Welcome!

Welcome!
Please also visit following blogs:
- 'EMS Awareness' Blog

Academic comments are invited.

Encouragement Support - National Centre for Quality Management. Please become a member of NCQM.

Keshav Ram Singhal

Various information, quotes, data, figures used in this blog are the result of collection from various sources, such as newspapers, books, magazines, websites, authors, speakers etc. Unfortunately, sources are not always noted. The editor of this blog thanks all such sources.

People from more than 145 countries/economies have visited this blog: Afghanistan, Albania, Algeria, Angola, Argentina, Aruba, Australia, Austria, Azerbaijan, Bahrain, Bangladesh, Belarus, Belgium, Belize, Benin, Bhutan, Bosnia and Herzegovina, Botswana, Brazil, Brunei, Bulgaria, Burundi, Cameroon, Cambodia, Canada, Chile, China, Colombia, Costa Rica, Croatia, Cyprus, Czech Republic, Denmark, Dominican Republic, Ecuador, Egypt, El Salvador, Estonia, Ethiopia, European Union, Fiji, Finland, France, Georgia, Germany, Ghana, Gibraltar, Greece, Guatemala, Guyana, Haiti, Honduras, Hong Kong S. A. R. (China), Hungary, Iceland, India, Indonesia, Iraq, Ireland, Israel, Italy, Ivory Coast, Jamaica, Japan, Jersey, Jordan, Kazakhstan, Kenya, Kuwait, Laos, Latvia, Lebanon, Lesotho, Libya, Lithuania, Luxembourg, Macao S. A. R. (China), Macedonia, Malawi, Malaysia, Maldives, Malta, Manila, Mauritius, Mexico, Moldova, Mongolia, Montenegro, Morocco, Mozambique, Myanmar, Namibia, Nepal, Netherlands, New Zealand, Nigeria, Niue, Norway, Oman, Pakistan, Palestinian Territory, Panama, Papua New Guinea, Peru, Philippines, Poland, Portugal, Puerto Rico, Qatar, Rwanda, Romania, Russia, Saint Lucia, Samoa, Saudi Arabia, Saint Kitts and Navis, Serbia, Seychelles, Singapore, Slovakia, Slovenia, Somalia, South Africa, South Korea, Spain, Sri Lanka, Sudan, Swaziland, Sweden, Switzerland, Syria, Taiwan, Tanzania, Thailand, Trinidad and Tobago, Tunisia, Turkey, Turks and Caicos Islands, UAE, Uganda, UK, Ukraine, USA, Uzbekistan, Venezuela, Vietnam, Zambia, Zimbabwe etc. Total visitors number crossed 100,000 on 14. 02. 2013. Total visitors number crossed 145,000 on 30. 09. 2013. Total visitors > 200,000 (from 01.08.2014)

Monday, December 12, 2011

QUESTION-ANSWER FORUM




What is the difference between customer satisfaction and customer delight?

KRS answers: Satisfaction is the contentment one feels when one has fulfilled a desire, need, or expectation. Delight is, to take great pleasure or joy. These simple words (satisfaction and delight) have a slightly different meaning, but all have a significant impact on the attitudes and behaviors of customers.

If organization can move customers from being simply satisfied to delighted, the business benefits are enormous. Organizations, which have delighted customers, have created customer loyalty.

It should be the objective of an organization to focus on taking satisfied customers to a state of delight. Satisfaction is based on fulfilling the expected while delight occurs from the unexpected. Delighting customers is a win for the customers, provides a competitive advantage and results in increased sales and profit for the organization. Delight is going beyond the customers’ expectations.

There is a significant difference between satisfied and delighted customers. Delighted customers will be more loyal and a business can create customers for life.

What is the retention period of quality manual?

KRS answers: No requirement with regard to the retention period of the quality manual is mentioned in ISO 9001:2008 QMS Standard. It is for the organization to decide the retention period of the quality manual. It is required that organization, implementing ISO 9001:2008 QMS, must maintain quality manual.



Is certification a requirement for ISO 9001:2008 QMS?

KRS answers: Please note that certification is not a requirement of ISO 9001:2008 QMS Standard and many organizations are implementing ISO 9001:2008 QMS Standard without obtaining its certification.

Who should be asked to prepare work instructions?

KRS answers: Owner of the work (who carries out the work) should be asked to prepare work instructions. Generally it is seen in organizations that people who carries out the work (owners of the work) are not good in communication skills, so the organization should decide the responsible appropriate person, who is good in communication skills, to prepare work instructions with inputs and help from the owner of the work. The appropriate person may be from engineering, QA or any other department. The focus should be 'how to prepare better work instructions in the organization'.

Please submit your question(s) on ISO 9001:2008 QMS by email to krsinghal@rediffmail.com or keshavsinghalajmer@gmail.com and if your question(s) is/are of general interest, we shall try to answer in this blog through forthcoming post.

With best wishes,

KRS

Sunday, November 6, 2011

Article – Management Review

“Is conducting ‘management review meeting’ only option for management review? Look for other alternatives”

Keshav Ram Singhal

Most organizations including consultants believe that conducting ‘management review meeting’ is mandatory and to achieve ISO 9001 QMS compliance certification, and organizations generally keep records of management review meetings to provide evidence to auditors that they have conducted management review. This seems to be the easiest and convenient way of reviewing organization’s quality management system. In practice auditors also ask questions on conducting management review meetings and wish to see relevant records.



When I read ISO 9001:2008 QMS Standard, I come to know from clause 5.6.1 that top management must review the organization’s QMS at planned intervals to ensure continuing suitability, adequacy and effectiveness of the QMS. Nowhere the standard states the term ‘management review meeting’. Akio Miura, a QMS consultant in Tokyo (Japan), says, “Management review meeting is merely one of the means for management review. There are better ways for management review than holding meetings periodically.” He further says, “You do not necessarily always have to hold the meetings if you are doing better ways.” For this his arguments are supported by valid points that he says, “Discussing the impact of changes is too late by periodic management review, and it is not recommendable. For example, if you made some change in October and the next management review is scheduled in January, discussing that change in January may be too late if it caused some negative impact or problems during the period between October and January.” He suggests, “Management review by top management or at least by the management representative must be done in day-to-day activities. Periodic management review is to verify that all changes made in the past xxx month period did not cause any problem or negative effect. This is the smartest and surest way of change management and management review for it.” In this connection, Akio Miura’s views are relevant and require attention by organizations.

The ‘ISO 9001 Auditing Practices Group’ has been constituted as an informal group of quality management system (QMS) experts, auditors and practitioners, drawn from the ISO Technical Committee 176 Quality Management and Quality Assurance (ISO/TC 176) and the International Accreditation Forum (IAF). The group has developed a number of guidance papers and presentations that contain ideas, examples and explanations about the auditing of quality management systems. It has also issued a guidance paper on ‘Auditing Quality Policy, Quality Objectives and Management Review’ on 5 June 2009 that states, “… ISO 9001 requires top management to review the organization’s quality management system, at planned intervals, to ensure its continuing suitability, adequacy and effectiveness. The review could be carried out at a separate meeting but this is not a requirement of the standard. There are many ways in which top management can review the quality management system such as receiving and reviewing a report generated by the management representative or other personnel, electronic communication or as part of regular management meetings where issues such as budgets and targets are also discussed. …” It further says that the management review is a process that should be conducted and audited utilizing the process approach.

Management review meeting is one of the tools of conducting management review and most organizations are conducting such meetings. But conducting such meeting is not a requirement of the ISO 9001:2008 QMS Standard. In today’s environment, we have advanced technological and communication facilities available with us, so there are other ways of reviewing the quality management system. Just think the other alternatives and one can find alternative way.

I suggest a practical cost-effective process of management review without holding a management review meeting at a particular place on a fixed date and time:

(i) Make a list of people in the top management team of your organization in accordance with the seniority. There must be head of the organization (such as CMD in corporate organizations, senior partner in partnership firms, managing trustee in trust organizations, etc.).

(ii) The management representative should act as the convener to the management review process.

(iii) The head of the organization should decide the frequency of management review (planned intervals) and a reference about this should be mentioned in the quality manual of the organization.

(iv) The management representative should collect information on: Results of audits (external as well as internal), customer feedback, process performance, product conformity, status of preventive action, status of corrective actions, follow-up actions from previous management review, changes that could affect the quality management system (such as changes in the QMS documentation, procedures, processes, changes in the management, changes in the organization, changes in the policy, changes in the organization’s technique and/or technology, changes in the resources etc.) and recommendations for improvement.

(v) The management representative should prepare a report of ‘management review inputs’ and send copy of this report to top management team members with a request to send their review comments to the head of the organization. There should be targeted date for sending the review comments.

(vi) The head of the organization should review the report of the management representative and comments received from the top management team members. He should take any decisions related to the improvement of the effectiveness of the quality management system, improvement of the effectiveness of the processes,improvement of the product and resources needs. The top management should communicate such management review output decisions to the management representative for necessary communication and action.

(vii) The management representative should communicate to relevant departments about the management review outputs and take appropriate action. A copy of management review output should also be communicated to top management team members.

(viii) The management representative should keep relevant records of management review.

Holding a meeting of top management team members at a particular place on a fixed date and time may sometimes appears to be tough and costly affair to organizations and in such a situation the management review process as stated above will provide you a cost effective option.


Courtesy
ISO 9001 Auditing Practices Group Website
ISO Website
Special thanks to Akio Miura, ASQ Fellow,
ASQ CQA/CQE/CMQOE/CRE/CSSBB/CBA/CHA/CSQE, and RAB/IQA/QSA approved ISO Lead Auditor Training Instructor, Quality Management Consultant

Thursday, October 6, 2011

ADDING VALUE TO INTERNAL QMS AUDITS

Article for review- First draft

We invite your comments on the write-up. Thanks.


Dr. Divya Singhal
&
Keshav Ram Singhal



AUDIT TYPES

Audits are categorized under three types:
• First party or internal audit
• Second party or supplier audit
• Third party or certification audit

First party or internal audit: First party or internal audit is conducted by the organization itself (or conducted on behalf of the organization) for management review and other internal purposes. It is an internal management tool. People within the organization generally conduct this type of audit. First party (internal) audit may form basis for self-declaration of conformity to management systems. Many organizations in the world are now stopping third party certification. Internal audit is a mandatory requirement of ISO 9001:2008 QMS Standard.

Second party or supplier audit: Second party or supplier audit is conducted on supplier or organization (excepting customers) by parties having an interest in the organization (such as customer), or other persons on their behalf. Such type of audit provides a vendor assessment facility for an organization as it audits its supplier to assess their suitability for future or continuing contracts.

Third party or certification audit: Audits conducted for certification fall in this category. An assessment to achieve certification to the ISO 9001:2008 QMS Standard would fall under this category. Third party (certification) audit is conducted by external, independent auditing organization (generally known as certification body or registration body).

Who is the customer for audit?

ISO 9000:2005 defines customer as “the organization or person that receive a product.” Accordingly, a customer may be a consumer, client, end-user, retailer, beneficiary and purchaser. Customer with respect to different audit situations may be as under:
• First party audit customer: Management Representative, top management and the auditee department.
• Second party audit: Typically the purchasing department of an organization, who use the results of the audit as a basis for supplier qualification.
• Third party audit customer:
 Contractual customer: Organization interested in certification or the certified organization, next time different perspectives: Management Representative, Top management
 Ultimate customer: Those who purchase or receive product from the organization. (The certification body should never loose sight to this point and the body should act in the interest of the ultimate customer.)

Value-added audit situation

Value-added internal audit should be useful to the auditee, management representative and top management.
• To the auditee: by describing areas of weakness (i.e. noncompliance of requirements) and by promoting a better understanding of the organization’s quality management system or environmental management system.
• To the management representative: by having an overview of the organizational processes and interactions, by promoting a better understanding of internal supplier / customer relations, and by stimulating better communication between functions (i.e. breaking down interdepartmental barriers).
• To the top management: by verifying effective deployment of policies and objectives throughout the organization.

Value-added third party audit should be useful to the certified organization (or organization seeking certification), to the organization’s customers and to the certification body in the following manner:
• To the certified organization: by providing information to the organization’s top management regarding organization’s ability to meet strategic objectives, by identifying problems (if resolved, will enhance the organization’s performance) and by identifying improvement opportunities and possible areas of risk.
• To the organization’s customers: by enhancing the organization’s ability to provide conforming product.
• To the certification body: by improving the credibility of the third party certification process.

What is an internal audit?

Internal audit is used as a tool to monitor and determine the health of the quality management system implemented in the organization. The findings of internal audit can help in initiating appropriate measures. Internal Audit is used to measure the effectiveness of an organization’s quality management system. The ISO 9000:2005 Standard defines audit as “systematic, independent and documented process (set of interrelated or interacting activities which transform inputs into outputs) for obtaining audit evidence (records, statements of fact or other information which are relevant to the audit criteria and verifiable) and evaluating it objectively to determine the extent to which audit criteria (set of policies, procedures or requirements relating to audit) are fulfilled.”



Accordingly, we can come to following conclusions:
• An audit is a systematic process.
• An audit is an independent process.
• An audit is a documented process. There must be a documented procedure.
• An Audit is conducted for obtaining audit evidence.
• An audit is conducted for evaluating audit evidence objectively.
• An audit determines the extent to which audit criteria are fulfilled.

Organizations, implementing ISO 9001:2008 quality management system for certification / registration, periodically go through two types of audits:
1) Third party audits by certification/registration body, and
2) Internal audits.

Internal audit is called first-party audit. It is conducted by the organization itself or conducted on behalf of the organization. Internal audit is self-audit by the organization and generally conducted by its own auditors. Internal audit can form the basis for an organization’s self-declaration of conformity.

Internal audit is a systematic process. A process is defined as set of interrelated or interacting activities, which transforms inputs into outputs. Accordingly, audit evidences are inputs to internal audit process and audit results are its output. Audit results become the input to management review process (Please refer to clause 5.6.2 of ISO 9001:2008.)

INTERNAL AUDIT REQUIREMENTS

Internal audit requirement are mentioned in clause 8.2.2 of the ISO 9001:2008 Standard. The purpose of internal audit is to ensure that the quality management system of the organization conforms to the planned arrangements to the requirements of the ISO 9001:2008 Standard and the quality management system requirements established by the organization. The purpose of internal audit is also to ensure that the quality management system is effectively implemented and maintained in the organization.

Requirements of the ISO 9001:2008 Standard with regard to internal audit are as under:
• The organization needs to conduct internal audits at planned intervals. Accordingly, frequency of internal audit is to be decided by the organization. The International Standard has not stipulated any time period.
• An audit programme must be planned taking into consideration of the following:
• The Status and importance of processes,
• Areas to be audited, and
• Results of previous audit(s).
• The organization must define audit criteria, scope, frequency and method.
• Selection of auditors and conduct of audit must ensure objectivity and impartiality of the audit process.
• Auditor is not allowed to audit his own work.
• The organization is required to define in a documented procedure the responsibilities and requirements for planning and conducting audits, and for reporting results and maintaining records.
The management responsible for the area being audited must ensure that actions are taken promptly to eliminate detected nonconformities and their causes. Follow-up activities must include the verification of the actions taken and reporting of verification results.

Nonconformity

ISO 9000:2005 Standard defines nonconformity as “non–fulfillment of a requirement”. Accordingly, non-fulfillment of need or expectation (stated, generally implied or obligatory) is termed as nonconformity. In simple terms, nonconformity is something that did not go according to plan. Nonconformity is a deviation from the requirement. Nonconformity provides improvement opportunity to the organization.

Why may internal audit useless?

Ellen Willoughby (Management Consultant and Owner, All About Quality, Northampton, UK) says, “The main reason internal audits are useless because they are being carried out to a check-list that is designed against the Quality Management Standard you are working to and not your business.”

Adding value to QMS Internal Audit

Felix Dlamini, a Project Manager in Swaziland, says, “Focusing on specific areas or clauses of the standard to which the internal audit is conducted is one way of increasing the understanding of the requirements of a QMS and to ensure the organization complies. This however requires that the internal auditors are competent and are able to bring together related concepts within a standard even if they appear on different clauses of a standard.”

Madhavi Shrivastava, a Quality Management Professional in Houston, USA says, “Often it happens that external auditors are able to find gaps and improvement areas but internal audits portray a highly satisfactory picture of QMS.” She suggests a few points that can increase value addition of internal audits: (1) Senior management and management representative are successful in creating a climate where internal audits are valued and taken seriously by all. (2) QMS objectives and targets are linked to business results. And internal audits are able to bring out what is the trend of improvement of key business processes. (3) Internal auditors are selected, trained and coached well to conduct a useful audit. Compliance verification is the basic requirement but as time progresses auditors need to go beyond that to keep QMS really adding new improvement.

Important point we believe that an internal audit requires internal auditor(s) that should be well trained in auditing techniques and knowledgeable in effective, improvement and cost reduction methods to provide value added results. Most organizations that are certified to ISO 9001:2008 QMS Standards use organization’s internal auditors who do internal audits on an as needed basis. Training and conducting audits is such a small amount of their job that they never have time to tune and improve their audit skills. Employees often get promotions, get busier, or may even leave the organization. All of these circumstances cause organizations to be in a constant internal auditor training mode, leading to ineffective audits costing money each year, which normally are not resulting in a positive result. When an experienced, trained staff conducts audits for a living, which is well trained, and very knowledgeable about improvement methods and techniques, then the internal audit will result in a positive outcome. The internal auditor must undergo training each year to ensure continuing to improve his knowledge and skills. Every internal audit must provide results in opportunities for improvements and/or preventive actions, which will reduce risks, increase customer satisfaction, reduce costs, improve product and service quality, and much more.

We give below a few tips by which internal auditors will be able to add value. Internal auditors should use PDCA methodology for conducting internal audit. It can be done by proper audit planning, using audit techniques that should focus on processes and results, obtaining and reporting objective audit findings and carrying out follow-up for eliminating nonconformance. Accordingly, it is better for the internal auditor to use following tips:
• The internal auditors should understand the intent of ISO 9001:2008 QMS Standard, expectations of the top management towards continual improvement and corporate culture
• The internal auditors should peruse the output from previous audits (both internal as well as external) to identify any specific issue or concern still requires improvement
• The internal auditor should understand what are customers’ and applicable legal requirements
• The internal auditor should seek adequate time for auditing
• The internal auditor should focus more on the process, process performance and results.
• The internal auditor should remember eight quality management principles and use of PDCA approach to evaluate the process effectiveness – (i) Whether process planning carried out? (ii) Whether the process carried out according to the process planning? (iii) What are the expected results? (iv)Whether expected results are being achieved? (v) What is the nonconformance?
• The nonconformance identified by the internal auditor should be based on an objective evidence
• The internal auditor should provide adequate opportunity to correct the nonconformity
• The internal auditor should make effort to identify root causes of problems
• The internal auditor should not see who is responsible – rather consider why and what caused the problem (please see here-in-below note in this regard)
• The internal auditor should adopt a ‘holistic’ approach while gathering objective evidence during auditing
• The internal auditor should analyze the finding and relate to the organization’s ability to provide product that meet customer and applicable legal requirements
• The internal auditor should report audit findings
• The internal auditor should also emphasize positive findings as appropriate
• The internal auditor should consider solution/correction proposed by the auditee in response to the ‘negative finding’ (nonconformance)
• The internal auditor should carry out process audit by following the path the auditee takes to carry out the process
Rob De Leur, Process Risk Advisor at Amsterdam, Netherlands is of the opinion that the internal audit often brings to little serious input for improvement and says, “I am auditing now for almost 20 years and think that a lot (most) of the internal audits performed don't bring much for the management. Auditing is a profession and when you do this now and then with all the good effort, it results to many times in some non-conformity that can't really improve the system or the organization. Too many times the internal auditor is happy when he/she finds something and then the management of course always react 'great job'. When I do my ISO9001 audits combined with the approach and principles of risk management, then we are really talking serious auditing (and clients also confirm). My opinion is not negative but too many times realistic. I am sure that a good professional executed internal audit can be of great help.” Dominador, Jr. Garrovillas, Audit and Systems Compliance Manager in Philippines says, “We use the RFR approach, i.e., we write first the Requirements, second the Findings, and lastly the Risk to the business.” (From a discussion in ‘ISO 9001’ group at linkedin.com)

Do not see who is responsible. Rather consider why and what caused the problem or nonconformity



When you observe a problem or nonconformity, do not see who is responsible. Rather consider why and what caused the problem or nonconformity. When you consider why and what caused the problem or nonconformity, you may find:
• There was inadequate training.
• Applied procedures were unrealistic.
• Resources were insufficient.
• There was not enough time for doing things properly.
• There may be a better way of doing things.

What is most important? Find out fundamental cause of the nonconformity and stop it from happening again. We need to ask “WHY? WHY? WHY?” We should not ask – WHO?

WHY? WHY? WHY?

Why should we consider “WHY? WHY? WHY?” question? The simple reason is that we may be able to find root cause of the problem. The following examples may clarify this technique.

First example
• WHY was there nonconformity in the design department?
• “Because Mr. Jain did not follow the procedure.”
• WHY did not Mr. Jain follow the procedure?
• “Because Mr. Jain never received training.”
• WHY did not Mr. Jain receive the training?
• “Because Mr. Jain was on leave at that time.” Or “Because the department head did not relieve Mr. Jain for the training.”
• WHY did not the organization management realize this, and train him later?
• “Because the organization management or department people do not foresee this in the SYSTEM.”

Here we find that there is an area of improvement.

Second example
• WHY was there nonconformity in the manufacturing section?
• “Because Mr. Desai did not follow the procedure.”
• WHY did not Mr. Desai follow the procedure?
• “Because Mr. Desai did not have the right equipment.”
• WHY did not Mr. Desai have the right equipment?
• “Because our organization does not have a preventive maintenance plan.”
• WHY did not the organization have a preventive maintenance plan?
• “Because preventive maintenance plan is not in the system.”
Here we find that there is an area of improvement.

Third example
• WHY did not things go according to plan?
• “Because Mr. Sharma followed the procedure, even though he knew the procedure was wrong.”
• WHY did Mr. Sharma follow the procedure?
• “Because the procedure was a documented procedure and Mr. Sharma was scared to get nonconformity!!” Alternatively, “Because that is the easy way out, he followed documented procedure.” Or “Because then Mr. Sharma cannot be blamed.”
Here we find that there is an area of improvement.

It is not “value added”

We should understand that “Value-added” is NOT making the audit more difficult by adding on additional requirements. The auditor should not add additional requirement, which is not required. We should also understand that “Value-added” is NOT making the audit too easy, so nobody believes in the results of the audit.

Value added auditing aims to add value, the organization will find useful. Value added auditing encourages result-focused systems, with minimum bureaucracy. Value added auditing helps to identify strong and weak points and focus on the ways to improve. Value added auditing provides CONFIDENCE that the quality management system is king and the organization is providing CONSISTENT, QUALITY PRODUCT to its customers.

ISO 9001 Auditing Practices Group

The ISO 9001 Auditing Practice Group is an informal group of quality management system (QMS) experts, auditors and practitioners drawn from the ISO Technical Committee 176 Quality Management and Quality Assurance (ISO/TC/176) and the International Accreditation Forum (IAF).

The group has developed a number of guidance papers and presentations on various QMS auditing topics including the following:
• The need for a two- stage approach to auditing
• Measuring QMS effectiveness and improvements
• Identification of processes
• Understanding the process approach
• Determination of the ‘where appropriate’ processes
• Auditing the ‘where appropriate’ requirements
• Demonstrating the conformity to standard
• Linking an audit of a particular task, activity or process to the overall system
• Auditing continual improvement
• Auditing a QMS which has minimum documentation
• How to audit top management processes
• The role and value of the audit checklist
• Scope of ISO 9001: 2000, scope of Quality Management System and defining scope of certification
• Value- added Auditing
• Auditing competence and the effectiveness of the action taken
• Effective use of ISO 19011: 2002, Guidelines for quality and/or environmental management systems auditing
• Auditing statutory and regulatory requirements
• Auditing quality policy, quality objectives and management review
• Auditing the control of monitoring and measuring devices
• How to add value during the audit processes
• Guidance for reviewing and closing nonconformities
• Auditing internal communication
• Auditing service organization
• Third party auditor impartially and conflict of interest
• Auditing the effectiveness of the internal audit
• Auditing electronic based management systems
• Auditing the management of resources
• Auditing customer communications
• Auditing the design and development process
• Documenting a nonconformity
• Auditing Preventive Action
• Auditor code of conduct and ethics

The above mentioned guidance papers and presentations on various QMS auditing topics are very useful for auditors for adding value to their audit. These guidance papers and presentations can be downloaded from the website of International Accreditation Forum.

Training of internal auditor must be a regular process

Internal audits require a staff that is well trained in auditing techniques and knowledgeable in effective, improvement and cost reduction methods to provide value added results. Most organizations, implementing ISO 9001:2008 QMS Standard and also certified to ISO 9001:2008 QMS Standards, use organization’s internal auditors who do internal audits on an as needed basis. Training and conducting audits is such a small amount of their job that they never have time to tune and improve their audit skills. Employees often get promotions, get busier, or may even leave the organization. All of these circumstances cause organization to be in a constant internal auditor training mode, leading to ineffective audits costing huge amount of money each year, which normally are not resulting in a positive ROI. Experienced, trained staff when conduct audits for a living, they must be well trained, and very knowledgeable about improvement methods and techniques. They should undergo training each year on regular basis to ensure they continue to improve their knowledge and skills. Every audit they conduct must result in opportunities for improvements and/or preventive actions, which will reduce risks, increase customer satisfaction, reduce costs, improve product and service quality, and much more. Training of internal auditor must be a regular process in an organization implementing ISO 9001:2008 QMS Standard.



Courtesy:
- Reference Guide to ISO 9000 Certification, K. R. Singhal, 2000
- Implementing ISO 9001:2000 Quality Management System – A Reference Guide, Divya Singhal and K. R. Singhal, PHI Learning Private Limited, New Delhi, 2008
- ISO Website
- IAF Website
- IRCA Website
- Website - http://allaboutquality.net
- Group discussion at http://www.linkedin.com

Authors' Note: Suggestions to improve the article is invited. Thanks.

Wednesday, September 28, 2011

Need to look afresh on ‘quality’



We have seen various quality improvement concepts – Six Sigma, TQM, 5-S, ISO 9001, ISO 9004, JIT, Zero defect, TPM, …. and so on. All these concepts have played a major and relevant role in improving the quality of a product (including service). In recent years we have also witnessed a number of standards, such as, ISO 14001 EMS, OHSAS 18001, SA8000, ISO 50001 EnMS, ISO 26000 SR, ISO 22000, ISO/IEC 27000 ISMS, being implemented by organizations.

Many quality gurus had defined the concept ‘quality’ in the previous millennium, i.e. in the 1900s. You may see the definitions written by Philip Crosby, Walter A Shewhart, Joseph M Juran, W Edwards Deming, A V Feigenbaum and many other quality gurus, most of those definitions are more than fifty years old, when organizations were not asked to comply requirements related with environment, social responsibility, energy, health, safety, information security etc.




ISO 9000:2005, an international standard on ‘Quality management systems – Fundamentals and vocabulary’ defines ‘quality’ as ‘degree to which a set of inherent characteristics fulfills requirements.’

It is now time to rethink with a focus on a return to the basics of quality and sound business management. Please re-examine the basics of quality and derive a new definition of ‘quality’ that remains for more than a decade. ‘Quality’ needs a definition afresh looking to the following:
- Fulfilling requirements
- Cost
- Effectiveness
- Environmental protection and performance
- Impact on society
- Human rights
- International norms of behaviour
- Risk
- Health
- Safety
- Energy efficiency
- Security
- Success (of the product/service, organization and user)


My new definition on QUALITY - I define quality as “a degree to which the product has a set of inherent distinguishing features (existing in the product as a permanent characteristics) that fulfill implied requirements of the product and also stated and obligatory (statutory and regulatory) requirements including customer requirements and those requirements: that protect and save environment, that have affordable cost for the customer, that has positive impact on society, that respect human rights, that respect international norms of behaviour, that safeguard health and safety, that conserve energy and that maintain security requirements so as to achieve and enhance satisfaction and success of the organization and its customer.”
Note –
1. Product also means service.
2. The term ‘quality’ can be used with adjectives.
© September 2011 - Keshav Ram Singhal, Ajmer, India.

I posted my above new definition on ‘quality’ for discussion with quality professional fraternity in some groups at linkedin.com (a social site of professionals) and I am overwhelmed with some reactions from a few professionals that are as under:

- John Outram, an associate at Qualimpex Inc. Canada says, “You should submit your new definition for quality to TC 176 though your National Committee.” (in Management Systems Professionals and Users group)
- Issoufou Trare, a consultant in Senegal, says, “I like this definition. But the very important challenge is to transform it to reality in numerous companies. Thanks for this fresh look.” (in Management Systems Professionals and Users group)
- Peddina Satyanarayana, Assistant General Manager at Steel Authority of India Ltd, Rourkela Steel Plant, says, “If any organization transforms KRS definition in to reality, the organization can continue to be at top. Quality is inner beauty with conformance to the requirements of customer.” John Outram liked the comment made by Peddina Satyanarayana.
- Ms. Cathleen N (National Director of Quality Assurance at Garda, Ottawa, Canada) and Ms. Farjana Ahmed (QMS Executive at ACME Laboratories Ltd., Bangladesh) have liked the discussion.

What do you think? Will you help me in defining quality with a new look by supporting my new definition or suggesting some improvement?


With best wishes,

Keshav Ram Singhal

Thursday, September 22, 2011

ISO 19011:2011

ISO 19011:2011 – Guidelines for auditing management systems – Expected to be published soon

Keshav Ram Singhal (Email - krsinghal@rediffmail.com)




International Organization for Standardization released ISO/FDIS 19011:2011 – Guidelines for auditing management systems in July 2011 to ISO members. It is expected that international standard ISO 19011:2011 will be published in October 2011.

ISO 19011:2002 is the current auditing standard that provides guidelines for auditing quality and/or environmental management system. This standard was long due for revision and since the initial publication of ISO 190011 in 2002 a number of new management system standards have been published. This has resulted in a need to consider a broader scope of management system auditing as well as providing guidance that is more generic. This is now reflected in ISO 19011:2011 that has the revised title “Guidelines for auditing management systems” instead of “Guidelines for auditing quality and/or environmental management systems” as mentioned in the existing standard ISO 19011:2002. ISO 19011:2011 will be useful for auditing any management system and also it will be useful for auditing integrated management as it will –
- Provide guidance on auditing all types of management systems, and
- Facilitate combined (integrated) audit of two or more management systems implemented by an organization.

ISO 19011:2011 will provide guidance for all users, including small and medium sized organizations and will concentrates on what are commonly termed internal (first party) and second party audits as often conducted by customers on their suppliers.
International Organization for Standardization (ISO) has already published ISO 17021:2011, a standard for conformity assessment that provides requirements for bodies providing audit and certification of management systems. After publication of ISO 19011:2011, there will be two relevant standards –
- ISO 17021:2011, Conformity assessment – Requirements for bodies providing audit and certification of management systems
- ISO 19011:2011, Guidelines for auditing management systems

The publication of ISO 19011:2011 will provide auditors, organizations implementing management systems and organizations (including certification bodies) needing to conduct audits of management systems an opportunity to re-assess their own practices and identify improvement opportunities in conducting audits.

What are the changes within ISO 19011:2011?

ISO 19011 is being revised to provide persons involved in management system auditing with good audit practice guidance relevant to the present environment. Presently there are many organizations implement management system covering multiple disciplines, for example quality (ISO 9001), environment (ISO 14001), occupational health and safety (OHSAS 18001) and information security (ISO 27000) etc.
The Principles of auditing on which the guidance is based are being revised and expanded to include the new auditing principle of ‘Confidentiality – security of information’. This will be a principle that will require auditors to be prudent in the use and protection of information acquired in the course of their duties during auditing management systems..

The main body of ISO 19011:2011 will set out good practice for Managing an Audit Programme and Performing an Audit. It will update to reflect current thinking and in parts expanded significantly. These sections will provide detailed guidance; intended to be used flexibly according to the size, level of maturity of an organization’s management system, the nature and complexity of the organization to be audited. The concept of risk in auditing is being introduced. Some guidance will be provided on combined audits, where two or more management systems of different disciplines are audited together (for example QMS and EMS, EMS and OHSAS, QMS and OHSAS). Also, the use of technology in remote auditing will be acknowledged.
Changes are being introduced in the guidance on Competence and evaluation of auditors. ISO 19011:2011 will address auditing management system covering multiple disciplines some of these may be wide ranging. The significant changes include:

- ISO 19011:2011 will identify that necessary auditor competence comprises generic knowledge and skills of management systems, plus discipline specific (for example, QMS) and sector specific (for example, aerospace) knowledge and skills. Annex A (informative) of the standard will provide examples of discipline-specific knowledge and skills of auditors, including:
- Transportation safety management
- Environmental management
- Quality management
- Records management
- Resilience, security, preparedness and continuity management
- Information security
- Occupational health and safety

ISO 19011:2011 will not include guidance on sector specific knowledge and skills of auditor. These may be developed later and published separately by the International Organization for Standardization (ISO).

The existing standard ISO 19011:2002 provides guidance on education, work experience, auditor training and audit experience that contribute to development of the knowledge and skills needed to perform audits and lead audit teams. ISO 19011:2011 will also provide guidance on knowledge and skills of management system auditors and an audit team leader but it will not make reference to auditors having completed education, work experience, auditor training and audit experience. This change will recognize that education, work experience, training and audit experience are enablers to competence, which ISO 19001:2011 and ISO 17021:2011 define as ‘ability to apply knowledge and skills to achieve intended results’. ISO 19011:2011 will recognize evaluation of competence needs, which may be carried out in a variety of ways, for example a combination of testing and examination, interview and observed audits.

1. Scope – There will be no significant changes.

2. Informative references – There will be no previous reference to terms and definitions given in ISO 9000 (QMS) and ISO 14050 (EMS).

3. Terms and definitions – New definitions for Observer, Guide and Risk are being introduced. The term risk will be used in ISO 19011:2011 in context of “risk-based auditing” and also “audit programme risks”. The definition of competence is being revised and although the change in wording appears slight it will require organizations to determine competence to achieve intended results. The starting point for which will be to define the intended results for the various activities involved in managing an audit programme and performing audits. This change will be consistent with ISO 17021:2011, a standard on conformity assessment.

4. Principles of auditing – There will be six principles in ISO 19011:2011 instead of five in ISO 19011:2002. Principles (a) – (d) will relate to auditors and the person managing the audit programme. Principles (e) and (f) will relate to the audit.

(a) Integrity – The principle of integrity will replace and expand the principle of ethical conduct mentioned in ISO 19011:2002. The principle of integrity is the foundation of professionalism.

(b) Fair presentation – There will be minor expansion that will include the obligation to report truthfully and accurately.

(c) Due professional care – the application of diligence and judgement in auditing. ‘Having the necessary competence is an important factor’ (in ISO 19011:2002) will be replaced with ‘An important factor in carrying out their work with due professional care is having the ability to make reasoned judgement in all audit situations’ in ISO 19011:2011.

(d) Confidentiality – security of information. It will be a new auditing principle, which will address the need for auditors to exercise discretion in the use and protection of information acquired in the course of their duties. The principle will refer to inappropriate use of such information for personal gain or in a manner detrimental to the legitimate interests of the auditee.

(e) Independence – the basis for the impartiality of the audit and objectivity of audit conclusions. ISO 19011:2011 will provide more specific guidance on the extent of independence that needs to be achieved, whilst recognizing that in small organizations it may be difficult for internal auditors to be fully independent. ISO 19011:2011 will refer to internal auditors being independent from the operating managers of the function being audited. ISO 19011:2011 will reflect the interpretation of independence that certification bodies generally apply.

(f) Evidence-based approach –There will be minor rewording in ISO 19011:2011 that will include the rational method for reaching reliable and reproducible audit conclusions in a systematic way.


5. Managing an audit programme – In this section ISO 19011:2011 will have considerable revision. The language of guidelines in this section will be easy to understand. There will be more clarity. Managing an audit programme guidelines will be structured in the following clauses:

5.1 - General

5.2 – Establishing the audit programme objectives

5.3 – Establishing the audit programme

5.4 – Implementing the audit programme

5.5 – Monitoring the audit programme

5.6 – Reviewing and improving the audit programme

5.1 General – This clause of the ISO 19011:2011 will recognize that an organization may implement a number of management system standards. Where the existing issue of ISO 19011:2002 refers to an organization establishing one or more audit programmes, ISO 19011:2011 will refer to an audit programme that can include audits considering one or more management system standards. Practically there will be little difference.

In this clause 5.1 of ISO 19011:2011 there will be guidance to allocate audit resources to audit those matters of significance within the management system. This concept is known as risk-based auditing.

5.2 Establishing the audit programme objectives – Title of this clause is being revised and also guidelines for structuring the content to follow the process flow guidance on the extent of an audit programme is being transferred to section 5.3.3.

5.3 Establishing the audit programme – ISO 19011:2002 states the title ‘Audit programme responsibilities, resources and procedures’ and this is being revised as new title ‘Establishing the audit programme.’. New to this issue is guidance on ‘Competence of the person managing the audit programme’. ISO 19011:2011 will add new guidance on ‘Identifying and evaluating audit programme risks’.

5.4 Implementing the audit programme – ISO 19011:2011 will provide more extensive guidance.

There will be sub-clause ‘Define the objectives, scope and criteria for an individual audit’. The sub-clause guidelines will identify that each audit should have a clear objective. This section will also highlight issues to consider when two or more management systems of different disciplines are audited together.
There will be a new sub-section ‘Selecting the audit methods’ and additional guidance on this issue will be provided in Annex B of ISO 19011.

Other sub-clauses will include: Selecting the audit team members, Assigning responsibilities for an individual audit to the team leader, Managing the audit programme outcome, Managing and maintaining audit programme records

In short we can conclude that section 5.4 of ISO 19011:2002 is being revised to provide comprehensive guidance to what was previously a list of headline topics that needed to be addressed when implementing the audit programme. Section 5.5 of ISO 19011:2002 – Audit programme records will be part of section 5.4

5.5 – Monitoring the audit programme and 5.5 – Reviewing and improving the audit programme - These two sections will replace what is stated in ISO 19011:2002 in clause 5.6 – Audit programme monitoring and reviewing. There will be minor expansion and reference to consider, such as, evaluate the performance of audit team members, consider as part of a review, alternative or new auditing methods, review the effectiveness of the measures to address the risks associated with the audit programme, review confidentiality and information security issues relating to the programme

6. Performing an audit – The clause title in ISO 19011:2002 is ‘Audit activities’ which is being revised. In this clause of ISO 19011:2011 you will find improved guidance. The section will be structured to follow the audit process flow, as under:

6.1 General

6.2 Initiating the audit

6.3 Preparing audit activities

6.4 Conducting the audit activities

6.5 Preparing and distributing the audit report

6.6 Completing the audit

6.7 Conducting audit follow-up

There will be few changes in the guidelines in ISO 19011:2011.

7. Competence and evaluation of auditors – Some significant changes are being introduced in ISO 19011:2011. The new standard will address auditing management system covering multiple disciplines. New guidance will include: Determining auditor competence to fulfill the needs of the audit programme, Personal behaviour, Knowledge and skills. The clause ‘Knowledge and skills’ will comprise: Generic knowledge and skills of management system auditors, Discipline and sector specific knowledge and skills of management system auditor. ISO 19011:2002 provides guidance for quality management system and/or environmental management system auditors, each having its own section providing guidance on auditor knowledge and skill requirements. In ISO 19011:2011 these two sections of ISO 19011:2002 will be replaced by one that will identify knowledge and skills that need to be applied to all management systems, for example, knowledge of: Legal requirements relevant to the specific discipline, fundamentals of the discipline and the application of business and technical discipline-specific methods, techniques, processes and practices sufficient to enable the auditor to examine the management system and generate appropriate audit findings and conclusions, risk management principles, methods and techniques relevant to the discipline and sector to enable the auditor to evaluate and control the risks associated with the audit programme.

ISO 19011:2011 Annex A will provide guidance on discipline-specific knowledge and skills of auditors for: Transportation safety management, Environmental management, Quality management, Records management, Resilience, security, preparedness and continuity management, Information security, Occupational health and safety.

ISO 19011:2011 will provide guidance on Generic knowledge and skills of an audit team leader, that will include knowledge and skills to: balance the strengths and weaknesses of the individual audit team members, develop a harmonious working relationship among the audit team members, manage the uncertainty of achieving audit objectives

ISO 19011:2011 will provide guidance on knowledge and skills for auditing management systems addressing multiple disciplines, achieving auditor competence.

Clause 7.6 of ISO 19011:2002 provides guidance on auditor evaluation, having sub-clauses, 7.6.1 – General and 7.6.2 – Evaluation process. ISO 19011:2011 will provide more clear guidance on auditor evaluation specifying guidance on establishing the auditor evaluation criteria, selecting the appropriate auditor evaluation method, conducting auditor evaluation, maintaining and improving auditor competence.

Thus we will find ISO 19011:2011 as a useful guidance document that will enable auditors to have more clear guidelines on auditing any management systems. The whole process of revising and preparing ISO 19011:2011 is under auspices of the ISO Joint Technical Co-ordination Group and administered by the ISO Technical Committee ISO/TC 176, ISO subcommittee ISO/TC 176/SC3 and also included interested parties for example ISO/TC 207, ISO/TC 34. ISO 19011:2011 will be the second edition of ISO 19011. The second edition of ISO 19011 will cancel and replace ISO 19011:2002 upon its publication.

Additional comments - This article written before publication of ISO 19011:2011. Please note that International Organization for Standardization (ISO) has published ISO 19011:2011 standard on 11 November 2011.

Courtesy:
- ISO Website
- ISO 19011:2002
- ISO/FDIS 19011:2011
- IRCA Website

Friday, September 16, 2011

Top management role for quality policy



Article for review – Comments and suggestions invited

Quality policy is an important aspect of quality management implementation in an organization. According to BuisnessDictionary.com, Quality Policy is top management's expression of its intentions, direction, and aims regarding quality of its products and processes.

Quality policy means what is the overall intention and direction within an organization related to quality.1

A reader asked us about signing of Quality Policy. We add a counter question - Is it really needed to sign a quality policy? If you go through the requirements you will notice that ISO 9001:2008 QMS Standard does not mention any requirements about signing of the quality policy.

Clause 5.3 of ISO 9001:2008 QMS Standard mentions requirements for quality policy to be ensured by the top management of the organization.
Here two important related phrases are required to understand – (i) Top Management, and (ii) Quality policy.

Top management is defined as ‘person or group of people who directs and control an organization at the highest level’ and a quality policy is defined as ‘overall intentions and direction of an organization related to quality as formally expressed by top management.’

On perusal of the documentation requirements as mentioned in clause 4.2.1 of ISO 9001:2008 QMS Standard, it is observed that a documented statement of a quality policy is a part of the ISO 9001:2008 QMS documentation, so what is further required (in addition to the above) with regard to quality policy is that as a document it must be duly approved for adequacy prior to issue as per organization’s documented procedure for control of documents. In this regard, the requirements mentioned in clause 4.2.3 are relevant.

The Standard requires the top management to ensure the following2:
- Quality policy is appropriate to the purpose of the organization
- Quality policy includes a commitment to comply with requirements and continually improve the effectiveness of the quality management system
- Quality policy provides a framework for establishing and reviewing quality objectives
- Quality policy is communicated and understood within the organization
- Quality policy is reviewed for continuing suitability

Quality policy may be communicated by issuing a documented statement of quality policy, which is approved for adequacy prior to issue as per organization’s documented procedure on ‘control of documents’.

Top management is required to ensure such a quality policy that is appropriate to the purpose of the organization, that includes a commitment to comply with requirements and continually improve the effectiveness of the quality management system, and that provides a framework for establishing and reviewing quality objectives. The top management must ensure those activities that improve communication and understanding of quality policy within the organization. In most organizations, QMS documentation (including quality policy statement) are generally developed by a team of people and then approved for adequacy prior to issue. Here it is immaterial who signs the quality policy or the quality policy is signed or unsigned. Even a quality policy verbally expressed by the top management in a meeting with staff or board of directors or annual general meeting may be termed as formally expressed overall intentions and direction of the organization related to quality by the top management.

Where a duly approved ‘quality policy’ statement is communicated and understood within the organization, that will serve the purpose and intent of quality management system as per ISO 9001:2008 QMS Standard. So take such steps that improve internal communication and understanding of the quality policy within the organization.

(Please send your comments to divyagim@gmail.com and/or keshavsinghalajmer@gmail.com)

1. http://qiblog.blogspot.com/2011/05/what-is-quality-policy.html
2. Singhal and Singhal (2008) Implementing ISO 9001:2000 QMS: A reference Guide, Prentice Hall India

- Dr. Divya Singhal & Keshav Ram Singhal

Monday, August 22, 2011

Aligning Quality Policy and Quality Objectives



Article for review – Comments and suggestions invited

ISO 9001:2008 QMS Standard mentions that an organization's quality policy must provide a framework for establishing and reviewing the company's quality objectives. The quality policy should give an overall direction for the organization, and its quality objectives should flow in that direction. The top management of the organization needs to establish quality objectives. Top management of the organization must ensure that quality objectives (including those needed to meet requirements for the product) are established at relevant functions and levels within the organization. The quality objectives must be measurable and consistent with the quality policy of the organization.

Clause 7.1 (a) of ISO 9001:2008 QMS Standard lays down that in planning product realization, the organization must determine quality objectives and requirements for the product. It is evident from this clause that the ISO 9001:2008 Standard now calls for objectives not only for the quality management system but also for the product. Many factors (such as changes in customer requirements, market conditions, business compulsions) may often put such situation where the organization have to think to change the policy and/or objectives, which may lead to weakening in the alignment between quality policy and quality objectives. To deal such situation continually, ISO 9001:2008 QMS standard requires that top management periodically review changes to both the policy and objectives. An organization's objectives must be measurable and its quality management system processes designed to meet those objectives.

Just after the publication of ISO 9001:2000 QMS Standard (earlier version of the standard), John E. (Jack) West (a famous quality excellence business consultant from USA) stated in an article ‘Three strategies for aligning quality policies, objectives and processes’ published in the Quality Digest (USA) that aligning the quality policy, quality objectives and QMS processes should further top management's intent with regard to quality. There's only one small, potential difficulty: ISO 9001 standard doesn't address aligning the quality policy and objectives with other business goals. Here it is important to mention that organization's overall business goals, quality objectives and quality policy are all interrelated and must work together to achieve business improvement. The purpose of quality management system is to create such management system where an organization is able to consistently provide product that meet customer and applicable legal requirements with aim to enhance customer satisfaction.

Clause 5.4.2 of ISO 9001:2008 QMS standard requires that an organization plan its quality management system to meet both the quality objectives and the general requirements of quality management system as mentioned in clause 4.1. Here it is important to note that clause 4.1 of ISO 9001:2008 QMS standard requires an organization to determine its quality management system processes and their application. The organization also needs to determine how processes interact, determine the criteria and methods needed for effectively operating and controlling the processes, and provide the resources to do so. The organization needs to monitor and, where applicable, measure the processes. And this information must also be analyzed to determine further actions needed to achieve planned results and improvement.

On the basis of the requirements mentioned in clause 5.4.1, some people may think that establishing quality objectives at relevant functions and levels within the organization is a one-time activity; however it is now clear that such thinking opposes the intent of the quality management system. There is also a need to integrate continual improvement activities in the quality management system. ISO 9001:2008 QMS standard requires continually improve the effectiveness of the quality management system through the use of the quality policy, objectives, audit results, data analysis, corrective and preventive actions, and management review. Accordingly, there is a need to continually review alignment between the quality policy and quality objectives and take necessary steps.

- Divya Singhal and Keshav Ram Singhal

(Please send your comments to divyagim@gmail.com and keshavsinghalajmer@gmail.com)

Sunday, June 19, 2011

Control of documents and control of records

Dr. Divya Singhal and Keshav Ram Singhal

First, it is necessary to understand the difference between records and documents. A document provides information in written, printed, or electronic form. A record relates to an activity or transaction that has happened in the past; it is a record of history. A record can consist of one or more documents, which all relate to a single event in time. The difference between a document and a record is that a document can change over time, while a record should not change.

Clause 4.2.3 of ISO 9001:2008 QMS Standard deals with control of documents, and clause 4.2.4 deals with control of records. Now we give below details regarding control of documents and control of records.

Control of documents

All documents required by the quality management system of the organization need to be controlled. Records are also required to be controlled as per requirements mentioned in clause 4.2.4 of the ISO 9001:2008 standard. This is separately addressed in this article under the heading „Control of records‟. For control of documents, a procedure is required to be documented. The documented procedure needs to define the controls needed:

- To approve documents for adequacy prior to issue
- To review and update as necessary and re-approve documents
- To ensure that changes and the current revision status of documents are identified
- To ensure that relevant versions of applicable documents are available at points of use
- To ensure that documents remain legible (clearly readable) and readily identifiable
- To ensure that documents of external origins are determined (which are necessary for the planning and operation of the quality management system)
- To ensure that distribution of determined external origin documents are controlled
- To prevent the unintended use of obsolete documents
- To apply suitable identification to obsolete documents if they retained for any purpose

Approval of document for adequacy prior to issue means that some authority (with responsibility to manage and direct quality management system affairs of the organization) has agreed the document before being made available for use (i.e. approval before the document is distributed, or published or made available to the users).

Reviewing document means another look at the document and this is a task, which should be carried out at the time following the issue of the document by the management representative or by the person, who is linked with the affairs mentioned in the document. Review of documents may be carried out randomly or periodically. Periodic review is proactive action and it is better if the management representative carries out periodic review (at least once in a year) of the issued document. If a document is updated with any change, then the same is required to be approved for adequacy prior to issue.

Changes to documents may be identified by mentioning a change record within the document that denotes the nature of change. Current revision status of document may be identified by issue number, revision number or date of the document.
To ensure that document is available at the point of use, the organization needs to establish who needs which document at what time. The document access should be available to persons who need it for better work performance. To ensure that documents remain legible and readily identifiable, it is required that contents of the documents are readable and documents can be identified easily. Document identification can be done by classification, titles or identification numbers of documents.

In order to control the distribution of external documents, the organization should establish appropriate process or mechanism for identification, classification, distribution and availability of such external documents.

Obsolete documents should not be available at the point of use. Use of obsolete documents may lead to errors, failures or hazards, which become an evidence of nonconformity. Sometime superseded or obsolete documents need to be retained by the organization for a variety of reasons (e.g. legal or reference purpose) and for this the organization must have a method of identifying the status of such documents to prevent their accidental use in place of current documents. In practice, organizations put stamp as „OBSOLETE DOCUMENT‟ in red ink on the face of the obsolete document.

For effective document control, following points should also be taken due care:

- The documents (manual, procedures, and work-instructions) should be written as a value-added proposition, not only as required step in the compliance process of the ISO 9001:2008 standard.
- The documents style, format, vocabulary and language should be easy to understand.
- The process owners should be included in writing relevant procedures or in reviewing the documents. Make sure that the people who use the document are involved in writing and reviewing them.
- The change (revision of documentation) process should be accessible to the people most affected by document inadequacies.
- Developing an effective value-added controlled document requires planning and regular monitoring.
- Write processes as they exist.
- Developing reliable and consistent process execution is critical for effective production planning.
- Make sure that documents are available at the point of use. Providing electronic access to documents at the point of use may be one good solution.
- Manage document changes efficiently.
- Documents should be reviewed regularly for accuracy. Failing to review documents for accuracy is one of the bigger mistakes organization does.
- Keep documents content current and accurate.


Control of records

Records established must be controlled. The purpose to maintain records is to provide evidence of conformity to requirements and of the effective operation of the quality management system. Records must remain:
- Legible
- Readily identifiable
- Retrievable

For control of records, a procedure is required to be documented. The documented procedure needs to define the controls needed for the:
- Identification of records
- Storage of records
- Protection of records
- Retrievable of records
- Retention of records
- Disposition of records

Why managing and controlling records necessary? Records exist in every organization. Records provide with information to help people to manage processes of the organization effectively. Records are the evidence of the past performance. Records provide with information of results achieved or evidence of activities performed.

Appropriate ways to control records include indexing, filing, proper keeping so that the risk of deterioration, damage or loss of record is minimized. It is better to decide who will have access to which records and how readily available and identifiable. Proper indexing, filing and safe keeping facilitate retrieval of records. It is better that records are not destroyed or disposed of before the end of their usefulness. While deciding the retention time of a particular record, also look into the legal requirements in this regard, so as to avoid forthcoming problems. Control on disposition of records should ensure that records are not destroyed prior authorization and organization should specify the method of disposal.

Records serve three purposes: (i) Records provide evidence of conformity with the requirements of the ISO 9001:2008 standard, (ii) Records demonstrate that the organization has an effective quality management system, and (iii) Records document continual improvement.

DS & KRS