Supply Risk Management and ISO 9000

Greg Hutchins | CSIC Columnist

Fifteen years ago, I wrote the best selling books on ISO 9000.  They got translated into 8 languages.  We were great advocates for the internationalization and deployment of ISO 9000.  There were many reasons for it.  ISO 9000 is a great standard.  It facilitated global trade.  Ensured harmonious quality systems.  Facilitated lean manufacturing and sigma problem solving.  Now, more than 1,000,000 companies are registered worldwide.  It’s been a huge success.

But, we’re advocating a change to risk management both from the customer’s and supplier’s points of view.  Why?

The Japanese tsunami irrevocably changed the paradigm for customer-supplier relationships.  Many of the mature lean supply chains had no give or buffers.  They relied on single source suppliers.  There were few or no incoming, in process, or final inventories in the lean supply chains.  So once the tsunami hit, many manufacturers found their supply chains at risk with no contingency stocks or back up suppliers.  What we discovered was that once the tsunami hit manufacturers, many best supply management practices didn’t pass the test.

ISO 9001 Background

Many suppliers in Asia and throughout the world have become ISO 9000 certified.  That’s great.  ISO 9001 certificate was critical to ensure global trade through ensuring that customer requirements were defined and understood and that suppliers were capable of providing consistent and conforming products.  Let’s review what is in the standard.

ISO 9001 is an international standard that describes the requirements for a supplier’s Quality management System (QMS).  A supplier’s QMS gives the customer assurance of a number of factors.  The QMS describes the supplier’s top management commitment to quality, its customer focus, the adequacy of the supplier’s resources to comply, employee technical competence, process management (for production, service delivery and relevant administrative and support processes), quality planning, product design, review of incoming orders, purchasing, monitoring and measurement of its processes and products, calibration of measuring equipment, processes to resolve customer complaints, corrective/preventive actions and a requirement to drive continual improvement of the QMS. As you can see, it’s very comprehensive.

QMS is a good to great system of management.  But it has its challenges.  ISO 9000 registration requires specific documentation.  It can be bureaucratic.  It can be costly.

It has provided the requisite level of assurance and confidence that customers want.  However, we believe that customers now want to mitigate supplier process and product risks, which we describe in the next section.

Supplier Risk Management

As more critical processes have been outsourced and off shored, customers are now exposed to many more risks that need to be mitigated.  So what’s next?  The next part of the continuous improvement journey is risk based, supply management.  Much of this is still new and being developed.  But, we can look at some of best practices in supply risk management and what this implies for future customer – supplier relations.

Customers want supplier stability.  Supplier changes, such as nonconforming products, changes in the supplier management team, changes in supply  management, regulatory fines can impact a customer adversely and even shut operations.   So, what can a customer do?

ISO 9000 audits tend to be check-the-box compliance assessments.  Some customers are now conducting supply risk audits.  Customers will evaluate ISO 9000 compliance continuously using on line audits but will conduct more invasive on site audits to evaluate supplier capabilities.  For example, an ISO 9000 may take 2 to 3 days depending on the size of the supplier.  Supplier risk audits are more detailed because of the level of required due diligence. Supplier risk audits may require a week or two to evaluate compliance with customer specifications.  These may take even longer if the customer wants to evaluate second and even third tier suppliers conducting onsite product testing or coordinate measuring machine verifications.

Risk requirements are also moving further down stream.  Customers are asking simple questions, such as ‘what if’ and ‘if then, what.’  Critical suppliers now need contingency or business continuity plans with their own suppliers.  And so on down the supply chain.

Supply Risk Management Benefits

Supply risk management offers a number of customer benefits to companies, specifically it:

Ensures customer business continuity if there is a disruption.

Assists in managing critical suppliers.

Assists in developing supply risk mitigation strategies


Leave a Comment