ISO 9001:2008 QMS Awareness

PROBLEM SOLVING APPROACH ‘DRIVE’

2012-01-29T06:40:00.000-08:00

Write-up – 2
Understanding Statistical Tools and Techniques

PROBLEM SOLVING APPROACH ‘DRIVE’

‘DRIVE’ is a problem solving methodology. It is an approach to problem solving and analysis that can help an organization to improve its processes.

The full form of ‘DRIVE’ is ‘Define-Review-Identify-Verify-Execute’. Using this methodology requires following steps:

D – Define – You should define – (i) the scope of your problem, (ii) the success criteria measurements – including deliverables and success factors that you agree

R – Review – Review the current situation of the problem, understand the background of the problem, determine and collect information – performance data, problem areas, improvement options

I – Identify (determine) – Identify (determine) improvement options or solutions to the problem – What changes you need to improve your process so as to enable to rectify the problem

V- Verify – Verify (check) – Whether determined improvement options or solutions will bring those results that we defined as the success criteria measurements

E – Execute (implement) for solutions and improvement – Plan and execute improvement options or solutions, check the results.

We are a quoting a simple example using ‘DRIVE’ methodology. In a class, when result of first assessment test announced, the management was worried looking to the result that 50 percent students failed in Mathematics, while in other subject the result was 95 to 100 percent. The school management used the problem solving approach ‘DRIVE’.

Define – Scope of the problem – 50 percent students failed in Mathematics. Success criteria – 95 percent students should get good marks in Mathematics.

Review – Current situation – Students of the class are good in other subjects. They could not get good marks in Mathematics. Background – The mathematics teacher resigned in the month of July and the Mathematics class is taken by other subject teacher. There is a shortage of Mathematics subject teachers in the school. School requires three Mathematics subject teachers, while there are two only. Problem area – Recruitment process requires advertisement in local newspapers and then selection of qualified teacher. No action yet initiated. Improvement option – Immediate action to start recruitment process

Identify – Identify (determine) – the recruitment procedure with timeframe objective and also during the time gap outsource Mathematics teacher from other schools and also plan taking extra periods on Sunday with the help of two Mathematics teachers available in the school on payment of extra remuneration.

Verify – Verified shortage of teachers and found improvement options suitable to solving the problem.

Execute – The school management took immediate steps to contact nearby schools and one school agreed to depute their one Mathematics teacher for one month. Extra classes were organized on Sunday with the help of two teachers. Recruitment process started and within one month a new Mathematics teachers recruited.

Thus the school management is able to improve its processes by using a problem solving approach ‘DRIVE’.

How you liked the write-up. Please post your comments. Thanks.

Understanding Statistical Tools and Techniques

2012-01-29T06:27:00.000-08:00

Write-up – 1

Understanding Statistical Tools and Techniques

Implementing an effective quality management system requires measurement, analysis and improvement. ISO 9001:2008 QMS Standard mentions requirements for analysis of data. There are a number of statistical tools and techniques available for monitoring, measuring, analyzing and improving the organization’s processes. We are starting a series of articles under the heading ‘Understanding Statistical Tools and Techniques’. Some of the tools and techniques are as under:

- Problem solving approach ‘DRIVE’
- Brainstorming
- Cause and effect diagram – CED – Fishbone diagram – Ishikawa diagram
- Cause and effect diagram with addition of cards – CEDAC
- Check sheet
- Control chart
- Histogram
- Pareto analysis
- Scatter diagram
- Stratification
- Process mapping
- Process flowcharting
- Force field analysis
- Bar chart
- Matrix analysis
- Tally chart

The use of statistical techniques helps organization in understanding variability. It helps organizations to solve problems. It also helps organization to improve effectiveness and efficiency. The statistical techniques also facilitate better use of available data to assist in decision making. Seven tools from the above are known as basic quality tools. These are:
- Cause and effect diagram – CED – Fishbone diagram – Ishikawa diagram
- Check sheet
- Control chart
- Histogram
- Pareto chart
- Scatter diagram
- Stratification

As per requirements of ISO 9001:2008 QMS Standard, an organization is required to determine, collect and analyze appropriate data. This must include data generated from relevant sources including as a result of monitoring and measurement. The analysis of data must provide information relating to:
- Customer satisfaction (See for reference clause 8.2.1 of the ISO 9001:2008 QMS Standard)
- Conformance to product requirements (See for reference clause 8.2.4 of the ISO 9001:2008 QMS Standard)
- Characteristics and trends of processes and products including opportunities for preventive action (See for reference clause 8.2.3 and 8.2.4 of the ISO 9001:2008 QMS Standard)
- Suppliers (See for reference clause 7.4 of the ISO 9001:2008 QMS Standard)

To improve organization’s processes by means of a systematic approach, people working in the organization require the knowledge of simple kit of tools and techniques. The person who actually works on the processes needs to understand these tools and techniques, so that he can effectively use these tools. Some may think that these tools are complex and require higher knowledge of Mathematics or Statistics. However, we will make the study of these tools and techniques in a language easy to understand. We request our readers to please send/post your comments and suggestions for improvement.

Mutually Beneficial Supplier Relationship

2012-01-28T04:34:00.000-08:00

The ISO 9001:2008 QMS standard is based on eight quality management principles and one of the principles is ‘mutually beneficial supplier relationship’. A supplier is a partner of an organization in its product realization. An organization and its suppliers are interdependent. A mutually beneficial relationship between the organization and its supplier enhances the ability to both to create value to each other.

Purchasing is an important activity under the product realization. The organization needs to ensure that purchased product conforms to specified purchase requirements. Accordingly, the organization needs to maintain control on the purchasing process, and thus it requires selection and ongoing review of supplier’s capabilities.

Implementing ISO 9001:2008 quality management system requires adoption of process approach and an organization is not able to improve its processes until the organization is able to get support from its supplier. As a result there is a necessity to improve organization-supplier relationship for mutual benefits.

An organization can take some steps to develop its suppliers. The organization can create partnership by encouraging its suppliers to become customer-focused. It can organize meetings with its suppliers to better communicate purchasing needs. The organization can motivate the supplier to move towards quality management system, if the supplier is not on this way. The organization can organize training for the staff of its suppliers to better communicate issues of meeting requirements and also to develop them.

It is for the organization to think how it can improve mutually supplier relationship and if the organization proactively acts in improving the relationship, the organization will be able to earn following benefits:
• Increased ability to create value for the organization and its suppliers
• Optimization of resources
• Long-term benefits

- DS & KRS

Do not be frustrated while implementing QMS

2012-01-13T05:48:00.000-08:00

You are involved in the implementation process of ISO 9001:2008 QMS standard and you find that managers and employees in your organizations do not have the passion for quality and/or continual improvement. Such situations are generally observed and it may create frustration among people, who wish to implement quality management system in the organization with full zeal.

Don’t be frustrated with people’s behavior. Be positive. You may find some obstacles in the beginning. May be people around you are not sure of the returns. Your first priority is to create awareness among people about the system. Educate them. Explain how quality management system is useful to them as well as to the organization. It is observed that some organizations implement the ISO 9001:2008 QMS standard without making reasonable efforts for training people. Training of people is important. It should be treated as investment, not as an expense.

People won’t be interested in implementation of quality management system unless they know what it means to them and to their job.
- Explain why the quality management system is important to the organization.
- Explain how the quality management system will make their job easier.
- Explain what they will be required to do for implementing the system.

With best wishes,

DS&KRS

A Conversation on QMS Internal Audit

2012-01-05T23:37:00.000-08:00

Keshav Ram Singhal

I posted an article ‘Adding value to internal QMS Audits’ at my blog on ‘ISO 9001:2008 QMS Awareness’ (Link: http://iso9001-2008awareness.blogspot.com) on 6th October 2011. Just after a few days I received a telephone call from a friend. He desired to meet me and accordingly we met and have conversation on the topic. Here-in-below I describe the conversation for the information of my readers.

My friend – Your article ‘Adding value to internal QMS Audits’ is good, but it does not speak about the mistakes generally done by internal auditors and solutions to those mistakes.

KRS – Thanks for the input, however, can we have conversation on your point? First, I would like to know what common mistakes you observe from your internal auditors.

MF – Our organization is a manufacturing unit and more than 150 employees are working in our unit. We have provided internal audit training to five employees, who are being assigned the task of QMS internal auditing in our organization and I am observing that our internal auditors do not carry out the audit with sincerity. They view auditing as a routine task.

KRS – Yes, many auditors view auditing as a mundane task, just as a routine. This is unfortunate. They should set out to add value to organization’s business.

MF – Adding value to organization’s business. How?

KRS – Motivate your internal auditors to be alert with the organization’s objectives and during audit process auditors should keep their eyes and ears open.

MF – Every person keep eyes and ears open while working. What do you mean?

KRS – It is very true that a person generally keeps his eyes and ears open, but whether he actually looks to and/or hears the problems in the auditee’s area is relevant point for an auditor. I want to emphasize that while auditing the auditor should grasp the opportunity to seek out problems so that your organization can propose adequate solutions for the continual improvement and the effectiveness of your quality management system.

MF – Yes, I understood your point, but one problem generally we see. Auditors are interested in finding lapses or omissions, so that they can blame someone. Auditors give an impression that they are looking for something so that someone can be blamed.

KRS – Here our article ‘Adding value to internal QMS audits’ that has included a relevant valid point. When an auditor observes a problem or nonconformity, he should not see who is responsible. Rather he should consider why and what caused the problem or nonconformity. When you consider why and what caused the problem or nonconformity, you may find various points, such as, there was inadequate training, applied procedures were unrealistic, resources were insufficient, there was not enough time for doing things properly, there may be better way of doing things.

MF – You are very right. But auditors feel happy when they raise CAR or NCR on the auditee. They want to blame that people are not working properly.

KRS – Auditors should focus on the processes of the organization and not on the persons. Auditors should avoid careless words like, ‘whose lapse would that be?’, and ‘who did it?’ It should be the endeavour of the auditor to find out ‘what part of the system is letting the auditee or organization down?’ An auditor should always remember the mantra that ‘Audits uncover defects in the system.’

MF – Nice, but I have noticed that although organization incurs lot of expenses on the training of internal auditors, but they perform their QMS internal audit without sufficient preparation. What do you say about preparation for QMS audit?

KRS – Yes, I agree organizations invest on trainings of QMS auditors, but it is also the moral responsibility of the MR and the top management to provide necessary support for conducting an audit. It is bad if an auditor perform an audit without sufficient preparation. An auditor should do his homework and check through the standard and relevant work procedures of the organization. As I earlier stated, auditors should focus on the processes of the organization.

MF – You said, check through standard. Which standard?

KRS – ISO 9001:2008QMS Standard. This is the standard which provides requirements for quality management system.

MF – How to check?

KRS – The auditor should draw up a checklist with the relevant part of the ISO 9001:2008 QMS Standard and internal procedures of the organization. If an auditor is new for auditing work, then he should allow more time in his audit preparation.

MF – That’s right, but it may happen that an auditor may skimp on details, when he asks many questions to an auditee.

KRS – It is observed that a careless person may skimp on details and move from being objective to subjective. It is for the auditor to always seek out objective evidence. An auditor should always ask open questions.

MF – How?

KRS – Such questions that can provide objective evidence, such as, show me, how you do, what is it … The auditor should listen the reply of the auditee with patience, but he should not be deflected by a good talker. The auditor should be more careful if the auditee is a talkative person. While asking questions an internal auditor should remember 5W1H for asking open questions. 5W1H means what, where, who, why, when and how.

MF – This is a good suggestion to remember 5W1H.

KRS – Very true, if you ask any questions using any of the 5W1H, you will find answer in detail. No question can be replied with an answer yes or no, if you have used any of the 5W1H. It is seen that auditors generally ask closed questions because of time pressures. It will be good not to skimp on detail of time pressure. Auditor should record good and bad aspect.

MF – What you wish to emphasize? Good or bad aspects?

KRS – Good aspect is for conformity and bad aspect is for nonconformity. Conformity to standard’s requirements and/or organization’s established procedures will come under good aspects, and nonconformity to standard’s requirements and/or organization’s established procedures will come under bad aspects. An auditor should look for evidences in the manner things are being planned meets customer requirements, applicable legal requirements, standard’s requirements and organization’s own requirements. He should look for evidence that processes are being carried out in the manner they are planned.

MF – So, it is an objective of an auditor to look for objective evidences.

KRS – You are very right. It should also be an objective of an internal auditor to see that the process approach is effectively implemented in the organization and the organization is adhering to PDCA cycle.

MF – Good … Good, but what I feel that preparing an audit report is also an important work for an internal auditor. Many times it is observed that auditor’s report lacks content and traceability.

KRS – Yes, very true, you are. An auditor should not slip into the habit of vague generalizations, such as – ‘I have checked several processes/requirements and found compliance.’ He should list all areas, activities, procedures, standard’s requirements with relevant reference that he checked during audit process. If an auditor has raised any NCR or CAR, he should refer to and include its reference number in the audit report. The auditor should remember that someone, either MR or top management, will refer to his report and would like to retrace his steps. A value added internal audit is that is useful in helping the organization to achieve organization’s objectives and continually improve. A value added audit supports and encourages result-oriented systems. It helps to identify strong and weak points and focus on continual improvement in the organization. A value added internal audit gives confidence that QMS is implemented in the right spirit.

MF – Thanks, Mr. Singhal for the conversation.

KRS – Thanks.

Abbreviation used – CAR = Corrective Action Report, NCR = Nonconformity Report, MR = Management Representative, PDCA = Plan Do Check Act, QMS = Quality Management System

'Singhal Institute for Training and Education Trust' announces 3rd Batch of Distance Learning Training on 'ISO 9001:2008 QMS Awareness'

2012-01-03T08:29:00.000-08:00

The features of 3rd Batch of Distance Learning Training on 'ISO 9001:2008 QMS Awareness':

* Concessional fee

* An endeavour to create awareness

* The programme will provide an opportunity to the learner to know the requirements of ISO 9001:2008 Quality Management System and related concepts. Upon completing this training course, the participant should be able to understand: - Quality concept, - Eight Quality Management Principles - Requirements interpretation - Effective implementation of ISO 9001:2008 QMS - Importance of documentation, management review, internal audit and continual improvement.

* Course contents – Introduction about ISO, Quality concept, Quality Management Principles, Step-by-step approach in implementation of ISO 9001:2008, General and documentation requirements, Management responsibility requirements, Resource management requirements, Product realization requirements, Measurement, analysis and improvement requirements, Certification / registration process.

* Third batch of this Training Programme on "ISO 9001:2008 QMS Awareness‟ is a distance learning training and will be imparted to candidates on a subsidized fee, who seek admission to the course between 1 January 2012 to 31 March 2012.

* Upon successful completion of the training, the learner will be awarded with a "Certificate of Successful Completion of the Training".

Those interested should send an email to site.ajmer@gmail.com so as to enable us to send more details.

With best wishes,

KRS

QUESTION-ANSWER FORUM

2011-12-12T00:05:00.000-08:00

What is the difference between customer satisfaction and customer delight?

KRS answers: Satisfaction is the contentment one feels when one has fulfilled a desire, need, or expectation. Delight is, to take great pleasure or joy. These simple words (satisfaction and delight) have a slightly different meaning, but all have a significant impact on the attitudes and behaviors of customers.

If organization can move customers from being simply satisfied to delighted, the business benefits are enormous. Organizations, which have delighted customers, have created customer loyalty.

It should be the objective of an organization to focus on taking satisfied customers to a state of delight. Satisfaction is based on fulfilling the expected while delight occurs from the unexpected. Delighting customers is a win for the customers, provides a competitive advantage and results in increased sales and profit for the organization. Delight is going beyond the customers’ expectations.

There is a significant difference between satisfied and delighted customers. Delighted customers will be more loyal and a business can create customers for life.

What is the retention period of quality manual?

KRS answers: No requirement with regard to the retention period of the quality manual is mentioned in ISO 9001:2008 QMS Standard. It is for the organization to decide the retention period of the quality manual. It is required that organization, implementing ISO 9001:2008 QMS, must maintain quality manual.

Is certification a requirement for ISO 9001:2008 QMS?

KRS answers: Please note that certification is not a requirement of ISO 9001:2008 QMS Standard and many organizations are implementing ISO 9001:2008 QMS Standard without obtaining its certification.

Who should be asked to prepare work instructions?

KRS answers: Owner of the work (who carries out the work) should be asked to prepare work instructions. Generally it is seen in organizations that people who carries out the work (owners of the work) are not good in communication skills, so the organization should decide the responsible appropriate person, who is good in communication skills, to prepare work instructions with inputs and help from the owner of the work. The appropriate person may be from engineering, QA or any other department. The focus should be 'how to prepare better work instructions in the organization'.

Please submit your question(s) on ISO 9001:2008 QMS by email to krsinghal@rediffmail.com or keshavsinghalajmer@gmail.com and if your question(s) is/are of general interest, we shall try to answer in this blog through forthcoming post.

With best wishes,

KRS

Article – Management Review

2011-11-06T20:36:00.000-08:00

“Is conducting ‘management review meeting’ only option for management review? Look for other alternatives”

Keshav Ram Singhal

Most organizations including consultants believe that conducting ‘management review meeting’ is mandatory and to achieve ISO 9001 QMS compliance certification, and organizations generally keep records of management review meetings to provide evidence to auditors that they have conducted management review. This seems to be the easiest and convenient way of reviewing organization’s quality management system. In practice auditors also ask questions on conducting management review meetings and wish to see relevant records.

When I read ISO 9001:2008 QMS Standard, I come to know from clause 5.6.1 that top management must review the organization’s QMS at planned intervals to ensure continuing suitability, adequacy and effectiveness of the QMS. Nowhere the standard states the term ‘management review meeting’. Akio Miura, a QMS consultant in Tokyo (Japan), says, “Management review meeting is merely one of the means for management review. There are better ways for management review than holding meetings periodically.” He further says, “You do not necessarily always have to hold the meetings if you are doing better ways.” For this his arguments are supported by valid points that he says, “Discussing the impact of changes is too late by periodic management review, and it is not recommendable. For example, if you made some change in October and the next management review is scheduled in January, discussing that change in January may be too late if it caused some negative impact or problems during the period between October and January.” He suggests, “Management review by top management or at least by the management representative must be done in day-to-day activities. Periodic management review is to verify that all changes made in the past xxx month period did not cause any problem or negative effect. This is the smartest and surest way of change management and management review for it.” In this connection, Akio Miura’s views are relevant and require attention by organizations.

The ‘ISO 9001 Auditing Practices Group’ has been constituted as an informal group of quality management system (QMS) experts, auditors and practitioners, drawn from the ISO Technical Committee 176 Quality Management and Quality Assurance (ISO/TC 176) and the International Accreditation Forum (IAF). The group has developed a number of guidance papers and presentations that contain ideas, examples and explanations about the auditing of quality management systems. It has also issued a guidance paper　on ‘Auditing Quality Policy, Quality Objectives and Management Review’ on 5 June 2009 that states, “… ISO 9001 requires top management to review the organization’s quality management system, at planned intervals, to ensure its continuing suitability, adequacy and effectiveness. The review could be carried out at a separate meeting but this is not a requirement of the standard. There are many ways in which top management can review the quality management system such as receiving and reviewing a report generated by the management representative or other personnel, electronic communication or as part of regular management meetings where issues such as budgets and targets are also discussed. …” It further says that the management review is a process that should be conducted and audited utilizing the process approach.

Management review meeting is one of the tools of conducting management review and most organizations are conducting such meetings. But conducting such meeting is not a requirement of the ISO 9001:2008 QMS Standard. In today’s environment, we have advanced technological and communication facilities available with us, so there are other ways of reviewing the quality management system. Just think the other alternatives and one can find alternative way.

I suggest a practical cost-effective process of management review without holding a management review meeting at a particular place on a fixed date and time:

(i) Make a list of people in the top management team of your organization in accordance with the seniority. There must be head of the organization (such as CMD in corporate organizations, senior partner in partnership firms, managing trustee in trust organizations, etc.).

(ii) The management representative should act as the convener to the management review process.

(iii) The head of the organization should decide the frequency of management review (planned intervals) and a reference about this should be mentioned in the quality manual of the organization.

(iv) The management representative should collect information on:　Results of audits (external as well as internal), customer feedback, process performance, product conformity, status of preventive action, status of corrective actions, follow-up actions from previous management review, changes that could affect the quality management system (such as changes in the QMS documentation, procedures, processes, changes in the management, changes in the organization, changes in the policy, changes in the organization’s technique and/or technology, changes in the resources etc.) and recommendations for improvement.

(v) The management representative should prepare a report of ‘management review inputs’ and send copy of this report to top management team members with a request to send their review comments to the head of the organization. There should be targeted date for sending the review comments.

(vi) The head of the organization should review the report of the management representative and comments received from the top management team members. He should take any decisions related to the improvement of the effectiveness of the quality management system, improvement of the effectiveness of the processes，improvement of the product and resources needs. The top management should communicate such management review output decisions to the management representative for necessary communication and action.

(vii) The management representative should communicate to relevant departments about the management review outputs and take appropriate action. A copy of management review output should also be communicated to top management team members.

(viii) The management representative should keep relevant records of management review.

Holding a meeting of top management team members at a particular place on a fixed date and time may sometimes appears to be tough and costly affair to organizations and in such a situation the management review process as stated above will provide you a cost effective option.

Courtesy
ISO 9001 Auditing Practices Group Website
ISO Website
Special thanks to Akio Miura, ASQ Fellow,
ASQ CQA/CQE/CMQOE/CRE/CSSBB/CBA/CHA/CSQE, and RAB/IQA/QSA approved ISO Lead Auditor Training Instructor, Quality Management Consultant

ADDING VALUE TO INTERNAL QMS AUDITS

2011-10-06T07:24:00.000-07:00

Article for review- First draft

We invite your comments on the write-up. Thanks.

Dr. Divya Singhal
&
Keshav Ram Singhal

AUDIT TYPES

Audits are categorized under three types:
• First party or internal audit
• Second party or supplier audit
• Third party or certification audit

First party or internal audit: First party or internal audit is conducted by the organization itself (or conducted on behalf of the organization) for management review and other internal purposes. It is an internal management tool. People within the organization generally conduct this type of audit. First party (internal) audit may form basis for self-declaration of conformity to management systems. Many organizations in the world are now stopping third party certification. Internal audit is a mandatory requirement of ISO 9001:2008 QMS Standard.

Second party or supplier audit: Second party or supplier audit is conducted on supplier or organization (excepting customers) by parties having an interest in the organization (such as customer), or other persons on their behalf. Such type of audit provides a vendor assessment facility for an organization as it audits its supplier to assess their suitability for future or continuing contracts.

Third party or certification audit: Audits conducted for certification fall in this category. An assessment to achieve certification to the ISO 9001:2008 QMS Standard would fall under this category. Third party (certification) audit is conducted by external, independent auditing organization (generally known as certification body or registration body).

Who is the customer for audit?

ISO 9000:2005 defines customer as “the organization or person that receive a product.” Accordingly, a customer may be a consumer, client, end-user, retailer, beneficiary and purchaser. Customer with respect to different audit situations may be as under:
• First party audit customer: Management Representative, top management and the auditee department.
• Second party audit: Typically the purchasing department of an organization, who use the results of the audit as a basis for supplier qualification.
• Third party audit customer:
 Contractual customer: Organization interested in certification or the certified organization, next time different perspectives: Management Representative, Top management
 Ultimate customer: Those who purchase or receive product from the organization. (The certification body should never loose sight to this point and the body should act in the interest of the ultimate customer.)

Value-added audit situation

Value-added internal audit should be useful to the auditee, management representative and top management.
• To the auditee: by describing areas of weakness (i.e. noncompliance of requirements) and by promoting a better understanding of the organization’s quality management system or environmental management system.
• To the management representative: by having an overview of the organizational processes and interactions, by promoting a better understanding of internal supplier / customer relations, and by stimulating better communication between functions (i.e. breaking down interdepartmental barriers).
• To the top management: by verifying effective deployment of policies and objectives throughout the organization.

Value-added third party audit should be useful to the certified organization (or organization seeking certification), to the organization’s customers and to the certification body in the following manner:
• To the certified organization: by providing information to the organization’s top management regarding organization’s ability to meet strategic objectives, by identifying problems (if resolved, will enhance the organization’s performance) and by identifying improvement opportunities and possible areas of risk.
• To the organization’s customers: by enhancing the organization’s ability to provide conforming product.
• To the certification body: by improving the credibility of the third party certification process.

What is an internal audit?

Internal audit is used as a tool to monitor and determine the health of the quality management system implemented in the organization. The findings of internal audit can help in initiating appropriate measures. Internal Audit is used to measure the effectiveness of an organization’s quality management system. The ISO 9000:2005 Standard defines audit as “systematic, independent and documented process (set of interrelated or interacting activities which transform inputs into outputs) for obtaining audit evidence (records, statements of fact or other information which are relevant to the audit criteria and verifiable) and evaluating it objectively to determine the extent to which audit criteria (set of policies, procedures or requirements relating to audit) are fulfilled.”

Accordingly, we can come to following conclusions:
• An audit is a systematic process.
• An audit is an independent process.
• An audit is a documented process. There must be a documented procedure.
• An Audit is conducted for obtaining audit evidence.
• An audit is conducted for evaluating audit evidence objectively.
• An audit determines the extent to which audit criteria are fulfilled.

Organizations, implementing ISO 9001:2008 quality management system for certification / registration, periodically go through two types of audits:
1) Third party audits by certification/registration body, and
2) Internal audits.

Internal audit is called first-party audit. It is conducted by the organization itself or conducted on behalf of the organization. Internal audit is self-audit by the organization and generally conducted by its own auditors. Internal audit can form the basis for an organization’s self-declaration of conformity.

Internal audit is a systematic process. A process is defined as set of interrelated or interacting activities, which transforms inputs into outputs. Accordingly, audit evidences are inputs to internal audit process and audit results are its output. Audit results become the input to management review process (Please refer to clause 5.6.2 of ISO 9001:2008.)

INTERNAL AUDIT REQUIREMENTS

Internal audit requirement are mentioned in clause 8.2.2 of the ISO 9001:2008 Standard. The purpose of internal audit is to ensure that the quality management system of the organization conforms to the planned arrangements to the requirements of the ISO 9001:2008 Standard and the quality management system requirements established by the organization. The purpose of internal audit is also to ensure that the quality management system is effectively implemented and maintained in the organization.

Requirements of the ISO 9001:2008 Standard with regard to internal audit are as under:
• The organization needs to conduct internal audits at planned intervals. Accordingly, frequency of internal audit is to be decided by the organization. The International Standard has not stipulated any time period.
• An audit programme must be planned taking into consideration of the following:
• The Status and importance of processes,
• Areas to be audited, and
• Results of previous audit(s).
• The organization must define audit criteria, scope, frequency and method.
• Selection of auditors and conduct of audit must ensure objectivity and impartiality of the audit process.
• Auditor is not allowed to audit his own work.
• The organization is required to define in a documented procedure the responsibilities and requirements for planning and conducting audits, and for reporting results and maintaining records.
The management responsible for the area being audited must ensure that actions are taken promptly to eliminate detected nonconformities and their causes. Follow-up activities must include the verification of the actions taken and reporting of verification results.

Nonconformity

ISO 9000:2005 Standard defines nonconformity as “non–fulfillment of a requirement”. Accordingly, non-fulfillment of need or expectation (stated, generally implied or obligatory) is termed as nonconformity. In simple terms, nonconformity is something that did not go according to plan. Nonconformity is a deviation from the requirement. Nonconformity provides improvement opportunity to the organization.

Why may internal audit useless?

Ellen Willoughby (Management Consultant and Owner, All About Quality, Northampton, UK) says, “The main reason internal audits are useless because they are being carried out to a check-list that is designed against the Quality Management Standard you are working to and not your business.”

Adding value to QMS Internal Audit

Felix Dlamini, a Project Manager in Swaziland, says, “Focusing on specific areas or clauses of the standard to which the internal audit is conducted is one way of increasing the understanding of the requirements of a QMS and to ensure the organization complies. This however requires that the internal auditors are competent and are able to bring together related concepts within a standard even if they appear on different clauses of a standard.”

Madhavi Shrivastava, a Quality Management Professional in Houston, USA says, “Often it happens that external auditors are able to find gaps and improvement areas but internal audits portray a highly satisfactory picture of QMS.” She suggests a few points that can increase value addition of internal audits: (1) Senior management and management representative are successful in creating a climate where internal audits are valued and taken seriously by all. (2) QMS objectives and targets are linked to business results. And internal audits are able to bring out what is the trend of improvement of key business processes. (3) Internal auditors are selected, trained and coached well to conduct a useful audit. Compliance verification is the basic requirement but as time progresses auditors need to go beyond that to keep QMS really adding new improvement.

Important point we believe that an internal audit requires internal auditor(s) that should be well trained in auditing techniques and knowledgeable in effective, improvement and cost reduction methods to provide value added results. Most organizations that are certified to ISO 9001:2008 QMS Standards use organization’s internal auditors who do internal audits on an as needed basis. Training and conducting audits is such a small amount of their job that they never have time to tune and improve their audit skills. Employees often get promotions, get busier, or may even leave the organization. All of these circumstances cause organizations to be in a constant internal auditor training mode, leading to ineffective audits costing money each year, which normally are not resulting in a positive result. When an experienced, trained staff conducts audits for a living, which is well trained, and very knowledgeable about improvement methods and techniques, then the internal audit will result in a positive outcome. The internal auditor must undergo training each year to ensure continuing to improve his knowledge and skills. Every internal audit must provide results in opportunities for improvements and/or preventive actions, which will reduce risks, increase customer satisfaction, reduce costs, improve product and service quality, and much more.

We give below a few tips by which internal auditors will be able to add value. Internal auditors should use PDCA methodology for conducting internal audit. It can be done by proper audit planning, using audit techniques that should focus on processes and results, obtaining and reporting objective audit findings and carrying out follow-up for eliminating nonconformance. Accordingly, it is better for the internal auditor to use following tips:
• The internal auditors should understand the intent of ISO 9001:2008 QMS Standard, expectations of the top management towards continual improvement and corporate culture
• The internal auditors should peruse the output from previous audits (both internal as well as external) to identify any specific issue or concern still requires improvement
• The internal auditor should understand what are customers’ and applicable legal requirements
• The internal auditor should seek adequate time for auditing
• The internal auditor should focus more on the process, process performance and results.
• The internal auditor should remember eight quality management principles and use of PDCA approach to evaluate the process effectiveness – (i) Whether process planning carried out? (ii) Whether the process carried out according to the process planning? (iii) What are the expected results? (iv)Whether expected results are being achieved? (v) What is the nonconformance?
• The nonconformance identified by the internal auditor should be based on an objective evidence
• The internal auditor should provide adequate opportunity to correct the nonconformity
• The internal auditor should make effort to identify root causes of problems
• The internal auditor should not see who is responsible – rather consider why and what caused the problem (please see here-in-below note in this regard)
• The internal auditor should adopt a ‘holistic’ approach while gathering objective evidence during auditing
• The internal auditor should analyze the finding and relate to the organization’s ability to provide product that meet customer and applicable legal requirements
• The internal auditor should report audit findings
• The internal auditor should also emphasize positive findings as appropriate
• The internal auditor should consider solution/correction proposed by the auditee in response to the ‘negative finding’ (nonconformance)
• The internal auditor should carry out process audit by following the path the auditee takes to carry out the process
Rob De Leur, Process Risk Advisor at Amsterdam, Netherlands is of the opinion that the internal audit often brings to little serious input for improvement and says, “I am auditing now for almost 20 years and think that a lot (most) of the internal audits performed don't bring much for the management. Auditing is a profession and when you do this now and then with all the good effort, it results to many times in some non-conformity that can't really improve the system or the organization. Too many times the internal auditor is happy when he/she finds something and then the management of course always react 'great job'. When I do my ISO9001 audits combined with the approach and principles of risk management, then we are really talking serious auditing (and clients also confirm). My opinion is not negative but too many times realistic. I am sure that a good professional executed internal audit can be of great help.” Dominador, Jr. Garrovillas, Audit and Systems Compliance Manager in Philippines says, “We use the RFR approach, i.e., we write first the Requirements, second the Findings, and lastly the Risk to the business.” (From a discussion in ‘ISO 9001’ group at linkedin.com)

Do not see who is responsible. Rather consider why and what caused the problem or nonconformity

When you observe a problem or nonconformity, do not see who is responsible. Rather consider why and what caused the problem or nonconformity. When you consider why and what caused the problem or nonconformity, you may find:
• There was inadequate training.
• Applied procedures were unrealistic.
• Resources were insufficient.
• There was not enough time for doing things properly.
• There may be a better way of doing things.

What is most important? Find out fundamental cause of the nonconformity and stop it from happening again. We need to ask “WHY? WHY? WHY?” We should not ask – WHO?

WHY? WHY? WHY?

Why should we consider “WHY? WHY? WHY?” question? The simple reason is that we may be able to find root cause of the problem. The following examples may clarify this technique.

First example
• WHY was there nonconformity in the design department?
• “Because Mr. Jain did not follow the procedure.”
• WHY did not Mr. Jain follow the procedure?
• “Because Mr. Jain never received training.”
• WHY did not Mr. Jain receive the training?
• “Because Mr. Jain was on leave at that time.” Or “Because the department head did not relieve Mr. Jain for the training.”
• WHY did not the organization management realize this, and train him later?
• “Because the organization management or department people do not foresee this in the SYSTEM.”

Here we find that there is an area of improvement.

Second example
• WHY was there nonconformity in the manufacturing section?
• “Because Mr. Desai did not follow the procedure.”
• WHY did not Mr. Desai follow the procedure?
• “Because Mr. Desai did not have the right equipment.”
• WHY did not Mr. Desai have the right equipment?
• “Because our organization does not have a preventive maintenance plan.”
• WHY did not the organization have a preventive maintenance plan?
• “Because preventive maintenance plan is not in the system.”
Here we find that there is an area of improvement.

Third example
• WHY did not things go according to plan?
• “Because Mr. Sharma followed the procedure, even though he knew the procedure was wrong.”
• WHY did Mr. Sharma follow the procedure?
• “Because the procedure was a documented procedure and Mr. Sharma was scared to get nonconformity!!” Alternatively, “Because that is the easy way out, he followed documented procedure.” Or “Because then Mr. Sharma cannot be blamed.”
Here we find that there is an area of improvement.

It is not “value added”

We should understand that “Value-added” is NOT making the audit more difficult by adding on additional requirements. The auditor should not add additional requirement, which is not required. We should also understand that “Value-added” is NOT making the audit too easy, so nobody believes in the results of the audit.

Value added auditing aims to add value, the organization will find useful. Value added auditing encourages result-focused systems, with minimum bureaucracy. Value added auditing helps to identify strong and weak points and focus on the ways to improve. Value added auditing provides CONFIDENCE that the quality management system is king and the organization is providing CONSISTENT, QUALITY PRODUCT to its customers.

ISO 9001 Auditing Practices Group

The ISO 9001 Auditing Practice Group is an informal group of quality management system (QMS) experts, auditors and practitioners drawn from the ISO Technical Committee 176 Quality Management and Quality Assurance (ISO/TC/176) and the International Accreditation Forum (IAF).

The group has developed a number of guidance papers and presentations on various QMS auditing topics including the following:
• The need for a two- stage approach to auditing
• Measuring QMS effectiveness and improvements
• Identification of processes
• Understanding the process approach
• Determination of the ‘where appropriate’ processes
• Auditing the ‘where appropriate’ requirements
• Demonstrating the conformity to standard
• Linking an audit of a particular task, activity or process to the overall system
• Auditing continual improvement
• Auditing a QMS which has minimum documentation
• How to audit top management processes
• The role and value of the audit checklist
• Scope of ISO 9001: 2000, scope of Quality Management System and defining scope of certification
• Value- added Auditing
• Auditing competence and the effectiveness of the action taken
• Effective use of ISO 19011: 2002, Guidelines for quality and/or environmental management systems auditing
• Auditing statutory and regulatory requirements
• Auditing quality policy, quality objectives and management review
• Auditing the control of monitoring and measuring devices
• How to add value during the audit processes
• Guidance for reviewing and closing nonconformities
• Auditing internal communication
• Auditing service organization
• Third party auditor impartially and conflict of interest
• Auditing the effectiveness of the internal audit
• Auditing electronic based management systems
• Auditing the management of resources
• Auditing customer communications
• Auditing the design and development process
• Documenting a nonconformity
• Auditing Preventive Action
• Auditor code of conduct and ethics

The above mentioned guidance papers and presentations on various QMS auditing topics are very useful for auditors for adding value to their audit. These guidance papers and presentations can be downloaded from the website of International Accreditation Forum.

Training of internal auditor must be a regular process

Internal audits require a staff that is well trained in auditing techniques and knowledgeable in effective, improvement and cost reduction methods to provide value added results. Most organizations, implementing ISO 9001:2008 QMS Standard and also certified to ISO 9001:2008 QMS Standards, use organization’s internal auditors who do internal audits on an as needed basis. Training and conducting audits is such a small amount of their job that they never have time to tune and improve their audit skills. Employees often get promotions, get busier, or may even leave the organization. All of these circumstances cause organization to be in a constant internal auditor training mode, leading to ineffective audits costing huge amount of money each year, which normally are not resulting in a positive ROI. Experienced, trained staff when conduct audits for a living, they must be well trained, and very knowledgeable about improvement methods and techniques. They should undergo training each year on regular basis to ensure they continue to improve their knowledge and skills. Every audit they conduct must result in opportunities for improvements and/or preventive actions, which will reduce risks, increase customer satisfaction, reduce costs, improve product and service quality, and much more. Training of internal auditor must be a regular process in an organization implementing ISO 9001:2008 QMS Standard.

Courtesy:
- Reference Guide to ISO 9000 Certification, K. R. Singhal, 2000
- Implementing ISO 9001:2000 Quality Management System – A Reference Guide, Divya Singhal and K. R. Singhal, PHI Learning Private Limited, New Delhi, 2008
- ISO Website
- IAF Website
- IRCA Website
- Website - http://allaboutquality.net
- Group discussion at http://www.linkedin.com

Authors' Note: Suggestions to improve the article is invited. Thanks.

Need to look afresh on ‘quality’

2011-09-28T22:46:00.000-07:00

We have seen various quality improvement concepts – Six Sigma, TQM, 5-S, ISO 9001, ISO 9004, JIT, Zero defect, TPM, …. and so on. All these concepts have played a major and relevant role in improving the quality of a product (including service). In recent years we have also witnessed a number of standards, such as, ISO 14001 EMS, OHSAS 18001, SA8000, ISO 50001 EnMS, ISO 26000 SR, ISO 22000, ISO/IEC 27000 ISMS, being implemented by organizations.

Many quality gurus had defined the concept ‘quality’ in the previous millennium, i.e. in the 1900s. You may see the definitions written by Philip Crosby, Walter A Shewhart, Joseph M Juran, W Edwards Deming, A V Feigenbaum and many other quality gurus, most of those definitions are more than fifty years old, when organizations were not asked to comply requirements related with environment, social responsibility, energy, health, safety, information security etc.

ISO 9000:2005, an international standard on ‘Quality management systems – Fundamentals and vocabulary’ defines ‘quality’ as ‘degree to which a set of inherent characteristics fulfills requirements.’

It is now time to rethink with a focus on a return to the basics of quality and sound business management. Please re-examine the basics of quality and derive a new definition of ‘quality’ that remains for more than a decade. ‘Quality’ needs a definition afresh looking to the following:
- Fulfilling requirements
- Cost
- Effectiveness
- Environmental protection and performance
- Impact on society
- Human rights
- International norms of behaviour
- Risk
- Health
- Safety
- Energy efficiency
- Security
- Success (of the product/service, organization and user)

My new definition on QUALITY - I define quality as “a degree to which the product has a set of inherent distinguishing features (existing in the product as a permanent characteristics) that fulfill implied requirements of the product and also stated and obligatory (statutory and regulatory) requirements including customer requirements and those requirements: that protect and save environment, that have affordable cost for the customer, that has positive impact on society, that respect human rights, that respect international norms of behaviour, that safeguard health and safety, that conserve energy and that maintain security requirements so as to achieve and enhance satisfaction and success of the organization and its customer.”
Note –
1. Product also means service.
2. The term ‘quality’ can be used with adjectives.
© September 2011 - Keshav Ram Singhal, Ajmer, India.

I posted my above new definition on ‘quality’ for discussion with quality professional fraternity in some groups at linkedin.com (a social site of professionals) and I am overwhelmed with some reactions from a few professionals that are as under:

- John Outram, an associate at Qualimpex Inc. Canada says, “You should submit your new definition for quality to TC 176 though your National Committee.” (in Management Systems Professionals and Users group)
- Issoufou Trare, a consultant in Senegal, says, “I like this definition. But the very important challenge is to transform it to reality in numerous companies. Thanks for this fresh look.” (in Management Systems Professionals and Users group)
- Peddina Satyanarayana, Assistant General Manager at Steel Authority of India Ltd, Rourkela Steel Plant, says, “If any organization transforms KRS definition in to reality, the organization can continue to be at top. Quality is inner beauty with conformance to the requirements of customer.” John Outram liked the comment made by Peddina Satyanarayana.
- Ms. Cathleen N (National Director of Quality Assurance at Garda, Ottawa, Canada) and Ms. Farjana Ahmed (QMS Executive at ACME Laboratories Ltd., Bangladesh) have liked the discussion.

What do you think? Will you help me in defining quality with a new look by supporting my new definition or suggesting some improvement?

With best wishes,

Keshav Ram Singhal

ISO 19011:2011

2011-09-22T21:09:00.000-07:00

ISO 19011:2011 – Guidelines for auditing management systems – Expected to be published soon

Keshav Ram Singhal (Email - krsinghal@rediffmail.com)

International Organization for Standardization released ISO/FDIS 19011:2011 – Guidelines for auditing management systems in July 2011 to ISO members. It is expected that international standard ISO 19011:2011 will be published in October 2011.

ISO 19011:2002 is the current auditing standard that provides guidelines for auditing quality and/or environmental management system. This standard was long due for revision and since the initial publication of ISO 190011 in 2002 a number of new management system standards have been published. This has resulted in a need to consider a broader scope of management system auditing as well as providing guidance that is more generic. This is now reflected in ISO 19011:2011 that has the revised title “Guidelines for auditing management systems” instead of “Guidelines for auditing quality and/or environmental management systems” as mentioned in the existing standard ISO 19011:2002. ISO 19011:2011 will be useful for auditing any management system and also it will be useful for auditing integrated management as it will –
- Provide guidance on auditing all types of management systems, and
- Facilitate combined (integrated) audit of two or more management systems implemented by an organization.

ISO 19011:2011 will provide guidance for all users, including small and medium sized organizations and will concentrates on what are commonly termed internal (first party) and second party audits as often conducted by customers on their suppliers.
International Organization for Standardization (ISO) has already published ISO 17021:2011, a standard for conformity assessment that provides requirements for bodies providing audit and certification of management systems. After publication of ISO 19011:2011, there will be two relevant standards –
- ISO 17021:2011, Conformity assessment – Requirements for bodies providing audit and certification of management systems
- ISO 19011:2011, Guidelines for auditing management systems

The publication of ISO 19011:2011 will provide auditors, organizations implementing management systems and organizations (including certification bodies) needing to conduct audits of management systems an opportunity to re-assess their own practices and identify improvement opportunities in conducting audits.

What are the changes within ISO 19011:2011?

ISO 19011 is being revised to provide persons involved in management system auditing with good audit practice guidance relevant to the present environment. Presently there are many organizations implement management system covering multiple disciplines, for example quality (ISO 9001), environment (ISO 14001), occupational health and safety (OHSAS 18001) and information security (ISO 27000) etc.
The Principles of auditing on which the guidance is based are being revised and expanded to include the new auditing principle of ‘Confidentiality – security of information’. This will be a principle that will require auditors to be prudent in the use and protection of information acquired in the course of their duties during auditing management systems..

The main body of ISO 19011:2011 will set out good practice for Managing an Audit Programme and Performing an Audit. It will update to reflect current thinking and in parts expanded significantly. These sections will provide detailed guidance; intended to be used flexibly according to the size, level of maturity of an organization’s management system, the nature and complexity of the organization to be audited. The concept of risk in auditing is being introduced. Some guidance will be provided on combined audits, where two or more management systems of different disciplines are audited together (for example QMS and EMS, EMS and OHSAS, QMS and OHSAS). Also, the use of technology in remote auditing will be acknowledged.
Changes are being introduced in the guidance on Competence and evaluation of auditors. ISO 19011:2011 will address auditing management system covering multiple disciplines some of these may be wide ranging. The significant changes include:

- ISO 19011:2011 will identify that necessary auditor competence comprises generic knowledge and skills of management systems, plus discipline specific (for example, QMS) and sector specific (for example, aerospace) knowledge and skills. Annex A (informative) of the standard will provide examples of discipline-specific knowledge and skills of auditors, including:
- Transportation safety management
- Environmental management
- Quality management
- Records management
- Resilience, security, preparedness and continuity management
- Information security
- Occupational health and safety

ISO 19011:2011 will not include guidance on sector specific knowledge and skills of auditor. These may be developed later and published separately by the International Organization for Standardization (ISO).

The existing standard ISO 19011:2002 provides guidance on education, work experience, auditor training and audit experience that contribute to development of the knowledge and skills needed to perform audits and lead audit teams. ISO 19011:2011 will also provide guidance on knowledge and skills of management system auditors and an audit team leader but it will not make reference to auditors having completed education, work experience, auditor training and audit experience. This change will recognize that education, work experience, training and audit experience are enablers to competence, which ISO 19001:2011 and ISO 17021:2011 define as ‘ability to apply knowledge and skills to achieve intended results’. ISO 19011:2011 will recognize evaluation of competence needs, which may be carried out in a variety of ways, for example a combination of testing and examination, interview and observed audits.

1. Scope – There will be no significant changes.

2. Informative references – There will be no previous reference to terms and definitions given in ISO 9000 (QMS) and ISO 14050 (EMS).

3. Terms and definitions – New definitions for Observer, Guide and Risk are being introduced. The term risk will be used in ISO 19011:2011 in context of “risk-based auditing” and also “audit programme risks”. The definition of competence is being revised and although the change in wording appears slight it will require organizations to determine competence to achieve intended results. The starting point for which will be to define the intended results for the various activities involved in managing an audit programme and performing audits. This change will be consistent with ISO 17021:2011, a standard on conformity assessment.

4. Principles of auditing – There will be six principles in ISO 19011:2011 instead of five in ISO 19011:2002. Principles (a) – (d) will relate to auditors and the person managing the audit programme. Principles (e) and (f) will relate to the audit.

(a) Integrity – The principle of integrity will replace and expand the principle of ethical conduct mentioned in ISO 19011:2002. The principle of integrity is the foundation of professionalism.

(b) Fair presentation – There will be minor expansion that will include the obligation to report truthfully and accurately.

(c) Due professional care – the application of diligence and judgement in auditing. ‘Having the necessary competence is an important factor’ (in ISO 19011:2002) will be replaced with ‘An important factor in carrying out their work with due professional care is having the ability to make reasoned judgement in all audit situations’ in ISO 19011:2011.

(d) Confidentiality – security of information. It will be a new auditing principle, which will address the need for auditors to exercise discretion in the use and protection of information acquired in the course of their duties. The principle will refer to inappropriate use of such information for personal gain or in a manner detrimental to the legitimate interests of the auditee.

(e) Independence – the basis for the impartiality of the audit and objectivity of audit conclusions. ISO 19011:2011 will provide more specific guidance on the extent of independence that needs to be achieved, whilst recognizing that in small organizations it may be difficult for internal auditors to be fully independent. ISO 19011:2011 will refer to internal auditors being independent from the operating managers of the function being audited. ISO 19011:2011 will reflect the interpretation of independence that certification bodies generally apply.

(f) Evidence-based approach –There will be minor rewording in ISO 19011:2011 that will include the rational method for reaching reliable and reproducible audit conclusions in a systematic way.

5. Managing an audit programme – In this section ISO 19011:2011 will have considerable revision. The language of guidelines in this section will be easy to understand. There will be more clarity. Managing an audit programme guidelines will be structured in the following clauses:

5.1 - General

5.2 – Establishing the audit programme objectives

5.3 – Establishing the audit programme

5.4 – Implementing the audit programme

5.5 – Monitoring the audit programme

5.6 – Reviewing and improving the audit programme

5.1 General – This clause of the ISO 19011:2011 will recognize that an organization may implement a number of management system standards. Where the existing issue of ISO 19011:2002 refers to an organization establishing one or more audit programmes, ISO 19011:2011 will refer to an audit programme that can include audits considering one or more management system standards. Practically there will be little difference.

In this clause 5.1 of ISO 19011:2011 there will be guidance to allocate audit resources to audit those matters of significance within the management system. This concept is known as risk-based auditing.

5.2 Establishing the audit programme objectives – Title of this clause is being revised and also guidelines for structuring the content to follow the process flow guidance on the extent of an audit programme is being transferred to section 5.3.3.

5.3 Establishing the audit programme – ISO 19011:2002 states the title ‘Audit programme responsibilities, resources and procedures’ and this is being revised as new title ‘Establishing the audit programme.’. New to this issue is guidance on ‘Competence of the person managing the audit programme’. ISO 19011:2011 will add new guidance on ‘Identifying and evaluating audit programme risks’.

5.4 Implementing the audit programme – ISO 19011:2011 will provide more extensive guidance.

There will be sub-clause ‘Define the objectives, scope and criteria for an individual audit’. The sub-clause guidelines will identify that each audit should have a clear objective. This section will also highlight issues to consider when two or more management systems of different disciplines are audited together.
There will be a new sub-section ‘Selecting the audit methods’ and additional guidance on this issue will be provided in Annex B of ISO 19011.

Other sub-clauses will include: Selecting the audit team members, Assigning responsibilities for an individual audit to the team leader, Managing the audit programme outcome, Managing and maintaining audit programme records

In short we can conclude that section 5.4 of ISO 19011:2002 is being revised to provide comprehensive guidance to what was previously a list of headline topics that needed to be addressed when implementing the audit programme. Section 5.5 of ISO 19011:2002 – Audit programme records will be part of section 5.4

5.5 – Monitoring the audit programme and 5.5 – Reviewing and improving the audit programme - These two sections will replace what is stated in ISO 19011:2002 in clause 5.6 – Audit programme monitoring and reviewing. There will be minor expansion and reference to consider, such as, evaluate the performance of audit team members, consider as part of a review, alternative or new auditing methods, review the effectiveness of the measures to address the risks associated with the audit programme, review confidentiality and information security issues relating to the programme

6. Performing an audit – The clause title in ISO 19011:2002 is ‘Audit activities’ which is being revised. In this clause of ISO 19011:2011 you will find improved guidance. The section will be structured to follow the audit process flow, as under:

6.1 General

6.2 Initiating the audit

6.3 Preparing audit activities

6.4 Conducting the audit activities

6.5 Preparing and distributing the audit report

6.6 Completing the audit

6.7 Conducting audit follow-up

There will be few changes in the guidelines in ISO 19011:2011.

7. Competence and evaluation of auditors – Some significant changes are being introduced in ISO 19011:2011. The new standard will address auditing management system covering multiple disciplines. New guidance will include: Determining auditor competence to fulfill the needs of the audit programme, Personal behaviour, Knowledge and skills. The clause ‘Knowledge and skills’ will comprise: Generic knowledge and skills of management system auditors, Discipline and sector specific knowledge and skills of management system auditor. ISO 19011:2002 provides guidance for quality management system and/or environmental management system auditors, each having its own section providing guidance on auditor knowledge and skill requirements. In ISO 19011:2011 these two sections of ISO 19011:2002 will be replaced by one that will identify knowledge and skills that need to be applied to all management systems, for example, knowledge of: Legal requirements relevant to the specific discipline, fundamentals of the discipline and the application of business and technical discipline-specific methods, techniques, processes and practices sufficient to enable the auditor to examine the management system and generate appropriate audit findings and conclusions, risk management principles, methods and techniques relevant to the discipline and sector to enable the auditor to evaluate and control the risks associated with the audit programme.

ISO 19011:2011 Annex A will provide guidance on discipline-specific knowledge and skills of auditors for: Transportation safety management, Environmental management, Quality management, Records management, Resilience, security, preparedness and continuity management, Information security, Occupational health and safety.

ISO 19011:2011 will provide guidance on Generic knowledge and skills of an audit team leader, that will include knowledge and skills to: balance the strengths and weaknesses of the individual audit team members, develop a harmonious working relationship among the audit team members, manage the uncertainty of achieving audit objectives

ISO 19011:2011 will provide guidance on knowledge and skills for auditing management systems addressing multiple disciplines, achieving auditor competence.

Clause 7.6 of ISO 19011:2002 provides guidance on auditor evaluation, having sub-clauses, 7.6.1 – General and 7.6.2 – Evaluation process. ISO 19011:2011 will provide more clear guidance on auditor evaluation specifying guidance on establishing the auditor evaluation criteria, selecting the appropriate auditor evaluation method, conducting auditor evaluation, maintaining and improving auditor competence.

Thus we will find ISO 19011:2011 as a useful guidance document that will enable auditors to have more clear guidelines on auditing any management systems. The whole process of revising and preparing ISO 19011:2011 is under auspices of the ISO Joint Technical Co-ordination Group and administered by the ISO Technical Committee ISO/TC 176, ISO subcommittee ISO/TC 176/SC3 and also included interested parties for example ISO/TC 207, ISO/TC 34. ISO 19011:2011 will be the second edition of ISO 19011. The second edition of ISO 19011 will cancel and replace ISO 19011:2002 upon its publication.

Additional comments - This article written before publication of ISO 19011:2011. Please note that International Organization for Standardization (ISO) has published ISO 19011:2011 standard on 11 November 2011.

Courtesy:
- ISO Website
- ISO 19011:2002
- ISO/FDIS 19011:2011
- IRCA Website

Top management role for quality policy

2011-09-16T00:24:00.000-07:00

Article for review – Comments and suggestions invited

Quality policy is an important aspect of quality management implementation in an organization. According to BuisnessDictionary.com, Quality Policy is top management's expression of its intentions, direction, and aims regarding quality of its products and processes.

Quality policy means what is the overall intention and direction within an organization related to quality.1

A reader asked us about signing of Quality Policy. We add a counter question - Is it really needed to sign a quality policy? If you go through the requirements you will notice that ISO 9001:2008 QMS Standard does not mention any requirements about signing of the quality policy.

Clause 5.3 of ISO 9001:2008 QMS Standard mentions requirements for quality policy to be ensured by the top management of the organization.
Here two important related phrases are required to understand – (i) Top Management, and (ii) Quality policy.

Top management is defined as ‘person or group of people who directs and control an organization at the highest level’ and a quality policy is defined as ‘overall intentions and direction of an organization related to quality as formally expressed by top management.’

On perusal of the documentation requirements as mentioned in clause 4.2.1 of ISO 9001:2008 QMS Standard, it is observed that a documented statement of a quality policy is a part of the ISO 9001:2008 QMS documentation, so what is further required (in addition to the above) with regard to quality policy is that as a document it must be duly approved for adequacy prior to issue as per organization’s documented procedure for control of documents. In this regard, the requirements mentioned in clause 4.2.3 are relevant.

The Standard requires the top management to ensure the following2:
- Quality policy is appropriate to the purpose of the organization
- Quality policy includes a commitment to comply with requirements and continually improve the effectiveness of the quality management system
- Quality policy provides a framework for establishing and reviewing quality objectives
- Quality policy is communicated and understood within the organization
- Quality policy is reviewed for continuing suitability

Quality policy may be communicated by issuing a documented statement of quality policy, which is approved for adequacy prior to issue as per organization’s documented procedure on ‘control of documents’.

Top management is required to ensure such a quality policy that is appropriate to the purpose of the organization, that includes a commitment to comply with requirements and continually improve the effectiveness of the quality management system, and that provides a framework for establishing and reviewing quality objectives. The top management must ensure those activities that improve communication and understanding of quality policy within the organization. In most organizations, QMS documentation (including quality policy statement) are generally developed by a team of people and then approved for adequacy prior to issue. Here it is immaterial who signs the quality policy or the quality policy is signed or unsigned. Even a quality policy verbally expressed by the top management in a meeting with staff or board of directors or annual general meeting may be termed as formally expressed overall intentions and direction of the organization related to quality by the top management.

Where a duly approved ‘quality policy’ statement is communicated and understood within the organization, that will serve the purpose and intent of quality management system as per ISO 9001:2008 QMS Standard. So take such steps that improve internal communication and understanding of the quality policy within the organization.

(Please send your comments to divyagim@gmail.com and/or keshavsinghalajmer@gmail.com)

1. http://qiblog.blogspot.com/2011/05/what-is-quality-policy.html
2. Singhal and Singhal (2008) Implementing ISO 9001:2000 QMS: A reference Guide, Prentice Hall India

- Dr. Divya Singhal & Keshav Ram Singhal

Aligning Quality Policy and Quality Objectives

2011-08-22T19:50:00.000-07:00

Article for review – Comments and suggestions invited

ISO 9001:2008 QMS Standard mentions that an organization's quality policy must provide a framework for establishing and reviewing the company's quality objectives. The quality policy should give an overall direction for the organization, and its quality objectives should flow in that direction. The top management of the organization needs to establish quality objectives. Top management of the organization must ensure that quality objectives (including those needed to meet requirements for the product) are established at relevant functions and levels within the organization. The quality objectives must be measurable and consistent with the quality policy of the organization.

Clause 7.1 (a) of ISO 9001:2008 QMS Standard lays down that in planning product realization, the organization must determine quality objectives and requirements for the product. It is evident from this clause that the ISO 9001:2008 Standard now calls for objectives not only for the quality management system but also for the product. Many factors (such as changes in customer requirements, market conditions, business compulsions) may often put such situation where the organization have to think to change the policy and/or objectives, which may lead to weakening in the alignment between quality policy and quality objectives. To deal such situation continually, ISO 9001:2008 QMS standard requires that top management periodically review changes to both the policy and objectives. An organization's objectives must be measurable and its quality management system processes designed to meet those objectives.

Just after the publication of ISO 9001:2000 QMS Standard (earlier version of the standard), John E. (Jack) West (a famous quality excellence business consultant from USA) stated in an article ‘Three strategies for aligning quality policies, objectives and processes’ published in the Quality Digest (USA) that aligning the quality policy, quality objectives and QMS processes should further top management's intent with regard to quality. There's only one small, potential difficulty: ISO 9001 standard doesn't address aligning the quality policy and objectives with other business goals. Here it is important to mention that organization's overall business goals, quality objectives and quality policy are all interrelated and must work together to achieve business improvement. The purpose of quality management system is to create such management system where an organization is able to consistently provide product that meet customer and applicable legal requirements with aim to enhance customer satisfaction.

Clause 5.4.2 of ISO 9001:2008 QMS standard requires that an organization plan its quality management system to meet both the quality objectives and the general requirements of quality management system as mentioned in clause 4.1. Here it is important to note that clause 4.1 of ISO 9001:2008 QMS standard requires an organization to determine its quality management system processes and their application. The organization also needs to determine how processes interact, determine the criteria and methods needed for effectively operating and controlling the processes, and provide the resources to do so. The organization needs to monitor and, where applicable, measure the processes. And this information must also be analyzed to determine further actions needed to achieve planned results and improvement.

On the basis of the requirements mentioned in clause 5.4.1, some people may think that establishing quality objectives at relevant functions and levels within the organization is a one-time activity; however it is now clear that such thinking opposes the intent of the quality management system. There is also a need to integrate continual improvement activities in the quality management system. ISO 9001:2008 QMS standard requires continually improve the effectiveness of the quality management system through the use of the quality policy, objectives, audit results, data analysis, corrective and preventive actions, and management review. Accordingly, there is a need to continually review alignment between the quality policy and quality objectives and take necessary steps.

- Divya Singhal and Keshav Ram Singhal

(Please send your comments to divyagim@gmail.com and keshavsinghalajmer@gmail.com)

हिंदी में आईएसओ ९००१ गुणवत्ता प्रबंध प्रणाली पर जानकारी वाला पहला ब्लॉग

2011-08-09T03:24:00.000-07:00

Please see the link
http://iso9001awareness.blogspot.com/

Thanks,

Keshav Ram Singhal

Control of documents and control of records

2011-06-19T07:44:00.000-07:00

Dr. Divya Singhal and Keshav Ram Singhal

First, it is necessary to understand the difference between records and documents. A document provides information in written, printed, or electronic form. A record relates to an activity or transaction that has happened in the past; it is a record of history. A record can consist of one or more documents, which all relate to a single event in time. The difference between a document and a record is that a document can change over time, while a record should not change.

Clause 4.2.3 of ISO 9001:2008 QMS Standard deals with control of documents, and clause 4.2.4 deals with control of records. Now we give below details regarding control of documents and control of records.

Control of documents

All documents required by the quality management system of the organization need to be controlled. Records are also required to be controlled as per requirements mentioned in clause 4.2.4 of the ISO 9001:2008 standard. This is separately addressed in this article under the heading „Control of records‟. For control of documents, a procedure is required to be documented. The documented procedure needs to define the controls needed:

- To approve documents for adequacy prior to issue
- To review and update as necessary and re-approve documents
- To ensure that changes and the current revision status of documents are identified
- To ensure that relevant versions of applicable documents are available at points of use
- To ensure that documents remain legible (clearly readable) and readily identifiable
- To ensure that documents of external origins are determined (which are necessary for the planning and operation of the quality management system)
- To ensure that distribution of determined external origin documents are controlled
- To prevent the unintended use of obsolete documents
- To apply suitable identification to obsolete documents if they retained for any purpose

Approval of document for adequacy prior to issue means that some authority (with responsibility to manage and direct quality management system affairs of the organization) has agreed the document before being made available for use (i.e. approval before the document is distributed, or published or made available to the users).

Reviewing document means another look at the document and this is a task, which should be carried out at the time following the issue of the document by the management representative or by the person, who is linked with the affairs mentioned in the document. Review of documents may be carried out randomly or periodically. Periodic review is proactive action and it is better if the management representative carries out periodic review (at least once in a year) of the issued document. If a document is updated with any change, then the same is required to be approved for adequacy prior to issue.

Changes to documents may be identified by mentioning a change record within the document that denotes the nature of change. Current revision status of document may be identified by issue number, revision number or date of the document.
To ensure that document is available at the point of use, the organization needs to establish who needs which document at what time. The document access should be available to persons who need it for better work performance. To ensure that documents remain legible and readily identifiable, it is required that contents of the documents are readable and documents can be identified easily. Document identification can be done by classification, titles or identification numbers of documents.

In order to control the distribution of external documents, the organization should establish appropriate process or mechanism for identification, classification, distribution and availability of such external documents.

Obsolete documents should not be available at the point of use. Use of obsolete documents may lead to errors, failures or hazards, which become an evidence of nonconformity. Sometime superseded or obsolete documents need to be retained by the organization for a variety of reasons (e.g. legal or reference purpose) and for this the organization must have a method of identifying the status of such documents to prevent their accidental use in place of current documents. In practice, organizations put stamp as „OBSOLETE DOCUMENT‟ in red ink on the face of the obsolete document.

For effective document control, following points should also be taken due care:

- The documents (manual, procedures, and work-instructions) should be written as a value-added proposition, not only as required step in the compliance process of the ISO 9001:2008 standard.
- The documents style, format, vocabulary and language should be easy to understand.
- The process owners should be included in writing relevant procedures or in reviewing the documents. Make sure that the people who use the document are involved in writing and reviewing them.
- The change (revision of documentation) process should be accessible to the people most affected by document inadequacies.
- Developing an effective value-added controlled document requires planning and regular monitoring.
- Write processes as they exist.
- Developing reliable and consistent process execution is critical for effective production planning.
- Make sure that documents are available at the point of use. Providing electronic access to documents at the point of use may be one good solution.
- Manage document changes efficiently.
- Documents should be reviewed regularly for accuracy. Failing to review documents for accuracy is one of the bigger mistakes organization does.
- Keep documents content current and accurate.

Control of records

Records established must be controlled. The purpose to maintain records is to provide evidence of conformity to requirements and of the effective operation of the quality management system. Records must remain:
- Legible
- Readily identifiable
- Retrievable

For control of records, a procedure is required to be documented. The documented procedure needs to define the controls needed for the:
- Identification of records
- Storage of records
- Protection of records
- Retrievable of records
- Retention of records
- Disposition of records

Why managing and controlling records necessary? Records exist in every organization. Records provide with information to help people to manage processes of the organization effectively. Records are the evidence of the past performance. Records provide with information of results achieved or evidence of activities performed.

Appropriate ways to control records include indexing, filing, proper keeping so that the risk of deterioration, damage or loss of record is minimized. It is better to decide who will have access to which records and how readily available and identifiable. Proper indexing, filing and safe keeping facilitate retrieval of records. It is better that records are not destroyed or disposed of before the end of their usefulness. While deciding the retention time of a particular record, also look into the legal requirements in this regard, so as to avoid forthcoming problems. Control on disposition of records should ensure that records are not destroyed prior authorization and organization should specify the method of disposal.

Records serve three purposes: (i) Records provide evidence of conformity with the requirements of the ISO 9001:2008 standard, (ii) Records demonstrate that the organization has an effective quality management system, and (iii) Records document continual improvement.

DS & KRS

Small changes having opportunities for improvement

2010-07-13T20:24:00.000-07:00

Article for review – Comments and suggestions invited

Transition to ISO 9001:2008 QMS – Small changes having opportunities for improvement
Dr. Divya Singhal
and
Keshav Ram Singhal

ISO 9001 QMS standard has been popular among organizations all over the world during the last two decades. ISO 9000 QMS family standards were first published in 1987 and thereafter there was a revision in 1994. In the year 2000, there had been a major revision in the QMS standards and revised ‘ISO 9001:2000, Quality management systems – Requirements’ standard was published on 15 December 2000. On 15 November 2008, fourth edition – ISO 9001:2008 has been issued and published. Changes in the revised standard, ISO 9001:2008, are mostly editorial giving more clarity to the right interpretation of requirements. Users, such as organizations implementing ISO 9001 QMS, QMS auditors, etc., will find the new standard useful for right interpretation of standard’s requirements.

On careful reading of the revised ISO 9001:2008 standard and the earlier ISO 9001:2000 standard, we find that both standards used same numbering system to organize the standard and also there is no change in the intent, but the meaning is more clarified by the revision. On reading the standard at the macro level, we find no new requirements, but reading the same at micro-level, we find changes to the wording of a few clauses and additions of notes at the end of requirements. As such, organizations have opportunity to review their quality management system and to check the need for any change. Although the changes in the standard are small, but changes to the wording of the clauses (without adding any new requirements) provide great opportunity for organizations to review their quality management system for its better effectiveness.

We may apply three approaches to the revision. First, there are no new requirements in ISO 9001:2008 standard, so we do not need to do anything or change the documentation. Second, we will look to the changes in ISO 9001:2008 and compare our quality management system whether we need any revision or modification in QMS documentation to remain in compliance with the new standard. Third, we have a big opportunity and we must critically review our quality management system and thus make improvements. The first approach is incorrect or sleepy approach, second one can be termed as minimalist approach, an approach that only to revise quality management system documentation and other efforts. The third approach is a proactive approach that provides real benefits. So, we need to have a proactive approach.

Objective of ISO 9001:2008 standard is to provide consistent and conforming product. Clause 1.1 mentions scope of the standard on the basis of a performance-based objective that ISO 9001:2008 standard specifies quality management system requirements to:
• demonstrate ability to consistently provide product that meets customer and applicable legal (= statutory and regulatory) requirements, and
• enhance customer satisfaction

What are we looking for, while implementing ISO 9001:2008 standard? We must look to the evidence how we are planning our management system to meet the (i) customers requirements, (ii) applicable legal requirements, (iii) standard’s requirements, and (iv) any additional requirements determined in the organization’s quality manual. It is always better to concentrate on the processes, not more on documents. Think cause and effect of every process employed in the organization. Look at the results for which we should critically review system effectiveness and apply PDCA (Plan-do-check-act) approach. If this approach is applied by the internal auditors during their internal audit process then this proactive approach will bring good results for improvement.

There have been three objectives of the revision (i.e., development of ISO 9001:2008 standard):
• to improve the existing standard (i.e., ISO 9001:2000),
• to provide more clarity to the interpretation to requirements to enable ease of use, and
• to improve compatibility with ISO 14001:2004 standard

Now a few important points related to the changes are as under:

1. Clause 0.1 (introduction – general) now refers to organizational environment, changes in that environment and associated risks. Here is an opportunity to the user to check to ensure that the quality management system continues to be relevant to the changing business environment in which the organization is operating.
2. Clause 0.1 (introduction – general) confirms that the intent of the standard is not to imply uniformity in the structure of the QMS or uniformity of documentation. Here is an opportunity to the user to become the owner of its quality management system and its documentation.
3. Clause 0.1 (introduction – general) mentions meeting applicable statutory and regulatory requirements. Here is an opportunity to the user to determine which statutory and regulatory requirements are applicable to the quality management system of the organization.
4. Editorial change and text added to clause 0.2 (process approach) emphasizes the importance of processes of being capable of achieving desired outcome. Here is an opportunity to the user to apply process approach in achieving consistent and conforming product and review whether the system is producing desired results. In case answer to the review come in negative then the user has an opportunity to look at the why and what needs to be changed.
5. Clause 0.3 (relationship with ISO 9004) speaks about the relationship with ISO 9004. New ISO 9004:2009 standard has also been published, as such there is an opportunity to the user to read the latest version of ISO 9004 and get a sense how it might apply to its quality management system to manage the sustained success.
6. Some editorial changes to clause 0.4 (compatibility with other management systems) have introduced for the better alignment with other management systems. Here is an opportunity to the user to think for an integrated approach, if implementing other management systems (such as ISO 14001 EMS, OHSAS etc).
7. Clause 1.1 (scope – general) re-emphasizes that the objective of the quality management system should be to provide confidence in the organization’s ability to consistently provide conforming product (product that meet customer and applicable legal requirements). Here is an opportunity to the user to always keep in mind the objective mentioned in clause 1.1.
8. Throughout the new standard (ISO 9001:2008), the text has been modified to address statutory and regulatory requirements (which can be expressed as legal requirements as per note 2 added to clause 1.1). Here is an opportunity to the user to ensure to think what legal requirements are applicable to the organization.
9. Note 1 in clause 1.1 (scope – general) clarifies that the term ‘product’ refers to any intended output resulting from the product realization processes. Here is an opportunity to the user to ensure that organization’s system addresses the requirements of purchased product, intermediate product (resulting from different realization processes) and the final product. This will help eliminate nonconforming product during realization process.
10. Clause 1.1 (scope – general) reminds to think the scope of the organization’s quality management system and application of ISO 9001:2008 requirements in the organization. Here is an opportunity to the user to check and make sure that the requirements of the standard are properly applied and exclusions to any requirements have valid reasons.
11. Clause 1.2 (application) has been edited by adding statutory to applicable regulatory requirements. Here is an opportunity to the user to think the exclusions that do not affect resulting product meeting customer and applicable statutory and regulatory requirements.
12. Clause 2 (normative reference) now refers to ISO 9000:2005 standard as a normative reference document. Here is an opportunity to the user to consult quality management principles and terminology given in ISO 9000:2005 standard to understand the requirements of ISO 9001:2008 standard more clearly.
13. Clause 3 (terms and definitions) refers to ISO 9000 for terms and definitions and also confirms that the term ‘product’ also mean ‘service’.
14. Note 1 to clause 4.1 (QMS – general requirements) clarifies that the processes needed for the quality management system include processes for management activities, provision of resources, product realization, measurement, analysis and improvement. Processes for analysis and improvement have been added in the note of the revised standard (although necessary earlier also in clause 8 requirements), as such there is an opportunity to the user to check and make sure to manage analysis and improvement processes along with other processes.
15. Clause 4.1 (e) now clarifies that measurement process may not be applicable in all cases, however monitoring all processes being necessary. Here is an opportunity to the user to re-evaluate the need for measurement.
16. Notes have been added to clause 4.1 (QMS – general requirements) that explain more about outsourcing – (i) meaning of ‘outsourced process’, (ii) responsibility of conformity, and (iii) ensuring control to outsourced process. Here is an opportunity to the user to review and define the type and extent of control to be applied to the outsourced process.
17. Note to clause 4.2.1 (QMS – documentation requirements – general) now clarifies that a single document may address the requirements for one or more procedures. Also, a requirement (of ISO 9001:2008 standard) may be covered by more than one document. Accordingly, here is an opportunity to the user to re-evaluate quality management system documentation. The user may choose to address, for example, - (i) ‘Control of document’ and ‘control of records’ in a single procedure, provided that the procedure covers all requirements of clause 4.2.3 and 4.2.4, and (ii) ‘control of nonconforming product’, ‘corrective action’ and ‘preventive action’ in a single procedure , provided that the procedure covers all requirements of clause 8.3, 8.5.2 and 8.5.3.
18. Clause 4.2.1 (c) and (d) include records as a type of documentation required for the quality management system. Here is an opportunity to the user to re-evaluate the need for any new records to ensure effective planning, operation and control of processes.
19. Clause 4.2.3 (control of documents) explains that external origin documents determined by the organization are identified and their distribution controlled. Hence, distribution control not required to all external documents that are used in the organization. Here is an opportunity to the user to be flexible in controlling documents of external origin.
20. Sequence of clause 4.2.4 (control of records) has been changed for more clarity and better alignment with ISO 14001 EMS standard. There is no change in requirements of this clause, however, here is an opportunity to the user to achieve better integration of records generated by quality management system, environmental management system and other management systems (such as OHSAS 18001).
21. No change in the requirements of clause 5.1 (management commitment), clause 5.2 (customer focus), clause 5.3 (quality policy) and clause 5.4 (Planning).
22. Clause 5.5.2 (management representative) clarifies that the management representative has to be a member of organization’s management. Where an organization has appointed outside part-time personnel (such as consultant) as management representative, there is an opportunity to the user to remove such personnel as management representative and appoint organization’s own management member as management representative to take the ownership of the quality management system of the organization.
23. There is no change in the requirements of clause 5.6 (management review).
24. There is no change in the requirements of clause 6.1 (provision of resources).
25. There is editorial change in clause 6.2.1 and addition of a new note, which clarifies that competence requirements relate to personnel whose work directly affects conformity to product requirements and also where it indirectly affects conformity to product requirements. If an organization has limited its attention to competence requirements for personnel directly involved in production (or service delivery) processes, then there is an opportunity to the user to assess competence requirements for personnel involved in other activities (such as purchasing, supplier evaluation, internal audit etc.).
26. In clause 6.2.2 (competence, training and awareness), there is change in sequence of the title to bring the title in line with the similar clause in ISO 14001 EMS standard.
27. There is no new requirement in clause 6.3 (infrastructure), however this clause has now recognized information technology as an example of infrastructure, so there is an opportunity to the user to review dependence on information technology and its maintenance.
28. Although there is addition of a new note to clause 6.4 (work environment) that explains the term ‘work environment’, but this does not change any requirements of this clause. However, there is an opportunity to the user to consider the conditions under which work is performed.
29. Clause 7.1 (planning of product realization) has been reframed being editorial change and there is an addition of the word ‘measurement’, accordingly, there is an opportunity to the user during product realization planning to think and determine measurement activities to ensure proper control.
30. Requirements in clause 7.2.1 (determination of requirements related to the product) have been slightly reworded and a new note has been added that clarifies the post delivery activities to include actions under warranty provisions, contractual obligations (such as maintenance services) and supplementary services (such as recycling or final disposal). Here is an opportunity to the user to think about post delivery activities that can enhance customer satisfaction.
31. There is no change in the requirements of clause 7.2.2 (review of requirements related to the product).
32. There is no change in the requirements of clause 7.2.3 (customer communication).
33. A note has been added to clause 7.3.1 (design and development planning) explaining that design and development review, verification and validation have distinct purposes. As such, they may be conducted and recorded separately or in any combination as suitable for the product and the organization. Here is an opportunity to the user to have flexibility in addressing design and development review, verification and validation. For complex design and development process, distinct activities for review, verification and validation are recommended and for simple design and development process, all activities for review, verification and validation may be carried out at the same time.
34. There is editorial change in the wording of the requirements in clause 7.3.2 (design and development inputs), however there is no change in the requirements.
35. There are editorial changes in clause 7.3.3 (design and development outputs) and also a new note has been added explaining that design and development output can include details for the preservation of products. Here is an opportunity to the user to look to design outputs that addresses product packaging and handling information.
36. There is no change in the requirements of clause 7.3.4 (design and development review).
37. There is no change in the requirements of clause 7.3.5 (design and development verification).
38. There is no change in the requirements of clause 7.3.6 (design and development validation).
39. There is no change in the requirements of clause 7.3.7 (design and development changes), no text change, however Paras now merged.
40. There is no change in the requirements of clause 7.4 (purchasing).
41. There are editorial changes in clause 7.5.1 (control of production and service provision) that the word ‘equipment’ has been used instead of ‘devices’ and the word ‘product’ has been added prior to the word ‘release’. Hence, there are no changes in the requirements of this clause.
42. There are editorial changes in clause 7.5.2 (validation of processes for production and service provision), however no changes in the requirements of this clause.
43. The wording in clause 7.5.3 (identification and traceability) has been changed to clarify that identification may be needed throughout the product realization process – not only for the final product. Here is an opportunity to the user to identify the product by suitable means throughout product realization process.
44. There are editorial changes in clause 7.5.4 (customer property) and a new note has been added to this clause explaining that both intellectual property and personal data of the customer are customer property. Here is an opportunity to the user to also think and take care with the intellectual property and personal data of the customer.
45. The wording in clause 7.5.5 (preservation of product) has been changed to clarify the requirements in a better way; however there is no change in requirements of this clause.
46. There are a number of minor editorial changes in clause 7.6 (control of monitoring and measuring equipment), the word ‘devices’ has been replaced by ‘equipment’. An additional note has been added regarding the use of computer software that states verification and configuration management as typical methods to satisfy intended application and maintain suitability for use. The editorial changes in this clause will have no impact, however, here is an opportunity to the user to look and consider the extent to which computer software is used during monitoring and measuring activities. The user should be able to know the impact of computer software on the accuracy of results. The software should be up-to-date and suitably protected against virus, system crash etc.
47. There is minor editorial change in clause 8.1 (measurement, analysis and improvement – general), however this does not change the intent of the requirements.
48. A note has been added to clause 8.2.1 (customer satisfaction) explaining that monitoring customer perception can include input from sources such as customer satisfaction surveys, customer data on delivered product quality, user opinion surveys, lost business analysis, compliments, warranty claims and dealers report. There is no new requirement in this clause, however, here is an opportunity to the user to review the way top monitor customer perception.
49. There are editorial changes in clause 8.2.2 (internal audit) and this clause now expects management responsible for the area being audited to ensure that correction and corrective actions are addressed without undue delay as appropriate with respect to detected nonconformities. Here is an opportunity to the user to do a root cause analysis and correction of detected nonconformity without loss of time.
50. A note has been added to clause 8.2.3 (monitoring and measurement of processes), which clarifies that when deciding on appropriate monitoring and measurement methods, consider both impact on product conformity and on the effectiveness of the quality management system of the organization. Here is an opportunity to the user to look to all processes of the organization.
51. There are editorial changes in clause 8.2.4 (monitoring and measurement of product), but no new requirements.
52. There are editorial changes in clause 8.3 (control of nonconforming product), but no new requirements.
53. There are editorial changes in clause 8.4 (analysis of data), but no new requirements.
54. There is no change in the requirements of clause 8.5.1 (continual improvement).
55. Clause 8.5.2 (corrective action) now makes it clear that effectiveness of the corrective action must also be reviewed. Here is an opportunity to the user to look carefully at the corrective actions that they are achieving desired results.
56. Clause 8.5.3 (preventive action) now makes it clear that effectiveness of the preventive action must also be reviewed. Here is an opportunity to the user to look carefully at the preventive actions that they are achieving desired results.

ISO 9001:2008 Implementation Policy
International Organization for Standardization (ISO) and International Accreditation Forum (IAF) have agreed an implementation plan to ensure smooth migration of accredited certification to ISO 9001:2008, which is summarized as under:
• 15 November 2008 – date of publication of ISO 901:2008. Before this date, no accredited certificates to ISO 9001:2008 were allowed.
• On or after 15 November 2008, new certificates only after a routine surveillance or recertification audit against ISO 9001:2008.
• Up to 15 November 2009, certification and renewal to ISO 9001:2000 (old version) were permitted.
• Beginning 15 November 2009, no new certificates to ISO 9001:2000 (old version) are allowed. All audits to be conducted to ISO 9001:2008.
• From 15 November 2010, ISO 9001:2000 (old version) certificates will no longer be valid.

Transition to ISO 9001:2008
If we look to the changes in ISO 9001:2008 standard, there are no new requirements, so the transition to ISO 9001:2008 is simple, but not automatic. Organizations should take advantage of the changes to re-assess the value of their quality management system and accordingly, they should revise their quality management system documentation. Internal auditors need to be aware of the changes. They should use ISO 9001:2008 Annex B. Time is running fast, so ISO 9001:2000 certified organizations are required to act fast.

What is needed from existing internal auditor trained for ISO 9001:2000 QMS auditing?
The internal auditor should undergo a training to understand the underlying philosophy and principles, concepts and requirements of ISO 9001:2008 standard, and how to apply them within an audit context and also understand the key differences between the revised series of standards and the 2000 and 2008 versions, and understand the implications of these differences for effective auditing against the revised standard.

Do not forget
Consistent, conforming product (meeting customer and applicable statutory and regulatory requirements) and also enhancement of customer satisfaction and that should be the aim of your quality management system.

Thanks

The END ???
Learning is a process that never ends.

Publication Series प्रबंध प्रणाली बोध 'MANAGEMENT SYSTEMS AWARENESS'

2010-03-24T21:43:00.000-07:00

Please see details on publication series being published by National Centre for Quality Management, Ajmer Centre. Please click the photo attached and see details. We seek your publication support contribution. Thanks.

INCREASING THE POWER OF YOUR QMS – ACHIEVE PERFORMANCE EXCELLENCE THROUGH CONTINUAL IMPROVEMENT

2009-08-22T11:44:00.000-07:00

K. R. Singhal

Hariharan Jairam once writes in the ‘Quality World’ – “Quality! Call it a concept, an approach, a way of life, a tool for achievement or merely a word. Whatever definition you give or whatever approach you take, this subject has made people think and think in a big way.” Girdhar J. Gyani says, “Quality today has many dimensions. Gone are the days when quality was identified with product alone.” Dr. R. H. G. Rau opines, “Management of quality is not a one-shot affair. It covers all transactions. Continuous creation of value addition is possible only when we manage change; that too proactively.” Continuous creation of value addition has now become the expectation of consumers. Presently ‘constant’ quality is no longer good enough and ‘continual improvement’ is needed.

There is a need of continual improvement in the effectiveness of the quality management system because:
- ‘Continual improvement’ is needed by customers because of their changing expectations
- ‘Continual improvement’ is one of the quality management principles on which your quality management system is based
- ‘Continual improvement’ is one of the requirements of ISO 9001:2008 QMS Standard and you are required to comply with it. Organizations, implementing ISO 9001:2008 QMS, must understand that continual improvement is a must requirement of the Standard.

‘Continual improvement’ is a recurring (step-by-step) activity followed by: (i) identifying opportunities for improvement and their justification, (ii) deciding how to improve on the available resources, and (iii) implementing (carrying out) improvement.

We need to improve the effectiveness of the quality management system, but how can we do such improvement, that’s a relevant question. In this regard ISO 9001:2008 QMS Standard mentions use of quality policy, quality objectives, audit results, analysis of data, corrective and preventive actions and management review to continually improve the effectiveness of the quality management system. Clause 8.5 of the ISO 9001:2008 QMS Standard specially deals with the requirements for improvement. Continual improvement is a defined requirement of the Standard. (Clause 8.5.1)

If you wish to improve the power of your quality management system, achieve performance excellence through continual improvement.

General requirements (Clause 4.1) of ISO 9001:2008 QMS Standard stipulate that the organization must continually improve the effectiveness of its QMS in accordance with the requirements of the Standard. The Standard also stipulates to ensure top management to include a commitment to comply with requirements and continually improve the effectiveness of the quality management system. (Clause 5.3)

Clause 5.5.2 of ISO 9001:2008 stipulates responsibility and authority of the management representative to report to the top management on the performance of the quality management system and any need for improvement. The requirements for management review (Clause 5.6.1) stipulate that management review must include assessing opportunities for improvement and need for changes to the quality management system, including the quality policy and quality objectives. Review input requirements (Clause 5.6.2) include information on recommendations for improvement. Review output requirements (Clause 5.6.3) include any decisions and actions related to improvement of the following:
- the effectiveness of the quality management system,
- the effectiveness of the processes, and
- product related to customer requirements.

ISO 9001:2008 QMS Standard takes care to determine and provide resources needed to continually improve the effectiveness of the quality management system. (Clause 6.1) The Standard also stipulates the requirements (Clause 8.1) for the organization to plan and implement monitoring, measurement, analysis and improvement processes. This is required to demonstrate conformity of the product, to ensure conformity of the quality management system and to continually improve the effectiveness of the quality management system.

Clause 8.5 of ISO 9001:2008 Standard specially deals with requirements for improvement. Continual improvement is a defined requirement of the standard (Clause 8.5.1). Accordingly, the organization is required to improve the effectiveness of the quality management system through the use of quality policy, quality objectives, audit results, analysis of data, corrective action, preventive action and management review.

Use of Quality Policy and Quality Objectives: Quality policy must include a commitment to comply with requirements and continually improve the effectiveness of the quality management system. It must also provide a framework for establishing and reviewing quality objectives. Quality objectives must be measurable and consistent with the quality policy of the organization. The organization must also ensure to review quality policy for continuing suitability. Framework for reviewing provides a way for improvement as review include assessing opportunities for changes to the quality management system, including quality policy and quality objectives. (Relevant Clauses of ISO 9001:2008 QMS Standard – 5.3, 5.4.1, 8.5.1)

Use of audit results: QMS audit is a systematic process and conducted at defined intervals. Audit evidences are input to QMS audit process and audit results are its output. Audit results become the input to management review process, which provides opportunities for improvement. When any nonconformity are detected during QMS audit, ISO 9001:2008 QMS Standard requires to eliminate such nonconformities and their causes. (Relevant Clauses of ISO 9001:2008 QMS Standard – 5.6.2, 8.2.2, 8.5.1)

Use of analysis of data: One purpose of analysis of data is to evaluate where continual improvement in the quality management system can be made. The organization is required to determine, collect and analyze appropriate data relating to customer satisfaction, conformity to product requirements, characteristics and trends of processes and products (including opportunities for preventive action), and suppliers. Analysis of data helps organization to solve problems and also helps to improve effectiveness and efficiency. Analysis of data can help organizations to determine the root cause of existing and potential problems, and therefore guide decisions about corrective and preventive actions needed for improvement. (Relevant Clauses of ISO 9001:2008 QMS Standard – 8.4, 8.5.1)

Use of corrective action: ISO 9001:2008 QMS Standard requires to take action eliminate the causes of nonconformities in order to prevent recurrence. Corrective action is a major tool in the quality management system to achieve improvement. It should be noted that corrective action is agenda item for management review. (Relevant Clauses of ISO 9001:2008 QMS Standard – 8.5.1, 8.5.2)

Use of preventive action: ISO 9001:2008 QMS Standard requires to take action to eliminate the causes of potential nonconformities in order to prevent their occurrence. Preventive action is a major improvement tool in the quality management system. (Relevant Clauses of ISO 9001:2008 QMS Standard – 8.5.1, 8.5.3)

Use of management review: Management review is conducted at defined intervals to ensure continuing suitability, adequacy and effectiveness of the quality management system. Management review includes assessing opportunities for improvement and need for changes to the quality management system. Output to management review to include any decisions and actions relating to – (i) improvement of the effectiveness of the quality management system, (ii) improvement of the effectiveness of the processes of the organization, (iii) improvement of product related to customer requirements, and (iv) resources needs of the organization. (Relevant Clauses of ISO 9001:2008 QMS Standard – 5.6, 8.5.1)

ISO 9000:2005, Quality management systems – Fundamental and vocabulary, identifies eight quality management principles to be used by the top management of the organization in order to lead the organization towards improved performance. Among eight principles stated in this fundamentals and vocabulary standard, continual improvement is one of the quality management principles. It states that continual improvement of the organization’s overall performance should be a permanent objective of the organization.

What is the aim of continual improvement? ISO 9000:2005 provides the answer. According to Clause 2.9 of ISO 9000:2005, the aim of continual improvement of the quality management system is to increase the probability of enhancing customer satisfaction and also satisfaction of other interested parties. Following actions are needed for improvement:
- Identifying areas of improvement through analysis and evaluation of the existing situation
- Establishing objectives for improvement
- Searching for and evaluating possible solutions to achieve the objectives
- Making a selection from the possible solutions and implementing the selected solution
- Measuring, verifying, analyzing and evaluating results of the implementation to determine whether the objectives have been met, and
- Formalizing changes

Results should be reviewed to determine further opportunities for improvement. Accordingly, improvement is a continual activity to be undertaken by the organization and the top management has the important role to play in this regard. To identify opportunities for improvement, following actions may be useful:
- Obtaining feedback from customers and other interested parties
- Audit results, and
- Review of the quality management system

Process for continual improvement is given in Annex B of ISO 9004:2000, a QMS guidelines Standard for performance improvement. It briefly describes the distinction between breakthrough improvement and small-step ongoing improvement. The distinction between the two may be understood as under:
(i) In small-step ongoing improvement there remains involvement of people working in the process, while in breakthrough improvement there remains involvement of cross-functional teams outside routine operation (such as managers, engineers, consultants)
(ii) In small-step ongoing improvement size of changes remain small, while these are big in breakthrough improvement.
(iii) In small-step ongoing improvement results show small improvements, while the results show big jump in performance in breakthrough improvement.
(iv) Cost is low (within operating budget) in small-step ongoing improvement, while cost is high (may involve additional capital investment) in breakthrough improvement.
(v) Types of changes in small-step ongoing improvement include modification in practices, procedures, equipment, elimination and simplification of activities, while types of changes in breakthrough improvement include process reengineering, major process upgrades, change in technology and addition of new equipment.

ISO 9004:2000 Standards provides steps involved in the method of continual improvement that include:
- Identification of a process problem
- Selection of area of improvement
- Noting the reason for improvement
- Evaluating effectiveness and efficiency of the existing process
- Collecting relevant data
- Analyzing relevant data to discover the generally occurring problems
- Selecting a specific problem
- Setting objective for improvement for such specific problem
- Identifying and verifying the root causes of the problem
- Identifying possible solutions as well as exploring alternative solutions
- Evaluating effects to conform that the problem and its root causes have been eliminated or their effects reduced
- Implementing and standardizing new solutions by replacing old process with improved process as a preventive action
- Evaluating effectiveness and efficiency of the process

Since the above steps provide improvement solution to a specific process problem, so the above steps should be repeated on remaining other identified problems, thereby making the improvement as real and effective.

John E. (Jack) West in his article ‘Continuous Improvement and Your QMS’ says, “Piecemeal improvements are no improvements at all.” He also suggests, “First, let’s review what continual improvement is and what it’s not. Continual improvement isn’t necessarily improving everything in the organization. However, it does not entail identifying and planning changes to those products, processes or systems that will improve the organization performance.”

John E. (Jack) West correctly opines, “Sometimes sustained improvement isn’t achievable unless several processes are changed. In the case of improving a product design, it might be necessary to change not only the design and development process but also the process for hiring designer’s, the capital allocation process and the process for understanding customer requirements. In such a case, overall systems changes are needed; just starting a new product design project may be the organization’s worst approach.”

It is necessary to create people awareness in the organization on continual improvement and this may be created by forming small groups, selecting their group leaders, allowing people to control and improve their workplace and developing people’s knowledge, experience and skills.

The role of the top management and management representative are important in continual improvement of the effectiveness of the quality management system and they should take effective steps to do so.

Courtesy Source References

- ISO 9001:2008 QMS Standard
- ISO 9004:2000
- ISO 9001 for small businesses – What to do (Joint publication from International Organization for Standardization and International Trade Centre UNCTAD / WTO)
- ISO 9001:2000 – A workbook for service organizations (Joint publication from International Organization for Standardization and International Trade Centre UNCTAD / WTO)
- ISO 9001 Fitness Checker – A practical, easy to use checklist designed to help SMEs assess their readiness for ISO 9001 certification
- Implementing ISO 9001:2000 Quality Management System – A Reference Guide, Dr. Divya Singhal and K. R. Singhal (Publication from PHI Learning Pvt. Ltd., New Delhi)
- Article ‘Standard Approach – Continuous Improvement and Your QMS’, John E. (Jack) West, Quality Digest, USA, April 2006
- Article ‘Increasing the power of quality management system: Performance excellence through continual improvement’, Publication series ‘Management Systems Awareness’ – Issue 5, August 2006
- Quality World, New Delhi
- Quality Striving for Excellence, NCQM, Mumbai

Note

Author’s profile may be seen at http://www.linkedin.com/in/krsinghal

INTERNAL AUDIT OF QUALITY MANAGEMENT SYSTEM

2009-08-18T08:46:00.000-07:00

K. R. Singhal

Conducting internal audit is a vital tool to assess organization’s quality management system. The organization gets information in a planned way by conducting internal audit from a variety of sources. The purpose of conducting internal audit is to find out the answers to following questions:
- Is quality management system of the organization conformed to the planning of product realization carried out in the organization?
- Is the quality management system of the organization conformed to the requirements of ISO 9001:2008 QMS Standard?
- Is the quality management system of the organization conformed to the quality management system requirements established by the organization?
- Is the quality management system of the organization effectively implemented and maintained?

An internal audit is a tool to monitor and determine the health of the quality management system of the organization. For an organization, a properly conducted audit is beneficial and we need to conduct value added internal audit that is useful to the organization, auditee department, management representative and top management.

Clause 8.2.2 of ISO 9001:2008 QMS Standard deals with internal audit requirements. As per requirements of ISO 9001:2008 QMS Standard, an organization needs to conduct internal audit at planned intervals. An audit process should include the following aspects:
- Planning of internal audit – such as planning of audit schedule, assignment of auditors, auditee area, and scope of audit, status and importance of processes, results of previous audits.
- Examining and reviewing the quality management system documentation of the organization,
- Examining and reviewing other relevant information of the organization, such as production reports, failure trends, customer complaints, customer survey reports etc.
- Examining and reviewing the quality management system procedures and processes by visiting the audit area spot, interviewing relevant personnel and looking to relevant processes.
- Reporting the internal audit results (including corrective action requests from auditors).
- Verifying corrective actions taken.

An organization should have a documented procedure for conducting internal audit that define and narrate the following aspects:
- Audit criteria
- Scope of the audit
- Frequency of audit
- Audit methods
- Responsibilities and requirements for planning and conducting internal audit
- Relevant audit records (including results of audit) to be established and maintained
- Reporting results of the audit.

Chandrakant Agrawal, Manager (Risk and Compliance team), points out the following to add the value of internal audit:
(i) One more item that would be added is usage of checklist as a tool to make sure all aspects are covered. Also focus on documentation and continuous improvement should be there.
(ii) The Corrective action log would be the most valuable source to support the focus on Quality from the team's perspective.
(iii) The team awareness on policies and procedures and the feel of Quality should also be part of the audit process.
(iv) Sharing of Best practices should also be output of audit so that all involved are benefited.

Does ISO 9001:2008 QMS Standard mention specific frequency of internal audit? How frequently does an organization need to perform internal audits? Is it fair to conduct internal audit once in two years?
ISO 9001:2008 QMS Standard does not mention specific frequency of internal audit. Requirements of ISO 9001:2008 QMS Standard say conducting internal audit at planned intervals. As such the Standard binds the organization to conduct internal audit at planned intervals. It is up to the organization to decide the frequency of internal audit.

How frequently does an organization need to perform internal audits? It is very relevant question. Internal audits need to be performed to cover all quality management system activities the organization undertake and all the ISO 9001:2008 Standard requirements. In deciding the frequency of internal audits, the organization should consider following factors:
- Complexity of procedures and processes
- Maturity level of the organization’s quality management system
- Nature of business activity
- Problematic aspects and areas as per history
- Organization approach for monitoring and improvement
- Frequency of management review

Jan A. de Ridder, Senior Consultant, QA en Lean professional, says, “Frequency depends on many things. In my opinion it is fair to audit Clause 5.5 every two years, unless there are changes in the organization. Clause 8.3 should be audited more or less continuously. When requirements are not met, frequency should increase. I used to audit the whole system and every area in a 3 year cycle. Some places were visited more often than others. One should wonder how audits can be performed effectively, but also efficiently. I used to discuss frequency with the responsible manager. Is he/she happy with the outcome and the number of audits? After all he is the internal customer of the auditor.”

Richard Sledgister, an Engineer, says, “The frequency of a company’s internal audits should accomplish the following goals: 1) assess standard conformance, 2) drive RCCA (Root Cause Corrective Action) and 3) drive continuous improvement. Audits should measure the overall effectiveness of a QMS (Quality Management System) in a company and or a specific facility within a company. Audits should also focus on specific areas in which the planned method (standard work) is not being executed properly, high warranty costs are being incurred, a high scrap rate exists, processes are not in statistical control and or other performance metrics are not being achieved. These are all signs of poor quality. The audit frequency should be adjusted to focus on areas needing continuous improvement as this is an efficient use of resources. The cost of poor quality will be reduced and profitability will be enhanced.”

Sandeep Sharma, a Quality engineer, says, “I think it must be finished just before the external audit, if we will get the NC's, there will be time to resolve all the issues.”

On considering above points, it is now clear that it will be unfair to conduct internal audit once in two years as the time gap between two internal audits will be too long.

What should be done after getting results of internal audit?
The organization gets information about the areas which need correction and/or improvement from the results of internal audit. The information from internal audit results becomes input for the management review.

Who should perform internal audits?
Internal QMS auditors should perform internal audits. ISO 9001:2008 QMS Standard has two relevant important requirements:
- Selection of auditors must ensure objectivity and impartiality of the audit process
- An auditor must not audit his/her own work.

Clause 6.2.1 of ISO 9001:2008 QMS Standard mentions the requirement of competent personnel performing work affecting conformity to product requirements on the basis of appropriate education, training, skills and experience. Accordingly, the personnel conducting internal audit must be competent to audit for which the organization should refer to the relevant guidelines as mentioned in ISO 19011 Standard and take appropriate steps to provide appropriate training to personnel selected as auditors for internal audit.

Suggested Reading: Chapter 12 – Value Added Audit, Implementing ISO 9001:2000 Quality Management System – A Reference Guide, Dr. Divya Singhal and K. R. Singhal (Published by PHI Learning Pvt. Ltd., New Delhi – 110001, India)

Courtesy Source References
- ISO 9001:2008 QMS Standard
- ISO 9004:2000
- ISO 9001 for small businesses – What to do (Joint publication from International Organization for Standardization and International Trade Centre UNCTAD / WTO)
- ISO 9001:2000 – A workbook for service organizations (Joint publication from International Organization for Standardization and International Trade Centre UNCTAD / WTO)
- ISO 9001 Fitness Checker – A practical, easy to use checklist designed to help SMEs assess their readiness for ISO 9001 certification
- Implementing ISO 9001:2000 Quality Management System – A Reference Guide, Dr. Divya Singhal and K. R. Singhal (Publication from PHI Learning Pvt. Ltd., New Delhi)
- Discussion at Linkedin.com Groups

Note
Author’s profile may be seen at http://www.linkedin.com/in/krsinghal

QUALITY POLICY AND QUALITY OBJECTIVES IN ISO 9001:2008

2009-08-16T08:29:00.000-07:00

K. R. Singhal

QUALITY POLICY

Let us begin with the concept of quality policy in QMS. The quality policy of an organization shapes approach of the organization to its customers. A quality policy establishes: (i) a commitment to quality, (ii) a commitment to continual improvement of the quality management system, (iii) the context for quality objectives, and (iv) how the organization’s objectives relate to customers’ requirements.

A quality policy of an organization must meet the following minimum criteria:
(a) It should be linked to overall organizational goals,
(b) It should be relevant to the needs and expectations of the customers of the organization.

Accordingly, the quality policy of an organization must provide a framework for establishing and reviewing organization’s quality objectives.

A quality policy should also include explicit commitments to customer satisfaction and continual improvement. Quality policy of an organization should have a clear statement of outcomes. The policy should have understood by the staff of the organization.

Product quality depends both on perceived customer satisfaction and on well motivated staff. Here it should be noted that the term ‘customer satisfaction’ could refer to both types of customers: (a) internal customers (staff of the organization), and (b) external customers (who buy product from the organization by paying the value).

There may be a situation that your organization may not have a quality policy, then you should try to develop a quality policy for your organization. It is often useful to first develop the overall organization’s policy, including policies for marketing, sales, production, finance etc. This exercise could make the quality policy easier to prepare. Organization’s commitment to quality should describe organization’s overall vision of what quality means to organization’s business and its customers. Clause 4.2.1 of ISO 9001:2008 Standard requires organization to document quality policy statement.

Clause 5.3 of ISO 9001:2008 Standard frames requirements with regard to quality policy, which include to ensure that quality policy is (i) appropriate to the purpose of the organization, (ii) includes a commitment to comply with requirements and continually improve the effectiveness of the quality management system, (iii) provides a framework for establishing and reviewing quality objectives, (iv) is communicated and understood within the organization, and (v) is reviewed for continuing suitability.

Tony Johnston (AJ Quality Management Consulting, Ireland) describes his three fold approach to writing a quality policy – (i) Write quality policy in a language that anyone can understand, (ii) Quality policy should be relative to the organization and believe by its employees when they read it, and (iii) It should make reference to the eight quality management principles, namely customer focus, leadership (management commitment), process approach, continual improvement, factual approach to decision making, mutually beneficial supplier relationship, system approach to management, and involvement of people. The quality policy should be endorsed by the managing director and it should be reviewed at least annually for suitability and updated if necessary.

While the John’s approach is good for writing quality policy and in addition to his approach if a reference for establishing and reviewing quality objectives is given in the quality policy, then it will be better.

If your organization has a quality policy, then you should evaluate your quality policy. Evaluate, whether your quality policy clearly linked to your overall organizational goals. If quality policy of your organization is not linked to your organizational goals, then you need to re-examine your policy and goals. Also find out answers to following questions:
- Does the quality policy include commitment to customer satisfaction?
- Does the quality policy include commitment to continual improvement?
- Does the quality policy include aspects of service quality that are to be emphasized?
- Does the quality policy include benefits for customers (quality outcomes)?
- Is the quality policy focused on maximizing customer satisfaction with the services received?
- Is the quality policy focused on maximizing customer satisfaction with the service received?
- Is the quality policy focused on maximizing staff morale in providing client services?

On the basis of answers to above questions, you may wish to revise the quality policy of your organization.

An illustration of a Quality Policy

…. (name of the organization) …. is committed in achieving customer satisfaction by providing … (the quality characteristics of product provided by the organization) …. For our customers, in context of continual improvement, so that our customers will … (outcomes in relation to customers’ needs / expectations to be met) ….

Another illustration of Quality Policy

We, … (name of the organization) …, manufactures … (name of the products) …. We manufacture and market these products both for domestic and abroad markets. Our purpose is to produce products to satisfy needs of our customers. We continually improve our products and services to satisfy needs of our customers better. Our quality management system is designed to ensure the maintenance of the product quality through evaluation, inspection and verification processes at all stages of production.

We are committed to comply with customer as well as legal requirements and also committed to continually improve the effectiveness of our quality management system. Our organization has decided to achieve quality objectives as set in the documented statement of quality objectives. The top management of our organization in the meeting of board of directors, at least once in every six months, reviews the quality management system of our organization.

QUALITY OBJECTIVES

ISO 9001:2008 QMS Standard requires that organization develop measurable quality objectives, consistent with the quality policy of the organization. Internal and external auditors review quality objectives at each audit to see if they are being met. For planning of the quality management system, it is necessary to establish measurable quality objectives. Requirements with respect to quality objectives are mentioned in clause 5.4.1 of ISO 9001:2008 Standard.

The top management of the organization needs to establish quality objectives. Top management of the organization must ensure that quality objectives (including those needed to meet requirements for the product) are established at relevant functions and levels within the organization. The quality objectives must be measurable and consistent with the quality policy of the organization. Clause 7.1 (a) of ISO 9001:2008 QMS Standard lays down that in planning product realization, the organization must determine quality objectives and requirements for the product. It is evident from this clause that the ISO 9001:2008 Standard now calls for objectives not only for the quality management system but also for the product.

Now questions arise:
- How to set or develop quality objectives?
- How to monitor quality objectives?

Developing Quality Objectives

Developing quality objectives provides the organization with the opportunity to identify areas of inefficiency. The organization can address such areas to improve customer satisfaction. The Management Representative of the organization should frame a committee (with the approval of the top management) for developing quality objectives. This committee should have members from all departments of the organization. The committee members should have conceptual knowledge on ISO 9001:2008 QMS Standard and also on eight quality management principles.

Members of the committee should be advised to frame quality objectives for their respective departments. Management Representative should act as a convener and call a meeting to finalize the quality objectives. Quality objectives finalized in such meeting should be sent to the top management for considering the same in the management review meeting and finalizing them as organization’s quality objectives.

For developing measurable quality objectives for your organization, you may use a worksheet. Worksheet for creating quality objectives may be as under:
- List specific measurable activities that would improve customer satisfaction. Example – Responding to customer’s complaint on the day of its receipt, replying to letters within three days of receipt.
- List specific measurable activities that would improve staff morale. Example – Monthly staff feedback on their performance.
- List specific measurable activities that would improve staff efficiency. Example – Providing computer training to staff.

From the answers that you would have listed for above questions, you may select quality objectives clearly linked to the quality policy of the organization and for each quality objective, you should specify:
- What is to be done?
- How often the organization will achieve the level of performance?
- The date by which the organization will achieve that level of performance.

On careful study of clause 7.1 (a) of ISO 9001:2008 Standard, you will find that the standard calls for quality objectives not only for the quality management system but also for the product. Quality objectives need to be realistic and related to achievable outcomes, such as:
- Meeting agreed customer requirements for delivery or other product characteristics within a certain percentage of time.
- Meeting regulatory and other requirements for product and services.
- Meeting the planned schedule for achieving the quality objectives targets.
- Identifying opportunities for improvement.
- Minimizing the cost of poor quality, rework or scrap.
- Identifying new opportunities.

The Standard also requires that relevant objectives be established at appropriate parts of the organization. For example – Process performance targets, continual improvement targets be established at human resources, production, sales departments.

When setting up quality objectives, look for activities or indicators that employees can relate to and that can be measured. A few examples may be:
- Reducing the production time
- Achieving no failures or defects in production
- Achieving cost reduction
- Improving productivity
- Increasing market share

It is very important point that people in the organization must be aware of how they contribute to the achievement of the quality objectives. Therefore, employees in the organization must know and understand the specific quality objectives that have been set up for their functions and level and how they can achieve them. For awareness of quality objectives, specific training sessions or campaigns may be organized.

At the service delivery, customer interface or at the production line, quality objectives should be very simple and direct.

Think carefully about the quality objectives set by you for the organization and the timeframe you intend to allow for them to be achieved. Keep in mind that quality objectives must be measurable. The organization should be able to check that the organization is achieving the objective and, if not, what the organization is going to do about the quality management system.

Monitoring Quality Objectives

It is the intention of the ISO 9001:2008 QMS Standard that the organization is producing quality product. Monitoring and measurement activities are planned and carried out to carefully improve. Question arises – how to monitor quality objectives? If we carefully read clause 5.6.1 of ISO 9001:2008 QMS Standard, we will come to know that it is the responsibility of the top management to ensure continuing suitability, adequacy and effectiveness of the QMS and to review the organization’s quality management system at planned intervals. Review must include assessing opportunities for improvement and need for changes to the quality management system, including the quality policy and quality objectives.

Quality objectives may be monitored from the input information received from the following:
- Internal and external audits
- Customer feedback
- Process performance reports
- Product conformity reports

A Management Representative (MR) acts a link person between the top management and the organization. His role is very important for maintaining and improving the quality management system in the organization. It is the duty of the Management Representative to report to the top management on the performance of the quality management system and any need for improvement. Accordingly, he should monitor quality objectives from the input information received from various corners.

It is also important to tell employees in the organization regularly how well specified quality objectives are being met and where improvements are required. Quality objectives must be reviewed and revised from time to time as part of the continual improvement process.

Courtesy Source References

- ISO 9001:2008 QMS Standard
- ISO 9004:2000
- ISO 9001 for small businesses – What to do (Joint publication from International Organization for Standardization and International Trade Centre UNCTAD / WTO)
- ISO 9001:2000 – A workbook for service organizations (Joint publication from International Organization for Standardization and International Trade Centre UNCTAD / WTO)
- ISO 9001 Fitness Checker – A practical, easy to use checklist designed to help SMEs assess their readiness for ISO 9001 certification
- Implementing ISO 9001:2000 Quality Management System – A Reference Guide, Dr. Divya Singhal and K. R. Singhal (Publication from PHI Learning Pvt. Ltd., New Delhi)
- Comments from Mr. Tony Johnston (Ireland)

Note

Author’s profile may be seen at http://www.linkedin.com/in/krsinghal

CALIBRATION IN ISO 9001:2008

2009-08-12T03:52:00.000-07:00

K. R. Singhal

The purpose of this paper is to discuss calibration requirements as per ISO 9001:2008 QMS Standard and related issues.

A monitoring, measuring or testing activity is useful and effective only when measurement results are reliable. Measurement results should be sufficiently accurate with a known degree of uncertainty. For this purpose, there is a need to control monitoring and measuring equipment that have the desired level of accuracy and consistency under condition of actual use.

Clause 7.6 of ISO 9001:2008 QMS Standard deals with control of monitoring and measuring equipment. This clause interalia speaks about calibration of monitoring and measuring equipment. The purpose of requirements in clause 7.6 of ISO 9001:2008 QMS Standard is to ensure suitability of monitoring and measuring equipment.

Requirements of Clause 7.6

The organization must determine (i) what to monitor and measure, and (ii) the monitoring and measuring equipment needed. Monitoring and measuring equipment is helpful in providing evidence of conformity of product to determined requirements.

The organization must establish processes to ensure carrying out monitoring and measurement in consistent with the requirements. As such, it is necessary to have a detailed process system established and maintained for keeping the monitoring and measuring equipment accurate and good operating conditions.

Where necessary to ensure valid results – (i) monitoring and measuring equipment must be calibrated or verified, or both, at specified intervals (decided by the organization), or prior to use, against international or national measurement standard, (ii) monitoring and measuring equipment must be adjusted or re-adjusted as necessary, (iii) monitoring and measuring equipment must have identification in order to determine its calibration status – when the calibration or verification was done and what is the due date for calibration or verification, (iv) monitoring and measuring equipment must be safeguarded from such adjustment that invalidates the measurement result, and (v) monitoring and measuring equipment be protected from damage and deterioration.

Where no international or national standards exist for calibration or verification of the equipment, the basis used for calibration or verification must be recorded. It is better to record the process used and the personnel who carried out calibration and verification.

The organization must assess and record the validity of the previous measuring results when the equipment is found not to conform to requirements. In such case, the organization must take appropriate action on the equipment and any product affected.

The organization is required to maintain records of the results of calibration and verification.

Whenever computer software is used in the monitoring or measurement bof specified requirements, it is necessary to conform the ability of the computer software to satisfy the intended application. This must be undertaken prior to initial use and re-conformed as necessary.

Note at the end of clause 7.6 of ISO 9001:2008 clarifies that confirmation of computer software’s ability to satisfy the intended application would typically include its verification and configuration management to maintain its suitability for use.

Finding international or national standard for calibration or verification

To find out relevant international or national standard for calibration or verification, of monitoring and measuring equipment, it is suggested to refer to the latest ISO Catalogue of Standards for international standards and the latest BIS Catalogue for Indian Standards.

Comments may be sent to ncqmajmer@gmail.com

Outsourcing and Exclusion Concepts in ISO 9001:2008 QMS

2009-06-18T02:00:00.000-07:00

K. R. Singhal

Many organizations may find some confusion in outsourcing and exclusion concepts while implementing ISO 9001:2008 QMS.

Clause 4.1 (General requirements) in ISO 9001:2008 QMS Standard includes the outsourcing concept to highlight the fact that special attention is required when obtaining products and services from others that impact the product provided to customer. The requirements in this clause specially refer to outsourced processes to indicate that the organization must ensure control over such outsourced processes. It also requires that the type and extent of control to be applied to outsourced processes must be defined within the quality management system.

Some people may think that the requirement in clause 4.1 (General requirements) regarding outsourcing is not necessary to follow because requirements mentioned in clause 7.1 (Planning of product realization), clause 7.4 (Purchasing), and clause 7.5 (Production and service provision) contain adequate requirements to ensure the integrity provided to the customer.

An organization can’t exclude outsourcing requirements of clause 4.1 (General requirements), if it chooses to outsource any process that affects product conformity to requirements.

If we see the exclusion concept mentioned in clause 1.2 (Application), it states that exclusions are limited to requirements within clause 7 (Product realization). The requirements related to outsourcing concept are mentioned in clause 4.1 (General requirements) that relate to those activities that are essential to the quality management system of your organization, if you choose to outsource any process. When an organization may choose to outsource processes for management activities (related to clause 5), provision of resources (related to clause 6), product realization (related to clause 7), and measurement, analysis and improvement (related to clause 8) may be outsourced.

Who perform the outsourced process? Note 2 at the end of clause 4.1 (General requirements) provides the answer. It clarifies that an outsourced process is identified that process, which is needed for the quality management system, but the same process is performed by a party external to the organization.

Note 3 at the end of clause 4.1 (General requirements) clarifies points with regard to the responsibility of the organization to fulfill all customer, statutory and regulatory requirements and ensuring control over outsourced processes does not absolve the organization of such responsibility to fulfill all customer, statutory and regulatory requirements. This note also clarifies that there are various factors that may influence the type and extent of control on the outsourced process, such as – (i) potential impact of the outsourced process on the capability of the organization to provide product that conforms to requirements, (ii) the degree to which the control for the process is shared (between the organization and the party performing the process), (iii) the capability of achieving the necessary control through the application of clause 7.4 (Purchasing).

If we carefully read the exclusion requirements in clause 1.2 (Application), it also put the condition that such exclusion do not affect the ability or responsibility of the organization to provide product that meets customer and applicable statutory and regulatory requirements.

An organization, taking the benefit of exclusion provision mentioned in clause 1.2 (Application) that exclusions are limited to requirements within clause 7 (Product realization), must remember that when the organization outsource any process then according to clause 4.1 (General requirements), it is the duty of the organization to control such outsourced processes. Further the type and control to be applied to outsourced processes need to be defined.

Let us have following examples:
(i) An organization claimed exclusion from the requirements of clause 7.4 (Purchasing) since the purchasing activity of the unit (implementing ISO 9001:2008 QMS) is done at corporate level.
(ii) An organization claimed exclusion from the requirements of clause 7.1 (Planning of product realization) and clause 7.5 (Production and service provision) since the unit (implementing ISO 9001:2008 QMS) does not carry out any production process and same has been contracted to another organization.
(iii) An organization claimed exclusion from the requirements of clause 7.3 (Design and development) since the designing of the product is carried out at another unit of the organization.

In the above examples, the organization claimed exclusion on the basis that the related process not being carried out by the unit (implementing ISO 9001:2008 QMS). But if look to clause 4.1 (General requirements) then the unit can not ignore control over the processes of (i) purchasing carried out at corporate level, (ii) planning of product realization, and production and service provision, and, (iii) design and development carried out at another unit.

The process approach is having the central approach to ISO 9001:2008 QMS Standard and we have observed that during the last few years outsourcing activities in organizations have increased tremendously, so the new version has clarified its requirements by adding notes in clause 4.1 (General requirements).

Please have you comments to the above.

With kind regards,

K. R. Singhal

Upgrading the existing QMS to ISO 9001:2008 Standard

2009-01-23T16:33:00.000-08:00

Upgrading the existing QMS to ISO 9001:2008 Standard

ISO 9001:2008 QMS Standard has been published on 15 November 2008 by the International Organization for Standardization (ISO). Organizations having the ISO 9001:2000 QMS certifications will upgrade their quality management system as per 2008 version. As per implementation plan jointly announced by International Organization for Standardization (ISO) and International Accreditation Forum (IAF), organizations should upgrade their ISO 9001:2000 QMS to ISO 9001:2008 QMS before 15 November 2010 (within two years from the data of publication of ISO 9001:2008 Standard). However, efforts of many management representatives will be to upgrade their quality management system and obtain certification as per ISO 9001:2008 QMS Standard as early as possible.

It’s good to upgrade the system, but how you can do it in an effective manner. The quality management system of your organization should be able to demonstrate continual improvement as well as changes as per new version. Following steps may be useful.

Step 1 – Get acquainted with ISO 9001:2008 QMS Standard

Nothing can be done without knowing the changes, so please obtain a copy of ISO 9001:2008 Standard. You can obtain the same from the ISO Central Secretariat or from the sales counter of the National Standards Body in your country. ‘Bureau of Indian Standards’ is the national standards body in India, from which you can obtain the equivalent Indian Standard to ISO 9001:2008 QMS. Read ISO 9001:2008 Standard carefully. You should also refer to other reading materials (such as books, articles) on ISO 9001:2008 QMS.

Start ISO 9001:2008 QMS Awareness Programme in your organization. Members of task force, members of steering committee and people, actively involved in ISO 9001 QMS implementation, should be encouraged to attend ISO 9001:2008 Awareness Programme.

Step 2 – Action Plan

Please prepare an action plan for up-gradation to ISO 9001:2008 from the 2000 version. The action plan should indicate the responsibilities of different departments and personnel and set target dates for completion of activities (such as target dates for completion of documentation, training of internal auditors, internal audit, management review etc.).

Step 3 – Revision of QMS Documentation

A few people should be selected for revision of QMS documentation as per ISO 9001:2008 QMS Standard. The Management Representative should be the coordinator of the QMS documentation revision task. Revision in documentation should be done and revised documents should be issued.

Step 4 – Implementation

Implementation should be carried out immediately upon issue of revised documentation as per ISO 9001:2008 QMS Standard.

Step 5 – Training of internal auditors

Internal auditors should be aware of ISO 9001:2008 QMS Standard, so please provide training to your internal auditors, so that they may be able to carry out value added internal audit as per ISO 9001:2008 QMS Standard.

Step 6 – Internal Audit

After implementation as per revised documentation, please carry out internal audit as per ISO 9001:2008 QMS Standard. Take corrective action for the nonconformity or nonconformities observed during the internal audit.

Step 7 – Management Review

After conduct of internal audit, carry out management review of the quality management system of your organization as per ISO 9001:2008 QMS Standard.

Step 8 – Inform Certification Body

After successfully completing all above steps, you should inform your certification body about the up-gradation of your quality management system as per ISO 9001:2008 QMS Standard, so that they may assess your quality management system and upgrade their certificate.

Support from NCQM Ajmer Centre

You can have following support from NCQM Ajmer Centre for up-gradation of your QMS:
Literatures in Hindi and English on ISO 9001:2008 QMS
Training programmes
Guidance for implementation

Understanding ISO 9001:2008 Quality Management System

2009-01-19T03:24:00.000-08:00

Understanding ISO 9001:2008 Quality Management System

Chapter 9

DOCUMENTED PROCEDURES AND RECORDS REQUIRED BY ISO 9001:2008

Documented procedures required by ISO 9001:2008 are:
Control of documents (see clause 4.2.3)
Control of records (see clause 4.2.4)
Internal audit (see clause 8.2.2)
Control of nonconforming product (see clause 8.3)
Corrective action (see clause 8.5.2)
Preventive action (see clause 8.5.3)

However, in addition to above the organization may have documented procedures determined by the organization to be necessary to ensure effective planning, operation and control of the processes of the organization.

Records required by ISO 9001:2008 are:
Clause 5.6 (Management review) – Records from management reviews
Clause 6.2.2 (Competence, training and awareness) – Appropriate records of education, training, skills and experience
Clause 7.1 (Planning of product realization) – Records to provide evidence that the realization processes and resulting product meet requirements
Clause 7.2.2 (Review of requirements related to the product) – Records of the result of the review and actions arising from the review
Clause 7.3.2 (Design and development inputs) – Records of inputs relating to product requirements
Clause 7.3.4 (Design and development review) – Records of the results of the reviews and any necessary actions
Clause 7.3.5 (Design and development verification) – Records of the results of the verification and any necessary actions
Clause 7.3.6 (Design and development validation) – Records of the results of validation and any necessary actions
Clause 7.3.7 (Control of design and development changes) – Records of the results of the review of changes and any necessary actions
Clause 7.4.1 (Purchasing process) – Records of the results of supplier evaluations and any necessary actions arising from the evaluation
Clause 7.5.2 (Validation of processes for production and service provision) – Records as per requirements according to established arrangements
Clause 7.5.3 (Identification and traceability) –Where traceability is a requirement, record of unique identification of product
Clause 7.5.4 (Customer property) – Records of reporting to the customer, if any customer property is lost, damaged or otherwise found to be unsuitable for use
Clause 7.6 (Control of monitoring and measuring equipment) – (i) Records of the basis used for calibration or verification, where no international / national measurement standards exist (ii) Records of the results of calibration and verification (iii) Validity of the previous measuring results when equipment is found not to conform requirements
Clause 8.2.2 (Internal audit) – Records of the audits and their results
Clause 8.2.4 (Monitoring and measurement of product) – Records indicating the person(s) authorizing release of product for delivery to the customer
Clause 8.3 (Control of nonconforming product) – Records of the nature of nonconformities and any subsequent actions taken, including concessions obtained
Clause 8.5.2 (Corrective action) – Records of the results of action taken
Clause 8.5.3 (Preventive action) – Records of the results of action taken

However, in addition to above the organization may have records determined by the organization to be necessary to ensure effective planning, operation and control of the processes of the organization.

If we go through the above list and requirements of ISO 9001:2000 QMS Standard, we find that there is no change in the requirements for documented procedures and records needed to keep as per ISO 9001:2008.

Questions

What are the documented procedures and records required as per clause 4 (Quality management system) of ISO 9001:2008?
What are the documented procedures and records required as per clause 5 (Management responsibility) of ISO 9001:2008?
What are the documented procedures and records required as per clause 6 (Resource management) of ISO 9001:2008?
What are the documented procedures and records required as per clause 7 (Product realization) of ISO 9001:2008?
What are the documented procedures and records required as per clause 8 (Measurement, analysis and improvement) of ISO 9001:2008?

Note from the author

The author of this literature has used his skills and knowledge to his best capacity to provide relevant and the latest information. Utmost care has been taken to ensure correctness and accuracy of the contents. However, omissions and errors, if any, in this literature are regretted. Reader’s suggestion for improvement is welcomed. Readers are requested to send their frank opinion, comment, criticism and assessment of this literature.

The purpose of this literature is to create awareness. Standard document ISO 9001:2008 may be obtained from International Organization for Standardization (ISO) or any member organization of ISO. Readers are advised to have ISO 9001:2008 for reference purpose.

Understanding ISO 9001:2008 Quality Management System

2009-01-19T03:18:00.001-08:00

Understanding ISO 9001:2008 Quality Management System

Chapter 8

ANNEX, BIBLIOGRAPHY AND OTHER INFORMATION (including implementation plan for ISO 9001:2008 QMS Standard)

Annex A and Annex B have been updated.

Annex A provides informative details of correspondence between ISO 9001:2008 and ISO 14001:2004 For more details, reader should refer to the Standard document ISO 9001:2008.

Annex B provides informative details of changes between ISO 9001:2000 and ISO 9001:2008 in a Table form. For more details, reader should refer to the Standard document ISO 9001:2008.

Bibliography is also updated to reflect new standards and new editions of standards. For more details, reader should refer to the Standard document ISO 9001:2008.

In short, from the study of ISO 9001:2008, we come to a conclusion that ISO 9001:2008 will be an international standard with minor revision to ISO 9001: 2000 and changes are more as clarifications to the requirements.

There will be little impact of the revision. Only a few changes in the requirements may require revision in documentation and implementation. International Organization for Standardization (ISO) and International Accreditation Forum (IAF) have announced schedule for implementation of accredited certification to ISO 9001:2008 QMS Standard. Details are mentioned below.

Implementation Plan for ISO 9001:2008 QMS Standard

International Organization for Standardization (ISO) and International Accreditation Forum (IAF) have announced schedule for implementation of accredited certification to ISO 9001:2008 QMS Standard. Both organizations have agreed on an implementation plan to ensure a smooth transition of accredited certification to ISO 9001:2008 QMS Standard.

The ISO 9001:2008 QMS Standard has been published on 15 November 2008. ISO 9001:2008 QMS Standard replaces the year 2000 version of the Standard. Certification is not a requirement of the standard, however the quality management system (QMS) of about one million organizations have been audited and certified by independent certification bodies to existing ISO 9001:2000 QMS Standard. ISO 9001 certification is frequently used in both private and public sectors to increase confidence in the products and services provided by certified organizations, between partners in business-to-business relations, in the selection of suppliers in supply chains and in the right to tender for procurement contracts.

International Organization for Standardization (ISO) is the developer and publisher of ISO 9001 Standard. ISO does not itself carry out auditing and certification to ISO 9001 Standard. These services are performed independently of ISO by certification bodies. ISO does not control such bodies. But ISO has developed voluntary International Standards to encourage good practice in their activities on a worldwide basis. ISO/IEC 17021:2006, developed and published by ISO, specifies the requirements for certification bodies carrying out auditing and certification of management systems.
Certification bodies that wish to provide further confidence in their services generally apply to be "accredited" as competent by an International Accreditation Forum (IAF) recognized national accreditation body। In India, National Accreditation Board of Certification Bodies (NABCB) is the IAF recognized national accreditation body। ISO/IEC 17011:2004, developed and published by ISO, specifies the requirements for carrying out such accreditation. International Accreditation Forum (IAF) is an international association, having membership of national accreditation bodies of 49 countries/economies. International Organization for Standardization (ISO) has a technical committee, known as ISO/TC 176, Quality management and quality assurance. This committee is responsible for the ISO 9000 family of standards. This committee is preparing a number of support documents explaining the differences between ISO 9001:2008 (forthcoming new version) and ISO 9001:2000 (the year 2000 version), why and what they mean for users. On getting approval, these documents will be posted on the ISO Web site – probably in October 2008.

International Organization for Standardization (ISO) and International Accreditation Forum (IAF) have agreed an implementation plan to ensure a smooth migration of accredited certification to ISO 9001:2008 QMS Standard, after consultation with international groupings representing quality system or auditor certification bodies, and industry users of ISO 9001 certification services. ISO 9001:2008 does not contain any new requirements. As such, ISO and IAF have recognized that ISO 9001:2008 introduces no new requirements. ISO 9001:2008 only introduces clarifications to the existing requirements of ISO 9001:2000 QMS Standard. It also introduces changes intended to improve consistency with ISO14001:2004 EMS Standard. The implementation plan and validity of certification to ISO 9001 QMS, as agreed by ISO and IAF, in relation to accredited certification is as under:(i) Accredited certification to the ISO 9001:2008 QMS Standard shall not be granted until the publication of ISO 9001:2008 QMS Standard as an International Standard. ISO 9001:2008 QMS Standard has since been published as International Standard on 15 November 2008.
(ii) Certification of conformity to ISO 9001:2008 QMS Standard and/or national equivalents (such as, IS/ISO 9001:2008 QMS Standard, in India) shall only be issued after official publication of ISO 9001:2008 (i.e after 15 November 2008) and after a routine surveillance or recertification audit against ISO 9001:2008.
(iii) One year after publication of ISO 9001:2008 QMS Standard all accredited certifications issued (new certifications or re-certifications) shall be to ISO 9001:2008 QMS Standard.
(iv) Twenty four months after publication by ISO of ISO 9001:2008 QMS Standard, any existing certification issued to ISO 9001:2000 shall not be valid.

Questions

1. What is your conclusion with regard to ISO 9001 revision?
2. What is the implementation plan for ISO 9001:2008 QMS Standard announced by International Organization for Standardization (ISO) and International Accreditation Forum (IAF)?

Note from the author

The author of this literature has used his skills and knowledge to his best capacity to provide relevant and the latest information. Utmost care has been taken to ensure correctness and accuracy of the contents. However, omissions and errors, if any, in this literature are regretted. Reader’s suggestion for improvement is welcomed. Readers are requested to send their frank opinion, comment, criticism and assessment of this literature.

The purpose of this literature is to create awareness. Standard document ISO 9001:2008 may be obtained from International Organization for Standardization (ISO) or any member organization of ISO. Readers are advised to have ISO 9001:2008 for reference purpose.

Understanding ISO 9001:2008 Quality Management System

2009-01-14T20:08:00.000-08:00

Understanding ISO 9001:2008 Quality Management System

Chapter 7

MEASUREMENT, ANALYSIS AND IMPROVEMENT

Author – K. R. Singhal

There are following clauses under this section:
8.1 – General
8.2 – Monitoring and measurement
8.3 – Control of nonconforming product
8.4 – Analysis of data
8.5 – Improvement

General
(Please refer to clause 8.1 of ISO 9001:2008)

The organization must plan and implement the monitoring, measurement, analysis and improvement processes needed for the following:
to demonstrate conformity to product requirements,
to ensure conformity of the quality management system, and
to continually improve the effectiveness of the quality management system.

The organization must determine applicable methods (including statistical techniques) and extent of their use.

If we compare ISO 9001:2000 (old version) and ISO 9001:2008 (new version), we observe that there is no change in the requirement, however there is editorial change in the wordings. As per ISO 9001:2008, monitoring, measurement, analysis and improvement processes needed ‘to demonstrate conformity to product requirements’, instead of ‘to demonstrate conformity of the product’ (as mentioned in ISO 9001:2000 QMS Standard).

Monitoring and measurement
(Please refer to clause 8.2 of ISO 9001:2008)

There are following clauses under this clause:
8.2.1 – Customer satisfaction
8.2.2 – Internal audit
8.2.3 – Monitoring and measurement of processes
8.2.4 – Monitoring and measurement of product

Customer satisfaction
(Please refer to clause 8.2.1 of ISO 9001:2008)

The organization must monitor information relating to customer perception to know whether the organization has met customer requirements. The organization must determine methods for obtaining and using information relating to customer satisfaction. This monitoring must be done by the organization as one of the measurements of the performance of organization’s quality management system.

Note at the end of this clause clarifies that monitoring customer satisfaction can include obtaining inputs from various sources, such as:
customer satisfaction surveys,
customer data on delivered product quality,
user opinion surveys,
lost business analysis,
compliments,
warranty claims, and
dealer reports.

If we compare ISO 9001:2000 (old version) and ISO 9001:2008 (new version), we observe that in sub-clause 8.2.1 (Customer satisfaction), a note has been added that monitoring customer perception may include obtaining input from sources such as customer satisfaction surveys, customer data on delivered product quality, user opinion surveys, lost business analysis, compliments, warranty claims, dealer reports.

Internal audit
(Please refer to clause 8.2.2 of ISO 9001:2008)

The organization must conduct internal audits at planned intervals. Conducting internal audits must be done to determine whether the quality management system of the organization:
conforms to the planned arrangements,
conforms to the requirements of ISO 9001:2008 Standard,
conforms to the quality management system requirements established by the organization, and
is effectively implemented and maintained.

The organization must plan an audit programme by considering the status and importance of the processes, areas to be audited and results of previous audits. The organization must define audit criteria, scope, frequency and methods of internal audit. The organization must ensure objectivity and impartiality of the audit process in selecting internal auditors and conducting internal audits. Auditors must not audit their own work.

The organization must establish a documented procedure to define the responsibilities and requirements for planning and conducting audits, establishing records and reporting results.

The organization must maintain records of the audits and their results.

The management (of the area or department being audited) must ensure that any necessary corrections and corrective actions are taken promptly (without undue delay) to eliminate detected nonconformities and their causes.

The organization must carry out follow-up activities including verification of the actions taken and the reporting of verification results.

Note at the end of this clause states to refer to ISO 19011 for guidance.

If we compare ISO 9001:2000 (old version) and ISO 9001:2008 (new version), we observe that the requirements of this clause reworded to give more clarity. The requirements in ISO 9001:2008 is very clear that a documented procedure must be established to define the responsibilities and requirements for planning and conducting audits, establishing records and reporting results. It also requires that records of the audits and their results must be maintained. In Para 4 of sub-clause 8.2.2 of ISO 9001:2000 QMS Standard, before the word ‘actions’ phrase ‘any necessary corrections and corrective’ has been added in ISO 9001:2008 to give more clarity .A note at the end of sub clause 8.2.2 now refers to ISO 19011 for guidance in ISO 9001:2008, instead of ISO 10011-1, ISO 10011-2 and ISO 10011-3 as mentioned in ISO 9001:2000 QMS Standard.

Monitoring and measurement of processes
(Please refer to clause 8.2.3 of ISO 9001:2008)

The organization must apply:
suitable methods for monitoring of the quality management system processes, and
where applicable, measurement of quality management system processes.

Such suitable methods must demonstrate the ability of the processes to achieve planned results. When planned results are not achieved, the organization must take correction and corrective action, as appropriate.

Note at the end of this clause suggests that organization should consider the type and extent of monitoring or measurement appropriate to each of its processes, when determining suitable methods, in relation to their impact on the conformity to product requirements and on the effectiveness of the quality management system.

If we compare ISO 9001:2000 (old version) and ISO 9001:2008 (new version), we observe that in sub-clause 8.2.3 the phrase ‘to ensure conformity of the product’ has been removed as was mentioned in ISO 9001:2000. A note added at the end of sub-clause 8.2.3 now clarifies that when deciding on appropriate methods, the organization should consider the type and extent of monitoring or measurement appropriate to each of its processes in relation to their impact on the conformity to product requirements and effectiveness of the quality management system.

Monitoring and measurement of product
(Please refer to clause 8.2.4 of ISO 9001:2008)

The organization must monitor and measure the characteristics of the product to verify that product requirements have been met. This must be carried out at appropriate stages of the product realization process in accordance with the planned arrangement. The organization must maintain evidence of conformity with the accepted criteria.

The organization must maintain records indicating the person(s) authorizing release of product for delivery to the customer.

The organization must not proceed to release product and delivery of service to the customer until the planned arrangements have been satisfactorily completed, unless otherwise approved by a relevant authority of the organization and, where applicable, by the customer.

If we compare ISO 9001:2000 (old version) and ISO 9001:2008 (new version), we observe that there are editorial changes, some additions and deletions. Requirement to maintain evidence of conformity with the accepted criteria is in Para 2 of ISO 9001:2000 QMS Standard, and this requirement has been deleted from this Para and added to Para 1 of this sub-clause in ISO 9001:2008. In Para 2 of this sub-clause in ISO 9001:2000 requires records to indicate the person(s) authorizing release of product, and this has been made more specific now in ISO 9001:2008 and records must indicate the person(s) authorizing release of product for delivery to the customer. The phrase ‘Product release and service delivery’ in Para 3 of this sub-clause (as mentioned in ISO 9001:2000 QMS Standard) has been substituted by the phrase ‘The release of product and delivery of service to the customer’ (in ISO 9001:2008).

Control of nonconforming product
(Please refer to clause 8.3 of ISO 9001:2008)

The organization must ensure that nonconforming product (the product which does not conform to product requirements) is identified and controlled to prevent its unintended use or delivery. The organization must establish a documented procedure to define the controls and related responsibilities and authorities for dealing with nonconforming product.

Where applicable, the organization must deal with nonconforming product by one or more of the following ways:
by taking action to eliminate the detected nonconformity,
by authorizing its use, release or acceptance under concession by relevant authority and, where applicable, by the customer,
by taking action to preclude its original intended use or application,
by taking action appropriate to the effects, or potential effects, of the nonconformity when nonconforming product is detected after delivery or use has started.

When organization carries out correction in nonconforming product, such correction must be subject to re-verification to demonstrate conformity to the requirements.

The organization must main records of the nature of nonconformities and any subsequent actions taken, including concessions obtained.

If we compare ISO 9001:2000 (old version) and ISO 9001:2008 (new version), we observe that Para 1 of this clause has been reframed to provide more clarity. The term ‘where applicable’ is added in the beginning in Para 2 of this clause. The requirements of Para 3 and Para 4 of this clause (in ISO 9001:2000 QMS Standard) have been interchanged as Para 4 and Para 3 in ISO 9001:2008 without any change in wordings. The requirement mentioned in Para 5 of this clause (mentioned in ISO 9001:2000 QMS Standard) has been shifted in Para 3 Bullet d) with appropriate reframing of wordings (in ISO 9001:2008).

Analysis of data
(Please refer to clause 8.4 of ISO 9001:2008)

The organization must determine, collect and analyze appropriate data to demonstrate the suitability and effectiveness of the quality management system and to evaluate where continual improvement of the effectiveness of the quality management system can be made. This must include data generated as a result of monitoring and measurement and from other relevant sources.

The analysis of data must provide information relating to:
customer satisfaction,
conformity to product requirements,
characteristics and trends of processes and products, including opportunities for preventive action, and
suppliers.

If we compare ISO 9001:2000 (old version) and ISO 9001:2008 (new version), we observe that there is no change in the requirement of this clause, however, reference to clause has been changed or added. In clause 8.4 (b), reference to ‘(see 8.2.4)’ has been mentioned in ISO 9001:2008 instead of ‘(see 7.2.1)’ as mentioned in ISO 9001:2000 QMS Standard. In clause 8.4 (c), after ‘… preventive action’ the words ‘(see 8.2.3 and 8.2.4)’ have been added. In clause 8.4 (d), after suppliers the words ‘(see 7.4)’ added.

Improvement
(Please refer to clause 8.5 of ISO 9001:2008)

There are following clauses under this clause:
8.5.1 – Continual improvement
8.5.2 – Corrective action
8.5.3 – Preventive action

Continual improvement
(Please refer to clause 8.5.1 of ISO 9001:2008)

The organization must continually improve the effectiveness of the organization’s quality management system. This must be done through the use of the following:
quality policy,
quality objectives,
audit results,
analysis of data,
corrective action,
preventive action, and
management review.

If we compare ISO 9001:2000 (old version) and ISO 9001:2008 (new version), we observe that there is no change in the requirement of sub-clause 8.5.1 (Continual improvement).

Corrective action
(Please refer to clause 8.5.2 of ISO 9001:2008)

The organization must take corrective action, appropriate to the effects of the nonconformities encountered, to eliminate the causes of nonconformities in order to prevent recurrence.

The organization must establish a documented procedure that defines requirements for the following:
reviewing nonconformities,
determining the causes of nonconformities,
evaluating the need for action to ensure that nonconformities do not recur,
determining and implementing action needed,
records of the results of action taken, and
reviewing the effectiveness of the corrective action taken.

If we compare ISO 9001:2000 (old version) and ISO 9001:2008 (new version), we observe that there is no change in requirements, however in sub-clause 8.5.2 (Corrective action), there are editorial changes in the wordings of the requirements to give more clarity of meaning. The word ‘cause’ (as mentioned in Para 1 of sub-clause 8.5.2 in ISO 9001:2000 QMS Standard) has been substituted by the word ‘causes’ (in ISO 9001:2008). Instead of ‘reviewing the corrective action taken’ (as mentioned in ISO 9001:2000 QMS Standard), now it is mentioned ‘reviewing the effectiveness of the corrective action taken’ (in ISO 9001:2008).

Preventive action
(Please refer to clause 8.5.3 of ISO 9001:2008)

The organization must determine preventive action, appropriate to the effects of the potential problems, to eliminate the causes of potential nonconformities in order to prevent their occurrence.

The organization must establish a documented procedure to define requirements for:
determining potential nonconformities and their causes,
evaluating the need for action to prevent occurrence of nonconformities,
determining and implementing action needed,
records of the results of action taken, and
reviewing the effectiveness of the preventive action taken.

If we compare ISO 9001:2000 (old version) and ISO 9001:2008 (new version), we observe that there is no change in requirements, however in sub-clause 8.5.3 (Preventive action), there are editorial changes in the wordings of the requirements to give more clarity of meaning. Instead of ‘reviewing the preventive action taken’ (as mentioned in ISO 9001:2000 QMS Standard), now it is mentioned ‘reviewing the effectiveness of the preventive action taken’ (in ISO 9001:2008).

Questions

What are the key changes in clause 8.1 (measurement, analysis and improvement – General) in ISO 9001?
What are the key changes in clause 8.2.1 (Customer satisfaction) in ISO 9001?
What are the key changes in clause 8.2.2 (Internal Audit) in ISO 9001?
What are the key changes in clause 8.2.3 (Monitoring and measurement of processes) in ISO 9001?
What are the key changes in clause 8.2.4 (Monitoring and measurement of product) in ISO 9001?
What are the key changes in clause 8.3 (Control of nonconforming product) in ISO 9001?
What are the key changes in clause 8.4 (Analysis of data) in ISO 9001?
What are the key changes in clause 8.5 (Improvement) in ISO 9001?

Note from the author

The author of this literature has used his skills and knowledge to his best capacity to provide relevant and the latest information. Utmost care has been taken to ensure correctness and accuracy of the contents. However, omissions and errors, if any, in this literature are regretted. Reader’s suggestion for improvement is welcomed. Readers are requested to send their frank opinion, comment, criticism and assessment of this literature.

The purpose of this literature is to create awareness. Standard document ISO 9001:2008 may be obtained from International Organization for Standardization (ISO) or any member organization of ISO. Readers are advised to have ISO 9001:2008 for reference purpose.

Understanding ISO 9001:2008 Quality Management System

2008-12-21T08:53:00.000-08:00

Understanding ISO 9001:2008 Quality Management System

Chapter – 6

PRODUCT REALIZATION

Author – K. R. Singhal

There are following clauses under this section:
7.1 – Planning of product realization
7.2 – Customer-related processes
7.3 – Design and development
7.4 – Purchasing
7.5 – Production and service provision
7.6 – Control of monitoring and n measuring equipment

Planning of product realization
(Please refer to Clause 7.1 of ISO 9001:2008)

The organization must plan the processes needed for product realization and the organization must develop such processes.

Planning of product realization must be consistent with the requirements of the other processes of the QMS. In this connection, a reference to clause 4.1 of ISO 9001:2008 is needed.

In planning product realization, the organization must (as appropriate) determine the following:
quality objectives for the product
requirements for the product
the need to establish processes
the need to establish documents
the need to provide resources specific to the product
required verification activity specific to the product
required validation activity specific to the product
required monitoring activity specific to the product
required measurement activity specific to the product
required inspection activity specific to the product
required test activity specific to the product
the criteria for product acceptance
records needed to provide evidence that the realization processes and resulting product meet requirements

A reference to clause 4.2.4 of ISO 9001:2008 is needed for control of records.

The output of planning of product realization must be in a form suitable for method of operations of the organization.

There are two notes at the end of clause 7.1 of ISO 9001:2008.

Note 1 clarifies the term quality plan. A quality plan is a document specifying:
the process of the quality management system (including the product realization processes), and
the resources to be applied to a specific product, project or contract.

Note 2 clarifies that those requirements given in clause 7.3 (design and development) to the development of product realization processes may be applied by the organization.

If we compare ISO 9001:2000 (old version) and ISO 9001:2008 (new version), we find that the requirement in clause 7.1 (b) has been reframed being editorial change. In clause 7.1 (c), the word ‘measurement’ has been added, accordingly, the organization needs to also determine required measurement activities, as appropriate, specific to the product and the criteria for product acceptance.

Customer-related processes
(Please refer to Clause 7.2 of ISO 9001:2008)

There are following clauses under this clause:
7.2.1 – Determination of requirements related to the product
7.2.2 – Review of requirements related to the product
7.2.3 – Customer communication

Determination of requirements related to the product
(Please refer to Clause 7.2.1 of ISO 9001:2008)

The organization must determine:
customer requirements,
requirements for delivery and post-delivery activities,
requirements, necessary for specified or intended use of the product, although not stated by the customer,
applicable legal (statutory and regulatory) requirements related to the product,
any other requirements, that are considered necessary by the organization.

Note at the end of this clause clarifies the term post-delivery activities. Actions under warranty provisions, contractual obligations (such as maintenance services) and supplementary services (such as recycling, final disposal) are part of post delivery activities.

If we compare ISO 9001:2000 (old version) and ISO 9001:2008 (new version), we find that requirement has been slightly re-worded. The word ‘related’ has been changed to ‘applicable’. The wordings of clause 7.2.1 (d) that ‘any additional requirements determined by the organization’ (in ISO 9001:2000 Standard) have been changed to ‘any additional requirements considered necessary by the organization’ (in ISO 9001:2008). Accordingly, now the organization must determine any additional requirements considered necessary by the organization.

A note has been added at the end of sub clause 7.2.1 in ISO 9001:2008 clarifying the post delivery activities to include actions under warranty provisions, contractual obligations (such as maintenance services) and supplementary services (such as recycling and final disposal). Old version did not clarify what post delivery meant; now the new version has clarified the same.

Review of requirements related to the product
(Please refer to Clause 7.2.2 of ISO 9001:2008)

The organization must review, the requirements related to the product, prior to the organization’s commitment to supply a product to the customer. Accordingly, the organization must review the requirements related to the product before submission of tenders, acceptance of contracts, acceptance of orders, acceptance of changes to the contracts, or acceptance of changes to orders.

The organization must also ensure the following:
to define product requirements,
to resolve contract or order requirements differing from those previously expressed,
the organization has the ability to meet requirements that are defined.

The organization must maintain following records:
results of the review, and
actions arising from the review.

Sometimes customer provides its requirements verbally (not written requirements), in such situation, the organization must confirm such customer requirements before acceptance to supply the product to the customer.

There may be instances when product requirements are changed, in such situation, the organization must ensure that relevant documents are amended and information about the changed requirements is made aware to relevant personnel.

A note at the end of the clause provides clarification that a formal review of requirements is impractical for organization and customer in some situations, as in the case of internet sales. In such cases, the review of requirements can cover relevant product information, such as catalogues and adverting material.

If we compare ISO 9001:2000 (old version) and ISO 9001:2008 (new version) there is no change in the requirements of clause 7.2.2.

Customer communication
(Please refer to clause 7.2.3 of ISO 9001:2008)

The organization must determine and implement effective arrangements for communicating with customers in relation to:
product information,
enquiries,
contracts or order handling,
amendments, if any,
customer feedback,
customer complaints, if any.

If we compare ISO 9001:2000 (old version) and ISO 9001:2008 (new version) there is no change in the requirements of clause 7.2.3.

Design and development
(Please refer to clause 7.3 of ISO 9001:2008)

There are following clauses under this clause:
7.3.1 – Design and development planning
7.3.2 – Design and development inputs
7.3.3 – Design and development outputs
7.3.4 – Design and development review
7.3.5 – Design and development verification
7.3.6 – Design and development validation
7.3.7 – Control of design and development changes

Design and development planning
(Please refer to clause 7.3.1 of ISO 9001:2008)

The organization must plan and control the design and development of product.

During the planning of design and development, the organization must determine:
the stages of design and development,
the review, verification and validation (appropriate to each design and development stage), and
responsibilities and authorities for design and development.

The organization must manage the interfaces between different groups involved in design and development. The purpose is to ensure effective communication and clear assignment of responsibility.

During the progress of design and development, planning must be updated, as appropriate.

If we compare ISO 9001:2000 (old version) and ISO 9001:2008 (new version) a note added in the sub-clause 7.3.1 (Design and development planning) in ISO 9001:2008 clarifies that design and development review, verification and validation are separate activities having distinct purposes and these may be conducted and recorded separately or in combination as suitable for the product and the organization.

Design and development inputs
(Please refer to clause 7.3.2 of ISO 9001:2008)

The organization must determine design and development inputs relating to product requirements and maintain records. The design and development inputs must contain:
functional requirements,
performance requirements,
applicable legal (statutory and regulatory) requirements,
other requirements necessary for design and development.

The organization must review design and development inputs for adequacy. Requirements must be:
complete,
unambiguous, and
not in conflict with each other.

If we compare ISO 9001:2000 (old version) and ISO 9001:2008 (new version) there is editorial change in the wordings of sub-clause 7.3.2 (Design and development inputs), no change in the requirement.

Design and development outputs
(Please refer to clause 7.3.3 of ISO 9001:2008)

The outputs of design and development must be such that are suitable for verification against the design and development inputs and outputs must be approved prior to release.

Design and development outputs must:
meet input requirements for design and development,
provide appropriate information for purchasing,
provide appropriate information for production and service provision,
contain product acceptance criteria or its reference, and
specify characteristics (essential for safe and proper use) of the product.

Note at the end of the clause clarify that information for production and service provision may include details for preservation of product.

If we compare ISO 9001:2000 (old version) and ISO 9001:2008 (new version), in this clause, the word ‘provided’ mentioned in old version has been removed and the phrase ‘suitable for’ (in new version) replaces ‘that enables’ (of the old version). The word ‘for’ (service provision) has been removed. A new note (added in ISO 9001:2008) in the sub clause 7.3.3 clarifies that information for production and service provision may include details for the preservation of product.

The old version requires making sure that design and development process generate outputs information that must have to meet certain thing, but the new version also requires that design and development outputs could include information that must explain how product to be preserved during production and service provision..

Design and development review
(Please refer to clause 7.3.4 of ISO 9001:2008)

The organization must perform systematic design and development review at suitable stages in accordance with planned arrangements:
to evaluate the ability of the results of design and development to meet requirements, and
to identify any problems, and
to propose necessary actions.

Participants in such reviews must be from the functions concerned with the design and development stage / stages that are being reviewed. The organization must maintain records of the results of the reviews and any necessary actions.

If we compare ISO 9001:2000 (old version) and ISO 9001:2008 (new version) there is no change in the requirements of clause 7.3.4.

Design and development verification
(Please refer to clause 7.3.5 of ISO 9001:2008)

The organization must perform design and development verification in accordance with planned arrangement to ensure that the design and development outputs have met the design and development input requirements. The organization must maintain records of the results of the verification and any necessary actions.

If we compare ISO 9001:2000 (old version) and ISO 9001:2008 (new version) there is no change in the requirements of clause 7.3.5.

Design and development validation
(Please refer to clause 7.3.6 of ISO 9001:2008)

The organization must perform design and development validation in accordance with planned arrangements to ensure that the resulting product is capable of meeting the requirements for the specified application or intended use of the product, where known. Where it is possible (practicable), design and development validation must be completed prior to the delivery or implementation of the product. The organization must maintain records of the result of validation and any necessary action.

If we compare ISO 9001:2000 (old version) and ISO 9001:2008 (new version) there is no change in the requirements of clause 7.3.6.

Control of design and development changes
(Please refer to clause 7.3.7 of ISO 9001:2008)

The organization must identify design and development changes and maintain records. The organization must review, verify and validate design and development changes, as appropriate, and approve such changes before implementation. The design and development changes’ review must include evaluation of the effect of the changes on constituent parts and product already delivered. The organization must maintain results of the review of changes and any necessary actions.

If we compare ISO 9001:2000 (old version) and ISO 9001:2008 (new version) there is no change in the requirements of clause 7.3.7. There is editorial change, no text change. Two Para of old version merged to one Para in new version.

Purchasing
(Please refer to clause 7.4 of ISO 9001:2008)

There are following clauses under this clause:
7.4.1 – Purchasing process
7.4.2 – Purchasing information
7.4.3 – Verification of purchased product

Purchasing process
(Please refer to clause 7.4.1 of ISO 9001:2008)

The organization must ensure that purchased product conforms to specified purchase requirements. The type and extent of control (on the supplier and the purchased product)must be dependent upon the effect of the purchased product on subsequent product realization or the final product.

The organization must evaluate and select supplier. Such evaluation and selection must be based on the ability of suppliers to supply product in accordance with the organization’s requirements. The organization must establish:
criteria for selection,
criteria for evaluation, and
criteria for re-evaluation.

The organization must maintain records of the results of evaluations and any necessary actions arising from the evaluation.

If we compare ISO 9001:2000 (old version) and ISO 9001:2008 (new version) there is no change in the requirements of clause 7.4.1.

Purchasing information
(Please refer to clause 7.4.2 of ISO 9001:2008)

Organization’s purchasing information must describe the product to be purchased. Where appropriate, following must be included in the purchasing information:
requirements for approval of product,
requirements for approval of procedures,
requirements for approval of processes,
requirements for approval of equipment,
requirements for qualification of personnel, and
any other quality management system requirements.

The organization must ensure adequacy of specified purchase requirements prior to their communication to the supplier.

If we compare ISO 9001:2000 (old version) and ISO 9001:2008 (new version) there is no change in the requirements of clause 7.4.2.

Verification of purchased product
(Please refer to clause 7.4.3 of ISO 9001:2008)

The organization must establish and implement the inspection and other activities necessary to ensure that purchased product meets specified purchase requirements.

Where the organization or its customer wishes to perform verification at supplier’s premises, the organization must state the intended verification arrangements and method of product release in the purchasing information.

If we compare ISO 9001:2000 (old version) and ISO 9001:2008 (new version) there is no change in the requirements of clause 7.4.3.

Production and service provision
(Please refer to clause 7.5 of ISO 9001:2008)

There are following clauses under this clause:
7.5.1 – Control of production and service provision
7.5.2 – Validation of processes for production and service provision
7.5.3 – Identification and traceability
7.5.4 – Customer property
7.5.5 – Preservation of product

Control of production and service provision
(Please refer to clause 7.5.1 of ISO 9001:2008)

The organization must plan and carry out production and service provision under controlled conditions. Controlled condition must include, as applicable, the following:
the availability of information about the product characteristics,
the availability of work instructions, as necessary,
the use of suitable equipment,
the availability and use of monitoring and measuring equipment,
the implementation of monitoring and measurement, and
the implementation of product release, delivery and post-delivery activities.

If we compare ISO 9001:2000 (old version) and ISO 9001:2008 (new version), the term ‘monitoring and measuring devices’ (mentioned in ISO 9001:2000 QMS Standard) has been replaced by the term ‘monitoring and measuring equipment’ (in ISO 9001:2008). It is now clearly mentioned in the new standard that release (mentioned in old version) is product release.

Validation of processes for production and service provision
(Please refer to clause 7.5.2 of ISO 9001:2008)

The organization must validate any processes for production and service provision where the resulting output cannot be verified by subsequent monitoring or measurement and, as a consequence, deficiencies become apparent only after the product is in use or the service has been delivered.

Validation must demonstrate the ability of these processes to achieve planned results.

The organization must establish arrangements for these processes including, as applicable, the following:
defined criteria for review of the processes,
defined criteria for approval of the processes,
approval of equipment,
approval of qualification of personnel,
use of specific methods and procedures,
requirements for records, and
revalidation.

If we compare ISO 9001:2000 (old version) and ISO 9001:2008 (new version), in clause requirement, there is editorial change and accordingly as per new version, the organization must validate any processes for production and service provision where the resulting output cannot be verified by subsequent monitoring and measurement and as a consequences deficiencies are known only after the product is in use or service has been delivered.

Identification and traceability
(Please refer to clause 7.5.3 of ISO 9001:2008)

Where appropriate, the organization must identify the product by suitable means throughout product realization process.

The organization must identify the product status with respect to monitoring and measurement requirements throughout product realization.

Where traceability is a requirement, the organization must control the unique identification of the product. The organization must also maintain such records.

Note at the end of the clause clarifies that in some industry sectors identification and traceability are maintained by configuration management.

If we compare ISO 9001:2000 (old version) and ISO 9001:2008 (new version), Para 2 of this sub-clause has been modified and organization needs to identify the product status with respect to monitoring and measurement requirements throughout product realization. In Para 3 of this sub-clause, there is slight modification in wordings and maintaining records is a requirement instead of just recording the unique identification of the product (as mentioned in ISO 9001:2000 QMS Standard). There is no change in the requirement to control the unique identification of the product, where traceability is a requirement.

Customer property
(Please refer to clause 7.5.4 of ISO 9001:2008)

The organization must exercise care with customer property while the customer property is under the control of the organization or being used by the organization. The organization must identify, verify, protect and safeguard customer property provided for use or incorporation into the product. If any customer property is lost, damaged or otherwise found to be unsuitable for use, the organization must report this to the customer and maintain records.

Note at the end of this clause clarifies that the customer property can include intellectual property and personal data.

If we compare ISO 9001:2000 (old version) and ISO 9001:2008 (new version), there is no change in the requirement and maintaining records has been made clearer in this sub-clause. There is editorial change in this sub-clause. A note at the end of sub clause 7.5.4 has been made clearer to include ‘personal data’ as customer property.

Preservation of product
(Please refer to clause 7.5.5 of ISO 9001:2008)

In order to maintain conformity to requirements, the organization must preserve the product during:
internal processing, and
delivery to the intended destination.

As applicable, preservation must include:
identification,
handling,
packaging,
storage, and
protection.

Preservation must apply to the constituent parts of a product.

If we compare ISO 9001:2000 (old version) and ISO 9001:2008 (new version), the terms ‘conformity to requirements’ and ‘as applicable’ have been added to provide more clarity. Accordingly, now as per ISO 9001:2008, the organization needs to preserve the product (earlier ISO 9001:2000 QMS Standard mentioned ‘the conformity of product’) during internal processing and delivery to the intended destination in order to maintain conformity to requirements. As applicable, preservation must include identification, handling, packaging, storage and protection. Preservation must also apply to the constituent parts of a product.

Control of monitoring and measuring equipment
(Please refer to clause 7.6 of ISO 9001:2008)

The organization must determine:
the monitoring and measurement to be undertaken, and
the monitoring and measuring equipment needed,
to provide evidence of conformity of product to determined requirements.

To ensure performing monitoring and measurement consistent with requirements the organization must establish processes.

Where necessary to ensure valid results, measuring equipment must:
be calibrated or verified, or both, at specified intervals, or prior to use, against measurement standards traceable to international or national measurement standards,
be adjusted or re-adjusted as necessary,
have identification in order to determine its calibration status, be safeguarded from adjustments that would invalidate the measurement results,
be protected from damage and deterioration during handling, maintenance and storage.

Where no international or national standards exist, the basis used for calibration or verification must be recorded.

The organization must also assess and record the validity of the previous measuring results when the equipment is found not to conform to requirements. The organization must take appropriate action on the equipment and any product affected.

The organization must maintain the results of calibration and verification.

When used in the monitoring and measurement of specified requirements, the ability of computer software to satisfy the intended application must be confirmed. This must be undertaken prior to initial use and reconfirmed as necessary.

Note at the end of this clause clarifies that confirmation of the ability of computer software to satisfy the intended application would typically include its verification and configuration management to maintain its suitability for use.

If we compare ISO 9001:2000 (old version) and ISO 9001:2008 (new version), we observe that the term ‘devices’ (of the old version) has been replaced by the term ‘equipment’ (in the new version). Thus the title of this clause is also revised. The requirement of this clause has been reworded to bring in more clarity. Reference to see 7.2.1 has been deleted. The words ‘or both,’ have been added after the words ‘be calibrated or verified,’ in clause 7.6 (a). In 7.6 (c), instead of ‘be identified to enable the calibration status to be determined’ (mentioned in ISO 9001:2000 QMS Standard) the requirement now says ‘have identification in order to determine its calibration status’ (in ISO 9001:2008). A new Para 5 in this clause has been made (in ISO 9001:2008) from the Para 4 of this clause (in ISO 9001:2000 QMS Standard), this Para 4 of ISO 9001:2000 QMS Standard is converted in two Para (Para 4 and Para 5) in ISO 9001:2008. Para 5 of this clause (in ISO 9001:2000 QMS Standard) is now Para 6 of this clause (in ISO 9001:2008). The note at the end of this clause (in ISO 9001:2000 QMS Standard) ‘See ISO 10012-1 and ISO 10012-2 for guidance’ has been deleted. Explanatory notes have been added at the end of this clause regarding the use of computer ‘software to satisfy the intended application typically includes its verification and configuration management to maintain its suitability for use.

Questions

What are the key changes in clause 7.1 (Planning of product realization) in ISO 9001?
What are the key changes in clause 7.2 (Customer related processes) in ISO 9001?
What are the key changes in clause 7.3 (Design and development) in ISO 9001?
What are the key changes in clause 7.4 (Purchasing) in ISO 9001?
What are the key changes in clause 7.5 (Production and service provision) in ISO 9001?
What are the key changes in clause 7.6 (Control of monitoring and measuring devices) in ISO 9001?

Note from the author

The author of this literature has used his skills and knowledge to his best capacity to provide relevant and the latest information. Utmost care has been taken to ensure correctness and accuracy of the contents. However, omissions and errors, if any, in this literature are regretted. Reader’s suggestion for improvement is welcomed. Readers are requested to send their frank opinion, comment, criticism and assessment of this literature.

The purpose of this literature is to create awareness. Standard document ISO 9001:2008 may be obtained from International Organization for Standardization (ISO) or any member organization of ISO. Readers are advised to have ISO 9001:2008 for reference purpose.

Understanding ISO 9001:2008 Quality Management System

2008-12-17T08:17:00.000-08:00

Understanding ISO 9001:2008 Quality Management System

Chapter – 5

RESOURCE MANAGEMENT

Author – K. R. Singhal

There are following clauses under this section:
6.1 – Provision of resources
6.2 – Human resources
6.3 – Infrastructure
6.4 – Work environment

Provision of resources
(Please refer to Clause 6.1 of ISO 9001:2008)

The organization must (i) determine, and (ii) provide the following:
resources needed to implement the QMS,
resources needed to continually improve the QMS, and
resources needed to enhance customer satisfaction by meeting customer requirements

If we compare ISO 9001:2000 (old version) and ISO 9001:2008 (new version) there is no change in the requirements of clause 6.1.

Human resources
(Please refer to Clause 6.2 of ISO 9001:2008)

There are following sub-clauses in this clause:
6.2.1 – General
6.2.2 – Competence, training and awareness

General
(Please refer to Clause 6.2.1 of ISO 9001:2008)

In an organization, personnel perform work affecting conformity to product requirements, and such personnel must be competent on the basis of appropriate education, training, skills and experience.

Note mentioned at the end of clause 6.2.1 of ISO 9001:2008 clarifies that conformity to product requirements can be affected directly or indirectly by personnel performing any task within the QMS.

Competence, training and awareness
(Please refer to Clause 6.2.2 of ISO 9001:2008)

The organization must:
determine the necessary competence for personnel (who perform work affecting conformity to product requirements),
provide training to personnel or take other actions, where applicable, so that such personnel achieve the necessary competence,
evaluate the effectiveness of the actions taken,
ensure that the personnel of the organization are aware of the relevance and importance of the activities of the organization,
ensure that how personnel of the organization contribute to the achievement of the quality objectives, and
maintain appropriate records of education, training, skills and experience

If we compare ISO 9001:2000 (old version) and ISO 9001:2008 (new version), we find that in sub clause 6.2.1 and 6.2.2, the words ‘product quality’ have been replaced by ‘conformity to product requirements.’ Although the old version also requires the importance of competence, but now new version makes it more clear that the personnel performing work affecting conformity to product requirements must be competent and the organization needs to determine the necessary competence for personnel performing work affecting conformity to product requirements. Sub-clause 6.2.2 (b) now states that ‘where applicable’ training needs to be provided to achieve the ‘necessary competence’. The wordings of clause title of sub-clause 6.2.2 ‘Competence, awareness and training’ (in ISO 9001:2000 Standard) has been reframed as ‘Competence, training and awareness’ in ISO 9001:2008.

A note is added after sub clause 6.2.1 mentioning that product requirement may be affected directly or indirectly by personnel performing any task within the quality management system.

Infrastructure
(Please refer to Clause 6.3 of ISO 9001:2008)

The organization must determine the infrastructure needed to achieve conformity to product requirements and the organization must provide and maintain such infrastructure as determined.

Infrastructure (as applicable) includes the following:
buildings,
workspace,
associated utilities,
hardware process equipment,
software process, and
supporting services

Supporting services include transport, communication and information systems.

If we compare ISO 9001:2000 (old version) and ISO 9001:2008 (new version), we find that in sub clause 6.3 (c), information systems has been included in the supporting services in the new version. In the old version, the term infrastructure includes building, workspaces, equipment, software, utilities, and support services such as transportation and communication. The new version has added information systems to the previous list of support services.

Work environment
(Please refer to Clause 6.4 of ISO 9001:2008)

The organization must determine the work environment needed to achieve conformity to product requirement and the organization must manage such work environment.

Note mentioned at the end of clause 6.4 of ISO 9001:2008 clarifies that the term ‘work environment’ relates to those conditions under which work is performed. Such conditions include physical, environmental and other factors, such as noise, temperature, humidity, lighting or weather.

If we compare ISO 9001:2000 (old version) and ISO 9001:2008 (new version), we find that there is no change in the requirement of this clause; however a note has been added to make clearer the conditions under which the work is performed. The new version states that the term work environment refers to working conditions. These working conditions include physical, environmental and other factors such as noise, temperature, humidity, lighting, weather.

Questions

What are the key changes in clause 6.1 (Provision of resources) in ISO 9001?
What are the key changes in clause 6.2 (Human resources) in ISO 9001?
What are the key changes in clause 6.3 (Infrastructure) in ISO 9001?
What are the key changes in clause 6.4 (Work environment) in ISO 9001?

Note from the author

The author of this literature has used his skills and knowledge to his best capacity to provide relevant and the latest information. Utmost care has been taken to ensure correctness and accuracy of the contents. However, omissions and errors, if any, in this literature are regretted. Reader’s suggestion for improvement is welcomed. Readers are requested to send their frank opinion, comment, criticism and assessment of this literature.

The purpose of this literature is to create awareness. Standard document ISO 9001:2008 may be obtained from International Organization for Standardization (ISO) or any member organization of ISO. Readers are advised to have ISO 9001:2008 for reference purpose.

Understanding ISO 9001:2008 Quality Management System

2008-12-16T03:00:00.000-08:00

Understanding ISO 9001:2008 Quality Management System

Chapter – 4

MANAGEMENT RESPONSIBILITY

Author – K. R. Singhal

There are following clauses under this section:
5.1 – Management commitment
5.2 – Customer focus
5.3 – Quality policy
5.4 – Planning
5.5 – Responsibility, authority and communication
5.6 – Management review

Management commitment
(Please refer to Clause 5.1 of ISO 9001:2008)

Top management must provide evidence of its commitment to the following:
development of the QMS
implementation of the QMS, and
continually improving the effectiveness of the QMS

Top management must provide such evidence of the above by the following:
communicating the importance of meeting customer and legal requirements to the organization (employees and people working on behalf of the organization)
establishing the quality policy (please refer to clause 5.3 of ISO 9001:2008 for requirements of quality policy)
ensuring that quality objectives are established (please refer to clause 5.4.1 of ISO 9001:2008 for requirements of quality objectives)
conducting management reviews (please refer to clause 5.6 of ISO 9001:2008 for requirements of management review), and
ensuring the availability of resources (please refer to clause 6 of ISO 9001:2008 for requirements of resource management

If we compare ISO 9001:2000 (old version) and ISO 9001:2008 (new version) there is no change in the requirements of clause 5.1.

Customer focus
(Please refer to Clause 5.2 of ISO 9001:2008)

Top management must ensure the following with the aim of enhancing customer satisfaction:
that customer requirements are determined, and
that customer requirements are met

In this connection, please refer to clause 7.2.1 of ISO 9001:2008 for determination of requirements related to the product and clause 8.2.1 of ISO 9001:2008 for requirements of customer satisfaction.

If we compare ISO 9001:2000 (old version) and ISO 9001:2008 (new version) there is no change in the requirements of clause 5.2.

Quality policy
(Please refer to Clause 5.3 of ISO 9001:2008)

Top management must ensure the following:
The quality policy is appropriate to the purpose of the organization,
The quality policy includes a commitment to comply with requirements,
The quality policy includes a commitment to continually improve the effectiveness of the QMS,
The quality policy provides a framework for establishing quality objectives.
The quality policy provides a framework for reviewing quality objectives.
The quality policy is communicated within the organization.
The quality policy is understood within the organization.
The quality policy is reviewed for continuing suitability.

If we compare ISO 9001:2000 (old version) and ISO 9001:2008 (new version) there is no change in the requirements of clause 5.3.

Planning
(Please refer to Clause 5.4 of ISO 9001:2008)

There are following two sub-clauses in this clause:
1.4.1 – Quality objectives
1.4.2 – Quality management system planning

Quality objectives
(Please refer to Clause 5.4.1 of ISO 9001:2008)

Top management must ensure that quality objectives (including those objectives needed to meet requirements for product) are established within the organization at (i) relevant functions, and (ii) relevant levels.

The quality objectives must be:
measurable, and
consistent with quality policy

Quality management system planning
(Please refer to Clause 5.4.2 of ISO 9001:2008)

Top management must ensure the following:
That the planning of the QMS is carried out in order to meet the general requirements mentioned in clause 4.1 of ISO 9001:2008.
That the planning of the QMS is carried out in order to meet the quality objectives.
That the integrity of the QMS is maintained when changes to the QMS are planned.
That the integrity of the QMS is maintained when planned changes to QMS are implemented.

If we compare ISO 9001:2000 (old version) and ISO 9001:2008 (new version) there is no change in the requirements of clause 5.4.1 and clause 5.4.2.

Responsibility, authority and communication
(Please refer to Clause 5.5 of ISO 9001:2008)

There are following three sub-clauses in this clause:
5.5.1 – Responsibility and authority
5.5.2 – Management representative
5.5.3 – Internal communication

Responsibility and authority
(Please refer to Clause 5.5.1 of ISO 9001:2008)

Top management must ensure to define responsibilities and authorities. Top management must ensure to communicate the defined responsibilities and authorities within the organization.

If we compare ISO 9001:2000 (old version) and ISO 9001:2008 (new version) there is no change in the requirements of clause 5.5.1.

Management representative
(Please refer to Clause 5.5.2 of ISO 9001:2008)

Top management must appoint a member of the organization’s management as management representative. The management representative, irrespective of other responsibilities, must have responsibility and authority including the following:
to ensure that processes needed for the QMS are established
to ensure that processes needed for the QMS are implemented
to ensure that processes needed for the QMS are maintained
to report to the top management of the organization on the performance of the QMS
to report to the top management of the organization on any need for improvement in the QMS
to ensure promotion of awareness of customer requirements throughout the organization

It has been clarified in the note given at the end of this clause that the responsibility a management representative can include liaison with external parties on matters relating to the QMS.

If we compare ISO 9001:2000 (old version) and ISO 9001:2008 (new version), clause 5.5.2 is modified with clarity that member of the organization’s own management must be appointed as a management representative. The old version allowed organization to appoint any member of management to manage organization’s quality management system. It did not clearly mention that the management representative must be a member of the organization’s own management; as such there were instances where organizations had appointed outsiders as management representatives. Now this is clear that the management representative must be member of organization’s own management.

Internal communication
(Please refer to Clause 5.5.3 of ISO 9001:2008)

Top management must ensure that appropriate communication processes are established within the organization. Top management must ensure that communication takes place within the organization regarding the effectiveness of the QMS.

If we compare ISO 9001:2000 (old version) and ISO 9001:2008 (new version) there is no change in the requirements of clause 5.5.3.

Management review
(Please refer to Clause 5.6 of ISO 9001:2008)

There are following three sub-clauses in this clause:
5.6.1 – General
5.6.2 – Review input
5.6.3 – Review output

General
(Please refer to Clause 5.6.1 of ISO 9001:2008)

Top management must review the organization’s QMS at planned intervals (as decided by the organization) to ensure:
continuing suitability of the QMS
continuing adequacy of the QMS, and
continuing effectiveness of the QMS

The management review of the QMS must include the following:
assessing opportunities for improvement to the QMS, and
need for changes to the QMS, including the quality policy and quality objectives

The organization must maintain records from management review.

If we compare ISO 9001:2000 (old version) and ISO 9001:2008 (new version) there is no change in the requirements of clause 5.6.1.

Review input
(Please refer to Clause 5.6.2 of ISO 9001:2008)

The input to management review, carried out by the top management, must include information on the following:
results of audits (external as well as internal)
customer feedback
process performance
product conformity
status of preventive actions
status of corrective actions
follow-up actions from previous management reviews
changes that could affect the QMS, and
recommendations for improvement

If we compare ISO 9001:2000 (old version) and ISO 9001:2008 (new version) there is no change in the requirements of clause 5.6.2.

Review output
(Please refer to Clause 5.6.3 of ISO 9001:2008)

The output of the management review, carried out by the top management, must include any decisions and actions related to the following:
Improvement of the effectiveness of the QMS
Improvement of the effectiveness of the processes of the organization
Improvement of product related to customer requirements, and
Resources needs of the organization

If we compare ISO 9001:2000 (old version) and ISO 9001:2008 (new version) there is no change in the requirements of clause 5.6.3.

Questions

What are the key changes in clause 5.1 (Management commitment) in ISO 9001?
What are the key changes in clause 5.2 (Customer focus) in ISO 9001?
What are the key changes in clause 5.3 (Quality policy) in ISO 9001?
What are the key changes in clause 5.4 (Planning) in ISO 9001?
What are the key changes in clause 5.5 (Responsibility, authority and communication) in ISO 9001?
What are the key changes in clause 5.6 (Management review) in ISO 9001?
Whether an outside personnel or QMS expert can be appointed Management Representative as per ISO 9001:2008?

Note from the author

The author of this literature has used his skills and knowledge to his best capacity to provide relevant and the latest information. Utmost care has been taken to ensure correctness and accuracy of the contents. However, omissions and errors, if any, in this literature are regretted. Reader’s suggestion for improvement is welcomed. Readers are requested to send their frank opinion, comment, criticism and assessment of this literature.

The purpose of this literature is to create awareness. Standard document ISO 9001:2008 may be obtained from International Organization for Standardization (ISO) or any member organization of ISO. Readers are advised to have ISO 9001:2008 for reference purpose.

Understanding ISO 9001:2008 Quality Management System

2008-12-08T09:11:00.001-08:00

Understanding ISO 9001:2008 Quality Management System

Chapter – 3

QUALITY MANAGEMENT SYSTEM – GENERAL AND DOCUMENTATION REQUIREMENTS

Author – K. R. Singhal

There are following clauses under this section:
4.1 – General requirements
4.2 – Documentation requirements

General requirements
(Please refer to Clause 4.1 of ISO 9001:2008)

The organization is required to carry out the following in accordance with the requirements of ISO 9001:2008 Standard:
establish a QMS
document a QMS
implement a documented QMS
maintain a established and documented QMS
continually improve effectiveness of the QMS

The organization must determine the processes needed for the QMS and their application throughout the organization. In this connection please see Clause 1.2 of ISO 9001:2008, which deals with the application of ISO 9001:2008.

The word ‘identify’ (mentioned in ISO 9001:2000) has been replaced by the word ‘determine’ in the new version. Accordingly, as per ISO 9001:2008 now the organization needs to determine (instead of identify) the processes needed for the quality management system and their application throughout the organization. After the word ‘measure’ the term ‘(where applicable)’ is added. Accordingly, as per ISO 9001:2008, organization needs to monitor, measure (where applicable), and analyze these processes.

The organization must determine the sequence and interaction of such processes (which are determined by the organization and needed for the QMS).

The organization must determine criteria and methods needed to ensure the effectiveness of operation and control of such determined processes.

The organization must:
monitor such determined processes
measure (where applicable) such determined processes, and
analyze such determined processes

The organization must implement actions necessary to achieve planned results and continual improvement of such determined processes.

Such determined processes must be managed by the organization in accordance with the requirements of ISO 9001:2008.

Where any process that affects product conformity to requirements and an organization chooses to outsource such process, the organization must ensure control over such process. The organization must define within the QMS:
the type of control to be applied to such outsourced processes, and
the extent of control to be applied to such outsourced processes

Three notes have been mentioned at the end of this clause in ISO 9001:2008, clarifying (i) processes needed for the QMS, (ii) an outsourced process, and (iii) responsibility of the organization. Accordingly,
Processes needed for the QMS include (a) processes for management activities, (b) processes for provision of resources, (c) processes for product realization, and (d) processes for measurement, analysis and improvement.
An outsourced process is identified as the process being needed for the QMS of the organization and such process being chosen to be performed by an external party.
Ensuring control over outsourced processes does not absolve the organization of the responsibility to fulfill all customer and legal requirements. The type and extent of control to be applied to the outsourced process may be influenced by various factors and ISO 9001:2008 mentions examples of such factors including (a) the potential impact of the outsourced process on the capability of the organization to provide product. (Here the product is the product that conforms to requirements.) (b) the degree to which the control for the process is shared (c) the capability of achieving the necessary control through the application of clause 7.4. (Clause 7.4 deals with the requirements of purchasing.)

The process approach is having the central approach to ISO 9001:2008 QMS Standard and we have observed that during the last few years, outsourcing activity has increased in organization, so the new version has expanded its requirements for outsourced processes. The new version (ISO 9001:2008 Standard) states a message clearly that an outsourced process is part of organization’s quality management system, even though it is performed by a party external to the organization. The new version (ISO 9001:2008 Standard) also states a message to think carefully about how the organization is going to control outsourced processes.

Additional requirement, the type and extent of control to be applied to outsourced processes need to be defined by the organization within the quality management system, has been added, in the new version. In the first note of this clause, there have been editorial changes. The word ‘should’ (as mentioned in ISO 9001:2000 Standard) has been deleted and after the words ‘…product realization and measurement’ (as mentioned in ISO 9001:2000 Standard), the words ‘, analysis and improvement’ have been added in ISO 9001:2008. Two additional notes (Note 2 and Note 3) have been given in ISO 9001:2008. These additional notes provide more explanation about outsourcing and nature of control to be applied to the outsourced process. According to Note 2 of this clause, an outsourced process is identified as one being needed for the quality management system of the organization, but such process is chosen to be performed by a party external to the organization. Note 3 of this clause clarify the following:
It is the responsibility of the organization to conform to all requirements (related to customer, statutory and regulatory requirements) and ensuring control over outsourced processes does not absolve the organization of the responsibility of conformity to all such requirements.
The type and extent of control to be applied to the outsourced process may be influenced by many factors.

ISO 9001:2008 mentions the factors that influence the type and extent of control and these include:
The potential impact of the outsourced process on the organization’s capability to provide product. Here product is that which conforms to requirements.
The degree to which the control for the process is shared.
The capability of achieving the necessary control through the application of requirements mentioned in clause 7.4 (Purchasing).

Thus, this clause clarifies requirements with regard to outsourced process clearly and now it is the intention of ISO 9001:2008 that control on outsourced organization and its processes must be included in the quality management system of the organization.

Documentation requirements
(Please refer to Clause 4.2 of ISO 9001:2008)

There are following four sub-clauses in this clause:
4.2.1 – General
4.2.2 – Quality manual
4.2.3 – Control of documents
4.2.4 – Control of records

General
(Please refer to Clause 4.2.1 of ISO 9001:2008)

The QMS documentation must include the following:
documented statement of a quality policy
documented statement(s) of quality objectives
a quality manual
documented procedures required by ISO 9001:2008
records required by ISO 9001:2008
Documents and records (determined by the organization to be necessary to ensure effective planning, operation and control of the processes of the organization)

Three notes have been mentioned at the end of this clause, clarifying (i) documented procedure (ii) the extent of QMS documentation difference, (iii) medium of documentation. Accordingly,
The term ‘documented procedure’ (in ISO 9001:2008) means that the procedure is established, documented, implemented and maintained. It is also clarified that a single document may address the requirements for one or more procedures. Further clarified that a requirement for a documented procedure may be covered by more than one document.
The extent of QMS documentation may differ from one organization to another organization due to (i) the size of the organization, (ii) type of activities of the organization, (iii) the complexity of the processes of the organization, (iv) the interaction of the processes of the organization, and (v) competence of personnel of the organization.
The QMS documentation may be in any form or type of medium.

This clause wordings (in the new version) are reframed, however, having same meaning as stated in ISO 9001:2000, such as –
(i) Quality management System documentation includes records.
(ii) The documents required may be combined.
(iii) The requirements of the standard (ISO 9001) may be covered by more than one document.
(iv)The organization may have a single document for multiple procedures or multiple documents for various requirements of the document procedures (Note 1 of the sub clause is expanded in ISO 9001:2008)

In this sub-clause the word ‘needed’ (mentioned in ISO 9001:2000 Standard) has been replaced by the word ‘determined’ (in ISO 9001:2008). Accordingly, as per ISO 9001:2008, the quality management system documentation of an organization must include the following:
documented statement of quality policy,
documented statement of quality objectives,
a quality manual,
documented procedures and records required by ISO 9001:2008,
documents, including records, determined by the organization, which are necessary to ensure effective planning, operation and control of processes of the organization.

The new version (ISO 9001:2008 Standard) has expanded the definition of documentation to include all QMS processes records.

In Note 1 of this sub-clause (4.2.1), following have been additionally clarified:
That a single document may address the requirements for one procedure or more procedures.
That a requirement for a documented procedure may be covered by more than one document.

Quality manual
(Please refer to Clause 4.2.2 of ISO 9001:2008)

The organization must establish and maintain a quality manual. The quality manual must include:
the scope of the QMS (with details of justification for any exclusions claimed by the organization as per clause 1.2 of ISO 9001:2008)
the documented procedures established for the QMS, or reference to such documented procedures, and
a description of the interaction between the processes of the QMS.

According to Clause 1.2 of ISO 9001:2008, all requirements of ISO 9001:2008 are generic and these requirements are meant to be applicable to all organization regardless of:
type of the organization,
size of the organization, and
product provided by the organization

Where any requirement or requirements of ISO 9001:2008 cannot be applied due to the nature of an organization and product of the organization, such requirement or requirements can be considered for exclusion.

Where exclusion are made, such exclusions are limited to requirements within clause 7 of ISO 9001:2008 and such exclusions must not affect the organization’s ability, or responsibility, to provide product that meets customer and applicable legal requirements, otherwise claims of conformity to ISO 9001:2008 are not acceptable.

If we compare ISO 9001:2000 (old version) and ISO 9001:2008 (new version) there is no change in the requirements of clause 4.2.2.

Control of documents
(Please refer to Clause 4.2.3 of ISO 9001:2008)

The organization must control documents required by the QMS. Records are a special type of document. The organization must control records as per requirements mentioned in clause 4.2.4 (Control of records) of ISO 9001:2008.

The organization must establish a documented procedure to define control of documents. Such documented procedure must include:
controls needed to approve documents for adequacy prior to issue of such documents
controls needed to review documents
controls needed to update documents, as necessary
controls needed to re-approve documents
controls needed to ensure that changes of documents are identified
controls needed to ensure that the current revision status of documents are identified
controls needed to ensure that relevant versions of applicable documents are available at point of use
controls needed to ensure that documents remain legible
controls needed to ensure that documents remain readily identifiable
controls needed to ensure that documents of external origin determined by the organization to be necessary for the planning and operation of the QMS are identified
controls needed to ensure distribution control of documents of external origin determined by the organization to be necessary for the planning and operation of the QMS
controls needed to prevent the unintended use of obsolete documents
controls needed to apply suitable identification to obsolete documents if they are retained for any purpose

In this sub clause, the requirements on control of external origin documents have been mentioned to give more clarity. External documents referred to are those needed for use in the quality management system. Now the organization needs to ensure identification and distribution control of documents of external origins determined by the organization to be necessary for the planning and operation of the quality management system. The old version (ISO 9001:2000) had the impression that all external documents needed to be identified and controlled. The new version (ISO 9001:2008 Standard) has clarified that the organization needs to identify and control the distribution of only those external documents that the organization needs to plan and operate organization’s quality management system. We can now say that only relevant external QMS documents need to be controlled, not all of them.

Control of records
(Please refer to Clause 4.2.4 of ISO 9001:2008)

The organization must control records established to provide evidence of conformity to requirements and of the effective operation of the QMS.

The organization must establish a documented procedure to define control of records. Such documented procedure must include:
controls needed for the identification of records
controls needed for storage of records
controls needed for protection of records
controls needed for retrieval of records
controls needed for retention of records
controls needed for disposition of records

The records must remain:
legible
readily identifiable, and
retrievable

There are editorial changes in this clause and requirements of this clause significantly reduced in length but requirements remain unchanged.

Questions

What are the key changes in clause 4.1 (Quality management system – General) in ISO 9001?
How many additional notes have been provided to clause 4.1 (Quality management system – General) in ISO 9001:2008?
What factors influence type and extent of control to be applied to the outsource process as per ISO 9001:2008?
What are the key changes in clause 4.2.1 (Documentation requirements – General) in ISO 9001?
Whether an organization may have a single document for multiple procedures as per ISO 9001:2008?
What are the key changes in clause 4.2.2 (Documentation requirements – Quality manual) in ISO 9001?
What are the key changes in clause 4.2.3 (Documentation requirements – Control of documents) in ISO 9001?
What are the key changes in clause 4.2.4 (Documentation requirements – Control of records) in ISO 9001?

Note from the author

The author of this literature has used his skills and knowledge to his best capacity to provide relevant and the latest information. Utmost care has been taken to ensure correctness and accuracy of the contents. However, omissions and errors, if any, in this literature are regretted. Reader’s suggestion for improvement is welcomed. Readers are requested to send their frank opinion, comment, criticism and assessment of this literature.

The purpose of this literature is to create awareness. Standard document ISO 9001:2008 may be obtained from International Organization for Standardization (ISO) or any member organization of ISO. Readers are advised to have ISO 9001:2008 for reference purpose.

2008-12-08T03:28:00.001-08:00

Understanding ISO 9001:2008 Quality Management System

Chapter 2

SCOPE, NORMATIVE REFERENCE, TERMS AND DEFINITIONS

Author – K. R. Singhal

Clause 1 (Scope) – Sub clause 1.1 (General) and Sub Clause 1.2(Application) – It is mentioned in ISO 9001:2008 that product also includes intermediate product. The phrase ‘regulatory requirements’ of ISO 9001:2000 Standard has been replaced by the phrase ‘statutory and regulatory requirements’ in ISO 9001:2008, thus making the requirement of this clause more clearly in meaning.

The note, the term ‘product’ applies to the product intended for a customer or required by a customer, of ISO 9001:2000 QMS Standard has been expanded in ISO 9001:2008 and now according to ISO 9001:2008, the term ‘product’ in ISO 9001:2008 means the following:
product intended for a customer, or product required by a customer,
any intended output resulting from the product realization processes

An additional note (Note 2) has been added in ISO 9001:2008 that states statutory and regulatory requirements may be expressed as legal requirements. Accordingly, Legal requirements = Statutory requirements + Regulatory requirements

ISO 9001:2008 QMS Standard mentions requirements for a quality management system, where an organization needs to demonstrate its ability to consistently provide product, and aims to enhance customer satisfaction. Here the product that meets customer requirements, and applicable legal requirements (= applicable statutory and regulatory requirements). The customer satisfaction can be enhanced by
the effective application of the ISO 9001:2008 QMS, including processes for continual improvement of the system, and
the assurance of conformity to customer requirements and applicable legal requirements (= applicable statutory and regulatory requirements).

All requirements of ISO 9001:2008 Standard are generic. All requirements of this standard can be applied to all organizations, regardless of their type, their size and product they provide.

Where any requirement / requirements of ISO 9001:2000 QMS Standard (within clause 7) can not be applied due to the nature of an organization and its product, the same can be considered for exclusion, however such exclusion must not affect the organization’s ability, or responsibility, to provide product/service that meets customers requirements and applicable legal requirements.

Clause 2 (Normative reference) – There has been editorial changes in this clause. Now ISO 9001:2008 refers to ISO 9000:2005 Standard as normative reference document, instead of ISO 9000:2000 Standard as mentioned in ISO 9001:2000 QMS Standard. It has been mentioned in ISO 9001:2008 that the reference documents are indispensable for the application of ISO 9001:2008 QMS Standard and for dated references only the edition cited applies and for undated references the latest edition of the referenced document (including any amendments) applies.

Accordingly, on going through the requirements of ISO 9001:2008 QMS Standard, we notice that following reference documents have been mentioned in the Standard:
ISO 9000:2005, Quality management systems – Fundamental and vocabulary
ISO 19011 – Latest edition – Guidelines for quality and/or environmental management systems auditing

Clause 3 (Terms and definitions) – The explanation of who the ‘customer’, ‘organization’ and ‘supplier’ are (as mentioned in ISO 9001:2000 QMS Standard), has been removed in the ISO 9001:2008 QMS Standard.

It is stated that the terms and definitions mentioned in ISO 9000 are applicable for the requirements of ISO 9001:2008 QMS Standard. It is also mentioned that the product also mean ‘service’. Accordingly, the term ‘product’ in ISO 9001:2008 means the following:
Product/service intended for a customer, or product/service required by a customer,
any intended output resulting from the product realization processes

Questions

What are the key changes in clause 1 (Scope) of ISO 9001?
What does the product mean in ISO 9001:2008?
What are the key changes in clause 2 (Normative reference) of ISO 9001?
Which version of ISO 9000 Standard is referred as normative reference document in ISO 9001:2008?
What are the key changes in clause 3 (Terms and definitions) of ISO 9001?
What are reference-documents mentioned in ISO 9001:2008 QMS Standard?

Note from the author

The author of this literature has used his skills and knowledge to his best capacity to provide relevant and the latest information. Utmost care has been taken to ensure correctness and accuracy of the contents. However, omissions and errors, if any, in this literature are regretted. Reader’s suggestion for improvement is welcomed. Readers are requested to send their frank opinion, comment, criticism and assessment of this literature.

The purpose of this literature is to create awareness. Standard document ISO 9001:2008 may be obtained from International Organization for Standardization (ISO) or any member organization of ISO. Readers are advised to have ISO 9001:2008 for reference purpose.

Understanding ISO 9001:2008 Quality Management System

2008-12-07T21:42:00.000-08:00

Understanding ISO 9001:2008 Quality Management System

Chapter – 1

ISO 9001: 2008 – Introduction

Author – K. R. Singhal

Revised ISO 9001:2008 International Standards has been issued and published, after voting by ISO members, on 15 November 2008. Changes are mostly editorial giving more clarity to the right interpretation of requirements. Users (such as, organizations implementing ISO 9001 QMS, QMS auditors, etc.) will find the new standard useful for right interpretation of the standard’s requirements.

If we read old as well as new standards, we find that ISO 9001:2008 And ISO 9001:2000 use the same numbering system to organize the standard.

In the forward of the ISO 9001:2008, it has been mentioned that international standards are drafted in accordance with the ISO/IEC Directives Part 2. Earlier international standards were being drafted in accordance with the ISO/IEC Directives Part 3. ISO 9001 QMS Standard was first published in 1987, and then was revised in the year 1994 and 2000 respectively. ISO 9001:2000 Standard was the third edition of ISO 9001 QMS. ISO 9001:2008 is now the forth edition of this Standard and it cancels and replaces the third edition of ISO 9001 QMS Standard.

Para 0.1 (General) of the ISO 9001:2000 states: “…..The design and implementation of an organization’s quality management system is influenced by varying needs, particular objectives the products provided, the processes employed and the size and structure of the organization……..” ISO 9001:2008 clarifies that design and implementation of an organization’s quality management system is influenced by organization’s business environment, changes in that business environment or risks associated with that business environment, its varying needs, organization’s particular objectives, the products the organization provides, the processes the organization employs, and the size and structure of the organization. Statement of where and who can use the standard now includes statutory requirements as well as regulatory and clarifies that these requirements are restricted to those applicable to the product. Accordingly, ISO 9001:2008 QMS Standard can be used by internal and external parties (including certification bodies). With the use of ISO 9001:2008 QMS Standard internal and external parties (including certification bodies) can assess the organization’s ability to meet following requirements:
customer requirements applicable to the product,
statutory and regulatory requirements applicable to the product, and
the organization’s own requirements.

The text of Para 0.2 (Process approach) is modified and it is emphasized in ISO 9001:2008 the importance of process being capable of achieving desired output. If we compare the language of 2008 version with 2000 version, we find that the word ‘identify’ has been replaced by ‘determine’ and with the term ‘an activity’ the term ‘or set of activities’ has been added. As such, there is no change in the intent, but the meaning is more clarified by the revision. ISO 9001:2000 Standard mentions the meaning of the term ‘process approach’ as the application of a system of processes within an organization, together with the identification and interactions of these processes, and their management. Now, words ‘to produce the desired output’ have been added to the word ‘management’ and ISO 9001:2008 refers to ‘process approach’ as the application of a system of processes within an organization, together with the identification and interactions of these processes, and their management to produce the desired outcome.

Para 0.3 (Relationship with ISO 9004) – There is editorial change in the contents of this Para and a clarification by adding a note, that ISO 9004 Standard is under revision at the time of publication of ISO 9001:2008 QMS Standard, has been mentioned. A sentence mentioned in this Para of ISO 9001:2000 QMS Standard has also been deleted in ISO 9001:2008 QMS Standard. Accordingly, ISO 9001:2008 QMS Standard does not mentions that ISO 9001 and ISO 9004 Standards have different scopes; these standards have similar structures in order to assist their application as a consistent pair.

Para 0.4 (Compatibility with other management systems) – Now it has been mentioned that during the development of ISO 9001:2008 QMS Standard, due consideration was given to ISO 14001:2004 EMS to enhance the compatibility of ISO 9001 and ISO 14001 Standards. Earlier in ISO 9001:2000 QMS Standard, it was mentioned that ISO 9001 has been aligned with ISO 9001:1996, which has been deleted in ISO 9001:2008.

Questions

When ISO 9001:2008 Standard was published?
Is the 2008 version of ISO 9001 the third edition or fourth edition?
What are key changes in Para 0.1 (General) of ISO 9001?
What are key changes in Para 0.2 (Process approach) of ISO 9001?
What are key changes in Para 0.3 (Relationship with ISO 9004) of ISO 9001?
What are the key changes in Para 0.4 (Compatibility with other management systems) in ISO 9001?

Note from the author

The author of this literature has used his skills and knowledge to his best capacity to provide relevant and the latest information. Utmost care has been taken to ensure correctness and accuracy of the contents. However, omissions and errors, if any, in this literature are regretted. Reader’s suggestion for improvement is welcomed. Readers are requested to send their frank opinion, comment, criticism and assessment of this literature.

The purpose of this literature is to create awareness. Standard document ISO 9001:2008 may be obtained from International Organization for Standardization (ISO) or any member organization of ISO. Readers are advised to have ISO 9001:2008 for reference purpose.

ISO 9001:2008 QMS Awareness - Training / Seminar

2008-12-07T09:29:00.000-08:00

NCQM/ AJM / KRS/ ISO 9001:2008

Seminar Invitation

"ISO 9001:2008 QMS Awareness"

Advise any date for the Seminar as per your convenience; however, we need at least ten days prior information for confirming the nomination.

ISO 9000 series standards were first published in 1987 and minor revision took place in 1994. In the year 2000, there was a major revision. Accordingly, ISO 9000:2000 series standards were published on 15 December 2000. Now the Standard has been revised and ISO 9001:2008 Standard has been published on 15 November 2008.

Our seminar will provide you an opportunity to understand, discuss and interact with the faculty about the changes and interpretation ISO 9001:2008 QMS Standard.

Who should attend the seminar?

Management Representatives

Executives / Personnel involved in ISO 9001:2000 QMS implementation

Internal auditors carrying out ISO 9001:2000 QMS internal audit

Benefits of the Seminar

Ready for the changes by understanding the requirements more clearly

Knowledge improvement

Faculty

K. R. Singhal

(Profile may be seen at http://www.krsinghal.com/)

Contents

Pre-seminar Questionnaire

Current ISO 9000 series family

Review Process (Why revision needed?)

changes

Impact on other standards

Next Step – What to do and how to improve QMS?

Increasing the power of QMS: Performance excellence through continual improvement

Post-seminar Questionnaire-cum-feedback

For other deatils, confirmation of nomination and date, please send your nomination to ncqmajmer@gmail.com

Please visit http://www.ncqmajmer.com/

http://www.ncqmajmer.blogspot.com/

http://www.ncqm.com/

Organizers

National Centre for Quality Management, Ajmer Centre· National Centre for Quality Management (NCQM) was established in 1985 by a group of enlightened industrialists and professionals to spread the culture of quality in Indian economy।A Not-for-profit premier professional organization engaged in dispensing quality related services to various sectors of Industry through seminars, training, education, publication, research and advisory services।NCQM has already conducted more than 1000 programmes and seminars related to Quality management, Environment Management, Occupational Health & Safety Management and HR related areas।NCQM has its Headquarters in Mumbai and Extension Centres at Ajmer, Gurgaon, Navi Mumbai, Pune and Rajkot· The organizers NCQM Ajmer Centre is involved in training, advisory and publication activities since August 2000.