Wednesday, March 4, 2009

ISO 9001 - The Adequacy of Your QMS

While I’ve briefly touched on the topic of QMS adequacy in previous discussions, I decided to commit an entire article to this subject based on its considerable importance. Many organizations experience difficulty with the concept of adequacy as it applies to their QMS; they really don’t have a full understanding of what this term relates to, or more importantly, how to assess whether or not their QMS is meeting this key requirement of the ISO 9001 standard.

Before we go any further, let’s first consider the meaning of the word “adequate”, or as used in throughout this article, “adequacy”:

Adequacy – Sufficient to satisfy a requirement or meet a need*.
*Random House Unabridged Dictionary, © Random House, Inc. 2006.

From the definition above, we learn that “adequate” relates to meeting both requirements as well as needs. If we apply this definition within the framework of an ISO 9001 based Quality Management System, we can therefore determine that a quality management system should be capable of satisfying applicable requirements including those specified by the organization, the customer, and any applicable standards and/or regulations.

In developing your QMS, and in the subsequent evaluation of its on-going performance, an adequate QMS means much more than simply addressing the clauses that make up the ISO 9001 standard. In addition to the requirements of ISO 9001, what are the governing codes, standards and/or specifications that the organization is working to? What customer specifications and other requirements does the organization need to meet? Finally, what other policies and other procedures have been established by the organization, and how does this QMS serve to ensure compliance? All of these considerations must to be taken into account when determining whether or not a Quality management System is adequate.

Assessing a QMS for adequacy however, relative to the above considerations, can be problematic for many organizations. With insulated management and silo-like structures, these organizations lack a comprehensive understanding of what requirements they’re actually working to. Such requirements may be known to pockets within the organization, but often they are not known across the organization, so there is little or no global understanding or awareness.

While a single organization, which produces a single product, in accordance with a single set of requirements is most likely a simple case requiring a simple solution, the complexity of many organization's operations makes their identification of these requirements and needs considerably more difficult. Multiple sites, multiple products, multiple standards, multiple sets of customer specifications, etc. all factor into the adequacy of the QMS. Without a good understanding of your entire business, and the corresponding requirements and needs that apply, it is nearly impossible to make a valid assessment of the adequacy of the QMS.

Just because an organization that has a documented system that addresses the requirements of this ISO 9001 standard, this only contributes to its adequacy; it doesn’t totally satisfy this requirement. In order to be totally compliant with ISO 9001, you QMS must not only address each applicable requirement of the standard, but also be in compliance with any additional requirements that may apply to your organization and its products. This means that a typical ISO system audit, in-and-of itself, has limitations as far as this determination is concerned. Product and process data can be used to supplement any conclusion, but as these are typically reactive measures (based on identified nonconformances), they only address issues when noted, rather than evaluating all areas of concern.

So exactly how do you find out what all of these requirements are? - Better start asking, researching and learning. If this is a new QMS or one that's under development, it's always better to find out at the beginning

No comments: