Is your ISO useful to you or just your customers? A question of Scope.
ISO is about a Quality Management System (QMS). QMS in organizations is not optional – it is the way the organization operates. Quality is all the activities that are performed that contribute to successfully satisfying the customer. By definition that is the activities and processes performed by people, their responsibilities, how they process what information in order to make decisions – everything that goes on in an organization in order to get good product out the door. A management system over quality aims to ensure that all of these activities, tasks, etc. are performed in an effective manner. That does not mean overly documented procedures, bureaucratic supporting activities that are not value driven, not records nor activities for the sake of “a standard”. Quality is ONLY about satisfying customers and managing it should be in a sensible and effective way. That is a Quality Management System.
ISO is not a program. It is a set of requirements that represent a good model for helping us assess and improve our QMS, if we choose. Certification…that’s a different matter!
All organizations have a QMS – it is what they do, and when asked to prove they have a good one, the question of ISO 9001 comes up. Faced with having to take that next step and compare ISO to their QMS, apply additional controls and then to seek certification, they want to minimize the cost. Problem is that many organizations overly complicate and overly bureaucratize their system. They think they have to do “more”. They want to minimize that cost and so they limit the extent of where ISO is applied. Limit the extent of ISO in the organization and that reduces the audit effort and cost.
Some organizations will argue that parts of their facility or product range do not need to be ISO certified. Often they will claim that some organizational processes are too simple, too complex, confidential (secret) or that they will seek certification in a staged approach and some areas will not be certified immediately (and often never are). Usually they find they have to become ISO certified because a customer is pressuring them and therefore they want to limit it to those areas of their organization relevant to that customer.
QMS is everywhere in the organization, ISO is designed to help us do it better and if it is restricted to specific areas it means that some parts of the organization are operated in a formal, disciplined and controlled manner and others are not. It doesn’t mean they are badly run but it isn’t possible for management to know that they are well run.
If there is true understanding and commitment to quality, not specifically to ISO but to ensuring customers are satisfied, then the QMS will be formalized with appropriate controls across the whole organization. That is, after all, how the organization operates and an appropriate level of control is necessary to make sure that all parts of the organization are controlled appropriately. How much of it, if any, is ISO certified is irrelevant.