ISO 9000 Training: 2009

Thursday, December 31, 2009

ISO 9000

Every organization would like to improve the way it operates, whether that means increasing market share, driving down costs, managing risk more effectively or improving customer satisfaction. A quality management system gives you the framework you need to monitor and improve performance in any area you choose.

ISO 9001 is by far the world’s most established quality framework, currently being used by around 897,000 organizations in 170 countries worldwide, and sets the standard not only for quality management systems, but management systems in general.

It helps all kinds of organizations to succeed through improved customer satisfaction, staff motivation and continual improvement.

ISO 9000 series of standards

ISO 9001 is one of a series of quality management system standards. It can help bring out the best in your organization by enabling you to understand your processes for delivering your products/services to your customers. The ISO 9001 series of standards consist of:

ISO 9000 – Fundamentals and Vocabulary: this introduces the user to the concepts behind the management systems and specifies the terminology used.
ISO 9001 – Requirements: this sets out the criteria you will need to meet if you wish to operate in accordance with the standard and gain certification.
ISO 9004 – Guidelines for performance improvement: based upon the eight quality management principles, these are designed to be used by senior management as a framework to guide their organizations towards improved performance by considering the needs of all interested parties, not just customers.

Wednesday, December 23, 2009

Develop Quality Management System Documentation In ISO 9000 Standards

What Should Be Documented In Quality Management System?

Clause 4.2.1 in ISO 9000 Standards requires quality management system documentation to include 5 types
of document:
(a) Quality policy and objectives
(b) Quality manual
(c) Documented procedures
(d) Documents needed to ensure the effective planning, operation and control of processes
(e) Records
Other than the requirements in clause 4 for documentation, there are 14 other references requiring documentation. These are as follows:
(a) The output of the planning
(b) The quality manual
(c) A documented procedure for document control
(d) A documented procedure for the identification, storage, retrieval, protection, retention time and disposition of records.
(e) Planning of the realization processes
(f) Inputs relating to product requirements
(g) The outputs of the design and development process
(h) Design and development changes
(i) The results of the review of changes and subsequent follow up actions
(j) A documented procedure for conducting audits that includes the responsibilities and requirements
(k) Evidence of conformity with the acceptance criteria characteristics of the product
(l) A documented procedure for nonconformity control activities
(m)A documented procedure for corrective action
(n) A documented procedure for preventive action
This list is somewhat inadequate for documentation purposes because it does not tell us what types of things we should document or provide criteria to enable us to decide what we need to document. ISO 9000 clause 2.7.2 includes a more useful list of document types that are classified as follows:
(a) Quality manuals
(b) Quality plans
(c) Specifications
(d) Guidelines
(e) Procedures, work instructions and drawings
(f) Records

Sunday, December 20, 2009

Certification In ISO 9001 Standards

Certification involves an independent assessment of your quality system to confirm that it meets the requirements of ISO 9001. You will need to design, document and implement your own quality system.The system will need to cover all the requirements of the ISO 9001 standard. Many certification bodies will not conduct a formal assessment until the system has been operating for at least three months. Your quality system cannot be audited until you have generated documentary evidence to show that you are meeting the standard. To find a certification body with relevant experience in your sector and accreditation from the United Kingdom Accreditation Service (UKAS). Certification by a non-UKAS accredited body is likely to lead to credibility problems with your customers. Arrange a visit from the certification body’s auditors. UKAS prohibits auditors from acting as consultants. They will not tell you how to meet the standard but can offer advice. They will seek objective evidence that you are complying with each of the clauses of the ISO 9001 standard. The auditors will tell you of any shortcomings in your system. If you satisfy the standard, the auditors put your name forward for certification. You will be required to correct these problems within a specified timeframe. You can also be certificated if the auditors only identify a small number of ‘minor’ problems. Once you are certificated, you can display the certification body’s logo, and if the body is UKAS-accredited, the UKAS ‘tick and crown’ symbol (consult UKAS about exceptions to this rule). If the auditors identify more serious ‘major’ problems, you will be required to correct these before certification. These surveillance visits normally take place twice a year at agreed dates. All certification bodies are required torevisit registered companies to ensure they still meet the requirements of the standard. You will be given time to deal with any minor or major problems which are identified before any action is taken to withdraw your certificate.

Management Principles Of ISO 9001 Standards

ISO 9000 is based on eight management principles:

• Customer focus, resulting in meeting customer requirements and striving to exceed them;

• Leadership, aiming to create an internal environment in which people are fully involved;

• Involvement of people who are the essence of an organization;

• Process approach, resulting in improved efficiency to obtain desired results;

• System approach to management, leading to improved effectiveness and efficiency through identification, understanding and management of interrelated processes;

• Continual improvement, which becomes a permanent objective of the organization;

• Factual approach to decision-making, based on the analysis of data and information; and

• Mutually beneficial supplier relationships, based on an understanding of their interdependence.

ISO 9000 encourages the adoption of the process approach to manage an organization. There are five main areas considered for the revised process model in ISO 9000:

• Quality management system

• Management responsibility

• Resource management

• Product realization

• Measurement, analysis and improvement.

ISO 9001 Standards New Blogs

Some of the new blogs on ISO 9001 Standards & ISO 14001 standards was found as below:

http://iso14000standards.blogspot.com/

http://iso-9001-standards.blogspot.com/

http://iso14001environmentmanagementsystem.blogspot.com/

http://iso9001qualitymanagementsystem.blogspot.com/

http://iso9001qualitymanual.blogspot.com/

http://iso9000standards.blogspot.com/

http://iso9001-standards.blogspot.com/

http://iso14001standards.blogspot.com/

The Benefits To Integrate ISO 14001:2004 and ISO 9001:2008

The Benefits To Integrate ISO 14001:2004 and ISO 9001:2008

Reduce the time and cost of implementing the new specification by acquiring a concise, yet thorough understanding the scope of ISO 14001:2004 and key terms.

Avoid spinning your wheels by learning precisely which modifications and additions to ISO 14001:2004 require your attention for compliance with ISO 9001:2008.

Get a quick handle, through hands-on activities, on the environmental aspects of ISO 14001:2004, including how to:
- Develop an environmental policy statement appropriate for your company
- Integrate processes for identifying environmental aspects and impacts
- Identify environmental objectives, set related targets, and establish programs for achieving results
- Integrate environmental responsibilities and authorities into a management system
- Outline an environmental awareness and training program
- Establish environmental metrics and indicators for monitoring performance
- Integrate requirements on non-conformance and corrective and preventive actions into your existing system
- Understand the purpose and scope of the environmental management review
- Integrate document control requirements of ISO 14001:2004 into your current system
- Identify those operations that need to be controlled under EMS and identify emergency operations and contingencies that must be considered as part of EMS

Get off to a running start by learning to use a versatile prioritization matrix to identify and prioritize significant environmental aspects and impacts.

Optimize understanding and retention with the Plexus Learning Model
- Multiple learning channels through lecture, coaching, group activities, innovative learning exercises and case studies.
- Hands-on insights. Lecturing is minimized so learning is maximized.
- Learn by doing. Connect the lessons learned to your real world by using your current circumstances as examples for activities.

Evaluation of Compliance In ISO 14001 StandardsKEY CONSIDERATIONS IN IMPLEMENTING ISO 9001 IN SMEs

KEY CONSIDERATIONS IN IMPLEMENTING ISO 9001 IN SMEs

There are many issues that must be addressed in moving the QMS from the initial state to the desired state. For example, all organizations implementing ISO 9001 will need to consider the unique culture within the organization, its size, and the resources available. Beyond those widely discussed points, three issues that merit particular attention are (1) consideration of the QMS as a parallel function, (2) training, and (3) auditing. Key points associated with these issues are discussed below.

Consideration of QMS as Parallel Function

In the case of all of the transitions depicted, real benefits from the QMS are more likely to be experienced if the QMS is implemented directly into the core structure of the organization. SMEs must be cautious against establishing a QMS that is run separately in parallel to its other systems. In SMEs, the parallel subsystem most commonly exhibits itself as a separate Quality Assurance, or in some cases, ISO 9001 department. Possible reasons for this may include the existence of rigid departmental boundaries in some SMEs or overemphasis on core activities. As Yauch and Steudel [10] note, SMEs tend to focus their attention on “…necessary routine activities (such as sales, production, shipping, etc.) rather than activities aimed at improving processes or systems.” If a SME insists on establishing a separate quality department, its level of effectiveness can be increased by embedding the QMS in widely-used organizational systems where practical. The integration is largely a function of how well the QMS manages to share information with other subsystems and its ability to align with the policies, norms, goals, and values in place throughout the organization.

Training

In SMEs, training and staff development is more likely to be ad hoc and small scale because of modest human and financial resources and the absence of a specific training budget. To prevent the problems arising from lack of education and training, two things must be done:

1. Education of Top Management: The centralization of decision-making processes within many SMEs means that the management can either be the main stumbling block to change or the main catalyst for change. Therefore, any approach to ISO 9001 implementation must involve considerable education for the top management of the organization to create awareness and understanding of the implementation process as a change initiative. Implementing a fully functional and documented QMS requires motivation by top management to appreciate, achieve, and implement the necessary measures to meet the standards’ criteria.

2. Education and Training of Employees: SMEs are often under pressure to quickly gain ISO 9001 registration. Meeting the requirements of the standard in a short period of time can prove a formidable obstacle for a small company. Since most SMEs do not possess the needed expertise internally, they may be inclined to hire external experts to provide the necessary technical expertise and manpower. However, having a functioning and documented QMS requires more than that. It requires ensuring that all employees in the organization clearly know what is expected of them and how they can contribute to the attainment of their organizations’ goals. This will likely require the preparation and implementation of a training plan tailored specifically to the unique characteristics and maturity level of the SME.

Auditing

As emphasized throughout the paper, a QMS is not going to produce the expected results unless it is fully functional. While auditing must therefore verify the existence of the necessary documentation, it must also focus on the functionality of the QMS. The measurement of the functionality and the qualitative and financial impacts of a QMS have been the subject of several studies, including Kaynak [11]. Among the categories used to measure functionality and performance improvement, two are particularly noteworthy for our purposes: management commitment and employee involvement. A QMS cannot be functional in the absence of those two characteristics. Therefore, as a minimum, internal and external auditors should continually verify top management’s commitment to increased company-wide quality awareness and improvement in addition to employee involvement in the design, implementation, operation, and improvement of quality related processes and procedures.

Saturday, December 19, 2009

Hidden Businees Opportunities

The ISO 9001:2000 Standard has been revised after eight years. And the buzz is rapidly reaching a crescendo. We continue to receive numerous emails and phone calls regarding the impact of the new release. First, let me dispel any anxiety about the November 15, 2008 official “2008” release. There are no new requirements. The changes are largely interpretive, and focus on terminology clarifications. The changes to the ISO 9001 amendment, however, will have considerable benefit.
As a back drop, keep in mind that ISO 9001 is not just an International Standard for aQuality Management System. It is the world’s most recognized business management standard. And it makes a strong business case. It focuses attention on leadership, business planning, organizational business processes, your customers (internal and external), measurement and reporting, and continual improvement. That translates to improved business results and a sustainable competitive advantage.

Overview of the Changes

The points of clarification focus on outsourcing, documentation, management representative, employee competence, design verification and validation, process monitoring, control of nonconforming product and corrective and preventive action. But bear in mind, no “shalls” (requirements) were added or removed.
Examples of select changes include: In an attempt to clarify the term “outsourcing,” notes were added that require the organization to identify processes (and the control of these) to be completed by an external party. With respect to documentation, the changes focus on improving the compatibility between ISO 9001 and ISO 14001.
The only significant addition to the management representative sub clause was to require that the MR be a member of the organization’s management team. This means a contracted person could serve in this role as long as he or she is also considered part of management. The management representative does not have to be full-time.
With regard to competence of employees, a note was added to make training more pervasive throughout the organization. Training applies to all employees directly or indirectly responsible for delivering a service or producing a product (everyone that is part of the quality chain). A complete listing of changes can be found in Annex B (Table B.1) of the Standard. Also, note that there is better alignment with ISO 14001:2004.

Transition from ISO 9001:2000 to ISO 9001:2008

This reference guide was developed to help you understand the nature of the changes to the ISO 9001 standard.

Clause Change/Emphasis Not Auditable

0.1 General – Added language emphasizing statutory and regulatory requirements are a concern as it relates to products for this international standard.

0.4 Compatibility with Other Management Systems Standards - Emphasis was added on the consideration given to ISO 14001:2004 to ensure that the standards are compatible.

1.1 General

1.2 Application – “Statutory” was added in certain paragraphs to ensure the user is aware that these requirements must be taken into consideration. Additional notes were added to explain that where the word “product” appears, it refers to every stage of its existence, from raw material received to the final product being shipped to the customer.

2. Normative Reference – Reference to ISO 9000 (vocabulary and concepts) was updated to refer to the current revision (i.e. ISO 9000:2005).

3. Terms and Definitions – The supplier/organization/customer model was removed. These relationships, in reality, are not always linears.

The Auditable Requirements
Clause Change/Emphasis
4.1
In 4.1 a, “identify” was replaced with “determine” to emphasize that an organization must give careful consideration to what processes are needed in order to fulfill requirements.
A link is drawn to 7.4 in the additional note. This was done to show that the supplier approval, evaluation, and re-evaluation process is where evidence of controlled outsourced processes should be demonstrated.
4.2.1
References to records and documents were consolidated.
Also, the organization can require records not specified in this international standard that are created and maintained.
4.2.3
Clarification is given to the requirement for outsourced documents. Only those needed for the planning and operation of the QMS need to be controlled. This could exclude documents related to occupational health and safety since ISO 9001 contains requirements only concerned with product (see 0.1).
4.2.4
Rephrased, but no additional clarifications or emphasis added. Editorial change only.
5.5.2
The management representative must be from the organization’s management. This would exclude consultants and other individuals external to the organization (e.g. amanagement representative from the corporate entity). The purpose of this is to ensure that this individual, entrusted with the responsibilities of championing the quality management system, is not “out of touch” with the organization.
6.2.1
The boundaries of competence only extend to individuals who impact product conformity. However, this does not just include those who are directly involved in production. The decisions made by management affect product conformity; therefore, they must be competent as well.

6.2.2
If said personnel have not yet attained the competence needed to perform the assigned job, then the organization must provide training or some other remedy to ensure that competence is achieved. The organization must also have a mechanism to ensure that personnel have been evaluated based on how well they demonstrate their knowledge and skill (i.e. competence). It is not enough to merely provide training or consider an individual’s experience. The organization must prove to itself that this person can, in fact, perform.
6.3
Infrastructure also includes databases and information technology.
6.4
Emphasis is added in a note to highlight that the concept of “work environment” only extends to product quality.
7.1 c
“Measurement” is added.
7.2.1
“Post-delivery activity” is clarified in a note with examples.
7.3.1
A note emphasizes that design verification, validation, and review are different from one another and serve different purposes. Design review is where the organization evaluates if the design can meet requirements and if any changes need to be made. Design verification is where the organization has ensured that requirements have been met (e.g. is the widget blue and is it hexagonal?). Design validation is where the organization proves that the design can perform as required.
However, the records of design verification, validation, and review do not have to be separate.
7.3.3
Production and service provisions also extend to how product is preserved, handled, etc., to ensure product conformity. See 7.5.1
Design outputs must include requirements related to preservation. See 7.5.5.

7.5.2
Notes were added to give examples of the types of processes where this requirement would apply along with a statement that service organizations should have additional considerations in the planning stages when deficiencies and conformity are not likely to be identified prior to delivery.
7.5.3
Product status must be identified throughout product realization, not just the final product. See 1.2.
7.5.4
Wording was modified to add clarity, but the intent of the requirement has not changed.
7.5.5
Again, emphasis is added that care must be given to preserving the product regardless of where it falls in the realization process.
7.6
An obsolete reference to another ISO document was replaced.
The definition of “monitoring and measuring devices” has been clarified to include equipment and devices that are purposed for monitoring and measuring, regardless of their original or intended purpose.
An additional note regarding software was added.
8.2.2
Document and record requirements were reworded and their placement modified to improve clarity.
The reference to the auditing guidance document was updated (i.e. ISO 19011).

8.2.3
Wording was modified to emphasize that correction and corrective actions are not only to be taken to preserve the conformity of the product, but also to preserve the quality management system. For example, internal rejection/scrap rates could show evidence that the organization is preserving product conformity and is taking intermediate action to prevent bad product from being shipped to their customers; however, it could also be a sign that the organization is not efficient since the higher rejection/scrap rates are undesirable.
A note was added to clarify the meaning of “suitable methods” related to planning, monitoring and measurement processes. Suitability should be determined based on risk and the impact that nonconformity would have on the product or process.
8.2.4
Product can be released to other internal processes despite planned arrangements not being satisfactorily completed as long as it conforms prior to release to the customer. This relaxes requirements on intermediate inspection results and records.
8.3
Actions taken against nonconforming product must be proportional to its impact or potential impact. See 8.2.3 related to impact considerations for monitoring and measurement.
This would mean that in the planning stages of a product, the organization needs to customize responses to nonconforming products based on the risk or potential risk to the organization.
This requirement existed in ISO 9001:2000; however, its location has changed.

8.5.2
Nonconformity can have multiple causes (“cause”; i.e. a singular reason, was used in the 2000 version); therefore, the organization must consider this when conducting root cause analysis.
Also, it is not enough to simply review corrective action and ensure that procedures were changed, personnel have been re-trained, and that processes were amended. The organization must review whether or not the action(s) taken were effective; i.e. did they successfully eliminate the nonconforming condition?
8.5.3
Similar to the new emphasis on the effectiveness of corrective action, the organization must also document whether or not the preventive action(s) taken were effective in eliminating the risk of nonconformity.

Organizations preparing to implement a QMS For ISO 9001

Organizations preparing to implement a QMS For ISO 9001

For organizations that are in the process of implementing a QMS, and wish to meet the requirements of ISO 9001:2008, the following comments may be useful.
For organizations that are in the process of implementing or have yet to implement a QMS, ISO 9001:2008 emphasizes a process approach. This includes:
- Identifying the processes necessary for the effective implementation of the quality management system
- understanding the interactions between these processes.
- documenting the processes to the extent necessary to assure their effective operation and control. (It may be
appropriate to document the processes using process maps. It is emphasized, however, that documented process maps are not a requirement of ISO 9001:2008.)
These processes include the management, resource, product realization and measurement processes that are relevant
to the effective operation of the QMS.
Analysis of the processes should be the driving force for defining the amount of documentation needed for the quality management system, taking into account the requirements of ISO 9001:2008. It should not be the documentation that drives the processes.

Records required by ISO 9001:2008

Records required by ISO 9001:2008

Clause Record required
5.6.1 Management reviews
6.2.2 e) Education, training, skills and experience
7.1 d) Evidence that the realization processes and resulting product fulfil requirements
7.2.2 Results of the review of requirements related to the product and actions arising from the review
7.3.2 Design and development inputs relating to product requirements
7.3.4 Results of design and development reviews and any necessary actions
7.3.5 Results of design and development verification and any necessary actions
7.3.6 Results of design and development validation and any necessary actions
7.3.7 Results of the review of design and development changes and any necessary actions
7.4.1 Results of supplier evaluations and any necessary actions arising from the evaluations
7.5.2 d) As required by the organization to demonstrate the validation of processes where the resulting output cannot be verified by subsequent monitoring or measurement
7.5.3 The unique identification of the product, where traceability is a requirement
7.5.4 Customer property that is lost, damaged or otherwise found to be unsuitable for use
7.6 a) Basis used for calibration or verification of measuring equipment where no international or national measurement standards exist
7.6 Validity of the previous measuring results when the measuring equipment is found not to conform to requirements
7.6 Results of calibration and verification of measuring equipment
8.2.2 Internal audit results and follow-up actions
8.2.4 Indication of the person(s) authorizing release of product.
8.3 Nature of the product nonconformities and any subsequent actions taken, including concessions obtained
8.5.2 e) Results of corrective action
8.5.3 d) Results of preventive action

History and Evolution of ISO 9000 Standards

Pre ISO 9000
During World War II, there were quality problems in many British industries such as munitions, where bombs were exploding in factories during assembly. The solution adopted to address these quality problems required factories to document their manufacturing procedures and to prove by record-keeping that the procedures were being followed. The standard was BS 5750, and it was known as a management standard because it specified not what to manufacture, but how the manufacturing process was to be managed. In 1987, the British Government persuaded the International Organization for Standardization (ISO) to adopt BS 5750 as an international standard. The international standard was named ISO 9000.

ISO 9000: 1987 Version
ISO 9000:1987 had the same structure as the British Standard BS 5750, with three ‘models’ for quality management systems, the selection of which was based on the scope of activities of the organisation:
• ISO 9001:1987 Model for quality assurance in design, development, production, installation, and servicing was for companies and organisations whose activities included the creation of new products
• ISO 9002:1987 Model for quality assurance in production, installation, and servicing had basically the same material as ISO 9001 but without covering the creation of new products.
• ISO 9003:1987 Model for quality assurance in final inspection and test covered only the final inspection of finished product, with no concern for how the product was produced.
ISO 9000:1987 was also influenced by existing U.S. and other Defense Standards (MIL SPECS), and so was well-suited to manufacturing. The emphasis tended to be placed on conformance with procedures rather than the overall process of management—which was likely the actual intent.

ISO 9000:1994 (Year 1994 Revision)
ISO 9000:1994 emphasised quality assurance via preventive actions, instead of just checking final product, and continued to require evidence of compliance with documented procedures. As with the first edition, the down-side was that companies tended to implement its requirements by creating shelf-loads of procedure manuals, and becoming burdened with an ISO bureaucracy. In some companies, adapting and improving processes could actually be impeded by the quality system.

ISO 9000:2000 (Year 2000 Revision)
ISO 9001:2000 combines the three standards 9001, 9002, and 9003 into one, called 9001. Design and development procedures are required only if a company engages in the creation of new products. The 2000 version sought to make a radical change in thinking by placing the concept of process management front and centre (”Process management” was the monitoring and optimising of a company’s tasks and activities, instead of just inspecting the final product). The Year 2000 version also demands involvement by upper executives, in order to integrate quality into the business system and avoid delegation of quality functions to junior administrators. Another goal is to improve effectiveness via process performance metrics — numerical measurement of the effectiveness of tasks and activities. Expectations of continual process improvement and tracking customer satisfaction were made explicit.

ISO 9000:2008 (Year 2008 Revision)
The new ISO 9001:2008 was published on 15 November 2008. ISO 9001:2008 uses the same numbering system as ISO 9001:2000 to organise the standard. As a result, the new ISO 9001:2008 standard looks very much like the old standard. No new requirements have been added. However, some important clarifications and modifications have been made.

As with the release of previous versions, organisations registered to ISO 9001:2000 will be given a period to transition to the ISO 9001:2008 standard, assuming changes are needed.

ISO 9000 — a way of managing for conformance
Quality assurance, according to the Standard, is a way of managing that prevents non-conformance and thus “assures quality”. This is what makes ISO 9000 different from other standards: it is a management standard, not a product standard. It goes beyond product standardisation: it is standardising not what is made but how it is made. To use standards to dictate and control how organisations work was to extend the role of standards to new territory. To take such a step we might have firstly established that any such requirements worked — that they resulted in ways of working which improved performance.
Yet the plausibility of this Standard, and the fact that those who had an interest in maintaining it were (and still are) leading opinion, prevented such enquiries. In simple terms the Standard asks managers to say what they do, do what they say and prove it to a third party.
ISO 9000 (1994) paragraph 1: “The requirements specified are aimed primarily at achieving customer satisfaction by preventing non-conformity at all stages from design through servicing.”
To put it another way, the Standard asserts that preventing non-conformance achieves customer satisfaction. But does it? Of course it matters to customers that a product works. But there is no guarantee that the Standard will ensure even that. Furthermore, customers take a total view of an organisation — how easy it is to do business with — in respect of all things of importance to each and every customer.
ISO 9000 requires managers to “establish and maintain a documented quality system as a means of ensuring that product conforms to specified requirements”. Loosely translated this is “say what you do”. Management is supposed to “define and document its policy for quality . . . including its commitment to quality”.
What management would not declare its commitment to quality? But would they know what it means? Would they argue (as they should) that quality management is a different and better way to do business, or would they believe that ISO 9000 will take care of quality? The Standard encourages managers to think of “quality” and “business as usual” as separate and distinct. It helps managers avoid the revelation that quality means a wholly different view of management. Instead, the organisation “shall appoint a management representative who, irrespective of other responsibilities, shall have defined authority and responsibility” [for ISO 9000]. At a practical level this means only one executive might decide he or she had better learn a thing or two about quality. However, would being responsible for ISO 9000 lead to learning about quality or simply enforcing the ISO 9000 regime in an organisation?
Key to the regime is auditing. The Standard requires organisations to conduct internal quality audits to “verify whether quality activities comply with planned arrangements”. This can be loosely translated as “do you do as you say?” and the purpose of the audit is to see that you do. It was not until the 1994 review that the words were changed to “quality activities and related results”. It was a Standard which was rooted in the philosophy of inspection: fifteen years after its initial promulgation the promoters sought to extend the focus to results. But results or improvements assessed by what means? Inspection. By the time the Standard was adopted world-wide, quality thinking had moved a long way from the philosophy of inspection. It is now understood, at least by a few, that quality is achieved through managing the organisation as a system and using measures which enable managers to improve flow and reduce variation (which we explore in chapters 5 and 7). The defenders argue that there is nothing stopping a company having ISO 9000 and implementing methods for managing flow and reducing variation, but where are such companies? Few of the companies we researched, formally and informally, knew anything about this thinking. The Standard does not talk about it; moreover, the Standard effectively discourages managers from learning about it by representing quality in a different way.
According to ISO 8402 (quality vocabulary), quality is:
“The totality of features and characteristics of a product or service that bear on its ability to satisfy stated or implied needs.”
Everything we have learned about ISO 9000 suggests that the people who created this definition were thinking about the things which need to be controlled, those things which “bear on its ability . . .”. The builders of the Standard assumed that customer needs would be listed in contractual agreements between the supplier and customer. ISO 9000 has a “make” logic — procedures for “how you do what you do” — and a “control” logic — check to see that it is done. It is a relic of the era when contractual agreements were perceived to be an important device for regulating the behaviour of suppliers. In these ways, ISO 9000 encouraged “planning for quality”.
Planning for quality sounds plausible, but it assumes many things: that the plan is the right plan, that it is feasible, that people will “do it”, that performance will improve. It is an approach which, paradoxically, leads to poor decisions. Planners of quality systems, guided by ISO 9000, start with a view of how the world should be as framed by the Standard. Understanding how an organisation is working, rather than how someone thinks it should, is a far better place from which to start change of any kind.

Friday, December 18, 2009

ISO 9000 Standards – Design and development

ISO 9000 Standards – Design and development

Planning the design and development of a product means determining the design objectives and the design strategy, the design stages, timescales, costs, resources and responsibilities needed to accomplish
them. Sometimes the activity of design itself is considered to be a planning activity but what is being planned is not the design but the product.

The purpose of planning is to determine the provisions needed to achieve an objective. In most cases, these objectives include not only a requirement for a new or modified product but also requirements governing the costs and product introduction timescales (Quality, Cost and Delivery or QCD). Remove these constraints and planning becomes less important but there are few situations when cost and time is not a constraint. It is therefore necessary to work out in advance whether the objective can be achieved within the budget and timescale. One problem with design is that it is often a journey into the unknown and the cost and time it will take cannot always be predicted. It may
in fact result in disaster and either a complete reassessment of the design objective or the technology of the design solution. This has been proven time and again with major international projects such as Concorde, the Channel Tunnel and the International Space Station. Without a best guess these projects would not get off (or under!) the ground and so planning is vital firstly to get the funding and secondly to define the known and unknown so that risks can be assessed and quantified.

Design and development plans need to identify the activities to be performed, by whom they will be perform and when they should commence and be complete. One good technique is to use a network chart (often called a PERT chart), which links all the activities together. Alternatively a bar chart may be adequate. There does need to be some narrative in addition as charts in isolation rarely conveys everything required.

Design and development is not complete until the design has been proven as meeting the design requirements, so in drawing up a design and development plan you will need to cover the planning of design verification and validation activities. The plans should identify as a minimum:
- The design requirements
- The design and development programme showing activities against time
- The work packages and names of those who will execute them (Work
packages are the parcels of work that are to be handed out either internally or to suppliers)
- The work breakdown structure showing the relationship between all the parcels of work
- The reviews to be held for authorizing work to proceed from stage to
stage
- The resources in terms of finance, manpower and facilities
- The risks to success and the plans to minimize them
- The controls that will be exercised to keep the design on course
Planning for all phases at once can be difficult as information for subsequent phases will not be available until earlier phases have been completed. So, your design and development plans may consist of separate documents, one for each phase and each containing some detail of the plans you have made for subsequent phases.
Your design and development plans may also need to be subdivided into
plans for special aspects of the design such as reliability plans, safety plans, electromagnetic compatibility plans, configuration management plans. With simple designs there may be only one person carrying out the design activities. As the design and development plan needs to identify all design and development activities, even in this situation you will need to identify who carries out the design, who will review the design and who will verify the design. The same person may perform both the design and the design verification activities, however, it is good practice to allocate design verification to another person or organization because it will reveal problems overlooked by the designer. On larger design projects you may need to employ staff of various disciplines such as mechanical engineers, electronic engineers, reliability engineers etc. The responsibilities of all these people or groups need to be identified and a useful way of parcelling up the work is to use work packages that list all the activities to be performed by a particular group. If you subcontract any of the design activities, the supplier’s plans need to be integrated with your plans and your plan should identify which activities are the supplier’s responsibility. While purchasing is dealt with in clause 7.4 of the standard, the requirements also apply to design activities.

What is ISO 9000 Standards?

Establishing Quality Objectives In ISO 9000 Standards

Establishing Quality Objectives In ISO 9000 Standards

The ISO 9000 Standard requires that top management ensure that quality objectives are established.

ISO 9001 defines quality objectives as results sought or aimed for related to quality. It also suggests that these

objectives be based on the quality policy and be specified at different levels in the organization, being

quantified at the operational level. As with quality policy the details will be addressed later and here we

will focus on what it means to establish qualityobjectives and how they relate to other objectives.

As the quality policy equates to the corporate policy, it follows that quality objectives equate to corporate objectives. All of the organization’s objectives should in some way serve to fulfil requirements of customers and other interested parties. It is also interesting to note that inISO 9001, the term requirement is defined as a need or expectation that is stated, customarily implied or obligatory. While an investor may not specify a requirement for growth in share value, it would certainly be an expectation. While an employee does not express requirements for salary increases when profits rise, it would certainly be an expectation and while society has no way other than to protest or invoke the law to impose its desires upon an organization, it certainly has the power to make organization’s comply and even change the law in extreme cases. So quality objectives do equate to corporate objectives.

Management needs to ensure that the objectives are established as a basis for action. All work serves an objective and it is the objective that stimulates action.

The reason for top management setting the objectives is to ensure that everyone channels their energies in a positive direction that serves the organizations purpose and mission.

For an objective to be established it has to be communicated, translated into action and become the focus of all achievement. Objectives are not wish lists. The starting point is the purpose and mission statement and the factors

identified as affecting the ability of the organization to accomplish its mission. It is in these areas the organization needs to excel and therefore they become the focus for action and consequently the setting of objectives. Although ISO 9001 suggests that the quality objectives should be based on the quality policy, it is more likely to be current performance, competition and opportunities arising from new technology that drive the objectives.

An objective is a result that is aimed for and is expressed as a result that is to be achieved. Objec-

tives are therefore not policies. The requirement should also not be interpreted as applicable only to

organizational functions and levels. Objectives are required at levels within the organization not levels

within the organization structure. This is clarified by the requirement for objectives to include those

needed to meet requirements for product. There are therefore five levels at which control and improve-

ment objectives need to be established:

Corporate level where the objectives are for the whole enterprise to enable it to fulfil its vision

Process level where the objectives are for specific processes to enable them to fulfil corporate goals

Product or service level where the objectives are for specific products/services or ranges of products/services to enable them to fulfil or create customer needs and expectations

Departmental or function level where the objectives are for an organizational component to enable it to fulfil corporate goals Personal level where the objectives are for the development of individual competency

A management system is not a static system but a dynamic one and if properly designed and implemented can drive the organization forward towards world class quality. All managerial activity is concerned either with maintaining performance or with making change. Change can retard or advance performance. That which advances performance is beneficial. In this regard, there are two classes of quality objectives, those serving the control of quality

(maintaining performance) and those serving the improvement of quality (making beneficial change).

maintain or to prevent from deteriorating. To maintain your performance and your position in the market you will have to continually seek improvement.

Remaining static at whatever level is not an option if your organization is to survive. Although you will be striving for improvement it is important to avoid slipping backwards with every step forwards. The effort needed to prevent

regression may indeed require innovative solutions. While to the people working on such problems, it may appear that the purpose is to change the status quo, the result of their effort will be to maintain their present position not raise it to higher levels of performance. Control and improvement can therefore be perceived as one and the same thing depending on the standards being aimed for and the difficulties in meeting them.

The statements of objectives may be embodied within business plans, product development plans, improvement plans, process descriptions and even procedures.

Achievable objectives do not necessarily arise from a single thought even when the policies provide a framework. There is a process for establishing objectives.

At the strategic level, the subjects that are the focus for setting objectives are the factors that affect the organization’s ability to accomplish its mission – the critical success factors such as marketing, innovation, human resources,

physical and financial resources, productivity and profit. There may be other factors such as the support of the community, of unions, of the media as certain businesses depend on continued support from society. Customer needs, regulations, competition and other external influences shape these objectives and cause them to change frequently. The measures arise from an analysis of current performance, the competition and there will emerge the need for either improvement or control. The steps in the objective setting process are as follows:

Identifying the need

Drafting preliminary objectives

Proving the need to the appropriate level of management in terms of:

whether the climate for change is favourable

the urgency of the improvement or controls

the size of the losses or potential losses

the priorities

Identifying or setting up the forum where the question of change or control is discussed Conducting a feasibility study to establish whether the objective can be achieved with the resources that can be applied Defining achievable objectives for control and improvement

Communicating the objectives

The standard does not require that objectives be achieved but it does require that their achievement be planned and resourced. It is therefore prudent to avoid publishing objectives for meeting an unproven need and which has not

been rigorously reviewed and assessed for their feasibility. It is wasteful to plan for meeting objectives that are unachievable and it diverts resources away from more legitimate uses.

Objectives are not established until they are understood and therefore communication of objectives must be part of this process. Communication is incomplete unless the receiver understands the message but a simple yes or no is not an adequate means of measuring understanding. Measuring employee understanding of appropriate quality objectives is a subjective process. Through the data analysis carried out to meet the requirements of clause 8.4 you will have produced metrics that indicate whether your quality objectives are being achieved. If they are being achieved you could either assume your employees understand the quality objectives or you could conclude that it doesn’t matter. Results alone are insufficient evidence. The results may have been achieved by pure chance and in six months time your performance may have declined significantly. The only way to test understanding is to check the decisions people make. This can be done with a questionnaire but is more effective if one checks decisions made in the work

place. Is their judgement in line with your objectives or do you have to repeatedly adjust their behaviour?

For each objective you should have a plan that defines the processes involved in its achievement. Assess these processes and determine where critical decisions are made and who is assigned to make them. Audit the

decisions and ascertain whether they were contrary to the objectives. A simple example is where you have an objective of decreasing dependence upon inspection. By examining corrective actions taken to prevent recurrence of

nonconformities you can detect whether a person decided to increase the level of inspection in order to catch the nonconformities or considered alternatives.

Any person found increasing the amount of inspection has clearly not understood the objective.

ISO 9000 Standards – Quality Management Principles

ISO 9000 Standards – Quality Management Principles
A quality management principle is defined by ISO/TC 176 as a comprehensive and fundamental rule or belief, for leading and operating an organization, aimed at continually improving performance over the long term by focusing on customers while addressing the needs of all other interested parties. Eight principles have emerged as fundamental to the management of quality.

All the requirements of ISO 9001:2008 are related to one or more of these principles. These principles provide the reasons for the requirements and are thus very important. The quality management principles can be listed as below:

1. Customer focus
Organizations depend on their customers and therefore should understand current and future customer needs, meet customer requirements and strive to exceed customer expectations.
The customer focus principle is reflected in ISO 9000 Standards through the requirements addressing:
a. Communication with the customer
b. Care for customer property
c. The determination of customer needs and expectations
d. Appointment of a management representative
e. Management commitment

2. Leadership
Leaders establish unity of purpose and direction for the organization. They should create and maintain the internal environment in which people can become fully involved in achieving the organization’s objectives.
The leadership principle is reflected in ISO 9000 Standards through the requirements addressing:
a. The setting of objectives and policies
b. Planning
c. Internal communication
d. Creating an effective work environment

3. Involvement of people
People at all levels are the essence of an organization and their full involvement enables their abilities to be used for the organization’s benefit.
The involvement of people principle is reflected in ISO 9000 Standards through the requirements addressing:
a. Participation in design reviews
b. Defining objectives, responsibilities and authority
c. Creating an environment in which people are motivated
d. Internal communication
e. Identifying competence needs

4. Process approach
A desired result is achieved more efficiently when related resources and activities are managed as a process.
The process approach principle is reflected in ISO 9000 Standards through the requirements addressing:
a. The identity of processes
b. Defining process inputs and outputs
c. Providing the infrastructure, information and resources for processes to
function

5. System approach to management
This principle is expressed as follows:
Identifying, understanding and managing interrelated processes as a system contributes to the organization’s effectiveness and efficiency in achieving its objectives.
The system approach principle is reflected in ISO 9001 through the requirements addressing:
a. Establishing, implementing and maintaining the management system
b. Interconnection, interrelation and sequence of processes
c. The links between processes
d. Establishing measurement processes

6. Continual improvement
This principle is expressed as follows:
Continual improvement of the organization’s overall performance should be a permanent objective of the organization.
The continual improvement principle is reflected in ISO 9000 Standards through the requirements addressing:
a. Improvement processes
b. Identifying improvements
c. Reviewing documents and processes for opportunities for improvement

7. Factual approach to decision making
This principle is expressed as follows:
Effective decisions are based on the analysis of data and information.
The factual approach principle is reflected in ISO 9000 Standards through the requirements addressing:
a. Reviews, measurements and monitoring to obtain facts
b. Control of measuring devices
c. Analysis to obtain facts from information
d. Records for documenting the facts
e. Approvals based on facts

8. Mutually beneficial supplier relationships
This principle is expressed as follows:
An organization and its suppliers are interdependent and a mutually beneficial relationship enhances the ability of both to create value.
The mutually beneficial supplier relationships principle is reflected in ISO 9000 Standardsthrough the requirements addressing:
a. Control of suppliers
b. Evaluation of suppliers
c. Analysis and review of supplier data

ISO 9000 Standards – Document Approval

ISO 9000 Standards – Document Approval
The ISO 9000 Standards requires that documents be approved for adequacy prior to issue.

Approval prior to issue means that designated authorities have agreed the document before being made available for use. Whilst the term ade-
quacy is a little vague it should be taken as meaning that the document is judged as fit for the intended purpose. In a paper based system, this means approval before the document is distributed. With an electronic system, it means that the documents should be approved before they are published or made available to the user community.

The ISO 9000 Standards document control process needs to define the process by which documents are approved. In some cases it may not be necessary for anyone other than the approval authority to examine the documents. In others it may be necessary to set up a panel of reviewers to solicit their comments before approval is given.
It all depends on whether the approval authority has all the information
needed to make the decision and is therefore ‘competent’. One might think that the CEO could approve any document in the organization but just because a person is the most senior executive does not mean he or she is competent to perform any role in the organization.

Users should be the prime participants in the approval process so that the
resultant documents reflect their needs and are fit for the intended purpose. If the objective is stated in the document, does it fulfil that objective? If it is stated that the document applies to certain equipment, area or activity, does it cover that equipment, area or activity to the depth expected of such a document? One of the difficulties in soliciting comments to documents is that you will gather comment on what you have written but not on what you have omitted. A useful method is to ensure that the procedures requiring the document specify the acceptance criteria so that the reviewers and approvers can check the document against an agreed standard.

To demonstrate documents have been deemed as adequate prior to issue,
you will need to show that the document has been processed through the
prescribed document approval process. Where there is a review panel, a simple method is to employ a standard comment sheet on which reviewers can indicate their comments or signify that they have no comment. During the drafting process you may undertake several revisions. You may feel it
necessary to retain these in case of dispute later, but you are not required to do so. You also need to show that the current issue has been reviewed so your comment sheets need to indicate document issue status.

Preparing The ISO 9000 Standards Quality Manual

Preparing The ISO 9000 Standards Quality Manual

The standard requires a quality manual to be established and maintained that includes the

scope of the quality management system, the documented procedures or reference to them

and a description of the sequence and interaction of processes included in the quality

management system.

ISO 9000 defines a quality manual as a document specifying the quality management

system of an organization.

It is therefore not intended that the manual be a response to the requirements of ISO 9001.

As the top-level document describing the management system it is a system description

describing how the organization is managed.

Countless quality manuals produced to satisfy ISO 9000 :2008, were no more than 20

sections that paraphrased the requirements of the standard.

Such documentation adds no value. They are of no use to managers, staff or auditors.

Often thought to be useful to customers, organizations would gain no more confidence

from customers than would be obtained from their registration certificate.

This requirement responds to the System Approach Principle.

A description of the management system is necessary as a means of showing how all

the processes are interconnected and how they collectively deliver the business outputs.

It has several uses as :

a means to communicate the vision, values, mission, policies and objectives of the

organization

a means of showing how the system has been designed

a means of showing linkages between processes

a means of showing who does what

an aid to training new people

a tool in the analysis of potential improvements

a means of demonstrating compliance with external standards and regulations

When formulating the policies, objectives and identifying the processes to achieve

them, the manual provides a convenient vehicle for containing such information.

If left as separate pieces of information, it may be more difficult to see the linkages.

The requirement provides the framework for the manual. Its content may

therefore include the following:

1 Introduction

(a) Purpose (of the manual)

(b) Scope (of the manual)

(d) Definitions (of terms used in the manual)

2 Business overview

(a) Nature of the business/organization – its scope of activity, its products

and services

(b) The organization’s interested parties (customers, employees, regulators,

shareholders, suppliers, owners etc.)

environment

(d) Vision, values

(e) Mission

3 Organization

(a) Function descriptions

(b) Organization chart

4 Business processes

(a) The system model showing the key business processes and how they are interconnected

(b) System performance indicators and method of measurement

(d) Resource management process description

(e) Marketing process description

(f) Product/service generation processes description

(g) Sales process description

(h) Order fulfilment process description

5 Function matrix (Relationship of functions to processes)

6 Location matrix (Relationship of locations to processes)

7 Requirement deployment matrices

(a) ISO 9001 compliance matrix

(b) ISO 14001 compliance matrix

8 Approvals (List of current product, process and system approvals)

Develop Quality Management System Documentation In ISO 9000 Standards

Develop Quality Management System Documentation In ISO 9000 Standards

Documentation is the most common area of non-conformance among organizations

wishing to implement ISO 9000 quality management systems. As one company

pointed out: “When we started our implementation, we found that documentation

was inadequate. Even absent, in some areas. Take calibration. Obviously it’s

necessary, and obviously we do it, but it wasn’t being documented. Another area

was inspection and testing. We inspect and test practically every item that leaves

here, but our documentation was inadequate”.

Documentation of the quality management system should include:

1. Documented statements of a quality policy and quality objectives,

2. A quality manual,

3. Documented procedures and records required by the standard ISO 9001:2008, and

4. Documents needed by the organization to ensure the effective planning, operation and control of its processes.

Quality documentation is generally prepared in the three levels indicated below that follows. Use ISO 10013:1995 for guidance in quality documentation.

Level A: Quality manual

States the scope of the quality management system, including exclusions and

details of their justification; and describes the processes of the quality

management system and their interaction. Generally gives an organization

profile; presents the organizational relationships and responsibilities of persons

whose work affects quality and outlines the main procedures. It may also

describe organization’s quality policy and quality objectives.

Level B: Quality management system procedures

Describes the activities of individual departments, how quality is controlled in

each department and the checks that are carried out.

Level C: Quality documents (forms, reports, work instructions, etc.)

1. Work instructions describe in detail how specific tasks are performed; include

drawing standards, methods of tests, customer’s specifications, etc.

2. Presents forms to be used for recording observations, etc.

Revision Of Documents In ISO 9000 Standards

The ISO 9000 Standard requires that documents be updated as

necessary and re-approved following their review.

Following a document review, action may or may not be necessary. If the

document is found satisfactory, it will remain in use until the next review. If the

document is found unsatisfactory there are two outcomes.

The document is no longer necessary and should be withdrawn from use –

this is addressed by the requirement dealing with obsolescence.

The document is necessary but requires a change – this is addressed by this

requirement.

The standard implies that updating should follow a review. The term update

also implies that documents are reviewed only to establish whether they are

current when in fact document reviews may be performed for many different

reasons. A more appropriate term to update would be revise. Previously the

standard addressed only the review and approval of changes and did not

explicitly require a revision process. However, a revision process is executed

before a document is subject to re-approval.

This requirement responds to the Continual Improvement principle.

It is inevitable that during use a need will arise for changing documents and

therefore provision needs to be made to control not only the original

generation of documents but also their revisions.

The document change process consists of a number of key stages some of

which are not addressed in ISO 9001.

a. Identification of need (addressed by document review)

b. Request for change (not addressed in the standard)

c. Permission to change (not addressed in the standard)

d. Revision of document (addressed by document updates)

e. Recording the change (addressed by identifying the change)

f. Review of the change (addressed under quality planning)

g. Approval of the change (addressed by document re-approval)

h. Issue of change instructions (not addressed in the standard)

i. Issue of revised document (addressed by document availability)

As stated previously, to control documents it is necessary to control their

development, approval, issue, change, distribution, maintenance, use, storage,

security, obsolescence or disposal and we will now address those aspects not

specifically covered by the standard.

In controlling changes it is necessary to define what constitutes a change to a

document. Should you allow any markings on documents, you should specify

those that have to be supported by change notes and those that do not.

Markings that add comment or correct typographical errors are not changes

but annotations. Alterations that modify instructions are changes and need

prior approval. The approval may be in the form of a change note that details

changes that have been approved.

Anyone can review a document but approved documents should only be

changed/revised/amended under controlled conditions. The document

review will conclude that either a change is necessary or unnecessary. If a

change is necessary, a request for change should be made to the issuing

authorities. Even when the person proposing the change is the same as would

approve the change, other parties may be affected and should therefore be

permitted to comment. The most common method is to employ Document

Change Requests. By using a formal change request it allows anyone to request

a change to the appropriate authorities.

Change requests need to specify:

a. The document title, issue and date

b. The originator of the change request (who is proposing the change, his or her

location or department)

c. The reason for change (why the change is necessary)

d. What needs to be changed (which paragraph, section, etc. is affected and

what text should be deleted)

e. The changes in text required where known (the text which is to be inserted

or deleted)

By maintaining a register of such requests you can keep track of who has

proposed what, when and what progress is being made on its approval. You

may of course use a memo or phone call to request a change but this form of

request becomes more difficult to track and prove you have control. You will

need to inform staff where to send their requests.

On receipt of the request you need to provide for its review by the change

authority. The change request may be explicit in what should be changed or

simply report a problem that a change to the document would resolve.

Someone needs to be nominated to draft the new material and present it for

review but before that, the approval authorities need to determine whether

they wish the document to be changed at all. There is merit in reviewing

requests for change before processing in order to avoid abortive effort. You

may also receive several requests for change that conflict and before processing

you will need to decide which change should proceed. While a proposed

change may be valid, the effort involved may warrant postponement of the

change until several proposals have been received – it rather depends on the

urgency

Ensuring the availability of controlled documents

The standard requires that relevant versions of applica-

ble documents are available at points of use.

The relevant version of a document is the version

that should be used for a task. It may not be the latest

version because you may have reason to use a

different version of a document such as when

building or repairing different versions of the same

product. Applicable documents are those that are

needed to carry out work. Availability at points of use

means the users have access to the documents they

need at the location where the work is to be

performed. It does not mean that users should possess copies of the documents

they need, in fact this is undesirable because the copies may become outdated

and not withdrawn from use.

This requirement exists to ensure that access to documents is afforded when

required. Information essential for the performance of work needs to be

accessible to those performing it otherwise they may resort to other means

of obtaining what they need that may result in errors, inefficiencies and

hazards.

In order to make sure that documents are available you should not keep them

under lock and key (or password protected) except for those where restricted

access is necessary for security purposes. You need to establish who wants

which documents and when they need them. The work instructions should

specify the documents that are required for the task so that those documents

not specified are not essential. It should not be left to the individual to

determine which documents are essential and which are not. If there is a need

for access out of normal working hours, access has to be provided. The more

copies there are the greater the chance of documents not being maintained so

minimize the number of copies. A common practice is to issue documents to

managers only and not the users. This is particularly true of management

system documents. One finds that only the managers hold copies of the

Quality Manual. In some firms all the managers reside in the same building,

even along the same corridor and it is in such circumstances that one invariably

finds that these copies have not been maintained. It is therefore impractical to

have all the copies of the Quality Manual in one place. Distribute the

documents by location, not by named individuals. Distribute to libraries, or

document control centres so that access is provided to everyone and so that

someone has responsibility for keeping them up to date. If using an intranet,

the problems of distribution are less difficult but there will always be some

groups of people who need access to hard copy.

The document availability requirement applies to both internal and external

documents alike. Customer documents such as contracts, drawings, specifica-

tions and standards need to be available to those who need them to execute

their responsibilities. Often these documents are only held in paper form and

therefore distribution lists will be needed to control their location. If documents

in the public domain are required, they only need be available when required

for use and need not be available from the moment they are specified in a

specification or procedure. You should only have to produce such documents

when they are needed for the work being undertaken at the time of the audit.

However, you would need to demonstrate that you could obtain timely access

when needed. If you provide a lending service to users of copyrighted

documents, you would need a register indicating to whom they were loaned so

that you can retrieve them when needed by others.

A document that is not ready for use or is not used often may be archived.

But it needs to be accessible otherwise when it is called for it won’t be there. It

is therefore necessary to ensure that storage areas, or storage mediums provide

secure storage from which documents can be retrieved when needed. Storing

documents off-site under the management of another organization may give

rise to problems if they cannot be contacted when you need the documents.

Archiving documents on magnetic tape can also present problems when the

tape cannot be found or read by the new technology that has been installed!

Electronic storage presents very different problems to conventional storage and

gives rise to the retention of ‘insurance copies’ in paper should the retrieval

mechanism fail.

Ensuring documents are legible and identifiable

The standard requires documents to remain legible and

readily identifiable.

Legibility refers to the ease with which the informa-

tion in a document can be read or viewed. A

document is readily identifiable if it carries some

indication that will quickly distinguish it from

similar documents. Any document that requires a reader to browse through it

looking for clues is clearly not readily identifiable.

The means of transmission and use of documents may cause degradation

such that they fail to convey the information originally intended. Confusion

with document identity could result in a document being misplaced, destroyed

or otherwise being unobtainable. It can also result in incorrect documents

being located and used.

This requirement is so obvious it hardly needs to be specified. As a general

rule, any document that is printed or photocopied should be checked for

legibility before distribution. Legibility is not often a problem with electron-

ically controlled documents. However, there are cases where diagrams cannot

be magnified on screen so it would be prudent to verify the capability of the

technology before releasing documents. Not every user will have perfect

eyesight! Documents transmitted by fax present legibility problems due to the

quality of transmission and the medium on which the information is printed.

Heat sensitive paper is being replaced with plain paper but many organiza-

tions still use the old technology. You simply have to decide your approach.

For any communication required for reference, it would be prudent to use

photocopy or scan the fax electronically and dispose of the original.

Documents used in a workshop environment may require protection from oil

and grease. Signatures are not always legible so it is prudent to have a policy

of printing the name under the signature. Documents subject to frequent

photocopying can degrade and result in illegible areas.

Although a new requirement, it is unusual to find documents in use that carry

no identification at all. Three primary means are used for document

identification – classification, titles and identification numbers. Classification

divides documents into groups based on their purpose – policies, procedures,

records, plans, etc are classes of documents. Titles are acceptable providing

there are no two documents with the same title in the same class. If you have

hundreds of documents it may prove difficult to sustain uniqueness.

Identification can be made unique in one organization but outside it may not

be unique. However, the title as well as the number is usually sufficient.

Electronically controlled documents do not require a visible identity other than

the title in its classification. Classifying documents with codes enables their

sorting by class.

Revision Of Documents In ISO 9000 Standards

The ISO 9000 Standard requires that documents be updated as