ISO 9002 and 9003: Is ISO 9001 a suitable replacement?

Over the years numerous versions of the ISO 9001 standard have existed such as ISO 9000, ISO 9002 and ISO 9003. However, in the year 2000 a decision was made to replace all of these with one, less bureaucratic, system which would be able monitor tasks and activities, embed quality into the business system from the top down and use customer satisfaction to drive improvement.

In this article, we’ll look at the withdrawn versions of the 9000 family of Standards, what they sought to achieve, and whether ISO 9001 : 2015 is truly the superior Quality Management System.

The ISO 9000 family

The ISO 9000 family of standards were first published in 1987, based on the British Standard known as BS 5750, created in 1979. The aim of the ISO family of Standards was to provide organisations with the requirements to create a Quality Management System (QMS) for a range of different business activities. The idea was that a business would choose the version of the Standard that was most suitable, from three models, and achieve certification:

ISO 9001: 1987

When the ISO 9001 was first published in 1987 it focused on final inspections and was intended for use by organisations that were involved in design, development, production, installation and servicing. Basically any company that was involved in the creation of new products. Over time it was identified that ISO 9001 : 1987 was too heavily influenced by existing U.S. and other Defence Standards (“MIL SPECS”), and was revised in 1994. In the 1994 version the Standard was adapted to emphasize quality assurance via preventative actions, instead of final product inspections and required evidence of compliance via documented procedures.

ISO 9002: 1987

When ISO 9002 was first published in 1987, it was designed specifically for organisations that were involved in production, installation and servicing. The standard is in fact identical to the ISO 9001 standard in all but one respect- ISO 9002 is only for manufacturers who do not design and develop their own products. This is because the standard does not include any design control requirements. As a result, the standard was most useful for firms who manufactured other people’s designs. An example may be one of the companies such as Foxconn or Pegatron who manufacture iPhones on behalf of Apple. These manufacturers did not design the products they’re making – they were designed by Apple – so ISO 9002 may have been a good choice at the time for those third party manufacturers.

ISO 9003 : 1987

Similarly, ISO 9003 was like ISO 9001 with some parts taken out. Specifically, the standard did not include design control, process control, purchasing or servicing. Instead, it focussed specifically on inspection and testing, with the objective of ensuring that products and services met the specified requirements.  As a result, this ISO standard was used almost exclusively by warehouse and resale industries which stocked and sold third-party parts or product, but didn’t design or manufacture them. These organisations would usually have to ensure that the products they purchased and re-sold met the expectations of their customers.

So why did ISO 9001 replace ISO 9002 and ISO 9003?

In 2000, there was a major overhaul to the ISO 9000 family. The three versions of the standard were merged into a single standard known as ISO 9001 : 2000.

This ISO 9001 : 2000 Standard had new concepts built into it including the well-known process-based approach. Top management now needed to be involved, so that quality ran throughout the business model. Performance metrics where also introduced, along with continual improvement and customer satisfaction.

In addition to the change in approach, for the first time in the history of the ISO 9000 family businesses were allowed to exclude select parts of the Standard’s requirements; this opened it up to a wider array of business activities and removed the need for multiple versions of the Standard to exist, rendering ISO 9002 and ISO 9003 obsolete.

For companies that previously held ISO 9002 or ISO 9003 certification, certifying to ISO 9001 was not losing a purpose built system, but rather gaining a system that was more flexible to their business’s needs, delivering many more benefits than before and stripping back the excessive paper trails.

What happened when ISO 9001: 2000 was replaced by ISO 9001 : 2008?

In 2008 the ISO 9001 Standard underwent one of the smallest revisions of its time, in fact no new requirements were added. Instead, the purpose of the revision was to simply offer more clarity on sections within the existing standard. A total of 16 clauses were changed for this purpose.

Was it the same for the ISO 9001 : 2015 revision?

No, there was quite a big change this time. The most noticeable change to this version of the standard was the structure. It adopted a new high level structure (HLS) also known as the ‘Annex SL structure’. This new structure makes it easier to integrate multiple management systems, without reliance upon the use of PAS 99. It aligns common requirements, which make up a third of the text, across varying standards, including ISO 14001 and ISO 27001.

The latest revision of the standard also focuses more on risk-based thinking. Whilst you might be thinking that this has always been part of the ISO 9001 Standard, it is important to recognise that the new version gives it increased prominence.

Other new areas include: context of the organisation, needs and expectations of interested parties, organisational knowledge, post-delivery activities and control of changes, among others.