Print Share Home

Applying ISO Standards to Improve Purchasing Performance


George Harris
George Harris, President, Harris Consulting, Lexington, MA 02173, 617/674-0041.

79th Annual International Conference Proceedings - 1994 - Atlanta, GA

If you haven't heard about or received literature on the ISO-9000 standards, you have probably been on a information sabbatical or taken a leave of absence. The ISO standards are hot . . . . Why? Because they provide a set of guidelines, which if used correctly, can form the basis of a quality system for your department, your plant, or your company. To top it off, you can become a registered company, sometimes referred to as certified, which could be a requirement of an international customer or provide the basis for a sales initiative here in the United States. It can also be modified to serve as a standard for purchasing quality system design. At least that was our premise as we sought to apply the standard to purchasing operations. The balance of this paper will describe the purchasing guidelines and an audit program which can be used to assess a given purchasing department.

There are three different standards under which registration can be achieved:

  1. ISO-9001 - Used in the event registration is sought for design, manufacture, installation, and service

  2. ISO-9002 - Used in the event registration is sought for manufacture, installation and service

  3. ISO-9003 - Used in the event registration is sought for installation and service.

The ISO-9001 series is then the most difficult standard to be registered under due to the need to demonstrate design to manufacture to service interfaces and integration which normally is accomplished by three distinct organization, located in different locations.

ISO registration is being pursued by companies to introduce more standardized, repetitive processes which are followed in production or service delivery. ISO-9001 involves 20 specific categories ranging from management-, responsibility to use of statistics to document control.

Our initial step was to rewrite the standards to make them specifically apply to purchasing departments. In some cases, the revisions were minimal; in others, the changes were significant. As revised, the various categories can be graphically displayed as follows:


  • Management Responsibility
  • Quality System
  • Subcontract Review
  • Design Control
  • Document Control
  • Purchasing Quality Assurance
  • Product Identification and Traceability
  • Subcontractor Process Control
  • Inspection and Testing
  • Inspection, Measuring, and Test Equipment
  • Inspection and Test Status
  • Control of Nonconforming Product
  • Corrective Action
  • Receipt Handling and Storage
  • Quality Records
  • Internal Quality Audits
  • Training
  • Servicing
  • Statistical Techniques

An example of the revised text for the initial guideline entitled Management Responsibility is provided below for examination. We found that little revision to the ISO-9001 published guidelines was necessary because the intention of this guideline was applicable to any layer of management or to any manager in an organization. Specifically, a quality policy statement regarding subcontractors (the words used to describe suppliers in the guidelines) must be developed, and the organization established to implement the policy including responsibilities and authority must also be present. Adequate personnel and resources must be made available by the organization for implementation and improvement followed by periodic management review and involvement in the process to ensure success.


Management shall define and document its policy and objectives for, and commitment to, subcontractor quality. The supplier shall ensure that this policy is understood, implemented, and maintained at all levels in the organization.


The responsibility, authority, and the interrelation of all personnel who manage, perform, and verify work affecting quality shall be defined; particularly for personnel who need the organizational freedom and authority to:

  1. Initiate action to prevent the occurrence of product and service nonconformity.
  2. Identify and record any product or service quality problems.
  3. Establish the root cause(s) of designated quality problems.
  4. Initiate, recommend, or provide solutions through designated channels.
  5. Verify the implementation of solutions.
  6. Control further processing, delivery, or installation of nonconforming product or provision of nonconforming services until the deficiency or unsatisfactory condition has been corrected.

The supplier shall identify, have access to, and participate with personnel responsible for in-house verification requirements, provide adequate resources, and assign trained personnel for verification activities (see 17).

Verification activities shall include inspection, test, and monitoring of the design, production, installation, and servicing of the process and/or product/service shall be carried out by personnel independent of those having direct responsibility for the work being performed. A feedback and communication linkage shall be established between the buying organization and verification personnel.

The supplier shall appoint a management representative who, irrespective of other responsibilities, shall have defined authority and responsibility for subcontractor quality management are implemented and maintained.

The quality system adopted to satisfy the requirements of this Standard shall be reviewed at appropriate intervals by the supplier's management to ensure its continuing suitability and effectiveness. Records of such reviews shall be maintained (see 15).

Note: Management reviews normally include assessment of the results of internal quality audits, but are carried out by, or on behalf of, the supplier's management, namely management personnel having direct responsibility for the system (see 16).

As mentioned earlier, each of the guidelines was revised in this fashion. A significant amount of effort was made to ensure that the guidelines were integrated well, and as such, did not include ambiguities or redundancies.

As part of the registration process, a company must first provide a copy of its quality policy, quality manual, and its policies and procedures including work instructions used. Once this is done, the ISO registrar (chosen by the company to actually audit their processes, provide feedback, and ultimately issue the registration certificate) employs a number of auditing tools and techniques to ensure that the individuals in the company not only understand the policies and procedures but also perform their work in accordance with those same policies and procedures.

In order to ensure that the guidelines as rewritten for purchasing apply and are appropriate, we developed a series of questions and audit points which can be used to assess a specific purchasing organization's compliance with the guidelines. Eighteen pages of such questions were developed to help ascertain a particular group's compliance. The example below indicate the types of questions and issues relating to compliance with Guideline 1: Management Responsibility provided earlier.


  1. Is there a plant/business level plan that addresses the strategy of acquisition and control of materials (including subcontracted materials required by the manufacturing process)?
  2. At a minimum, does the above plan define present and future objectives and strategies for:
    1. Qualification of vendors?
    2. Qualification of purchased material and parts?
    3. Vendor Management Program with objectives to reduce inventories, reduce and eliminate inspections, and achieve cost effectiveness?
    4. Material control?
    5. Inventory control?
    6. Source inspection?
    7. Incoming inspection?
    8. Corrective action?
  3. Does it define the plant/business functions responsible for accomplishing these objectives and strategies?
  4. Is there a system which audits or otherwise measures the effectiveness of the materials acquisition and control functions?
  5. At a minimum, do the measurement results indicate that materials supplied to the manufacturing process are controlled to ensure:
    1. Quality and reliability?
    2. Correct quantities?
    3. Supplied on time?
  6. Is there evidence that departments coordinate achieve the objectives plan?

Each one of the guidelines, then, can be reviewed in this context and fashion, and the results provided to senior management of the company. Action plans can then be put in place to ensure compliance, beginning with the worst performing area.

Our research will focus on using these guidelines in three different sized companies in three different industries. Results of the usefulness and applicability of the guidelines and audit results will be presented at the convention.

Back to Top