As someone who
is involved in the selection of suppliers, and possibly
responsible for purchasing decisions, you may have seen or
used goods and services that are promoted using reference to
ISO 9001:2000, or, more simply “ISO 9000”. What does this
mean? How can this help you? How can you be sure that your
suppliers understand what you expect from them, and are
capable of providing you with a consistent, conforming
product? The answer is a certified quality management
ISO 9001:2000 is an international
standard that gives requirements for an organization’s
Quality Management System (“QMS”). It is part of a family of
standards published by the International Organisation for
Standardisation (“ISO”) often referred to collectively as
the “ISO 9000 series”. For this reason, you may sometimes
hear your suppliers refer to being “ISO 9000 certified”, or
having an “ISO 9000-compliant QMS”. This will normally mean
that they are claiming to have a QMS meeting the
requirements of ISO 9001:2000, the only standard in the ISO
9000 family that can be used for the purpose of conformity
assessment. It is important to understand however, that ISO
is the body that develops and publishes the standard - ISO
does not “certify” organizations, as will be explained later
in this brochure.
The objective of ISO 9001:2000 is to
provide a set of requirements that, if they are effectively
implemented, will provide you with confidence that your
supplier can consistently provide goods and services that:
- Meet your needs and expectations
- Comply with applicable
The requirements cover a wide range
of topics, including your supplier's top management
commitment to quality, its customer focus, adequacy of its
resources, employee competence, process management (for
production, service delivery and relevant administrative and
support processes), quality planning, product design, review
of incoming orders, purchasing, monitoring and measurement
of its processes and products, calibration of measuring
equipment, processes to resolve customer complaints,
corrective/preventive actions and a requirement to drive
continual improvement of the QMS. Last but not least, there
is a requirement for your supplier to monitor customer
perceptions about the quality of the goods and services it
ISO 9001:2000 does not specify
requirements for the goods or services you are purchasing.
That is up to you to define, by making clear your own needs
and expectations for the product. You might, for example,
refer to product specifications, drawings, national or
international product standards, supplier’s catalogues or
other documents as appropriate.
This means that your supplier has
established a systematic approach to quality management, and
is managing its business to ensure that your needs are
clearly understood, agreed and fulfilled. A statement of
conformity to ISO 9001:2000:2000 should not, however, be
considered as a substitute for a declaration or statement of
ISO 9001:2000 provides some
requirements for the purchasing process that include you as
the customer. These requirements address the following
- requirements regarding the
purchasing information that should be provided so that
suppliers clearly understand their customers' needs
- the ways in which supplied
products can be verified as meeting the requirements of
Note that whenever ISO 9001:2000
refers to “products”, this also includes intangible products
like services, or software.
You have an important role to play,
by specifying to your supplier what you actually want. You
may need to consult with your own internal technical staff
(the actual users) in this process. If you don’t do this,
you might find that you receive a product that meets all
your stated requirements and the applicable regulatory
requirements, but which is absolutely wrong for your
intended application. So, first of all, you should
concentrate on specifying your needs related to the intended
use of the product.
To help in this task you may consider
- What is the specific
product (goods or service) you are buying?
- What impact does this product
have on your own business?
- What are the risks to your
business if you experience problems with this product?
- How can you be sure that
the product you receive will actually meet your
- What do you know about the
reputation and historical performance of your
- What level of confidence do
you need in your supplier’s ability to provide you
with conforming product on a consistent basis?
- If you decide that
conformity to ISO 9001:2000 is important, (based on
your assessment of the risks associated with the
goods and services you are buying) how can you be
sure that your supplier does have a QMS that meets
ISO 9001:2000 requirements?
- Are the goods and
services you require covered by your supplier’s QMS?
(You may need to ask for a copy of your supplier’s
actual certificate or declaration of conformity to
find this out!)
There are various ways in which your
supplier can claim that its QMS meets the requirements of
ISO 9001:2000. These include:
declaration of conformity’: A declaration
by your supplier itself affirming that its QMS meets ISO
9001:2000 requirements, usually supported by
legally-binding signatures. This declaration can be
based on your supplier’s internal audit system, or on
second party or third party audits;
- Second party
assessment: your supplier has been
assessed directly by its customer (for example by you,
or by another customer, whose reputation you respect) to
check if its QMS meets ISO 9001:2000 requirements and
your own requirements - sometimes used in contractual
- Third party
assessment: (Often referred to as
registration): your supplier hires an
impartial third party (a certification body,
or “registrar”) to conduct an
assessment to verify conformity to ISO 9001:2000
requirements. This third party then issues a certificate
to your supplier describing the scope of its QMS, and
confirming that it conforms to ISO 9001:2000.
- Additional confidence may
be derived from the fact that some certification bodies
(“registrars”) are accredited
by nationally or internationally recognized
accreditation bodies, who verify the certification
body’s independence and competence to carry out the
certification process. Many accreditation bodies have
multi-lateral arrangements under the umbrella of the IAF
(International Accreditation Forum) to promote worldwide
mutual recognitions in support of WTO (World Trade
Organization) free trade principles.
Figure 1 explains this
in simple schematic terms.
Figure 1 – Some ways of demonstrating conformity to
No. The reference to ISO 9001:2000
indicates that the supplier has a quality management system
that meets the requirements of ISO 9001:2000. As mentioned
earlier, this should provide you with confidence in your
supplier’s ability to provide consistent, conforming goods
or services. ISO 9001:2000 requires your supplier to monitor
the levels of satisfaction of its customers (this includes
you!), and to feed back this information in order to improve
the effectiveness of its QMS.
In the event you are not happy with
specific goods or services you receive, you should first of
all bring this to your supplier’s attention. You will
typically do this via the normal technical and/or commercial
communication channels that have been established. Your
supplier is obliged to investigate your complaint, and
should take appropriate actions to avoid or reduce the
chances of it happening again.
If, however, you are dissatisfied
with the overall performance of your supplier, (for example
if they continue to provide non-conforming products, do not
address your complaints, or are not taking appropriate
corrective actions) then this is an indication of problems
in their quality management system. Depending on the
responses you receive, you should be aware that you can
escalate your complaint as follows:
- If your supplier has a QMS that meets ISO 9001:2000 requirements, they are required to have nominated a person (the “management representative”) to have the responsibility and authority to ensure the system is working properly. You should find out who this is, and make a formal complaint.
- If you are still not satisfied with the response from your supplier, and if they are
certified by an independent (third party) certification body (“registrar”), you should bring the matter to the certification body’s attention. You can find the certification body’s name by looking at your supplier’s certificate. The certification body will investigate the problems during their surveillance audits of your supplier’s QMS, or, in critical cases, may decide to carry out an additional specific investigation.
- If you do not receive a satisfactory response from the certification body, and if it is accredited (see Figure 1), you should complain to the relevant accreditation body. Details of any such accreditation will appear on your supplier’s ISO 9001:2000 certificate. If you have difficulty in getting this information, you can consult the list of accreditation bodies who are members of the International Accreditation Forum on the IAF website (http://www.iaf.nu).
- If you feel that you have not received a satisfactory response from the accreditation body, and if it is a member of the International Accreditation Forum (see Figure 1), you can complain to the IAF (http://www.iaf.nu).
Remember that none of the above
will affect your statutory rights as a purchaser, and it may
be appropriate to take legal action against your supplier
instead of, or in parallel with the above channels. The way
in which you do this may vary from one country to another.
ISO 9001:2000 is a useful basis for
organizations to be able to demonstrate that they are
managing their business so as to achieve consistent (good!)
quality goods and services.
There are several ways in which your
suppliers can claim conformity to ISO 9001:2000, and you
need to ensure that the method chosen by your supplier
provides you with the necessary degree of confidence.
If you are not satisfied with the
performance of your supplier, you must provide
them with the appropriate feedback. Learning
from complaints helps organizations to improve their future
performance – that is what ISO 9001:2000 is about.
Some additional helpful information
about ISO and the ISO 9000 family of standards can be
www.iso.org, or by consulting your
national standards body.