ISO 9000 Training: June 2010

Saturday, June 12, 2010

Quality Planning

Whenever the term “product” is used within the ISO 9001 standard, it refers to both tangible goods and intangible services. The ISO 9001 standard is meant to be generic which means that it is suitable for all kinds of organization, whether commercial or otherwise. The purpose of the quality management system model that is being propagated by the standard is the fulfillment of customer requeirements and expectations in order to induce high levels of customer satisfaction. An unsatisfied customer is essentially a customer whose requirements or needs, and expectations of the level of services being granted upon him/her have not been met. We are all customers because we buy products all the time. So we know what it means to be a dissatisfied customer. The common reaction is to never to go back to that seller and look for other alternatives. A successful organization is one which understands what it takes to meet customer requirements in order to satisfy their needs and expectations. A specific process is thus necessary to resolve any customer complaint or dispute. This process should be geared towards satisfying the customer’s needs and expectations. The parameters of this process should be referenced from the terms of the sale and purchase. This is why it is necessary to review the customer’s requirements before committing to the sales contract. It is necessary that the customer understands what he/she is paying for and it is equally necessary for the organization to understand what it is supposed to deliver. When your organization has these processes in place, then the only thing to do next is to continually measure the effectiveness and subsequently take actions to continually improve the whole process.

Management Principles Of ISO 9001 Standards

ISO 9000 is based on eight management principles:

• Customer focus, resulting in meeting customer requirements and striving to exceed them;

• Leadership, aiming to create an internal environment in which people are fully involved;

• Involvement of people who are the essence of an organization;

• Process approach, resulting in improved efficiency to obtain desired results;

• System approach to management, leading to improved effectiveness and efficiency through identification, understanding and management of interrelated processes;

• Continual improvement, which becomes a permanent objective of the organization;

• Factual approach to decision-making, based on the analysis of data and information; and

• Mutually beneficial supplier relationships, based on an understanding of their interdependence.

ISO 9000 encourages the adoption of the process approach to manage an organization. There are five main areas considered for the revised process model in ISO 9000:

• Quality management system

• Management responsibility

• Resource management

• Product realization

• Measurement, analysis and improvement.

The Benefits To Integrate ISO 14001:2004 and ISO 9001:2008

The Benefits To Integrate ISO 14001:2004 and ISO 9001:2008

Reduce the time and cost of implementing the new specification by acquiring a concise, yet thorough understanding the scope of ISO 14001:2004 and key terms.

Avoid spinning your wheels by learning precisely which modifications and additions to ISO 14001:2004 require your attention for compliance with ISO 9001:2008.

Get a quick handle, through hands-on activities, on the environmental aspects of ISO 14001:2004, including how to:
- Develop an environmental policy statement appropriate for your company
- Integrate processes for identifying environmental aspects and impacts
- Identify environmental objectives, set related targets, and establish programs for achieving results
- Integrate environmental responsibilities and authorities into a management system
- Outline an environmental awareness and training program
- Establish environmental metrics and indicators for monitoring performance
- Integrate requirements on non-conformance and corrective and preventive actions into your existing system
- Understand the purpose and scope of the environmental management review
- Integrate document control requirements of ISO 14001:2004 into your current system
- Identify those operations that need to be controlled under EMS and identify emergency operations and contingencies that must be considered as part of EMS

Get off to a running start by learning to use a versatile prioritization matrix to identify and prioritize significant environmental aspects and impacts.

Optimize understanding and retention with the Plexus Learning Model
- Multiple learning channels through lecture, coaching, group activities, innovative learning exercises and case studies.
- Hands-on insights. Lecturing is minimized so learning is maximized.
- Learn by doing. Connect the lessons learned to your real world by using your current circumstances as examples for activities.

Hidden Businees Opportunities

The ISO 9001:2000 Standard has been revised after eight years. And the buzz is rapidly reaching a crescendo. We continue to receive numerous emails and phone calls regarding the impact of the new release. First, let me dispel any anxiety about the November 15, 2008 official “2008” release. There are no new requirements. The changes are largely interpretive, and focus on terminology clarifications. The changes to the ISO 9001 amendment, however, will have considerable benefit.
As a back drop, keep in mind that ISO 9001 is not just an International Standard for a Quality Management System. It is the world’s most recognized business management standard. And it makes a strong business case. It focuses attention on leadership, business planning, organizational business processes, your customers (internal and external), measurement and reporting, and continual improvement. That translates to improved business results and a sustainable competitive advantage.

Overview of the Changes

The points of clarification focus on outsourcing, documentation, management representative, employee competence, design verification and validation, process monitoring, control of nonconforming product and corrective and preventive action. But bear in mind, no “shalls” (requirements) were added or removed.
Examples of select changes include: In an attempt to clarify the term “outsourcing,” notes were added that require the organization to identify processes (and the control of these) to be completed by an external party. With respect to documentation, the changes focus on improving the compatibility between ISO 9001 and ISO 14001.
The only significant addition to the management representative sub clause was to require that the MR be a member of the organization’s management team. This means a contracted person could serve in this role as long as he or she is also considered part of management. The management representative does not have to be full-time.
With regard to competence of employees, a note was added to make training more pervasive throughout the organization. Training applies to all employees directly or indirectly responsible for delivering a service or producing a product (everyone that is part of the quality chain). A complete listing of changes can be found in Annex B (Table B.1) of the Standard. Also, note that there is better alignment with ISO 14001:2004.

Organizations preparing to implement a QMS For ISO 9001

Organizations preparing to implement a QMS For ISO 9001

For organizations that are in the process of implementing a QMS, and wish to meet the requirements of ISO 9001:2008, the following comments may be useful.
For organizations that are in the process of implementing or have yet to implement a QMS, ISO 9001:2008 emphasizes a process approach. This includes:
- Identifying the processes necessary for the effective implementation of the quality management system
- understanding the interactions between these processes.
- documenting the processes to the extent necessary to assure their effective operation and control. (It may be
appropriate to document the processes using process maps. It is emphasized, however, that documented process maps are not a requirement of ISO 9001:2008.)
These processes include the management, resource, product realization and measurement processes that are relevant
to the effective operation of the QMS.
Analysis of the processes should be the driving force for defining the amount of documentation needed for the quality management system, taking into account the requirements of ISO 9001:2008. It should not be the documentation that drives the processes.

History and Evolution of ISO 9000 Standards

Pre ISO 9000
During World War II, there were quality problems in many British industries such as munitions, where bombs were exploding in factories during assembly. The solution adopted to address these quality problems required factories to document their manufacturing procedures and to prove by record-keeping that the procedures were being followed. The standard was BS 5750, and it was known as a management standard because it specified not what to manufacture, but how the manufacturing process was to be managed. In 1987, the British Government persuaded the International Organization for Standardization (ISO) to adopt BS 5750 as an international standard. The international standard was named ISO 9000.

ISO 9000: 1987 Version
ISO 9000:1987 had the same structure as the British Standard BS 5750, with three ‘models’ for quality management systems, the selection of which was based on the scope of activities of the organisation:
• ISO 9001:1987 Model for quality assurance in design, development, production, installation, and servicing was for companies and organisations whose activities included the creation of new products
• ISO 9002:1987 Model for quality assurance in production, installation, and servicing had basically the same material as ISO 9001 but without covering the creation of new products.
• ISO 9003:1987 Model for quality assurance in final inspection and test covered only the final inspection of finished product, with no concern for how the product was produced.
ISO 9000:1987 was also influenced by existing U.S. and other Defense Standards (MIL SPECS), and so was well-suited to manufacturing. The emphasis tended to be placed on conformance with procedures rather than the overall process of management—which was likely the actual intent.

ISO 9000:1994 (Year 1994 Revision)
ISO 9000:1994 emphasised quality assurance via preventive actions, instead of just checking final product, and continued to require evidence of compliance with documented procedures. As with the first edition, the down-side was that companies tended to implement its requirements by creating shelf-loads of procedure manuals, and becoming burdened with an ISO bureaucracy. In some companies, adapting and improving processes could actually be impeded by the quality system.

ISO 9000:2000 (Year 2000 Revision)
ISO 9001:2000 combines the three standards 9001, 9002, and 9003 into one, called 9001. Design and development procedures are required only if a company engages in the creation of new products. The 2000 version sought to make a radical change in thinking by placing the concept of process management front and centre (”Process management” was the monitoring and optimising of a company’s tasks and activities, instead of just inspecting the final product). The Year 2000 version also demands involvement by upper executives, in order to integrate quality into the business system and avoid delegation of quality functions to junior administrators. Another goal is to improve effectiveness via process performance metrics — numerical measurement of the effectiveness of tasks and activities. Expectations of continual process improvement and tracking customer satisfaction were made explicit.

ISO 9000:2008 (Year 2008 Revision)
The new ISO 9001:2008 was published on 15 November 2008. ISO 9001:2008 uses the same numbering system as ISO 9001:2000 to organise the standard. As a result, the new ISO 9001:2008 standard looks very much like the old standard. No new requirements have been added. However, some important clarifications and modifications have been made.

As with the release of previous versions, organisations registered to ISO 9001:2000 will be given a period to transition to the ISO 9001:2008 standard, assuming changes are needed.

ISO 9000 — a way of managing for conformance
Quality assurance, according to the Standard, is a way of managing that prevents non-conformance and thus “assures quality”. This is what makes ISO 9000 different from other standards: it is a management standard, not a product standard. It goes beyond product standardisation: it is standardising not what is made but how it is made. To use standards to dictate and control how organisations work was to extend the role of standards to new territory. To take such a step we might have firstly established that any such requirements worked — that they resulted in ways of working which improved performance.
Yet the plausibility of this Standard, and the fact that those who had an interest in maintaining it were (and still are) leading opinion, prevented such enquiries. In simple terms the Standard asks managers to say what they do, do what they say and prove it to a third party.
ISO 9000 (1994) paragraph 1: “The requirements specified are aimed primarily at achieving customer satisfaction by preventing non-conformity at all stages from design through servicing.”
To put it another way, the Standard asserts that preventing non-conformance achieves customer satisfaction. But does it? Of course it matters to customers that a product works. But there is no guarantee that the Standard will ensure even that. Furthermore, customers take a total view of an organisation — how easy it is to do business with — in respect of all things of importance to each and every customer.
ISO 9000 requires managers to “establish and maintain a documented quality system as a means of ensuring that product conforms to specified requirements”. Loosely translated this is “say what you do”. Management is supposed to “define and document its policy for quality . . . including its commitment to quality”.
What management would not declare its commitment to quality? But would they know what it means? Would they argue (as they should) that quality management is a different and better way to do business, or would they believe that ISO 9000 will take care of quality? The Standard encourages managers to think of “quality” and “business as usual” as separate and distinct. It helps managers avoid the revelation that quality means a wholly different view of management. Instead, the organisation “shall appoint a management representative who, irrespective of other responsibilities, shall have defined authority and responsibility” [for ISO 9000]. At a practical level this means only one executive might decide he or she had better learn a thing or two about quality. However, would being responsible for ISO 9000 lead to learning about quality or simply enforcing the ISO 9000 regime in an organisation?
Key to the regime is auditing. The Standard requires organisations to conduct internal quality audits to “verify whether quality activities comply with planned arrangements”. This can be loosely translated as “do you do as you say?” and the purpose of the audit is to see that you do. It was not until the 1994 review that the words were changed to “quality activities and related results”. It was a Standard which was rooted in the philosophy of inspection: fifteen years after its initial promulgation the promoters sought to extend the focus to results. But results or improvements assessed by what means? Inspection. By the time the Standard was adopted world-wide, quality thinking had moved a long way from the philosophy of inspection. It is now understood, at least by a few, that quality is achieved through managing the organisation as a system and using measures which enable managers to improve flow and reduce variation (which we explore in chapters 5 and 7). The defenders argue that there is nothing stopping a company having ISO 9000 and implementing methods for managing flow and reducing variation, but where are such companies? Few of the companies we researched, formally and informally, knew anything about this thinking. The Standard does not talk about it; moreover, the Standard effectively discourages managers from learning about it by representing quality in a different way.
According to ISO 8402 (quality vocabulary), quality is:
“The totality of features and characteristics of a product or service that bear on its ability to satisfy stated or implied needs.”
Everything we have learned about ISO 9000 suggests that the people who created this definition were thinking about the things which need to be controlled, those things which “bear on its ability . . .”. The builders of the Standard assumed that customer needs would be listed in contractual agreements between the supplier and customer. ISO 9000 has a “make” logic — procedures for “how you do what you do” — and a “control” logic — check to see that it is done. It is a relic of the era when contractual agreements were perceived to be an important device for regulating the behaviour of suppliers. In these ways, ISO 9000 encouraged “planning for quality”.
Planning for quality sounds plausible, but it assumes many things: that the plan is the right plan, that it is feasible, that people will “do it”, that performance will improve. It is an approach which, paradoxically, leads to poor decisions. Planners of quality systems, guided by ISO 9000, start with a view of how the world should be as framed by the Standard. Understanding how an organisation is working, rather than how someone thinks it should, is a far better place from which to start change of any kind.

Managing Processes In ISO 9000 Standards

Managing Processes In ISO 9000 Standards

The ISO 9000 Standard requires the organization to manage the identified processes in accordance with the requirements of ISO 9001.

The first stage in managing a process is to establish what it is you are trying to achieve, what requirements you need to satisfy, what goals you are aiming at; then establish how you will measure your achievements. The next stage is to define the process you will employ to deliver the results. Managing the process then involves managing all the inherent characteristics of the process in such a manner that the requirements of customers and interested parties are fulfilled by the process outcomes. This means:

Managing the process inputs

Managing the work

Managing the physical resources

Managing the financial resources

Managing the human resources

Managing the constraints

Managing the outputs

Process management is therefore much more than managing activities and therefore when describing processes, one needs more than a flow chart of activities. The chart is a diagrammatical representation of a process but only one aspect. One can also add numerical data to the charts to indicate resources, cycle times, delays, costs etc. but the intangible factors of the human environment cannot be reduced to numerical data to add to the charts.

The notes to clause 4.1 of ISO 9001 need some explanation. It is stated that the processes needed for the management system include management activities, provision of resources, product realization and measurement. This note could cause confusion because it suggests that these are the processes that are needed for the management system. It would be unwise to use this as the model and far better to identify the processes from observing how the business operates. The term provision of resources should be Resource Management, which is the collection of processes covering financial, human and physical resources.

Product realization is also a collection of processes such as design, production, service delivery, etc. Measurement is not a single process but a sub-process within each process. Grouping all the measurement processes together serves no useful purpose except it matches the standard – a purpose of little value in managing the organization.

The second note refers to outsourcing processes although it is difficult to imagine that management activities, product realization or measurement would be outsourced in its entirety. It is likely that market research; design, product verification, equipment calibration and other specialized services may be outsourced. While outsourcing comes under purchasing, it is correct to point out that the organization should control any outsourced processes. The supplier of the process is usually referred to as a subcontractor because they provide services to the organization’s requirements not their own. Control of subcontractors is covered by clause 7.4 but in meeting clause 7.4.3, you need to treat suppliers and subcontractors differently.

Identifying and Recording Design Changes In ISO 9000 Standards

Identifying and Recording Design Changes In ISO 9000 Standards

The documentation for design changes in ISO 9000 Standards should comprise the change proposal, the results of the evaluation, the instructions for change and traceability in the changed documents to the source and nature of the change. You will therefore need:
- A Change Request form which contains the reason for change and the
results of the evaluation – this is used to initiate the change and obtain
approval before being implemented.
- A Change Notice that provides instructions defining what has to be changed this is issued following approval of the change as instructions to the owners of the various documents that are affected by the change.
- A Change Record that describes what has been changed – this usually forms part of the document that has been changed and can be either in the form of a box at the side of the sheet (as with drawings) or in the form of a table on a separate sheet (as with specifications).
Where the evaluation of the change requires further design work and possibly experimentation and testing, the results for such activities should be documented to form part of the change documentation.
At each design review a design baseline should be established which identifies the design documentation that has been approved. The baseline
should be recorded and change control procedures employed to deal with any changes. These change procedures should provide a means for formally
requesting or proposing changes to the design. For complex designs you may prefer to separate proposals from instructions and have one form for proposing design changes and another form for promulgating design changes after approval. You will need a central registry to collect all proposed changes and provide a means for screening those that are not suitable to go before the review board, (either because they duplicate proposals already made or because they may not satisfy certain acceptance criteria which you have prescribed). On receipt, the change proposals should be identified with a unique number that can be used on all related documentation that is subsequently produced. The change proposal needs to:
- Identify the product of which the design is to be changed
- State the nature of the proposed change identify the principal requirements, specifications, drawings or other design documents which are affected by the change
- State the reasons for the change either directly or by reference to failure
reports, nonconformity reports, customer requests or other sources
- Provide for the results of the evaluation, review and decision to be
recorded

ISO 9000 Document Control Procedures

The ISO 9000 Standard requires that a documented procedure be established to define the controls needed.

This requirement means that the methods for per-

forming the various activities required to control

different types of documents should be defined and

documented.

Although the standard implies that a single proce-

dure is required, should you choose to produce

several different procedures for handling the differ-

ent types of documents it is doubtful that any auditor

would deem this noncompliant. Where this might be

questionable is in cases where there is no logical reason for such differences

and where merging the procedures and settling on a best practice would

improve efficiency and effectiveness.

Documents are recorded information and the purpose of the document

control process is to firstly ensure the appropriate information is available

where needed and secondly to prevent the inadvertent use of invalid

information. At each stage of the process are activities to be performed that

may require documented procedures in order to ensure consistency and

predictability. Procedures may not be necessary for each stage in the process.

Every process is likely to require the use of documents or generate documents

and it is in the process descriptions that you define the documents that need to

be controlled. Any document not referred to in your process descriptions is

therefore, by definition, not essential to the achievement of quality and not

required to be under control. It is not necessary to identify uncontrolled

documents in such cases. If you had no way of tracing documents to a

governing process, a means of separating controlled from uncontrolled may

well be necessary.

The procedures that require the use or preparation of documents should also

specify or invoke the procedures for their control. If the controls are unique to

the document, they should be specified in the procedure that requires the

document. You can produce one or more common procedures that deal with

the controls that apply to all documents. The stages in the process may differ

depending on the type of document and organizations involved in its

preparation, approval, publication and use. One procedure may cater for all the

processes but several may be needed.

The aspects you should cover in your document control procedures, (some

of which are addressed further in this chapter) are as follows

Planning new documents, funding, prior authorization, establishing need

etc.

- Preparation of documents, who prepares them, how they are drafted,

conventions for text, diagrams, forms etc.

- Standards for the format and content of documents, forms and diagrams.

- Document identification conventions.

- Issue notation, draft issues, post approval issues.

- Dating conventions, date of issue, date of approval or date of distribution.

- Document review, who reviews them and what evidence is retained.

- Document approval, who approves them and how approval is denoted.

- Document proving prior to use.

- Printing and publication, who does it and who checks it.

- Distribution of documents, who decides, who does it, who checks it.

- Use of documents, limitations, unauthorized copying and marking.

- Revision of issued documents, requests for revision, who approves the

request, who implements the change.

- Denoting changes, revision marks, reissues, sidelining, underlining.

Amending copies of issued documents, amendment instructions, and

amendment status.

- Indexing documents, listing documents by issue status.

- Document maintenance, keeping them current, periodic review.

- Document accessibility inside and outside normal working hours.

- Document security, unauthorized changes, copying, disposal, computer

viruses, fire and theft.

- Document filing, masters, copies, drafts, and custom binders.

- Document storage, libraries and archive, who controls location, loan

arrangements.

- Document retention and obsolescence.

With electronically stored documentation, the document database may provide

many of the above features and may not need to be separately prescribed in

your procedures. Only the tasks carried out by personnel need to be defined in

your procedures. A help file associated with a document database is as much

a documented procedure as a conventional paper based procedure.

ISO 9000 Document Control Procedures

The ISO 9000 Standard requires that a documented procedure be established to define

the controls needed.

This requirement means that the methods for performing the various activities required

to control different types of documents should be defined and documented.

Although the standard implies that a single procedure is required, should you choose

to produce several different procedures for handling the different types of documents

it is doubtful that any auditor would deem this noncompliant. Where this might be

questionable is in cases where there is no logical reason for such differences

and where merging the procedures and settling on a best practice would

improve efficiency and effectiveness.

Documents are recorded information and the purpose of the document

control process is to firstly ensure the appropriate information is available