This month, I'm publishing a few more questions that we're asked on a regular basis. We hear these questions so much, that I've included them in my ever-growing my list of "Frequently Asked Questions":
Q: Is ISO 9001:2008 the right Quality Management System for my business?
A: The answer to this question may, in part, be found in the requirements of your customer(s), if such requirements have been established by contract or order. Depending on your industry, suppliers are often required to maintain a Quality Management System (QMS) compliant with ISO 9001:2008, aerospace suppliers to AS9100 rev. B, nuclear suppliers to 10 CFR 50 Appendix B, oil and gas to ISO/TS 29001:2004 (API Q1) and the list goes on and on from there...
Q: I've seen ads on the Internet for pre-written Quality Manuals and other program documentation. Is this a good approach?
A: For your system to be truly effective, it should reflect your business accurately. Instead of revising your existing processes to meet a program that you purchased on-line, my personal belief is that it's always better to develop the required documentation to reflect what you're already doing. Some adjustments to existing processes may be necessary to comply with the requirements of the applicable standard, but this way, you won't need to "start-over". While the initial time and cost of this approach may be somewhat higher, you'll save over having a program that isn't used, that you aren't happy with, or that needs to be re-written in the near future.
Q: My company isn't very large; do we need to hire a full-time Quality Manager?
A: ISO 9001:2008 requires the appointment of a Management Representative by executive management; it doesn't mention anywhere the need for a full-time Quality Manager. There's no reason that the responsibilities for your program can't be delegated between functions within your organization.
Q: If we're writing documentation to ISO 9001, how many procedures will we need to develop?
A: This is a question that will be specific to your organization. While ISO 9001 requires that an organization develops a Quality Manual and a minimum of six procedures, the exact number of procedures required should be based on the organization and the scope of the activities it performs. While procedures for document control, records, internal audits, control of nonconformances, corrective action and preventative action all are required by the ISO 9001 standard, this is only a minimum requirement. The organization should consider the other activities it performs, and determine what, if any, additional controls are needed. Such additional controls could include, but should not be limited to, procedures for training, control of measurement and test equipment, purchasing, contract review and other areas.
Q: We're looking to get ISO 9001:2008 certified; how long will this take?
A: This is one of the questions we're asked most frequently, and will really depend on the level of commitment and involvement by the client, not to mention the size and complexity of their operations. As with any other major project, the organization's executive management should establish a working group or team to lead this project, a project plan and budget, and make sure that adequate resources are available to ensure the success of this effort.
Q: We need consulting assistance to get ISO 9001 certified, but we also need to control costs. What options are available?
A: Consulting assistance can vary, ranging from the consultant acting in an advisory capacity, to providing consultative help, to collaboration. The degree of involvement will be a primary factor in determining what this consulting assistance will cost. Needless to say, the more time on-site and the more "hands-on" involvement a consultant has, the higher this cost will be. Bear in mind also, that if a consultant is left to do everything, you really haven't taken ownership of your program. The best programs are those that are "owned" by the organization, and reflect the organizations unique business needs and conditions, not simply the consultant's idea of what a good program is.
Q: If we achieve ISO certification, we will then be audited by our Registrar on a regular basis. Will this meet the requirements of ISO 9001:2008 for periodic internal audits?
A: No. The audits performed by your Registrar will be for the purposes of either initial certification, surveillance (including follow-up audits) or recertification. Registrar audits are a third-party assessment focusing on the certification status of your program. Internal audits, in contrast, are an internal assessment performed by management, for the purpose of verifying conformance with applicable requirements and for identifying improvement opportunities. While these two activities may seem vary similar at times, an internal audit is still required.
http://www.masquality.com
Showing posts with label ISO 9001. Show all posts
Showing posts with label ISO 9001. Show all posts
Friday, April 30, 2010
Monday, February 8, 2010
ISO 9001 - Design and Development - Design Input
Many organizations struggle with understanding design inputs as specified by the ISO 9001:2008 standard in clause 7.3.2. As part of these requirements, the organization is required to ensure that “inputs related to product requirements are identified and records maintained”.
In order to clarify what design inputs are, we must understand that design and development is a process, which therefore requires us to first define what a process is. While there are a variety of different definitions related to this subject, one of the most illustrative definitions of a process is provided by Hammer & Champy (1993)[1]:
”a collection of activities that takes one or more kinds of input and creates an output that is of value to the customer.”
Personally, I like this definition of a process, as it’s simple, relatively straightforward and it usually minimizes the amount of further explanation required. While this definition is applicable to the ISO 9001:2008 standard in its entirety, when applied specifically to design and development, we can state that our design and development process (clause 7.3) is the manner in which we transform design inputs (clause 7.3.2) into design outputs (clause 7.3.3).
In clause 7.3.2, the ISO 9001:2008 standard identifies several types of design inputs that shall be determined by the organization, including:
• Functional and performance requirements
• Applicable statutory and regulatory requirements
• Information derived from previous designs
• Other requirements essential for design and development
In some cases, particularly where design and development activities are performed on a made-to-order basis, the initial design inputs are established as part of an order provided by an external customer, specifying their needs and expectations. This order is reviewed as part of clause 7.2.2 of the ISO 9001:2008 standard (see Customer-related processes), and upon acceptance by the organization, the information provided becomes a primary, albeit not exclusive, source of design inputs for use by the organization.
Alternatively, design and development activities may be performed to create new products or to update existing products. In such cases, these activities are not initiated by an external order, but rather by a management directive or similar order of an internal nature, in order to meet an identified market, commercial or strategic needs identified by the organization. Similar to an order received from an external customer, such internal information also serves as a primary source of design inputs.
It is important to note here, that the list of design inputs specified in 7.3.2 is not all-inclusive; in fact, the fourth type of input identified by the standard is simply indentified as “other requirements essential for design and development”. This is really a broad requirement for the organization to identify all other internal (organizational) and external (customer) inputs to ensure that all applicable needs, expectations and requirements are addressed. This could include, but would not be limited to, requirements specified by applicable codes, standards and specifications, supplier-provided information, competitive analysis, feedback from previous products, process performance data, etc., etc., etc.
Not only is the organization required to identify these inputs, it is also required to keep records relating to these inputs and to ensure that these inputs are formulated in a way that can be verified and validated. Inputs must also be reviewed by the organization prior to use, to ensure that the inputs are adequate and that there is sufficient information to carry out the assignment. Consideration must also be given to ensure that inputs are complete, unambiguous and not in conflict with each other.
*[1] Michael Hammer and James Champy (1993). Reengineering the Corporation: A Manifesto for Business Revolution, Harper Business
http://www.masquality.com
In order to clarify what design inputs are, we must understand that design and development is a process, which therefore requires us to first define what a process is. While there are a variety of different definitions related to this subject, one of the most illustrative definitions of a process is provided by Hammer & Champy (1993)[1]:
”a collection of activities that takes one or more kinds of input and creates an output that is of value to the customer.”
Personally, I like this definition of a process, as it’s simple, relatively straightforward and it usually minimizes the amount of further explanation required. While this definition is applicable to the ISO 9001:2008 standard in its entirety, when applied specifically to design and development, we can state that our design and development process (clause 7.3) is the manner in which we transform design inputs (clause 7.3.2) into design outputs (clause 7.3.3).
In clause 7.3.2, the ISO 9001:2008 standard identifies several types of design inputs that shall be determined by the organization, including:
• Functional and performance requirements
• Applicable statutory and regulatory requirements
• Information derived from previous designs
• Other requirements essential for design and development
In some cases, particularly where design and development activities are performed on a made-to-order basis, the initial design inputs are established as part of an order provided by an external customer, specifying their needs and expectations. This order is reviewed as part of clause 7.2.2 of the ISO 9001:2008 standard (see Customer-related processes), and upon acceptance by the organization, the information provided becomes a primary, albeit not exclusive, source of design inputs for use by the organization.
Alternatively, design and development activities may be performed to create new products or to update existing products. In such cases, these activities are not initiated by an external order, but rather by a management directive or similar order of an internal nature, in order to meet an identified market, commercial or strategic needs identified by the organization. Similar to an order received from an external customer, such internal information also serves as a primary source of design inputs.
It is important to note here, that the list of design inputs specified in 7.3.2 is not all-inclusive; in fact, the fourth type of input identified by the standard is simply indentified as “other requirements essential for design and development”. This is really a broad requirement for the organization to identify all other internal (organizational) and external (customer) inputs to ensure that all applicable needs, expectations and requirements are addressed. This could include, but would not be limited to, requirements specified by applicable codes, standards and specifications, supplier-provided information, competitive analysis, feedback from previous products, process performance data, etc., etc., etc.
Not only is the organization required to identify these inputs, it is also required to keep records relating to these inputs and to ensure that these inputs are formulated in a way that can be verified and validated. Inputs must also be reviewed by the organization prior to use, to ensure that the inputs are adequate and that there is sufficient information to carry out the assignment. Consideration must also be given to ensure that inputs are complete, unambiguous and not in conflict with each other.
*[1] Michael Hammer and James Champy (1993). Reengineering the Corporation: A Manifesto for Business Revolution, Harper Business
http://www.masquality.com
Friday, July 10, 2009
ISO 9001 - Your Management Representative
As part of ISO 9001:2008, clause 5.5.2, the standard requires that Top Management appoint a member of management to serve as the Management Representative for the organization’s Quality Management System.
Expanding upon this requirement, we can consider this appointment to include the responsibility and authority to manage, monitor, evaluate and coordinate the organization’s quality management system as necessary to meet customer and other requirements and to achieve specified quality objectives. This individual would also then be responsible for communicating with Top Management, as well as the customer and other interested parties on matters pertaining to the organization’s quality management system (see ISO 9004:2000 also).
This appointment is typically documented by Top Management (e.g., President, CEO, COO, etc.) in the form of an appointment letter or other similar written statement; however direct reference within the organization’s quality manual is an equally acceptable method. In the later case, the responsibility and authority is not delegated to a particular individual, but rather to a particular position/title within the organization’s management structure, which is then assumed by an individual when they are assigned to this particular role.
Specifically, as stated within the ISO 9001 standard, the responsibilities of a Management Representative are as follows:
- Ensure that the processes needed for the organization’s QMS are established, implemented, and maintained;
- Report to top management on the performance of the QMS to Top Management and any need for improvement;
- Ensure the promotion of awareness of customer requirements throughout the organization; and
- Act as liaison with external bodies and customers on matters relating to the organization’s quality system.
While these responsibilities are defined within the standard, they are by no means all-inclusive. The actual scope of the Management Representative’s responsibility will undoubtedly vary from organization to organization, as each organization will have its own unique needs as determined by its size, the scope and the complexity of its operations, and other factors.
It’s important to note here, with regards to the responsibilities stated above, the use of the terms “ensure” and “report”, and the absence of any reference to the actual (hands-on) development, implementation and on-going maintenance of the management system itself. For these activities, it is the responsibility of the organization to define the individual who is responsible; in some organizations, it may be the Management Representative, or it may be assigned to other personnel within the organization.
While ISO 9001 does require that the Management Representative to be a member of management, no guidance is provided on the actual selection process, particularly with regards to the skills, knowledge and or abilities that are desirable. Again, this is left to Top Management of the organization, as they must ensure that the individual selected has the traits necessary to ensure that the outcomes desired by the organization are met.
The process of selecting a Management Representative should consider the responsibilities that this individual will assume and the role they will play in the actual management of the organization and its activities. For large organizations, this will require a degree of management "savvy", the ability to interact with key decision-makers as well as make key decisions, the ability to ensure conformance and to drive change. For smaller organizations, the management representative may be required to take a more hands-on approach, handling not only management issues related to the QMS, but also being directly involved in the administrative functions that make up this system and keep in it running.
An understanding of the requirements specified by the ISO 9001 standard is obviously necessary; however a deep level of subject matter expertise may only be necessary if the individual is going to actively manage the day-to-day activities and functions associated with the organization’s management system. Regardless of the capacity in which the Management Representative will function, competency is the keyword.
As a final note, you may have realized that I never mentioned the position of Quality Manager (or similar title) in this article. There’s no reference or requirement in the ISO 9001 standard regarding this position. A Management Representative is a required by the ISO 9001 standard; having an individual assigned as Quality Manager is not – it is a choice made by the organization, based on resource needs and other factors, including the products and services offered and the degree of control that is required. For small organizations, there’s often little value obtained by adding additional head-count, as the duties required to maintain and administer a system can be shared amongst existing personnel. For larger organizations however, the level of activity is much greater, and often necessitate this position, or similar, to ensure compliance with specified requirements.
http://www.masquality.com
Wednesday, March 4, 2009
ISO 9001 - The Adequacy of Your QMS
While I’ve briefly touched on the topic of QMS adequacy in previous discussions, I decided to commit an entire article to this subject based on its considerable importance. Many organizations experience difficulty with the concept of adequacy as it applies to their QMS; they really don’t have a full understanding of what this term relates to, or more importantly, how to assess whether or not their QMS is meeting this key requirement of the ISO 9001 standard.
Before we go any further, let’s first consider the meaning of the word “adequate”, or as used in throughout this article, “adequacy”:
Adequacy – Sufficient to satisfy a requirement or meet a need*.
*Random House Unabridged Dictionary, © Random House, Inc. 2006.
From the definition above, we learn that “adequate” relates to meeting both requirements as well as needs. If we apply this definition within the framework of an ISO 9001 based Quality Management System, we can therefore determine that a quality management system should be capable of satisfying applicable requirements including those specified by the organization, the customer, and any applicable standards and/or regulations.
In developing your QMS, and in the subsequent evaluation of its on-going performance, an adequate QMS means much more than simply addressing the clauses that make up the ISO 9001 standard. In addition to the requirements of ISO 9001, what are the governing codes, standards and/or specifications that the organization is working to? What customer specifications and other requirements does the organization need to meet? Finally, what other policies and other procedures have been established by the organization, and how does this QMS serve to ensure compliance? All of these considerations must to be taken into account when determining whether or not a Quality management System is adequate.
Assessing a QMS for adequacy however, relative to the above considerations, can be problematic for many organizations. With insulated management and silo-like structures, these organizations lack a comprehensive understanding of what requirements they’re actually working to. Such requirements may be known to pockets within the organization, but often they are not known across the organization, so there is little or no global understanding or awareness.
While a single organization, which produces a single product, in accordance with a single set of requirements is most likely a simple case requiring a simple solution, the complexity of many organization's operations makes their identification of these requirements and needs considerably more difficult. Multiple sites, multiple products, multiple standards, multiple sets of customer specifications, etc. all factor into the adequacy of the QMS. Without a good understanding of your entire business, and the corresponding requirements and needs that apply, it is nearly impossible to make a valid assessment of the adequacy of the QMS.
Just because an organization that has a documented system that addresses the requirements of this ISO 9001 standard, this only contributes to its adequacy; it doesn’t totally satisfy this requirement. In order to be totally compliant with ISO 9001, you QMS must not only address each applicable requirement of the standard, but also be in compliance with any additional requirements that may apply to your organization and its products. This means that a typical ISO system audit, in-and-of itself, has limitations as far as this determination is concerned. Product and process data can be used to supplement any conclusion, but as these are typically reactive measures (based on identified nonconformances), they only address issues when noted, rather than evaluating all areas of concern.
So exactly how do you find out what all of these requirements are? - Better start asking, researching and learning. If this is a new QMS or one that's under development, it's always better to find out at the beginning
http://www.masquality.com
Before we go any further, let’s first consider the meaning of the word “adequate”, or as used in throughout this article, “adequacy”:
Adequacy – Sufficient to satisfy a requirement or meet a need*.
*Random House Unabridged Dictionary, © Random House, Inc. 2006.
From the definition above, we learn that “adequate” relates to meeting both requirements as well as needs. If we apply this definition within the framework of an ISO 9001 based Quality Management System, we can therefore determine that a quality management system should be capable of satisfying applicable requirements including those specified by the organization, the customer, and any applicable standards and/or regulations.
In developing your QMS, and in the subsequent evaluation of its on-going performance, an adequate QMS means much more than simply addressing the clauses that make up the ISO 9001 standard. In addition to the requirements of ISO 9001, what are the governing codes, standards and/or specifications that the organization is working to? What customer specifications and other requirements does the organization need to meet? Finally, what other policies and other procedures have been established by the organization, and how does this QMS serve to ensure compliance? All of these considerations must to be taken into account when determining whether or not a Quality management System is adequate.
Assessing a QMS for adequacy however, relative to the above considerations, can be problematic for many organizations. With insulated management and silo-like structures, these organizations lack a comprehensive understanding of what requirements they’re actually working to. Such requirements may be known to pockets within the organization, but often they are not known across the organization, so there is little or no global understanding or awareness.
While a single organization, which produces a single product, in accordance with a single set of requirements is most likely a simple case requiring a simple solution, the complexity of many organization's operations makes their identification of these requirements and needs considerably more difficult. Multiple sites, multiple products, multiple standards, multiple sets of customer specifications, etc. all factor into the adequacy of the QMS. Without a good understanding of your entire business, and the corresponding requirements and needs that apply, it is nearly impossible to make a valid assessment of the adequacy of the QMS.
Just because an organization that has a documented system that addresses the requirements of this ISO 9001 standard, this only contributes to its adequacy; it doesn’t totally satisfy this requirement. In order to be totally compliant with ISO 9001, you QMS must not only address each applicable requirement of the standard, but also be in compliance with any additional requirements that may apply to your organization and its products. This means that a typical ISO system audit, in-and-of itself, has limitations as far as this determination is concerned. Product and process data can be used to supplement any conclusion, but as these are typically reactive measures (based on identified nonconformances), they only address issues when noted, rather than evaluating all areas of concern.
So exactly how do you find out what all of these requirements are? - Better start asking, researching and learning. If this is a new QMS or one that's under development, it's always better to find out at the beginning
http://www.masquality.com
Monday, October 27, 2008
The Right Approach
There are volumes of work that have been published detailing the success of quality management systems based on ISO 9001, AS9100, TS 29001 and other similar standards; the same goes for the documented success of problem-solving and improvement approaches, such as Six Sigma, Lean, TQM, RCA etc. If you research any of these on-line, your results will show hundreds of success stories, illustrating how such approaches can be successfully applied in virtually any industry or profession.
When we consider the documented success of such approaches, it’s amazing that any organization which has not adopted such sophisticated measures remains in business at all. Surely they can’t be as competitive as their peers in the marketplace with such superior capability. The progressive organization has learned to execute their operations with the precision of a laser scalpel; the dinosaur relies on outdates processes with the exactitude of trying to eat peas with flimsy, plastic cooking spatula. The organization who has the lowest DPMO, the most procedures, great process maps and the most black belts must always win.
With such overwhelming success, I’m surprised that I continue to regularly encounter folks who are steadfast in their belief that these approaches are nonsense; that they don’t work. To these individuals, such approaches are nothing but “flavor-of-the-day” initiatives, a combination of buzzwords and over-hyped methods, gestures or tricks with no end result other than to line the pockets of consultants at the expense of the well-meaning organization. This later opinion is inconsistent with the documented results - surely there is something missing. With so many documented success stories, there can’t be anything wrong with these approaches, can there…?
Unfortunately, many of these later opinions are based upon valid reasoning; they are the views of individuals who have seen the failures personally; they have suffered through poorly managed projects, tutelage under the guidance of less-than-capable consultants, and have experienced the disastrous results of ill-conceived initiatives. Huge costs have been incurred by the organization, countless hours have been wasted, personnel have been reassigned and morale has been left shattered. What began as an optimistic attempt to improve the condition of the business has either made no impact, or has left the organization in a worse state than ever before.
Which side is right here? Are these approaches successful or just hype?
We need to quit trying to address with this subject in absolutes. There is no “one-size-fits-all” solution; there is no global solution that can be applied in all cases. Each business has their own unique needs, circumstances and business objectives. Such approaches can be wildly successful; they can also be absolute failures. You can’t just say the “ISO 9001 doesn’t work", “Six Sigma doesn’t work”, or “Lean doesn’t work”. It just may not work for you. The same goes for saying that any of these approaches does work, without exception.
We incorrectly attribute the success (or failure) of an approach almost exclusively to the methodology itself, without taking into consideration the context in which it was applied, or the need which it was intended to address. Each of the aforementioned approaches (ISO 9001, Lean, Six Sigma, etc.) has some degree of merit, and each has been successful in their own right. Each has its own unique strengths and weaknesses. The "right" approach however, is the one that fits best with your organization.
http://www.masquality.com
When we consider the documented success of such approaches, it’s amazing that any organization which has not adopted such sophisticated measures remains in business at all. Surely they can’t be as competitive as their peers in the marketplace with such superior capability. The progressive organization has learned to execute their operations with the precision of a laser scalpel; the dinosaur relies on outdates processes with the exactitude of trying to eat peas with flimsy, plastic cooking spatula. The organization who has the lowest DPMO, the most procedures, great process maps and the most black belts must always win.
With such overwhelming success, I’m surprised that I continue to regularly encounter folks who are steadfast in their belief that these approaches are nonsense; that they don’t work. To these individuals, such approaches are nothing but “flavor-of-the-day” initiatives, a combination of buzzwords and over-hyped methods, gestures or tricks with no end result other than to line the pockets of consultants at the expense of the well-meaning organization. This later opinion is inconsistent with the documented results - surely there is something missing. With so many documented success stories, there can’t be anything wrong with these approaches, can there…?
Unfortunately, many of these later opinions are based upon valid reasoning; they are the views of individuals who have seen the failures personally; they have suffered through poorly managed projects, tutelage under the guidance of less-than-capable consultants, and have experienced the disastrous results of ill-conceived initiatives. Huge costs have been incurred by the organization, countless hours have been wasted, personnel have been reassigned and morale has been left shattered. What began as an optimistic attempt to improve the condition of the business has either made no impact, or has left the organization in a worse state than ever before.
Which side is right here? Are these approaches successful or just hype?
We need to quit trying to address with this subject in absolutes. There is no “one-size-fits-all” solution; there is no global solution that can be applied in all cases. Each business has their own unique needs, circumstances and business objectives. Such approaches can be wildly successful; they can also be absolute failures. You can’t just say the “ISO 9001 doesn’t work", “Six Sigma doesn’t work”, or “Lean doesn’t work”. It just may not work for you. The same goes for saying that any of these approaches does work, without exception.
We incorrectly attribute the success (or failure) of an approach almost exclusively to the methodology itself, without taking into consideration the context in which it was applied, or the need which it was intended to address. Each of the aforementioned approaches (ISO 9001, Lean, Six Sigma, etc.) has some degree of merit, and each has been successful in their own right. Each has its own unique strengths and weaknesses. The "right" approach however, is the one that fits best with your organization.
http://www.masquality.com
Monday, October 20, 2008
ISO 9001 - Customer Property
In clause 7.5.4 of the ISO 9001 standard, we find requirements for the control of customer property. As established in this clause, an organization is required to establish measures for the control of customer property, while it is under the organization’s control or being used by the organization. This clause also addresses the organization’s responsibility to identify, verify, protect and maintain customer property, as well as reporting to the customer any problems or issues that are identified.
What Is Customer Property?
Customer property is any property that is owned (or provided) by the customer. In simple terms, customer property can be considered anything that you don’t own, that has been supplied by the customer for your use. Such product may be owned directly by the supplier, or owned by another interested party.
Examples of customer property can be found in ISO 9004:2000*, which includes the following:
Verification of customer property should be performed to establish the condition of customer supplied property, including conformance to all specified requirements. These verification checks may include quantity, physical condition, and other characteristics, as well as the identification or measurement of chemical, physical or other properties. Typically, this verification process would be performed upon receipt, and is usually performed in a manner consistent with the organization’s established process for the verification of purchased product.
Records of such verification activities should be maintained in accordance with the organization’s record control procedures, and notification made to the customer in the event that nonconforming product is identified (see below).
Protecting Customer Property
While under the control of the organization, appropriate measures need to be established to protect customer product from loss, damage and/or degradation. Typically, such measures would follow the organization’s process for the protection of its own property; with any additional customer requirements that may apply (various international standards are also available to address this subject). As part of such measures, a schedule for periodic assessment should be established for property that is maintained for extended periods of time. The specific interval of this assessment, and evaluation method(s) used, should be based on the specific type of product and various other factors, including shelf -life of the product, storage environment, specific customer instructions, etc.
Maintaining Customer Property
In cases where maintenance may be required (e.g., equipment, tools and/or hardware), the organization should, prior to the acceptance of customer property, ensure that there is a clear agreement and definition of responsibility with regarding to both on-going maintenance and repair. Specific terms and conditions should be established between the customer and the organization to address the types (and schedule) of maintenance required, including who will be responsible for such maintenance, as well as to establish guidelines to address extraordinary events, such as repairs due to equipment failure.
As with maintenance and repair activities performed by the organization on its own equipment, records should be maintained in accordance with the organization’s record control procedures.
Reporting of Issues
The requirements established in 7.5.4 not only address the control of customer property, but also notification to the customer should any problems be identified. Any problems or issues, such as loss, damage or failure concerning customer property should be promptly reported back to the customer in accordance with the organization’s procedures for the control of nonconforming product, as modified by any specific customer instructions. As this is customer property, subsequent processing activities should be suspended, until disposition by the customer has occurred.
Records of such nonconforming product should be maintained in accordance with the organization’s record control procedures
http://www.masquality.com
What Is Customer Property?
Customer property is any property that is owned (or provided) by the customer. In simple terms, customer property can be considered anything that you don’t own, that has been supplied by the customer for your use. Such product may be owned directly by the supplier, or owned by another interested party.
Examples of customer property can be found in ISO 9004:2000*, which includes the following:
- Ingredients or components supplied for inclusion in a product;
- Product supplied for repair, maintenance or upgrading;
- Packaging materials supplied directly by the customer;
- Customer materials handled by service organizations such as storage;
- Services supplied on behalf of a customer, such as transportation of customer product to a third party; and
- Customer intellectual property, such as specifications, drawings and proprietary information.
*Excerpt from ISO 9004:2000, Quality management systems – Guidelines for performance improvements
From the guidance above, we can therefore consider customer property to include any materials, parts, components, etc. that are provided by the customer to be incorporated into the organization’s product. We can also include any property that is used by the organization, such as customer-provided equipment, tools, hardware and software.
Intellectual property may also fall under this requirement, if its return is required upon completion of a project. If it is given freely however (e.g., public information) it would not fall under this requirement.
Identifying Customer Property
The identification of customer property is a critical part of not only identifying ownership, but is also a necessary step in preventing the unauthorized use or inadvertent disposal of customer property. Identification should be in the method appropriate to the organization, the product, the processing to be performed, any usage requirements and/or customer specified instructions. Identification methods may include labels, tags, containers, physical markings or other methods as appropriate.
Verification of customer property should be performed to establish the condition of customer supplied property, including conformance to all specified requirements. These verification checks may include quantity, physical condition, and other characteristics, as well as the identification or measurement of chemical, physical or other properties. Typically, this verification process would be performed upon receipt, and is usually performed in a manner consistent with the organization’s established process for the verification of purchased product.
Records of such verification activities should be maintained in accordance with the organization’s record control procedures, and notification made to the customer in the event that nonconforming product is identified (see below).
Protecting Customer Property
While under the control of the organization, appropriate measures need to be established to protect customer product from loss, damage and/or degradation. Typically, such measures would follow the organization’s process for the protection of its own property; with any additional customer requirements that may apply (various international standards are also available to address this subject). As part of such measures, a schedule for periodic assessment should be established for property that is maintained for extended periods of time. The specific interval of this assessment, and evaluation method(s) used, should be based on the specific type of product and various other factors, including shelf -life of the product, storage environment, specific customer instructions, etc.
Maintaining Customer Property
In cases where maintenance may be required (e.g., equipment, tools and/or hardware), the organization should, prior to the acceptance of customer property, ensure that there is a clear agreement and definition of responsibility with regarding to both on-going maintenance and repair. Specific terms and conditions should be established between the customer and the organization to address the types (and schedule) of maintenance required, including who will be responsible for such maintenance, as well as to establish guidelines to address extraordinary events, such as repairs due to equipment failure.
As with maintenance and repair activities performed by the organization on its own equipment, records should be maintained in accordance with the organization’s record control procedures.
Reporting of Issues
The requirements established in 7.5.4 not only address the control of customer property, but also notification to the customer should any problems be identified. Any problems or issues, such as loss, damage or failure concerning customer property should be promptly reported back to the customer in accordance with the organization’s procedures for the control of nonconforming product, as modified by any specific customer instructions. As this is customer property, subsequent processing activities should be suspended, until disposition by the customer has occurred.
Records of such nonconforming product should be maintained in accordance with the organization’s record control procedures
http://www.masquality.com
Friday, September 26, 2008
ISO 9001 in Education and Training
While usually associated with manufacturing and service activities, ISO 9001 should be considered equally as effective as a management system for education and training programs. If we consider the desired outcome (learning), education and training is just another form of service; the product is the knowledge, skill and/or ability that is achieved by the program attendees. As with other services, the delivery of education and training incorporates the processes of design, development, verification, validation, delivery, subsequent correction and ongoing improvement. Therefore, when we try to apply the requirements of ISO 9001 to education and training activities, we find that it aligns exceptionally well with generally accepted practices.
A fundamental objective of any quality management system is to ensure that customer needs are met. In order to define these needs as they relate to education and training, we must first define the primary customer of this service - the program attendee. I’ve used the term “primary customer” in this discussion, as numerous ancillary customers may also be involved, including the parents of the attendee, the state which provides funding to the institution, and possibly even the country in which the activity is performed (as skill development contributes to the national economy). In the case of corporate training, we must also consider the needs of the individual’s employer, the industry they serve, as well as regulatory bodies or other interested parties. The list of potential customers can be as varied as the number of offerings that are available; identification of both primary and ancillary customers is a critical part of the initial needs assessment process, and is essential to the overall success of any education or training effort.
Once the above customers have been defined, their needs must be translated into terms that can be understood by the organization, and that can be further developed to serve as a measurement of an individual’s competency. Typically, these needs are reflected through the establishment of learning outcome statements, commonly referred to as learning objectives. Upon completion of specific portion of a program (or upon the completion of the program as a whole), the participant should be able to demonstrate a defined level of mastery of the course content, or be able to demonstrate the ability to perform a specific task or activity. To determine if these needs are satisfied, the participants performance throughout this entire process is monitored, and at defined intervals, the individual’s ability to meet a defined learning objective is measured against an established set of criteria (be it quizzes, examinations, demonstrations or other evaluation methods). Once the criteria established for competency is met, the objective is considered to be achieved. This process then continues until all established objectives have been met for the program, at which point a certificate or other form of recognition is awarded.
When considering what would be required to properly design, develop and document such a system to meet the requirements of ISO 9001, we find that there is very little difference between the approach needed to develop a system for this application, in comparison to approaches commonly used to develop systems which address manufacturing activities and other services. Proper design should begin with a review of the key processes used by the institution or organization, their ability to meet the customer needs established above and their overall degree of compliance with the requirements of the ISO 9001 standard.
System documentation required by the ISO 9001 standard, including a quality manual, and the six “system” procedures required by the ISO 9001 standard - the control of documents, the control of records, internal audits, the control of nonconformances, corrective action and preventative action all have a place in this system (as do the 19 types of records addressed in the ISO 9001 standard); they are just as relevant in this application as they are with their counterparts in other industries. Additional documentation, addressing the various activities performed by the organization will also be needed, as necessary to address the critical nature of the activities performed, as well as to ensure the customer needs defined above are met.
While the ISO 9001 standard does allow for an organization to take exclusion to the requirements found in Clause 7, there are relatively few instances where such exclusion would be justified. Typical education and training activities encompass Design and Development (instructional design), Purchasing (materials and services) Validation of Processes (pilot programs and peer reviews), Customer property (information) and even the Control of Measurement and Monitoring Devices (quizzes and examinations). While the specific processes used may vary between different organizations and offerings, almost every clause of ISO 9001 could conceivably apply.
http://www.masquality.com
A fundamental objective of any quality management system is to ensure that customer needs are met. In order to define these needs as they relate to education and training, we must first define the primary customer of this service - the program attendee. I’ve used the term “primary customer” in this discussion, as numerous ancillary customers may also be involved, including the parents of the attendee, the state which provides funding to the institution, and possibly even the country in which the activity is performed (as skill development contributes to the national economy). In the case of corporate training, we must also consider the needs of the individual’s employer, the industry they serve, as well as regulatory bodies or other interested parties. The list of potential customers can be as varied as the number of offerings that are available; identification of both primary and ancillary customers is a critical part of the initial needs assessment process, and is essential to the overall success of any education or training effort.
Once the above customers have been defined, their needs must be translated into terms that can be understood by the organization, and that can be further developed to serve as a measurement of an individual’s competency. Typically, these needs are reflected through the establishment of learning outcome statements, commonly referred to as learning objectives. Upon completion of specific portion of a program (or upon the completion of the program as a whole), the participant should be able to demonstrate a defined level of mastery of the course content, or be able to demonstrate the ability to perform a specific task or activity. To determine if these needs are satisfied, the participants performance throughout this entire process is monitored, and at defined intervals, the individual’s ability to meet a defined learning objective is measured against an established set of criteria (be it quizzes, examinations, demonstrations or other evaluation methods). Once the criteria established for competency is met, the objective is considered to be achieved. This process then continues until all established objectives have been met for the program, at which point a certificate or other form of recognition is awarded.
When considering what would be required to properly design, develop and document such a system to meet the requirements of ISO 9001, we find that there is very little difference between the approach needed to develop a system for this application, in comparison to approaches commonly used to develop systems which address manufacturing activities and other services. Proper design should begin with a review of the key processes used by the institution or organization, their ability to meet the customer needs established above and their overall degree of compliance with the requirements of the ISO 9001 standard.
System documentation required by the ISO 9001 standard, including a quality manual, and the six “system” procedures required by the ISO 9001 standard - the control of documents, the control of records, internal audits, the control of nonconformances, corrective action and preventative action all have a place in this system (as do the 19 types of records addressed in the ISO 9001 standard); they are just as relevant in this application as they are with their counterparts in other industries. Additional documentation, addressing the various activities performed by the organization will also be needed, as necessary to address the critical nature of the activities performed, as well as to ensure the customer needs defined above are met.
While the ISO 9001 standard does allow for an organization to take exclusion to the requirements found in Clause 7, there are relatively few instances where such exclusion would be justified. Typical education and training activities encompass Design and Development (instructional design), Purchasing (materials and services) Validation of Processes (pilot programs and peer reviews), Customer property (information) and even the Control of Measurement and Monitoring Devices (quizzes and examinations). While the specific processes used may vary between different organizations and offerings, almost every clause of ISO 9001 could conceivably apply.
http://www.masquality.com
Wednesday, July 16, 2008
ISO 9001 - You Might Be In Trouble If...
There are some questions, the answers to which I am unsure...what exactly happened at the end of the TV-series The Sopranos? “Who let the dogs out”? If “it’s not about winning or losing, but how you play the game” - then why bother showing up?
On ISO 9001-related issues, there are answers I am sure of. Several of these relate to ways to tell if there’s going to be a problem during your next ISO 9001 audit.
I’ve decided to make a list of the first 10 of issues that I could think of - not a “Top 10” list, but just the first that come to mind. Since this is being written primarily for companies that have already achieved ISO 9001 certification, I’m leaving out some of the more obvious issues (e.g. missing the six procedures required by the ISO 9001 standard), however, most of these could still apply to an organization attempting certification for the first time.
The first 10 issues I could think of are shown below, presented in the order of the standard (their related clause is shown in parenthesis):
Document Control (4.2.3) - You have multiple versions (revisions) of the same document in use in the work area, or “stray” documents in use without the proper approvals and that haven’t been recorded in the system.
Control of Records (4.2.4) - You can’t find the records you’re looking for, or records that you need when requested. Someone has taken your records and you don’t know who and/or when. If you’re lucky enough to find the records you’re looking for, they’re covered in coffee stains, cigarette burns, and/or food.
Customer Focus (5.2) – You have no customer feedback collected on how you’re performing. If you receive a complaint, it’s taken care of on-the-spot and not documented. You may send out customer surveys or questionnaires, but nobody ever responds.
Quality Policy (5.3) - You don’t have a quality policy posted. It may have fallen off the wall, been taken down, or you may have moved to a new location and forgotten to put it back up.
Quality Objectives (5.4.1) - You have no quality objectives established for the current period, or you have partially developed objectives that use words like “more”, “less, “fewer”, “better”, instead of using quantitative terms. You may have failed to meet your last objectives and didn’t take any subsequent corrective action.
Management Representative (5.5.2) - You don’t have a management representative. Your management representative may have quit, been fired or re-assigned. Worse yet, you may have a management representative that doesn’t know they are the management representative.
Management Review (5.6) - You haven’t performed a management review in over a year. You may have had meetings, but you’re unable to demonstrate anything that comes close to meeting the criteria of the standard.
Competence, Awareness and Training (6.2.2) - You can’t prove the competency of the personnel performing tasks that affect product (or service) quality. You have no established job requirements, and/or you have personnel working and you can’t demonstrate how they’re qualified to do so.
Determination of Requirements related to the product (7.2.1) - You can’t prove any evidence of contract review. Orders may be taken verbally without being documented, or even if taken in writing and there’s no evidence of review.
Design Control (7.3) - Your design controls have lapsed, and now your engineers are free to indulge in their creative pursuits without constraint. Design output isn’t defined, reviews are nonexistent, validation isn’t performed and/or you have no working process to control design changes.
Needless to say, the above is just a sample of the problems that may exist with your Quality Management System (QMS), and it isn’t intended to be an all inclusive list by any means. Since the above list only covers up to clause 7.3 of the ISO 9001 standard, there’s still a lot more that will need to be addressed. You’ll need to perform your own internal assessment prior to your next ISO 9001 certification audit, to identify any other concerns that may exist.
I still don’t know “who let the dogs out?”, but hopefully these answers will help you with your next ISO 9001 audit.
http://www.masquality.com
On ISO 9001-related issues, there are answers I am sure of. Several of these relate to ways to tell if there’s going to be a problem during your next ISO 9001 audit.
I’ve decided to make a list of the first 10 of issues that I could think of - not a “Top 10” list, but just the first that come to mind. Since this is being written primarily for companies that have already achieved ISO 9001 certification, I’m leaving out some of the more obvious issues (e.g. missing the six procedures required by the ISO 9001 standard), however, most of these could still apply to an organization attempting certification for the first time.
The first 10 issues I could think of are shown below, presented in the order of the standard (their related clause is shown in parenthesis):
Document Control (4.2.3) - You have multiple versions (revisions) of the same document in use in the work area, or “stray” documents in use without the proper approvals and that haven’t been recorded in the system.
Control of Records (4.2.4) - You can’t find the records you’re looking for, or records that you need when requested. Someone has taken your records and you don’t know who and/or when. If you’re lucky enough to find the records you’re looking for, they’re covered in coffee stains, cigarette burns, and/or food.
Customer Focus (5.2) – You have no customer feedback collected on how you’re performing. If you receive a complaint, it’s taken care of on-the-spot and not documented. You may send out customer surveys or questionnaires, but nobody ever responds.
Quality Policy (5.3) - You don’t have a quality policy posted. It may have fallen off the wall, been taken down, or you may have moved to a new location and forgotten to put it back up.
Quality Objectives (5.4.1) - You have no quality objectives established for the current period, or you have partially developed objectives that use words like “more”, “less, “fewer”, “better”, instead of using quantitative terms. You may have failed to meet your last objectives and didn’t take any subsequent corrective action.
Management Representative (5.5.2) - You don’t have a management representative. Your management representative may have quit, been fired or re-assigned. Worse yet, you may have a management representative that doesn’t know they are the management representative.
Management Review (5.6) - You haven’t performed a management review in over a year. You may have had meetings, but you’re unable to demonstrate anything that comes close to meeting the criteria of the standard.
Competence, Awareness and Training (6.2.2) - You can’t prove the competency of the personnel performing tasks that affect product (or service) quality. You have no established job requirements, and/or you have personnel working and you can’t demonstrate how they’re qualified to do so.
Determination of Requirements related to the product (7.2.1) - You can’t prove any evidence of contract review. Orders may be taken verbally without being documented, or even if taken in writing and there’s no evidence of review.
Design Control (7.3) - Your design controls have lapsed, and now your engineers are free to indulge in their creative pursuits without constraint. Design output isn’t defined, reviews are nonexistent, validation isn’t performed and/or you have no working process to control design changes.
Needless to say, the above is just a sample of the problems that may exist with your Quality Management System (QMS), and it isn’t intended to be an all inclusive list by any means. Since the above list only covers up to clause 7.3 of the ISO 9001 standard, there’s still a lot more that will need to be addressed. You’ll need to perform your own internal assessment prior to your next ISO 9001 certification audit, to identify any other concerns that may exist.
I still don’t know “who let the dogs out?”, but hopefully these answers will help you with your next ISO 9001 audit.
http://www.masquality.com
Saturday, July 12, 2008
ISO 9001:2000 - The Myths (part 1)
As I was researching topics to write about, I realized that I had several quality manuals (and related procedures) on my desk that I had been asked to review. The systems that these documents described were failures; their development had been contracted out to various individuals by management, with less-than-usable results.
While a few of these systems did initially achieve ISO 9001:2000 certification, they weren't sustainable over the long term. For the most part, what I found were "templates"; the same documents obviously had been used over and over, with just a global name change to match each company they had been sold to (in some cases, even the name change wasn't done very well). These were poorly written; their content ranged from banal to clueless and back to obtuse.
While the content of these documents didn't impress me (at times, I was actually concerned), it did give me an idea for a new topic. With so much misconception and misinformation regarding ISO 9001:2000, I figured I'd take this opportunity address a few common "myths" surrounding the ISO 9001:2000 standard and its requirements:
1. ISO 9001:2000 is for Manufacturing - Any type of organization can benefit from the process-based approach that's defined in the ISO 9001:2000 standard. Equally suited to services as it is to manufacturing, ISO 9001 can be applied to a wide variety of industries and firms, from education to architects, to medical practices, law offices and more.
2. Document Everything - The "Do What You Document, Document What You Do" approach was a cornerstone of ISO 9001:1994, which was all about following procedures. This has since been replaced by a process-based approach in ISO 9001:2000, which emphasizes effectiveness and focusing on the output - the result. The 1994 version of the standard required that 20 elements had to be addressed; the 2000 version requires a minimum of six documented procedures. Anything beyond these six is left to the discretion of the organization, as necessary for the effective control of the organization's processes.
3. Write Exhaustive Procedures - There really are no rules on how to write a procedure. Your procedures don't need to have a section for definitions, normative references, responsibilities, process maps, blah, blah, blah. What they need to do is to be appropriate to the organization and its operational needs. Don't write your procedures solely to satisfy an auditor, but rather consider how to achieve consistency and uniformity of the process under consideration.
4. Record Everything - There are a total of 19 different types of records that are specifically addressed within the ISO 9001 standard. Needless to say, these aren't all of the records that could be generated during the operation of a quality management system, however these particular records are considered essential to its effective operation. If the record of a result or activity isn't required to manage the organization effectively and/or satisfy interested parties, it doesn't need to be maintained.
5. Make a Form for Everything - We've seen forms used in the review other forms, forms that document the fact that a form is needed and even forms used to log and/or track other forms. While certain forms are common to almost every system (calibration forms, audit checklists, NCRs, CARs, etc.), it's important to limit the number of forms used to those that actually add value. Just a hint: there's a direct correlation here with records you need to maintain (see above).
6. Memorize your Quality Policy - This is another example of what I'll call 1994 thinking. Employees need to be trained, to ensure they aware and familiar with the organization's quality policy, and they should be able to locate where it is posted. One of the main reasons it's a written policy that's posted, is so it can referred to as needed.
7. You Need a Quality Manager - ISO 9001:2000 requires the appointment of a Management Representative by management of the organization; it doesn't mention anywhere the need for the position of Quality Manager. There's no reason that the responsibilities for your program can't be delegated between various functions within your organization.
8. A Web-Based QMS is better - I've seen companies that can benefit from such systems, but usually they're large and/or have business units that are geographically separated. Smaller organizations can usually do without such systems. Software solutions can be quite complex, and come with a variety of issues including extensive training requirements, costly hardware updates, constant IT support, and changes to existing work practices. The downside of this approach often negates the benefits of the technology.
9. We can get certified in one month (or even a week!) - The whole purpose of keeping records is to provide evidence of conformity to requirements and the effective operation of the quality management system. Without this history, there's no way that you can demonstrate that your system meets the requirements of the ISO 9001 standard. Regardless of how long your system takes to write, you will need several months of records; walk away from anyone that tells you otherwise.
10. Keep Statistics on Everything - Many organizations go overboard on the data they collect, or think they have to collect. Data is only important if it's actually relevant to the organization, and the effective operation of the quality management system. Don't collect data solely to satisfy an auditor; the organization needs to determine what's important, and measure and collect data accordingly. We've seen extensive SPC programs utilizing the latest computer software, when all the organization really needed was a checklist and a histogram.
The first step in properly documenting a management system is separating myth from fact, with regards to the requirements and the intent of the ISO 9001:2000 standard. There are a lot more myths around than I've been able to list above, but that's an article for another day. Now it's back to my review...
http://www.masquality.com
While a few of these systems did initially achieve ISO 9001:2000 certification, they weren't sustainable over the long term. For the most part, what I found were "templates"; the same documents obviously had been used over and over, with just a global name change to match each company they had been sold to (in some cases, even the name change wasn't done very well). These were poorly written; their content ranged from banal to clueless and back to obtuse.
While the content of these documents didn't impress me (at times, I was actually concerned), it did give me an idea for a new topic. With so much misconception and misinformation regarding ISO 9001:2000, I figured I'd take this opportunity address a few common "myths" surrounding the ISO 9001:2000 standard and its requirements:
1. ISO 9001:2000 is for Manufacturing - Any type of organization can benefit from the process-based approach that's defined in the ISO 9001:2000 standard. Equally suited to services as it is to manufacturing, ISO 9001 can be applied to a wide variety of industries and firms, from education to architects, to medical practices, law offices and more.
2. Document Everything - The "Do What You Document, Document What You Do" approach was a cornerstone of ISO 9001:1994, which was all about following procedures. This has since been replaced by a process-based approach in ISO 9001:2000, which emphasizes effectiveness and focusing on the output - the result. The 1994 version of the standard required that 20 elements had to be addressed; the 2000 version requires a minimum of six documented procedures. Anything beyond these six is left to the discretion of the organization, as necessary for the effective control of the organization's processes.
3. Write Exhaustive Procedures - There really are no rules on how to write a procedure. Your procedures don't need to have a section for definitions, normative references, responsibilities, process maps, blah, blah, blah. What they need to do is to be appropriate to the organization and its operational needs. Don't write your procedures solely to satisfy an auditor, but rather consider how to achieve consistency and uniformity of the process under consideration.
4. Record Everything - There are a total of 19 different types of records that are specifically addressed within the ISO 9001 standard. Needless to say, these aren't all of the records that could be generated during the operation of a quality management system, however these particular records are considered essential to its effective operation. If the record of a result or activity isn't required to manage the organization effectively and/or satisfy interested parties, it doesn't need to be maintained.
5. Make a Form for Everything - We've seen forms used in the review other forms, forms that document the fact that a form is needed and even forms used to log and/or track other forms. While certain forms are common to almost every system (calibration forms, audit checklists, NCRs, CARs, etc.), it's important to limit the number of forms used to those that actually add value. Just a hint: there's a direct correlation here with records you need to maintain (see above).
6. Memorize your Quality Policy - This is another example of what I'll call 1994 thinking. Employees need to be trained, to ensure they aware and familiar with the organization's quality policy, and they should be able to locate where it is posted. One of the main reasons it's a written policy that's posted, is so it can referred to as needed.
7. You Need a Quality Manager - ISO 9001:2000 requires the appointment of a Management Representative by management of the organization; it doesn't mention anywhere the need for the position of Quality Manager. There's no reason that the responsibilities for your program can't be delegated between various functions within your organization.
8. A Web-Based QMS is better - I've seen companies that can benefit from such systems, but usually they're large and/or have business units that are geographically separated. Smaller organizations can usually do without such systems. Software solutions can be quite complex, and come with a variety of issues including extensive training requirements, costly hardware updates, constant IT support, and changes to existing work practices. The downside of this approach often negates the benefits of the technology.
9. We can get certified in one month (or even a week!) - The whole purpose of keeping records is to provide evidence of conformity to requirements and the effective operation of the quality management system. Without this history, there's no way that you can demonstrate that your system meets the requirements of the ISO 9001 standard. Regardless of how long your system takes to write, you will need several months of records; walk away from anyone that tells you otherwise.
10. Keep Statistics on Everything - Many organizations go overboard on the data they collect, or think they have to collect. Data is only important if it's actually relevant to the organization, and the effective operation of the quality management system. Don't collect data solely to satisfy an auditor; the organization needs to determine what's important, and measure and collect data accordingly. We've seen extensive SPC programs utilizing the latest computer software, when all the organization really needed was a checklist and a histogram.
The first step in properly documenting a management system is separating myth from fact, with regards to the requirements and the intent of the ISO 9001:2000 standard. There are a lot more myths around than I've been able to list above, but that's an article for another day. Now it's back to my review...
http://www.masquality.com
Tuesday, June 24, 2008
ISO 9001:2000 - Control of Records
In order to comply with the ISO 9001:2000 standard, an organization is required to establish a minimum of six documented “system” procedures. The second of these procedures, by order of appearance, covers the Control of Records, and is identified in clause 4.2.4 of the standard as follows:
"Records shall be established and maintained to provide evidence of conformity to requirements and the effective operation of the quality management system. Records shall remain legible, readily identifiable and retrievable. A documented procedure shall be established to define the controls needed for the identification, storage, protection, retrieval, retention time and disposition of records".*
* ISO 9001:2000, Quality management systems – Requirements, Clause 4.2.4., p. 11
What’s a Record?
In order to understand what a record is, we must begin with another standard in the family, ISO 9000:2000, Quality management systems – Fundamentals and vocabulary. In this standard, we find the definition of a record. Simply put, a record is a document, and can be used as an input from one process to another, but in contrast to documents that are purely informative, a record is generated to state results achieved or to provide evidence of activities performed.
It is because of this difference that different rules apply to the control of records than for the control of documents (clause 4.2.3). Records are not issued, revised or tracked by revision. While a record could be amended to reflect new or updated information, the original record would not be affected.
Types of Records
There are a total of 19 different types of records that are specifically addressed within the ISO 9001 standard. Needless to say, this isn’t all of the records that could be generated during the operation of a quality management system, however these particular records are considered essential to its effective operation.
The records that are identified within the ISO 9001 standard are listed below, along with their corresponding clause number (shown in parenthesis):
- Management review records (5.6.1)
- Records of Education, training, skills and experience (6.2.2)
- Records needed to provide evidence that the realization process and resulting product meet requirements (7.1)
- Records related to the review of customer requirements (7.2.2)
- Design and development inputs (7.3.2)
- Design and development review records (7.3.4)
- Design verification records (7.3.5)
- Design validation records (7.3.6)
- Design and development change review records (7.3.7)
- Supplier evaluation records (7.4.1)
- Validation arrangements for processes (7.5.2)
- Product identification records (7.5.3)
- Records related to customer property (7.5.4)
- Calibration and verification records (7.6)
- Internal audit records (8.2.2)
- Product conformity records (8.2.4)
- Records of the nature of nonconformities and any subsequent action taken (8.3)
- Results of Corrective Actions taken (8.5.2)
- Results of Preventative actions taken (8.5.3)
Controls Required
Creating a procedure to meet the requirements established in clause 4.2.4 is a fairly straightforward task. In clause 4.2.4, the ISO 9001 standard provides us with a clear purpose statement, by requiring that the organization ensure that records remain legible, readily identifiable and retrievable. In addition, clause 4.2.4 also identifies what types of controls should be addressed, giving us a basic outline of what needs to be covered in our procedure - record identification, storage, protection, retrieval, retention time and disposition (disposal).
Being given a purpose statement and an outline, the only information we’re missing are the specific controls used by the organization. In this case, the ISO 9001 standard is neither prescriptive nor specific; it leaves the specific controls up to the implementing organization, to define methods that are consistent with its business needs, quality objectives and customer and/or regulatory requirements.
http://www.masquality.com
"Records shall be established and maintained to provide evidence of conformity to requirements and the effective operation of the quality management system. Records shall remain legible, readily identifiable and retrievable. A documented procedure shall be established to define the controls needed for the identification, storage, protection, retrieval, retention time and disposition of records".*
* ISO 9001:2000, Quality management systems – Requirements, Clause 4.2.4., p. 11
What’s a Record?
In order to understand what a record is, we must begin with another standard in the family, ISO 9000:2000, Quality management systems – Fundamentals and vocabulary. In this standard, we find the definition of a record. Simply put, a record is a document, and can be used as an input from one process to another, but in contrast to documents that are purely informative, a record is generated to state results achieved or to provide evidence of activities performed.
It is because of this difference that different rules apply to the control of records than for the control of documents (clause 4.2.3). Records are not issued, revised or tracked by revision. While a record could be amended to reflect new or updated information, the original record would not be affected.
Types of Records
There are a total of 19 different types of records that are specifically addressed within the ISO 9001 standard. Needless to say, this isn’t all of the records that could be generated during the operation of a quality management system, however these particular records are considered essential to its effective operation.
The records that are identified within the ISO 9001 standard are listed below, along with their corresponding clause number (shown in parenthesis):
- Management review records (5.6.1)
- Records of Education, training, skills and experience (6.2.2)
- Records needed to provide evidence that the realization process and resulting product meet requirements (7.1)
- Records related to the review of customer requirements (7.2.2)
- Design and development inputs (7.3.2)
- Design and development review records (7.3.4)
- Design verification records (7.3.5)
- Design validation records (7.3.6)
- Design and development change review records (7.3.7)
- Supplier evaluation records (7.4.1)
- Validation arrangements for processes (7.5.2)
- Product identification records (7.5.3)
- Records related to customer property (7.5.4)
- Calibration and verification records (7.6)
- Internal audit records (8.2.2)
- Product conformity records (8.2.4)
- Records of the nature of nonconformities and any subsequent action taken (8.3)
- Results of Corrective Actions taken (8.5.2)
- Results of Preventative actions taken (8.5.3)
Controls Required
Creating a procedure to meet the requirements established in clause 4.2.4 is a fairly straightforward task. In clause 4.2.4, the ISO 9001 standard provides us with a clear purpose statement, by requiring that the organization ensure that records remain legible, readily identifiable and retrievable. In addition, clause 4.2.4 also identifies what types of controls should be addressed, giving us a basic outline of what needs to be covered in our procedure - record identification, storage, protection, retrieval, retention time and disposition (disposal).
Being given a purpose statement and an outline, the only information we’re missing are the specific controls used by the organization. In this case, the ISO 9001 standard is neither prescriptive nor specific; it leaves the specific controls up to the implementing organization, to define methods that are consistent with its business needs, quality objectives and customer and/or regulatory requirements.
http://www.masquality.com
Tuesday, June 17, 2008
ISO 9001:2000 - Management Review Q&A
Earlier this year, when I wrote an article titled ISO 9001:2000 – Your Management Review, I hadn’t realized how much interest there was on the subject. As a result, I’m following up on this earlier article with a simple Question and Answer (Q&A) session, which is based on the questions I’m most frequently asked:
Q1: Is a Management Review a formal meeting?
A1: A management review is appropriately named, as it’s an opportunity for top management of an organization to review the performance of their organization’s management system. It’s more than just a meeting however, as a management review includes the collection, analysis and review of performance data, and any decisions and actions related to the results.
Q2: Can a management review be held remotely?
A2: With the technology that is currently available, there’s no reason that telephone and web conferencing shouldn’t be considered. Portions of the review can be performed remotely when it is not possible or cost effective to meet in person. Data can be collected and analyzed electronically, and the results communicated by email or other means.
Q3: Our organization is quite large and geographically dispersed. How can we perform a single management review?
A3: There’s actually nothing in the standard that requires only one management review be performed. For a large organization, this review can be performed at individual levels (or locations) and then consolidated into a final review that is performed by executive management of the organization.
Q4: This is our first management review and we don’t have much information to report. Can we still hold a management review?
A4: You have information to report; the problem is that you just don’t have much data. This in itself is noteworthy, and should also be considered as an opportunity for improving the effectiveness of your quality management system under section 5.6.3 of the ISO 9001:2000 standard (Review Output).
Q5: What is the required interval for management reviews?
A5: The ISO 9001 standard doesn’t specify any specific time frame, other than requiring these reviews to be performed at planned intervals. For a “new” program, I would recommend at least quarterly, and then adjusting the duration to possibly six months or even on an annual basis if this meets the needs of the organization. Personally, I would never go longer than a 12 mo. interval between reviews.
Q6: Prior to implementing ISO 9001:2000, our organization held monthly meetings to review the performance of our organization. While these meetings wouldn’t meet the requirements of the ISO 9001 standard, they were of considerable value to us. Will this need to be changed?
A6: The answer is no. There’s no reason to change what you’re already doing, particularly if it works well for you. I would keep minutes for these meetings however, and use these as a source of review input for when the organization does hold a formal management review.
Q7: Section 5.4.1. of the ISO 9001:2000 standard requires that Quality Objectives are established at relevant functions and levels within the organization. Is the Management Review an appropriate time to address this?
A7: I personally recommend this. The management review is an ideal time to address your organization’s performance towards meeting existing objectives, and for determining new or revised objectives for the upcoming review period.
Q8: What types of records do we need to maintain?
A8: You’ll need to retain records that demonstrate the requirements of the ISO 9001 standard have been met. This should include, as applicable, meeting minutes (dates, attendees, location, agenda, etc.), objective evidence used as part of this review, and any decisions and actions that result (including responsibilities and timelines).
http://www.masquality.com
Q1: Is a Management Review a formal meeting?
A1: A management review is appropriately named, as it’s an opportunity for top management of an organization to review the performance of their organization’s management system. It’s more than just a meeting however, as a management review includes the collection, analysis and review of performance data, and any decisions and actions related to the results.
Q2: Can a management review be held remotely?
A2: With the technology that is currently available, there’s no reason that telephone and web conferencing shouldn’t be considered. Portions of the review can be performed remotely when it is not possible or cost effective to meet in person. Data can be collected and analyzed electronically, and the results communicated by email or other means.
Q3: Our organization is quite large and geographically dispersed. How can we perform a single management review?
A3: There’s actually nothing in the standard that requires only one management review be performed. For a large organization, this review can be performed at individual levels (or locations) and then consolidated into a final review that is performed by executive management of the organization.
Q4: This is our first management review and we don’t have much information to report. Can we still hold a management review?
A4: You have information to report; the problem is that you just don’t have much data. This in itself is noteworthy, and should also be considered as an opportunity for improving the effectiveness of your quality management system under section 5.6.3 of the ISO 9001:2000 standard (Review Output).
Q5: What is the required interval for management reviews?
A5: The ISO 9001 standard doesn’t specify any specific time frame, other than requiring these reviews to be performed at planned intervals. For a “new” program, I would recommend at least quarterly, and then adjusting the duration to possibly six months or even on an annual basis if this meets the needs of the organization. Personally, I would never go longer than a 12 mo. interval between reviews.
Q6: Prior to implementing ISO 9001:2000, our organization held monthly meetings to review the performance of our organization. While these meetings wouldn’t meet the requirements of the ISO 9001 standard, they were of considerable value to us. Will this need to be changed?
A6: The answer is no. There’s no reason to change what you’re already doing, particularly if it works well for you. I would keep minutes for these meetings however, and use these as a source of review input for when the organization does hold a formal management review.
Q7: Section 5.4.1. of the ISO 9001:2000 standard requires that Quality Objectives are established at relevant functions and levels within the organization. Is the Management Review an appropriate time to address this?
A7: I personally recommend this. The management review is an ideal time to address your organization’s performance towards meeting existing objectives, and for determining new or revised objectives for the upcoming review period.
Q8: What types of records do we need to maintain?
A8: You’ll need to retain records that demonstrate the requirements of the ISO 9001 standard have been met. This should include, as applicable, meeting minutes (dates, attendees, location, agenda, etc.), objective evidence used as part of this review, and any decisions and actions that result (including responsibilities and timelines).
http://www.masquality.com
Wednesday, May 7, 2008
ISO 9001 - Design in Education
I decided several articles ago that, instead of trying to address issues that I thought were important, I would focus on questions posed to me during the course of my consulting activities. Of these, one of my favorite questions to date is:
Can ISO 9001:2000 design and development criteria be applied to training and educational programs?
The answer is a definite yes. While the ISO 9001 design and development model is usually associated with manufacturing activities, it’s important to realize that the intent of this criterion has much wider application. These requirements not only relate to the design of product, but the design of processes and services as well.
If we consider the design of training or educational programs, we find that the basic requirements specified in the ISO 9001 standard are by no means unique or foreign. In fact, these requirements can be applied quite easily to training and educational design, and are generally consistent with accepted design methodologies:
• Design Planning - includes project timelines, scope documents, and other information that defines the stages of design and development, design review, verification and validation activities, and design responsibilities.
• Interface Management - includes interested parties, such as the student, the learning institution, their instructors/teachers, representatives of industry, and even parents.
• Design Inputs - includes needs or requirements defined by the student, parents, institution, industry, state and other interested parties; technological developments, and feedback from past experiences could also be considered.
• Design Outputs - includes the resulting specifications that define the learning program. This covers learning objectives, course charts, instruction and/or lessons plans. Specifications for learning aids, equipment and/or materials needed, room requirements (e.g., room size, table size, number of chairs, etc.), and instructor qualification requirements would also fall into this category.
• Design Reviews - includes initial/kick-off meetings to review the design inputs, progress meetings to review the progression of the design to the design plan and final reviews to evaluate the completed program design for approval.
• Design Verification - includes the design reviews stated above, evaluation against similar programs and other activities.
• Design Validation - includes consideration of data obtained from pilot courses, course quizzes and exams, feedback from students (course critiques), feedback from employers and other interested parties including employers and industry.
• Change Control - includes control methods for reviewing and approving proposed changes to existing designs, as well as methods of interface management (such as involvement and notification of affected parties) and configuration control.
Needless to say, the examples above are not intended to be all-inclusive. The specific configuration and attributes of a design program should be based on the training or educational event being developed. Regardless of the specifics of the design program however, the basic framework laid out in the ISO 9001:2000 standard can be applied, and it can be used as an effective means of controlling the design and development process.
The answer is a definite yes.
http://www.masquality.com/
Can ISO 9001:2000 design and development criteria be applied to training and educational programs?
The answer is a definite yes. While the ISO 9001 design and development model is usually associated with manufacturing activities, it’s important to realize that the intent of this criterion has much wider application. These requirements not only relate to the design of product, but the design of processes and services as well.
If we consider the design of training or educational programs, we find that the basic requirements specified in the ISO 9001 standard are by no means unique or foreign. In fact, these requirements can be applied quite easily to training and educational design, and are generally consistent with accepted design methodologies:
• Design Planning - includes project timelines, scope documents, and other information that defines the stages of design and development, design review, verification and validation activities, and design responsibilities.
• Interface Management - includes interested parties, such as the student, the learning institution, their instructors/teachers, representatives of industry, and even parents.
• Design Inputs - includes needs or requirements defined by the student, parents, institution, industry, state and other interested parties; technological developments, and feedback from past experiences could also be considered.
• Design Outputs - includes the resulting specifications that define the learning program. This covers learning objectives, course charts, instruction and/or lessons plans. Specifications for learning aids, equipment and/or materials needed, room requirements (e.g., room size, table size, number of chairs, etc.), and instructor qualification requirements would also fall into this category.
• Design Reviews - includes initial/kick-off meetings to review the design inputs, progress meetings to review the progression of the design to the design plan and final reviews to evaluate the completed program design for approval.
• Design Verification - includes the design reviews stated above, evaluation against similar programs and other activities.
• Design Validation - includes consideration of data obtained from pilot courses, course quizzes and exams, feedback from students (course critiques), feedback from employers and other interested parties including employers and industry.
• Change Control - includes control methods for reviewing and approving proposed changes to existing designs, as well as methods of interface management (such as involvement and notification of affected parties) and configuration control.
Needless to say, the examples above are not intended to be all-inclusive. The specific configuration and attributes of a design program should be based on the training or educational event being developed. Regardless of the specifics of the design program however, the basic framework laid out in the ISO 9001:2000 standard can be applied, and it can be used as an effective means of controlling the design and development process.
The answer is a definite yes.
http://www.masquality.com/
ISO 9001 - Preparing for ISO 9001:2008
As our firm specializes in providing ISO 9001 consulting services, we try to keep up with the latest news regarding ISO 9001 and related industry-specific standards. One of the most notable developments recently is the proposed release of ISO 9001:2008, which is scheduled for later this year.
In June of 2007, ISO’s Technical Committee TC-176, which is the committee responsible for ISO 9001, concluded that the document was now sufficiently mature to move from a Committee Draft (CD) to the Draft International Standard (DIS) and Final Draft International Standard (FDIS) phases. Upon balloting by ISO members during these phases, the official publication would then be released as an International Standard (IS).
The DIS version of ISO 9001 was released in January of 2008, and out of the changes proposed, it appear that the majority of proposed changes are clarifications or additional examples relating to existing requirements, and should not have any major impact on an established system that was properly implemented.
An overview of the Clauses within ISO 9001 affected by these proposed changes includes:
• Clause 0.2 (Process approach)
• Clause 1.1 (Scope)
• Clause 4.1 (General requirements)
• Clause 4.2.1 (Documentation)
• Clause 4.2.3 (Document control)
• Clause 4.2.4 (Records control)
• Clause 5.5.2 (Management rep)
• Clause 6.2.1 (Human resources)
• Clause 6.3 (Infrastructure)
• Clause 6.4 (Work environment)
• Clause 7.2.1 (Customer related processes)
• Clause 7.3.1 (Design & development planning)
• Clause 7.3.3(Design & development outputs)
• Clause 7.5.4 (Customer property)
• Clause 7.6 (Control of Monitoring and Measuring Equipment)
• Clause 8.2.1 (Customer satisfaction)
• Clause 8.2.3 (Monitoring / Measurement of process)
As I mentioned earlier, it doesn’t appear that the majority of these changes would have a major impact on an established system. While minimal change is expected during the next comment period, the contents of the DIS are subject to change however.
As for ISO 9004, significant changes are expected, and as a result, 9004 will not be updated at the same time as ISO 9001. The proposed title of this revision is "Managing for sustainable success – a quality management approach." Until its revision, the 9004 standard will remain a companion document to ISO 9001.
http://www.masquality.com
In June of 2007, ISO’s Technical Committee TC-176, which is the committee responsible for ISO 9001, concluded that the document was now sufficiently mature to move from a Committee Draft (CD) to the Draft International Standard (DIS) and Final Draft International Standard (FDIS) phases. Upon balloting by ISO members during these phases, the official publication would then be released as an International Standard (IS).
The DIS version of ISO 9001 was released in January of 2008, and out of the changes proposed, it appear that the majority of proposed changes are clarifications or additional examples relating to existing requirements, and should not have any major impact on an established system that was properly implemented.
An overview of the Clauses within ISO 9001 affected by these proposed changes includes:
• Clause 0.2 (Process approach)
• Clause 1.1 (Scope)
• Clause 4.1 (General requirements)
• Clause 4.2.1 (Documentation)
• Clause 4.2.3 (Document control)
• Clause 4.2.4 (Records control)
• Clause 5.5.2 (Management rep)
• Clause 6.2.1 (Human resources)
• Clause 6.3 (Infrastructure)
• Clause 6.4 (Work environment)
• Clause 7.2.1 (Customer related processes)
• Clause 7.3.1 (Design & development planning)
• Clause 7.3.3(Design & development outputs)
• Clause 7.5.4 (Customer property)
• Clause 7.6 (Control of Monitoring and Measuring Equipment)
• Clause 8.2.1 (Customer satisfaction)
• Clause 8.2.3 (Monitoring / Measurement of process)
As I mentioned earlier, it doesn’t appear that the majority of these changes would have a major impact on an established system. While minimal change is expected during the next comment period, the contents of the DIS are subject to change however.
As for ISO 9004, significant changes are expected, and as a result, 9004 will not be updated at the same time as ISO 9001. The proposed title of this revision is "Managing for sustainable success – a quality management approach." Until its revision, the 9004 standard will remain a companion document to ISO 9001.
http://www.masquality.com
ISO 9001 - Purchasing Basics
In section 7.4 of the ISO 9001:2000 standard, Purchasing, we find the requirement that “the organization shall ensure that purchased product conforms to specified purchase requirements”. While this requirement in itself is fairly straightforward, a fair degree of latitude is allowed here regarding the type and extent of the controls necessary, as these are simply stating as being “dependent upon the effect of the purchased product on subsequent product realization or the final product”.
While the basics for supplier control may seem fairly rudimentary for those organizations with an established Quality Management System (QMS), I’m providing a basic control scheme below for those organizations that may still need a little help:
1. Identify your suppliers – As simple as this may sound, many organizations have never made a point to establish a comprehensive list of their existing (or potential) suppliers, and those that have often haven’t distributed this list to all affected parties within the organization. As most purchasing systems are computerized to some point, this first step should be quite easily to perform. You must define who you’re using.
2. Identify what’s being provided – Once your suppliers have been identified, it’s then necessary to define their scope (what are they providing?). Some organizations use simple supplier classifications such as “distributor”, “processor”, “manufacturer”, etc., while other organizations go to great detail using product-specific descriptions such as “bolts”, “flanges”, “plate/pipe/sheet”, etc. The particular classification used should be defined by organization, and should be appropriate to the organization’s specific needs. You must define what you’re purchasing.
3. Determine the appropriate controls – Controls should be based on both the item(s) being provided and the historical performance of the supplier that’s providing them. Critical items that directly affect the end-product (your product) should be candidates for increased control, as should suppliers that have performed poorly in the past (in some cases, this may include a “ban” or other restrictions placed on some or all items from a particular supplier). In contrast, controls for purchases that are not critical, or for suppliers that have a long history of excellence, may be relaxed to some degree. In all cases however, you must make sure to specify what your purchasing requirements are (grade, class, composition, QMS, etc.), and perform some degree of receiving inspection prior to placing any purchased product into inventory. You must what controls are necessary.
4. Monitor and correct as necessary - Adequate records should maintained to demonstrate the effectiveness of the above controls, and for use in periodically evaluating supplier performance as part of an on-going supplier management program. If nonconforming product or services are identified, they must be addressed directly with the supplier, or the supplier will never be aware there has been a problem. Should problems consistently occur, go back to #3 above, and re-adjust your controls accordingly. You must actively manage your suppliers.
Additional considerations can be used, such as if the supplier has a documented quality program, and if the supplier has ISO registration or similar pedigrees. Such certifications are appropriate to consider, however they are based on periodic assessments of a supplier’s quality program, and do not reflect the real-time quality performance of the supplier’s organization.
http://www.masquality.com
While the basics for supplier control may seem fairly rudimentary for those organizations with an established Quality Management System (QMS), I’m providing a basic control scheme below for those organizations that may still need a little help:
1. Identify your suppliers – As simple as this may sound, many organizations have never made a point to establish a comprehensive list of their existing (or potential) suppliers, and those that have often haven’t distributed this list to all affected parties within the organization. As most purchasing systems are computerized to some point, this first step should be quite easily to perform. You must define who you’re using.
2. Identify what’s being provided – Once your suppliers have been identified, it’s then necessary to define their scope (what are they providing?). Some organizations use simple supplier classifications such as “distributor”, “processor”, “manufacturer”, etc., while other organizations go to great detail using product-specific descriptions such as “bolts”, “flanges”, “plate/pipe/sheet”, etc. The particular classification used should be defined by organization, and should be appropriate to the organization’s specific needs. You must define what you’re purchasing.
3. Determine the appropriate controls – Controls should be based on both the item(s) being provided and the historical performance of the supplier that’s providing them. Critical items that directly affect the end-product (your product) should be candidates for increased control, as should suppliers that have performed poorly in the past (in some cases, this may include a “ban” or other restrictions placed on some or all items from a particular supplier). In contrast, controls for purchases that are not critical, or for suppliers that have a long history of excellence, may be relaxed to some degree. In all cases however, you must make sure to specify what your purchasing requirements are (grade, class, composition, QMS, etc.), and perform some degree of receiving inspection prior to placing any purchased product into inventory. You must what controls are necessary.
4. Monitor and correct as necessary - Adequate records should maintained to demonstrate the effectiveness of the above controls, and for use in periodically evaluating supplier performance as part of an on-going supplier management program. If nonconforming product or services are identified, they must be addressed directly with the supplier, or the supplier will never be aware there has been a problem. Should problems consistently occur, go back to #3 above, and re-adjust your controls accordingly. You must actively manage your suppliers.
Additional considerations can be used, such as if the supplier has a documented quality program, and if the supplier has ISO registration or similar pedigrees. Such certifications are appropriate to consider, however they are based on periodic assessments of a supplier’s quality program, and do not reflect the real-time quality performance of the supplier’s organization.
http://www.masquality.com
ISO 9001 - Your Management Review
Just as every organization undertakes an annual ritual of financial review, forecasting, planning and budgeting, a similar approach is specified in the ISO 9001:2000 standard for quality management. In the ISO 9001 standard, this process is referred to as a Management Review. Typically, such reviews are held as regularly scheduled events within an organization, with top management convening to review the performance of its quality management system against organizational goals and objectives, and other criteria as specified within the standard.
Specifically, as stated within the ISO 9001 standard, the purpose of a management review is to review the Quality Management System to ensure its continuing adequacy, suitability and effectiveness. This should include an evaluation of the performance of the system based on existing data (review inputs), and should also address any decisions or actions necessary to improve the program and its related processes (review outputs).
To further define the concepts of adequacy, suitability and effectiveness:
1. Adequacy – Sufficient to satisfy a requirement or meet a need*. A quality management system should be capable of satisfying applicable requirements including those specified by the organization, the customer, and any applicable standards and/or regulations.
2. Suitability – The quality of having properties that are right for the specific purpose*. A quality management system should be able to sustain the current performance levels of the organization utilizing an acceptable amount of organizational resources.
3. Effectiveness – Adequate to accomplish a purpose; producing the intended or expected result*. A quality management system should enable the organization to meet its own needs, those of the customer and those of other interested parties.
*Random House Unabridged Dictionary, © Random House, Inc. 2006.
As a minimum, such reviews should be performed annually, although they may be performed on a more frequent basis, including quarterly or even monthly. I personally recommend that oganizations with “newer” systems perform this function on a more frequent basis, at least for the first 18-24 months.
Records of these reviews should be maintained in accordance with documented record control procedures. These records should include, as a minimum, the date of the review, participants in the review, criteria by which the system is measured, strengths and weaknesses of the system, and any decisions or actions that are required.
To assist the organization that is new to this process, I’ve attached the following management review template below. These topics should be considered as the “bare minimum” necessary, and this template should be further modified or expanded, as necessary, to address any additional issues or considerations that the organization may have.
Sample Management Review Agenda
1. ASSESSMENT OF QMS PERFORMANCE
1.1. Management System
1.2. QMS Policy
1.3. QMS Objectives and Targets
2. REVIEW INPUTS
2.1. Results of Audits
2.2. Communication from External Parties, Including Complaints
2.3. Process Performance / Conformance
2.4. Status of Preventive and Corrective Actions
2.5. Follow-up actions from Earlier Management Reviews
2.6. Personnel Status
2.7. Changes That Could Affect this Management System
3. REVIEW OUTPUTS
3.1. Opportunities for Improvement of this Management System:
3.2. Resource Needs:
3.3. QMS Objectives forfiscal year:
http://www.masquality.com
Specifically, as stated within the ISO 9001 standard, the purpose of a management review is to review the Quality Management System to ensure its continuing adequacy, suitability and effectiveness. This should include an evaluation of the performance of the system based on existing data (review inputs), and should also address any decisions or actions necessary to improve the program and its related processes (review outputs).
To further define the concepts of adequacy, suitability and effectiveness:
1. Adequacy – Sufficient to satisfy a requirement or meet a need*. A quality management system should be capable of satisfying applicable requirements including those specified by the organization, the customer, and any applicable standards and/or regulations.
2. Suitability – The quality of having properties that are right for the specific purpose*. A quality management system should be able to sustain the current performance levels of the organization utilizing an acceptable amount of organizational resources.
3. Effectiveness – Adequate to accomplish a purpose; producing the intended or expected result*. A quality management system should enable the organization to meet its own needs, those of the customer and those of other interested parties.
*Random House Unabridged Dictionary, © Random House, Inc. 2006.
As a minimum, such reviews should be performed annually, although they may be performed on a more frequent basis, including quarterly or even monthly. I personally recommend that oganizations with “newer” systems perform this function on a more frequent basis, at least for the first 18-24 months.
Records of these reviews should be maintained in accordance with documented record control procedures. These records should include, as a minimum, the date of the review, participants in the review, criteria by which the system is measured, strengths and weaknesses of the system, and any decisions or actions that are required.
To assist the organization that is new to this process, I’ve attached the following management review template below. These topics should be considered as the “bare minimum” necessary, and this template should be further modified or expanded, as necessary, to address any additional issues or considerations that the organization may have.
Sample Management Review Agenda
1. ASSESSMENT OF QMS PERFORMANCE
1.1. Management System
1.2. QMS Policy
1.3. QMS Objectives and Targets
2. REVIEW INPUTS
2.1. Results of Audits
2.2. Communication from External Parties, Including Complaints
2.3. Process Performance / Conformance
2.4. Status of Preventive and Corrective Actions
2.5. Follow-up actions from Earlier Management Reviews
2.6. Personnel Status
2.7. Changes That Could Affect this Management System
3. REVIEW OUTPUTS
3.1. Opportunities for Improvement of this Management System:
3.2. Resource Needs:
3.3. QMS Objectives for
http://www.masquality.com
ISO 9001 - When Are We Ready?
An effective Quality Management System (QMS) is never really “complete”, as there should always be emphasis on continuously improving the performance of the processes that make up the QMS and the products that are provided the organization. While a properly designed QMS isn’t ever going to be truly finished, it can be “ready” in terms of being an adequate, suitable and effective tool capable of having a positive impact on the operations being performed by the implementing organization.
For many organizations, this “readiness” is validated by obtaining third-party registration from an accredited ISO 9001 registrar. For organizations that new to the registration process, as the name implies, this is an activity performed by an accredited outside organization to verify that the organization has adequately documented and effectively implemented their QMS in accordance with the requirements of the ISO 9001:2000 standard.
Prior to attempting ISO 9001:2000 registration, an organization should assess their level of preparedness and degree of compliance with the ISO 9001:2000 standard. Primarily, this assessment is made through the performance of a formal, documented “internal audit” of the QMS and its related processes, performed by either qualified internal personnel or by utilizing the services of an outside contractor. The performance of an internal audit is specifically required by the ISO 9001 standard, so it must precede the registration process regardless.
For a program that is “new” – one that was recently designed, developed and implemented, I personally recommend that an additional, informal review be performed preceding the more formal internal audit, just as a means of assuring that the organization has “covered all of its bases”, so to speak (think design review). This way, an informal review determines if an organization is ready for a formal internal audit, a formal internal audit determines if an organization is ready for a third-party registration audit, and a third-party registration audit determines if an organization meets the requirements for ISO 9001:2000 registration. Whew.
The purpose of this review is not to collect objective evidence of program compliance (such as in an internal audit), but rather to ensure that the program is ready for more formal assessment. As part of such review, I would initially consider at least 10 key items:
• An adequately communicated Quality Policy
• A designated Management Representative
• A documented Quality Manual
• Documented procedures required by the standard
• Additional procedure and/or Work instructions as appropriate to the complexity of the processes being performed
• Internal training of personnel on the QMS and on the activities they are performing
• A documented Management Review
• At least one Internal audit
• Adequate historical data relating to the performance of the QMS
• Adequate analysis of process performance
There’s one more key item, while not directly addressed, is implied in each above - Implementation, Implementation and Implementation. Implementation is KEY. And remember, it never happened if there’s no record that it was performed.
The degree of documentation generated as a result of this activity should be left to discretion of the organization, but as this is an informal review, this could be considered technically as outside of the organization’s internal audit program. Being for “informational use only”, this activity wouldn’t be subject to the same documentation requirements as an audit, unless this was a requirement specified within the organization’s procedures. Again, this is an informal review, not a formal internal audit.
Documentation should however be generated regarding any issues that were identified during this informal assessment, through the Corrective Action or Preventative Action process established with the organization’s QMS. This activity will ensure that any deficiencies are adequately addressed and also serve to demonstrate the effectiveness of these two key processes. This also provides information that can be used as part of the organization’s management review.
http://www.masquality.com
For many organizations, this “readiness” is validated by obtaining third-party registration from an accredited ISO 9001 registrar. For organizations that new to the registration process, as the name implies, this is an activity performed by an accredited outside organization to verify that the organization has adequately documented and effectively implemented their QMS in accordance with the requirements of the ISO 9001:2000 standard.
Prior to attempting ISO 9001:2000 registration, an organization should assess their level of preparedness and degree of compliance with the ISO 9001:2000 standard. Primarily, this assessment is made through the performance of a formal, documented “internal audit” of the QMS and its related processes, performed by either qualified internal personnel or by utilizing the services of an outside contractor. The performance of an internal audit is specifically required by the ISO 9001 standard, so it must precede the registration process regardless.
For a program that is “new” – one that was recently designed, developed and implemented, I personally recommend that an additional, informal review be performed preceding the more formal internal audit, just as a means of assuring that the organization has “covered all of its bases”, so to speak (think design review). This way, an informal review determines if an organization is ready for a formal internal audit, a formal internal audit determines if an organization is ready for a third-party registration audit, and a third-party registration audit determines if an organization meets the requirements for ISO 9001:2000 registration. Whew.
The purpose of this review is not to collect objective evidence of program compliance (such as in an internal audit), but rather to ensure that the program is ready for more formal assessment. As part of such review, I would initially consider at least 10 key items:
• An adequately communicated Quality Policy
• A designated Management Representative
• A documented Quality Manual
• Documented procedures required by the standard
• Additional procedure and/or Work instructions as appropriate to the complexity of the processes being performed
• Internal training of personnel on the QMS and on the activities they are performing
• A documented Management Review
• At least one Internal audit
• Adequate historical data relating to the performance of the QMS
• Adequate analysis of process performance
There’s one more key item, while not directly addressed, is implied in each above - Implementation, Implementation and Implementation. Implementation is KEY. And remember, it never happened if there’s no record that it was performed.
The degree of documentation generated as a result of this activity should be left to discretion of the organization, but as this is an informal review, this could be considered technically as outside of the organization’s internal audit program. Being for “informational use only”, this activity wouldn’t be subject to the same documentation requirements as an audit, unless this was a requirement specified within the organization’s procedures. Again, this is an informal review, not a formal internal audit.
Documentation should however be generated regarding any issues that were identified during this informal assessment, through the Corrective Action or Preventative Action process established with the organization’s QMS. This activity will ensure that any deficiencies are adequately addressed and also serve to demonstrate the effectiveness of these two key processes. This also provides information that can be used as part of the organization’s management review.
http://www.masquality.com
ISO 9001 - How Fast Can We Get Certified?
As a consultant that specializes in helping small businesses to achieve ISO 9001:2000 certification, I’m frequently asked by potential clients “how fast can we get certified?”. The typical reason behind this question is a business opportunity that’s recently arisen, meaning that the answer the client hopes to hear is “right away…if not sooner”.
Obtaining ISO 9001:2000 certification is a significant achievement and it’s going to take a considerable amount of work. There are certain variables however, that will facilitate the certification process, just as there are others that will extend the duration, relatively speaking.
When asked by a client how long it will take to get certified, I typically base my estimate on their answers to the following questions:
• How much time can be allocated to this project based on your busy schedules?
• What is the proposed scope of your certification?
• How large is your organization and/or how complex are your processes?
• How well-defined and documented are your existing processes?
• How much knowledge does your organization posses relative to the ISO 9001 standard?
• What is the planned degree of consultant involvement?
• Once a registrar has been selected, what’s their availability?
From the list above, it is likely that preparation time will increase with the size of your organization, the complexity of its operations and the scope of the proposed certification. In contrast, preparation time will be inversely related to the knowledge level of your personnel, the degree of compliance that already exists within established systems and the resources made available to get the job done.
There is one final note however, and this is in addition to whatever preparation time is necessary to implement your Quality Management System (QMS); your ISO registrar will require several month’s worth of objective evidence to review as part of your certification audit. This evidence is necessary to verify that your QMS is meeting the requirements of the standard.
Now, back to the initial question of “how fast can we get certified?” - we’ve helped organizations achieve certification in as little as 4 months and we’ve also had projects take up to a year or more. It really is up to the organization, and their level of commitment to obtain certification.
There’s no question about it however, obtaining ISO 9001:2000 certification is a significant achievement, and it is going to take a considerable amount of work.
http://www.masquality.com
Obtaining ISO 9001:2000 certification is a significant achievement and it’s going to take a considerable amount of work. There are certain variables however, that will facilitate the certification process, just as there are others that will extend the duration, relatively speaking.
When asked by a client how long it will take to get certified, I typically base my estimate on their answers to the following questions:
• How much time can be allocated to this project based on your busy schedules?
• What is the proposed scope of your certification?
• How large is your organization and/or how complex are your processes?
• How well-defined and documented are your existing processes?
• How much knowledge does your organization posses relative to the ISO 9001 standard?
• What is the planned degree of consultant involvement?
• Once a registrar has been selected, what’s their availability?
From the list above, it is likely that preparation time will increase with the size of your organization, the complexity of its operations and the scope of the proposed certification. In contrast, preparation time will be inversely related to the knowledge level of your personnel, the degree of compliance that already exists within established systems and the resources made available to get the job done.
There is one final note however, and this is in addition to whatever preparation time is necessary to implement your Quality Management System (QMS); your ISO registrar will require several month’s worth of objective evidence to review as part of your certification audit. This evidence is necessary to verify that your QMS is meeting the requirements of the standard.
Now, back to the initial question of “how fast can we get certified?” - we’ve helped organizations achieve certification in as little as 4 months and we’ve also had projects take up to a year or more. It really is up to the organization, and their level of commitment to obtain certification.
There’s no question about it however, obtaining ISO 9001:2000 certification is a significant achievement, and it is going to take a considerable amount of work.
http://www.masquality.com
What is ISO 9001?
What is ISO?
The International Organization for Standardization (ISO) is a worldwide federation of national standards bodies from some 100 countries, one from each country. ISO's mission is to promote the development of standardization and related activities in the world with a view to facilitating the international exchange of goods and services, and to developing cooperation in the spheres of intellectual, scientific, technological and economic activity. ISO's work results in international agreements which are published as International Standards.
ISO 9001:2000
The 9001 standard was developed by ISO to serve as an international standard for Quality Management Systems. Revised in the year 2000 (hence ISO 9001:2000), the intent of this standard is to give quality assurance of product and to enhance customer satisfaction. ISO 9001 is part of the ISO 9000 series of standards, which includes:
• ISO 9000:2000 - Fundamentals and Vocabulary
• ISO 9001:2000 - Requirements
• ISO 9004:2000 - Guidelines for Performance Improvements
Quality Management Principles
While earlier editions of the ISO 9001 standard are primarily focused on compliance, “say what you do and do what you say”, the more recent 2000 edition is a process-based standard which places significant emphasis on customer satisfaction. At the core of the 2000 edition are the following eight Quality Management Principles:
• Customer focus
• Leadership
• Involvement of people
• Process approach
• System approach to management
• Continual improvement
• Factual approach to decision making
• Mutually beneficial supplier relationships
Benefits of ISO 9001
Organizations that have successfully implemented an ISO 9001 Quality Management System typically report that, by adopting the requirements of this standard, their business has improved significantly over past performance levels. A recent survey of 100 ISO registered firms suggests the average improvement in operating margin is approximately 5% of sales.
The total list of benefits realized by these organizations is assorted and diverse. These benefits often include, but are not limited to:
• Improved performance of affected processes;
• Increased customer satisfaction levels;
• Enhanced decision-making capability through emphasis on data-driven management;
• Reduced operating costs related to waste, rework and non-value added activities;
• Demonstrated compliance with customer, regulatory and/or other requirements; and
• Eligibility for contracts stipulating third-party (e.g., ISO 9001) certification
Getting Started
For most organizations new to ISO 9001, resources and experience are limited. As a result, outside consulting services are used to support the development and implementation of their Quality Management System.
Typically, the amount of time necessary to achieve ISO compliance will be based on the size of the organization, the complexity of its operations and the scope of the proposed certification. In contrast, preparation time will be inversely related to the knowledge level of personnel, the degree of compliance that already exists within established systems and the resources made available to get the job done.
Most organizations will require between 4 to 12 months for the development and implementation of an effective system. This is a general guideline however, as it is really up to the organization, and their level of commitment to becoming ISO 9001 compliant.
ISO 9001 Certification
While many organizations pursue ISO compliance to improve their general business condition, a significant percentage of organizations pursue compliance due to market requirements and/or the market advantages that come with ISO 9001 certification.
ISO certification (also known as “registration”), is a third-party activity, performed by an ISO registrar (or certification body) who, upon verification that an organization is in compliance with the requirements of ISO 9001, will issue an ISO 9001 certificate. This certification is then maintained through regularly scheduled surveillance audits (bi-annual or annual) by the registrar, with re-certification of the program performed on a tri-annual basis.
http://www.masquality.com
The International Organization for Standardization (ISO) is a worldwide federation of national standards bodies from some 100 countries, one from each country. ISO's mission is to promote the development of standardization and related activities in the world with a view to facilitating the international exchange of goods and services, and to developing cooperation in the spheres of intellectual, scientific, technological and economic activity. ISO's work results in international agreements which are published as International Standards.
ISO 9001:2000
The 9001 standard was developed by ISO to serve as an international standard for Quality Management Systems. Revised in the year 2000 (hence ISO 9001:2000), the intent of this standard is to give quality assurance of product and to enhance customer satisfaction. ISO 9001 is part of the ISO 9000 series of standards, which includes:
• ISO 9000:2000 - Fundamentals and Vocabulary
• ISO 9001:2000 - Requirements
• ISO 9004:2000 - Guidelines for Performance Improvements
Quality Management Principles
While earlier editions of the ISO 9001 standard are primarily focused on compliance, “say what you do and do what you say”, the more recent 2000 edition is a process-based standard which places significant emphasis on customer satisfaction. At the core of the 2000 edition are the following eight Quality Management Principles:
• Customer focus
• Leadership
• Involvement of people
• Process approach
• System approach to management
• Continual improvement
• Factual approach to decision making
• Mutually beneficial supplier relationships
Benefits of ISO 9001
Organizations that have successfully implemented an ISO 9001 Quality Management System typically report that, by adopting the requirements of this standard, their business has improved significantly over past performance levels. A recent survey of 100 ISO registered firms suggests the average improvement in operating margin is approximately 5% of sales.
The total list of benefits realized by these organizations is assorted and diverse. These benefits often include, but are not limited to:
• Improved performance of affected processes;
• Increased customer satisfaction levels;
• Enhanced decision-making capability through emphasis on data-driven management;
• Reduced operating costs related to waste, rework and non-value added activities;
• Demonstrated compliance with customer, regulatory and/or other requirements; and
• Eligibility for contracts stipulating third-party (e.g., ISO 9001) certification
Getting Started
For most organizations new to ISO 9001, resources and experience are limited. As a result, outside consulting services are used to support the development and implementation of their Quality Management System.
Typically, the amount of time necessary to achieve ISO compliance will be based on the size of the organization, the complexity of its operations and the scope of the proposed certification. In contrast, preparation time will be inversely related to the knowledge level of personnel, the degree of compliance that already exists within established systems and the resources made available to get the job done.
Most organizations will require between 4 to 12 months for the development and implementation of an effective system. This is a general guideline however, as it is really up to the organization, and their level of commitment to becoming ISO 9001 compliant.
ISO 9001 Certification
While many organizations pursue ISO compliance to improve their general business condition, a significant percentage of organizations pursue compliance due to market requirements and/or the market advantages that come with ISO 9001 certification.
ISO certification (also known as “registration”), is a third-party activity, performed by an ISO registrar (or certification body) who, upon verification that an organization is in compliance with the requirements of ISO 9001, will issue an ISO 9001 certificate. This certification is then maintained through regularly scheduled surveillance audits (bi-annual or annual) by the registrar, with re-certification of the program performed on a tri-annual basis.
http://www.masquality.com
Subscribe to:
Posts (Atom)
Posts
