ISO 9001, the famous quality management system standard, is generally regarded as a set of accepted, well-defined requirements for what a quality system should look like in order to ensure the quality of a company’s products or services. The truth is that there’s no consensus on what ISO 9001 is intended to do, and even my summary is hotly debated. Arguments rage over whether ISO 9001 is a model for developing and implementing a QMS, or whether it’s simply a set of requirements intended for auditing by third parties. Whether ISO 9001 is based on international accepted criteria is up for debate, and whether it represents any kind of universal consensus is likewise suspect.

What’s interesting, however, is how ISO itself changed the focus of ISO 9001 over the years, tweaking it with each subsequent revision, sometimes in dramatic ways and sometimes in a less noticeable manner. Let’s take a look at the history of the changes to scope of ISO 9001.

ISO 9001:1987 – A Contract Tool

The first edition of ISO 9001 was released in 1987, and based on a set of BSI standards that were, themselves, adopted from the NATO standard AQAP-1, which had as its precursor DNA the US Dept. of Defense standard, MIL-Q-9858. A comparison of the text of that first edition of ISO 9001 and the MIL-Q-9858 standard shows that much of ISO 9001’s language was lifted from that old MIL spec.

MIL-Q-9858 was clearly designed to be a contract tool, and its very first sentences included the requirement that “This specification requires the establishment of a quality program by the contractor to assure compliance with the requirements of the contract.” The entire standard is intended to be used by “contractors” servicing the US military, who operated under contracts awarded to them by the US government. It was also hardware-specific, aimed at military widget-makers, even though it made some vague references to “services.” The end user of MIL-Q-9858 was the US military, not the company tasked with implementing it.

And so ISO 9001:1987 mirrored this, since it was essentially MIL-Q-9858 repackaged for an international audience. Stripped away was the military focus, but it nevertheless remained a contract tool aimed at hardware manufacturers. The text indicated its intent as a tool to be used by customers to select contractors — with the intended user not the ISO 9001 certified company itself:

Clause 0: This international standard is one of a series of three international standards dealing with quality systems that can be used for external quality assurance purposes. [Emphasis added.]

… and…

Clause 1.1 Scope: This International Standard specifies quality system requirements for use where a contract between two parties requires the demonstration of a supplier’s capability to design and supply product. [Emphasis added.]

Notice that the focus was on “product” (not services) and that it was clearly defined as a contract tool, to be imposed on a user organization by their customer, and to be followed accordingly. The intent, in those days, was to reduce the proliferation of customer-specific quality system requirements and schemes, and hopefully reduce the number of customer-specific audits, with the “ISO registrars” replacing the customer audits entirely. Rather than undergo multiple customer audits every year, a supplier would undergo a single ISO audit, and all the customers would accept the results.

Obviously, that’s not how things turned out, and ISO’s internal profit motives are largely to blame. By the next edition, they began tinkering with the scope, forever altering the future of ISO 9001 and the resulting certifications.

ISO 9001:1994 – The Customer Satisfaction Standard

The second edition of ISO 9001 was released in 1994, and was barely changed at all from the original release. There was one significant exception, however, which largely went unnoticed by the user base: the scope had been rewritten to remove all references of the standard as a contract vehicle, and instead shifted to subtly emphasize a new concept: customer satisfaction, while still keeping the registrars in mind.

Clause 1.0 Scope: This International Standard specifies quality-system requirements for use where a supplier’s capability to design and supply conforming product needs to be demonstrated.

The requirements specified are aimed primarily at achieving customer satisfaction by preventing nonconformity at all states from design through to servicing. [Emphasis added.]

The removal of the “contract requirement” focus allowed ISO to broadly widen the potential audience for ISO 9001, and thus boost sales. ISO would never sell many copies of ISO 9001 if its intended audience was limited only to those who were forced to adopt it; that arrangement put the sole responsibility for selling ISO 9001 copies on large manufacturers and government agencies, since no one would opt into ISO 9001 voluntarily. By removing the word “contract,” and throwing in “customer satisfaction,” ISO reclaimed its ability to sell ISO 9001 direct, to anyone; after all, any organization has to “satisfy a customer” — who could possibly argue against customer satisfaction? And by removing the contractual aspects, and simply indicating a vague reference to “where a supplier’s capability needs to be demonstrated,” this widened the potential for ISO 9001 to be used by registrars.

With this shift, ISO could now aggressively market ISO 9001 to a wider audience, while at the same time continue to have OEMs and government agencies push it down the supply chain as they had under the previous edition. In addition, registrars could start selling more aggressively, since they weren’t limited to only auditing customers subject to some customer or government demand; they could sell ISO 9001 certification as a “customer satisfaction improvement” program.

Had ISO left the scope language as it was in the 1987 edition, it’s likely the entire scheme would have died off quickly. The subtle change made to 1994’s edition breathed new life into the standard. But major changes were on the horizon.

ISO 9001:2000 – The Continual Process Improvement Standard

For the new millennium, ISO jettisoned the old MIL-Q-9858 language entirely, attempting to bring the aging ISO 9001 standard into modern times. The previous editions were largely inspection-based, and inspection had become a dirty word (“you can’t inspect quality into a product” was the mantra.)

The development process utilized for ISO 9001:2000 was a much more complicated affair, and out of scope for this article. (I urge you to buy my book on the subject, though, as it goes into the history and politics in greater detail.) It involved developing a blueprint of 8 Quality Management Principles before anything in the standard itself was written, a noble attempt that only half-succeeded, since about half of those principles were then dropped form the ISO 9001 text itself, and relegated to other documents such as ISO 9004. The new standard emphasized process management over inspection, and while it bungled the language — condemning the world to permanent confusion over “the process approach” — it was seen as a welcome update and a move away from the 1950’s-era language of earlier editions.

Since the entire text of ISO 9001 was so dramatically changed, it goes without saying that the scope was, too. ISO also began its dubious practice of padding the content of the standard to artificially inflate page count, which it uses to determine cover price, so the scope statements likewise became verbose:

Clause 0.1 General

The adoption of a quality management system should be a strategic decision of an organization. The design and implementation of an organization’s quality management system is influenced by varying needs, particular objectives, the products provided, the processes employed and the size and structure of the organization.

The quality management system requirements specified in this International Standard are complementary to requirements for products.

This International Standard can be used by internal and external parties, including certification bodies, to assess the organization’s ability to meet customer, regulatory and the organization’s own requirements. [Emphasis added.]

… and …

1.1 General

This International Standard specifies requirements for a quality management system where an organization:

a) needs to demonstrate its ability to consistently provide product that meets customer and applicable regulatory requirements, and

b) aims to enhance customer satisfaction through the effective application of the system, including processes for continual improvement of the system and the assurance of conformity to customer and applicable regulatory requirements. [Emphasis added.]

This was, of course, the most significant revision of ISO 9001 ever, more so than even the later 2015 edition, and the sweeping change in scope reflects this. The suggestion that the standard could be used to support a strategic decision was placed back in, and then it was married with a host of new ideas and concepts, as well as a host of new stakeholders. But nowhere does the word “contract” appear, the old MIL-Q-9858 DNA long since acid-washed away in the great lab experiment that was 9001:2000.

The changes are too dramatic to go into detail about here, but the most significant is that the idea of “continual improvement” was added on top of customer satisfaction and process management. I’ve argued that ISO has no business trying to standardize an amorphous concept like “improvement” (“we killed less people with our toxic baby food than last year, so we’re improving!”), but it’s another candy-coated, sugary sweet for the less-intellectual crowd. Like “customer satisfaction,” who in their right mind would argue against “continual improvement?” The standard provides no firm requirements on how such a thing could be managed, and as a result it ensures that those “external parties, including certification bodies” have nothing with which to audit against. It’s nonsense, but most people never noticed, and auditors just skipped over the CI stuff anyway right before issuing ISO 9001 certs to pretty much anyone who asked.

ISO 9001:2008 – The Craven Cash-Grab Standard

With the next edition, published in 2008, ISO just gave up trying to pretend it was anything other than a profit hungry publishing company disguised as a non-profit “NGO” while funneling all its revenue into the pockets of its senior executives and furnishing its Geneva HQ in the style of a 90’s Bond villain’s lair. ISO’s internal rules require that every 5 years it review a standard to see if it needs to be updated to reflect latest technologies or trends in a given area of focus. The thinking is that if nothing much has changed, the standard can remain as-is and not have to be updated at all; this is why we still have ISO 17025 — the standard for calibration and test labs — untouched since 2005.

But ISO 9001 is ISO’s flagship, and it benefits from a cozy — if probably illegal — relationship with the auditing bodies through their grand overseer, the International Accreditation Forum (IAF). When a new edition of ISO 9001 is released, ISO and the IAF issue a “Joint Communique” announcing the sunset of all certificates to the previous edition, thereby forcing all users of ISO 9001 to buy a new copy of the standard, lest they lose their current certificate. It’s a nefarious scam, and it debunks ISO’s perpetual insistence that it “has nothing to do with certification.” In fact, they are 50% responsible for certification transition deadlines.

So with ISO 9001:2008, the authors conducted a review and decided the standard did not need updating. But the ISO HQ, from inside their Bond villain lair, wasn’t having it, since that would mean no new copies of ISO 9001 would be sold until the next planned edition, some seven years later. So they re-issued ISO 9001:2000 as an amendment,” not a revision, and drew a single line in the middle of the last “0” in the date, converting it into an “8.” The requirements inside the standard itself would remain unchanged. But, with the help of the IAF and the accreditation bodies like ANAB, everyone was forced to buy a copy of the standard anyway — a standard which hadn’t actually changed. Ka-ching.

There was one small edit to the scoping language in ISO 9001:2008. ISO removed the paragraph in Clause 0.1 “General” that “the adoption of a quality management system should be a strategic decision of an organization.” This wasn’t done to save pages, for certain; that’s not the ISO business model. Instead, it was likely done to remove yet another bit of wording which might limit ISO 9001’s sales by either confusing readers, or turning off those that didn’t feel ISO should be in the business of telling companies what their “strategies” should be. So ti was dropped entirely.

Then, in 2015, ISO smoked a tremendous amount of peyote, and things got really, really weird.

ISO 9001:2015 – The Risk-Based Bullshit Standard

I won’t attempt to go into the full background on how ISO 9001:2015 got written — again, read the book — but it’s a nightmarish clown-car-crash of politics, profiteering, cronyism and deceit. If you hate the new standard and can’t make heads or tails of its New Age, vague, un-auditable requirements, you’re not alone. It’s been nearly universally reviled, and the only people saying nice things about it are sales reps from registrars, underemployed consultants, and the PR marketing dweebs from ISO itself.

Unlike previous editions, which had their fair share of private consultants monkeying around the standard, this latest edition was the direct product of those consultants, who now held nearly every position in leadership in TC 176 and its various subcommittees. They knew they’d stand to make mad bank by making the standard as confusing as possible, and then even boasted in their PowerPoint slide decks about how “risk based thinking” would be the “biggest boon to consultants ever.” (Seriously, go see it.)

While it wasn’t a sea change like the 2000 version, the 2015 edition was a major rewrite, with most of the effort spent on shufffling paragraphs into unintelligible order and then taking previously understood concepts like “purchasing” (1 word) and bloating them up to “control of externally provided products, processes and services” (8 words) in order to achieve a 40-page document, to justify the increased cover price.

Naturally, the scope got weird and bloated too:

0.1 General

The adoption of a quality management system is a strategic decision for an organization that can help to improve its overall performance and provide a sound basis for sustainable development initiatives.

The potential benefits to an organization of implementing a quality management system based on this International Standard are:

  1. the ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements;
  2. facilitating opportunities to enhance customer satisfaction;
  3. addressing risks and opportunities associated with its context and objectives;
  4. the ability to demonstrate conformity to specified quality management system requirements.

This International Standard can be used by internal and external parties. [Emphasis added.]

… and …

1.0 Scope

This International Standard specifies requirements for a quality management system when an organization:

  1. needs to demonstrate its ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements, and
  2. aims to enhance customer satisfaction through the effective application of the system, including processes for improvement of the system and the assurance of conformity to customer and applicable statutory and regulatory requirements.

All the requirements of this International Standard are generic and are intended to be applicable to any organization, regardless of its type or size, or the products and services it provides. [Emphasis added.]

As you can see, the amount of bold italics has grown significantly since 1987. And, as we can see, “contract” is removed entirely.

From Contract Vehicle to Interdimensional Spaceship

If we go back and drag out the bullet points from our two bookends — the 1987 version and the 2015 version — the differences are stark:

When you dig further into clause 4.0 of the new standard, “Context of the Organization,” you find that the “context and objectives” can mushroom fairly quickly, as you consider the “interested parties” and their various issues which are supposed to then inform the company’s strategic direction, as well as the QMS itself.

About Christopher Paris

Christopher Paris is the founder and VP Operations of Oxebridge. He has over 30 years' experience implementing ISO 9001 and AS9100 systems, and is a vocal advocate for the development and use of standards from the point of view of actual users. He is the author of Surviving ISO 9001 and Surviving AS9100. He reviews wines for the irreverent wine blog, Winepisser.


ISO 45001 Implementation