Quality Assurance: 2009

Saturday, December 26, 2009

Quality Management System Requirements

Quality Management System Requirements
The ISO 9001:2008 standard is meant to be generic and applicable to all kinds of organizations. Therefore, organizations from both the public and private sectors, including non-governmental organizations can benefit from the ISO 9000 quality management system model, regardless of whether they are small, medium or large organizations. The immediate benefit that can be realized from the implementation of ISO 9000 is the collective alignment of the activities of internal processes that are focused towards the enhancement of customer satisfaction which will result in many other benefits, whether internal or external. The magnitude of these benefits are determined by how effective the processes are in achieving its objectives.

Thursday, November 26, 2009

How Quality Management System is implemented?

How Quality Management System is implemented?

The terms ‘establish’, ‘document’, ‘implement’, ‘maintain’ and ‘improve’ are used in the ISO 9000 Standard as though this is a sequence of activities when in reality, in order to establish a system it has to be put in place and putting a system in place requires two separate actions:
- Design the Quality Management System using a process that transforms the system requirements into specific characteristics that results in a clear definition of all the processes that meet the system requirements.
- Construct the system using a process that documents, installs, commissions and integrates the processes to deliver the required business outputs.
The way in which these phases of quality system development are related is
illustrated in the management system process model shown in Figure 4.1. This diagram has some important features. Note that the design input to the system comprises internal and external requirements. On the right side there are four improvement routes:
- Improvements in conformity during operation of the system arise through
enforcing policy and practices – doing what you say you do
- Improvements in conformity during system construction arise through
enforcing policy and design rules on the system – reworking the system to
comply with the established policies and objectives
- Improvements in efficiency during system construction arise through
finding better ways of implementing the system design – shorter, less
wasteful routines, less complexity, lower skill levels, fewer resources
- Improvements in effectiveness arise as a result of identifying different
policies and objectives – higher targets, new objectives, new requirements,
regulations, and new technologies.
As indicated above, establishing a system means designing and constructing it, which can be referred to as system development. System design is dealt with under Identifying processes. Constructing the system covers documentation, resourcing, installation, commissioning, qualification and integration.

Documenting A Quality Management System

Documenting A Quality Management System

The ISO 9000 Standards requires the organization to document a quality management system in accordance with the requirements of ISO 9001. A document (according to ISO 9000 clause 2.7.1) is information and its supporting medium. A page of printed information, a CD ROM or a computer file is a document, implying that recorded information is a document and verbal information is not a document.
Clause 4.2 requires the management system documentation to include certain types of documents and therefore does not limit the management system documentation to the types of documents listed.
As a management system is the means to achieve the organization’s objectives, and a system is a set of interrelated processes, it follows that what has to be documented are all the processes that constitute the system.
While there is a reduction in emphasis on documentation in ISO 9001:2008 compared with the 1994 version, it does not imply that organizations will need less documentation to define their management system. What it does mean is that the organization is left to decide the documentation necessary for effective operation and control of its processes. If the absence of specific documentation does not adversely affect operation and control of processes, such documentation is unnecessary.
Before ISO 9000 came along, organizations prospered without masses of
documentation and many still do. Those that have chosen not to pursue the
ISO 9000 path often only generate and maintain documents that have a useful purpose and will not produce documents just for auditors unless there is a legal requirement. Most of the documentation that is required in ISO 9000 came about from hindsight – the traditional unscientific way organizations learn and how management systems evolve.
ISO 9000 contains a list of valid reasons for why documents are necessary as below:
- To communicate requirements, intentions, instructions, methods and results effectively
- To convert solved problems into recorded knowledge so as to avoid having
to solve them repeatedly
- To provide freedom for management and staff to maximize their contribution to the business
- To free the business from reliance on particular individuals for its effectiveness
- To provide legitimacy and authority for the actions and decisions needed
- To make responsibility clear and to create the conditions for self-control
- To provide co-ordination for inter-departmental action
- To provide consistency and predictability in carrying out repetitive tasks
- To provide training and reference material for new and existing staff
- To provide evidence to those concerned of your intentions and your actions
- To provide a basis for studying existing work practices and identifying
opportunities for improvement
- To demonstrate after an incident the precautions which were taken or which should have been taken to prevent it or minimize its occurrence
If only one of these reasons make sense in a particular situation, the
information should be documented. In some organizations, they take the
view that it is important to nurture freedom, creativity and initiative and
therefore feel that documenting procedures is counterproductive. Their view is that documented procedures hold back improvement, forcing staff to follow routines without thinking and prevent innovation. While it is true that blindly enforcing procedures that reflect out-of-date practices coupled with bureaucratic change mechanisms is counter productive, it is equally shortsighted to ignore past experience, ignore decisions based on valid evidence and encourage staff to reinvent what were perfectly acceptable methods.
Question by all means, encourage staff to challenge decisions of the past, but
encourage them to put forward a case for change. That way it will cause
them to study the old methods, select the good bits and modify the parts that are no longer appropriate. It is often said that there is nothing new under the sun – just new ways of packaging the same message.

Develop Quality Management System Documentation In ISO 9000 Standards

develop Quality Management System Documentation In ISO 9000 Standards

Documentation is the most common area of non-conformance among organizations wishing to implement ISO 9000 quality management systems. As one company pointed out: “When we started our implementation, we found that documentation was inadequate. Even absent, in some areas. Take calibration. Obviously it’s necessary, and obviously we do it, but it wasn’t being documented. Another area was inspection and testing. We inspect and test practically every item that leaves here, but our documentation was inadequate”.
Documentation of the quality management system should include:
1. Documented statements of a quality policy and quality objectives,
2. A quality manual,
3. Documented procedures and records required by the standard ISO 9001:2008, and
4. Documents needed by the organization to ensure the effective planning, operation and control of its processes.

Quality documentation is generally prepared in the three levels indicated below that follows. Use ISO 10013:1995 for guidance in quality documentation.

Level A: Quality manual
States the scope of the quality management system, including exclusions and details of their justification; and describes the processes of the quality management system and their interaction. Generally gives an organization profile; presents the organizational relationships and responsibilities of persons whose work affects quality and outlines the main procedures. It may also describe organization’s quality policy and quality objectives.

Level B: Quality management system procedures
Describes the activities of individual departments, how quality is controlled in each department and the checks that are carried out.

Level C: Quality documents (forms, reports, work instructions, etc.)
1. Work instructions describe in detail how specific tasks are performed; include drawing standards, methods of tests, customer’s specifications, etc.
2. Presents forms to be used for recording observations, etc.

Sunday, November 22, 2009

Continual improvement in the quality management system

Continual Improvement In The Quality Management System

The ISO 9001 standard requires the organization to continually improve the effectiveness of the quality management system in accordance with the requirements of ISO 9001 and to implement action necessary to achieve planned results and continual improvement of the identified processes.

ISO 9000 defines continual improvement as a recurring activity to increase the ability to fulfil requirements. As the organization’s objectives are its requirements, continually improving the effectiveness of the quality management system means continually increasing the ability of the organization to fulfil its objectives.

If the performance of a process parameter is currently meeting the standard that has been established, there are several improvement actions you can take:

Raise the standard e.g. if the norm for the sales ratio of orders won to all orders bid is 60%, an improvement programme could be developed for raising the standard to 75% or higher

Increase efficiency e.g. if the time to process an order is within limits, identify and eliminate wasted resources

Increase effectiveness e.g. if you bid against all customer requests, by only bidding for those you know you can win you improve your hit rate

You can call all these actions improvement actions because they clearly improve performance. However, we need to distinguish between being better at what we do now and doing new things. Some may argue that improving efficiency is being better at what we do now, and so it is – but if in order to improve efficiency we have to be innovative we are truly reaching new standards. Forty years ago, supervisors in industry would cut an eraser in half in the name of efficiency rather than hand out two erasers. Clearly this was a lack of trust disguised as efficiency improvement and it had quite the opposite effect. In fact they were not only increasing waste but also creating a hostile environment.

Each of the improvement actions is dealt with later in the book and the subject of continual improvement addressed again under Quality planning.

There are several steps to undertaking continual improvement:

1. Determine current performance

2 Establish the need for change

3 Obtain commitment and define the improvement objectives

4 Organize diagnostic resources

5 Carry out research and analysis to discover the cause of current performance

6 Define and test solutions that will accomplish the improvement objectives

7 Product improvement plans which specify how and by whom the changes will be implemented

8 Identify and overcome any resistance to change

9 Implement the change

10 Put in place controls to hold new levels of performance and repeat step one

For more information, please visit http://www.iso9001-standard.us

ISO 9000 Quality Assurance Policy

ISO 9001 Quality Policy

The standard requires the quality policy to be appropriate to the purpose of the organization.

The purpose of an organization is quite simply the reason for its existence and as Peter Drucker so eloquently put it there is only one valid definition of business purpose: to create a customer”(Drucker, Peter F., 1977)2 . In ensuring that the quality policy is appropriate to the purpose of the organization, it must be appropriate to the customers the organization desires to create. It is therefore necessary to establish who the customers are, where the customers are, what they buy or wish to receive and what these customers regard as value. As stated above, the quality policy is the corporate policy and such policies exist to channel actions and decisions along a path that will fulfil the organization’s purpose and mission. A goal of the organization may be the attainment of ISO 9001 certification and thus a quality policy of meeting the requirements of ISO 9001 would be consistent with such a goal, but goals are not the same as purpose as indicated in the box to the right. Clearly no organization would have ISO 9001 certification as its purpose because certification is not a reason for existence – an objective maybe but not a purpose.

Policies expressed as short catchy phrases such as “to be the best” really do not channel actions and decisions. They become the focus of ridicule when the organization’s fortunes change. There has to be a clear link from mission to quality policy.

Policies are not expressed as vague statements or emphatic statements using the words may, should or shall, but clear intentions by use of the words ‘we will’

– thus expressing a commitment or by the words ‘we are, we do, we don’t, we have’ expressing shared beliefs. Very short statements tend to become slogans which people chant but rarely understand the impact on what they do. Their virtue is that they rarely become outdated. Long statements confuse people because they contain too much for them to remember. Their virtue is that they not only define what the company stands for but how it will keep its promises.

In the ISO 9001 definition of quality policy it is suggested that the eight quality management principles be used as a basis for establishing the quality policy.

One of these principles is the Customer Focus principle. By including in the quality policy the intention to identify and satisfy the needs and expectations of customers and other interested parties and the associated strategy by which this will be achieved, this requirement would be fulfilled. The inclusion of the strategy is important because the policy should guide action and decision. Omitting the strategy may not ensure uniformity of approach and direction.

The standard requires that the quality policy include a commitment to comply with requirements and continually improve the effectiveness of the quality management system.

A commitment to comply with requirements means that the organization should undertake to meet the requirements of all interested parties. This means meeting the requirements of customer, suppliers, employees, investors, owners and society. Customer requirements are those either specified or implied by customers or determined by the organization and these are dealt with in more detail under clauses 5.2 and 7.2.1. The requirements of employees are those covered by legislation such as access, space, environmental conditions, equal opportunities and maternity leave but also the legislation appropriate to minority groups such as the disabled and any agreements made with unions or other representative bodies. Investors have rights also and these will be addressed in the investment agreements. The requirements of society are those obligations resulting from laws, statutes, regulations etc.

An organization accepts such obligations when it is incorporated as a legal entity, when it accepts orders from customers, when it recruits employees, when it chooses to trade in regulated markets and when it chooses to use or process materials that impact the environment.

The effectiveness of the management system is judged by the extent to which it fulfils its purpose. Therefore improving effectiveness means improving the capability of the management system. Changes to the management system that improve its capability i.e its ability to deliver outputs that satisfy all the interested parties, are a certain types of change and not all management system changes will accomplish this. This requirement therefore requires top management to pursue changes that bring about an improvement in performance.

Scope Of The Quality Management System

Scope Of The Quality Management System

The ISO 9001 standard requires the quality manual to include the scope of the quality management system including details of justification for any exclusion. The standard addresses activities that may not be relevant or applicable to an organization. The permissible exclusions are explained in section 1.2 of ISO 9001. Here it states that the organization may only exclude requirements that neither affect the organization’s ability, nor its responsibility to provide product that meets customer and applicable regulatory requirements. The requirements for which exclusion is permitted are limited to those in section 7 of the standard.

Under ISO 9001:2008, it was possible for organizations to exclude functions and processes of their organization that may have been difficult to control or were not part of the order fulfilment cycle. Organizations that designed their own products but not for specific customers could escape bringing these operations into the management system. Marketing was omitted because it operated before placement of order. Accounting, Administration, Maintenance, Publicity, Public Relations and After Sales Support functions were often omitted because there were no requirements in the standard that specifically dealt with such activities. As there is no function in an organization that does not directly or indirectly serve the satisfaction of interested parties, it is unlikely that any function or process will now be excluded from the quality management system.

It is sensible to describe the scope of the quality management system so as to ensure effective communication. The scope of the quality management system is one area that generates a lot of misunderstanding particularly when dealing with auditors, consultants and customers. When you claim you have a management system that meets ISO 9001 it could imply that you design, develop, install and service the products you supply, when in fact you may only be a distributor. Why you need to justify specific exclusions is uncertain because it is more practical to justify inclusions.

The scope of the quality management system is the scope of the organization. There is no longer any reason to exclude locations, activities, functions or processes for which there is no requirement in the standard. The reason is because the ISO 9000 family now serves customer satisfaction and is not limited to quality assurance as were the 1994 versions of ISO 9001, ISO 9002 and ISO 9003.

It is not appropriate to address exclusions by inserting pages in the manual corresponding to the sections of the standard and adding justification if not within the scope of the management system – such as ‘We don’t do this!’.

It is much more appropriate to use an appendix as indicated previously in the manual contents list. By describing the nature of the business, you are establishing boundary conditions. If in doing so you do not mention that you design products, it will be interpreted that design is not applicable.

For exclusions relative to detail requirements, the Compliance Matrix may suffice but for an unambiguous solution, it is preferable to produce an exposition that addresses each requirement of the standard.

Friday, October 2, 2009

How long does it take to implement ISO 9001?

It depends on you and your company. The very fastest is 2-3 months because most ISO 9001 registrars require at least 2 months ISO 9001 track record before the certification audit.
More realistically: if you have a relatively small company (say, less than 20 employees), if your employees are motivated and if they don’t oppose change, if you have the backing of all senior executives, if you and other managers are ready to put some significant time and efforts into this endeavor, and if you use a really good ISO 9001 quality manual template (a sample ISO 9000 quality manual that you can modify to make it your own ISO 9000 quality manual), then you may be able to get certified in as short as 3-4 months; templates for ISO 9000 forms are an additional time-saver. Some companies are significantly slower, with 6-12 months not being unusual.
However, companies that write their ISO 9001 quality manual and their ISO 9001 quality procedures from scratch, rather than base them on a proven sample ISO 9001 quality manual, often take up to 2 years or longer.

Why is ISO 9000 Important?

ISO 9000 is important because of its orientation. While the content itself is useful and important, the content alone does not account for its widespread appeal.
ISO 9000 is important because of its international orientation. Currently, ISO 9000 is supported by national standards bodies from more than 150 countries. This makes it the logical choice for any organization that does business internationally or that serves customers who demand an international standard of excellence.
ISO is also important because of its systemic orientation. We think this is crucial. Many people wrongly emphasize motivational and attitudinal factors. The assumption is that quality can only be created if workers are motivated and have the right attitude. This is fine, but it doesn’t go far enough. Unless you institutionalize the right attitude by supporting it with the right policies, procedures, records, technologies, resources, and structures, you will never achieve the standards of quality that other organizations seem to be able to achieve. Unless you establish a quality attitude by creating a quality management system, you will never achieve a world-class standard of quality.
Simply put, if you want to have a quality attitude you must have a quality system. This is what ISO recognizes, and this is why ISO 9000 is important.

Templates for Quality Manuals and Forms

Using templates for ISO 9001 quality manuals, procedures and forms can have huge benefits for an organization. Templates are usually in the form of existing and proven manuals, procedures and forms. Follow the link for more information on the use of Templates.
The ISO 9000 quality manual and the ISO 9000 quality procedures are a vital part of any ISO 9001 quality system.
You can get a huge head start by purchasing a good template quality manual (a sample quality manual that you can
use as a good example and that you can modify to make it your own quality manual). There are numerous
companies that sell ISO 9000 quality manuals that you can use as templates to create your own quality manual.
We urge you to carefully evaluate them before making a purchase decision as we found the majority to be
convoluted, bureaucratic and cumbersome.

Tuesday, September 29, 2009

SUMMARY OF CHANGES TO ISO 14001:2004

SUMMARY OF CHANGES TO ISO 14001:2004
ISO 14001:2004 aims to clarify the 1996 edition and align it more closely with the ISO 9001:2000 standard. Some clauses have not been modified for content but have been rewritten to align ISO 14001:2004 with the format, wording, and layout of ISO 9001:2000 and to enhance the compatibility between the two standards.
References in Annex A of the standard are aligned with the numbering in the standard for ease of use. Annex B of the standard identifies similarities and associations between ISO 9001:2000 and ISO 14001:2004.
An important change in wording throughout the revised standard appears in requirements that previously stated that an organisation shall “establish and maintain”; these have now been changed to “establish, implement and maintain”.
Throughout the standard the word “personnel” in the original standard is replaced with “persons working for or on behalf of the organisation” in the revised standard. This is included to ensure that external contractors and applicable suppliers are included under the requirements of certain clauses.
In developing, implementing and maintaining the organisation’s EMS, significant environmental aspects, applicable legal requirements and other requirements to which the organisation subscribes must be considered, and management must ensure the availability of resources.
There are additional paragraphs in the introduction, which generally cover:
• the aim of the ISO 14001:2004 standard is to enhance compatibility with ISO 9001:2000;
• alignment is improved between clause references and supporting Annexes. For example, 4.3.3 and A.3.3 both deal with objectives, targets and programme(s), and 4.5.5 and A.5.5 both deal with internal audit;
• an explanation of the Plan-Do-Check-Act (PDCA) model used in ISO 9001:2000;
• the use of the process approach is promoted in alignment with ISO 9001:2000;
• possible alignment and integration with other management systems is reviewed

Tuesday, September 22, 2009

ISO 9001 & ISO 14001 Blog

Some of the new blogs on ISO 9001 Standards & ISO 14001 standards was found as below:http://iso14000standards.blogspot.com/
http://iso-9001-standards.blogspot.com/
http://iso14001environmentmanagementsystem.blogspot.com/
http://iso9001qualitymanagementsystem.blogspot.com/
http://iso9001qualitymanual.blogspot.com/
http://iso9000standards.blogspot.com/
http://iso9001-standards.blogspot.com/
http://iso14001standards.blogspot.com/
http://www.iso14000store.com/blog
http://www.iso9001-standard.us

Saturday, September 12, 2009

ISO 9000 and ISO 14000 in plain language

Both “ISO 9000” and “ISO 14000” are actually families of standards which are referred to under these generic titles for convenience. Both families consist of standards and guidelines relating to management systems, and related supporting standards on terminology and specific tools, such as auditing (the process of checking that the management systemconforms to the standard).
ISO 9000 is primarily concerned with “quality management“. In the everyday context, like “beauty”, everyone may have his or her idea of what “quality” is. But, in the ISO 9000 context, the standardized definition of quality refers to all those features of a product (or service) which are required by the customer. “Quality management” means what the organization does to ensure that its products or services satisfy the customer’s quality requirements and comply with any regulationsapplicable to those products or services.
ISO 14000 is primarily concerned with “environmental management”. In plain language, this means what the organization does to minimize harmful effects on the environment caused by its activities.
In addition, both ISO 9000 and ISO 14000 require organizations that implement them to improve their performance continually in, respectively, quality and environmental management.
Both ISO 9000 and ISO 14000 concern the way an organization goes about its work, and not directly the result of this work. In other words, they both concern processes, and not products – at least, not directly. Nevertheless, the way in which the organization manages its processes is obviously going to affect its final product.
In the case of ISO 9000, the efficient and effective management of processes is, for example, going to affect whether or not everything has been done to ensure that the product satisfies the customer’s quality requirements. In the case of ISO 14000, the efficient and effective management of processes is going to affect whether or not everything has been done to ensure a product will have the least harmful impact on the environment, at any stage in its life cycle, either by pollution, or by depleting natural resources.
However, neither ISO 9000 nor ISO 14000 are product standards. The management system standards in these families state requirements for what the organization must do to manage processes influencing quality (ISO 9000) or the processes influencing the impact of the organization’s activities on the environment (ISO 14000). In both cases, the philosophy is that management system requirements are generic. No matter what the organization is or does, if it wants to establish a quality management system or an environmental management system, then such a system has a number of essential features which are spelled out in the relevant ISO 9000 or ISO 14000 standards.

Quality Assurance in ISO 9001 Standards

Quality Assurance in ISO 9001 Standards

The adoption of a quality management system should be a strategic decision of an organization. The design and implementation of an organization’s quality management system is influenced by— its business environment, changes in that environment, or risks associated with that environment,— its varying needs,— its particular objectives,— the products it provides,— the processes it employs,— its size and organizational structure.It is not the intent of this International Standard to imply uniformity in the structure of quality management systems or uniformity of documentation.The quality management system requirements specified in this International Standard are complementary to requirements for products. Information marked “NOTE” is for guidance in understanding or clarifying theassociated requirement.This International Standard can be used by internal and external parties, including certification bodies, to assess the organization’s ability to meet customer, statutory and regulatory requirements applicable to theproduct, and the organization’s own requirements.The quality management principles stated in ISO 9000 and ISO 9004 have been taken into consideration during the development of this International Standard.

ISO 9001 – Compatibility with other management systems

ISO 9001 – Compatibility with other management systems
ISO 9001 and ISO 9004 are quality management system standards which have been designed to complement each other, but can also be used independently.ISO 9001 specifies requirements for a quality management system that can be used for internal application by organizations, for certification, or for contractual purposes. It focuses on the effectiveness of the qualitymanagement system in meeting customer requirements.ISO 9004 gives guidance on a wider range of objectives of a quality management system than does ISO 9001, particularly for the continual improvement of an organizations overall performance and efficiency, as well as its effectiveness. ISO 9004 is recommended as a guide for organizations whose top management wishes to move beyond the requirements of ISO 9001, in pursuit of continual improvement of performance. However, it is not intended for certification or for contractual purposes.
During the development of this International Standard, due consideration was given to the provisions of ISO 14001:2004 to enhance the compatibility of the two standards for the benefit of the user community.This International Standard does not include requirements specific to other management systems, such as those particular to environmental management, occupational health and safety management, financialmanagement or risk management. However, this International Standard enables an organization to align or integrate its own quality management system with related management system requirements. It is possible foran organization to adapt its existing management system(s) in order to establish a quality management system that complies with the requirements of this International Standard.

Wednesday, September 9, 2009

ISO 9001:2008 Requirements – Resource Management

ISO 9001:2008 Requirements – Resource Management
6.1 Provision of ResourcesDetermine and provide the resources necessary to:? Implement and maintain the quality management system? Continually improve the effectiveness of the system? Enhance customer satisfaction by meeting customer requirements6.2 Human Resources6.2.1 GeneralEnsure people performing work affecting conformity to product requirements are competent based on the appropriate education, training, skills, and experience.NOTE: Conformity to product requirements can be affected directly, or indirectly, by personnel performing any task within the quality management system.6.2.2 Competence, Training, and AwarenessThe organization must:? Determine the competency needs for personnel? Provide training (or take other actions) to achieve the necessary competence? Evaluate the effectiveness of the actions taken? Inform employees of the relevance and importance of their activities? Ensure they know their contribution to achieving quality objectives? Maintain education, training, skill, and experience records
6.3 Infrastructure Determine, provide, and maintain the necessary infrastructure to achieve product conformity. Infrastructure includes, as applicable:? Buildings, workspace, and associated utilities? Process equipment (both hardware and software)? Supporting services (such as transport, communication, or information systems)6.4 Work EnvironmentDetermine and manage the work environment needed to achieve product conformity.NOTE: The term “work environment” relates to those conditions under which work is performed, including physical, environmental, and other factors such as noise, temperature, humidity, lighting, or weather.

ISO 9001:2008 FAQ

ISO 9001:2008 FAQ
What Is The ISO 9001: 2008 Standard?
The latest edition of the ISO 9001 standard ISO 9001: 2008, Quality Management Systems – Requirements, was officially published by (ISO) the International Organization for Standardization on November 14, 2008. It is the fourth edition of the ISO 9001 standard since it was first published in 1987.
Who Is Responsible For Revising The standards?
The ISO Technical Committee no.176, Sub-committee no.2 (ISO/TC 176/SC 2) is responsible for the revision process in collaboration with consensus among quality and industry experts nominated by ISO Member bodies, and representing all interested parties.
Does ISO 9001:2008 Have Additional Requirements Beyond ISO 9001:2000 ?
This latest (4th) edition of ISO 9001 contains no new requirements compared to the (3rd) year 2000 edition, which it replaces. What it does is provide clarification to the existing requirements of ISO 9001:2000 based on eight years’ experience of worldwide implementing of the standard and introduces changes intended to improve consistency with the environmental management system standard, ISO 14001:2004.
The clarifications and changes in ISO 9001:2008 represents fine-tuning, rather than a thorough overhaul. It focuses on changes that organizations might make to better comply with the spirit of the standard without adding, deleting, or altering its requirements. The changes are minor in nature and address such issues as the need to clarify, provide greater consistency, resolve perceived ambiguities, and improve compatibility with ISO 14001. The numbering system and the structure of the standard remain unchanged. As a result, the new standard looks much like the old standard.
ISO has grouped the changes incorporated in this ISO 9001:2008 edition into the following categories:- No changes or minimum changes on user documents, including records- No changes or minimum changes to existing QMS processes- No additional training required or minimal training required- No effects on current certifications
In contrast, the 3rd edition, ISO 9001:2000 published in 2000, represented a major overhaul of the standard, including new requirements and a sharpened customer focus, reflecting developments in quality management and experience gained since the publication of the initial version.
Then Why Was It Necessary To Introduce This Revision?All ISO standards – currently more than 17 400 – are periodically reviewed. To ensure that ISO standards are maintained at the state of the art, ISO has a rule requiring them to be periodically reviewed and a decision taken to confirm, withdraw or revise the documents. The review process must be initiated within 3 years of publication of a standard. The review considers several factors such as technological evolution, new methods and materials, new quality and safety requirements, or questions of interpretation and application.
The review of ISO 9001 resulting in the 2008 edition was carried out by subcommittee SC 2 of ISO/TC 176. This subcommittee, which is responsible for the ISO 9000 family, unites expertise from 80 participating countries and 19 international or regional organizations, plus other technical committees.
This review has a number of inputs that help it:
A global user questionnaire/survey
A market Justification Study
Suggestions arising from the ISO/TC 176 interpretation process
Opportunities for increased compatibility with ISO 14001
The need for greater clarity, ease of use, and improved translation
Current trends – keeping up with recent developments in management system practices.
How Does The New ISO 9001 Edition Affect Existing ISO 9001 QMS’s?
As organizations start looking at ISO 9001:2008, they will wonder to what extent the changes might affect them. To a large extent, the new standard will not result in significant change to existing quality management systems (QMS).
ISO/TC 176 was careful in not making change for change sake. In the case of editorial changes, this was especially true. This could have lead to a false impression that there was a change in requirements, carrying greater significance than was intended. In those instances, when the committee members couldn’t come to a consensus in determining if a change added or deleted a requirement, they opted to retain the existing text. They decided it was better to err on the side of caution rather than to contribute to any misunderstanding in the marketplace.
The changes that have been incorporated into this edition of the ISO 9001 standard include changes that should lead to a better understanding across a broader range of product types, including service organizations; use of deliberate wording to minimize the potential for incorrect user interpretation; and reflect nuances of similar concepts. Lastly, some of the changes to specific clauses were made based on the 2004 International User Feedback Survey. This survey was conducted after the publication of ISO 9001:2000 and had invited respondents to identify areas they most wanted to see improved.

Thursday, September 3, 2009

Structure Of ISO 9001

ISO 9001 was first published in 1987. Later, it went through three revisions in 1994, 2000 and 2008. The latest version version of the ISO 9001 standard was published on 14th November 2008. This is the structure of the standard:
Clause 1 Scope
Clause 2 Normative reference
Clause 3 Terms and definitions
Clause 4 Quality management system
Clause 5 Management responsibility
Clause 6 Resource management
Clause 7 Product realization
Clause 8 Measurement, analysis and improvement

http://www.e-wia.com

ISO 9001:2008 General Requirements

ISO 9001:2008 General Requirements

4.1 General requirements
The organization shall establish, document, implement and maintain a quality management system and continually improve its effectiveness in accordance with the requirements of this International Standards. The organization
shall determine the processes needed for the quality management system and their application throughout the organizations,
determine the sequence and interaction of these processes,
determine criteria and methods needed to ensure that both the operation and control of these processes are effective,
ensure the availability of resources and information necessary to support the operation and monitoring of these processes,
monitor, measure (where applicable) and analyze these processes, and
implement actions necessary to achieve planned results and continual improvement of these processes.
These processes shall be managed by the organization in accordance with the requirements of this International Standard.
Where an organization chooses to outsource any process that affects product conformity to requirements, the organization shall ensure control over such processes. The type and extent of control to be applied to these outsourced processes shall be defined within the quality management system.
NOTE 1: Processes needed for the quality management system referred to above include processes for management activities, provision of resources, product realization and measurement, analysis and improvement.
NOTE 2: An outsourced process is identified as one being needed for the organization’s quality management system, but chosen to be performed by a party external to the organization.
NOTE 3: Ensuring control over outsourced processes does not absolve the organization of the responsibility of conformity to all customer, statutory, and regulatory requirements. The type and extent of control to be applied to the outsourced process can be influenced by factors such asa) the potential impact of the outsourced process on the organization’s capability to provide product that conforms to requirements,b) the degree to which the control for the process is shared;c) the capability of achieving the necessary control through the application of clause 7.4.
Clause 4.2 Documentation requirements
4.2.1 General
The quality management system documentation shall includedocumented statements of a quality policy and quality objectives,
a quality manual,
documented procedures and records required by this International Standard,
documents including records, needed determined by the organization to be necessary to ensure the effective planning, operation and control of its processes
NOTE 1: Where the term “documented procedure” appears within this International Standard, this means that the procedure is established, documented, implemented and maintained. A single document may include the requirements for one or more procedures. A requirement for a documented procedure may be covered by more than one document.
NOTE 2: The extent of the quality management system documentation can differ from one organization to another due to the size of organization and type of activities, the complexity of processes and their interactions, and the competence of personnel.
NOTE 3: The documentation can be in any form or type of medium.
4.2.2 Quality Manual
The organization shall establish and maintain a quality manual that includes the scope of the quality management system, including details of and justification for any exclusions (see 1.2), the documented procedures established for the quality management system, or reference to them, and a description of the interaction between the processes of the quality management.
4.2.3 Control of documents
Documents required by the quality management system shall be controlled. Records are a special type of document and shall be controlled according to the requirements given in 4.2.4.
A documented procedure shall be established to define the controls needed
to approve documents for adequacy prior to issue,
to review and update as necessary and re-approve documents,
to ensure that the changes and the current revision status of documents are identified,
to ensure that relevant versions of applicable documents are available at points of use,
to ensure that documents of external origin are identified and their distribution controlled, and
to prevent the unintended use of obsolete documents, and to apply suitable identification to them if they are retained for any purpose.
4.2.4 Control of records
Records established to provide evidence of conformity to requirements and of the effective operation of the quality management system shall be controlled. The organization shall establish a documented procedure to define the controls needed for the identification, storage, protection, retrieval, retention, and disposition of records. Records shall remain legible, readily identifiable, and retrievable.

Monday, August 31, 2009

Migration to ISO 9001:2008

Migration To ISO 9001:2008The International Accreditation Forum (IAF) and the International Organization forStandardization (ISO) have agreed on an implementation plan to ensure a smooth transition ofaccredited certification to ISO 9001:2008, the latest version of the world’s most widely usedstandard for quality management systems (QMS). The details of the plan are given in the jointcommuniqué by the two organizations which appears below.Like all of ISO’s more than 17 000 standards, ISO 9001 is periodically reviewed to ensure that itis maintained at the state of the art and a decision taken to confirm, withdraw or revise thedocument.ISO 9001:2008, which is due to be published before the end of the year, will replace the year2000 version of the standard which is implemented by both business and public sectororganizations in 170 countries. Although certification is not a requirement of the standard, theQMS of about one million organizations have been audited and certified by independentcertification bodies (also known in some countries as registration bodies) to ISO 9001:2000.ISO 9001 certification is frequently used in both private and public sectors to increaseconfidence in the products and services provided by certified organizations, between partnersin business-to-business relations, in the selection of suppliers in supply chains and in the rightto tender for procurement contracts.ISO is the developer and publisher of ISO 9001, but does not itself carry out auditing andcertification. These services are performed independently of ISO by certification bodies. ISOdoes not control such bodies, but does develop voluntary International Standards toencourage good practice in their activities on a worldwide basis. For example, ISO/IEC17021:2006 specifies the requirements for bodies providing auditing and certification ofmanagement systems.Certification bodies that wish to provide further confidence in their services may apply to be“accredited” as competent by an IAF recognized national accreditation body. ISO/IEC17011:2004 specifies the requirements for carrying out such accreditation. IAF is aninternational association whose membership includes the national accreditation bodies of 49economies.ISO technical committee ISO/TC 176, Quality management and quality assurance, which isresponsible for the ISO 9000 family of standards, is preparing a number of support documentsexplaining what the differences are between ISO 9001:2008 and the year 2000 version, whyand what they mean for users. Once approved, these documents will be posted on the ISOWeb site – probably in October 2008.
ISO (International Organization for Standardization) and the IAF (International AccreditationForum) have agreed an implementation plan to ensure a smooth migration of accreditedcertification to ISO 9001:2008, after consultation with international groupings representingquality system or auditor certification bodies, and industry users of ISO 9001 certificationservices.ISO 9001:2008 does not contain any new requirementsThey have recognized that ISO 9001:2008 introduces no new requirements. ISO 9001:2008only introduces clarifications to the existing requirements of ISO 9001:2000 based on eightyears of experience of implementing the standard world wide with about one millioncertificates issued in 170 countries to date. It also introduces changes intended to improveconsistency with ISO14001:2004The agreed implementation plan in relation to accredited certification is therefore thefollowing:Accredited certification to the ISO 9001:2008 shall not be granted until the publication of ISO9001:2008 as an International Standard.Certification of conformity to ISO 9001:2008 and/or national equivalents shall only be issuedafter official publication of ISO 9001:2008 (which should take place before the end of 2008)and after a routine surveillance or recertification audit against ISO 9001:2008.Validity of certifications to ISO 9001:2000One year after publication of ISO 9001:2008 all accredited certifications issued (newcertifications or recertifications) shall be to ISO 9001:2008.Twenty four months after publication by ISO of ISO 9001:2008, any existing certification issuedto ISO 9001:2000 shall not be valid.

Continual improvement in the quality management In ISO 9001

Continual improvement in the quality management system and its processes In ISO 9001
The standard requires the organization to continually improve the effectiveness of the quality management system in accordance with the requirements of ISO 9001 and to implement action necessary to achieve planned results andcontinual improvement of the identified processes.
ISO 9000 defines continual improvement as a recurring activity to increase the ability to fulfil requirements. As the organization’s objectives are its requirements, continually improving the effectiveness of the management system means continually increasing the ability of the organization to fulfil its objectives.
This requirement responds to the Continual Improvement principle. If the management system is enabling the organization to accomplish its objectives when that is its purpose, why improve? The need for improvement arises out of a need to become more effective at what you do, more efficient in the utilization of resources so that the organization becomes best in its class. The purpose of measuring process performance is to establish whether or not the objectives are being achieved and if not to take action on the difference. If the performance targets are being achieved, opportunities may well exist to raise standards and increase efficiency and effectiveness.
If the performance of a process parameter is currently meeting the standard that has been established, there are several improvement actions you can take:Raise the standard e.g. if the norm for the sales ratio of orders won to all orders bid is 60%, an improvement programme could be developed for raising the standard to 75% or higherIncrease efficiency e.g. if the time to process an order is within limits, identify and eliminate wasted resources Increase effectiveness e.g. if you bid against all customer requests, by only bidding for those you know you can win you improve your hit rate
You can call all these actions improvement actions because they clearly improve performance. However, we need to distinguish between being better at what we do now and doing new things. Some may argue that improving efficiency is being better at what we do now, and so it is – but if in order to improve efficiency we have to be innovative we are truly reaching new standards. Forty years ago, supervisors in industry would cut an eraser in half in the name of efficiency rather than hand out two erasers. Clearly this was a lack of trust disguised as efficiency improvement and it had quite the opposite effect. In fact they were not only increasing waste but also creating a hostile environment.
Each of the improvement actions is dealt with later in the book and the subject of continual improvement addressed again under Quality planning in Chapter 5. There are several steps to undertaking continual improvement (Juran, J. M., 1995)12 .1 Determine current performance2 Establish the need for change3 Obtain commitment and define the improvement objectives4 Organize diagnostic resources5 Carry out research and analysis to discover the cause of currentperformance6 Define and test solutions that will accomplish the improvementobjectives7 Product improvement plans which specify how and by whom the changeswill be implemented8 Identify and overcome any resistance to change9 Implement the change10 Put in place controls to hold new levels of performance and repeat step one.

Preparing the ISO 9001 quality manual

The standard requires a quality manual to be establishedand maintained that includes the scope of the qualitymanagement system, the documented procedures or refer-ence to them and a description of the sequence andinteraction of processes included in the quality manage-ment system.
ISO 9000 defines a quality manual as a documentspecifying the quality management system of an organi-zation. It is therefore not intended that themanual be a response to the requirements ofISO 9001. As the top-level document describingthe management system it is a system descriptiondescribing how the organization is managed.Countless quality manuals produced to satisfy ISO 9000 :2008, were nomore than 20 sections that paraphrased the requirements of the standard.Such documentation adds no value. They are of no use to managers, staff orauditors. Often thought to be useful to customers, organizations would gainno more confidence from customers than would be obtained from theirregistration certificate.
This requirement responds to the System Approach Principle.A description of the management system is necessary as a means of showinghow all the processes are interconnected and how they collectively deliver thebusiness outputs. It has several uses as :a means to communicate the vision, values, mission, policies and objectivesof the organizationa means of showing how the system has been designeda means of showing linkages between processesa means of showing who does whatan aid to training new peoplea tool in the analysis of potential improvementsa means of demonstrating compliance with external standards and regulations
When formulating the policies, objectives and identifying the processes toachieve them, the manual provides a convenient vehicle for containing suchinformation. If left as separate pieces of information, it may be more difficult tosee the linkages.The requirement provides the framework for the manual. Its content maytherefore include the following:1 Introduction(a) Purpose (of the manual)(b) Scope (of the manual)(c) Applicability (of the manual)(d) Definitions (of terms used in the manual)2 Business overview(a) Nature of the business/organization – its scope of activity, its productsand services(b) The organization’s interested parties (customers, employees, regulators,shareholders, suppliers, owners etc.)(c) The context diagram showing the organization relative to its externalenvironment(d) Vision, values(e) Mission3 Organization(a) Function descriptions(b) Organization chart(c) Locations with scope of activity4 Business processes(a) The system model showing the key business processes and how they areinterconnected(b) System performance indicators and method of measurement(c) Business planning process description(d) Resource management process description(e) Marketing process description(f) Product/service generation processes description(g) Sales process description(h) Order fulfilment process description5 Function matrix (Relationship of functions to processes)6 Location matrix (Relationship of locations to processes)7 Requirement deployment matrices(a) ISO 9001 compliance matrix(b) ISO 14001 compliance matrix(c) Regulation compliance matrices (FDA, Environment, Health, Safety,CAA etc.)8 Approvals (List of current product, process and system approvals)

Scope of the ISO 9001 quality management system

The standard requires the quality manual to include the scope of the quality management system including details of justification for any exclusion.
The standard addresses activities that may not be relevant or applicable to an organization. The permissible exclusions are explained in section 1.2 of ISO 9001. Here it states that the organization may only exclude requirements that neither affect the organization’s ability, nor its responsibility to provide product that meets customer and applicable regulatory requirements. The requirements for which exclusion is permitted are limited to those in section 7 of the standard.
Under ISO 9000 :2008, it was possible for organizations to exclude functions and processes of their organization that may have been difficult to control or were not part of the order fulfilment cycle. Organizations that designed their own products but not for specific customers could escape bringing these operations into the management system. Marketing was omitted because itoperated before placement of order. Accounting, Administration, Maintenance, Publicity, Public Relations and After Sales Support functions were often omitted because there were no requirements in the standard that specifically dealt with such activities. As there is no function in an organization that does not directly or indirectly serve the satisfaction of interested parties, it is unlikely that any function or process will now be excluded from the management system.
This requirement responds to the System Approach Principle.It is sensible to describe the scope of the management system so as to ensure effective communication. The scope of the management system is one area that generates a lot of misunderstanding particularly when dealing with auditors, consultants and customers. When you claim you have a management system that meets ISO 9001 it could imply that you design, develop, install and service the products you supply, when in fact you may only be a distributor.
Why you need to justify specific exclusions is uncertain because it is more practical tojustify inclusions.
The scope of the management system is the scope of the organization. There is no longer any reason to exclude locations, activities, functions or processes for which there is no requirement in the standard. The reason is because the ISO 9000 family now serves customer satisfaction and is not limited to quality assurance as were the 1994 versions of ISO 9001, ISO 9002 and ISO 9003.
It is not appropriate to address exclusions by inserting pages in the manual corresponding to the sections of the standard and adding justification if not within the scope of the management system – such as ‘We don’t do this!’. It is much more appropriate to use an appendix as indicated previously in the manual contents list. By describing the nature of the business, you are establishing boundary conditions. If in doing so you do not mention that you design products, it will be interpreted that design is not applicable. For exclusions relative to detail requirements, the Compliance Matrix may suffice but for an unambiguous solution, it is preferable to produce an exposition that addresses each requirement of the standard.

Saturday, August 29, 2009

ISO 9001 Video

Watch ISO 9001 Video at http://www.youtube.com/watch?v=G8WI2MgyS7w

ISO 9000 vs Quality

ISO 9000 was conceived to bring about an improvement in product quality. It
was believed that if organizations were able to demonstrate they were
operating a quality system that met international standards, customers would
gain greater confidence in the quality of products they purchased. It was also
believed that by operating in accordance with documented procedures, errors
would be reduced and consistency of output ensured. If you find the best way
of achieving a result, put in place measures to prevent variation, document it
and train others to apply it, it follows that the results produced should be
consistently good.

The requirements of the standard were perceived to be a list of things to do
to achieve quality. The ISO co-ordinator would often draw up a plan based on
the following logic:
1. We have to identify resource requirements so I will write a procedure on
identifying resource requirements
2. We have to produce quality plans so I will write a procedure on producing
quality plans
3. We have to record contract review so I will write a procedure on recording
contract reviews
4. We have to identify design changes so I will write a procedure on identifying
design changes

The requirements in the standard were often not expressed as results to be
achieved. Requirements for a documented procedure to be established resulted
in just that. Invariably the objectives of the procedure were to define something
rather than to achieve something. This led to documentation without any clear
purpose that related to the achievement of quality. Those producing the
documentation were focusing on meeting the standard not on achieving quality.
Those producing the product were focusing on meeting the customer
requirement but the two were often out of sync. As quality assurance became
synonymous with procedures, so people perceived that they could achieve
quality by following procedures. The dominance of procedures to the exclusion
of performance is a misunderstanding of the implementers. The standard
required a documented system that ensured product met specified requirements – a
clear purpose. Once again the implementers lost sight of the objective. Or was it
that they knew the objective but in order to meet it, the culture would have to
change and if they could get the badge without doing so, why should they?

Issuing a procedure was considered to equate to task completed. Unfortu-
nately, for those on the receiving end, the procedures were filed and forgotten.
When the auditor came around, the individual was found to be totally
unaware of the ‘procedure’ and consequently found noncompliant with it.
However, the auditor would discover that the individual was doing the right
things so the corrective action was inevitably to change the procedure. The
process of issuing procedures was not questioned, the individual concerned
was blamed for not knowing the procedure and the whole episode failed to
make any positive contribution to the achievement of quality. But it left the
impression on the individual that quality was all about following procedures.
It also left the impression that quality was about consistency and providing
you did what you said you would do regardless of it being in the interests of
satisfying customers, it was OK. One is left wondering whether anyone
consulted the dictionary in which quality is defined as a degree of excellence?

Another problem was that those who were to implement requirements were
often excluded from the process. Instead of enquiring as to the best way of
meeting a requirement, those in charge of ISO 9000 implementation assumed
that issuing procedures would in fact cause compliance with requirements. It
requires a study of the way work gets done to appreciate how best to meet a
requirement. Procedures were required to be documented and the range and
detail was intended to be appropriate to the complexity of the work, the
methods used and the skills and training needed. The standard also only
required work instructions where their absence would adversely affect quality.
It is as though the people concerned did not read the requirement properly or
had no curiosity to find out for themselves what ISO had to say about
procedures – they were all too ready to be told what to do without questioning
why they should be doing it.

More often than not, the topics covered by the standard were only a sample
of all the things that need to be done to achieve the organization’s objectives.
The way the standard classified the topics was also often not appropriate to the
way work was performed. As a consequence, procedures failed to be
implemented because they mirrored the standard and not the work. ISO 9000
may have required documented procedures but it did not insist that they be
produced in separate documents, with titles or an identification convention
that was traceable to the requirements.

Critics argue (Seddon, John, 2000)3 that ISO 9000 did not enable organiza-
tions to reduce variation as a result of following the procedures. It is true that
ISO 9000 did not explain the theory of variation – it could have done, but
perhaps it was felt that this was better handled by the wealth of literature
available at the time. However, ISO 9000 did require organizations to identify
where the use of statistical techniques was necessary for establishing,
controlling and verifying process capability but this was often misunderstood.
Clause 4.14 of ISO 9001 required corrective action procedures – procedures to
identify variation and eliminate the cause so this should have resulted in a
reduction in variation. The procedures did not always focus on results – they
tended to focus on transactions – sending information or product from A to B.
The concept of corrective action was often misunderstood. It was believed to be
about fixing the problem and preventive action was believed to be about
preventing recurrence. Had users read ISO 8402 they should have been
enlightened. Had they read Deming they would have been enlightened but in
many cases the language of ISO 9000 was a deterrent to learning. Had the
auditors understood variation, they too could have assisted in clarifying these
issues but they too seemed ignorant – willing to regard clause 4.20 as not
applicable in many cases.

Clause 4.6 of the undervalued and forgotten standard ISO 9000 –1 starts with
‘The International Standards in the ISO 9000 family are founded upon the
understanding that all work is accomplished by a process.’ In clause 4.7 it starts
with ‘Every organization exists to accomplish value-adding work. The work is
accomplished through a network of processes’ In clause 4.8 it starts with ‘It is
conventional to speak of quality systems as consisting of a number of elements.
The quality system is carried out by means of processes which exist both within
and across functions’ Alas, few people read ISO 9000–1 and as a result the
baggage that had amassed was difficult to shed especially because there were
few if any certification bodies suggesting that the guidance contained in ISO
9000 –1 should be applied. Unfortunately, this message from ISO 9000 –1 was not
conveyed through the requirements of ISO 9001. ISO 9001 was not intended as
a design tool. It was produced for contractual and assessment purposes but was
used as a design tool instead of ISO 9000 –1 and ISO 9004 –1.

ISO 9001:2008 Documentation Requirements

ISO 9001:2008 Documentation Requirements
ISO 9001:2008 clause 4.1 General requirements requires an organization to “establish, document, implement, and maintain a quality management system and continually improve its effectiveness in accordance with the requirements of this International Standard”
ISO 9001:2008 Clause 4.2.1 General explains that the quality management system documentation shall include:
documented statements of a quality policy and quality objectives;
a quality manual
documented procedures required by this International Standard
documents needed by the organization to ensure the effective planning, operation and control of its processes, and
records required by this International Standard;
The notes after Clause 4.2 make it clear that where the standard specifically requires a “documented procedure”, the procedure has to be established, documented, implemented and maintained. It also emphasizes that the extent of the QMS documentation may differ from one organization to another due to:
the size of organization and type of activities;
the complexity of processes and their interactions, and
the competence of personnel.
All the documents that form part of the QMS have to be controlled in accordance with clause 4.2.3 of ISO 9001:2008, or, for the particular case of records, according to clause 4.2.4.
Guidance on Clause 4.2 of ISO 9001:2008
The following comments are intended to assist users of ISO 9001:2008 in understanding the intent of the general documentation requirements of the International Standard.
a) Documented statements of a quality policy and objectives:
Requirements for the quality policy are defined in clause 5.3 of ISO 9001:2008. The documented quality policy has to be controlled according to the requirements of clause 4.2.3.Note: Organizations that are revising their quality policy for the first time, or in order to meet the amended requirements in ISO 9001:2008, should pay particular attention to clause 4.2.3 (c), (d) and (g).
Requirements for quality objectives are defined in clause 5.4.1 of ISO 9001:2008. These documented quality objectives are also subject to the document control requirements of clause 4.2.3.
b) Quality Manual:
Clause 4.2.2 of ISO 9001:2008 specifies the minimum content for a quality manual. The format and structure of the manual is a decision for each organization, and will depend on the organization’s size, culture and complexity. Some organizations may choose to use the quality manual for other purposes besides that of simply documenting the QMS
A small organization may find it appropriate to include the description of its entire QMS within a single manual, including all the documented procedures required by the standard.
Large, multi-national organizations may need several manuals at the global, national or regional level, and a more complex hierarchy of documentation.
The quality manual is a document that has to be controlled in accordance with the requirements of clause 4.2.3.
c) Documented procedures:
ISO 9001:2008 specifically requires the organization to have “documented procedures” for the following six activities:4.2.3 Control of documents4.2.4 Control of records8.2.2 Internal audit8.3 Control of nonconforming product8.5.2 Corrective action8.5.3 Preventive action
These documented procedures have to be controlled in accordance with the requirements of clause 4.2.3
Some organizations may find it convenient to combine the procedure for several activities into a single documented procedure (for example, corrective action and preventive action). Others may choose to document a given activity by using more than one documented procedure (for example, internal audits). Both are acceptable.
Some organizations (particularly larger organizations, or those with more complex processes) may require additional documented procedures (particularly those relating to product realization processes) to implement an effective QMS.
Other organizations may require additional procedures, but the size and/or culture of the organization could enable these to be effectively implemented without necessarily being documented. However, in order to demonstrate compliance with ISO 9001:2008, the organization has to be able to provide objective evidence (not necessarily documented) that its QMS has been effectively implemented.
d) Documents needed by the organization to ensure the effective planning, operation and control of its processes:
In order for an organization to demonstrate the effective implementation of its QMS, it may be necessary to develop documents other than documented procedures. However, the only documents specifically mentioned in ISO 9001:2008 are:- Quality policy (clause 4.2.1.a)- Quality objectives (clause 4.2.1.a)- Quality manual (clause 4.2.1.b)
There are several requirements of ISO 9001:2008 where an organization could add value to its QMS and demonstrate conformity by the preparation of other documents, even though the standard does not specifically require them. Examples may include:- Process maps, process flow charts and/or process descriptions- Organization charts- Specifications- Work and/or test instructions- Documents containing internal communications- Production schedules- Approved supplier lists- Test and inspection plans- Quality plans
All such documents have to be controlled in accordance with the requirements of clause 4.2.3 and/or 4.2.4, as applicable
e) Records:
Examples of records specifically required by ISO 9001:2008 are presented in Annex B.
Organizations are free to develop other records that may be needed to demonstrate conformity of their processes, products and quality management system.
Requirements for the control of records are different from those for other documents, and all records have to be controlled according to those of clause 4.2.4 of ISO 9001:2008.

Thursday, August 27, 2009

ISO 9000 — a way of managing for conformance

Quality assurance, according to the Standard, is a way of managing that prevents non-conformance and thus “assures quality”. This is what makes ISO 9000 different from other standards: it is a management standard, not a product standard. It goes beyond product standardisation: it is standardising not what is made but how it is made. To use standards to dictate and control how organisations work was to extend the role of standards to new territory. To take such a step we might have firstly established that any such requirements worked — that they resulted in ways of working which improved performance.
Yet the plausibility of this Standard, and the fact that those who had an interest in maintaining it were (and still are) leading opinion, prevented such enquiries. In simple terms the Standard asks managers to say what they do, do what they say and prove it to a third party.
ISO 9000 (1994) paragraph 1: “The requirements specified are aimed primarily at achieving customer satisfaction by preventing non-conformity at all stages from design through servicing.”
To put it another way, the Standard asserts that preventing non-conformance achieves customer satisfaction. But does it? Of course it matters to customers that a product works. But there is no guarantee that the Standard will ensure even that. Furthermore, customers take a total view of an organisation — how easy it is to do business with — in respect of all things of importance to each and every customer.
ISO 9000 requires managers to “establish and maintain a documented quality system as a means of ensuring that product conforms to specified requirements”. Loosely translated this is “say what you do”. Management is supposed to “define and document its policy for quality . . . including its commitment to quality”.
What management would not declare its commitment to quality? But would they know what it means? Would they argue (as they should) that quality management is a different and better way to do business, or would they believe that ISO 9000 will take care of quality? The Standard encourages managers to think of “quality” and “business as usual” as separate and distinct. It helps managers avoid the revelation that quality means a wholly different view of management. Instead, the organisation “shall appoint a management representative who, irrespective of other responsibilities, shall have defined authority and responsibility” [for ISO 9000]. At a practical level this means only one executive might decide he or she had better learn a thing or two about quality. However, would being responsible for ISO 9000 lead to learning about quality or simply enforcing the ISO 9000 regime in an organisation?
Key to the regime is auditing. The Standard requires organisations to conduct internal quality audits to “verify whether quality activities comply with planned arrangements”. This can be loosely translated as “do you do as you say?” and the purpose of the audit is to see that you do. It was not until the 1994 review that the words were changed to “quality activities and related results”. It was a Standard which was rooted in the philosophy of inspection: fifteen years after its initial promulgation the promoters sought to extend the focus to results. But results or improvements assessed by what means? Inspection. By the time the Standard was adopted world-wide, quality thinking had moved a long way from the philosophy of inspection. It is now understood, at least by a few, that quality is achieved through managing the organisation as a system and using measures which enable managers to improve flow and reduce variation (which we explore in chapters 5 and 7). The defenders argue that there is nothing stopping a company having ISO 9000 and implementing methods for managing flow and reducing variation, but where are such companies? Few of the companies we researched, formally and informally, knew anything about this thinking. The Standard does not talk about it; moreover, the Standard effectively discourages managers from learning about it by representing quality in a different way.
According to ISO 8402 (quality vocabulary), quality is:
“The totality of features and characteristics of a product or service that bear on its ability to satisfy stated or implied needs.”
Everything we have learned about ISO 9000 suggests that the people who created this definition were thinking about the things which need to be controlled, those things which “bear on its ability . . .”. The builders of the Standard assumed that customer needs would be listed in contractual agreements between the supplier and customer. ISO 9000 has a “make” logic — procedures for “how you do what you do” — and a “control” logic — check to see that it is done. It is a relic of the era when contractual agreements were perceived to be an important device for regulating the behaviour of suppliers. In these ways, ISO 9000 encouraged “planning for quality”.
Planning for quality sounds plausible, but it assumes many things: that the plan is the right plan, that it is feasible, that people will “do it”, that performance will improve. It is an approach which, paradoxically, leads to poor decisions. Planners of quality systems, guided by ISO 9000, start with a view of how the world should be as framed by the Standard. Understanding how an organisation is working, rather than how someone thinks it should, is a far better place from which to start change of any kind.

Pages