It depends on you and your company. The very fastest is 2-3 months because most ISO 9001 registrars require at least 2 months ISO 9001 track record before the certification audit.
More realistically: if you have a relatively small company (say, less than 20 employees), if your employees are motivated and if they don’t oppose change, if you have the backing of all senior executives, if you and other managers are ready to put some significant time and efforts into this endeavor, and if you use a really good ISO 9001 quality manual template (a sample ISO 9000 quality manual that you can modify to make it your own ISO 9000 quality manual), then you may be able to get certified in as short as 3-4 months; templates for ISO 9000 forms are an additional time-saver. Some companies are significantly slower, with 6-12 months not being unusual.
However, companies that write their ISO 9001 quality manual and their ISO 9001 quality procedures from scratch, rather than base them on a proven sample ISO 9001 quality manual, often take up to 2 years or longer.
Saturday, August 29, 2009
Quality management and quality assurance (ISO 9000
ISO 9000 is primarily concerned with quality management. The definition of "quality" in ISO 9000 refers to all those features of a product or a service which are required by the customer. Quality management means what the organization does to ensure that its products conform to the customer's requirements.
ISO Guide 34:1996 Quality system guidelines for the production of reference materials
ISO 8402:1994 Quality management and quality assurance -- Vocabulary
ISO 9000-1:1994 Quality management and quality assurance standards -- Part 1: Guidelines for selection and use
ISO 9000-2:1997 Quality management and quality assurance standards -- Part 2: Generic guidelines for the application of ISO 9001, ISO 9002 and ISO 9003
ISO 9000-3:1997 Quality management and quality assurance standards -- Part 3: Guidelines for the application of ISO 9001:1994 to the development, supply, installation and maintenance of computer software
ISO 9000-4:1993 Quality management and quality assurance standards -- Part 4: Guide to dependability program management
ISO 9001:1994 Quality systems -- Model for quality assurance in design, development, production, installation and servicing
ISO 9002:1994 Quality systems -- Model for quality assurance in production, installation and servicing
ISO 9003:1994 Quality systems -- Model for quality assurance in final inspection and test
ISO 9004-1:1994 Quality management and quality system elements -- Part 1: Guidelines
ISO 9004-2:1991 Quality management and quality system elements -- Part 2: Guidelines for services
ISO 9004-3:1993 Quality management and quality system elements -- Part 3: Guidelines for processed materials
ISO 9004-4:1993 Quality management and quality system elements -- Part 4: Guidelines for quality Improvement
ISO Guide 34:1996 Quality system guidelines for the production of reference materials
ISO 8402:1994 Quality management and quality assurance -- Vocabulary
ISO 9000-1:1994 Quality management and quality assurance standards -- Part 1: Guidelines for selection and use
ISO 9000-2:1997 Quality management and quality assurance standards -- Part 2: Generic guidelines for the application of ISO 9001, ISO 9002 and ISO 9003
ISO 9000-3:1997 Quality management and quality assurance standards -- Part 3: Guidelines for the application of ISO 9001:1994 to the development, supply, installation and maintenance of computer software
ISO 9000-4:1993 Quality management and quality assurance standards -- Part 4: Guide to dependability program management
ISO 9001:1994 Quality systems -- Model for quality assurance in design, development, production, installation and servicing
ISO 9002:1994 Quality systems -- Model for quality assurance in production, installation and servicing
ISO 9003:1994 Quality systems -- Model for quality assurance in final inspection and test
ISO 9004-1:1994 Quality management and quality system elements -- Part 1: Guidelines
ISO 9004-2:1991 Quality management and quality system elements -- Part 2: Guidelines for services
ISO 9004-3:1993 Quality management and quality system elements -- Part 3: Guidelines for processed materials
ISO 9004-4:1993 Quality management and quality system elements -- Part 4: Guidelines for quality Improvement
ISO 9000 - Benefits and Problems
ISO 9000 has received much publicity. Some managers see it as a prerequisite for conducting business. For others, it substitutes for the difficulties and vagaries of Total Quality Management (TQM). Some see only a needless bureaucratic boondoggle. Depending on the situation, any of these views might be correct.
Sensibly applied, ISO 9000 is a qualifier for international markets or specific domestic customers. Certification can be a valuable marketing tool. The standards are a sound blueprint for a quality system. They can lead the way to the more difficult and sophisticated approaches of Total Quality Management. ISO 9000 can improve a company's cost structure by 5%-20%.
Approached unwisely, ISO 9000 can be costly and unproductive. It may create a quality bureaucracy which adds to the cost structure and slows product development. It can focus people on paperwork instead of customers. It can divert management concentration and energy from more vital issues.
Sensibly applied, ISO 9000 is a qualifier for international markets or specific domestic customers. Certification can be a valuable marketing tool. The standards are a sound blueprint for a quality system. They can lead the way to the more difficult and sophisticated approaches of Total Quality Management. ISO 9000 can improve a company's cost structure by 5%-20%.
Approached unwisely, ISO 9000 can be costly and unproductive. It may create a quality bureaucracy which adds to the cost structure and slows product development. It can focus people on paperwork instead of customers. It can divert management concentration and energy from more vital issues.
Understanding the ISO 14001 Standard
ISO 14001 is an international voluntary standard that specifies the minimum elements for an environmental management system. It was published in 1996 by the International Organization for Standardization and is being taken up by organizations throughout the world at varying speeds.
The above is accepted as true by most people who are aware of the standard. Beyond these simple facts, however, there are many misconceptions about ISO 14001. For instance:
ISO 14001 will be a requirement for all companies.As with ISO 9000, conformance to ISO 14001 may become a condition of doing business in certain countries, regions or markets. This process already has begun in some industrial sectors, such as the automotive and electronics markets. However, there are still a tremendous number of companies in business today that do not conform to ISO 9000, even though that standard is now 13 years old. Thus it is too early to tell how widely ISO 14001 will be required in the future.
Implementing ISO 14001 means getting a registration.Many suppliers choose to demonstrate conformance to ISO 14001 through third-party certification. Some customers may require this. However, the standard itself considers a company's self-declaration of conformance as an acceptable alternative. Further, some companies simply use the ISO 14001 model for internal purposes as a means to enhance their environmental performance.
ISO 14001 is just paperwork and won't really help my company.ISO 14001 is like many things in life - you get out of it what you put into it. The way a company implements the standard determines what benefits it receives. Many companies that have implemented ISO 14001 report a variety of benefits, including improved environmental performance, greater operating efficiency, cost reduction, improved employee awareness and enhanced public image, among others.
Implementing ISO 14001 means throwing out our current environmental programs.ISO 14001 criteria specify "what to do," not "how to do it." Implementation approaches vary widely. There is no reason to think that your existing approach to environmental management must be put aside to satisfy ISO 14001.
The above is accepted as true by most people who are aware of the standard. Beyond these simple facts, however, there are many misconceptions about ISO 14001. For instance:
ISO 14001 will be a requirement for all companies.As with ISO 9000, conformance to ISO 14001 may become a condition of doing business in certain countries, regions or markets. This process already has begun in some industrial sectors, such as the automotive and electronics markets. However, there are still a tremendous number of companies in business today that do not conform to ISO 9000, even though that standard is now 13 years old. Thus it is too early to tell how widely ISO 14001 will be required in the future.
Implementing ISO 14001 means getting a registration.Many suppliers choose to demonstrate conformance to ISO 14001 through third-party certification. Some customers may require this. However, the standard itself considers a company's self-declaration of conformance as an acceptable alternative. Further, some companies simply use the ISO 14001 model for internal purposes as a means to enhance their environmental performance.
ISO 14001 is just paperwork and won't really help my company.ISO 14001 is like many things in life - you get out of it what you put into it. The way a company implements the standard determines what benefits it receives. Many companies that have implemented ISO 14001 report a variety of benefits, including improved environmental performance, greater operating efficiency, cost reduction, improved employee awareness and enhanced public image, among others.
Implementing ISO 14001 means throwing out our current environmental programs.ISO 14001 criteria specify "what to do," not "how to do it." Implementation approaches vary widely. There is no reason to think that your existing approach to environmental management must be put aside to satisfy ISO 14001.
Tuesday, August 25, 2009
Quality Characteristic in ISO 9000
Any feature or characteristic of a product or service that is needed to satisfy
customer needs or achieve fitness for use is a quality characteristic. When
dealing with products the characteristics are almost always technical character-
istics, whereas service quality characteristics have a human dimension. Some
typical quality characteristics are given below.
Product characteristics
1. Accessibility Functionality Size
2. Availability Interchangeability Susceptibility
3. Appearance Maintainability Storability
4. Adaptability Odour – Strength
5. Cleanliness Operability -Taste
6. Consumption Portability – Testability
7. Durability Producibility Traceability
8. Disposability Reliability – Toxicity
9. Emittance Reparability Transportability
10. Flammability Safety – Vulnerability
11. Flexibility Security – Weight
Service quality characteristics
1. Accessibility Credibility – Honesty
2. Accuracy Dependability Promptness
3. Courtesy Efficiency – Responsiveness
4. Comfort Effectiveness Reliability
5. Competence Flexibility – Security
These are the characteristics that need to be specified and their achievement
controlled, assured, improved, managed and demonstrated. These are the
characteristics that form the subject matter of the product requirements
referred to in ISO 9000. When the value of these characteristics is quantified or
qualified they are termed product requirements. We used to use the term quality
requirements but this caused a division in thinking that resulted in people
regarding quality requirements as the domain of the quality personnel and
technical requirements being the domain of the technical personnel. All
requirements are quality requirements – they express needs or expectations that
are intended to be fulfilled by a process output that possesses inherent
characteristics. We can therefore drop the word quality. If a modifying word is
needed in front of the word requirements it should be a word that signifies the
subject of the requirements. Transportation system requirements would be
requirements for a transportation system, Audio speaker design requirements
would be requirements for the design of an audio speaker, component test
requirements would be requirements for testing components, and management
training requirements would be requirements for training managers. ISO 9000
requirements are often referred to as quality requirements as distinct from other
types of requirements but this is misleading. ISO 9000 is no more a quality
requirement than is ISO 1000 on SI units, ISO 2365 for Ammonium nitrate or
ISO 246 for Rolling Bearings. The requirements of ISO 9000 are quality
management system requirements – requirements for a quality management
system.
customer needs or achieve fitness for use is a quality characteristic. When
dealing with products the characteristics are almost always technical character-
istics, whereas service quality characteristics have a human dimension. Some
typical quality characteristics are given below.
Product characteristics
1. Accessibility Functionality Size
2. Availability Interchangeability Susceptibility
3. Appearance Maintainability Storability
4. Adaptability Odour – Strength
5. Cleanliness Operability -Taste
6. Consumption Portability – Testability
7. Durability Producibility Traceability
8. Disposability Reliability – Toxicity
9. Emittance Reparability Transportability
10. Flammability Safety – Vulnerability
11. Flexibility Security – Weight
Service quality characteristics
1. Accessibility Credibility – Honesty
2. Accuracy Dependability Promptness
3. Courtesy Efficiency – Responsiveness
4. Comfort Effectiveness Reliability
5. Competence Flexibility – Security
These are the characteristics that need to be specified and their achievement
controlled, assured, improved, managed and demonstrated. These are the
characteristics that form the subject matter of the product requirements
referred to in ISO 9000. When the value of these characteristics is quantified or
qualified they are termed product requirements. We used to use the term quality
requirements but this caused a division in thinking that resulted in people
regarding quality requirements as the domain of the quality personnel and
technical requirements being the domain of the technical personnel. All
requirements are quality requirements – they express needs or expectations that
are intended to be fulfilled by a process output that possesses inherent
characteristics. We can therefore drop the word quality. If a modifying word is
needed in front of the word requirements it should be a word that signifies the
subject of the requirements. Transportation system requirements would be
requirements for a transportation system, Audio speaker design requirements
would be requirements for the design of an audio speaker, component test
requirements would be requirements for testing components, and management
training requirements would be requirements for training managers. ISO 9000
requirements are often referred to as quality requirements as distinct from other
types of requirements but this is misleading. ISO 9000 is no more a quality
requirement than is ISO 1000 on SI units, ISO 2365 for Ammonium nitrate or
ISO 246 for Rolling Bearings. The requirements of ISO 9000 are quality
management system requirements – requirements for a quality management
system.
ISO 9001:2008 Documentation Requirements
ISO 9001:2008 Documentation Requirements
ISO 9001:2008 clause 4.1 General requirements requires an organization to “establish, document, implement, and maintain a quality management system and continually improve its effectiveness in accordance with the requirements of this International Standard”
ISO 9001:2008 Clause 4.2.1 General explains that the quality management system documentation shall include:
documented statements of a quality policy and quality objectives;
a quality manual
documented procedures required by this International Standard
documents needed by the organization to ensure the effective planning, operation and control of its processes, and
records required by this International Standard;
The notes after Clause 4.2 make it clear that where the standard specifically requires a “documented procedure”, the procedure has to be established, documented, implemented and maintained. It also emphasizes that the extent of the QMS documentation may differ from one organization to another due to:
the size of organization and type of activities;
the complexity of processes and their interactions, and
the competence of personnel.
All the documents that form part of the QMS have to be controlled in accordance with clause 4.2.3 of ISO 9001:2008, or, for the particular case of records, according to clause 4.2.4.
Guidance on Clause 4.2 of ISO 9001:2008
The following comments are intended to assist users of ISO 9001:2008 in understanding the intent of the general documentation requirements of the International Standard.
a) Documented statements of a quality policy and objectives:
Requirements for the quality policy are defined in clause 5.3 of ISO 9001:2008. The documented quality policy has to be controlled according to the requirements of clause 4.2.3.Note: Organizations that are revising their quality policy for the first time, or in order to meet the amended requirements in ISO 9001:2008, should pay particular attention to clause 4.2.3 (c), (d) and (g).
Requirements for quality objectives are defined in clause 5.4.1 of ISO 9001:2008. These documented quality objectives are also subject to the document control requirements of clause 4.2.3.
b) Quality Manual:
Clause 4.2.2 of ISO 9001:2008 specifies the minimum content for a quality manual. The format and structure of the manual is a decision for each organization, and will depend on the organization’s size, culture and complexity. Some organizations may choose to use the quality manual for other purposes besides that of simply documenting the QMS
A small organization may find it appropriate to include the description of its entire QMS within a single manual, including all the documented procedures required by the standard.
Large, multi-national organizations may need several manuals at the global, national or regional level, and a more complex hierarchy of documentation.
The quality manual is a document that has to be controlled in accordance with the requirements of clause 4.2.3.
c) Documented procedures:
ISO 9001:2008 specifically requires the organization to have “documented procedures” for the following six activities:4.2.3 Control of documents4.2.4 Control of records8.2.2 Internal audit8.3 Control of nonconforming product8.5.2 Corrective action8.5.3 Preventive action
These documented procedures have to be controlled in accordance with the requirements of clause 4.2.3
Some organizations may find it convenient to combine the procedure for several activities into a single documented procedure (for example, corrective action and preventive action). Others may choose to document a given activity by using more than one documented procedure (for example, internal audits). Both are acceptable.
Some organizations (particularly larger organizations, or those with more complex processes) may require additional documented procedures (particularly those relating to product realization processes) to implement an effective QMS.
Other organizations may require additional procedures, but the size and/or culture of the organization could enable these to be effectively implemented without necessarily being documented. However, in order to demonstrate compliance with ISO 9001:2008, the organization has to be able to provide objective evidence (not necessarily documented) that its QMS has been effectively implemented.
d) Documents needed by the organization to ensure the effective planning, operation and control of its processes:
In order for an organization to demonstrate the effective implementation of its QMS, it may be necessary to develop documents other than documented procedures. However, the only documents specifically mentioned in ISO 9001:2008 are:- Quality policy (clause 4.2.1.a)- Quality objectives (clause 4.2.1.a)- Quality manual (clause 4.2.1.b)
There are several requirements of ISO 9001:2008 where an organization could add value to its QMS and demonstrate conformity by the preparation of other documents, even though the standard does not specifically require them. Examples may include:- Process maps, process flow charts and/or process descriptions- Organization charts- Specifications- Work and/or test instructions- Documents containing internal communications- Production schedules- Approved supplier lists- Test and inspection plans- Quality plans
All such documents have to be controlled in accordance with the requirements of clause 4.2.3 and/or 4.2.4, as applicable
e) Records:
Examples of records specifically required by ISO 9001:2008 are presented in Annex B.
Organizations are free to develop other records that may be needed to demonstrate conformity of their processes, products and quality management system.
Requirements for the control of records are different from those for other documents, and all records have to be controlled according to those of clause 4.2.4 of ISO 9001:2008.
ISO 9001:2008 clause 4.1 General requirements requires an organization to “establish, document, implement, and maintain a quality management system and continually improve its effectiveness in accordance with the requirements of this International Standard”
ISO 9001:2008 Clause 4.2.1 General explains that the quality management system documentation shall include:
documented statements of a quality policy and quality objectives;
a quality manual
documented procedures required by this International Standard
documents needed by the organization to ensure the effective planning, operation and control of its processes, and
records required by this International Standard;
The notes after Clause 4.2 make it clear that where the standard specifically requires a “documented procedure”, the procedure has to be established, documented, implemented and maintained. It also emphasizes that the extent of the QMS documentation may differ from one organization to another due to:
the size of organization and type of activities;
the complexity of processes and their interactions, and
the competence of personnel.
All the documents that form part of the QMS have to be controlled in accordance with clause 4.2.3 of ISO 9001:2008, or, for the particular case of records, according to clause 4.2.4.
Guidance on Clause 4.2 of ISO 9001:2008
The following comments are intended to assist users of ISO 9001:2008 in understanding the intent of the general documentation requirements of the International Standard.
a) Documented statements of a quality policy and objectives:
Requirements for the quality policy are defined in clause 5.3 of ISO 9001:2008. The documented quality policy has to be controlled according to the requirements of clause 4.2.3.Note: Organizations that are revising their quality policy for the first time, or in order to meet the amended requirements in ISO 9001:2008, should pay particular attention to clause 4.2.3 (c), (d) and (g).
Requirements for quality objectives are defined in clause 5.4.1 of ISO 9001:2008. These documented quality objectives are also subject to the document control requirements of clause 4.2.3.
b) Quality Manual:
Clause 4.2.2 of ISO 9001:2008 specifies the minimum content for a quality manual. The format and structure of the manual is a decision for each organization, and will depend on the organization’s size, culture and complexity. Some organizations may choose to use the quality manual for other purposes besides that of simply documenting the QMS
A small organization may find it appropriate to include the description of its entire QMS within a single manual, including all the documented procedures required by the standard.
Large, multi-national organizations may need several manuals at the global, national or regional level, and a more complex hierarchy of documentation.
The quality manual is a document that has to be controlled in accordance with the requirements of clause 4.2.3.
c) Documented procedures:
ISO 9001:2008 specifically requires the organization to have “documented procedures” for the following six activities:4.2.3 Control of documents4.2.4 Control of records8.2.2 Internal audit8.3 Control of nonconforming product8.5.2 Corrective action8.5.3 Preventive action
These documented procedures have to be controlled in accordance with the requirements of clause 4.2.3
Some organizations may find it convenient to combine the procedure for several activities into a single documented procedure (for example, corrective action and preventive action). Others may choose to document a given activity by using more than one documented procedure (for example, internal audits). Both are acceptable.
Some organizations (particularly larger organizations, or those with more complex processes) may require additional documented procedures (particularly those relating to product realization processes) to implement an effective QMS.
Other organizations may require additional procedures, but the size and/or culture of the organization could enable these to be effectively implemented without necessarily being documented. However, in order to demonstrate compliance with ISO 9001:2008, the organization has to be able to provide objective evidence (not necessarily documented) that its QMS has been effectively implemented.
d) Documents needed by the organization to ensure the effective planning, operation and control of its processes:
In order for an organization to demonstrate the effective implementation of its QMS, it may be necessary to develop documents other than documented procedures. However, the only documents specifically mentioned in ISO 9001:2008 are:- Quality policy (clause 4.2.1.a)- Quality objectives (clause 4.2.1.a)- Quality manual (clause 4.2.1.b)
There are several requirements of ISO 9001:2008 where an organization could add value to its QMS and demonstrate conformity by the preparation of other documents, even though the standard does not specifically require them. Examples may include:- Process maps, process flow charts and/or process descriptions- Organization charts- Specifications- Work and/or test instructions- Documents containing internal communications- Production schedules- Approved supplier lists- Test and inspection plans- Quality plans
All such documents have to be controlled in accordance with the requirements of clause 4.2.3 and/or 4.2.4, as applicable
e) Records:
Examples of records specifically required by ISO 9001:2008 are presented in Annex B.
Organizations are free to develop other records that may be needed to demonstrate conformity of their processes, products and quality management system.
Requirements for the control of records are different from those for other documents, and all records have to be controlled according to those of clause 4.2.4 of ISO 9001:2008.
Monday, August 24, 2009
Establishing a ISO 9001 records procedure
Establishing ISO 9001 Records Procedure
The ISO 9001 standard requires records to remain legible, readily identifiable and retrievable and that a procedure defines the controls needed for the identification, storage, protec- tion, retrieval, retention time and disposition of records. Records have a life cycle. They are generated during
which time they acquire an identity and are then assigned for storage for a prescribed period. During use and storage they need to be protected from inadvertent or malicious destruction and as they may be required to support current activities or investigations, they need to be brought out of storage quickly. When their usefulness has lapsed, a decision is made as to whether to
retain them further or to destroy them.
Readily retrievable means that records can be obtained on demand within a reasonable period (hours not days or weeks) Readily identifiable means that the identity can be discerned at a glance.
Although the requirement implies a single procedure, several may be necessary because there are several unconnected tasks to perform. A procedure cannot in fact ensure a result. It may prescribe a course of action which if followed may lead to the correct result, but it is the process that ensures the result not the procedure.
The revised requirement omits several aspects covered in clause 4.16 of the
1994 version. Collection of records is now addressed by Analysis of data (clause 8.4) Indexing of records is a specific form of identification and is therefore already addressed Access is now addressed by the requirement for record retrieval Filing is a specific form of storage and is therefore already addressed You may only need one procedure which covers all the requirements but this is not always practical. The provisions you make for specific records should be included in the documentation for controlling the activity being recorded. For example, provisions for inspection records should be included in the inspection procedures; provisions for design review records should be included in the design review procedure. Within such procedures you should provide the forms (or content requirement for the records), the dentification, collection/submission provisions, the indexing and filing provisions. It may be more
practical to cover the storage, disposal and retention provisions in separate procedures because they may not be type-dependent. Where each department retains their own records, these provisions may vary and therefore warrant separate procedures.
Unlike prescriptive documents, records may contain handwritten elements and therefore it is important that the handwriting is legible. If this becomes a problem, you either improve discipline or consider electronic data capture.
Records also become soiled in a workshop environment so may need to be protected to remain legible. With electronically captured data, legibility is often not a problem. However, photographs and other scanned images may not transfer as well as the original and lose detail so care has to be taken in selecting appropriate equipment for this task.
Whatever the records, they should carry some identification in order that you can determine what they are, what kind of information they record and what they relate to. A simple way of doing this is to give each record a reference number and a name or title in a prominent location on the record.
1994 –2000 Differences
Previously the standard covered retrieval in four ways. It required:
(a) that quality records be made available for evaluation by the customer or his representative for an agreed period, where agreed contractually Records can take various forms – reports containing narrative, computer data, and forms containing data in boxes, graphs, tables, lists and many others. Where forms are used to collect data, they should carry a form number and name as their identifica-
tion. When completed they should carry a serial number to give each a separate identity. Records should also be traceable to the product or service they represent and this can be achieved either within the reference number or separately, provided that the chance of mistaken identity is eliminated. The standard does not require records to be identifiable to the product involved but unless you do make such provision you will not be able to access the pertinent
records or demonstrate conformance to specified requirements.
The ISO 9001 standard requires records to remain legible, readily identifiable and retrievable and that a procedure defines the controls needed for the identification, storage, protec- tion, retrieval, retention time and disposition of records. Records have a life cycle. They are generated during
which time they acquire an identity and are then assigned for storage for a prescribed period. During use and storage they need to be protected from inadvertent or malicious destruction and as they may be required to support current activities or investigations, they need to be brought out of storage quickly. When their usefulness has lapsed, a decision is made as to whether to
retain them further or to destroy them.
Readily retrievable means that records can be obtained on demand within a reasonable period (hours not days or weeks) Readily identifiable means that the identity can be discerned at a glance.
Although the requirement implies a single procedure, several may be necessary because there are several unconnected tasks to perform. A procedure cannot in fact ensure a result. It may prescribe a course of action which if followed may lead to the correct result, but it is the process that ensures the result not the procedure.
The revised requirement omits several aspects covered in clause 4.16 of the
1994 version. Collection of records is now addressed by Analysis of data (clause 8.4) Indexing of records is a specific form of identification and is therefore already addressed Access is now addressed by the requirement for record retrieval Filing is a specific form of storage and is therefore already addressed You may only need one procedure which covers all the requirements but this is not always practical. The provisions you make for specific records should be included in the documentation for controlling the activity being recorded. For example, provisions for inspection records should be included in the inspection procedures; provisions for design review records should be included in the design review procedure. Within such procedures you should provide the forms (or content requirement for the records), the dentification, collection/submission provisions, the indexing and filing provisions. It may be more
practical to cover the storage, disposal and retention provisions in separate procedures because they may not be type-dependent. Where each department retains their own records, these provisions may vary and therefore warrant separate procedures.
Unlike prescriptive documents, records may contain handwritten elements and therefore it is important that the handwriting is legible. If this becomes a problem, you either improve discipline or consider electronic data capture.
Records also become soiled in a workshop environment so may need to be protected to remain legible. With electronically captured data, legibility is often not a problem. However, photographs and other scanned images may not transfer as well as the original and lose detail so care has to be taken in selecting appropriate equipment for this task.
Whatever the records, they should carry some identification in order that you can determine what they are, what kind of information they record and what they relate to. A simple way of doing this is to give each record a reference number and a name or title in a prominent location on the record.
1994 –2000 Differences
Previously the standard covered retrieval in four ways. It required:
(a) that quality records be made available for evaluation by the customer or his representative for an agreed period, where agreed contractually Records can take various forms – reports containing narrative, computer data, and forms containing data in boxes, graphs, tables, lists and many others. Where forms are used to collect data, they should carry a form number and name as their identifica-
tion. When completed they should carry a serial number to give each a separate identity. Records should also be traceable to the product or service they represent and this can be achieved either within the reference number or separately, provided that the chance of mistaken identity is eliminated. The standard does not require records to be identifiable to the product involved but unless you do make such provision you will not be able to access the pertinent
records or demonstrate conformance to specified requirements.
Changes to ISO 9000
Changes in titles
The titles have changed – moving away from models to requirements andguidance.
Changes in scope
The scope of the standard has changed from those activities that impact theproduct to embrace all activities
in an organization that serve the satisfaction of customers. This leaves little if any activity of an organization that would be
outside the scope of the quality management system.
Changes in structure
By far the most significant change is the change in structure – away from 20elements to a model based on five elements.
The ISO 9000:2000 family of standard is based on a process model.
Changes in content
The content has changed from 20 elements organized on the basis of whatcould go wrong to four groups of requirements
that focus on elements of process management. It is however, not the fact that the original elements have
been placed onto a new structure, but that the principles upon which the standard has been based have changed.
Changes in intent
The intent of ISO 9001 has changed from a model for quality assurance to a setof requirements for an effective quality
management. The standard is now based on eight management principles not on what requirements were
necessary to prevent failures that experience had shown led to poor product quality.
The forgotten standard ISO 8402 is brought into the family of ISO 9000 thus making it more likely that people will use it.
However, in the author ’s opinion, all three standards should have been merged into one standard thus
ensuring that everyone who possessed the requirements also possessed the concepts, terminology and
guidelines to refer to as necessary.
Much damage can be done when the requirements of ISO 9000 are taken out
of context, taken in isolation and taken literally. ISO 9000 is not a productstandard therefore it is subject to
interpretation as appropriate to the conditions
in which it is being used. Whatever the initial understanding of a requirement
of ISO 9001 might be, the intent is that:
organizations design and manage their processes effectively to achievecorporate objectives, not that they create functional
silos that compete for resources.
organizations choose the right things to do based on an objective analysis of
the environment in which they operate, not slavishly follow procedures that
serve no practical purpose.
management create an environment in which people will be motivated, not
create bureaucratic systems of documentation that stifle initiative and
creativity.
Changes in language
The language in ISO 9000 has changed to reflect pressure from the usercommunity for a user-friendlier standard.
In some cases the changes are insignificant but in others the changes have a wider impact as indicated
below:
Subcontractor has changed to supplier and supplier changed to organizationso that there is now a supply
chain represented by customer – organization – supplier.
In ISO 9001 the term customer is used but in ISO 9004 the term, interested party
is used in order to embrace customers, employees, investors and otherparties.
Executive management has been changed to Top Management indicating thatwhen the standard uses
the term management responsibility it is the people who direct the organization that should address
these requirements.
Specified requirements have changed to customer and regulatory require-ments or product requirements
depending on the context.
Procedures have not exactly been changed to processes but presented in adifferent way that makes
procedures only one element of managing an effective process. Procedures have lost their dominance in
the standard to be replaced by the concept of managed processes.
Changes in requirement
ISO 9001 still contains 136 ‘shall’ statements, 2 less than the 1994 version so insome respects it is no different.
There were roughly 323 requirements in ISO 9001:1994 (Hoyle, David, 1996)6 . In ISO 9001:2000 there are roughly 250
requirements. This is still too many especially if we are trying to get across the
fundamental requirements of the standard. The following summarizes the
requirement of ISO 9001 at two levels: firstly as a single requirement, secondly
as a series of generic requirements.
The titles have changed – moving away from models to requirements andguidance.
Changes in scope
The scope of the standard has changed from those activities that impact theproduct to embrace all activities
in an organization that serve the satisfaction of customers. This leaves little if any activity of an organization that would be
outside the scope of the quality management system.
Changes in structure
By far the most significant change is the change in structure – away from 20elements to a model based on five elements.
The ISO 9000:2000 family of standard is based on a process model.
Changes in content
The content has changed from 20 elements organized on the basis of whatcould go wrong to four groups of requirements
that focus on elements of process management. It is however, not the fact that the original elements have
been placed onto a new structure, but that the principles upon which the standard has been based have changed.
Changes in intent
The intent of ISO 9001 has changed from a model for quality assurance to a setof requirements for an effective quality
management. The standard is now based on eight management principles not on what requirements were
necessary to prevent failures that experience had shown led to poor product quality.
The forgotten standard ISO 8402 is brought into the family of ISO 9000 thus making it more likely that people will use it.
However, in the author ’s opinion, all three standards should have been merged into one standard thus
ensuring that everyone who possessed the requirements also possessed the concepts, terminology and
guidelines to refer to as necessary.
Much damage can be done when the requirements of ISO 9000 are taken out
of context, taken in isolation and taken literally. ISO 9000 is not a productstandard therefore it is subject to
interpretation as appropriate to the conditions
in which it is being used. Whatever the initial understanding of a requirement
of ISO 9001 might be, the intent is that:
organizations design and manage their processes effectively to achievecorporate objectives, not that they create functional
silos that compete for resources.
organizations choose the right things to do based on an objective analysis of
the environment in which they operate, not slavishly follow procedures that
serve no practical purpose.
management create an environment in which people will be motivated, not
create bureaucratic systems of documentation that stifle initiative and
creativity.
Changes in language
The language in ISO 9000 has changed to reflect pressure from the usercommunity for a user-friendlier standard.
In some cases the changes are insignificant but in others the changes have a wider impact as indicated
below:
Subcontractor has changed to supplier and supplier changed to organizationso that there is now a supply
chain represented by customer – organization – supplier.
In ISO 9001 the term customer is used but in ISO 9004 the term, interested party
is used in order to embrace customers, employees, investors and otherparties.
Executive management has been changed to Top Management indicating thatwhen the standard uses
the term management responsibility it is the people who direct the organization that should address
these requirements.
Specified requirements have changed to customer and regulatory require-ments or product requirements
depending on the context.
Procedures have not exactly been changed to processes but presented in adifferent way that makes
procedures only one element of managing an effective process. Procedures have lost their dominance in
the standard to be replaced by the concept of managed processes.
Changes in requirement
ISO 9001 still contains 136 ‘shall’ statements, 2 less than the 1994 version so insome respects it is no different.
There were roughly 323 requirements in ISO 9001:1994 (Hoyle, David, 1996)6 . In ISO 9001:2000 there are roughly 250
requirements. This is still too many especially if we are trying to get across the
fundamental requirements of the standard. The following summarizes the
requirement of ISO 9001 at two levels: firstly as a single requirement, secondly
as a series of generic requirements.
Implementing ISO 9000 Quality Management System
Implementation of ISO 9000 affects the entire organization right from the start. If pursued with total dedication, it results in ‘cultural transition’ to an atmosphere of continuous improvement.The process of implementing ISO 9000 depends on:???? The sophistication of your existing quality program,???? The size of your organization, and???? The complexity of your process.The 14 essential steps, briefly described below, are to be followed through in order to implement ISO 9000 quality management system successfully.Step 1: Top management commitmentStep 2: Establish implementation teamStep 3. Start ISO 9000 awareness programsStep 4: Provide TrainingStep 5. Conduct initial status surveyStep 6: Create a documented implementation planStep 7. Develop quality management system documentationStep 8: Document controlStep 9. ImplementationStep 10. Internal quality auditStep 11. Management reviewStep 12. Pre-assessment auditStep 13. Certification and registrationStep 14: Continual ImprovementStep 1: Top Management CommitmentThe top management (managing director or chief executive) should demonstrate a commitment and a determination to implement an ISO 9000 quality management system in the organization. Without top management commitment, no quality initiative can succeed. Top management must be convinced that registration and certification will enable the organization to demonstrate to its customers a visible commitment to quality. It should realize that a quality management system would improve overallbusiness efficiency by elimination of wasteful duplication in management system.The top management should provide evidence of its commitment to the development and implementation of the quality management system and continually improve its effectiveness by:a. Communicating to the organization the importance of meeting customer as well as statutory and regulatory requirements,b. Defining the organization’s quality policy and make this known to every employee,c. Ensuring that quality objectives are established at all levels and functions,d. Ensuring the availability of resources required for the development andimplementation of the quality management system,e. Appointing a management representative to coordinate quality management system activities, and Conducting management review.The top management should also consider actions such as:1. Leading the organization by example,2. Participating in improvement projects,3. Creating an environment that encourages the involvement of people.This type of top management commitment may be driven by:1. Direct marketplace pressure: requirements of crucial customers or parentconglomerates.2. Indirect marketplace pressure: increased quality levels and visibility among competitors.3. Growth ambitions: desire to exploit market opportunities.4. Personal belief in the value of quality as a goal and quality management systems as a means of reaching that goal.The top management should identify the goals to be achieved through the quality management system. Typical goals may be:• Be more efficient and profitable• Produce products and services that consistently meet customers’ needs andexpectations• Achieve customers satisfaction• Increase market share• Improve communications and morale in the organization• Reduce costs and liabilities• Increase confidence in the production systemStep 2. Establish Implementation TeamISO 9000 is implemented by people. The first phase of implementation calls for the commitment of top management – the CEO and perhaps a handful of other key people.The next step is to establish implementation team and appoint a ManagementRepresentative (MR) as its coordinator to plan and oversee implementation. Its members should include representatives of all functions of the organization -Marketing, Design and development, Planning, Production, Quality control, etc.In the context of the standard, the MR is the person within the Organization who acts as interface between organization management and the ISO 9000 registrar. His role is, in fact, much broader than that. The MR should also act as the organization’s “quality management system champion,” and must be a person with:
1. Total backing from the CEO,2. Genuine and passionate commitment to quality in general and the ISO 9000 qualitymanagement system in particular,3. The dignity – resulting from rank, seniority, or both – to influence managers and others of all levels and functions,4. Detailed knowledge of quality methods in general and ISO 9000 in particular.The members of the implementation team should also be trained on ISO 9000 quality management systems by a professional training organization.
Step 3. Start ISO 9000 Awareness ProgramsISO 9000 awareness programs should be conducted to communicate to theemployees the aim of the ISO 9000 quality management system; the advantage it offers to employees, customers and the organization; how it will work; and their roles and responsibilities within the system. Suppliers of materials and components should also participate in these programs.The awareness program should emphasize the benefits that the organization expects to realize through its ISO 9000 quality management system. The program should also stress the higher levels of participation and self-direction that the quality management system renders to employees. Such a focus will go far to enlist employee support and commitment.The programs could be run either by the implementation team or by experts hired to talk to different levels of employees.Step 4. Provide TrainingSince the ISO 9000 quality management system affects all the areas and all personnel in the organization, training programs should be structured for different categories of employees – senior managers, middle-level managers, supervisors and workers. The ISO 9000 implementation plan should make provision for this training. The training should cover the basic concepts of quality management systems and the standard and their overall impact on the strategic goals of the organization, the changed processes, and the likely work culture implications of the system. In addition, initial training mayalso be necessary on writing quality manuals, procedures and work instruction; auditing principles; techniques of laboratory management; calibration; testing procedures, etc.When in-house capacity to carry out such training is not available, it may be necessary to participate in external training courses run by professional training organizations.Alternatively, an external training institution could be invited to conduct in-house training courses.
Step 5. Conduct Initial Status SurveyISO 9000 does not require duplication of effort or redundant system. The goal of ISO 9000 is to create a quality management system that conforms to the standard. This does not preclude incorporating, adapting, and adding onto quality programs already in place. So the next step in the implementation process is to compare the organization’s existing quality management system, if there is one — with the requirements of thestandard (ISO 9001:2008).For this purpose, an organization flow chart showing how information actually flows (not what should be done) from order placement by the customer to delivery to this customer should be drawn up. From this over-all flow chart, a flow chart of activities in each department should be prepared.With the aid of the flow charts, a record of existing quality management system should be established. A significant number of written procedures may already be in place.Unless they are very much out of date, these documents should not be discarded.Rather, they should be incorporated into the new quality management system.Documents requiring modification or elaboration should be identified and listed. Thisexercise is some times referred to as ” gap analysis”. During these review processes,wide consultation with executives and representatives of various unions andassociations within the organization is required to enlist their active cooperation.In the review process, documents should be collected, studied and registered for further use, possibly after they have been revised. Before developing new quality management system documentation, you need to consider with which quality requirements or department you should start. The best is to select an area where processes are fairly well organized, running effectively and functioning satisfactorily.The basic approach is to determine and record how a process is currently carried out.We can do this by identifying the people involved and obtaining information from them during individual interviews. Unfortunately, it often happens that different people will give different, contradicting versions of a process. Each one may refer to oral instructions that are not accurate or clear. This is why the facts are often not described correctly the first time around, and have to be revised several times.Once it has been agreed how to describe the current process, this process has to be adapted, supplemented and implemented according to the requirements of the quality standard (ISO 9001:2008). This requires organizational arrangements, the drawing up of additional documents and possible removal of existing documentation (e.g. procedures, inspection/test plans, inspection/test instructions) and records (e.g.inspection/test reports, inspection/test certificates).In introducing a quality management system, the emphasis is on the improvement of the existing processes or the re-organization of processes.In general, the steps to follow are the following:Ascertain and establish the following:What is the present operation/process? What already exists?
Analyze the relevant sections of the quality standard – ISO 9001:2000:What is actually required? If necessary, supplement and change operational arrangements in accordance with the standard, develop documents and records, and describe operations/processes:What is the desired operation/process?Figure 1: Steps in introducing a quality management systemThe above gap analysis can be done internally, if the knowledge level is there. Or aformal pre-assessment can be obtained from any one of a large number of ISO 9000consulting, implementing, and registration firms.Step 6. Create a Documented Implementation PlanOnce the organization has obtained a clear picture of how its quality management system compares with the ISO 9001:2008 standard, all non-conformances must be addressed with a documented implementation plan. Usually, the plan calls for identifying and describing processes to make the organization’s quality management system fully in compliance with the standard.The implementation plan should be thorough and specific, detailing:???? Quality documentation to be developed???? Objective of the system???? Pertinent ISO 9001:2008 section???? Person or team responsible???? Approval required???? Training required???? Resources required???? Estimated completion dateThese elements should be organized into a detailed chart, to be reviewed andapproved. The plan should define the responsibilities of different departments and personnel and set target dates for the completion of activities. Once approved, the Management Representative should control, review and update the plan as the implementation process proceeds.Typical implementation action plan is shown in Figure 2. Use ISO 10005:1995 for guidance in quality planning
Step 7. Develop Quality Management System DocumentationDocumentation is the most common area of non-conformance among organizations wishing to implement ISO 9000 quality management systems. As one company pointed out: “When we started our implementation, we found that documentation was inadequate. Even absent, in some areas. Take calibration. Obviously it’s necessary, and obviously we do it, but it wasn’t being documented. Another area was inspection and testing. We inspect and test practically every item that leaves here, but our documentation was inadequate”.Documentation of the quality management system should include:???? Documented statements of a quality policy and quality objectives,???? A quality manual,???? Documented procedures and records required by the standard ISO 9001:2008, and???? Documents needed by the organization to ensure the effective planning, operation and control of its processes.Quality documentation is generally prepared in the three levels indicated in the box that follows. Use ISO 10013:1995 for guidance in quality documentation.
In small companies, the above levels of documentation could be presented in one manual; otherwise, separate manuals should be prepared.A list of the documents to be prepared should be drawn up and the responsibility for writing the documents should be assigned to the persons concerned in various functional departments. They should be advised to prepare the drafts within a specific time frame.Step 8: Document ControlOnce the necessary quality management system documentation has been generated, a documented system must be created to control it. Control is simply a means of managing the creation, approval, distribution, revision, storage, and disposal of the various types of documentation. Document control systems should be as simple and as easy to operate as possible — sufficient to meet ISO 9001:2008 requirements and that is all.Document control should include:???? Approval for adequacy by authorized person (s) before issue,???? Review, updating and re-approval of documents by authorized person (s),???? Identification of changes and of the revision status of documents,???? Availability of relevant versions of documents at points of use,???? Identification and control of documents of external origin,???? Assurance of legibility and identifability of documents, and???? Prevention of unintended use of obsolete documents.The principle of ISO 9000 document control is that employees should have access to the documentation and records needed to fulfil their responsibilities.Step 9. ImplementationIt is good practice to implement the quality management system being documented as the documentation is developed, although this may be more effective in larger firms. In smaller companies, the quality management system is often implemented all at once throughout the organization. Where phased implementation takes place, the effectiveness of the system in selected areas can be evaluated.It would be a good idea initially to evaluate areas where the chances of a positive evaluation are high, to maintain the confidence of both management and staff in the merits of implementing the quality management system.The implementation progress should be monitored to ensure that the qualitymanagement system is effective and conforms to the standard. These activities include internal quality audit, formal corrective action and management review.Step 10. Internal Quality AuditAs the system is being installed, its effectiveness should be checked by regular internal quality audits. Internal quality audits are conducted to verify that the installed quality management system:
???? Conform to the planned arrangements, to the requirements of the standard (ISO 9001:2008) and to the quality management system requirements established by your organization, and???? Is effectively implemented and maintained.Even after the system stabilizes and starts functioning, internal audits should be planned and performed as part of an ongoing strategy.A few staff members should be trained to carry out internal auditing. Use ISO 19011 for guidance in auditing, auditor qualification and programmes.Step 11. Management ReviewWhen the installed quality management system has been operating for three to six months, an internal audit and management review should be conducted and corrective actions implemented. The management reviews are conducted to ensure the continuing suitability, adequacy and effectiveness of the quality management system.????The review should include assessing opportunities for improvement and the need for changes to the quality management system, including the quality policy and quality objectives.The input to management review should include information on:???? Results of audits,???? Customer feed back,???? Process performance and product conformity,???? Status of preventive and corrective actions,???? Follow-up actions from previous management reviews,???? Changes that could affect the quality management system, and???? Recommendations for improvements.Management reviews should also address the pitfalls to effective implementation, including lack of CEO commitment, failure to involve everyone in the process, and failure to monitor progress and enforce deadlines.Step 12. Pre-assessment AuditWhen system deficiencies are no longer visible, it is normally time to apply for certification. However, before doing so, a pre-assessment audit should be arranged with an independent and qualified auditor. Sometimes certification bodies provide this service for a nominal charge. The pre-assessment audit would provide a degree of confidence for formally going ahead with an application for certification.Step 13. Certification and RegistrationOnce the quality management system has been in operation for a few months and has stabilized, a formal application for certification could be made to a selected certification agency. The certification agency first carries out an audit of the documents (referred to as an “adequacy audit”). If the documents conform to the requirements of the quality standard, then on-site audit is carried out. If the certification body finds the system to be working satisfactorily, it awards the organization a certificate, generallyfor a period of three years. During this three-year period, it will carry out periodic surveillance audits to ensure that the system is continuing to operate satisfactorily.Step 14: Continual ImprovementCertification to ISO 9000 should not be an end. You should continually seek to improve the effectiveness and suitability of the quality management system through the use of:???? Quality policy???? Quality objectives???? Audit results???? Analysis of data???? Corrective and preventive actions???? Management reviewISO 9004:2008 provides a methodology for continual improvement.
1. Total backing from the CEO,2. Genuine and passionate commitment to quality in general and the ISO 9000 qualitymanagement system in particular,3. The dignity – resulting from rank, seniority, or both – to influence managers and others of all levels and functions,4. Detailed knowledge of quality methods in general and ISO 9000 in particular.The members of the implementation team should also be trained on ISO 9000 quality management systems by a professional training organization.
Step 3. Start ISO 9000 Awareness ProgramsISO 9000 awareness programs should be conducted to communicate to theemployees the aim of the ISO 9000 quality management system; the advantage it offers to employees, customers and the organization; how it will work; and their roles and responsibilities within the system. Suppliers of materials and components should also participate in these programs.The awareness program should emphasize the benefits that the organization expects to realize through its ISO 9000 quality management system. The program should also stress the higher levels of participation and self-direction that the quality management system renders to employees. Such a focus will go far to enlist employee support and commitment.The programs could be run either by the implementation team or by experts hired to talk to different levels of employees.Step 4. Provide TrainingSince the ISO 9000 quality management system affects all the areas and all personnel in the organization, training programs should be structured for different categories of employees – senior managers, middle-level managers, supervisors and workers. The ISO 9000 implementation plan should make provision for this training. The training should cover the basic concepts of quality management systems and the standard and their overall impact on the strategic goals of the organization, the changed processes, and the likely work culture implications of the system. In addition, initial training mayalso be necessary on writing quality manuals, procedures and work instruction; auditing principles; techniques of laboratory management; calibration; testing procedures, etc.When in-house capacity to carry out such training is not available, it may be necessary to participate in external training courses run by professional training organizations.Alternatively, an external training institution could be invited to conduct in-house training courses.
Step 5. Conduct Initial Status SurveyISO 9000 does not require duplication of effort or redundant system. The goal of ISO 9000 is to create a quality management system that conforms to the standard. This does not preclude incorporating, adapting, and adding onto quality programs already in place. So the next step in the implementation process is to compare the organization’s existing quality management system, if there is one — with the requirements of thestandard (ISO 9001:2008).For this purpose, an organization flow chart showing how information actually flows (not what should be done) from order placement by the customer to delivery to this customer should be drawn up. From this over-all flow chart, a flow chart of activities in each department should be prepared.With the aid of the flow charts, a record of existing quality management system should be established. A significant number of written procedures may already be in place.Unless they are very much out of date, these documents should not be discarded.Rather, they should be incorporated into the new quality management system.Documents requiring modification or elaboration should be identified and listed. Thisexercise is some times referred to as ” gap analysis”. During these review processes,wide consultation with executives and representatives of various unions andassociations within the organization is required to enlist their active cooperation.In the review process, documents should be collected, studied and registered for further use, possibly after they have been revised. Before developing new quality management system documentation, you need to consider with which quality requirements or department you should start. The best is to select an area where processes are fairly well organized, running effectively and functioning satisfactorily.The basic approach is to determine and record how a process is currently carried out.We can do this by identifying the people involved and obtaining information from them during individual interviews. Unfortunately, it often happens that different people will give different, contradicting versions of a process. Each one may refer to oral instructions that are not accurate or clear. This is why the facts are often not described correctly the first time around, and have to be revised several times.Once it has been agreed how to describe the current process, this process has to be adapted, supplemented and implemented according to the requirements of the quality standard (ISO 9001:2008). This requires organizational arrangements, the drawing up of additional documents and possible removal of existing documentation (e.g. procedures, inspection/test plans, inspection/test instructions) and records (e.g.inspection/test reports, inspection/test certificates).In introducing a quality management system, the emphasis is on the improvement of the existing processes or the re-organization of processes.In general, the steps to follow are the following:Ascertain and establish the following:What is the present operation/process? What already exists?
Analyze the relevant sections of the quality standard – ISO 9001:2000:What is actually required? If necessary, supplement and change operational arrangements in accordance with the standard, develop documents and records, and describe operations/processes:What is the desired operation/process?Figure 1: Steps in introducing a quality management systemThe above gap analysis can be done internally, if the knowledge level is there. Or aformal pre-assessment can be obtained from any one of a large number of ISO 9000consulting, implementing, and registration firms.Step 6. Create a Documented Implementation PlanOnce the organization has obtained a clear picture of how its quality management system compares with the ISO 9001:2008 standard, all non-conformances must be addressed with a documented implementation plan. Usually, the plan calls for identifying and describing processes to make the organization’s quality management system fully in compliance with the standard.The implementation plan should be thorough and specific, detailing:???? Quality documentation to be developed???? Objective of the system???? Pertinent ISO 9001:2008 section???? Person or team responsible???? Approval required???? Training required???? Resources required???? Estimated completion dateThese elements should be organized into a detailed chart, to be reviewed andapproved. The plan should define the responsibilities of different departments and personnel and set target dates for the completion of activities. Once approved, the Management Representative should control, review and update the plan as the implementation process proceeds.Typical implementation action plan is shown in Figure 2. Use ISO 10005:1995 for guidance in quality planning
Step 7. Develop Quality Management System DocumentationDocumentation is the most common area of non-conformance among organizations wishing to implement ISO 9000 quality management systems. As one company pointed out: “When we started our implementation, we found that documentation was inadequate. Even absent, in some areas. Take calibration. Obviously it’s necessary, and obviously we do it, but it wasn’t being documented. Another area was inspection and testing. We inspect and test practically every item that leaves here, but our documentation was inadequate”.Documentation of the quality management system should include:???? Documented statements of a quality policy and quality objectives,???? A quality manual,???? Documented procedures and records required by the standard ISO 9001:2008, and???? Documents needed by the organization to ensure the effective planning, operation and control of its processes.Quality documentation is generally prepared in the three levels indicated in the box that follows. Use ISO 10013:1995 for guidance in quality documentation.
In small companies, the above levels of documentation could be presented in one manual; otherwise, separate manuals should be prepared.A list of the documents to be prepared should be drawn up and the responsibility for writing the documents should be assigned to the persons concerned in various functional departments. They should be advised to prepare the drafts within a specific time frame.Step 8: Document ControlOnce the necessary quality management system documentation has been generated, a documented system must be created to control it. Control is simply a means of managing the creation, approval, distribution, revision, storage, and disposal of the various types of documentation. Document control systems should be as simple and as easy to operate as possible — sufficient to meet ISO 9001:2008 requirements and that is all.Document control should include:???? Approval for adequacy by authorized person (s) before issue,???? Review, updating and re-approval of documents by authorized person (s),???? Identification of changes and of the revision status of documents,???? Availability of relevant versions of documents at points of use,???? Identification and control of documents of external origin,???? Assurance of legibility and identifability of documents, and???? Prevention of unintended use of obsolete documents.The principle of ISO 9000 document control is that employees should have access to the documentation and records needed to fulfil their responsibilities.Step 9. ImplementationIt is good practice to implement the quality management system being documented as the documentation is developed, although this may be more effective in larger firms. In smaller companies, the quality management system is often implemented all at once throughout the organization. Where phased implementation takes place, the effectiveness of the system in selected areas can be evaluated.It would be a good idea initially to evaluate areas where the chances of a positive evaluation are high, to maintain the confidence of both management and staff in the merits of implementing the quality management system.The implementation progress should be monitored to ensure that the qualitymanagement system is effective and conforms to the standard. These activities include internal quality audit, formal corrective action and management review.Step 10. Internal Quality AuditAs the system is being installed, its effectiveness should be checked by regular internal quality audits. Internal quality audits are conducted to verify that the installed quality management system:
???? Conform to the planned arrangements, to the requirements of the standard (ISO 9001:2008) and to the quality management system requirements established by your organization, and???? Is effectively implemented and maintained.Even after the system stabilizes and starts functioning, internal audits should be planned and performed as part of an ongoing strategy.A few staff members should be trained to carry out internal auditing. Use ISO 19011 for guidance in auditing, auditor qualification and programmes.Step 11. Management ReviewWhen the installed quality management system has been operating for three to six months, an internal audit and management review should be conducted and corrective actions implemented. The management reviews are conducted to ensure the continuing suitability, adequacy and effectiveness of the quality management system.????The review should include assessing opportunities for improvement and the need for changes to the quality management system, including the quality policy and quality objectives.The input to management review should include information on:???? Results of audits,???? Customer feed back,???? Process performance and product conformity,???? Status of preventive and corrective actions,???? Follow-up actions from previous management reviews,???? Changes that could affect the quality management system, and???? Recommendations for improvements.Management reviews should also address the pitfalls to effective implementation, including lack of CEO commitment, failure to involve everyone in the process, and failure to monitor progress and enforce deadlines.Step 12. Pre-assessment AuditWhen system deficiencies are no longer visible, it is normally time to apply for certification. However, before doing so, a pre-assessment audit should be arranged with an independent and qualified auditor. Sometimes certification bodies provide this service for a nominal charge. The pre-assessment audit would provide a degree of confidence for formally going ahead with an application for certification.Step 13. Certification and RegistrationOnce the quality management system has been in operation for a few months and has stabilized, a formal application for certification could be made to a selected certification agency. The certification agency first carries out an audit of the documents (referred to as an “adequacy audit”). If the documents conform to the requirements of the quality standard, then on-site audit is carried out. If the certification body finds the system to be working satisfactorily, it awards the organization a certificate, generallyfor a period of three years. During this three-year period, it will carry out periodic surveillance audits to ensure that the system is continuing to operate satisfactorily.Step 14: Continual ImprovementCertification to ISO 9000 should not be an end. You should continually seek to improve the effectiveness and suitability of the quality management system through the use of:???? Quality policy???? Quality objectives???? Audit results???? Analysis of data???? Corrective and preventive actions???? Management reviewISO 9004:2008 provides a methodology for continual improvement.
Saturday, August 22, 2009
Disposition of ISO 9001 Records
Disposition of ISO 9001 Records
Disposition in this context means the disposal of records once their useful life
has ended. The requirement should not be confused with that on the retention
of records. Retention times are one thing and disposal procedures quite
another.
The ISO 9001 standard does not specifically require records to be authenticated, certified
or validated other than product verification records in clause 8.2.4. A set of
results without being endorsed with the signature of the person who captured
them or other authentication lacks credibility. Facts that have been obtained by
whatever means should be certified for three reasons:
They provide a means of tracing the result to the originator in the event of
problems.
They indicate that the provider believes them to be correct.
They enable you to verify whether the originator was appropriately
qualified.
They give the results credibility.
If the records are generated by computer and retained in computerized form,
a means needs to be provided for the results to be authenticated. This can be
accomplished through appropriate process controls by installing provisions for
automated data recording or preventing unauthorized access.
Disposition in this context means the disposal of records once their useful life
has ended. The requirement should not be confused with that on the retention
of records. Retention times are one thing and disposal procedures quite
another.
The ISO 9001 standard does not specifically require records to be authenticated, certified
or validated other than product verification records in clause 8.2.4. A set of
results without being endorsed with the signature of the person who captured
them or other authentication lacks credibility. Facts that have been obtained by
whatever means should be certified for three reasons:
They provide a means of tracing the result to the originator in the event of
problems.
They indicate that the provider believes them to be correct.
They enable you to verify whether the originator was appropriately
qualified.
They give the results credibility.
If the records are generated by computer and retained in computerized form,
a means needs to be provided for the results to be authenticated. This can be
accomplished through appropriate process controls by installing provisions for
automated data recording or preventing unauthorized access.
Monday, August 17, 2009
Control of ISO 9000 records
Control Of ISO 9000 Records
The ISO 9000 standard requires records to be established and
maintained to provide evidence of conformity to require-
ments and the effective operation of the quality manage-
ment system.
A record is defined in ISO 9000 as a document stating
results achieved or providing evidence of activities
performed.
Although a record is a document, the document
control requirement of clause 4.2.3 do not apply to
records primarily because records are not issued,
neither do they exhibit revision status simply
because they are results that are factual when
recorded. If the facts change, a new record is usually
created rather than the previous record revised. Even
where a record is revised and new facts added, the
old facts remain identified as to their date. The only reason for revising facts
contained in a record without changing the identity of the record or the date
when they were collected is where the facts were incorrectly recorded. This
subtle difference demands different treatment for documents that are classed
as records to those that are classed as informative. As with other types of
documents, records result from processes and may be used as inputs to other
processes.
Records required by the management system means records used or
generated by the management system. There is therefore no requirement to
produce records solely to satisfy an auditor. The records required are those for
the effective operation of the organization’s processes (see clause 4.1d of ISO
9001). If a record has no useful purpose within the management system there
is no requirement that it be established or maintained.
This does not mean that a record is required to prove conformity with every
single requirement for every product and service. There are those records
required by the standard (see below) that are required for every product and
service where applicable and in all other cases, audit records showing
compliance on a sample of operations would be sufficient.
Compliance with many requirements can be demonstrated by observation,
analysis, interview or examination of documentation. If a result or an activity
is not required to be recorded in order to manage the organization effectively
and satisfy the interested parties, it is not necessary to maintain records of it.
The ISO 9000 standard requires records to be established and
maintained to provide evidence of conformity to require-
ments and the effective operation of the quality manage-
ment system.
A record is defined in ISO 9000 as a document stating
results achieved or providing evidence of activities
performed.
Although a record is a document, the document
control requirement of clause 4.2.3 do not apply to
records primarily because records are not issued,
neither do they exhibit revision status simply
because they are results that are factual when
recorded. If the facts change, a new record is usually
created rather than the previous record revised. Even
where a record is revised and new facts added, the
old facts remain identified as to their date. The only reason for revising facts
contained in a record without changing the identity of the record or the date
when they were collected is where the facts were incorrectly recorded. This
subtle difference demands different treatment for documents that are classed
as records to those that are classed as informative. As with other types of
documents, records result from processes and may be used as inputs to other
processes.
Records required by the management system means records used or
generated by the management system. There is therefore no requirement to
produce records solely to satisfy an auditor. The records required are those for
the effective operation of the organization’s processes (see clause 4.1d of ISO
9001). If a record has no useful purpose within the management system there
is no requirement that it be established or maintained.
This does not mean that a record is required to prove conformity with every
single requirement for every product and service. There are those records
required by the standard (see below) that are required for every product and
service where applicable and in all other cases, audit records showing
compliance on a sample of operations would be sufficient.
Compliance with many requirements can be demonstrated by observation,
analysis, interview or examination of documentation. If a result or an activity
is not required to be recorded in order to manage the organization effectively
and satisfy the interested parties, it is not necessary to maintain records of it.
Tuesday, August 11, 2009
The environment for a healthy business
Growing scrutiny toward industry’s effects on the environment has made conformance with ISO 14001:2004 – a voluntary, internationally recognized Environmental Management Systems (EMS) standard – more important than ever. As more companies pursue ISO 14001 certification to demonstrate environmental commitment to their customers, shareholders and government agencies, many are discovering the benefits of partnering with Intertek. As one of the first accredited certification bodies, Intertek offers expertise, experience and know-how that no one else can deliver.
Your certified EMS can help you reap the benefits of: Improved overall performance Your ISO 14001 certified EMS can help make your business more efficient and productive. Lower energy and raw materials use, reductions in waste and pollution, and mitigated risks of accidents and emergency situations translate into greater profitability and productivity. Expanded market access Your company’s environmental credibility and commitment to quality are established from day one.
It will take less time to demonstrate the effectiveness of your EMS and earn your prospective customers’ trust and confidence, and you’ll enjoy access to markets you might not otherwise penetrate. Improved corporate image Your certification demonstrates your company’s commitment to environmental responsibility, fostering improved relationships with the community, shareholders, and governmental and environmental organizations.
Enhanced competitiveness While helping you to operate more efficiently and profitably, your ISO 14001 certified EMS can instill additional confidence in shareholders, investors, insurers and your customers – making your business the clear choice in a highly competitive market. Plus, you can maximize your human and financial resources by using your existing Quality Management System (QMS) as a basis for your EMS, taking advantage of the synergies between ISO 9001 and ISO 14001.
Your certified EMS can help you reap the benefits of: Improved overall performance Your ISO 14001 certified EMS can help make your business more efficient and productive. Lower energy and raw materials use, reductions in waste and pollution, and mitigated risks of accidents and emergency situations translate into greater profitability and productivity. Expanded market access Your company’s environmental credibility and commitment to quality are established from day one.
It will take less time to demonstrate the effectiveness of your EMS and earn your prospective customers’ trust and confidence, and you’ll enjoy access to markets you might not otherwise penetrate. Improved corporate image Your certification demonstrates your company’s commitment to environmental responsibility, fostering improved relationships with the community, shareholders, and governmental and environmental organizations.
Enhanced competitiveness While helping you to operate more efficiently and profitably, your ISO 14001 certified EMS can instill additional confidence in shareholders, investors, insurers and your customers – making your business the clear choice in a highly competitive market. Plus, you can maximize your human and financial resources by using your existing Quality Management System (QMS) as a basis for your EMS, taking advantage of the synergies between ISO 9001 and ISO 14001.
Origins of the ISO’s Work
The ISO is a federation of non-governmental organizations established in 1947 to develop international standards, improve international communication and collaboration, and facilitate the exchange of goods and services. The federation is currently comprised of close to 100 national standards bodies (member bodies) from countries representing approximately 95 percent of the world’s industrial production.
The headquarters of the ISO secretariat is in Geneva, Switzerland.2 The ISO’s involvement in establishing environmental standardsbegan in 1991 after organizers for the UN Conference on Environment and Development (held in Rio de Janeiro in 1992) asked whether or not ISO would be attending the conference and whether it was involved in any environmental activities. As a result, the ISO established a Strategic Advisory Group on the Environment (SAGE) in 1991 to assess the need for international environmental management standards.3 SAGE recommended that ISO proceed with an environmental standard by 1992 and that a technical committee be established to carry it through. On June 1, 1993, ISO’s Technical Committee 207 (TC 207) held its first plenary meeting.
TC 207 was directed to establish environmental standards in five areas of environmental management:
- environmental management systems; environmental auditing and related
- environmental investigation; environmental labeling; environmental performance evaluation; and life-cycle assessment.
Consequently, TC 207 was divided into five subcommittees (SCs) for each category of standard and one SC to cover the terms and definitions of the standards. In addition, a working group, which reports directly to TC 207, was formed to deal with the environmental aspects in product standards. The five SCs have two or more working groups (WGs) that report to them (unlike the WG on product standards previously mentioned which reports directly to TC 207).
The key factor that has propelled the ISO 14000 series of standards forward throughout the early 1990s is the increase in national environmental standards. Examples of these standards include some two dozen eco-labeling schemes worldwide (see Annex 1), the British Standards Institute’s BS 7750 (Specification for Environmental Management Systems), the Canadian Standards Association’s Z750 (A Guide for a Voluntary Environmental Management System), and the EU EMAS (Eco-Management and Audit Scheme). Other similar environmental management standards have been developed by the French Standards Association, the South African Bureau of Standards and the Spanish Standards Association.
With the proliferation of environmental standards, concerns have been expressed that these standards would fragment international markets and unduly favor the companies of the countries or of the regions where these standards were developed, unless they were developed by authoritative and broadly based international bodies. The ISO was to serve this role.
The headquarters of the ISO secretariat is in Geneva, Switzerland.2 The ISO’s involvement in establishing environmental standardsbegan in 1991 after organizers for the UN Conference on Environment and Development (held in Rio de Janeiro in 1992) asked whether or not ISO would be attending the conference and whether it was involved in any environmental activities. As a result, the ISO established a Strategic Advisory Group on the Environment (SAGE) in 1991 to assess the need for international environmental management standards.3 SAGE recommended that ISO proceed with an environmental standard by 1992 and that a technical committee be established to carry it through. On June 1, 1993, ISO’s Technical Committee 207 (TC 207) held its first plenary meeting.
TC 207 was directed to establish environmental standards in five areas of environmental management:
- environmental management systems; environmental auditing and related
- environmental investigation; environmental labeling; environmental performance evaluation; and life-cycle assessment.
Consequently, TC 207 was divided into five subcommittees (SCs) for each category of standard and one SC to cover the terms and definitions of the standards. In addition, a working group, which reports directly to TC 207, was formed to deal with the environmental aspects in product standards. The five SCs have two or more working groups (WGs) that report to them (unlike the WG on product standards previously mentioned which reports directly to TC 207).
The key factor that has propelled the ISO 14000 series of standards forward throughout the early 1990s is the increase in national environmental standards. Examples of these standards include some two dozen eco-labeling schemes worldwide (see Annex 1), the British Standards Institute’s BS 7750 (Specification for Environmental Management Systems), the Canadian Standards Association’s Z750 (A Guide for a Voluntary Environmental Management System), and the EU EMAS (Eco-Management and Audit Scheme). Other similar environmental management standards have been developed by the French Standards Association, the South African Bureau of Standards and the Spanish Standards Association.
With the proliferation of environmental standards, concerns have been expressed that these standards would fragment international markets and unduly favor the companies of the countries or of the regions where these standards were developed, unless they were developed by authoritative and broadly based international bodies. The ISO was to serve this role.
Subscribe to:
Posts (Atom)