Please also visit following blogs:
- 'EMS Awareness' Blog

Academic comments are invited. Please do not include your website in your comments.

Keshav Ram Singhal

Various information, quotes, data, figures used in this blog are the result of collection from various sources, such as newspapers, books, magazines, websites, authors, speakers etc. Unfortunately, sources are not always noted. The editor of this blog thanks all such sources.

People from more than 145 countries/economies have visited this blog: Afghanistan, Albania, Algeria, Angola, Argentina, Aruba, Australia, Austria, Azerbaijan, Bahrain, Bangladesh, Belarus, Belgium, Belize, Benin, Bhutan, Bosnia and Herzegovina, Botswana, Brazil, Brunei, Bulgaria, Burundi, Cameroon, Cambodia, Canada, Chile, China, Colombia, Costa Rica, Croatia, Cyprus, Czech Republic, Denmark, Dominican Republic, Ecuador, Egypt, El Salvador, Estonia, Ethiopia, European Union, Fiji, Finland, France, Georgia, Germany, Ghana, Gibraltar, Greece, Guatemala, Guyana, Haiti, Honduras, Hong Kong S. A. R. (China), Hungary, Iceland, India, Indonesia, Iraq, Ireland, Israel, Italy, Ivory Coast, Jamaica, Japan, Jersey, Jordan, Kazakhstan, Kenya, Kuwait, Laos, Latvia, Lebanon, Lesotho, Libya, Lithuania, Luxembourg, Macao S. A. R. (China), Macedonia, Malawi, Malaysia, Maldives, Malta, Manila, Mauritius, Mexico, Moldova, Mongolia, Montenegro, Morocco, Mozambique, Myanmar, Namibia, Nepal, Netherlands, New Zealand, Nigeria, Niue, Norway, Oman, Pakistan, Palestinian Territory, Panama, Papua New Guinea, Peru, Philippines, Poland, Portugal, Puerto Rico, Qatar, Rwanda, Romania, Russia, Saint Lucia, Samoa, Saudi Arabia, Saint Kitts and Navis, Serbia, Seychelles, Singapore, Slovakia, Slovenia, Somalia, South Africa, South Korea, Spain, Sri Lanka, Sudan, Swaziland, Sweden, Switzerland, Syria, Taiwan, Tanzania, Thailand, Trinidad and Tobago, Tunisia, Turkey, Turks and Caicos Islands, UAE, Uganda, UK, Ukraine, USA, Uzbekistan, Venezuela, Vietnam, Zambia, Zimbabwe etc. Total visitors number crossed 100,000 on 14. 02. 2013. Total visitors number crossed 145,000 on 30. 09. 2013. Total visitors > 200,000 (from 01.08.2014)

Wednesday, September 28, 2011

Need to look afresh on ‘quality’

We have seen various quality improvement concepts – Six Sigma, TQM, 5-S, ISO 9001, ISO 9004, JIT, Zero defect, TPM, …. and so on. All these concepts have played a major and relevant role in improving the quality of a product (including service). In recent years we have also witnessed a number of standards, such as, ISO 14001 EMS, OHSAS 18001, SA8000, ISO 50001 EnMS, ISO 26000 SR, ISO 22000, ISO/IEC 27000 ISMS, being implemented by organizations.

Many quality gurus had defined the concept ‘quality’ in the previous millennium, i.e. in the 1900s. You may see the definitions written by Philip Crosby, Walter A Shewhart, Joseph M Juran, W Edwards Deming, A V Feigenbaum and many other quality gurus, most of those definitions are more than fifty years old, when organizations were not asked to comply requirements related with environment, social responsibility, energy, health, safety, information security etc.

ISO 9000:2005, an international standard on ‘Quality management systems – Fundamentals and vocabulary’ defines ‘quality’ as ‘degree to which a set of inherent characteristics fulfills requirements.’

It is now time to rethink with a focus on a return to the basics of quality and sound business management. Please re-examine the basics of quality and derive a new definition of ‘quality’ that remains for more than a decade. ‘Quality’ needs a definition afresh looking to the following:
- Fulfilling requirements
- Cost
- Effectiveness
- Environmental protection and performance
- Impact on society
- Human rights
- International norms of behaviour
- Risk
- Health
- Safety
- Energy efficiency
- Security
- Success (of the product/service, organization and user)

My new definition on QUALITY - I define quality as “a degree to which the product has a set of inherent distinguishing features (existing in the product as a permanent characteristics) that fulfill implied requirements of the product and also stated and obligatory (statutory and regulatory) requirements including customer requirements and those requirements: that protect and save environment, that have affordable cost for the customer, that has positive impact on society, that respect human rights, that respect international norms of behaviour, that safeguard health and safety, that conserve energy and that maintain security requirements so as to achieve and enhance satisfaction and success of the organization and its customer.”
Note –
1. Product also means service.
2. The term ‘quality’ can be used with adjectives.
© September 2011 - Keshav Ram Singhal, Ajmer, India.

I posted my above new definition on ‘quality’ for discussion with quality professional fraternity in some groups at linkedin.com (a social site of professionals) and I am overwhelmed with some reactions from a few professionals that are as under:

- John Outram, an associate at Qualimpex Inc. Canada says, “You should submit your new definition for quality to TC 176 though your National Committee.” (in Management Systems Professionals and Users group)
- Issoufou Trare, a consultant in Senegal, says, “I like this definition. But the very important challenge is to transform it to reality in numerous companies. Thanks for this fresh look.” (in Management Systems Professionals and Users group)
- Peddina Satyanarayana, Assistant General Manager at Steel Authority of India Ltd, Rourkela Steel Plant, says, “If any organization transforms KRS definition in to reality, the organization can continue to be at top. Quality is inner beauty with conformance to the requirements of customer.” John Outram liked the comment made by Peddina Satyanarayana.
- Ms. Cathleen N (National Director of Quality Assurance at Garda, Ottawa, Canada) and Ms. Farjana Ahmed (QMS Executive at ACME Laboratories Ltd., Bangladesh) have liked the discussion.

What do you think? Will you help me in defining quality with a new look by supporting my new definition or suggesting some improvement?

With best wishes,

Keshav Ram Singhal

Thursday, September 22, 2011

ISO 19011:2011

ISO 19011:2011 – Guidelines for auditing management systems – Expected to be published soon

Keshav Ram Singhal (Email - krsinghal@rediffmail.com)

International Organization for Standardization released ISO/FDIS 19011:2011 – Guidelines for auditing management systems in July 2011 to ISO members. It is expected that international standard ISO 19011:2011 will be published in October 2011.

ISO 19011:2002 is the current auditing standard that provides guidelines for auditing quality and/or environmental management system. This standard was long due for revision and since the initial publication of ISO 190011 in 2002 a number of new management system standards have been published. This has resulted in a need to consider a broader scope of management system auditing as well as providing guidance that is more generic. This is now reflected in ISO 19011:2011 that has the revised title “Guidelines for auditing management systems” instead of “Guidelines for auditing quality and/or environmental management systems” as mentioned in the existing standard ISO 19011:2002. ISO 19011:2011 will be useful for auditing any management system and also it will be useful for auditing integrated management as it will –
- Provide guidance on auditing all types of management systems, and
- Facilitate combined (integrated) audit of two or more management systems implemented by an organization.

ISO 19011:2011 will provide guidance for all users, including small and medium sized organizations and will concentrates on what are commonly termed internal (first party) and second party audits as often conducted by customers on their suppliers.
International Organization for Standardization (ISO) has already published ISO 17021:2011, a standard for conformity assessment that provides requirements for bodies providing audit and certification of management systems. After publication of ISO 19011:2011, there will be two relevant standards –
- ISO 17021:2011, Conformity assessment – Requirements for bodies providing audit and certification of management systems
- ISO 19011:2011, Guidelines for auditing management systems

The publication of ISO 19011:2011 will provide auditors, organizations implementing management systems and organizations (including certification bodies) needing to conduct audits of management systems an opportunity to re-assess their own practices and identify improvement opportunities in conducting audits.

What are the changes within ISO 19011:2011?

ISO 19011 is being revised to provide persons involved in management system auditing with good audit practice guidance relevant to the present environment. Presently there are many organizations implement management system covering multiple disciplines, for example quality (ISO 9001), environment (ISO 14001), occupational health and safety (OHSAS 18001) and information security (ISO 27000) etc.
The Principles of auditing on which the guidance is based are being revised and expanded to include the new auditing principle of ‘Confidentiality – security of information’. This will be a principle that will require auditors to be prudent in the use and protection of information acquired in the course of their duties during auditing management systems..

The main body of ISO 19011:2011 will set out good practice for Managing an Audit Programme and Performing an Audit. It will update to reflect current thinking and in parts expanded significantly. These sections will provide detailed guidance; intended to be used flexibly according to the size, level of maturity of an organization’s management system, the nature and complexity of the organization to be audited. The concept of risk in auditing is being introduced. Some guidance will be provided on combined audits, where two or more management systems of different disciplines are audited together (for example QMS and EMS, EMS and OHSAS, QMS and OHSAS). Also, the use of technology in remote auditing will be acknowledged.
Changes are being introduced in the guidance on Competence and evaluation of auditors. ISO 19011:2011 will address auditing management system covering multiple disciplines some of these may be wide ranging. The significant changes include:

- ISO 19011:2011 will identify that necessary auditor competence comprises generic knowledge and skills of management systems, plus discipline specific (for example, QMS) and sector specific (for example, aerospace) knowledge and skills. Annex A (informative) of the standard will provide examples of discipline-specific knowledge and skills of auditors, including:
- Transportation safety management
- Environmental management
- Quality management
- Records management
- Resilience, security, preparedness and continuity management
- Information security
- Occupational health and safety

ISO 19011:2011 will not include guidance on sector specific knowledge and skills of auditor. These may be developed later and published separately by the International Organization for Standardization (ISO).

The existing standard ISO 19011:2002 provides guidance on education, work experience, auditor training and audit experience that contribute to development of the knowledge and skills needed to perform audits and lead audit teams. ISO 19011:2011 will also provide guidance on knowledge and skills of management system auditors and an audit team leader but it will not make reference to auditors having completed education, work experience, auditor training and audit experience. This change will recognize that education, work experience, training and audit experience are enablers to competence, which ISO 19001:2011 and ISO 17021:2011 define as ‘ability to apply knowledge and skills to achieve intended results’. ISO 19011:2011 will recognize evaluation of competence needs, which may be carried out in a variety of ways, for example a combination of testing and examination, interview and observed audits.

1. Scope – There will be no significant changes.

2. Informative references – There will be no previous reference to terms and definitions given in ISO 9000 (QMS) and ISO 14050 (EMS).

3. Terms and definitions – New definitions for Observer, Guide and Risk are being introduced. The term risk will be used in ISO 19011:2011 in context of “risk-based auditing” and also “audit programme risks”. The definition of competence is being revised and although the change in wording appears slight it will require organizations to determine competence to achieve intended results. The starting point for which will be to define the intended results for the various activities involved in managing an audit programme and performing audits. This change will be consistent with ISO 17021:2011, a standard on conformity assessment.

4. Principles of auditing – There will be six principles in ISO 19011:2011 instead of five in ISO 19011:2002. Principles (a) – (d) will relate to auditors and the person managing the audit programme. Principles (e) and (f) will relate to the audit.

(a) Integrity – The principle of integrity will replace and expand the principle of ethical conduct mentioned in ISO 19011:2002. The principle of integrity is the foundation of professionalism.

(b) Fair presentation – There will be minor expansion that will include the obligation to report truthfully and accurately.

(c) Due professional care – the application of diligence and judgement in auditing. ‘Having the necessary competence is an important factor’ (in ISO 19011:2002) will be replaced with ‘An important factor in carrying out their work with due professional care is having the ability to make reasoned judgement in all audit situations’ in ISO 19011:2011.

(d) Confidentiality – security of information. It will be a new auditing principle, which will address the need for auditors to exercise discretion in the use and protection of information acquired in the course of their duties. The principle will refer to inappropriate use of such information for personal gain or in a manner detrimental to the legitimate interests of the auditee.

(e) Independence – the basis for the impartiality of the audit and objectivity of audit conclusions. ISO 19011:2011 will provide more specific guidance on the extent of independence that needs to be achieved, whilst recognizing that in small organizations it may be difficult for internal auditors to be fully independent. ISO 19011:2011 will refer to internal auditors being independent from the operating managers of the function being audited. ISO 19011:2011 will reflect the interpretation of independence that certification bodies generally apply.

(f) Evidence-based approach –There will be minor rewording in ISO 19011:2011 that will include the rational method for reaching reliable and reproducible audit conclusions in a systematic way.

5. Managing an audit programme – In this section ISO 19011:2011 will have considerable revision. The language of guidelines in this section will be easy to understand. There will be more clarity. Managing an audit programme guidelines will be structured in the following clauses:

5.1 - General

5.2 – Establishing the audit programme objectives

5.3 – Establishing the audit programme

5.4 – Implementing the audit programme

5.5 – Monitoring the audit programme

5.6 – Reviewing and improving the audit programme

5.1 General – This clause of the ISO 19011:2011 will recognize that an organization may implement a number of management system standards. Where the existing issue of ISO 19011:2002 refers to an organization establishing one or more audit programmes, ISO 19011:2011 will refer to an audit programme that can include audits considering one or more management system standards. Practically there will be little difference.

In this clause 5.1 of ISO 19011:2011 there will be guidance to allocate audit resources to audit those matters of significance within the management system. This concept is known as risk-based auditing.

5.2 Establishing the audit programme objectives – Title of this clause is being revised and also guidelines for structuring the content to follow the process flow guidance on the extent of an audit programme is being transferred to section 5.3.3.

5.3 Establishing the audit programme – ISO 19011:2002 states the title ‘Audit programme responsibilities, resources and procedures’ and this is being revised as new title ‘Establishing the audit programme.’. New to this issue is guidance on ‘Competence of the person managing the audit programme’. ISO 19011:2011 will add new guidance on ‘Identifying and evaluating audit programme risks’.

5.4 Implementing the audit programme – ISO 19011:2011 will provide more extensive guidance.

There will be sub-clause ‘Define the objectives, scope and criteria for an individual audit’. The sub-clause guidelines will identify that each audit should have a clear objective. This section will also highlight issues to consider when two or more management systems of different disciplines are audited together.
There will be a new sub-section ‘Selecting the audit methods’ and additional guidance on this issue will be provided in Annex B of ISO 19011.

Other sub-clauses will include: Selecting the audit team members, Assigning responsibilities for an individual audit to the team leader, Managing the audit programme outcome, Managing and maintaining audit programme records

In short we can conclude that section 5.4 of ISO 19011:2002 is being revised to provide comprehensive guidance to what was previously a list of headline topics that needed to be addressed when implementing the audit programme. Section 5.5 of ISO 19011:2002 – Audit programme records will be part of section 5.4

5.5 – Monitoring the audit programme and 5.5 – Reviewing and improving the audit programme - These two sections will replace what is stated in ISO 19011:2002 in clause 5.6 – Audit programme monitoring and reviewing. There will be minor expansion and reference to consider, such as, evaluate the performance of audit team members, consider as part of a review, alternative or new auditing methods, review the effectiveness of the measures to address the risks associated with the audit programme, review confidentiality and information security issues relating to the programme

6. Performing an audit – The clause title in ISO 19011:2002 is ‘Audit activities’ which is being revised. In this clause of ISO 19011:2011 you will find improved guidance. The section will be structured to follow the audit process flow, as under:

6.1 General

6.2 Initiating the audit

6.3 Preparing audit activities

6.4 Conducting the audit activities

6.5 Preparing and distributing the audit report

6.6 Completing the audit

6.7 Conducting audit follow-up

There will be few changes in the guidelines in ISO 19011:2011.

7. Competence and evaluation of auditors – Some significant changes are being introduced in ISO 19011:2011. The new standard will address auditing management system covering multiple disciplines. New guidance will include: Determining auditor competence to fulfill the needs of the audit programme, Personal behaviour, Knowledge and skills. The clause ‘Knowledge and skills’ will comprise: Generic knowledge and skills of management system auditors, Discipline and sector specific knowledge and skills of management system auditor. ISO 19011:2002 provides guidance for quality management system and/or environmental management system auditors, each having its own section providing guidance on auditor knowledge and skill requirements. In ISO 19011:2011 these two sections of ISO 19011:2002 will be replaced by one that will identify knowledge and skills that need to be applied to all management systems, for example, knowledge of: Legal requirements relevant to the specific discipline, fundamentals of the discipline and the application of business and technical discipline-specific methods, techniques, processes and practices sufficient to enable the auditor to examine the management system and generate appropriate audit findings and conclusions, risk management principles, methods and techniques relevant to the discipline and sector to enable the auditor to evaluate and control the risks associated with the audit programme.

ISO 19011:2011 Annex A will provide guidance on discipline-specific knowledge and skills of auditors for: Transportation safety management, Environmental management, Quality management, Records management, Resilience, security, preparedness and continuity management, Information security, Occupational health and safety.

ISO 19011:2011 will provide guidance on Generic knowledge and skills of an audit team leader, that will include knowledge and skills to: balance the strengths and weaknesses of the individual audit team members, develop a harmonious working relationship among the audit team members, manage the uncertainty of achieving audit objectives

ISO 19011:2011 will provide guidance on knowledge and skills for auditing management systems addressing multiple disciplines, achieving auditor competence.

Clause 7.6 of ISO 19011:2002 provides guidance on auditor evaluation, having sub-clauses, 7.6.1 – General and 7.6.2 – Evaluation process. ISO 19011:2011 will provide more clear guidance on auditor evaluation specifying guidance on establishing the auditor evaluation criteria, selecting the appropriate auditor evaluation method, conducting auditor evaluation, maintaining and improving auditor competence.

Thus we will find ISO 19011:2011 as a useful guidance document that will enable auditors to have more clear guidelines on auditing any management systems. The whole process of revising and preparing ISO 19011:2011 is under auspices of the ISO Joint Technical Co-ordination Group and administered by the ISO Technical Committee ISO/TC 176, ISO subcommittee ISO/TC 176/SC3 and also included interested parties for example ISO/TC 207, ISO/TC 34. ISO 19011:2011 will be the second edition of ISO 19011. The second edition of ISO 19011 will cancel and replace ISO 19011:2002 upon its publication.

Additional comments - This article written before publication of ISO 19011:2011. Please note that International Organization for Standardization (ISO) has published ISO 19011:2011 standard on 11 November 2011.

- ISO Website
- ISO 19011:2002
- ISO/FDIS 19011:2011
- IRCA Website

Friday, September 16, 2011

Top management role for quality policy

Article for review – Comments and suggestions invited

Quality policy is an important aspect of quality management implementation in an organization. According to BuisnessDictionary.com, Quality Policy is top management's expression of its intentions, direction, and aims regarding quality of its products and processes.

Quality policy means what is the overall intention and direction within an organization related to quality.1

A reader asked us about signing of Quality Policy. We add a counter question - Is it really needed to sign a quality policy? If you go through the requirements you will notice that ISO 9001:2008 QMS Standard does not mention any requirements about signing of the quality policy.

Clause 5.3 of ISO 9001:2008 QMS Standard mentions requirements for quality policy to be ensured by the top management of the organization.
Here two important related phrases are required to understand – (i) Top Management, and (ii) Quality policy.

Top management is defined as ‘person or group of people who directs and control an organization at the highest level’ and a quality policy is defined as ‘overall intentions and direction of an organization related to quality as formally expressed by top management.’

On perusal of the documentation requirements as mentioned in clause 4.2.1 of ISO 9001:2008 QMS Standard, it is observed that a documented statement of a quality policy is a part of the ISO 9001:2008 QMS documentation, so what is further required (in addition to the above) with regard to quality policy is that as a document it must be duly approved for adequacy prior to issue as per organization’s documented procedure for control of documents. In this regard, the requirements mentioned in clause 4.2.3 are relevant.

The Standard requires the top management to ensure the following2:
- Quality policy is appropriate to the purpose of the organization
- Quality policy includes a commitment to comply with requirements and continually improve the effectiveness of the quality management system
- Quality policy provides a framework for establishing and reviewing quality objectives
- Quality policy is communicated and understood within the organization
- Quality policy is reviewed for continuing suitability

Quality policy may be communicated by issuing a documented statement of quality policy, which is approved for adequacy prior to issue as per organization’s documented procedure on ‘control of documents’.

Top management is required to ensure such a quality policy that is appropriate to the purpose of the organization, that includes a commitment to comply with requirements and continually improve the effectiveness of the quality management system, and that provides a framework for establishing and reviewing quality objectives. The top management must ensure those activities that improve communication and understanding of quality policy within the organization. In most organizations, QMS documentation (including quality policy statement) are generally developed by a team of people and then approved for adequacy prior to issue. Here it is immaterial who signs the quality policy or the quality policy is signed or unsigned. Even a quality policy verbally expressed by the top management in a meeting with staff or board of directors or annual general meeting may be termed as formally expressed overall intentions and direction of the organization related to quality by the top management.

Where a duly approved ‘quality policy’ statement is communicated and understood within the organization, that will serve the purpose and intent of quality management system as per ISO 9001:2008 QMS Standard. So take such steps that improve internal communication and understanding of the quality policy within the organization.

(Please send your comments to divyagim@gmail.com and/or keshavsinghalajmer@gmail.com)

1. http://qiblog.blogspot.com/2011/05/what-is-quality-policy.html
2. Singhal and Singhal (2008) Implementing ISO 9001:2000 QMS: A reference Guide, Prentice Hall India

- Dr. Divya Singhal & Keshav Ram Singhal