Migration To ISO 9001:2008The International Accreditation Forum (IAF) and the International Organization forStandardization (ISO) have agreed on an implementation plan to ensure a smooth transition ofaccredited certification to ISO 9001:2008, the latest version of the world’s most widely usedstandard for quality management systems (QMS). The details of the plan are given in the jointcommuniqué by the two organizations which appears below.Like all of ISO’s more than 17 000 standards, ISO 9001 is periodically reviewed to ensure that itis maintained at the state of the art and a decision taken to confirm, withdraw or revise thedocument.ISO 9001:2008, which is due to be published before the end of the year, will replace the year2000 version of the standard which is implemented by both business and public sectororganizations in 170 countries. Although certification is not a requirement of the standard, theQMS of about one million organizations have been audited and certified by independentcertification bodies (also known in some countries as registration bodies) to ISO 9001:2000.ISO 9001 certification is frequently used in both private and public sectors to increaseconfidence in the products and services provided by certified organizations, between partnersin business-to-business relations, in the selection of suppliers in supply chains and in the rightto tender for procurement contracts.ISO is the developer and publisher of ISO 9001, but does not itself carry out auditing andcertification. These services are performed independently of ISO by certification bodies. ISOdoes not control such bodies, but does develop voluntary International Standards toencourage good practice in their activities on a worldwide basis. For example, ISO/IEC17021:2006 specifies the requirements for bodies providing auditing and certification ofmanagement systems.Certification bodies that wish to provide further confidence in their services may apply to be“accredited” as competent by an IAF recognized national accreditation body. ISO/IEC17011:2004 specifies the requirements for carrying out such accreditation. IAF is aninternational association whose membership includes the national accreditation bodies of 49economies.ISO technical committee ISO/TC 176, Quality management and quality assurance, which isresponsible for the ISO 9000 family of standards, is preparing a number of support documentsexplaining what the differences are between ISO 9001:2008 and the year 2000 version, whyand what they mean for users. Once approved, these documents will be posted on the ISOWeb site – probably in October 2008.
ISO (International Organization for Standardization) and the IAF (International AccreditationForum) have agreed an implementation plan to ensure a smooth migration of accreditedcertification to ISO 9001:2008, after consultation with international groupings representingquality system or auditor certification bodies, and industry users of ISO 9001 certificationservices.ISO 9001:2008 does not contain any new requirementsThey have recognized that ISO 9001:2008 introduces no new requirements. ISO 9001:2008only introduces clarifications to the existing requirements of ISO 9001:2000 based on eightyears of experience of implementing the standard world wide with about one millioncertificates issued in 170 countries to date. It also introduces changes intended to improveconsistency with ISO14001:2004The agreed implementation plan in relation to accredited certification is therefore thefollowing:Accredited certification to the ISO 9001:2008 shall not be granted until the publication of ISO9001:2008 as an International Standard.Certification of conformity to ISO 9001:2008 and/or national equivalents shall only be issuedafter official publication of ISO 9001:2008 (which should take place before the end of 2008)and after a routine surveillance or recertification audit against ISO 9001:2008.Validity of certifications to ISO 9001:2000One year after publication of ISO 9001:2008 all accredited certifications issued (newcertifications or recertifications) shall be to ISO 9001:2008.Twenty four months after publication by ISO of ISO 9001:2008, any existing certification issuedto ISO 9001:2000 shall not be valid.
Monday, August 31, 2009
Continual improvement in the quality management In ISO 9001
Continual improvement in the quality management system and its processes In ISO 9001
The standard requires the organization to continually improve the effectiveness of the quality management system in accordance with the requirements of ISO 9001 and to implement action necessary to achieve planned results andcontinual improvement of the identified processes.
ISO 9000 defines continual improvement as a recurring activity to increase the ability to fulfil requirements. As the organization’s objectives are its requirements, continually improving the effectiveness of the management system means continually increasing the ability of the organization to fulfil its objectives.
This requirement responds to the Continual Improvement principle. If the management system is enabling the organization to accomplish its objectives when that is its purpose, why improve? The need for improvement arises out of a need to become more effective at what you do, more efficient in the utilization of resources so that the organization becomes best in its class. The purpose of measuring process performance is to establish whether or not the objectives are being achieved and if not to take action on the difference. If the performance targets are being achieved, opportunities may well exist to raise standards and increase efficiency and effectiveness.
If the performance of a process parameter is currently meeting the standard that has been established, there are several improvement actions you can take:Raise the standard e.g. if the norm for the sales ratio of orders won to all orders bid is 60%, an improvement programme could be developed for raising the standard to 75% or higherIncrease efficiency e.g. if the time to process an order is within limits, identify and eliminate wasted resources Increase effectiveness e.g. if you bid against all customer requests, by only bidding for those you know you can win you improve your hit rate
You can call all these actions improvement actions because they clearly improve performance. However, we need to distinguish between being better at what we do now and doing new things. Some may argue that improving efficiency is being better at what we do now, and so it is – but if in order to improve efficiency we have to be innovative we are truly reaching new standards. Forty years ago, supervisors in industry would cut an eraser in half in the name of efficiency rather than hand out two erasers. Clearly this was a lack of trust disguised as efficiency improvement and it had quite the opposite effect. In fact they were not only increasing waste but also creating a hostile environment.
Each of the improvement actions is dealt with later in the book and the subject of continual improvement addressed again under Quality planning in Chapter 5. There are several steps to undertaking continual improvement (Juran, J. M., 1995)12 .1 Determine current performance2 Establish the need for change3 Obtain commitment and define the improvement objectives4 Organize diagnostic resources5 Carry out research and analysis to discover the cause of currentperformance6 Define and test solutions that will accomplish the improvementobjectives7 Product improvement plans which specify how and by whom the changeswill be implemented8 Identify and overcome any resistance to change9 Implement the change10 Put in place controls to hold new levels of performance and repeat step one.
The standard requires the organization to continually improve the effectiveness of the quality management system in accordance with the requirements of ISO 9001 and to implement action necessary to achieve planned results andcontinual improvement of the identified processes.
ISO 9000 defines continual improvement as a recurring activity to increase the ability to fulfil requirements. As the organization’s objectives are its requirements, continually improving the effectiveness of the management system means continually increasing the ability of the organization to fulfil its objectives.
This requirement responds to the Continual Improvement principle. If the management system is enabling the organization to accomplish its objectives when that is its purpose, why improve? The need for improvement arises out of a need to become more effective at what you do, more efficient in the utilization of resources so that the organization becomes best in its class. The purpose of measuring process performance is to establish whether or not the objectives are being achieved and if not to take action on the difference. If the performance targets are being achieved, opportunities may well exist to raise standards and increase efficiency and effectiveness.
If the performance of a process parameter is currently meeting the standard that has been established, there are several improvement actions you can take:Raise the standard e.g. if the norm for the sales ratio of orders won to all orders bid is 60%, an improvement programme could be developed for raising the standard to 75% or higherIncrease efficiency e.g. if the time to process an order is within limits, identify and eliminate wasted resources Increase effectiveness e.g. if you bid against all customer requests, by only bidding for those you know you can win you improve your hit rate
You can call all these actions improvement actions because they clearly improve performance. However, we need to distinguish between being better at what we do now and doing new things. Some may argue that improving efficiency is being better at what we do now, and so it is – but if in order to improve efficiency we have to be innovative we are truly reaching new standards. Forty years ago, supervisors in industry would cut an eraser in half in the name of efficiency rather than hand out two erasers. Clearly this was a lack of trust disguised as efficiency improvement and it had quite the opposite effect. In fact they were not only increasing waste but also creating a hostile environment.
Each of the improvement actions is dealt with later in the book and the subject of continual improvement addressed again under Quality planning in Chapter 5. There are several steps to undertaking continual improvement (Juran, J. M., 1995)12 .1 Determine current performance2 Establish the need for change3 Obtain commitment and define the improvement objectives4 Organize diagnostic resources5 Carry out research and analysis to discover the cause of currentperformance6 Define and test solutions that will accomplish the improvementobjectives7 Product improvement plans which specify how and by whom the changeswill be implemented8 Identify and overcome any resistance to change9 Implement the change10 Put in place controls to hold new levels of performance and repeat step one.
Preparing the ISO 9001 quality manual
The standard requires a quality manual to be establishedand maintained that includes the scope of the qualitymanagement system, the documented procedures or refer-ence to them and a description of the sequence andinteraction of processes included in the quality manage-ment system.
ISO 9000 defines a quality manual as a documentspecifying the quality management system of an organi-zation. It is therefore not intended that themanual be a response to the requirements ofISO 9001. As the top-level document describingthe management system it is a system descriptiondescribing how the organization is managed.Countless quality manuals produced to satisfy ISO 9000 :2008, were nomore than 20 sections that paraphrased the requirements of the standard.Such documentation adds no value. They are of no use to managers, staff orauditors. Often thought to be useful to customers, organizations would gainno more confidence from customers than would be obtained from theirregistration certificate.
This requirement responds to the System Approach Principle.A description of the management system is necessary as a means of showinghow all the processes are interconnected and how they collectively deliver thebusiness outputs. It has several uses as :a means to communicate the vision, values, mission, policies and objectivesof the organizationa means of showing how the system has been designeda means of showing linkages between processesa means of showing who does whatan aid to training new peoplea tool in the analysis of potential improvementsa means of demonstrating compliance with external standards and regulations
When formulating the policies, objectives and identifying the processes toachieve them, the manual provides a convenient vehicle for containing suchinformation. If left as separate pieces of information, it may be more difficult tosee the linkages.The requirement provides the framework for the manual. Its content maytherefore include the following:1 Introduction(a) Purpose (of the manual)(b) Scope (of the manual)(c) Applicability (of the manual)(d) Definitions (of terms used in the manual)2 Business overview(a) Nature of the business/organization – its scope of activity, its productsand services(b) The organization’s interested parties (customers, employees, regulators,shareholders, suppliers, owners etc.)(c) The context diagram showing the organization relative to its externalenvironment(d) Vision, values(e) Mission3 Organization(a) Function descriptions(b) Organization chart(c) Locations with scope of activity4 Business processes(a) The system model showing the key business processes and how they areinterconnected(b) System performance indicators and method of measurement(c) Business planning process description(d) Resource management process description(e) Marketing process description(f) Product/service generation processes description(g) Sales process description(h) Order fulfilment process description5 Function matrix (Relationship of functions to processes)6 Location matrix (Relationship of locations to processes)7 Requirement deployment matrices(a) ISO 9001 compliance matrix(b) ISO 14001 compliance matrix(c) Regulation compliance matrices (FDA, Environment, Health, Safety,CAA etc.)8 Approvals (List of current product, process and system approvals)
ISO 9000 defines a quality manual as a documentspecifying the quality management system of an organi-zation. It is therefore not intended that themanual be a response to the requirements ofISO 9001. As the top-level document describingthe management system it is a system descriptiondescribing how the organization is managed.Countless quality manuals produced to satisfy ISO 9000 :2008, were nomore than 20 sections that paraphrased the requirements of the standard.Such documentation adds no value. They are of no use to managers, staff orauditors. Often thought to be useful to customers, organizations would gainno more confidence from customers than would be obtained from theirregistration certificate.
This requirement responds to the System Approach Principle.A description of the management system is necessary as a means of showinghow all the processes are interconnected and how they collectively deliver thebusiness outputs. It has several uses as :a means to communicate the vision, values, mission, policies and objectivesof the organizationa means of showing how the system has been designeda means of showing linkages between processesa means of showing who does whatan aid to training new peoplea tool in the analysis of potential improvementsa means of demonstrating compliance with external standards and regulations
When formulating the policies, objectives and identifying the processes toachieve them, the manual provides a convenient vehicle for containing suchinformation. If left as separate pieces of information, it may be more difficult tosee the linkages.The requirement provides the framework for the manual. Its content maytherefore include the following:1 Introduction(a) Purpose (of the manual)(b) Scope (of the manual)(c) Applicability (of the manual)(d) Definitions (of terms used in the manual)2 Business overview(a) Nature of the business/organization – its scope of activity, its productsand services(b) The organization’s interested parties (customers, employees, regulators,shareholders, suppliers, owners etc.)(c) The context diagram showing the organization relative to its externalenvironment(d) Vision, values(e) Mission3 Organization(a) Function descriptions(b) Organization chart(c) Locations with scope of activity4 Business processes(a) The system model showing the key business processes and how they areinterconnected(b) System performance indicators and method of measurement(c) Business planning process description(d) Resource management process description(e) Marketing process description(f) Product/service generation processes description(g) Sales process description(h) Order fulfilment process description5 Function matrix (Relationship of functions to processes)6 Location matrix (Relationship of locations to processes)7 Requirement deployment matrices(a) ISO 9001 compliance matrix(b) ISO 14001 compliance matrix(c) Regulation compliance matrices (FDA, Environment, Health, Safety,CAA etc.)8 Approvals (List of current product, process and system approvals)
Scope of the ISO 9001 quality management system
The standard requires the quality manual to include the scope of the quality management system including details of justification for any exclusion.
The standard addresses activities that may not be relevant or applicable to an organization. The permissible exclusions are explained in section 1.2 of ISO 9001. Here it states that the organization may only exclude requirements that neither affect the organization’s ability, nor its responsibility to provide product that meets customer and applicable regulatory requirements. The requirements for which exclusion is permitted are limited to those in section 7 of the standard.
Under ISO 9000 :2008, it was possible for organizations to exclude functions and processes of their organization that may have been difficult to control or were not part of the order fulfilment cycle. Organizations that designed their own products but not for specific customers could escape bringing these operations into the management system. Marketing was omitted because itoperated before placement of order. Accounting, Administration, Maintenance, Publicity, Public Relations and After Sales Support functions were often omitted because there were no requirements in the standard that specifically dealt with such activities. As there is no function in an organization that does not directly or indirectly serve the satisfaction of interested parties, it is unlikely that any function or process will now be excluded from the management system.
This requirement responds to the System Approach Principle.It is sensible to describe the scope of the management system so as to ensure effective communication. The scope of the management system is one area that generates a lot of misunderstanding particularly when dealing with auditors, consultants and customers. When you claim you have a management system that meets ISO 9001 it could imply that you design, develop, install and service the products you supply, when in fact you may only be a distributor.
Why you need to justify specific exclusions is uncertain because it is more practical tojustify inclusions.
The scope of the management system is the scope of the organization. There is no longer any reason to exclude locations, activities, functions or processes for which there is no requirement in the standard. The reason is because the ISO 9000 family now serves customer satisfaction and is not limited to quality assurance as were the 1994 versions of ISO 9001, ISO 9002 and ISO 9003.
It is not appropriate to address exclusions by inserting pages in the manual corresponding to the sections of the standard and adding justification if not within the scope of the management system – such as ‘We don’t do this!’. It is much more appropriate to use an appendix as indicated previously in the manual contents list. By describing the nature of the business, you are establishing boundary conditions. If in doing so you do not mention that you design products, it will be interpreted that design is not applicable. For exclusions relative to detail requirements, the Compliance Matrix may suffice but for an unambiguous solution, it is preferable to produce an exposition that addresses each requirement of the standard.
The standard addresses activities that may not be relevant or applicable to an organization. The permissible exclusions are explained in section 1.2 of ISO 9001. Here it states that the organization may only exclude requirements that neither affect the organization’s ability, nor its responsibility to provide product that meets customer and applicable regulatory requirements. The requirements for which exclusion is permitted are limited to those in section 7 of the standard.
Under ISO 9000 :2008, it was possible for organizations to exclude functions and processes of their organization that may have been difficult to control or were not part of the order fulfilment cycle. Organizations that designed their own products but not for specific customers could escape bringing these operations into the management system. Marketing was omitted because itoperated before placement of order. Accounting, Administration, Maintenance, Publicity, Public Relations and After Sales Support functions were often omitted because there were no requirements in the standard that specifically dealt with such activities. As there is no function in an organization that does not directly or indirectly serve the satisfaction of interested parties, it is unlikely that any function or process will now be excluded from the management system.
This requirement responds to the System Approach Principle.It is sensible to describe the scope of the management system so as to ensure effective communication. The scope of the management system is one area that generates a lot of misunderstanding particularly when dealing with auditors, consultants and customers. When you claim you have a management system that meets ISO 9001 it could imply that you design, develop, install and service the products you supply, when in fact you may only be a distributor.
Why you need to justify specific exclusions is uncertain because it is more practical tojustify inclusions.
The scope of the management system is the scope of the organization. There is no longer any reason to exclude locations, activities, functions or processes for which there is no requirement in the standard. The reason is because the ISO 9000 family now serves customer satisfaction and is not limited to quality assurance as were the 1994 versions of ISO 9001, ISO 9002 and ISO 9003.
It is not appropriate to address exclusions by inserting pages in the manual corresponding to the sections of the standard and adding justification if not within the scope of the management system – such as ‘We don’t do this!’. It is much more appropriate to use an appendix as indicated previously in the manual contents list. By describing the nature of the business, you are establishing boundary conditions. If in doing so you do not mention that you design products, it will be interpreted that design is not applicable. For exclusions relative to detail requirements, the Compliance Matrix may suffice but for an unambiguous solution, it is preferable to produce an exposition that addresses each requirement of the standard.
Saturday, August 29, 2009
ISO 9000 vs Quality
ISO 9000 was conceived to bring about an improvement in product quality. It
was believed that if organizations were able to demonstrate they were
operating a quality system that met international standards, customers would
gain greater confidence in the quality of products they purchased. It was also
believed that by operating in accordance with documented procedures, errors
would be reduced and consistency of output ensured. If you find the best way
of achieving a result, put in place measures to prevent variation, document it
and train others to apply it, it follows that the results produced should be
consistently good.
The requirements of the standard were perceived to be a list of things to do
to achieve quality. The ISO co-ordinator would often draw up a plan based on
the following logic:
1. We have to identify resource requirements so I will write a procedure on
identifying resource requirements
2. We have to produce quality plans so I will write a procedure on producing
quality plans
3. We have to record contract review so I will write a procedure on recording
contract reviews
4. We have to identify design changes so I will write a procedure on identifying
design changes
The requirements in the standard were often not expressed as results to be
achieved. Requirements for a documented procedure to be established resulted
in just that. Invariably the objectives of the procedure were to define something
rather than to achieve something. This led to documentation without any clear
purpose that related to the achievement of quality. Those producing the
documentation were focusing on meeting the standard not on achieving quality.
Those producing the product were focusing on meeting the customer
requirement but the two were often out of sync. As quality assurance became
synonymous with procedures, so people perceived that they could achieve
quality by following procedures. The dominance of procedures to the exclusion
of performance is a misunderstanding of the implementers. The standard
required a documented system that ensured product met specified requirements – a
clear purpose. Once again the implementers lost sight of the objective. Or was it
that they knew the objective but in order to meet it, the culture would have to
change and if they could get the badge without doing so, why should they?
Issuing a procedure was considered to equate to task completed. Unfortu-
nately, for those on the receiving end, the procedures were filed and forgotten.
When the auditor came around, the individual was found to be totally
unaware of the ‘procedure’ and consequently found noncompliant with it.
However, the auditor would discover that the individual was doing the right
things so the corrective action was inevitably to change the procedure. The
process of issuing procedures was not questioned, the individual concerned
was blamed for not knowing the procedure and the whole episode failed to
make any positive contribution to the achievement of quality. But it left the
impression on the individual that quality was all about following procedures.
It also left the impression that quality was about consistency and providing
you did what you said you would do regardless of it being in the interests of
satisfying customers, it was OK. One is left wondering whether anyone
consulted the dictionary in which quality is defined as a degree of excellence?
Another problem was that those who were to implement requirements were
often excluded from the process. Instead of enquiring as to the best way of
meeting a requirement, those in charge of ISO 9000 implementation assumed
that issuing procedures would in fact cause compliance with requirements. It
requires a study of the way work gets done to appreciate how best to meet a
requirement. Procedures were required to be documented and the range and
detail was intended to be appropriate to the complexity of the work, the
methods used and the skills and training needed. The standard also only
required work instructions where their absence would adversely affect quality.
It is as though the people concerned did not read the requirement properly or
had no curiosity to find out for themselves what ISO had to say about
procedures – they were all too ready to be told what to do without questioning
why they should be doing it.
More often than not, the topics covered by the standard were only a sample
of all the things that need to be done to achieve the organization’s objectives.
The way the standard classified the topics was also often not appropriate to the
way work was performed. As a consequence, procedures failed to be
implemented because they mirrored the standard and not the work. ISO 9000
may have required documented procedures but it did not insist that they be
produced in separate documents, with titles or an identification convention
that was traceable to the requirements.
Critics argue (Seddon, John, 2000)3 that ISO 9000 did not enable organiza-
tions to reduce variation as a result of following the procedures. It is true that
ISO 9000 did not explain the theory of variation – it could have done, but
perhaps it was felt that this was better handled by the wealth of literature
available at the time. However, ISO 9000 did require organizations to identify
where the use of statistical techniques was necessary for establishing,
controlling and verifying process capability but this was often misunderstood.
Clause 4.14 of ISO 9001 required corrective action procedures – procedures to
identify variation and eliminate the cause so this should have resulted in a
reduction in variation. The procedures did not always focus on results – they
tended to focus on transactions – sending information or product from A to B.
The concept of corrective action was often misunderstood. It was believed to be
about fixing the problem and preventive action was believed to be about
preventing recurrence. Had users read ISO 8402 they should have been
enlightened. Had they read Deming they would have been enlightened but in
many cases the language of ISO 9000 was a deterrent to learning. Had the
auditors understood variation, they too could have assisted in clarifying these
issues but they too seemed ignorant – willing to regard clause 4.20 as not
applicable in many cases.
Clause 4.6 of the undervalued and forgotten standard ISO 9000 –1 starts with
‘The International Standards in the ISO 9000 family are founded upon the
understanding that all work is accomplished by a process.’ In clause 4.7 it starts
with ‘Every organization exists to accomplish value-adding work. The work is
accomplished through a network of processes’ In clause 4.8 it starts with ‘It is
conventional to speak of quality systems as consisting of a number of elements.
The quality system is carried out by means of processes which exist both within
and across functions’ Alas, few people read ISO 9000–1 and as a result the
baggage that had amassed was difficult to shed especially because there were
few if any certification bodies suggesting that the guidance contained in ISO
9000 –1 should be applied. Unfortunately, this message from ISO 9000 –1 was not
conveyed through the requirements of ISO 9001. ISO 9001 was not intended as
a design tool. It was produced for contractual and assessment purposes but was
used as a design tool instead of ISO 9000 –1 and ISO 9004 –1.
was believed that if organizations were able to demonstrate they were
operating a quality system that met international standards, customers would
gain greater confidence in the quality of products they purchased. It was also
believed that by operating in accordance with documented procedures, errors
would be reduced and consistency of output ensured. If you find the best way
of achieving a result, put in place measures to prevent variation, document it
and train others to apply it, it follows that the results produced should be
consistently good.
The requirements of the standard were perceived to be a list of things to do
to achieve quality. The ISO co-ordinator would often draw up a plan based on
the following logic:
1. We have to identify resource requirements so I will write a procedure on
identifying resource requirements
2. We have to produce quality plans so I will write a procedure on producing
quality plans
3. We have to record contract review so I will write a procedure on recording
contract reviews
4. We have to identify design changes so I will write a procedure on identifying
design changes
The requirements in the standard were often not expressed as results to be
achieved. Requirements for a documented procedure to be established resulted
in just that. Invariably the objectives of the procedure were to define something
rather than to achieve something. This led to documentation without any clear
purpose that related to the achievement of quality. Those producing the
documentation were focusing on meeting the standard not on achieving quality.
Those producing the product were focusing on meeting the customer
requirement but the two were often out of sync. As quality assurance became
synonymous with procedures, so people perceived that they could achieve
quality by following procedures. The dominance of procedures to the exclusion
of performance is a misunderstanding of the implementers. The standard
required a documented system that ensured product met specified requirements – a
clear purpose. Once again the implementers lost sight of the objective. Or was it
that they knew the objective but in order to meet it, the culture would have to
change and if they could get the badge without doing so, why should they?
Issuing a procedure was considered to equate to task completed. Unfortu-
nately, for those on the receiving end, the procedures were filed and forgotten.
When the auditor came around, the individual was found to be totally
unaware of the ‘procedure’ and consequently found noncompliant with it.
However, the auditor would discover that the individual was doing the right
things so the corrective action was inevitably to change the procedure. The
process of issuing procedures was not questioned, the individual concerned
was blamed for not knowing the procedure and the whole episode failed to
make any positive contribution to the achievement of quality. But it left the
impression on the individual that quality was all about following procedures.
It also left the impression that quality was about consistency and providing
you did what you said you would do regardless of it being in the interests of
satisfying customers, it was OK. One is left wondering whether anyone
consulted the dictionary in which quality is defined as a degree of excellence?
Another problem was that those who were to implement requirements were
often excluded from the process. Instead of enquiring as to the best way of
meeting a requirement, those in charge of ISO 9000 implementation assumed
that issuing procedures would in fact cause compliance with requirements. It
requires a study of the way work gets done to appreciate how best to meet a
requirement. Procedures were required to be documented and the range and
detail was intended to be appropriate to the complexity of the work, the
methods used and the skills and training needed. The standard also only
required work instructions where their absence would adversely affect quality.
It is as though the people concerned did not read the requirement properly or
had no curiosity to find out for themselves what ISO had to say about
procedures – they were all too ready to be told what to do without questioning
why they should be doing it.
More often than not, the topics covered by the standard were only a sample
of all the things that need to be done to achieve the organization’s objectives.
The way the standard classified the topics was also often not appropriate to the
way work was performed. As a consequence, procedures failed to be
implemented because they mirrored the standard and not the work. ISO 9000
may have required documented procedures but it did not insist that they be
produced in separate documents, with titles or an identification convention
that was traceable to the requirements.
Critics argue (Seddon, John, 2000)3 that ISO 9000 did not enable organiza-
tions to reduce variation as a result of following the procedures. It is true that
ISO 9000 did not explain the theory of variation – it could have done, but
perhaps it was felt that this was better handled by the wealth of literature
available at the time. However, ISO 9000 did require organizations to identify
where the use of statistical techniques was necessary for establishing,
controlling and verifying process capability but this was often misunderstood.
Clause 4.14 of ISO 9001 required corrective action procedures – procedures to
identify variation and eliminate the cause so this should have resulted in a
reduction in variation. The procedures did not always focus on results – they
tended to focus on transactions – sending information or product from A to B.
The concept of corrective action was often misunderstood. It was believed to be
about fixing the problem and preventive action was believed to be about
preventing recurrence. Had users read ISO 8402 they should have been
enlightened. Had they read Deming they would have been enlightened but in
many cases the language of ISO 9000 was a deterrent to learning. Had the
auditors understood variation, they too could have assisted in clarifying these
issues but they too seemed ignorant – willing to regard clause 4.20 as not
applicable in many cases.
Clause 4.6 of the undervalued and forgotten standard ISO 9000 –1 starts with
‘The International Standards in the ISO 9000 family are founded upon the
understanding that all work is accomplished by a process.’ In clause 4.7 it starts
with ‘Every organization exists to accomplish value-adding work. The work is
accomplished through a network of processes’ In clause 4.8 it starts with ‘It is
conventional to speak of quality systems as consisting of a number of elements.
The quality system is carried out by means of processes which exist both within
and across functions’ Alas, few people read ISO 9000–1 and as a result the
baggage that had amassed was difficult to shed especially because there were
few if any certification bodies suggesting that the guidance contained in ISO
9000 –1 should be applied. Unfortunately, this message from ISO 9000 –1 was not
conveyed through the requirements of ISO 9001. ISO 9001 was not intended as
a design tool. It was produced for contractual and assessment purposes but was
used as a design tool instead of ISO 9000 –1 and ISO 9004 –1.
ISO 9001:2008 Documentation Requirements
ISO 9001:2008 Documentation Requirements
ISO 9001:2008 clause 4.1 General requirements requires an organization to “establish, document, implement, and maintain a quality management system and continually improve its effectiveness in accordance with the requirements of this International Standard”
ISO 9001:2008 Clause 4.2.1 General explains that the quality management system documentation shall include:
documented statements of a quality policy and quality objectives;
a quality manual
documented procedures required by this International Standard
documents needed by the organization to ensure the effective planning, operation and control of its processes, and
records required by this International Standard;
The notes after Clause 4.2 make it clear that where the standard specifically requires a “documented procedure”, the procedure has to be established, documented, implemented and maintained. It also emphasizes that the extent of the QMS documentation may differ from one organization to another due to:
the size of organization and type of activities;
the complexity of processes and their interactions, and
the competence of personnel.
All the documents that form part of the QMS have to be controlled in accordance with clause 4.2.3 of ISO 9001:2008, or, for the particular case of records, according to clause 4.2.4.
Guidance on Clause 4.2 of ISO 9001:2008
The following comments are intended to assist users of ISO 9001:2008 in understanding the intent of the general documentation requirements of the International Standard.
a) Documented statements of a quality policy and objectives:
Requirements for the quality policy are defined in clause 5.3 of ISO 9001:2008. The documented quality policy has to be controlled according to the requirements of clause 4.2.3.Note: Organizations that are revising their quality policy for the first time, or in order to meet the amended requirements in ISO 9001:2008, should pay particular attention to clause 4.2.3 (c), (d) and (g).
Requirements for quality objectives are defined in clause 5.4.1 of ISO 9001:2008. These documented quality objectives are also subject to the document control requirements of clause 4.2.3.
b) Quality Manual:
Clause 4.2.2 of ISO 9001:2008 specifies the minimum content for a quality manual. The format and structure of the manual is a decision for each organization, and will depend on the organization’s size, culture and complexity. Some organizations may choose to use the quality manual for other purposes besides that of simply documenting the QMS
A small organization may find it appropriate to include the description of its entire QMS within a single manual, including all the documented procedures required by the standard.
Large, multi-national organizations may need several manuals at the global, national or regional level, and a more complex hierarchy of documentation.
The quality manual is a document that has to be controlled in accordance with the requirements of clause 4.2.3.
c) Documented procedures:
ISO 9001:2008 specifically requires the organization to have “documented procedures” for the following six activities:4.2.3 Control of documents4.2.4 Control of records8.2.2 Internal audit8.3 Control of nonconforming product8.5.2 Corrective action8.5.3 Preventive action
These documented procedures have to be controlled in accordance with the requirements of clause 4.2.3
Some organizations may find it convenient to combine the procedure for several activities into a single documented procedure (for example, corrective action and preventive action). Others may choose to document a given activity by using more than one documented procedure (for example, internal audits). Both are acceptable.
Some organizations (particularly larger organizations, or those with more complex processes) may require additional documented procedures (particularly those relating to product realization processes) to implement an effective QMS.
Other organizations may require additional procedures, but the size and/or culture of the organization could enable these to be effectively implemented without necessarily being documented. However, in order to demonstrate compliance with ISO 9001:2008, the organization has to be able to provide objective evidence (not necessarily documented) that its QMS has been effectively implemented.
d) Documents needed by the organization to ensure the effective planning, operation and control of its processes:
In order for an organization to demonstrate the effective implementation of its QMS, it may be necessary to develop documents other than documented procedures. However, the only documents specifically mentioned in ISO 9001:2008 are:- Quality policy (clause 4.2.1.a)- Quality objectives (clause 4.2.1.a)- Quality manual (clause 4.2.1.b)
There are several requirements of ISO 9001:2008 where an organization could add value to its QMS and demonstrate conformity by the preparation of other documents, even though the standard does not specifically require them. Examples may include:- Process maps, process flow charts and/or process descriptions- Organization charts- Specifications- Work and/or test instructions- Documents containing internal communications- Production schedules- Approved supplier lists- Test and inspection plans- Quality plans
All such documents have to be controlled in accordance with the requirements of clause 4.2.3 and/or 4.2.4, as applicable
e) Records:
Examples of records specifically required by ISO 9001:2008 are presented in Annex B.
Organizations are free to develop other records that may be needed to demonstrate conformity of their processes, products and quality management system.
Requirements for the control of records are different from those for other documents, and all records have to be controlled according to those of clause 4.2.4 of ISO 9001:2008.
ISO 9001:2008 clause 4.1 General requirements requires an organization to “establish, document, implement, and maintain a quality management system and continually improve its effectiveness in accordance with the requirements of this International Standard”
ISO 9001:2008 Clause 4.2.1 General explains that the quality management system documentation shall include:
documented statements of a quality policy and quality objectives;
a quality manual
documented procedures required by this International Standard
documents needed by the organization to ensure the effective planning, operation and control of its processes, and
records required by this International Standard;
The notes after Clause 4.2 make it clear that where the standard specifically requires a “documented procedure”, the procedure has to be established, documented, implemented and maintained. It also emphasizes that the extent of the QMS documentation may differ from one organization to another due to:
the size of organization and type of activities;
the complexity of processes and their interactions, and
the competence of personnel.
All the documents that form part of the QMS have to be controlled in accordance with clause 4.2.3 of ISO 9001:2008, or, for the particular case of records, according to clause 4.2.4.
Guidance on Clause 4.2 of ISO 9001:2008
The following comments are intended to assist users of ISO 9001:2008 in understanding the intent of the general documentation requirements of the International Standard.
a) Documented statements of a quality policy and objectives:
Requirements for the quality policy are defined in clause 5.3 of ISO 9001:2008. The documented quality policy has to be controlled according to the requirements of clause 4.2.3.Note: Organizations that are revising their quality policy for the first time, or in order to meet the amended requirements in ISO 9001:2008, should pay particular attention to clause 4.2.3 (c), (d) and (g).
Requirements for quality objectives are defined in clause 5.4.1 of ISO 9001:2008. These documented quality objectives are also subject to the document control requirements of clause 4.2.3.
b) Quality Manual:
Clause 4.2.2 of ISO 9001:2008 specifies the minimum content for a quality manual. The format and structure of the manual is a decision for each organization, and will depend on the organization’s size, culture and complexity. Some organizations may choose to use the quality manual for other purposes besides that of simply documenting the QMS
A small organization may find it appropriate to include the description of its entire QMS within a single manual, including all the documented procedures required by the standard.
Large, multi-national organizations may need several manuals at the global, national or regional level, and a more complex hierarchy of documentation.
The quality manual is a document that has to be controlled in accordance with the requirements of clause 4.2.3.
c) Documented procedures:
ISO 9001:2008 specifically requires the organization to have “documented procedures” for the following six activities:4.2.3 Control of documents4.2.4 Control of records8.2.2 Internal audit8.3 Control of nonconforming product8.5.2 Corrective action8.5.3 Preventive action
These documented procedures have to be controlled in accordance with the requirements of clause 4.2.3
Some organizations may find it convenient to combine the procedure for several activities into a single documented procedure (for example, corrective action and preventive action). Others may choose to document a given activity by using more than one documented procedure (for example, internal audits). Both are acceptable.
Some organizations (particularly larger organizations, or those with more complex processes) may require additional documented procedures (particularly those relating to product realization processes) to implement an effective QMS.
Other organizations may require additional procedures, but the size and/or culture of the organization could enable these to be effectively implemented without necessarily being documented. However, in order to demonstrate compliance with ISO 9001:2008, the organization has to be able to provide objective evidence (not necessarily documented) that its QMS has been effectively implemented.
d) Documents needed by the organization to ensure the effective planning, operation and control of its processes:
In order for an organization to demonstrate the effective implementation of its QMS, it may be necessary to develop documents other than documented procedures. However, the only documents specifically mentioned in ISO 9001:2008 are:- Quality policy (clause 4.2.1.a)- Quality objectives (clause 4.2.1.a)- Quality manual (clause 4.2.1.b)
There are several requirements of ISO 9001:2008 where an organization could add value to its QMS and demonstrate conformity by the preparation of other documents, even though the standard does not specifically require them. Examples may include:- Process maps, process flow charts and/or process descriptions- Organization charts- Specifications- Work and/or test instructions- Documents containing internal communications- Production schedules- Approved supplier lists- Test and inspection plans- Quality plans
All such documents have to be controlled in accordance with the requirements of clause 4.2.3 and/or 4.2.4, as applicable
e) Records:
Examples of records specifically required by ISO 9001:2008 are presented in Annex B.
Organizations are free to develop other records that may be needed to demonstrate conformity of their processes, products and quality management system.
Requirements for the control of records are different from those for other documents, and all records have to be controlled according to those of clause 4.2.4 of ISO 9001:2008.
Thursday, August 27, 2009
ISO 9000 — a way of managing for conformance
Quality assurance, according to the Standard, is a way of managing that prevents non-conformance and thus “assures quality”. This is what makes ISO 9000 different from other standards: it is a management standard, not a product standard. It goes beyond product standardisation: it is standardising not what is made but how it is made. To use standards to dictate and control how organisations work was to extend the role of standards to new territory. To take such a step we might have firstly established that any such requirements worked — that they resulted in ways of working which improved performance.
Yet the plausibility of this Standard, and the fact that those who had an interest in maintaining it were (and still are) leading opinion, prevented such enquiries. In simple terms the Standard asks managers to say what they do, do what they say and prove it to a third party.
ISO 9000 (1994) paragraph 1: “The requirements specified are aimed primarily at achieving customer satisfaction by preventing non-conformity at all stages from design through servicing.”
To put it another way, the Standard asserts that preventing non-conformance achieves customer satisfaction. But does it? Of course it matters to customers that a product works. But there is no guarantee that the Standard will ensure even that. Furthermore, customers take a total view of an organisation — how easy it is to do business with — in respect of all things of importance to each and every customer.
ISO 9000 requires managers to “establish and maintain a documented quality system as a means of ensuring that product conforms to specified requirements”. Loosely translated this is “say what you do”. Management is supposed to “define and document its policy for quality . . . including its commitment to quality”.
What management would not declare its commitment to quality? But would they know what it means? Would they argue (as they should) that quality management is a different and better way to do business, or would they believe that ISO 9000 will take care of quality? The Standard encourages managers to think of “quality” and “business as usual” as separate and distinct. It helps managers avoid the revelation that quality means a wholly different view of management. Instead, the organisation “shall appoint a management representative who, irrespective of other responsibilities, shall have defined authority and responsibility” [for ISO 9000]. At a practical level this means only one executive might decide he or she had better learn a thing or two about quality. However, would being responsible for ISO 9000 lead to learning about quality or simply enforcing the ISO 9000 regime in an organisation?
Key to the regime is auditing. The Standard requires organisations to conduct internal quality audits to “verify whether quality activities comply with planned arrangements”. This can be loosely translated as “do you do as you say?” and the purpose of the audit is to see that you do. It was not until the 1994 review that the words were changed to “quality activities and related results”. It was a Standard which was rooted in the philosophy of inspection: fifteen years after its initial promulgation the promoters sought to extend the focus to results. But results or improvements assessed by what means? Inspection. By the time the Standard was adopted world-wide, quality thinking had moved a long way from the philosophy of inspection. It is now understood, at least by a few, that quality is achieved through managing the organisation as a system and using measures which enable managers to improve flow and reduce variation (which we explore in chapters 5 and 7). The defenders argue that there is nothing stopping a company having ISO 9000 and implementing methods for managing flow and reducing variation, but where are such companies? Few of the companies we researched, formally and informally, knew anything about this thinking. The Standard does not talk about it; moreover, the Standard effectively discourages managers from learning about it by representing quality in a different way.
According to ISO 8402 (quality vocabulary), quality is:
“The totality of features and characteristics of a product or service that bear on its ability to satisfy stated or implied needs.”
Everything we have learned about ISO 9000 suggests that the people who created this definition were thinking about the things which need to be controlled, those things which “bear on its ability . . .”. The builders of the Standard assumed that customer needs would be listed in contractual agreements between the supplier and customer. ISO 9000 has a “make” logic — procedures for “how you do what you do” — and a “control” logic — check to see that it is done. It is a relic of the era when contractual agreements were perceived to be an important device for regulating the behaviour of suppliers. In these ways, ISO 9000 encouraged “planning for quality”.
Planning for quality sounds plausible, but it assumes many things: that the plan is the right plan, that it is feasible, that people will “do it”, that performance will improve. It is an approach which, paradoxically, leads to poor decisions. Planners of quality systems, guided by ISO 9000, start with a view of how the world should be as framed by the Standard. Understanding how an organisation is working, rather than how someone thinks it should, is a far better place from which to start change of any kind.
Yet the plausibility of this Standard, and the fact that those who had an interest in maintaining it were (and still are) leading opinion, prevented such enquiries. In simple terms the Standard asks managers to say what they do, do what they say and prove it to a third party.
ISO 9000 (1994) paragraph 1: “The requirements specified are aimed primarily at achieving customer satisfaction by preventing non-conformity at all stages from design through servicing.”
To put it another way, the Standard asserts that preventing non-conformance achieves customer satisfaction. But does it? Of course it matters to customers that a product works. But there is no guarantee that the Standard will ensure even that. Furthermore, customers take a total view of an organisation — how easy it is to do business with — in respect of all things of importance to each and every customer.
ISO 9000 requires managers to “establish and maintain a documented quality system as a means of ensuring that product conforms to specified requirements”. Loosely translated this is “say what you do”. Management is supposed to “define and document its policy for quality . . . including its commitment to quality”.
What management would not declare its commitment to quality? But would they know what it means? Would they argue (as they should) that quality management is a different and better way to do business, or would they believe that ISO 9000 will take care of quality? The Standard encourages managers to think of “quality” and “business as usual” as separate and distinct. It helps managers avoid the revelation that quality means a wholly different view of management. Instead, the organisation “shall appoint a management representative who, irrespective of other responsibilities, shall have defined authority and responsibility” [for ISO 9000]. At a practical level this means only one executive might decide he or she had better learn a thing or two about quality. However, would being responsible for ISO 9000 lead to learning about quality or simply enforcing the ISO 9000 regime in an organisation?
Key to the regime is auditing. The Standard requires organisations to conduct internal quality audits to “verify whether quality activities comply with planned arrangements”. This can be loosely translated as “do you do as you say?” and the purpose of the audit is to see that you do. It was not until the 1994 review that the words were changed to “quality activities and related results”. It was a Standard which was rooted in the philosophy of inspection: fifteen years after its initial promulgation the promoters sought to extend the focus to results. But results or improvements assessed by what means? Inspection. By the time the Standard was adopted world-wide, quality thinking had moved a long way from the philosophy of inspection. It is now understood, at least by a few, that quality is achieved through managing the organisation as a system and using measures which enable managers to improve flow and reduce variation (which we explore in chapters 5 and 7). The defenders argue that there is nothing stopping a company having ISO 9000 and implementing methods for managing flow and reducing variation, but where are such companies? Few of the companies we researched, formally and informally, knew anything about this thinking. The Standard does not talk about it; moreover, the Standard effectively discourages managers from learning about it by representing quality in a different way.
According to ISO 8402 (quality vocabulary), quality is:
“The totality of features and characteristics of a product or service that bear on its ability to satisfy stated or implied needs.”
Everything we have learned about ISO 9000 suggests that the people who created this definition were thinking about the things which need to be controlled, those things which “bear on its ability . . .”. The builders of the Standard assumed that customer needs would be listed in contractual agreements between the supplier and customer. ISO 9000 has a “make” logic — procedures for “how you do what you do” — and a “control” logic — check to see that it is done. It is a relic of the era when contractual agreements were perceived to be an important device for regulating the behaviour of suppliers. In these ways, ISO 9000 encouraged “planning for quality”.
Planning for quality sounds plausible, but it assumes many things: that the plan is the right plan, that it is feasible, that people will “do it”, that performance will improve. It is an approach which, paradoxically, leads to poor decisions. Planners of quality systems, guided by ISO 9000, start with a view of how the world should be as framed by the Standard. Understanding how an organisation is working, rather than how someone thinks it should, is a far better place from which to start change of any kind.
ISO 9000 vs Quality
ISO 9000 was conceived to bring about an improvement in product quality. It
was believed that if organizations were able to demonstrate they were
operating a quality system that met international standards, customers would
gain greater confidence in the quality of products they purchased. It was also
believed that by operating in accordance with documented procedures, errors
would be reduced and consistency of output ensured. If you find the best way
of achieving a result, put in place measures to prevent variation, document it
and train others to apply it, it follows that the results produced should be
consistently good.
The requirements of the standard were perceived to be a list of things to do
to achieve quality. The ISO co-ordinator would often draw up a plan based on
the following logic:
1. We have to identify resource requirements so I will write a procedure on
identifying resource requirements
2. We have to produce quality plans so I will write a procedure on producing
quality plans
3. We have to record contract review so I will write a procedure on recording
contract reviews
4. We have to identify design changes so I will write a procedure on identifying
design changes
The requirements in the standard were often not expressed as results to be
achieved. Requirements for a documented procedure to be established resulted
in just that. Invariably the objectives of the procedure were to define something
rather than to achieve something. This led to documentation without any clear
purpose that related to the achievement of quality. Those producing the
documentation were focusing on meeting the standard not on achieving quality.
Those producing the product were focusing on meeting the customer
requirement but the two were often out of sync. As quality assurance became
synonymous with procedures, so people perceived that they could achieve
quality by following procedures. The dominance of procedures to the exclusion
of performance is a misunderstanding of the implementers. The standard
required a documented system that ensured product met specified requirements – a
clear purpose. Once again the implementers lost sight of the objective. Or was it
that they knew the objective but in order to meet it, the culture would have to
change and if they could get the badge without doing so, why should they?
Issuing a procedure was considered to equate to task completed. Unfortu-
nately, for those on the receiving end, the procedures were filed and forgotten.
When the auditor came around, the individual was found to be totally
unaware of the ‘procedure’ and consequently found noncompliant with it.
However, the auditor would discover that the individual was doing the right
things so the corrective action was inevitably to change the procedure. The
process of issuing procedures was not questioned, the individual concerned
was blamed for not knowing the procedure and the whole episode failed to
make any positive contribution to the achievement of quality. But it left the
impression on the individual that quality was all about following procedures.
It also left the impression that quality was about consistency and providing
you did what you said you would do regardless of it being in the interests of
satisfying customers, it was OK. One is left wondering whether anyone
consulted the dictionary in which quality is defined as a degree of excellence?
Another problem was that those who were to implement requirements were
often excluded from the process. Instead of enquiring as to the best way of
meeting a requirement, those in charge of ISO 9000 implementation assumed
that issuing procedures would in fact cause compliance with requirements. It
requires a study of the way work gets done to appreciate how best to meet a
requirement. Procedures were required to be documented and the range and
detail was intended to be appropriate to the complexity of the work, the
methods used and the skills and training needed. The standard also only
required work instructions where their absence would adversely affect quality.
It is as though the people concerned did not read the requirement properly or
had no curiosity to find out for themselves what ISO had to say about
procedures – they were all too ready to be told what to do without questioning
why they should be doing it.
More often than not, the topics covered by the standard were only a sample
of all the things that need to be done to achieve the organization’s objectives.
The way the standard classified the topics was also often not appropriate to the
way work was performed. As a consequence, procedures failed to be
implemented because they mirrored the standard and not the work. ISO 9000
may have required documented procedures but it did not insist that they be
produced in separate documents, with titles or an identification convention
that was traceable to the requirements.
Critics argue (Seddon, John, 2000)3 that ISO 9000 did not enable organiza-
tions to reduce variation as a result of following the procedures. It is true that
ISO 9000 did not explain the theory of variation – it could have done, but
perhaps it was felt that this was better handled by the wealth of literature
available at the time. However, ISO 9000 did require organizations to identify
where the use of statistical techniques was necessary for establishing,
controlling and verifying process capability but this was often misunderstood.
Clause 4.14 of ISO 9001 required corrective action procedures – procedures to
identify variation and eliminate the cause so this should have resulted in a
reduction in variation. The procedures did not always focus on results – they
tended to focus on transactions – sending information or product from A to B.
The concept of corrective action was often misunderstood. It was believed to be
about fixing the problem and preventive action was believed to be about
preventing recurrence. Had users read ISO 8402 they should have been
enlightened. Had they read Deming they would have been enlightened but in
many cases the language of ISO 9000 was a deterrent to learning. Had the
auditors understood variation, they too could have assisted in clarifying these
issues but they too seemed ignorant – willing to regard clause 4.20 as not
applicable in many cases.
Clause 4.6 of the undervalued and forgotten standard ISO 9000 –1 starts with
‘The International Standards in the ISO 9000 family are founded upon the
understanding that all work is accomplished by a process.’ In clause 4.7 it starts
with ‘Every organization exists to accomplish value-adding work. The work is
accomplished through a network of processes’ In clause 4.8 it starts with ‘It is
conventional to speak of quality systems as consisting of a number of elements.
The quality system is carried out by means of processes which exist both within
and across functions’ Alas, few people read ISO 9000–1 and as a result the
baggage that had amassed was difficult to shed especially because there were
few if any certification bodies suggesting that the guidance contained in ISO
9000 –1 should be applied. Unfortunately, this message from ISO 9000 –1 was not
conveyed through the requirements of ISO 9001. ISO 9001 was not intended as
a design tool. It was produced for contractual and assessment purposes but was
used as a design tool instead of ISO 9000 –1 and ISO 9004 –1.
was believed that if organizations were able to demonstrate they were
operating a quality system that met international standards, customers would
gain greater confidence in the quality of products they purchased. It was also
believed that by operating in accordance with documented procedures, errors
would be reduced and consistency of output ensured. If you find the best way
of achieving a result, put in place measures to prevent variation, document it
and train others to apply it, it follows that the results produced should be
consistently good.
The requirements of the standard were perceived to be a list of things to do
to achieve quality. The ISO co-ordinator would often draw up a plan based on
the following logic:
1. We have to identify resource requirements so I will write a procedure on
identifying resource requirements
2. We have to produce quality plans so I will write a procedure on producing
quality plans
3. We have to record contract review so I will write a procedure on recording
contract reviews
4. We have to identify design changes so I will write a procedure on identifying
design changes
The requirements in the standard were often not expressed as results to be
achieved. Requirements for a documented procedure to be established resulted
in just that. Invariably the objectives of the procedure were to define something
rather than to achieve something. This led to documentation without any clear
purpose that related to the achievement of quality. Those producing the
documentation were focusing on meeting the standard not on achieving quality.
Those producing the product were focusing on meeting the customer
requirement but the two were often out of sync. As quality assurance became
synonymous with procedures, so people perceived that they could achieve
quality by following procedures. The dominance of procedures to the exclusion
of performance is a misunderstanding of the implementers. The standard
required a documented system that ensured product met specified requirements – a
clear purpose. Once again the implementers lost sight of the objective. Or was it
that they knew the objective but in order to meet it, the culture would have to
change and if they could get the badge without doing so, why should they?
Issuing a procedure was considered to equate to task completed. Unfortu-
nately, for those on the receiving end, the procedures were filed and forgotten.
When the auditor came around, the individual was found to be totally
unaware of the ‘procedure’ and consequently found noncompliant with it.
However, the auditor would discover that the individual was doing the right
things so the corrective action was inevitably to change the procedure. The
process of issuing procedures was not questioned, the individual concerned
was blamed for not knowing the procedure and the whole episode failed to
make any positive contribution to the achievement of quality. But it left the
impression on the individual that quality was all about following procedures.
It also left the impression that quality was about consistency and providing
you did what you said you would do regardless of it being in the interests of
satisfying customers, it was OK. One is left wondering whether anyone
consulted the dictionary in which quality is defined as a degree of excellence?
Another problem was that those who were to implement requirements were
often excluded from the process. Instead of enquiring as to the best way of
meeting a requirement, those in charge of ISO 9000 implementation assumed
that issuing procedures would in fact cause compliance with requirements. It
requires a study of the way work gets done to appreciate how best to meet a
requirement. Procedures were required to be documented and the range and
detail was intended to be appropriate to the complexity of the work, the
methods used and the skills and training needed. The standard also only
required work instructions where their absence would adversely affect quality.
It is as though the people concerned did not read the requirement properly or
had no curiosity to find out for themselves what ISO had to say about
procedures – they were all too ready to be told what to do without questioning
why they should be doing it.
More often than not, the topics covered by the standard were only a sample
of all the things that need to be done to achieve the organization’s objectives.
The way the standard classified the topics was also often not appropriate to the
way work was performed. As a consequence, procedures failed to be
implemented because they mirrored the standard and not the work. ISO 9000
may have required documented procedures but it did not insist that they be
produced in separate documents, with titles or an identification convention
that was traceable to the requirements.
Critics argue (Seddon, John, 2000)3 that ISO 9000 did not enable organiza-
tions to reduce variation as a result of following the procedures. It is true that
ISO 9000 did not explain the theory of variation – it could have done, but
perhaps it was felt that this was better handled by the wealth of literature
available at the time. However, ISO 9000 did require organizations to identify
where the use of statistical techniques was necessary for establishing,
controlling and verifying process capability but this was often misunderstood.
Clause 4.14 of ISO 9001 required corrective action procedures – procedures to
identify variation and eliminate the cause so this should have resulted in a
reduction in variation. The procedures did not always focus on results – they
tended to focus on transactions – sending information or product from A to B.
The concept of corrective action was often misunderstood. It was believed to be
about fixing the problem and preventive action was believed to be about
preventing recurrence. Had users read ISO 8402 they should have been
enlightened. Had they read Deming they would have been enlightened but in
many cases the language of ISO 9000 was a deterrent to learning. Had the
auditors understood variation, they too could have assisted in clarifying these
issues but they too seemed ignorant – willing to regard clause 4.20 as not
applicable in many cases.
Clause 4.6 of the undervalued and forgotten standard ISO 9000 –1 starts with
‘The International Standards in the ISO 9000 family are founded upon the
understanding that all work is accomplished by a process.’ In clause 4.7 it starts
with ‘Every organization exists to accomplish value-adding work. The work is
accomplished through a network of processes’ In clause 4.8 it starts with ‘It is
conventional to speak of quality systems as consisting of a number of elements.
The quality system is carried out by means of processes which exist both within
and across functions’ Alas, few people read ISO 9000–1 and as a result the
baggage that had amassed was difficult to shed especially because there were
few if any certification bodies suggesting that the guidance contained in ISO
9000 –1 should be applied. Unfortunately, this message from ISO 9000 –1 was not
conveyed through the requirements of ISO 9001. ISO 9001 was not intended as
a design tool. It was produced for contractual and assessment purposes but was
used as a design tool instead of ISO 9000 –1 and ISO 9004 –1.
Establishing a ISO 9001 records procedure
The standard requires records to remain legible, readily
identifiable and retrievable and that a procedure defines
the controls needed for the identification, storage,
protec- tion, retrieval, retention time and disposition of records.
Records have a life cycle. They are generated during
which time they acquire an identity and are then
assigned for storage for a prescribed period. During
use and storage they need to be protected from
inadvertent or malicious destruction and as they
may be required to support current activities or
investigations, they need to be brought out of storage
quickly. When their usefulness has lapsed, a decision is made as to whether to
retain them further or to destroy them.
Readily retrievable means that records can be obtained on demand within a
reasonable period (hours not days or weeks) Readily identifiable means that
the identity can be discerned at a glance.
Although the requirement implies a single procedure, several may be
necessary because there are several unconnected tasks to perform. A procedure
cannot in fact ensure a result. It may prescribe a course of action which if
followed may lead to the correct result, but it is the process that ensures the
result not the procedure.
The revised requirement omits several aspects covered in clause 4.16 of the
1994 version.
Collection of records is now addressed by Analysis of data (clause 8.4)
Indexing of records is a specific form of identification and is therefore
already addressed
Access is now addressed by the requirement for record retrieval
Filing is a specific form of storage and is therefore already addressed
You may only need one procedure which covers all the requirements but this
is not always practical. The provisions you make for specific records should be
included in the documentation for controlling the activity being recorded. For
example, provisions for inspection records should be included in the inspection
procedures; provisions for design review records should be included in the
design review procedure. Within such procedures you should provide the
forms (or content requirement for the records), the identification, collection/
submission provisions, the indexing and filing provisions. It may be more
practical to cover the storage, disposal and retention provisions in separate
procedures because they may not be type-dependent. Where each department
retains their own records, these provisions may vary and therefore warrant
separate procedures.
Unlike prescriptive documents, records may contain handwritten elements and
therefore it is important that the handwriting is legible. If this becomes a
problem, you either improve discipline or consider electronic data capture.
Records also become soiled in a workshop environment so may need to be
protected to remain legible. With electronically captured data, legibility is often
not a problem. However, photographs and other scanned images may not
transfer as well as the original and lose detail so care has to be taken in
selecting appropriate equipment for this task.
Whatever the records, they should carry some
identification in order that you can determine what
they are, what kind of information they record and
what they relate to. A simple way of doing this is to
give each record a reference number and a name or
title in a prominent location on the record.
1994 –2000 Differences
Previously the standard
covered retrieval in four
ways. It required:
(a) that quality records be
made available for
evaluation by the
customer or his
representative for an
agreed period, where
agreed contractually
Records can take various forms – reports contain-
ing narrative, computer data, and forms containing
data in boxes, graphs, tables, lists and many others.
Where forms are used to collect data, they should
carry a form number and name as their identifica-
tion. When completed they should carry a serial
number to give each a separate identity. Records
should also be traceable to the product or service
they represent and this can be achieved either within
the reference number or separately, provided that the
chance of mistaken identity is eliminated. The
standard does not require records to be identifiable
to the product involved but unless you do make such
provision you will not be able to access the pertinent
records or demonstrate conformance to specified
requirements.
identifiable and retrievable and that a procedure defines
the controls needed for the identification, storage,
protec- tion, retrieval, retention time and disposition of records.
Records have a life cycle. They are generated during
which time they acquire an identity and are then
assigned for storage for a prescribed period. During
use and storage they need to be protected from
inadvertent or malicious destruction and as they
may be required to support current activities or
investigations, they need to be brought out of storage
quickly. When their usefulness has lapsed, a decision is made as to whether to
retain them further or to destroy them.
Readily retrievable means that records can be obtained on demand within a
reasonable period (hours not days or weeks) Readily identifiable means that
the identity can be discerned at a glance.
Although the requirement implies a single procedure, several may be
necessary because there are several unconnected tasks to perform. A procedure
cannot in fact ensure a result. It may prescribe a course of action which if
followed may lead to the correct result, but it is the process that ensures the
result not the procedure.
The revised requirement omits several aspects covered in clause 4.16 of the
1994 version.
Collection of records is now addressed by Analysis of data (clause 8.4)
Indexing of records is a specific form of identification and is therefore
already addressed
Access is now addressed by the requirement for record retrieval
Filing is a specific form of storage and is therefore already addressed
You may only need one procedure which covers all the requirements but this
is not always practical. The provisions you make for specific records should be
included in the documentation for controlling the activity being recorded. For
example, provisions for inspection records should be included in the inspection
procedures; provisions for design review records should be included in the
design review procedure. Within such procedures you should provide the
forms (or content requirement for the records), the identification, collection/
submission provisions, the indexing and filing provisions. It may be more
practical to cover the storage, disposal and retention provisions in separate
procedures because they may not be type-dependent. Where each department
retains their own records, these provisions may vary and therefore warrant
separate procedures.
Unlike prescriptive documents, records may contain handwritten elements and
therefore it is important that the handwriting is legible. If this becomes a
problem, you either improve discipline or consider electronic data capture.
Records also become soiled in a workshop environment so may need to be
protected to remain legible. With electronically captured data, legibility is often
not a problem. However, photographs and other scanned images may not
transfer as well as the original and lose detail so care has to be taken in
selecting appropriate equipment for this task.
Whatever the records, they should carry some
identification in order that you can determine what
they are, what kind of information they record and
what they relate to. A simple way of doing this is to
give each record a reference number and a name or
title in a prominent location on the record.
1994 –2000 Differences
Previously the standard
covered retrieval in four
ways. It required:
(a) that quality records be
made available for
evaluation by the
customer or his
representative for an
agreed period, where
agreed contractually
Records can take various forms – reports contain-
ing narrative, computer data, and forms containing
data in boxes, graphs, tables, lists and many others.
Where forms are used to collect data, they should
carry a form number and name as their identifica-
tion. When completed they should carry a serial
number to give each a separate identity. Records
should also be traceable to the product or service
they represent and this can be achieved either within
the reference number or separately, provided that the
chance of mistaken identity is eliminated. The
standard does not require records to be identifiable
to the product involved but unless you do make such
provision you will not be able to access the pertinent
records or demonstrate conformance to specified
requirements.
Implementing ISO 9000 Quality Management System
Step 7. Develop quality management system documentationStep 8: Document controlStep 9. ImplementationStep 10. Internal quality auditStep 11. Management reviewStep 12. Pre-assessment auditStep 13. Certification and registrationStep 14: Continual ImprovementStep 1: Top Management CommitmentThe top management (managing director or chief executive) should demonstrate a commitment and a determination to implement an ISO 9000 quality management system in the organization. Without top management commitment, no quality initiative can succeed. Top management must be convinced that registration and certification will enable the organization to demonstrate to its customers a visible commitment to quality. It should realize that a quality management system would improve overallbusiness efficiency by elimination of wasteful duplication in management system.The top management should provide evidence of its commitment to the development and implementation of the quality management system and continually improve its effectiveness by:a. Communicating to the organization the importance of meeting customer as well as statutory and regulatory requirements,b. Defining the organization’s quality policy and make this known to every employee,c. Ensuring that quality objectives are established at all levels and functions,d. Ensuring the availability of resources required for the development andimplementation of the quality management system,e. Appointing a management representative to coordinate quality management system activities, and Conducting management review.The top management should also consider actions such as:1. Leading the organization by example,2. Participating in improvement projects,3. Creating an environment that encourages the involvement of people.This type of top management commitment may be driven by:1. Direct marketplace pressure: requirements of crucial customers or parentconglomerates.2. Indirect marketplace pressure: increased quality levels and visibility among competitors.3. Growth ambitions: desire to exploit market opportunities.4. Personal belief in the value of quality as a goal and quality management systems as a means of reaching that goal.The top management should identify the goals to be achieved through the quality management system. Typical goals may be:• Be more efficient and profitable• Produce products and services that consistently meet customers’ needs andexpectations• Achieve customers satisfaction• Increase market share• Improve communications and morale in the organization• Reduce costs and liabilities• Increase confidence in the production systemStep 2. Establish Implementation TeamISO 9000 is implemented by people. The first phase of implementation calls for the commitment of top management – the CEO and perhaps a handful of other key people.The next step is to establish implementation team and appoint a ManagementRepresentative (MR) as its coordinator to plan and oversee implementation. Its members should include representatives of all functions of the organization -Marketing, Design and development, Planning, Production, Quality control, etc.In the context of the standard, the MR is the person within the Organization who acts as interface between organization management and the ISO 9000 registrar. His role is, in fact, much broader than that. The MR should also act as the organization’s “quality management system champion,” and must be a person with:
1. Total backing from the CEO,2. Genuine and passionate commitment to quality in general and the ISO 9000 qualitymanagement system in particular,3. The dignity – resulting from rank, seniority, or both – to influence managers and others of all levels and functions,4. Detailed knowledge of quality methods in general and ISO 9000 in particular.The members of the implementation team should also be trained on ISO 9000 quality management systems by a professional training organization.
Step 3. Start ISO 9000 Awareness ProgramsISO 9000 awareness programs should be conducted to communicate to theemployees the aim of the ISO 9000 quality management system; the advantage it offers to employees, customers and the organization; how it will work; and their roles and responsibilities within the system. Suppliers of materials and components should also participate in these programs.The awareness program should emphasize the benefits that the organization expects to realize through its ISO 9000 quality management system. The program should also stress the higher levels of participation and self-direction that the quality management system renders to employees. Such a focus will go far to enlist employee support and commitment.The programs could be run either by the implementation team or by experts hired to talk to different levels of employees.Step 4. Provide TrainingSince the ISO 9000 quality management system affects all the areas and all personnel in the organization, training programs should be structured for different categories of employees – senior managers, middle-level managers, supervisors and workers. The ISO 9000 implementation plan should make provision for this training. The training should cover the basic concepts of quality management systems and the standard and their overall impact on the strategic goals of the organization, the changed processes, and the likely work culture implications of the system. In addition, initial training mayalso be necessary on writing quality manuals, procedures and work instruction; auditing principles; techniques of laboratory management; calibration; testing procedures, etc.When in-house capacity to carry out such training is not available, it may be necessary to participate in external training courses run by professional training organizations.Alternatively, an external training institution could be invited to conduct in-house training courses.
Step 5. Conduct Initial Status SurveyISO 9000 does not require duplication of effort or redundant system. The goal of ISO 9000 is to create a quality management system that conforms to the standard. This does not preclude incorporating, adapting, and adding onto quality programs already in place. So the next step in the implementation process is to compare the organization’s existing quality management system, if there is one — with the requirements of thestandard (ISO 9001:2008).For this purpose, an organization flow chart showing how information actually flows (not what should be done) from order placement by the customer to delivery to this customer should be drawn up. From this over-all flow chart, a flow chart of activities in each department should be prepared.With the aid of the flow charts, a record of existing quality management system should be established. A significant number of written procedures may already be in place.Unless they are very much out of date, these documents should not be discarded.Rather, they should be incorporated into the new quality management system.Documents requiring modification or elaboration should be identified and listed. Thisexercise is some times referred to as ” gap analysis”. During these review processes,wide consultation with executives and representatives of various unions andassociations within the organization is required to enlist their active cooperation.In the review process, documents should be collected, studied and registered for further use, possibly after they have been revised. Before developing new quality management system documentation, you need to consider with which quality requirements or department you should start. The best is to select an area where processes are fairly well organized, running effectively and functioning satisfactorily.The basic approach is to determine and record how a process is currently carried out.We can do this by identifying the people involved and obtaining information from them during individual interviews. Unfortunately, it often happens that different people will give different, contradicting versions of a process. Each one may refer to oral instructions that are not accurate or clear. This is why the facts are often not described correctly the first time around, and have to be revised several times.Once it has been agreed how to describe the current process, this process has to be adapted, supplemented and implemented according to the requirements of the quality standard (ISO 9001:2008). This requires organizational arrangements, the drawing up of additional documents and possible removal of existing documentation (e.g. procedures, inspection/test plans, inspection/test instructions) and records (e.g.inspection/test reports, inspection/test certificates).In introducing a quality management system, the emphasis is on the improvement of the existing processes or the re-organization of processes.In general, the steps to follow are the following:Ascertain and establish the following:What is the present operation/process? What already exists?
Analyze the relevant sections of the quality standard – ISO 9001:2000:What is actually required? If necessary, supplement and change operational arrangements in accordance with the standard, develop documents and records, and describe operations/processes:What is the desired operation/process?Figure 1: Steps in introducing a quality management systemThe above gap analysis can be done internally, if the knowledge level is there. Or aformal pre-assessment can be obtained from any one of a large number of ISO 9000consulting, implementing, and registration firms.Step 6. Create a Documented Implementation PlanOnce the organization has obtained a clear picture of how its quality management system compares with the ISO 9001:2008 standard, all non-conformances must be addressed with a documented implementation plan. Usually, the plan calls for identifying and describing processes to make the organization’s quality management system fully in compliance with the standard.The implementation plan should be thorough and specific, detailing:???? Quality documentation to be developed???? Objective of the system???? Pertinent ISO 9001:2008 section???? Person or team responsible???? Approval required???? Training required???? Resources required???? Estimated completion dateThese elements should be organized into a detailed chart, to be reviewed andapproved. The plan should define the responsibilities of different departments and personnel and set target dates for the completion of activities. Once approved, the Management Representative should control, review and update the plan as the implementation process proceeds.Typical implementation action plan is shown in Figure 2. Use ISO 10005:1995 for guidance in quality planning
Step 7. Develop Quality Management System DocumentationDocumentation is the most common area of non-conformance among organizations wishing to implement ISO 9000 quality management systems. As one company pointed out: “When we started our implementation, we found that documentation was inadequate. Even absent, in some areas. Take calibration. Obviously it’s necessary, and obviously we do it, but it wasn’t being documented. Another area was inspection and testing. We inspect and test practically every item that leaves here, but our documentation was inadequate”.Documentation of the quality management system should include:???? Documented statements of a quality policy and quality objectives,???? A quality manual,???? Documented procedures and records required by the standard ISO 9001:2008, and???? Documents needed by the organization to ensure the effective planning, operation and control of its processes.Quality documentation is generally prepared in the three levels indicated in the box that follows. Use ISO 10013:1995 for guidance in quality documentation.
In small companies, the above levels of documentation could be presented in one manual; otherwise, separate manuals should be prepared.A list of the documents to be prepared should be drawn up and the responsibility for writing the documents should be assigned to the persons concerned in various functional departments. They should be advised to prepare the drafts within a specific time frame.Step 8: Document ControlOnce the necessary quality management system documentation has been generated, a documented system must be created to control it. Control is simply a means of managing the creation, approval, distribution, revision, storage, and disposal of the various types of documentation. Document control systems should be as simple and as easy to operate as possible — sufficient to meet ISO 9001:2008 requirements and that is all.Document control should include:???? Approval for adequacy by authorized person (s) before issue,???? Review, updating and re-approval of documents by authorized person (s),???? Identification of changes and of the revision status of documents,???? Availability of relevant versions of documents at points of use,???? Identification and control of documents of external origin,???? Assurance of legibility and identifability of documents, and???? Prevention of unintended use of obsolete documents.The principle of ISO 9000 document control is that employees should have access to the documentation and records needed to fulfil their responsibilities.Step 9. ImplementationIt is good practice to implement the quality management system being documented as the documentation is developed, although this may be more effective in larger firms. In smaller companies, the quality management system is often implemented all at once throughout the organization. Where phased implementation takes place, the effectiveness of the system in selected areas can be evaluated.It would be a good idea initially to evaluate areas where the chances of a positive evaluation are high, to maintain the confidence of both management and staff in the merits of implementing the quality management system.The implementation progress should be monitored to ensure that the qualitymanagement system is effective and conforms to the standard. These activities include internal quality audit, formal corrective action and management review.Step 10. Internal Quality AuditAs the system is being installed, its effectiveness should be checked by regular internal quality audits. Internal quality audits are conducted to verify that the installed quality management system:
???? Conform to the planned arrangements, to the requirements of the standard (ISO 9001:2008) and to the quality management system requirements established by your organization, and???? Is effectively implemented and maintained.Even after the system stabilizes and starts functioning, internal audits should be planned and performed as part of an ongoing strategy.A few staff members should be trained to carry out internal auditing. Use ISO 19011 for guidance in auditing, auditor qualification and programmes.Step 11. Management ReviewWhen the installed quality management system has been operating for three to six months, an internal audit and management review should be conducted and corrective actions implemented. The management reviews are conducted to ensure the continuing suitability, adequacy and effectiveness of the quality management system.????The review should include assessing opportunities for improvement and the need for changes to the quality management system, including the quality policy and quality objectives.The input to management review should include information on:???? Results of audits,???? Customer feed back,???? Process performance and product conformity,???? Status of preventive and corrective actions,???? Follow-up actions from previous management reviews,???? Changes that could affect the quality management system, and???? Recommendations for improvements.Management reviews should also address the pitfalls to effective implementation, including lack of CEO commitment, failure to involve everyone in the process, and failure to monitor progress and enforce deadlines.Step 12. Pre-assessment AuditWhen system deficiencies are no longer visible, it is normally time to apply for certification. However, before doing so, a pre-assessment audit should be arranged with an independent and qualified auditor. Sometimes certification bodies provide this service for a nominal charge. The pre-assessment audit would provide a degree of confidence for formally going ahead with an application for certification.Step 13. Certification and RegistrationOnce the quality management system has been in operation for a few months and has stabilized, a formal application for certification could be made to a selected certification agency. The certification agency first carries out an audit of the documents (referred to as an “adequacy audit”). If the documents conform to the requirements of the quality standard, then on-site audit is carried out. If the certification body finds the system to be working satisfactorily, it awards the organization a certificate, generallyfor a period of three years. During this three-year period, it will carry out periodic surveillance audits to ensure that the system is continuing to operate satisfactorily.Step 14: Continual ImprovementCertification to ISO 9000 should not be an end. You should continually seek to improve the effectiveness and suitability of the quality management system through the use of:???? Quality policy???? Quality objectives???? Audit results???? Analysis of data???? Corrective and preventive actions???? Management reviewISO 9004:2008 provides a methodology for continual improvement.
1. Total backing from the CEO,2. Genuine and passionate commitment to quality in general and the ISO 9000 qualitymanagement system in particular,3. The dignity – resulting from rank, seniority, or both – to influence managers and others of all levels and functions,4. Detailed knowledge of quality methods in general and ISO 9000 in particular.The members of the implementation team should also be trained on ISO 9000 quality management systems by a professional training organization.
Step 3. Start ISO 9000 Awareness ProgramsISO 9000 awareness programs should be conducted to communicate to theemployees the aim of the ISO 9000 quality management system; the advantage it offers to employees, customers and the organization; how it will work; and their roles and responsibilities within the system. Suppliers of materials and components should also participate in these programs.The awareness program should emphasize the benefits that the organization expects to realize through its ISO 9000 quality management system. The program should also stress the higher levels of participation and self-direction that the quality management system renders to employees. Such a focus will go far to enlist employee support and commitment.The programs could be run either by the implementation team or by experts hired to talk to different levels of employees.Step 4. Provide TrainingSince the ISO 9000 quality management system affects all the areas and all personnel in the organization, training programs should be structured for different categories of employees – senior managers, middle-level managers, supervisors and workers. The ISO 9000 implementation plan should make provision for this training. The training should cover the basic concepts of quality management systems and the standard and their overall impact on the strategic goals of the organization, the changed processes, and the likely work culture implications of the system. In addition, initial training mayalso be necessary on writing quality manuals, procedures and work instruction; auditing principles; techniques of laboratory management; calibration; testing procedures, etc.When in-house capacity to carry out such training is not available, it may be necessary to participate in external training courses run by professional training organizations.Alternatively, an external training institution could be invited to conduct in-house training courses.
Step 5. Conduct Initial Status SurveyISO 9000 does not require duplication of effort or redundant system. The goal of ISO 9000 is to create a quality management system that conforms to the standard. This does not preclude incorporating, adapting, and adding onto quality programs already in place. So the next step in the implementation process is to compare the organization’s existing quality management system, if there is one — with the requirements of thestandard (ISO 9001:2008).For this purpose, an organization flow chart showing how information actually flows (not what should be done) from order placement by the customer to delivery to this customer should be drawn up. From this over-all flow chart, a flow chart of activities in each department should be prepared.With the aid of the flow charts, a record of existing quality management system should be established. A significant number of written procedures may already be in place.Unless they are very much out of date, these documents should not be discarded.Rather, they should be incorporated into the new quality management system.Documents requiring modification or elaboration should be identified and listed. Thisexercise is some times referred to as ” gap analysis”. During these review processes,wide consultation with executives and representatives of various unions andassociations within the organization is required to enlist their active cooperation.In the review process, documents should be collected, studied and registered for further use, possibly after they have been revised. Before developing new quality management system documentation, you need to consider with which quality requirements or department you should start. The best is to select an area where processes are fairly well organized, running effectively and functioning satisfactorily.The basic approach is to determine and record how a process is currently carried out.We can do this by identifying the people involved and obtaining information from them during individual interviews. Unfortunately, it often happens that different people will give different, contradicting versions of a process. Each one may refer to oral instructions that are not accurate or clear. This is why the facts are often not described correctly the first time around, and have to be revised several times.Once it has been agreed how to describe the current process, this process has to be adapted, supplemented and implemented according to the requirements of the quality standard (ISO 9001:2008). This requires organizational arrangements, the drawing up of additional documents and possible removal of existing documentation (e.g. procedures, inspection/test plans, inspection/test instructions) and records (e.g.inspection/test reports, inspection/test certificates).In introducing a quality management system, the emphasis is on the improvement of the existing processes or the re-organization of processes.In general, the steps to follow are the following:Ascertain and establish the following:What is the present operation/process? What already exists?
Analyze the relevant sections of the quality standard – ISO 9001:2000:What is actually required? If necessary, supplement and change operational arrangements in accordance with the standard, develop documents and records, and describe operations/processes:What is the desired operation/process?Figure 1: Steps in introducing a quality management systemThe above gap analysis can be done internally, if the knowledge level is there. Or aformal pre-assessment can be obtained from any one of a large number of ISO 9000consulting, implementing, and registration firms.Step 6. Create a Documented Implementation PlanOnce the organization has obtained a clear picture of how its quality management system compares with the ISO 9001:2008 standard, all non-conformances must be addressed with a documented implementation plan. Usually, the plan calls for identifying and describing processes to make the organization’s quality management system fully in compliance with the standard.The implementation plan should be thorough and specific, detailing:???? Quality documentation to be developed???? Objective of the system???? Pertinent ISO 9001:2008 section???? Person or team responsible???? Approval required???? Training required???? Resources required???? Estimated completion dateThese elements should be organized into a detailed chart, to be reviewed andapproved. The plan should define the responsibilities of different departments and personnel and set target dates for the completion of activities. Once approved, the Management Representative should control, review and update the plan as the implementation process proceeds.Typical implementation action plan is shown in Figure 2. Use ISO 10005:1995 for guidance in quality planning
Step 7. Develop Quality Management System DocumentationDocumentation is the most common area of non-conformance among organizations wishing to implement ISO 9000 quality management systems. As one company pointed out: “When we started our implementation, we found that documentation was inadequate. Even absent, in some areas. Take calibration. Obviously it’s necessary, and obviously we do it, but it wasn’t being documented. Another area was inspection and testing. We inspect and test practically every item that leaves here, but our documentation was inadequate”.Documentation of the quality management system should include:???? Documented statements of a quality policy and quality objectives,???? A quality manual,???? Documented procedures and records required by the standard ISO 9001:2008, and???? Documents needed by the organization to ensure the effective planning, operation and control of its processes.Quality documentation is generally prepared in the three levels indicated in the box that follows. Use ISO 10013:1995 for guidance in quality documentation.
In small companies, the above levels of documentation could be presented in one manual; otherwise, separate manuals should be prepared.A list of the documents to be prepared should be drawn up and the responsibility for writing the documents should be assigned to the persons concerned in various functional departments. They should be advised to prepare the drafts within a specific time frame.Step 8: Document ControlOnce the necessary quality management system documentation has been generated, a documented system must be created to control it. Control is simply a means of managing the creation, approval, distribution, revision, storage, and disposal of the various types of documentation. Document control systems should be as simple and as easy to operate as possible — sufficient to meet ISO 9001:2008 requirements and that is all.Document control should include:???? Approval for adequacy by authorized person (s) before issue,???? Review, updating and re-approval of documents by authorized person (s),???? Identification of changes and of the revision status of documents,???? Availability of relevant versions of documents at points of use,???? Identification and control of documents of external origin,???? Assurance of legibility and identifability of documents, and???? Prevention of unintended use of obsolete documents.The principle of ISO 9000 document control is that employees should have access to the documentation and records needed to fulfil their responsibilities.Step 9. ImplementationIt is good practice to implement the quality management system being documented as the documentation is developed, although this may be more effective in larger firms. In smaller companies, the quality management system is often implemented all at once throughout the organization. Where phased implementation takes place, the effectiveness of the system in selected areas can be evaluated.It would be a good idea initially to evaluate areas where the chances of a positive evaluation are high, to maintain the confidence of both management and staff in the merits of implementing the quality management system.The implementation progress should be monitored to ensure that the qualitymanagement system is effective and conforms to the standard. These activities include internal quality audit, formal corrective action and management review.Step 10. Internal Quality AuditAs the system is being installed, its effectiveness should be checked by regular internal quality audits. Internal quality audits are conducted to verify that the installed quality management system:
???? Conform to the planned arrangements, to the requirements of the standard (ISO 9001:2008) and to the quality management system requirements established by your organization, and???? Is effectively implemented and maintained.Even after the system stabilizes and starts functioning, internal audits should be planned and performed as part of an ongoing strategy.A few staff members should be trained to carry out internal auditing. Use ISO 19011 for guidance in auditing, auditor qualification and programmes.Step 11. Management ReviewWhen the installed quality management system has been operating for three to six months, an internal audit and management review should be conducted and corrective actions implemented. The management reviews are conducted to ensure the continuing suitability, adequacy and effectiveness of the quality management system.????The review should include assessing opportunities for improvement and the need for changes to the quality management system, including the quality policy and quality objectives.The input to management review should include information on:???? Results of audits,???? Customer feed back,???? Process performance and product conformity,???? Status of preventive and corrective actions,???? Follow-up actions from previous management reviews,???? Changes that could affect the quality management system, and???? Recommendations for improvements.Management reviews should also address the pitfalls to effective implementation, including lack of CEO commitment, failure to involve everyone in the process, and failure to monitor progress and enforce deadlines.Step 12. Pre-assessment AuditWhen system deficiencies are no longer visible, it is normally time to apply for certification. However, before doing so, a pre-assessment audit should be arranged with an independent and qualified auditor. Sometimes certification bodies provide this service for a nominal charge. The pre-assessment audit would provide a degree of confidence for formally going ahead with an application for certification.Step 13. Certification and RegistrationOnce the quality management system has been in operation for a few months and has stabilized, a formal application for certification could be made to a selected certification agency. The certification agency first carries out an audit of the documents (referred to as an “adequacy audit”). If the documents conform to the requirements of the quality standard, then on-site audit is carried out. If the certification body finds the system to be working satisfactorily, it awards the organization a certificate, generallyfor a period of three years. During this three-year period, it will carry out periodic surveillance audits to ensure that the system is continuing to operate satisfactorily.Step 14: Continual ImprovementCertification to ISO 9000 should not be an end. You should continually seek to improve the effectiveness and suitability of the quality management system through the use of:???? Quality policy???? Quality objectives???? Audit results???? Analysis of data???? Corrective and preventive actions???? Management reviewISO 9004:2008 provides a methodology for continual improvement.
ISO 9000 Series and Six Sigma
ISO (International Organization for Standardization) 9000 series standards were first published in 1987, revised in 1994, and re-revised in 2000 by the ISO. The 2000 revision, denoted by ISO 9000:2000, has attracted broad expectations in industry.
As of the year 2001, more than 300,000 organizations world-wide have been certified to the ISO 9000 series standards. It embodies a consistent pair of standards, ISO 9001:2000 and ISO 9004:2000, both of which have been significantly updated and modernized. The ISO 9001:2000 standard specifies requirements for a quality management system for which third-party certification is possible, whereas ISO 9004:2000 provides guide- lines for a comprehensive quality management system and performance improvement through Self-Assessment.
The origin and historical development of ISO 9000 and Six Sigma are very different. The genesis of ISO 9000 can be traced back to the standards that the British aviation industry and the U.S. Air Force developed in the 1920s to reduce the need for inspection by approving the conformance of suppliers’ product quality. These standards developed into requirements for suppliers’ quality assurance systems in a number of western countries in the 1970s. In 1987 they were amalgamated into the ISO 9000 series standards.
Independent of ISO 9000, the same year also saw the launch of Six Sigma at Motorola and the launch of Self-Assessment by means of the Malcolm Baldrige National Quality Award in USA. Both Six Sigma and Self-Assessment can be traced back to Walter A. Shewhart and his work on variation and continuous improvement in the 1920s. It was Japanese industry that pioneered a broad application of these ideas from the 1950s through to the 1970s. When variation and continuous improvement caught the attention of some of the
American business leaders in the late 1980s, it took the form of the Malcolm Baldrige National Quality Award, on a national level, and of Six Sigma at Motorola.
Some people are wondering if the ISO 9000:2000 series standards make Six Sigma superfluous. They typically refer to clause 8 of ISO 9001: It requires that companies install procedures in operations for the measurement of processes and data analysis using statistical techniques with the demonstration of continuous improvement . They also partly refer to the ISO 9004:2000 standards that embody guidelines and criteria for Self-Assessment similar to the national quality awards.
The ISO 9000 series standards have from their early days been regarded and practiced by industry as a minimum set of requirements for doing business. The new ISO 9000:2000 stan
dards do not represent a significant change to this perspective. Six Sigma on the other hand, aims at world-class performance, based on a pragmatic framework for continuous improvement.
The author believes that Six Sigma is superior in such important areas as rate of improvement, bottom-line and top-line results, customer satisfaction, and top-level management commitment. However, considering the stronghold of ISO 9000 in industry, Six Sigma and ISO 9000 are likely to be applied by the same organization, but for very different purposes.
As of the year 2001, more than 300,000 organizations world-wide have been certified to the ISO 9000 series standards. It embodies a consistent pair of standards, ISO 9001:2000 and ISO 9004:2000, both of which have been significantly updated and modernized. The ISO 9001:2000 standard specifies requirements for a quality management system for which third-party certification is possible, whereas ISO 9004:2000 provides guide- lines for a comprehensive quality management system and performance improvement through Self-Assessment.
The origin and historical development of ISO 9000 and Six Sigma are very different. The genesis of ISO 9000 can be traced back to the standards that the British aviation industry and the U.S. Air Force developed in the 1920s to reduce the need for inspection by approving the conformance of suppliers’ product quality. These standards developed into requirements for suppliers’ quality assurance systems in a number of western countries in the 1970s. In 1987 they were amalgamated into the ISO 9000 series standards.
Independent of ISO 9000, the same year also saw the launch of Six Sigma at Motorola and the launch of Self-Assessment by means of the Malcolm Baldrige National Quality Award in USA. Both Six Sigma and Self-Assessment can be traced back to Walter A. Shewhart and his work on variation and continuous improvement in the 1920s. It was Japanese industry that pioneered a broad application of these ideas from the 1950s through to the 1970s. When variation and continuous improvement caught the attention of some of the
American business leaders in the late 1980s, it took the form of the Malcolm Baldrige National Quality Award, on a national level, and of Six Sigma at Motorola.
Some people are wondering if the ISO 9000:2000 series standards make Six Sigma superfluous. They typically refer to clause 8 of ISO 9001: It requires that companies install procedures in operations for the measurement of processes and data analysis using statistical techniques with the demonstration of continuous improvement . They also partly refer to the ISO 9004:2000 standards that embody guidelines and criteria for Self-Assessment similar to the national quality awards.
The ISO 9000 series standards have from their early days been regarded and practiced by industry as a minimum set of requirements for doing business. The new ISO 9000:2000 stan
dards do not represent a significant change to this perspective. Six Sigma on the other hand, aims at world-class performance, based on a pragmatic framework for continuous improvement.
The author believes that Six Sigma is superior in such important areas as rate of improvement, bottom-line and top-line results, customer satisfaction, and top-level management commitment. However, considering the stronghold of ISO 9000 in industry, Six Sigma and ISO 9000 are likely to be applied by the same organization, but for very different purposes.
Subscribe to:
Posts (Atom)