John P. Hammond
Technical and Marketing Manager, Starna Scientific Limited, 52–54 Fowler Road, Hainault, Essex IG6 3UT, UK
© 2021 The Author
Published under a Creative Commons BY-NC-ND licence
This article concentrates on the International Organization for Standardization (ISO) organisation, its standards and their place within the Quality environment. By definition, it discusses the role of ISO in the administration and control of these standards and their evolution and harmonisation into the standards currently in existence. This article will not discuss the specific application of ISO/IEC 17025 and ISO 17034 in association with ISO/REMCO, and accreditation authorities in the implementation of these standards; this aspect will be covered in the next article in the series.
ISO—Background and organisational structure
ISO is an international standard-setting body composed of representatives from various national standards organisations.
ISO is an independent, non-governmental organisation, the members of which are the standards organisations of the 165 member countries. It is the world’s largest developer of voluntary international standards and it facilitates world trade by providing common standards among nations. More than 20,000 standards have been set, covering everything from manufactured products and technology to food safety, agriculture and healthcare.
Use of the standards aids in the creation of products and services that are safe, reliable and of good quality. The standards help businesses increase productivity while minimising errors and waste. By enabling products from different markets to be directly compared, they facilitate companies in entering new markets and assist in the development of global trade on a fair basis. The standards also serve to safeguard consumers and the end-users of products and services, ensuring that certified products conform to the minimum standards set internationally.
ISO standards are principally developed by its Technical Committee (TC) framework. These are numerically sequenced from TC 1 to currently, and the latest, TC 334. Key TCs in our area of interest are:
- TC 176—Quality management and quality assurance
- TC 334—Reference materials
In addition, ISO also has a specialist committee ISO/CASCO – Conformity assessment, which is defined by its term of reference as follows.
ISO/CASCO—Terms of reference
- To study means of assessing the conformity of products, processes, services and management systems to appropriate standards or other technical specifications.
- To prepare international guides and International Standards relating to the practice of testing, inspection and certification of products, processes and services, and to the assessment of management systems, testing laboratories, inspection bodies, certification bodies, accreditation bodies, and their operation and acceptance.
- To promote mutual recognition and acceptance of national and regional conformity assessment systems, and the appropriate use of International Standards for testing, inspection, certification, assessment and related purposes.
In practice, this assigns ISO/CASCO the responsibility for the 17000 series standards; and, as we will see in later articles, an interesting discussion with respect to where the responsibility for a given standard resides within the ISO organisation.
Developed by TC 176—Quality management and quality assurance, the ISO 9000 series of standards are based on seven key quality management principles (QMP).
The seven quality management principles are:
- QMP 1—Customer focus
- QMP 2—Leadership
- QMP 3—Engagement of people
- QMP 4—Process approach
- QMP 5—Improvement
- QMP 6—Evidence-based decision making
- QMP 7—Relationship management
Principle 1—Customer focus
Organisations depend on their customers and therefore should understand current and future customer needs, should meet customer requirements and strive to exceed customer expectations.
Leaders establish unity of purpose and direction of the organisation. They should create and maintain the internal environment in which people can become fully involved in achieving the organisation’s objectives.
Principle 3—Engagement of people
People at all levels are the essence of an organisation and their full involvement enables their abilities to be used for the organisation’s benefit.
Principle 4—Process approach
A desired result is achieved more efficiently when activities and related resources are managed as a process.
Improvement of the organisation’s overall performance should be a permanent objective of the organisation.
Principle 6—Evidence-based decision making
Effective decisions are based on the analysis of data and information.
Principle 7—Relationship management
Relationships management through effective communication and contract control assists the assurance of agreed outcomes from the process.
ISO 17000 series
Developed under the responsibility of ISO/CASCO, the standards under the control of ISO/CASCO, which includes this series currently consists of 41 standards related to conformity assessment.
The three key standards in our area of interest are:
- ISO/IEC 17025—General requirements for the competence of testing and calibration laboratories. This is the main ISO standard used by testing and calibration laboratories. In common with other ISO quality standards, ISO/IEC 17025 requires continual improvement. Additionally, the laboratory will be expected to keep abreast of scientific and technological advances in relevant areas.
- ISO 17034—General requirements for the competence of reference material producers. The most recent of the three, which like ISO/IEC 17025 evolved from the associated “Guide” document; the history of which will be discussed in the next article.
- ISO 17043—Conformity assessment: General requirements for proficiency testing. An essential standard used extensively in specific application areas, and which again will be discussed in future article(s).
ISO 1st Generation—the years between 1940 and 1975
The ISO organisation began in the 1920s as the International Federation of the National Standardizing Associations (ISA). It was suspended in 1942 during World War II, but after the war ISA was approached by the recently formed United Nations Standards Coordinating Committee (UNSCC) with a proposal to form a new global standards body. In October 1946, ISA and UNSCC delegates from 25 countries met in London and agreed to join forces to create the new International Organization for Standardization. The new organisation officially began operations in February 1947.
Founded on 23 February 1947, the organisation promotes Worldwide proprietary, industrial and commercial standards. It is headquartered in Geneva, Switzerland and works in 165 countries. It was one of the first organisations granted general consultative status with the United Nations Economic and Social Council.
ISO TC1, was the first Technical Committee established, and unsurprisingly, deals with screw threads and was created back in 1947.
ISO 9000 was first published in 1987 by ISO. It was based on the BS 5750 series of standards from the British Standards Institute (BSI) that were proposed to ISO in 1979. However, its history can be traced back some 20 years before that, to the publication of government procurement standards, such as the United States Department of Defence MIL-Q-9858 standard in 1959, and the UK’s Def Stan 05-21 and 05-24. Large organisations that supplied government procurement agencies often had to comply with a variety of quality assurance requirements for each contract awarded, which led the defence industry to adopt mutual recognition of NATO AQAP, MIL-Q and Def Stan standards. Eventually, industries adopted ISO 9000 instead of forcing contractors to adopt multiple and often similar requirements.
During this period, we see the first national standards being used in the Antipodean region, driven by formation of the Australian National Association of Testing Authorities (NATA) in 1947 and TELARC—New Zealand in 1973.
Table 1. Key dates/timeline.
International Federation of the National Standardizing Associations (ISA)
Australian National Association of Testing Authorities (NATA)
United States Department of Defence MIL-Q-9858
ISO 2nd Generation—the years 1975 to 2000
In its first released version, 9000:1987 had the same structure as the UK Standard BS 5750, with three “models” for quality management systems, the selection of which was based on the scope of activities of the organisation.
- ISO 9001:1987 Model for quality assurance in design, development, production, installation and servicing was for companies and organisations whose activities included the creation of new products.
- ISO 9002:1987 Model for quality assurance in production, installation, and servicing had basically the same material as ISO 9001 but without covering the creation of new products.
- ISO 9003:1987 Model for quality assurance in final inspection and test covered only the final inspection of finished product, with no concern for how the product was produced.
ISO 9000:1987 was also influenced by existing US and other Defence Standards (“MIL SPECS”), and so was well-suited to manufacturing. The emphasis tended to be placed on conformance with procedures rather than the overall process of management.
The global adoption of ISO 9001 may be attributable to a number of factors. In the early days, the ISO 9001 (9002 and 9003) requirements were intended to be used by procuring organisations, as the basis of contractual arrangements with their suppliers. This helped reduce the need for individual supplier evaluation by establishing basic requirements for a supplier to assure product quality. The ISO 9001 requirements could be tailored to meet specific contractual situations, depending on the complexity of product, business type (design responsibility, manufacture only, distribution, servicing etc.) and risk to the procurer. If a chosen supplier was weak on the controls of their measurement equipment (calibration), and hence QC/inspection results, that specific requirement would be invoked in the contract. The adoption of a single quality assurance requirement also leads to cost savings throughout the supply chain by reducing the administrative burden of maintaining multiple sets of quality manuals and procedures.
A few years later, the UK Government took steps to improve national competitiveness following publication of cmd 8621, and Third Party Certification of Quality Management Systems was born, under the auspices of the National Accreditation Council of Certification Bodies (NACCB), which has become the United Kingdom Accreditation Service (UKAS).
From a personal perspective, at this time I was employed by a leading company involved in the manufacture of spectrophotometric instrumentation, and who were already adopting the principles of BS 5750, this new standard (ISO 9001) introduced a new design and development control structure within the organisation, which in later years, with the advent and extensive use of control software requirements was extended to cover the testing of this essential component. This proved invaluable in later years, as described below.
ISO 9000:1994 emphasised quality assurance via preventive actions, instead of just checking final product, and continued to require evidence of compliance with documented procedures. As with the first edition, the downside was that companies tended to implement its requirements by creating shelf-loads of procedure manuals and becoming burdened with an ISO bureaucracy. In some companies, adapting and improving processes could actually be impeded by the quality management system.
The changed requirements of this updated standard introduced, as stated above, a formal design and specification requirement on our new product development, which previously had not existed. Key specification documents now stated design, marketing and manufacturing requirements, against which products were evaluated. As stated above, this explosion of additional required documentation could have been perceived as an unnecessary burden at the time, but with the benefit of hindsight, these processes proved invaluable when the next new product in 1996 was targeted at the new and equally evolving regulated pharmaceutical market—but more of that later.
ISO/IEC 17025 was initially issued by ISO in 1999. There are many commonalities with the ISO 9000 standard, but ISO/IEC 17025 is more specific in requirements for competence and applies directly to those organisations that produce testing and calibration results and is based on somewhat more technical principles. Laboratories use ISO/IEC 17025 to implement a quality system aimed at improving their ability to produce consistently valid results. It is also the basis for accreditation from an accreditation body.
In line with the increased use of the ISO 9001 standard within our organisation, the next logical extension was for our Calibration Laboratory, which had been following ISO Guide 25 principles, to seek accreditation to the new ISO/IEC 17025 standard. This was my first experience of the dual “technical” and Quality Management requirements of this accreditation standard, but again, from a marketing/sales perspective the stated “tested once—accepted Worldwide” message being presented was seen a significant extension to the Quality message being presented by the organisation.
ISO 3rd Generation—the years 2000 to 2020
ISO 9001:2000 replaced all three former standards of 1994 issue, ISO 9001, ISO 9002 and ISO 9003. Design and development procedures were required only if a company does, in fact, engage in the creation of new products. The 2000 version sought to make a radical change in thinking by actually placing front and centre the concept of process management (the monitoring and optimisation of a company’s tasks and activities, instead of just inspection of the final product). The 2000 version also demanded involvement by senior management in order to integrate quality into the business system and avoid delegation of quality functions to junior administrators. Another goal was to improve effectiveness via process performance metrics: numerical measurement of the effectiveness of tasks and activities. Expectations of continual process improvement and tracking customer satisfaction were made explicit.
ISO 9000 requirements include:
- Approve documents before distribution.
- Provide correct version of documents at points of use.
- Use your records to prove that requirements have been met.
- Develop a procedure to control your records.
ISO 9001:2008 in essence re-narrates ISO 9001:2000. The 2008 version only introduced clarifications to the existing requirements of ISO 9001:2000 and some changes intended to improve consistency with ISO 14001:2004. There were no new requirements. For example, in ISO 9001:2008, a quality management system being upgraded just needs to be checked to see if it is following the clarifications introduced in the amended version.
ISO 9001 is supplemented directly by two other standards of the family:
- ISO 9000:2005 “Quality management systems. Fundamentals and vocabulary”
- ISO 9004:2009 “Managing for the sustained success of an organisation. A quality management approach”
Other standards, like ISO 19011 and the ISO 10000 series, may also be used for specific parts of the quality system.
In 2012, ISO TC 176, responsible for ISO 9001 development, celebrated 25 years of implementing ISO 9001 and concluded that it was necessary to create a new Quality Management (QM) system model for the next 25 years. They subsequently commenced the official work on creating a revision of ISO 9001, starting with the new QM principles. This moment was considered by important specialists in the field as the “beginning of a new era in the development of quality management systems”. As a result of the intensive work from this TC, the revised standard ISO 9001:2015 was published by ISO on 23 September 2015. The scope of the standard has not changed; however, the structure and core terms were modified to allow the standard to integrate more easily with other international management systems standards.
The new ISO 9001:2015 management system standard helps ensure that consumers get reliable, desired quality goods and services. This further increases benefits for a business.
The 2015 version is also less prescriptive than its predecessors and focuses on performance. This was achieved by combining the process approach with risk-based thinking and employing the Plan-Do-Check-Act cycle at all levels in the organisation.
Some of the key changes include:
- High-Level Structure of 10 clauses is implemented. Now all new standards released by ISO will have this high-level structure.
- Greater emphasis on building a management system suited to each organisation’s particular needs.
- A requirement that those at the top of an organisation be involved and accountable, aligning quality with wider business strategy.
- Risk-based thinking throughout the standard makes the whole management system a preventive tool and encourages continuous improvement.
- Less prescriptive requirements for documentation: the organisation can now decide what documented information it needs and what format it should be in.
- Alignment with other key management system standards through the use of a common structure and core text.
- Inclusion of Knowledge Management principles.
- Quality Manual & Management representative are no longer mandatory. An organisation and its external providers (suppliers, contractors, service providers) are interdependent and a mutually beneficial relationship enhances the ability of both to create value.
ISO 9001:2015 Quality management systems—Requirements is a document of approximately 30 pages available from the national standards organisation in each country. Only ISO 9001 is directly audited against for third-party assessment purposes.
Contents of ISO 9001:2015 are as follows:
- Section 1: Scope
- Section 2: Normative references
- Section 3: Terms and definitions
- Section 4: Context of the organisation
- Section 5: Leadership
- Section 6: Planning
- Section 7: Support
- Section 8: Operation
- Section 9: Performance evaluation
- Section 10: Continual Improvement
Essentially, the layout of the standard is similar to the previous ISO 9001:2008 standard in that it follows the Plan-Do-Check-Act cycle in a process-based approach but now further encourages this to have risk-based thinking (section 0.3.3 of the introduction). The purpose of the quality objectives is to determine the conformity of the requirements (customers and organisations), facilitate effective deployment and improve the QM system.
Before the certification body can issue or renew a certificate, the auditor must be satisfied that the company being assessed has implemented the requirements of sections 4 to 10. Sections 1 to 3 are not directly audited against, but because they provide context and definitions for the rest of the standard, not that of the organisation, their contents must be taken into account.
The standard no longer specifies that the organisation shall issue and maintain documented procedures, but ISO 9001:2015 requires the organisation to document any other procedures required for its effective operation. The standard also requires the organisation to issue and communicate a documented quality policy, a QM system scope and quality objectives. The standard no longer requires compliant organisations to issue a formal Quality Manual. The standard does require retention of numerous records, as specified throughout the standard. New for the 2015 release is a requirement for an organisation to assess risks and opportunities (section 6.1) and to determine internal and external issues relevant to its purpose and strategic direction (section 4.1). The organisation must demonstrate how the standard’s requirements are being met, while the external auditor’s role is to determine the QM system’s effectiveness. More detailed interpretation and implementation examples are often sought by organisations seeking more information in what a very technical area can be.
In 2000, I moved to a new manufacturing organisation, where although the products were in many cases significantly different to my previous employment, the ISO 9001 standard still provided the essential QM system to ensure a “Quality” product. This new organisation also had a Calibration Laboratory, supplying product to a multitude of industries, including pharmaceutical quality assurance (QA) laboratories, and accreditation of this laboratory to these new ISO 17000 standards has been a principal task—but more of that later.
ISO/IEC 17025—There have been three releases; in 1999, 2005 and 2017.
The most significant changes between the 1999 and 2005 release were a greater emphasis on the responsibilities of senior management, explicit requirements for continual improvement of the management system itself, and communication with the customer. It also aligned more closely with the 2000 version of ISO 9001.
The 2005 version of the standard comprises five elements: Normative References, Terms and Definitions, Management Requirements, and Technical Requirements. Management requirements are primarily related to the operation and effectiveness of the QM system within the laboratory. Technical requirements include factors that determine the correctness and reliability of the tests and calibrations performed in the laboratory.
The 2017 version of ISO/IEC 17025 has modified this structure to be Scope, Normative References, Terms and Definitions, General Requirements, Structural Requirements, Resource Requirements, Process Requirements, and Management System Requirements. General Requirements and Structural Requirements are related to the organisation of the laboratory itself. Resource Requirements cite those issues related to the people, plant and other organisations used by the laboratory to produce its technically valid results. Process Requirements are the heart of this version of the standard in describing the activities to ensure that results are based on accepted science and aimed at technical validity. Management System Requirements are those steps taken by the organisation to give itself QM system tools to support the work of its people in the production of technically valid results.
The initial version of ISO 17034 was published in 2016, superseding the associated ISO Guide 34.
The personal journey through this evolution will be discussed more fully in the next article.
ISO 4th Generation—from 2021 forward
The ISO 9000 standard is continually being revised by standing TCs and advisory groups, who receive feedback from those professionals who are implementing the standard. Therefore, this standard will continue to evolve, but from a personal perspective, I would suggest that it has now come of age and now forms one of the fundamental “Pillars of Quality” detailing the QM system.
“…Quality is a perceptual, conditional, and somewhat subjective attribute and may be understood differently by different people…”
This statement underpins the contractual considerations clearly defined in the ISO 9001 quality standard as described in this article.
Recently updated, or published, ISO/IEC 17025:2017 and ISO 17034:2016 currently reflect the “state of the art” with respect to these standards and are, therefore, unlikely to be revised in the near future. However, like their ISO 9001 counterpart, the ISO TCs associated with these standards will continue to review and develop these standards, and again this evolution will be discussed in future articles.
So, we now have in place a fully developed and established QM system, supported by the ISO 9000 standard, internationally by ISO, and used Worldwide.
The next article in the series will explain how this QMS underpins the associated 17000 series standards and the organisations that use them.
- ISO/IEC 9000, Quality Management Systems — Fundamentals and Vocabulary. International Organization for Standardization (ISO), Geneva, Switzerland (2015). https://www.iso.org/standard/45481.html
- ISO/IEC 17025, General Requirements for the Competence of Testing and Calibration Laboratories. International Organization for Standardization (ISO), Geneva, Switzerland (2017). https://www.iso.org/standard/66912.html
- ISO 17034, General Requirements for the Competence of Reference Material Producers. International Organization for Standardization (ISO), Geneva, Switzerland (2016). https://www.iso.org/standard/29357.html
John Hammond is an experienced analytical scientist, spectroscopist and technical marketing professional, skilled in the development, production and marketing of key analytical instrumental concepts and product into highly regulated and controlled industries. A Fellow of the Royal Society of Chemistry (FRSC), executive Working Group convenor of ISO/TC334 and an Expert Advisor to the United States Pharmacopeia, General Chapters, Chemical Analysis committee.