CXO

What CIOs need to know about ISO 9000 standards

Many companies are being forced by business partners to implement ISO 9000 standards, which will significantly impact IT. What will you need to know? An ISO 9000 consultant explains.


Your IT staff may not be the only ones concerned with certification. Soon, your CFO may have the entire company preparing for certification of a different kind: ISO 9000.

ISO 9000 is a process-management standard that, until recently, has been used primarily by the manufacturing industry. But more and more large companies, like Honeywell, are demanding that their business partners become ISO 9000 certified. And ISO 9000 standards don't stop on the manufacturing floor.

The use of ISO 9000 standards is growing exponentially, especially in Europe, according to David Rigg, a senior consultant specializing in ISO 9000 quality management system implementation with Moorhill International Group, Inc.

While IT workers are accustomed to documenting processes, there are aspects of ISO 9000 that present challenges to many IT professionals, Rigg said.

In this article, Rigg answers our questions on what chief information officers, chief technology officers, and other IT leaders need to know about implementing this standard.
How have ISO 9000 standards affected you? Are there standards you'd like to know more about? E-mail us or post a comment below.
Why ISO 9000 certification?
Why is this important? It certifies that management is controlling a large set or sets of processes that deal with every function inside the business, Rigg said.

ISO 9000 is not just about service or product quality; it's about management quality, Rigg explained. These standards address process management, requiring companies to identify and document processes that need to be controlled, from executive management through to the production of an item or service.

Think about your own experience with businesses, Rigg suggested. "Who do you like to do business with? When you are treated poorly or there's poor customer service or [constant] administrative glitches, etc., you don't want to do business with those types of companies," he said. "Large corporations feel the same way."

Although ISO 9000 is designed to help companies run smoothly and efficiently, companies don't always implement ISO 9000 standards by choice. Many large companies are requiring their smaller business partners to comply with the standard, Rigg said. "It's becoming more and more predominant," he said. "We did one company that's a three-man company."

The standard is used primarily in Europe, as well as in certain states, including technology hot spots California and Texas.

As a CIO, you most likely are, in some ways, more prepared to implement ISO 9000 standards because you are accustomed to thinking in terms of process, according to Rigg. But it will also require your staff to outline processes that you may not have even thought of documenting. Take, for example, what you would have to consider to document the process of creating new nodes on a network:
  • Are there forms your staff fills out?
  • Are there requests that have to be approved?
  • Is there equipment that has to be purchased?
  • Is there a time frame that has to be used?
  • What are the scheduling requirements to make it happen?
  • What are the manpower requirements to make it happen?

"The biggest thing that [IT workers] will be facing is actually documenting the processes or procedures of how they do things now," he said. "The ISO 9000 standard is not about so much changing the way you do things as it is documenting what you do. And the reason you document them is because you need to be able to perform to those documents."

Why? Consistency.

"If a process is consistent then it is predictable, even if it is predictably bad," he said. "If it's predictably bad, you can find the places that need improvement or find the changes that need to be made to start running it differently.”

What CIOs should expect
If your company decides to implement ISO 9000 standards, you and your staff will have to dedicate substantial time to document and prepare for registration. You'll also have to get things in order for the ISO 9000 auditors, who will ask procedural questions of everyone, including the technician, the CEO—and you, the CIO.

Most likely, IT workers will face procedural questions. For example, the auditor may ask your technicians, "Tell me about how you do your job. How do you know how to do that?"

"Of course, there are several answers,” Rigg said. “It could be anywhere from 'I'm a trained technician, which is part of my job description. I have this kind of experience.' In such case the auditor would go look at the job description to see if that person has had the requisite background for performing such a job. Or the technician might say, 'We had an internal training class.' Or he might say, 'Here are the work instructions. I have a diagram right here that tells me what to do.'"

The auditor would then check the job description to see if that person in fact has the required background for the job. The auditor would also review any documentation required for the job.

Executive management can anticipate questions about how they determined how many resources (money, manpower, equipment) were required for a job.

"Now there's no right or wrong answer," he said. "[The auditors] are checking to see if the company has developed a process or procedure or thought about it."

CIOs will, in some ways, have a leg up because they are accustomed to working with processes, he said. "Many of them have had programming experience, so as you start to lay things out in a logical fashion, it becomes easy for them to see the benefit," he said.
David Rigg is a team-building consultant and an active member of TechRepublic. Recently, Rigg was profiled in our featured member article, published monthly. He shared with us how CIOs can foster team building, both inside and outside the division. Read the interview to learn more.

Editor's Picks