
QMS personnel
6.2.1 Ensure the competence of workers.
6.2.2 Meet competence requirements.
6.3
Provide necessary
infrastructure
• Identify your infrastructure needs.
• Provide needed infrastructure.
• Maintain your infrastructure.
6.4 • Identify needed work environment.

Provide suitable
work environment
• Manage needed work environment.

7. Realization Requirements
7.1
Control product
realization
planning
• Establish a product realization planning process.
• Plan the realization of your organization's products.
• Prepare product realization planning outputs.
• Develop your product realization processes.
7.2
Control customer
related processes
7.2.1 Identify your product requirements.
7.2.2 Review customers' product requirements.
7.2.3 Communicate with your customers.
7.3
Control your
product design
and development
7.3.1 Plan product design and development.
7.3.2 Identify design and development inputs.
7.3.3 Generate design and development outputs.
7.3.4 Carry out design and development reviews.
7.3.5 Perform design and development verifications.
7.3.6 Conduct design and development validations.
7.3.7 Manage design and development changes.

7.4
Control purchasing
and purchased
products
7.4.1 Establish control of your purchasing process.
7.4.2 Specify your purchasing requirements.
7.4.3 Verify your purchased products.
7.5
Control production
and service
provision
7.5.1 Establish control of production and service.
7.5.2 Validate production and service provision.
7.5.3 Identify and track your products.
7.5.4 Protect property supplied by customers.
7.5.5 Preserve your products and components.
7.6
Control monitoring
and measuring
• Identify monitoring and measuring needs.
• Select monitoring and measuring equipment.
equipment • Establish monitoring and measuring processes.
• Calibrate monitoring and measuring equipment.
• Protect your monitoring and measuring equipment.
• Confirm suitability of monitoring and measuring software.

8. Remedial Requirements
8.1
Establish
monitoring

and measurement
processes
• Identify monitoring, measurement, and analytical processes.
• Plan monitoring, measurement, and analytical processes.
• Implement monitoring, measurement, and analytical processes.
8.2
Carry out
monitoring
and measurement
activities
8.2.1 Monitor and measure customer satisfaction.
8.2.2 Plan and perform regular internal audits.
8.2.3 Monitor and measure your QMS processes.
8.2.4 Monitor and measure product characteristics.
8.3
Identify and
control
nonconforming
products
• Establish a nonconforming products procedure.
• Document your nonconforming products procedure.
• Implement your nonconforming products procedure.
• Maintain your nonconforming products procedure.
8.4
Collect and
analyze quality
management data
• Define your QMS information needs.
• Collect data about your organization's QMS.
• Provide information by analyzing your QMS data.

8.5
Make
improvements
and take remedial
actions
8.5.1 Improve the effectiveness of your QMS.
8.5.2 Correct nonconformities to prevent recurrence.
8.5.3 Prevent the occurrence of nonconformities.
If you'd like to see how we've translated each of these ISO 9001 sections
into plain and simple English, please see our detailed ISO 9001 2008
page.