ISO 9000 Quality Management System: 2010

Monday, November 15, 2010

ISO 9001 Documents Control – Elements and Requirements

ISO 9001 Documents Control – Elements and Requirements

The ISO 9001 standard is caring for us. It cares for us from several angles. One of these cares regards our documentation. The standard requires that we will document by all means.
But it also cares that we won’t get confused and mix up different documents from different sources. Therefore it requires all documents to be controlled. This is not a recommendation but a requirement. You must control your documents. In order to achieve documents control you must maintain a method. This method must be one of the organizations quality procedures and it should be called “Documents Control”. In this procedure you must refer to the next line of issues.

Types of records
At first, you must define what documents this procedure would include. Documents can be working procedures, diagrams, technical specifications, price quotes etc. In order not to “swirl” around too many documents, let’s make it clear. Let’s define what a document is: Communication of information, evidence for correspondence, sharing of any kind of knowledge, approved documents. Someone within the organization must supervise all documents and see that they are suitable for working before they are released.The reason is to prevent any faults where unsuitable documents are being used or information that is classified is handed to wrong bodies. It is required to define for whom it is authorized and when must he approve any document. Who is responsible? The same one who is responsible for the information documented. It must be part of his job description. There are situations that more than one function would be needed to approve one document. It happens when more than one process is documented on one document.

Updated documents
This requirement assures that always the last version is the version in use – and not an older. Therefore you must define a method for maintaining updated version and elimination of older versions. How would one know what is the last version? Usually organizations manage a list of editions and updates for documents. You can manage the document itself. But most important, it is required to indicate the document itself as the last edition. This way, any employee that would use the document, would be sure that he holds the last edition. Of course, don’t forget to document the method.It is also required to define what to do with the old versions that are now not updated. How do you handle them? Are they to be destroyed, archived etc. Managing editions must include: Date of last update, The reason for the update, The function who demanded the update, The function that authorized the update. Although the ISO 9001 standard doesn’t require these requirements specifically, it would help you to achieve its basic requirements. Of course you would use what is suitable for your organization. Today there is a lot of document management softwares. These software, naturally qualify for the standard requirements but it is recommended to review anyone before purchasing.

Availability and distribution of documents
This is an un separated part of the last requirement. Defining the availability and distribution of documents must include the following:User authorization – to which it is authorized to use the document, the location of the document – where must the document be kept before and after use. Most of today’s process management systems (such as ERP or CRM systems) provide documents control relevant to the process they handle. They present the user with a screen (a screen on a computer system is a document like any other document) with defined information to input. Most of these systems also has authorization module installed. But when systems like the ones mentioned do not exist in the organization, it must provide with his employees the relevant updated documents. That means the latest editions. In order to ensure that, the standard require a documented method. How to obtain that? Well, it depends on your organization and his substructures.

Identification of documents
Any document (internal or external) must be identified somehow. Any internal document must have a name, serial number, catalogue number or whatever. Somehow to define it. The ISO 9001 standard requires that you maintain a method to achieve identification. The identification must include the numbering, coding or however you decided to identify it. But it is required to document the method. You must also include location of documents. How one can trace the document. for example customer’s files are scanned to the computer or stored in some closet. The final purpose of all this is to achieve control of the documents – any employee, once he looks at a document or trying to trace a document, would know where to approach: a department, a process, some function or any kind of identification relevant to your organization. If we look again at process management systems, then it is much simpler. Any document in those systems is identified by a number of some kind, produced by the system. The number is given according to some internal method. In this case you must not document this method but mention it in the procedure that these specific documents are managed. In case there are documents that are manually managed you must document the method. All this also applies for external documents. Any documentation that arrives from outside (with presumption that it is a document as defined) is included in the ISO 9001 standard requirement. In this case you must specify what is to do with these documents and where one can trace them in the hour of need. For example, where to file the documents. Again, you define the method according to your organization’s nature.

Documents removal
You must define a method for documents removal for any reason: un updated, out of use, etc. the method must include what is it to do with the document and who is responsible, once it is out of use. For example, removing old documents from the organization’s server for no further use or removing old forms from the offices that no one would use them again. Some of this things sound trivial and they are, but still this is a ISO 9001 standard requirement..

Summary:
The ISO 9001 standard requires that we document all sorts of our documents. It also requires that we would not confuse all kinds of documents from different sources. Therefore we must define a method for documents control. This is not a recommendation but a requirement.
The method must be presented as a documented procedure.
The documented procedure would be called “Documents control”.
You must include a definition of documents within the method – what is a document.
All documents must be approved before use. The purpose is to verify that the documents are suitable for work.
All documents must be updated. You must define a method to ensure the use of updated documents only. The method should include management documents editions and documents indications.
All documents must be identified. The organization must specify a method for documents identification. The purpose is that any employee would know which document he holds or where to trace it.
It is also required to manage availability and distribution of documents. You must verify that the documents that are distributed to the employees are the correct ones.
You must define a method for documents removal. When and why to remove documents and in whose responsibility.

ISO 9000 CERTIFICATION IS AN APPRAISAL TO COMPANY

ISO 9000 CERTIFICATION IS AN APPRAISAL TO COMPANY

During World WarII, there were quality problems in many British industries such as munitions, where bombs were exploding in factories during assembly. The adopted solution was to require factories to document their manufacturing procedures and to prove by record-keeping that the procedures were being followed. The name of the standard was BS 5750, and it was known as a management standard because it specified not what to manufacture, but how the manufacturing process was to be managed. According to Seddon, “In 1987, the British Government persuaded the International Organization for Standardization to adopt BS 5750 as an international standard. BS 5750 became ISO 9000.”

ISO 9001: 2008 only introduces clarifications to the existing requirements of ISO 9001: 2000 based on eight years of experience of implementing the standard worldwide with about one million certificates issued in 170 countries to date. It also introduces changes intended to improve consistency with ISO14001: 2004.. In fact, the ISO technical committee (TC176) who develops the ISO 9000 series of standards is deliberately planning the next release as an amendment rather than a formal revision. The difference is that an “amendment” is focused on making changes for clarification purposes only and for better alignment with ISO 14001, the standard for environmental management. With the 2008 release, the committee is purposely intending not to introduce substantive changes that will affect the QMS processes and documentation of currently certified organizations. Thus, the new ISO 9001:2008 standard should have limited impact on companies already certified. Some of the requirements in ISO 9001 (which is one of the standards in the ISO 9000 family) include:-

a set of procedures that cover all key processes in the business;
monitoring processes to ensure they are effective;
keeping adequate records;
checking output for defects, with appropriate and corrective action where necessary;
regularly reviewing individual processes and the quality system itself for effectiveness; and
facilitating continual improvement

ADVANTAGES OF ISO 9000 CERTIFICATION:

It is widely acknowledged that proper quality management improves business, often having a positive effect on investment, market share, sales growth, sales margins, competitive advantage, and avoidance of litigation. The quality principles in ISO 9001: are also sound, according to Wade, and Barnes, who says “ISO 9000 guidelines provide a comprehensive model for quality management systems that can make any company competitive.” Barnes also cites a survey by Lloyd’s Register Quality Assurance which indicated that ISO 9001 increased net profit, and another by Deloitte-Touche which reported that the costs of registration were recovered in as less as three months. According to the Providence Business News, implementing ISO often gives the following advantages:

Create a more efficient, effective operation
Increase customer satisfaction and retention
Reduce audits
Enhance marketing
Improve employee motivation, awareness, and morale
Promote international trade
Increases profit
Reduce waste and increases productivity

In today’s service-sector driven economy, more and more companies are using ISO 9000 as a business tool. Through the use of properly stated quality objectives, customer satisfaction surveys and a well-defined continual improvement program companies are using ISO 9000 processes to increase their efficiency and profitability.

Why Does ISO 9000 Emphasis On Document Control?

Why Does ISO 9000 Emphasis On Document Control?

Think of the Document Control Procedure as ‘evidence’ that an established process or procedure was adhered to in order to satisfy customer requirements. Both Registrars and Internal Auditors will always focus on the quality, continuity and flow of documentation; inconsistencies in this flow of information will indicate a problem and generate a non-conformance.

It is vital that your organization implements and maintains a robust document and record management system pursuant to Clause 4.2. of ISO 9001:2008.

Terms and definitions

To better understand the difference between a document and a record, the following terms and definitions are taken from ISO 9000:2005:

Term, Clause and Definition

Document, 3.7.2, Information and its supporting medium

Record, 3.7.6, A document stating results achieved or providing evidence of activities performed Control of Documents (4.2.3)

Implementing a quality management system might mean that you will be generating new documents and keeping some records that you might not be already keeping. Some of this documentation may seem burdensome until you become more familiar with the quality standard. In general though, the organization must:

- Approve documents before your distribute them
- Provide the correct version of documents at points of use
- Review and re-approve documents whenever you update them
- Specify the current revision status of your documents
- Monitor documents that come from external sources
- Prevent the accidental use of obsolete documents
- Preserve the usability of your quality documents

In order for any organization to demonstrate the effective implementation of its quality management system, it may be necessary to develop documents other than documented procedures. However, the only documents specifically required by ISO 9001:2008 are:

- Quality policy (4.2.1.a)
- Quality objectives (4.2.1.a)
- Quality manual (4.2.1.b)
- Control of Records (4.2.4)

A record is a document that provides traceability; it declares results or presents evidence that the activities undertaken met customer requirements. It is important to identify relevant quality records as you progress your documentation and ensure that records are defined within a procedure or by a system and that it exists and is controlled.

Types of Records required by ISO 9001:2008 Document Control Procedure

5.6.1 Management reviews
6.2.2 e) Education, training, skills and experience
7.1 d) Evidence that the realization processes and resulting product fulfil requirements
7.2.2 Results of the review of requirements related to the product and actions arising from the review
7.3.2 Design and development inputs relating to product requirements
7.3.4 Results of design and development reviews and any necessary actions
7.3.5 Results of design and development verification and any necessary actions
7.3.6 Results of design and development validation and any necessary actions
7.3.7 Results of the review of design and development changes and any actions
7.4.1 Results of supplier evaluations and any actions arising from the evaluations
7.5.2 d) As required by the organization to demonstrate the validation of processes where the resulting output cannot be verified by subsequent monitoring or measurement
7.5.3 The unique identification of the product, where traceability is a requirement
7.5.4 Customer property that is lost, damaged or otherwise unsuitable for use
7.6 a) Basis used for calibration or verification of measuring equipment where no international or national measurement standards exist
7.6 Validity of the previous measuring results when the measuring equipment is found not to conform to requirements
7.6 Results of calibration and verification of measuring equipment
8.2.2 Internal audit results and follow-up actions
8.2.4 Indication of the person(s) authorizing release of product.
8.3 Nature of the product nonconformities and any subsequent actions taken, including concessions obtained
8.5.2 e) Results of corrective action
8.5.3 d) Results of preventive action

Document Control Procedure Summary

Remember that you are in control of the documents and records and not vice versa. Only document and record what is necessary – the fewer documents and records you keep, the fewer things that will be audited, and the more time you will have to actually run your business.

ISO 9000 Standards Certification and Registration

ISO 9000 Standards Certification and Registration

The International Standards Organization is responsible for two major sets of requirements that relate to an overall quality management system to be used by businesses. The ISO 9000 family of standards is the primary set of requirements for most businesses.

Quality management by definition address that the organization does certain things to “fulfill the customer’s quality requirements and applicable regulatory requirements while aiming to enhance customer satisfaction, and achieve continual improvement of its performance in pursuit of these objectives”.
ISO 14000 address the environmental management to minimize harmful effects to the environment. Again, it is a quality management system designed to “achieve continual improvement of its environmental performance.

ISO certification 9000 is the most common. So, let’s take a look at what ISO certification entails and what it means. To become certified, a quality management system must be in place that meets the requirements of the ISO standard. This begins with the business recognizes the requirements and developing a quality system to meet their needs at the same time they meet the requirements.

ISO 9000 certification and ISO 9000 registration are two different entities, though they are often used interchangeably. To achieve ISO certification 9001 , an independent registrar is hired to audit the quality system for thoroughness and compliance to all the standards. When this is accomplished, the business is offered a certificate stating that the quality system conforms to standards within the particular standard.

ISO registration means that the certification has been recorded in its client register. Because most companies have been certified and in turn registered, the terms are offed interchanged in general use. While the term “certification” is the most widely used, “registration” used in North America. Both are completely acceptable, because the business has fulfilled the requirements set forth by ISO.

Monday, August 30, 2010

Integrating Management Systems Within The ISO 9001 Standards

Today’s free market economies increasingly encourage diverse sources of supply and provide opportunities for expanding markets. Fair competition needs to be based on identifiable, clearly defined common references that are recognised from one country to the next. A standard, internationally recognised, developed by consensus among trading partners, serves as the language of trade. The International Organisation for Standardisation (ISO) has developed around 8?700, mostly technical related standards on this basis. Standards Series such as ISO 9000, ISO 14000 and what is to be known as ISO 18000 and ISO 26000 are Management related. These standards contain generic guidelines for Management Systems in the area of Quality, Environment, Occupational Health & Safety and Human Resources.

ISO is a word derived from the Greek isos, meaning “equal”. ISO 9000 Standards are developed and updated by the International Organisation for Standardisation which has around 150 member bodies. A member body of ISO is the national body “most representative of standardisation in its country”.(eg. Germany – DIN, USA – ANSI, Australia – SAA).
More than 50 countries, as well as the European Community have adopted ISO 9000 which is recognised internationally as a benchmark for measuring quality in a trade context. Since its first issue in 1987, approximately 430?000 companies have been using ISO 9000. Being a standard coming from an organisation that is usually involved in the development of technical standards, ISO 9000 is often regarded as a document that belongs in the hands of a technician exposed to production line quality control. At a closer look, however, ISO 9000 Standard Series provide guidance in the development and application of Management Systems as well as Quality Control in Manufacturing and Administration.

ISO has been developing a number of Management System Guidelines for various aspects of business. The most recent are the ISO 14000 Environmental Management System Guidelines. This is an international standard that will affect business in the near future. ISO 14000 has been designed to integrate with ISO 9000. However, apart from international standards there are local standards a company has to comply with. To remain compliant with local standards, further manuals and/or procedures are required (eg. lifting procedure in a warehouse to satisfy Work Safety requirements). A company may have several Manuals describing its Management Systems (eg. Human Resources, Quality, Security, Health/Safety, Finances). An overall link between the systems is often missing which makes the monitoring and the assessment of effectiveness difficult. Double handling of information, contradicting instructions, high maintenance costs, administrative excess and lack of overall transparency are common results.
ISO 9000 Standard Series for Quality (of) Management Systems provide generic guidance for the development of an overall Management System, ISO 14000 provides guidance for Environmental Management, etc. Transparency and monitoring of all business activities can be achieved by integrating all systems into one.
Complaints that ISO 9000 is paralysing operations and, that it does not reflect reality are usually a result of not clearly understanding how the standard can be properly structured to address the needs of a company. ISO 9000 can be structured by focusing on “best practice” process rather than the standard, by fitting the standard to the process and not the process to the standard. Having recognised this, ISO has been working on a new structure for ISO 9000, called “Vision 2000?, taking a process orientated approach to ensure that “best practice” as well as several standards can be addressed within one system. Focusing on process allows the development of a practical “working document”, providing an effective management tool. Having learned from the past, the trend to Process Orientated Management Systems started about three years ago in Europe and is finding increasing approval from certification bodies.Every company has its own culture and key individuals.
The business environment influences processes in certain ways (eg. employee market, laws, infrastructure, client, etc.)
To ensure competitiveness a company needs to ensure adequate flexibility in their system to effectively respond to changes in the business environment.
An effective system is a lean system that incorporates all necessary functions, controls of activities and “best practice” without being caught up in detail.
An effective system must also be flexible enough to enable the proper controls on outsourcing and sub-contracting of activities (eg. production, administration, service, etc.)

Quality Management System Preliminary Gap Analysis

Quality Management System Preliminary Gap Analysis

Decide on a number from 0 to 5 for each item below. The scoring criteria are given in a table at the end. 1 to 5 Make notes to explain your score for future reference.

1. Have you established, documented, implemented and now maintain a Quality Management System (QMS) to any system including ISO 9001?

2. Have you identified the processes needed for your QMS and

a. the sequence of your production and service delivery processes,

b. the criteria and methods needed to ensure the processes are effective, and3. Do you have

c. have the resources and the information you need to support the processes?

d. a Quality Manual including your Quality Policy and quality objectives, and

e. written procedures and work instructions?

4. Do your records provide evidence that your business processes are effective?6. Has your Top Management communicated the importance of meeting customer and other business requirements to all the employees?9. Are your quality objectives measurable?

5. Is your Top Management committed to the development and implementation of a new QMS (i.e. based on the 2008 version of ISO 9001)?

7. Has your Top Management made a commitment to ensure your customers’ requirements are top priority?

8. Do your quality objectives include requirements for production and delivery?

10. Have the responsibilities and authorities of managers and employees been defined and communicated to them?

11. Does your management have the drive and resources needed

a. to implement, and maintain a QMS and continually improve its effectiveness, and

b. to enhance customer satisfaction by meeting customer requirements?

12. Does your organization have procedures to select competent personnel for work activities?

13. Does your organization provide training or take other action to help develop your people?

14. Does your organization provide adequate:

a. buildings, workspace and utilities,

b. process equipment, and

c. supporting services such as transport or communication?

15. When you receive a customer order do you review it for

a. requirements specified by the customer, including the delivery and post-delivery activities,

b. requirements not stated by the customer but necessary for specified use or known and intended use, and

c. statutory and regulatory requirements related to the product?

16. Do you inform your customers concerning

a. product information,

b. enquiries, contracts or order handling, including changes, and

c. channels for customer feedback and complaints?

17. Does your organization plan and control product design and development activities?

18. Does your organization maintain records of design or development review, verification and validation activities and resulting action?

19. Does your organization inspect or otherwise confirm that purchased products, materials, components and services conform to your specified purchase requirements?

20. Does your organization select suppliers depending on how important the purchased product is for production?

21. Does your organization evaluate suppliers (subcontractors or vendors) based on their ability to satisfy your requirements?

22. Do you ensure production has

a. the information that describes the characteristics of the product,

b. the necessary work instructions,

c. suitable equipment, and

d. the monitoring and measuring devices needed?

23. Does your organization regularly confirm that your production and service processes are capable of consistently meeting your requirements?

24. Are parts, components, subassemblies and products identified throughout production or service delivery?

25. Are monitoring and measurement requirements clearly shown with the status of the product?

26. Where traceability is a requirement, does production keep records of unique product identification?

27. Do you care for and protect customers’ property under your control or being used by your people?

28. Do you look after your product (including the parts or components) during both production and delivery to the customer, by providing suitable identification, packaging, storage, preservation and handling?

29. Do you have instructions needed to identify inspection or monitoring activities to be done during production or service delivery and the devices to be used?

30. Is your measuring equipment:

a. Calibrated or verified at specified intervals, or prior to use?

b. Adjusted or re-adjusted as necessary?

c. Identified to enable the calibration status to be determined?

d. Safeguarded from adjustments that would invalidate the measurement result?

e. Protected from damage and deterioration during handling, maintenance and storage?

31. Does your organization monitor customer information that shows you have satisfied customer requirements?

32. Does your organization conduct internal quality audits at planned intervals?

33. Does your organization use suitable methods to monitor and, where practical, measure the performance of your processes?

34. Does your organization inspect or measure the characteristics of finished products and record the results?

35. Does your organization identify nonconforming products and review them for disposition?

36. Does your organization collect and analyze data to assess the suitability and effectiveness of the QMS?

37. Does your organization use data to evaluate or identify where continual improvement of the QMS can be made?

38. Does your organization continually improve the effectiveness of the QMS?

39. Does your organization take corrective action to eliminate the causes of problems and to prevent their recurrence?

40. Does your organization determine and eliminate potential nonconformities in order to prevent their occurrence?

To score this table:

0 – You do not understand what is required or believe it is necessary

1 – Your organization does not perform this activity

2.- You understand this activity is a good thing to do but do not do it

3 – You do this sometimes

4 – You do this but not very well

5 – You do this quite well.

Add all the points together.

150 – 200

You are almost ready to complete your ISO 9001 QMS and apply for certification/

registration.

100 – 149

You are ready to implement the QMS. This will likely improve your business results.

0 – 99

You have a lot to do but should begin. You could consider seeking help from a

consultant or specialist.