ISO 9000 Quality Systems: 2009

Thursday, December 31, 2009

ISO 9000 Quality Standards

In 1987, mounting concern on global quality issues led the International Organization for Standardization, or ISO, headquartered in Geneva, Switzerland, to establish a series of international quality standards. Called the ISO 9000 Series of Standards, the series is not specific to any one industry, but when used with proper industry-specific standards, helps build a strong foundation for a quality system. The idea behind ISO is to promote standardization which will facilitate the international exchange of goods and services.

Currently, ISO 9000 certification is voluntary and not required or mandated in any country. However, the European community has recently required that quality systems of many suppliers of products related to health, safety, and the environment be formally registered, by a third party, according to the ISO 9000 Series standard. This action has made adoption of the ISO standards a prerequisite for doing business in Europe. Countries in Asia, Africa, and South America are more and more considering adoption of these standards as a means to increased trade among themselves and the United States. Over 20,000 companies have been registered worldwide, and at least 52 nations are implementing the standards.

In the U.S., the ISO 9000 Series of Standards was adopted in precise format as the ANSI/ASQC Q90 series of standards. The series comprises five individual, but related, international standards on quality management and quality assurance, known as ISO 9000, 9001, 9002, 9003, and 9004. For a company’s quality system to become registered in one or more of these standards involves having an accredited, independent third party conduct an audit of the company’s operations against the requirements of the ISO 9000 standards. Upon successful completion of this audit, the company will receive a registration certificate that identifies its quality system as being in compliance with ISO 9000 standards.

Wednesday, December 23, 2009

Preparing The ISO 9000 Standards Quality Manual

Preparing The ISO 9000 Standards Quality Manual

The standard requires a quality manual to be established and maintained that includes the scope of the quality management system, the documented procedures or reference to them and a description of the sequence and interaction of processes included in the quality management system.

ISO 9000 defines a quality manual as a document specifying the quality management system of an organization.

It is therefore not intended that the manual be a response to the requirements of ISO 9001.

As the top-level document describing the management system it is a system description describing how the organization is managed.

Countless quality manuals produced to satisfy ISO 9000 :2008, were no more than 20 sections that paraphrased the requirements of the standard.

Such documentation adds no value. They are of no use to managers, staff or auditors.

Often thought to be useful to customers, organizations would gain no more confidence from customers than would be obtained from their registration certificate.

Sunday, December 20, 2009

Quality Planning

Whenever the term “product” is used within the ISO 9001 standard, it refers to both tangible goods and intangible services. The ISO 9001 standard is meant to be generic which means that it is suitable for all kinds of organization, whether commercial or otherwise. The purpose of the quality management system model that is being propagated by the standard is the fulfillment of customer requeirements and expectations in order to induce high levels of customer satisfaction. An unsatisfied customer is essentially a customer whose requirements or needs, and expectations of the level of services being granted upon him/her have not been met. We are all customers because we buy products all the time. So we know what it means to be a dissatisfied customer. The common reaction is to never to go back to that seller and look for other alternatives. A successful organization is one which understands what it takes to meet customer requirements in order to satisfy their needs and expectations. A specific process is thus necessary to resolve any customer complaint or dispute. This process should be geared towards satisfying the customer’s needs and expectations. The parameters of this process should be referenced from the terms of the sale and purchase. This is why it is necessary to review the customer’s requirements before committing to the sales contract. It is necessary that the customer understands what he/she is paying for and it is equally necessary for the organization to understand what it is supposed to deliver. When your organization has these processes in place, then the only thing to do next is to continually measure the effectiveness and subsequently take actions to continually improve the whole process.

Costs and resources Of ISO 9001 Standards

The largest cost of ISO 9001 is the involvement of company employees. The ‘ownership’ created by involving employees in designing the quality system maximises the chances of them accepting it. Reducing this cost by minimising employee involvement is a false economy. The next largest cost will be for designing and developing the system. This needs to be led by someone with experience in this particular field. You may have someone within your own organisation who has carried out this role, perhaps with a former employer. Your Business Link may offer free or subsidised advice and training, and will be able to provide names of approved consultants. Grants for work in this area tend to be directed through Business Links. Different areas have different grants, which depend on local conditions. A typical grant may cover up to 50 per cent of the cost of an approved consultant. Certification fees are around £800 for the smallest companies. Overall costs depend upon company size and the number of locations involved. Ask certification bodies for quotes for initial audits and surveillance visits. Many will give an all-inclusive price, including surveillance visits for three years. Typically, special rates will depend on how long the assessment is likely to take and what the company’s turnover is. Ask your certification body if it offers special rates for small companies. The standard requires that companies have trained internal auditors to conduct audits on the system. An internal audit can provide an effective means of monitoring the system and identifying areas for improvement. For further details, contact the International Register of Certificated Auditors.

ISO 9001 Standards – Design and Development

ISO 9001 Standards - Design and Development

Plan and control the product design and development. This planning must determine the:Identify problems and propose any necessary actions

- Stages of design and development

- Appropriate review, verification, and validation activities for each stage

- Responsibility and authority for design and development

The interfaces between the different involved groups must be managed to ensure effective communication and the clear assignment of responsibility. Update, as appropriate, the planning output during design and development.

NOTE: Design and development review, verification, and validation have distinct purposes. They can be conducted and recorded separately or in any combination, as deemed suitable for the product and the organization.

Determine product requirement inputs and maintain records. The inputs must include:

- Functional and performance requirements

- Applicable statutory and regulatory requirements

- Applicable information derived from similar designs

- Requirements essential for design and development

Review these inputs for adequacy. Resolve any incomplete, ambiguous, or conflicting requirements.

Document the outputs of the design and development process in a form suitable for verification against the inputs to the process. The outputs must:

- Meet design and development input requirements

- Provide information for purchasing, production, and service

- Contain or reference product acceptance criteria

- Define essential characteristics for safe and proper use

- Be approved before their release

Perform systematic reviews of design and development at suitable stages in accordance with planned arrangements to:

- Evaluate the ability of the results to meet requirements

- The reviews must include representatives of the functions concerned with the stage being reviewed. Maintain the results of reviews and subsequent follow-up actions.

ISO 9001 Quality Policy

ISO 9001 Quality Policy

The standard requires the quality policy to be appropriate to the purpose of the organization.

The purpose of an organization is quite simply the reason for its existence and as Peter Drucker so eloquently put it there is only one valid definition of business purpose: to create a customer”(Drucker, Peter F., 1977)2 . In ensuring that the quality policy is appropriate to the purpose of the organization, it must be appropriate to the customers the organization desires to create. It is therefore necessary to establish who the customers are, where the customers are, what they buy or wish to receive and what these customers regard as value. As stated above, the quality policy is the corporate policy and such policies exist to channel actions and decisions along a path that will fulfil the organization’s purpose and mission. A goal of the organization may be the attainment of ISO 9001 certification and thus a quality policy of meeting the requirements of ISO 9001 would be consistent with such a goal, but goals are not the same as purpose as indicated in the box to the right. Clearly no organization would have ISO 9001 certification as its purpose because certification is not a reason for existence – an objective maybe but not a purpose.

Policies expressed as short catchy phrases such as “to be the best” really do not channel actions and decisions. They become the focus of ridicule when the organization’s fortunes change. There has to be a clear link from mission to quality policy.

Policies are not expressed as vague statements or emphatic statements using the words may, should or shall, but clear intentions by use of the words ‘we will’

– thus expressing a commitment or by the words ‘we are, we do, we don’t, we have’ expressing shared beliefs. Very short statements tend to become slogans which people chant but rarely understand the impact on what they do. Their virtue is that they rarely become outdated. Long statements confuse people because they contain too much for them to remember. Their virtue is that they not only define what the company stands for but how it will keep its promises.

In the ISO 9001 definition of quality policy it is suggested that the eight quality management principles be used as a basis for establishing the quality policy.

One of these principles is the Customer Focus principle. By including in the quality policy the intention to identify and satisfy the needs and expectations of customers and other interested parties and the associated strategy by which this will be achieved, this requirement would be fulfilled. The inclusion of the strategy is important because the policy should guide action and decision. Omitting the strategy may not ensure uniformity of approach and direction.

The standard requires that the quality policy include a commitment to comply with requirements and continually improve the effectiveness of the quality management system.

A commitment to comply with requirements means that the organization should undertake to meet the requirements of all interested parties. This means meeting the requirements of customer, suppliers, employees, investors, owners and society. Customer requirements are those either specified or implied by customers or determined by the organization and these are dealt with in more detail under clauses 5.2 and 7.2.1. The requirements of employees are those covered by legislation such as access, space, environmental conditions, equal opportunities and maternity leave but also the legislation appropriate to minority groups such as the disabled and any agreements made with unions or other representative bodies. Investors have rights also and these will be addressed in the investment agreements. The requirements of society are those obligations resulting from laws, statutes, regulations etc.

An organization accepts such obligations when it is incorporated as a legal entity, when it accepts orders from customers, when it recruits employees, when it chooses to trade in regulated markets and when it chooses to use or process materials that impact the environment.

The effectiveness of the management system is judged by the extent to which it fulfils its purpose. Therefore improving effectiveness means improving the capability of the management system. Changes to the management system that improve its capability i.e its ability to deliver outputs that satisfy all the interested parties, are a certain types of change and not all management system changes will accomplish this. This requirement therefore requires top management to pursue changes that bring about an improvement in performance.

Demonstrating conformity with ISO 9001:2008

Demonstrating conformity with ISO 9001:2008

For organizations wishing to demonstrate conformity with the requirements of ISO 9001:2008, for the purposes of certification/registration, contractual, or other reasons, it is important to remember the need to provide evidence of the effective implementation of the QMS.

Organizations may be able to demonstrate conformity without the need for extensive documentation.

To claim conformity with ISO 9001:2008, the organization has to be able to provide objective evidence of the effectiveness of its processes and its quality management system. Clause 3.8.1 of ISO 9000:2005 defines “objective

evidence” as “data supporting the existence or variety of something” and notes that “objective evidence may be obtained through observation, measurement, test, or other means.”

Objective evidence does not necessarily depend on the existence of documented procedures, records or other documents, except where specifically mentioned in ISO 9001:2008. In some cases, (for example, in clause 7.1(d)

Planning of product realization, and clause 8.2.4 Monitoring and measurement of product), it is up to the organization to determine what records are necessary in order to provide this objective evidence.

Where the organization has no specific internal procedure for a particular activity, and this is not required by the standard, (for example, clause 5.6 Management Review), it is acceptable for this activity to be conducted using as a basis the relevant clause of ISO 9001:2008. In these situations, both internal and external audits may use the text of ISO 9001:2008 for conformity assessment purposes.

IMPLEMENTATION GUIDANCE FOR ISO 9001:2008

IMPLEMENTATION GUIDANCE FOR ISO 9001:2008

This Implementation Guidance has been developed to assist users in understanding the issues that need to be considered during the co-existence period between ISO 9001:2000 and ISO 9001:2008.

While the changes between ISO 9001:2000 and ISO 9001:2008 are expected to have a limited impact on users, some arrangements regarding implementation are needed.

Note: To reflect the limited scope of the changes the term “implementation” is now being used to make a clear distinction with the former “transition” from ISO 9001:1994 to ISO 9001:2000, when there were significant changes throughout the standard.

A wide diffusion of this implementation guidance is recommended, in particular the comparison table between ISO 9001:2008 and ISO 9001:2000, given in Annex B to ISO 9001:2008.

ISO 9001:2008 has been developed in order to introduce clarifications to the existing requirements of ISO 9001:2000 and to improve compatibility with ISO 14001:2004. ISO 9001:2008 does not introduce additional requirements nor does it change the intent of the ISO 9001:2000 standard.

Certification to ISO 9001:2008 is not an “upgrade”, and organizations that are certified to ISO 9001:2000 should be afforded the same status as those who have already received a new certificate to ISO 9001:2008 No new requirements were introduced in this edition but, in order to benefit from the clarifications of ISO 9001:2008, users of the former version will need to take into consideration whether the clarifications introduced have an impact on their current interpretation of ISO 9001:2000, as changes may be necessary to their QMS In order to assist organizations to have a full understanding of the new ISO 9001:2008, it may be useful to have an insight on the revision process, how this revision reflects the inputs received from users of the standard, and the consideration given to benefits and impacts during its development.

Prior to the commencement of a revision (or amendment) to a management system standard, ISO/Guide 72:2001 Guidelines for the justification and development of management system standards recommends that a “Justification Study” is prepared to present a case for the proposed project and that it outlines details of the data and inputs used to support its arguments. In relation to the development of ISO 9001:2008 user needs were identified from the following:

- the results of a formal “Systematic Review” on ISO 9001:2000 that was performed by the members of ISO/TC 176/SC2 during 2003-2004

- feedback from the ISO/TC 176/Working Group on “Interpretations”

- the results of an extensive worldwide “User Feedback Survey on ISO 9001 and ISO 9004″ by ISO/TC 176/SC 2/WG 18 and similar national surveys.

The Justification Study identified the need for an amendment, provided that the impact on users would be limited and that changes would only be introduced when there were clear benefits to users.

The key focuses of the ISO 9001:2008 amendment were to enhance the clarity of ISO 9001:2000 and to enhance its compatibility with ISO14001:2004.

A tool for assessing the impacts versus benefits for proposed changes was created to assist the drafters of the amendment in deciding which changes should be included, and to assist in the verification of drafts against the identified user needs. The following decision making principles were applied:

1) No changes with high impact would be incorporated into the standard;

2) Changes with medium impact would only be incorporated when they provided a correspondingly medium or high benefit to users of the standard;

3) Even where a change was low impact, it had to be justified by the benefits it delivered to users, before being incorporated.

The changes incorporated in this ISO 9001:2008 edition were classified in terms of impact into the following categories:

- No changes or minimum changes on user documents, including records

- No changes or minimum changes to existing processes of the organization

- No additional training required or minimal training required

- No effects on current certifications

The benefits identified for the ISO 9001:2008 edition fall into the following categories:

- Provides clarity

- Increases compatibility with ISO 14001.

- Maintains consistency with ISO 9000 family of standards.

- Improves translatability.

Saturday, December 19, 2009

Understand Quality Management

Quality Management may be defined as the process through which organizations apply statistical process control mechanisms in order to improve the quality and standards of goods and services that are manufactured. Closely related to Quality Management is tqm, also known as total quality management. This is basically a management strategy that is applied in businesses in order to create awareness of high quality in most organizational processes. Quality Management features three main components including quality assurance, quality improvement and quality control. Quality management is focused not only on the quality of products and services but also on continuous improvement of quality standards.

Most methods that are now being used for Quality Management, quality system and quality manufacturing system take into consideration the need for high quality as an essential attribute in services and products that are manufactured by companies and organizations. Quality Management usually involves the successful improvement of quality of services and products. This is usually done through quality training processes where one can also acquire lessons on quality process and process management. One tool that is used for ensuring auditing quality in Quality Management is the MasterControlQAAD(TM) software. Besides using tools to carry out Quality Managementsuccessfully, one can also consider applying project management. This will help ensure continuous quality improvement.

The other way through which organizations can improve quality of process and service output is by using six sigma. This is basically a business management strategy that helps identify and remove defects and variations in the manufacturing process. It also helps guarantee Quality Management. It works by using a set of high quality business management and overall management methods to ensure quality and guarantee Quality Management. Most products and services to which Quality Management is applied are certified with iso certificates. Some of the iso certificates that guarantee that a product or service has undertaken Quality Management, change management and process improvement is iso 9001.

iso 9001 and iso 14001:2004 set down specific guidelines for environmental management systems and Quality Management. Other guidelines can be found in other generic process management philosophies such as the lean management that follows iso 9000 quality improvement standards aimed at guaranteeing total quality to its quality systems. The other mode through which organizations guarantee Quality Management is by use of a quality plan that meets iso 14000 and iso 14001 iso certification requirements. The other iso certification that guarantees product quality in Quality Management include iso 9001 2000.

In order to meet supplier quality in Quality Management systems, there are several iso training sessions that are offered. These meet iso standards. An organization that is in need of Quality Management for its products and services may also consider using a quality manual for its day to day Quality Management plans. Such a manual will usually have guidelines for iso quality. However, when applying the guidelines in the manual, regard must be had to quality audit measures aimed at guaranteeing Quality Management for the organization. Quality Management also involves knowledge of as9100 and iso 13485 that are commonly applicable in supplier management.

Quality Management programs that are iso certified help offer quality policy to existing iso 9001 certifications and quality management system that meet iso 9000 and ts16949 requirements. Quality companies that are aimed at ensuring Quality Management for the products and services that they manufacture also use quality management software that guarantees managing quality. In order to enhance Quality Management, the software guarantees quality procedures through its high rate of functionality. Besides such software, an organization can adopt quality assurance training and also offer quality consulting to its members in order to guarantee Quality Management to its products and services.

There are also several quality project management plans, which meet iso standards such as iso 9002 that are available today. Such plans are usually developed with a view to developing flexible, affordable and scalable management solutions to companies that seek to uphold Quality Management for their products and services. Such plans feature quality management systems that offer quality control management and quality assurance management through quality a management plan. Other quality objectives that can be obtained through iso 9001 training thus meeting iso 9000 certification use project management skills to improve Quality Management for the manufactured products and services.

ISO 9001 Standards Requirement – Product Realization

ISO 9001 Standards Requirement – Product Realization

Planning of Product Realization
Plan and develop the processes needed for product realization. Keep the planning consistent with other requirements of the quality management system and document it in a suitable form for the organization. Determine through the planning, as appropriate, the:
Quality objectives and product requirements
Need for processes, documents, and resources
Verification, validation, monitoring, measurement, inspection, and test activities
Criteria for product acceptance
Records as evidence the processes and resulting product meet requirements

Customer-Related Processes

Determination of Requirements Related to the Product
Determine customer requirements:
Specified for the product (including delivery and post-delivery activities)
Not specified for the product (but needed for specified or intended use, where known)
Determine:
Statutory and regulatory requirements applicable to the product
Any additional requirements considered necessary by the organization

Review of Requirements Related to the Product
Review the product requirements before committing to supply the product to the customer in order to:
Ensure product requirements are defined
Resolve any requirements differing from those previously expressed
Ensure its ability to meet the requirements
Maintain the results of the review, and any subsequent follow-up actions. When the requirements are not documented, they must be confirmed before acceptance.
If product requirements are changed, ensure relevant documents are amended and relevant personnel are made aware of the changed requirements.
NOTE: In some situations, such as internet sales, a formal review is impractical for each order. Instead, the review can cover relevant product information such as catalogs or advertising material.

Customer Communication
Determine and implement effective arrangements for communicating with customers on:
Product information
Inquiries, contracts, or order handling (including amendments)
Customer feedback (including customer complaints)

Outsourced Processes In ISO 9001 Standards

Outsourced Processes In ISO 9001 Standards

One of the changes in ISO 9001:2008 is clarification of the role of outsourced processes in a quality management system. Guidance on ‘Outsourced processes’ helps clarify the intent and shows the linkage between Clause 4.2, where outsourced processes appear, and the purchasing controls in clause 7.4.
An outsourced process is a process that the organization needs for its quality management system and is performed by an external party. This party could be another company, a corporate service, another division, etc.
The organization needs to ensure the outsourced process is conducted in accordance withISO 9001:2008 and other requirements of the quality management system. This brings in the purchasing controls of 7.4. The service may not be purchased in the traditional sense of a monetary transaction. The guidance document explains that the controls in clause 4.2 and 7.4 apply. For example, a “no charge” service from a corporate head office requires documentation of supplier selection and, most importantly, control.
The guidance document addresses two important cases and gives guidance on the appropriate level of control. The cases are:
• The organization has the competence and ability to carry out a process, but chooses to outsource it (for commercial or other reasons).
• The organization does not have the competence to carry out the process itself, and chooses to outsource it.

Integrating Management Systems Within The ISO Standards

Today’s free market economies increasingly encourage diverse sources of supply and provide opportunities for expanding markets. Fair competition needs to be based on identifiable, clearly defined common references that are recognised from one country to the next. A standard, internationally recognised, developed by consensus among trading partners, serves as the language of trade. The International Organisation for Standardisation (ISO) has developed around 8′700, mostly technical related standards on this basis. Standards Series such as ISO 9000, ISO 14000 and what is to be known as ISO 18000 and ISO 26000 are Management related. These standards contain generic guidelines for Management Systems in the area of Quality, Environment, Occupational Health & Safety and Human Resources.

ISO is a word derived from the Greek isos, meaning “equal”. ISO Standards are developed and updated by the International Organisation for Standardisation which has around 150 member bodies. A member body of ISO is the national body “most representative of standardisation in its country”.(eg. Germany – DIN, USA – ANSI, Australia – SAA).
More than 50 countries, as well as the European Community have adopted ISO 9000 which is recognised internationally as a benchmark for measuring quality in a trade context. Since its first issue in 1987, approximately 430′000 companies have been using ISO 9000. Being a standard coming from an organisation that is usually involved in the development of technical standards, ISO 9000 is often regarded as a document that belongs in the hands of a technician exposed to production line quality control. At a closer look, however, ISO 9000 Standard Series provide guidance in the development and application of Management Systems as well as Quality Control in Manufacturing and Administration.

ISO has been developing a number of Management System Guidelines for various aspects of business. The most recent are the ISO 14000 Environmental Management System Guidelines. This is an international standard that will affect business in the near future. ISO 14000 has been designed to integrate with ISO 9000. However, apart from international standards there are local standards a company has to comply with. To remain compliant with local standards, further manuals and/or procedures are required (eg. lifting procedure in a warehouse to satisfy Work Safety requirements). A company may have several Manuals describing its Management Systems (eg. Human Resources, Quality, Security, Health/Safety, Finances). An overall link between the systems is often missing which makes the monitoring and the assessment of effectiveness difficult. Double handling of information, contradicting instructions, high maintenance costs, administrative excess and lack of overall transparency are common results.
ISO 9000 Standard Series for Quality (of) Management Systems provide generic guidance for the development of an overall Management System, ISO 14000 provides guidance for Environmental Management, etc. Transparency and monitoring of all business activities can be achieved by integrating all systems into one.
Complaints that ISO 9000 is paralysing operations and, that it does not reflect reality are usually a result of not clearly understanding how the standard can be properly structured to address the needs of a company. ISO 9000 can be structured by focusing on “best practice” process rather than the standard, by fitting the standard to the process and not the process to the standard. Having recognised this, ISO has been working on a new structure for ISO 9000, called “Vision 2000″, taking a process orientated approach to ensure that “best practice” as well as several standards can be addressed within one system. Focusing on process allows the development of a practical “working document”, providing an effective management tool. Having learned from the past, the trend to Process Orientated Management Systems started about three years ago in Europe and is finding increasing approval from certification bodies.Every company has its own culture and key individuals.
The business environment influences processes in certain ways (eg. employee market, laws, infrastructure, client, etc.)
To ensure competitiveness a company needs to ensure adequate flexibility in their system to effectively respond to changes in the business environment.
An effective system is a lean system that incorporates all necessary functions, controls of activities and “best practice” without being caught up in detail.
An effective system must also be flexible enough to enable the proper controls on outsourcing and sub-contracting of activities (eg. production, administration, service, etc.)

Friday, December 18, 2009

History and Evolution of ISO 9000 Standards

Pre ISO 9000
During World War II, there were quality problems in many British industries such as munitions, where bombs were exploding in factories during assembly. The solution adopted to address these quality problems required factories to document their manufacturing procedures and to prove by record-keeping that the procedures were being followed. The standard was BS 5750, and it was known as a management standard because it specified not what to manufacture, but how the manufacturing process was to be managed. In 1987, the British Government persuaded the International Organization for Standardization (ISO) to adopt BS 5750 as an international standard. The international standard was named ISO 9000.

ISO 9000: 1987 Version
ISO 9000:1987 had the same structure as the British Standard BS 5750, with three ‘models’ for quality management systems, the selection of which was based on the scope of activities of the organisation:
• ISO 9001:1987 Model for quality assurance in design, development, production, installation, and servicing was for companies and organisations whose activities included the creation of new products
• ISO 9002:1987 Model for quality assurance in production, installation, and servicing had basically the same material as ISO 9001 but without covering the creation of new products.
• ISO 9003:1987 Model for quality assurance in final inspection and test covered only the final inspection of finished product, with no concern for how the product was produced.
ISO 9000:1987 was also influenced by existing U.S. and other Defense Standards (MIL SPECS), and so was well-suited to manufacturing. The emphasis tended to be placed on conformance with procedures rather than the overall process of management—which was likely the actual intent.

ISO 9000:1994 (Year 1994 Revision)
ISO 9000:1994 emphasised quality assurance via preventive actions, instead of just checking final product, and continued to require evidence of compliance with documented procedures. As with the first edition, the down-side was that companies tended to implement its requirements by creating shelf-loads of procedure manuals, and becoming burdened with an ISO bureaucracy. In some companies, adapting and improving processes could actually be impeded by the quality system.

ISO 9000:2000 (Year 2000 Revision)
ISO 9001:2000 combines the three standards 9001, 9002, and 9003 into one, called 9001. Design and development procedures are required only if a company engages in the creation of new products. The 2000 version sought to make a radical change in thinking by placing the concept of process management front and centre (”Process management” was the monitoring and optimising of a company’s tasks and activities, instead of just inspecting the final product). The Year 2000 version also demands involvement by upper executives, in order to integrate quality into the business system and avoid delegation of quality functions to junior administrators. Another goal is to improve effectiveness via process performance metrics — numerical measurement of the effectiveness of tasks and activities. Expectations of continual process improvement and tracking customer satisfaction were made explicit.

ISO 9000:2008 (Year 2008 Revision)
The new ISO 9001:2008 was published on 15 November 2008. ISO 9001:2008 uses the same numbering system as ISO 9001:2000 to organise the standard. As a result, the new ISO 9001:2008 standard looks very much like the old standard. No new requirements have been added. However, some important clarifications and modifications have been made.

As with the release of previous versions, organisations registered to ISO 9001:2000 will be given a period to transition to the ISO 9001:2008 standard, assuming changes are needed.

ISO 9000 — a way of managing for conformance
Quality assurance, according to the Standard, is a way of managing that prevents non-conformance and thus “assures quality”. This is what makes ISO 9000 different from other standards: it is a management standard, not a product standard. It goes beyond product standardisation: it is standardising not what is made but how it is made. To use standards to dictate and control how organisations work was to extend the role of standards to new territory. To take such a step we might have firstly established that any such requirements worked — that they resulted in ways of working which improved performance.
Yet the plausibility of this Standard, and the fact that those who had an interest in maintaining it were (and still are) leading opinion, prevented such enquiries. In simple terms the Standard asks managers to say what they do, do what they say and prove it to a third party.
ISO 9000 (1994) paragraph 1: “The requirements specified are aimed primarily at achieving customer satisfaction by preventing non-conformity at all stages from design through servicing.”
To put it another way, the Standard asserts that preventing non-conformance achieves customer satisfaction. But does it? Of course it matters to customers that a product works. But there is no guarantee that the Standard will ensure even that. Furthermore, customers take a total view of an organisation — how easy it is to do business with — in respect of all things of importance to each and every customer.
ISO 9000 requires managers to “establish and maintain a documented quality system as a means of ensuring that product conforms to specified requirements”. Loosely translated this is “say what you do”. Management is supposed to “define and document its policy for quality . . . including its commitment to quality”.
What management would not declare its commitment to quality? But would they know what it means? Would they argue (as they should) that quality management is a different and better way to do business, or would they believe that ISO 9000 will take care of quality? The Standard encourages managers to think of “quality” and “business as usual” as separate and distinct. It helps managers avoid the revelation that quality means a wholly different view of management. Instead, the organisation “shall appoint a management representative who, irrespective of other responsibilities, shall have defined authority and responsibility” [for ISO 9000]. At a practical level this means only one executive might decide he or she had better learn a thing or two about quality. However, would being responsible for ISO 9000 lead to learning about quality or simply enforcing the ISO 9000 regime in an organisation?
Key to the regime is auditing. The Standard requires organisations to conduct internal quality audits to “verify whether quality activities comply with planned arrangements”. This can be loosely translated as “do you do as you say?” and the purpose of the audit is to see that you do. It was not until the 1994 review that the words were changed to “quality activities and related results”. It was a Standard which was rooted in the philosophy of inspection: fifteen years after its initial promulgation the promoters sought to extend the focus to results. But results or improvements assessed by what means? Inspection. By the time the Standard was adopted world-wide, quality thinking had moved a long way from the philosophy of inspection. It is now understood, at least by a few, that quality is achieved through managing the organisation as a system and using measures which enable managers to improve flow and reduce variation (which we explore in chapters 5 and 7). The defenders argue that there is nothing stopping a company having ISO 9000 and implementing methods for managing flow and reducing variation, but where are such companies? Few of the companies we researched, formally and informally, knew anything about this thinking. The Standard does not talk about it; moreover, the Standard effectively discourages managers from learning about it by representing quality in a different way.
According to ISO 8402 (quality vocabulary), quality is:
“The totality of features and characteristics of a product or service that bear on its ability to satisfy stated or implied needs.”
Everything we have learned about ISO 9000 suggests that the people who created this definition were thinking about the things which need to be controlled, those things which “bear on its ability . . .”. The builders of the Standard assumed that customer needs would be listed in contractual agreements between the supplier and customer. ISO 9000 has a “make” logic — procedures for “how you do what you do” — and a “control” logic — check to see that it is done. It is a relic of the era when contractual agreements were perceived to be an important device for regulating the behaviour of suppliers. In these ways, ISO 9000 encouraged “planning for quality”.
Planning for quality sounds plausible, but it assumes many things: that the plan is the right plan, that it is feasible, that people will “do it”, that performance will improve. It is an approach which, paradoxically, leads to poor decisions. Planners of quality systems, guided by ISO 9000, start with a view of how the world should be as framed by the Standard. Understanding how an organisation is working, rather than how someone thinks it should, is a far better place from which to start change of any kind.

Quality characteristics in ISO 9000 Standards

Quality characteristics in ISO 9000 Standards

Any feature or characteristic of a product or service that is needed to satisfy customer needs or achieve fitness for use is a quality characteristic. When dealing with products the characteristics are almost always technical characteristics, whereas service quality characteristics have a human dimension. Some typical quality characteristics are given below.

Product characteristics

1. Accessibility Functionality Size

2. Availability Interchangeability Susceptibility

3. Appearance Maintainability Storability

4. Adaptability Odour – Strength

5. Cleanliness Operability -Taste

6. Consumption Portability – Testability

7. Durability Producibility Traceability

8. Disposability Reliability – Toxicity

9. Emittance Reparability Transportability

10. Flammability Safety – Vulnerability

11. Flexibility Security – Weight

Service quality characteristics

1. Accessibility Credibility – Honesty

2. Accuracy Dependability Promptness

3. Courtesy Efficiency - Responsiveness

4. Comfort Effectiveness Reliability

5. Competence Flexibility – Security

These are the characteristics that need to be specified and their achievement controlled, assured, improved, managed and demonstrated. These are the characteristics that form the subject matter of the product requirements referred to in ISO 9000. When the value of these characteristics is quantified or qualified they are termed product requirements. We used to use the term quality requirements but this caused a division in thinking that resulted in people regarding quality requirements as the domain of the quality personnel and technical requirements being the domain of the technical personnel. All requirements are quality requirements – they express needs or expectations that are intended to be fulfilled by a process output that possesses inherent characteristics. We can therefore drop the word quality. If a modifying word is needed in front of the word requirements it should be a word that signifies the subject of the requirements. Transportation system requirements would be requirements for a transportation system, Audio speaker design requirements would be requirements for the design of an audio speaker, component test requirements would be requirements for testing components, and management training requirements would be requirements for training managers. ISO 9000 requirements are often referred to as quality requirements as distinct from other types of requirements but this is misleading. ISO 9000 is no more a quality requirement than is ISO 1000 on SI units, ISO 2365 for Ammonium nitrate or ISO 246 for Rolling Bearings. The requirements of ISO 9000 are quality management system requirements – requirements for a quality management system.

ISO 9000 registered organizations

Managing Processes In ISO 9000 Standards

The ISO 9000 Standard requires the organization to manage the identified processes in accordance with the requirements of ISO 9001.

The first stage in managing a process is to establish what it is you are trying to achieve, what requirements you need to satisfy, what goals you are aiming at; then establish how you will measure your achievements. The next stage is to define the process you will employ to deliver the results. Managing the process then involves managing all the inherent characteristics of the process in such a manner that the requirements of customers and interested parties are fulfilled by the process outcomes. This means:

Managing the process inputs

Managing the work

Managing the physical resources

Managing the financial resources

Managing the human resources

Managing the constraints

Managing the outputs

Process management is therefore much more than managing activities and therefore when describing processes, one needs more than a flow chart of activities. The chart is a diagrammatical representation of a process but only one aspect. One can also add numerical data to the charts to indicate resources, cycle times, delays, costs etc. but the intangible factors of the human environment cannot be reduced to numerical data to add to the charts.

The notes to clause 4.1 of ISO 9001 need some explanation. It is stated that the processes needed for the management system include management activities, provision of resources, product realization and measurement. This note could cause confusion because it suggests that these are the processes that are needed for the management system. It would be unwise to use this as the model and far better to identify the processes from observing how the business operates. The term provision of resources should be Resource Management, which is the collection of processes covering financial, human and physical resources.

Product realization is also a collection of processes such as design, production, service delivery, etc. Measurement is not a single process but a sub-process within each process. Grouping all the measurement processes together serves no useful purpose except it matches the standard – a purpose of little value in managing the organization.

The second note refers to outsourcing processes although it is difficult to imagine that management activities, product realization or measurement would be outsourced in its entirety. It is likely that market research; design, product verification, equipment calibration and other specialized services may be outsourced. While outsourcing comes under purchasing, it is correct to point out that the organization should control any outsourced processes. The supplier of the process is usually referred to as a subcontractor because they provide services to the organization’s requirements not their own. Control of subcontractors is covered by clause 7.4 but in meeting clause 7.4.3, you need to treat suppliers and subcontractors differently.

ISO 9000 Standards – Retention Of Records

ISO 9000 Standards – Retention Of Records
It is important that records are not destroyed before their useful life is over.
There are several factors to consider when determining the retention time for records.
The duration of the contract – some records are only of value whilst the contract is in force.
The life of the product – access to the records will probably not be needed for some considerable time, possibly long after the contract has closed. On defence contracts the contractor has to keep records for up to 20 years and
for product liability purposes, in the worst-case situation (taking account of
appeals) you could be asked to produce records up to 17 years after you made the product.
The period between management system assessments – assessors may wish to see evidence that corrective actions from the last assessment were taken. If the period of assessment is three years and you dispose of the evidence after 2 years, you will have some difficulty in convincing the assessor that you corrected the deficiency.
You will also need to take account of the subcontractor records and ensure
adequate retention times are invoked in the contract.
Where the retention time is actually specified can present a problem. If you
specify it in a general procedure you are likely to want to prescribe a single
figure, say 5 years for all records. However, this may cause storage problems – it may be more appropriate therefore to specify the retention times in the procedures that describe the records. In this way you can be selective.
You will also need a means of determining when the retention time has
expired so that if necessary you can dispose of the records. The retention time doesn’t mean that you must dispose of them when the time expires – only that you must retain the records for at least that stated period. Not only will the records need to be dated but the files that contain the records need to be dated and if stored in an archive, the shelves or drawers also dated. It is for this reason that all documents should carry a date of origin and this requirement needs to be specified in the procedures that describe the records. If you can rely on the selection process a simple method is to store the records in bins or computer disks that carry the date of disposal.
While the ISO 9000 requirement applies only to records, you may also need to retain tools, jigs, fixtures, test software – in fact anything that is needed to repair or reproduce equipment in order to honour your long-term commitments.
Should the customer specify a retention period greater than what you
prescribe in your procedures, special provisions will need to be made and this is a potential area of risk. Customers may choose not to specify a particular time and require you to seek approval before destruction. Any contract that requires you to do something different creates a problem in conveying the requirements to those who are to implement them. The simple solution is to persuade your customer to accept your policy. You may not want to change your procedures for one contract. If you can’t change the contract, the only alternative is to issue special instructions. You may be better off storing the records in a special contract store away from the normal store or alternatively attach special labels to the files to alert the people looking after the archives.

Identifying and Recording Design Changes In ISO 9000 Standards

Identifying and Recording Design Changes In ISO 9000 Standards

The documentation for design changes in ISO 9000 Standards should comprise the change proposal, the results of the evaluation, the instructions for change and traceability in the changed documents to the source and nature of the change. You will therefore need:
- A Change Request form which contains the reason for change and the
results of the evaluation – this is used to initiate the change and obtain
approval before being implemented.
- A Change Notice that provides instructions defining what has to be changed this is issued following approval of the change as instructions to the owners of the various documents that are affected by the change.
- A Change Record that describes what has been changed – this usually forms part of the document that has been changed and can be either in the form of a box at the side of the sheet (as with drawings) or in the form of a table on a separate sheet (as with specifications).
Where the evaluation of the change requires further design work and possibly experimentation and testing, the results for such activities should be documented to form part of the change documentation.
At each design review a design baseline should be established which identifies the design documentation that has been approved. The baseline
should be recorded and change control procedures employed to deal with any changes. These change procedures should provide a means for formally
requesting or proposing changes to the design. For complex designs you may prefer to separate proposals from instructions and have one form for proposing design changes and another form for promulgating design changes after approval. You will need a central registry to collect all proposed changes and provide a means for screening those that are not suitable to go before the review board, (either because they duplicate proposals already made or because they may not satisfy certain acceptance criteria which you have prescribed). On receipt, the change proposals should be identified with a unique number that can be used on all related documentation that is subsequently produced. The change proposal needs to:
- Identify the product of which the design is to be changed
- State the nature of the proposed change identify the principal requirements, specifications, drawings or other design documents which are affected by the change
- State the reasons for the change either directly or by reference to failure
reports, nonconformity reports, customer requests or other sources
- Provide for the results of the evaluation, review and decision to be
recorded

Conduct Initial Status Survey In ISO 9000 Standards

Conduct Initial Status Survey In ISO 9000 Standards

ISO 9000 does not require duplication of effort or redundant system. The goal of ISO 9000 is to create a quality management system that conforms to the standard. This does not preclude incorporating, adapting, and adding onto quality programs already in place. So the next step in the implementation process is to compare the organization’s existing quality management system, if there is one — with the requirements of the standard (ISO 9001:2008).

For this purpose, an organization flow chart showing how information actually flows (not what should be done) from order placement by the customer to delivery to this customer should be drawn up. From this over-all flow chart, a flow chart of activities in each department should be prepared.

With the aid of the flow charts, a record of existing quality management system should be established. A significant number of written procedures may already be in place.

Unless they are very much out of date, these documents should not be discarded.

Rather, they should be incorporated into the new quality management system.

Documents requiring modification or elaboration should be identified and listed. This exercise is some times referred to as ” gap analysis”. During these review processes, wide consultation with executives and representatives of various unions and associations within the organization is required to enlist their active cooperation.

In the review process, documents should be collected, studied and registered for

further use, possibly after they have been revised. Before developing new quality

management system documentation, you need to consider with which quality

requirements or department you should start. The best is to select an area where

processes are fairly well organized, running effectively and functioning satisfactorily.

The basic approach is to determine and record how a process is currently carried out.

We can do this by identifying the people involved and obtaining information from them during individual interviews. Unfortunately, it often happens that different people will give different, contradicting versions of a process. Each one may refer to oral instructions that are not accurate or clear. This is why the facts are often not described correctly the first time around, and have to be revised several times.

Once it has been agreed how to describe the current process, this process has to be adapted, supplemented and implemented according to the requirements of the quality standard (ISO 9001:2008). This requires organizational arrangements, the drawing up of additional documents and possible removal of existing documentation (e.g. procedures, inspection/test plans, inspection/test instructions) and records (e.g. inspection/test reports, inspection/test certificates).

In introducing a quality management system, the emphasis is on the improvement of the existing processes or the re-organization of processes.

In general, the steps to follow are the following:

a. Ascertain and establish the following:

What is the present operation/process? What already exists?

b. Analyze the relevant sections of the quality standard – ISO 9001:2008:

What is actually required?

c. If necessary, supplement and change operational arrangements in accordance

with the standard, develop documents and records, and describe operations/

processes:

What is the desired operation/process?

The gap analysis can be done internally, if the knowledge level is there. Or a formal pre-assessment can be obtained from any one of a large number of ISO 9000 consulting, implementing, and registration firms.

ISO 9000 Document Control Procedures

The ISO 9000 Standard requires that a documented procedure be established to define the controls needed.

This requirement means that the methods for per-

forming the various activities required to control

different types of documents should be defined and

documented.

Although the standard implies that a single proce-

dure is required, should you choose to produce

several different procedures for handling the differ-

ent types of documents it is doubtful that any auditor

would deem this noncompliant. Where this might be

questionable is in cases where there is no logical reason for such differences

and where merging the procedures and settling on a best practice would

improve efficiency and effectiveness.

Documents are recorded information and the purpose of the document

control process is to firstly ensure the appropriate information is available

where needed and secondly to prevent the inadvertent use of invalid

information. At each stage of the process are activities to be performed that

may require documented procedures in order to ensure consistency and

predictability. Procedures may not be necessary for each stage in the process.

Every process is likely to require the use of documents or generate documents

and it is in the process descriptions that you define the documents that need to

be controlled. Any document not referred to in your process descriptions is

therefore, by definition, not essential to the achievement of quality and not

required to be under control. It is not necessary to identify uncontrolled

documents in such cases. If you had no way of tracing documents to a

governing process, a means of separating controlled from uncontrolled may

well be necessary.

The procedures that require the use or preparation of documents should also

specify or invoke the procedures for their control. If the controls are unique to

the document, they should be specified in the procedure that requires the

document. You can produce one or more common procedures that deal with

the controls that apply to all documents. The stages in the process may differ

depending on the type of document and organizations involved in its

preparation, approval, publication and use. One procedure may cater for all the

processes but several may be needed.

The aspects you should cover in your document control procedures, (some

of which are addressed further in this chapter) are as follows

Planning new documents, funding, prior authorization, establishing need

etc.

- Preparation of documents, who prepares them, how they are drafted,

conventions for text, diagrams, forms etc.

- Standards for the format and content of documents, forms and diagrams.

- Document identification conventions.

- Issue notation, draft issues, post approval issues.

- Dating conventions, date of issue, date of approval or date of distribution.

- Document review, who reviews them and what evidence is retained.

- Document approval, who approves them and how approval is denoted.

- Document proving prior to use.

- Printing and publication, who does it and who checks it.

- Distribution of documents, who decides, who does it, who checks it.

- Use of documents, limitations, unauthorized copying and marking.

- Revision of issued documents, requests for revision, who approves the

request, who implements the change.

- Denoting changes, revision marks, reissues, sidelining, underlining.

Amending copies of issued documents, amendment instructions, and

amendment status.

- Indexing documents, listing documents by issue status.

- Document maintenance, keeping them current, periodic review.

- Document accessibility inside and outside normal working hours.

- Document security, unauthorized changes, copying, disposal, computer

viruses, fire and theft.

- Document filing, masters, copies, drafts, and custom binders.

- Document storage, libraries and archive, who controls location, loan

arrangements.

- Document retention and obsolescence.

With electronically stored documentation, the document database may provide

many of the above features and may not need to be separately prescribed in

your procedures. Only the tasks carried out by personnel need to be defined in

your procedures. A help file associated with a document database is as much

a documented procedure as a conventional paper based procedure.

ISO 9000 Document Control Procedures

The ISO 9000 Standard requires that a documented procedure be established to define

the controls needed.

This requirement means that the methods for performing the various activities required

to control different types of documents should be defined and documented.

Although the standard implies that a single procedure is required, should you choose

to produce several different procedures for handling the different types of documents

it is doubtful that any auditor would deem this noncompliant. Where this might be

questionable is in cases where there is no logical reason for such differences

and where merging the procedures and settling on a best practice would

improve efficiency and effectiveness.

Documents are recorded information and the purpose of the document

control process is to firstly ensure the appropriate information is available