What is the ISO and How Do They Work?

Just as every book has an author, so too does every QMS standard. The author of the ‘book’ of quality management guidance in the case of ISO 9001 is the International Organization for Standardization (commonly known as the ISO). Based in Geneva, Switzerland, the ISO was established shortly after World War II as part of a United Nations-led effort to reunify the world and create globally-applicable standardization of measurements and data, the ISO is responsible for publishing thousands of highly-useful standards covering myriad types of needs. ISO 9001 is just one of these standards, and despite its prevalence is still relatively unknown by the general public, especially when compared with other ISO efforts, such as the internationally-recognized measurements of date and time. All ISO standards are created and updated by a system of technical committees and subcommittees; the membership of the committees consists of experts drawn from all the countries that participate in the ISO. At present, 840 technical committees and subcommittees exist across the ISO, and representatives of 172 countries and territories are involved in this regular committee work. Each participating country has its own national standards organization which selects members, handles committee assignments, and ensures that ISO standards are distributed within their jurisdiction; in the case of the United States, this entity is the American National Standards Institute (ANSI). This vast assembly of authoritative knowhow is further enhanced by regular feedback from users of the ISO’s standards. At regular intervals, standards are updated, revised, or consolidated to better serve the needs of the global community.

Of the more than 25,000 ISO standards in existence, you would be hard pressed to choose a single one which is most important, or most influential. But within the realm of quality management, there is a single family of standards which rise above the rest. This the famed ISO 9000 series, a group of documents which outline the standards and practices of quality management systems. Within the 9000 series, the most critical document is ISO 9001, for it is this standard that outlines the means by which a quality management system should be created and maintained. Today, ISO 9001 is used by over 1.2 million companies and organizations as the basis for their quality management systems. This makes it, by far, the most widely-used and significant quality management system standard in the world.

Before delving into the history of ISO 9001 and explaining exactly what it is, it is perhaps helpful

to say what it is not. ISO 9001 is not a quality management system. Rather, it is a standard for creating quality management systems. As the explanation of the ISO’s history suggests, although the organization has long been the foremost authority on establishing standards, their practice has never been to implement or enforce them. Instead, when the ISO creates a standard, they release it into the world, and the countries of the world adopt it due to its universality and ubiquitousness (ensured by the participation of representatives from all the countries, who have either written the standard or had the opportunity to modify and approve it prior to publication). Thus, deciding to adopt ISO 9001 as a quality management system standard does not automatically create, implement, or enforce the system. Instead, the standard merely serves as a guide, which the implementing company or organization must themselves design and maintain. Continuing with this theme, ISO 9001 compliance is not enforced by the ISO, nor are organizations certified by them. Rather, compliance is the responsibility of the organization which has implemented the quality management system, and certification is obtained from an accredited third party, typically a consultancy, which reviews the organization’s quality management system against the standard of ISO 9001. These two critical points – that ISO 9001 is not a quality management system, and that the ISO does not enforce or certify ISO 9001 compliance – are the two most misunderstood elements of ISO 9001. Now that these points are clarified, it is possible to achieve a deeper understanding of ISO 9001’s significant history, and why it is essential for all types of companies and organizations.

Given that the ISO originated from a group of western European (and particularly, UK-based) engineers, it should perhaps come as no surprise that the creation of the ISO 9000 family of standards (of which ISO 9001 is the most important and famous) began with a British innovation. During World War II, both the United States and United Kingdom implemented quality control procedures to ensure suitable standards for military equipment. In the US, these were known as Military Standards (abbreviated as MIL Standards), while in the UK, they were called Defense Standards (abbreviated as DEF STAN). In the post-war period in the UK, refinement of these standards for civilian use led to additional considerations not only for quality control, but the creation of entire quality management systems. This was particularly critical in England due to the large number of powerful nationalized industries, such as British Rail, British Gas, British Steel, and the Coal Board. These massive entities, which surpassed individual businesses and corporations in terms of both power and managerial difficulty, needed revised and suitable management standards in order to ensure quality. To answer this need, the UK government issued a white paper calling for a national standard to be drafted, based on the DEF STAN materials created in the war. In 1979, the British Standards Institution (BSI) published their response to the government’s request. Entitled BS 5750, it was the first attempt in the UK to create a quality management system standard. Driven and guided by requests from the UK’s Ministry of Defense, the standard (as opposed to a system) distinguished itself by specifying how a manufacturing process should be managed, rather than inspecting what was manufactured to ensure quality. This fundamental change in how quality assurance was to be performed, and indeed, what the conception of it even entailed, paved the way for the ISO 9001 standard that followed.

At the start of the 1980s, the ISO began to investigate how to approach issuing a quality

management system standard of their own. After internal meetings, the British Standards Institution (which had members representing it in the ISO) advocated for the ISO to adopt the earlier BS 5750 standard as the basis for what the ISO would release. This was approved, and by 1987, the ISO had fully integrated BS 5750 into their process. The British standard served as the bedrock for what became ISO 9001. Fundamentally, BS 5750 and the earliest iteration of ISO 9001 (ISO 9001:1987) are structurally the same; however, the ISO made modifications to cover three different models for quality management system design, since the BS 5750 standard had been created to specifically serve manufacturing companies, rather than broadly considering other types of organizations. The first of these models considered the design and production of companies involved in creating new products. The second model focused on production, installation, and servicing. The third focused only on inspection and testing and did not consider the manufacturing process. By providing these three use case scenarios, the ISO broadened the scope of ISO 9001 beyond the BS 5750 standard, allowing it to be utilized both by manufacturing and service companies. Eventually, the three separate models were consolidated into a single comprehensive standard in the ISO 9001:2000 update.

Over time and subsequent revisions, the ISO modified ISO 9001 to better serve increasing numbers of companies, and to reflect the changing awareness of how best to guarantee quality. Weaknesses in earlier iterations of the standard have been addressed, often based on trial-and-error and feedback from users and from the ISO’s own membership. For example, one criticism of a mid-1990s iteration, ISO 9001:1994, was that it placed oversized emphasis and importance on the quality and adherence to a company’s Quality Manual (or in other words, the document that described required quality procedures, implementation of internal audits, and management responsibilities). The problem with this approach was that it did not adequately measure defect levels and quality conformity. This led to a particularly noteworthy failure of the ISO 9001:1994 standard: the Firestone Tire and Ford Motor Company tire quality controversy of the 1990s. During this scandal, Firestone produced thousands of substandard tires for Ford vehicles at a number of assembly plants; however, problems were especially endemic at one particular plant in Decatur, Illinois. Despite the fact that all of the tires were produced under ISO 9001:1994 quality guidelines, and in spite of the fact that Firestone repeatedly emphasized the fact that they had abided by these requirements, the problematic tires were still produced. What, then, was the problem? Although the answers at the Decatur plant stemmed from a number of factors, including improper and inadequate repair, insufficient product inspection time, and the replacement of experienced union workers with inexperienced strikebreakers during a period of labor unrest, fundamentally the problem related back to where the emphasis on ensuring quality was centered. In the ISO 9001:1994 iteration of the standard, too much of that emphasis on being in compliance was placed on having a perfect Quality Manual and perfectly following its instructions, rather than considering how well the resultant products or services actually worked or whether they satisfied the customer’s need for quality and safety. As concerned quality management experts pointed out at the time, “documenting one’s process and ensuring that the documented processes are followed, as required by the ISO standard, could result in an ISO-certified company producing excellent but useless concrete life jackets.” Fortunately, these critiques and the lessons learned from incidents such as the Firestone / Ford controversy led the ISO to improve ISO 9001 with the next internation (ISO 9001:2000), which shifted the focus from “quality assurance” to

“quality management” and placed new importance on customer satisfaction, process management, and product conformity. Further refinements have occurred with each subsequent iteration, extending all the way to the current version, ISO 9001:2015. Additionally, small amendments to the standard are periodically added, such as the most recent in February 2024 which included a directive to consider whether climate change impacts are relevant to the organization’s activities.

This brings us up to the present. But where will we, and ISO 9001, go in the future? To learn that answer, we must look to the group of diligent standardization experts working to update and improve ISO 9001. This group is the ISO/TC 176/SC 2 subcommittee for quality systems. Based at and led by the British Standards Institution, the same organization which created the underpinnings for the original ISO 9001 standard, the subcommittee has 85 participating and 19 observing members, all of whom are now engaged in the creation of the upcoming and long-awaited revision to ISO 9001. The first meeting to update the standard took place from December 4-8, 2023 in London, and involved more than 81 experts representing the interests of 46 countries. This meeting initiated a complex revision process which will unfold over the next two years, culminating in a projected release of the new updated standard in 2026. This will mean that over a decade will have passed since the last major update. What will the new version of ISO 9001 hold? What challenges and advantages will it bring to organizations that follow its guidance? Only time, and the hard work of the experts, will tell. In the meantime, interested parties are encouraged by the subcommittee to contact their national standardization body for the opportunity to become involved in the revision process. This means that you, and all of us, have the chance to help shape the next generation of quality management guidance. The opportunity to affect the most significant quality standard in the world may not come again for another decade or more, so for any and all interested, the time to get involved and shape the future is right now.

Recap of Key Dates and Events

1926 – International Federation of the National Standardizing Associations (ISA), Predecessor of the ISO, is Established

1942 – World War II Halts the Activities of the ISA

1944 – United Nations Standards Coordinating Committee (UNSCC) Established to Coordinate Standardization Efforts Among the Allied Powers During World War II

1946 – UNSCC Calls for ISO, Successor to the ISA, to be Established; 65 delegates from 25 countries Convene to Create the Organization

1947 – The International Organization for Standardization (ISO) is Established

1979 – Answering Requests from the UK Government, the British Standards Institution (BSI) Publishes BS 5750, the Forerunner to ISO 9001

1987 – The ISO Publishes the First Version of ISO 9001; Titled ISO 9001:1987, it is Based on the BS 5750 Standard

1994 – The First Revision of ISO 9001, Titled ISO 9001:1994, is Published

2000 – The First Major Revision of ISO 9001, Titled ISO 9001:2000, is Published

2008 – A Minor Revision of ISO 9001, Titled ISO 9001:2008, is Published

2015 – A Major Revision of ISO 9001, Titled ISO 9001:2015, is Published

2020 – The ISO Announces 1.2 Million Companies and Organizations Are Utilizing ISO

9001 to Guide Their Quality Management System Creation and Maintenance

2023 – The ISO Begins Work to Create the Next Iteration of ISO 9001

What Can ISO 9001 Be Used For?

As can perhaps be surmised from its vast and encompassing scope, ISO 9001 is a quality management system standard designed to cover myriad organizations. Its ability to guide the creation of a quality management system exceeds any one industry, or even the concept of companies. Indeed, ISO 9001 is frequently used for non-profit organizations, charities, and even governments. In principle, any type of company or organization should be able to use ISO 9001 to benefit their quality management practices and operations.