Read more on ISO 9001 Standard at http://www.iso9001store.com
Tuesday, February 28, 2012
Tuesday, November 8, 2011
Sample ISO 9001 Internal Auditing Procedure
1. PURPOSE
The purpose of this procedure is to define the steps that
- Conforms to planned arrangements, to the requirements of ISO 9001 and to the quality management system requirements established by
- Is effectively implemented and maintained.
2. SCOPE
This procedure applies to all company personnel who are responsible for planning, development, use, and maintenance of the quality management system.
3. DEFINITIONS
None
4. REFERENCES
4.1 Quality Manual,
5. ASSOCIATED DOCUMENTS
5.1 Audit Check List,
5.2 ERC/ERO Procedure,
5.4 Audit Schedule,
5.3 Audit Notebook
6. PROCEDURE
NOTE 1: This procedure is typically initiated about four weeks prior to the execution of an internal audit as called for by
NOTE 2: Every element in the quality system is audited on a regular basis and at minimum of once per year. Activities are audited more frequently if there are significant changes taking place (i.e., many new hires/high turnover of personnel, modified procedures and work instructions, etc.) or if there is a history of problems in that area.
NOTE 3: Only qualified personnel may perform internal auditing activities. These qualified personnel are classified as internal auditors and have received the following training as a minimum: 1 day training on internal auditing techniques, 1 day training on the ISO 9001 Standard, this training may be performed by previously trained internal auditors.
6.1 AUDIT PLANNING, COORDINATION, AND PREPARATION
6.1.1 The Quality Assurance Manager defines the specific criteria, scope, methods, and objectives for the upcoming internal audit based on the status, maturity, and importance of specific elements in
Audits shall be carried out to a defined scope and shall be as follows,
a) Planned: as per the internal audit plan
b) Unplanned: arising as a result of,
- Customer complaints
- Following the implementation of actions defined in a corrective action report
- Following the identification of additional or amended procedures for products
NOTE 4: In planning the particular audit, these activities include determining the extent and boundaries of the audit (locations, activities, processes); set of policies, procedures and/or requirements to be audited against; auditing methods; and audit objectives.
6.1.2 The Quality Assurance Manager selects the appropriate auditor to ensure objectivity and impartiality of the audit process.
6.1.3 The Quality Assurance Manager and the auditor review the proposed audit program to ensure that it is consistent with and effective for the defined audit criteria, scope, methods, and objectives.
6.1.4 Prior to the audit date, auditor reviews the appropriate quality system documentation, records of completed corrective and preventive actions, and past audit findings for the activities to be audited, and then develops a checklist covering the quality system elements and activities to be audited.
6.2 INTERNAL QUALITY AUDIT INVESTIGATION
6.2.1 The auditor will contact the personnel in the area being audited at the time indicated on the audit program, and briefly review the audit criteria, scope, methods and objectives with them.
NOTE 5: The checklists only serve as a guide to the auditors, and other areas may be investigated as deemed necessary by the auditors or as requested by the auditee.
6.2.2 When a nonconformance is identified, the auditor presents the nature of the nonconformity and the evidence to the personnel involved for verification, clarification, and addresses any questions or concerns that the personnel may have, as well as to give advice, when requested, regarding any problems which are uncovered.
6.2.3 If the nonconformance is confirmed, then go to step 6.2.5.
6.2.4 If the possible nonconformance requires further clarification the auditor will discuss the situation with the Quality Assurance Manager.
6.2.5 After the facts of the nonconformity are verified (or modified), the auditor either drafts nonconformance statement or documents the necessary information for writing one later.
NOTE 6: The nonconformance statement includes the nature of the nonconformity, the actual evidence obtained, and the nature of the requirement that is not being complied with (i.e., the appropriate ISO 9001 clause number, the appropriate quality system document section/page/paragraph, what the personnel says is the normal practice, contract requirements, statutory regulations, current standards, and any other relevant requirements).
6.3 REPORTING AND FOLLOW-UP
6.3.1 Within 2 weeks of completing the internal audit program, the auditor prepares a brief internal audit report and submits it to The Quality Assurance Manager for review and approval.
NOTE 7: The audit report includes the audit’s criteria, scope, methods and objectives, the names and titles of the audit team members, a summary of general observations (i.e., general degree of compliance and any significant problems encountered), all statements of nonconformities, weaknesses, and/or opportunities for improvement, and verification results for follow-up activities performed during the audit.
6.3.2 The Quality Assurance Manager reviews and approves the internal audit report, and then distributes copies of the report to senior management and the personnel of the audited areas that were directly involved in the audit.
NOTE 8: Any additional comments or observations of the Quality Assurance Manager can be attached to the report, but the auditor’s observations be will not be deleted or modified by The Quality Assurance Manager.
6.3.3 The Quality Assurance Manager request a Engineering Change Request for any nonconformity listed in the Internal Audit Report and for any weaknesses and “opportunities for improvement” identified and documented.
6.3.4 The Quality Assurance Manager updates and maintains the long-range audit schedule based upon the documented results of the audit and the planned corrective and preventive actions.
6.3.5 The Quality Manager shall maintain an audit notebook detailing all internal and external audits carried out.
- Long-range audit schedule
- Internal audit program
- Completed checklists- signed and dated by each auditor
- Audit report
7. REVIEW PROCEDURE
Any suggested improvements or modifications to this procedure are to be passed on to the Quality Assurance Manager for discussion at the next Quality Review Committee meeting.
ISO 9001 Standards – Quality Policy and Objectives
A ISO 9001 Standards quality policy and its corresponding quality objectives are established to direct the organization towards two specific goals of a quality management system:
-Provision of products – goods and services – that meet customer and applicable legal requirements, and
- Enhancement of customer satisfaction
The quality policy and the objectives are also a means of controlling the quality management system’s processes. Simply, if you want to control a process, assign an objective to it (or more) and make sure it is aligned to the quality policy, then monitor and measure the process’ performance against the assigned objective. You need to provide adequate resources to the process to ensure that it is capable of achieving the objective. You continually improve the whole process by upgrading the objective, make corrective and preventive actions or introduce innovation to it. Corrective action addresses an undesirable situation’s cause in order to prevent its recurrence. Preventive action, by contrast, addresses the probable cause of a potentially undesirable situation. This is what the quality policy and objectives are supposed to do. They provide focus, direction and control.
The quality objectives need to be consistent with the quality policy and the commitment to continual improvement, and their achievement needs to be measurable. The achievement of quality objectives can have a positive impact on product quality, operational effectiveness and financial performance and thus on the satisfaction and confidence of interested parties. When an organization has established a quality policy and a set of operational objectives, this means the only thing left to do is to design or plan the necessary processes or tasks that can realize those objectives. Therefore, the processes determine if the objectives will be met in full, partially or not at all. This is where the ISO 9001 standard play a critical role in specifying the required processes and the operating criteria. This is what ISO 9001 is all about. It even specifies criteria for the policy and the objectives.
A quality policy needs to satisfy the following requirements:
- It is appropriate to the purpose of the organization,
- It includes a commitment to comply with requirements and continually improve the effectiveness of the quality management system,
- It provides a framework for establishing and reviewing quality objectives,
- It is communicated and understood within the organization, and
- It is reviewed for continuing suitability
Quality objectives must be established in order to enable the organization to comply with requirements and continually improve the effectiveness of the quality management system. Quality objectives must achieve four things:
- Enable the organization to meet customer requirements
- Enable the organization to enhance customer satisfaction
- Enable the organization to comply with all legal requirements applicable to the product
- Continually contribute to the effectiveness of the quality management system
Therefore, when you are in the meeting room with your management brainstorming on the appropriate objectives, have these four points in mind.
ISO 9001:2000 requires that management periodically review changes to both the policy and objectives. An organization’s objectives must be measurable and its processes designed to meet those objectives. An organization’s overall business goals, quality objectives and quality policy are all interrelated and must work together to achieve business improvement. To do this, it’s necessary to understand which processes are key to achieving business goals and align those processes with the quality objectives. It means aligning business goals, quality objectives and process measures to create real improvement. And it means using process mapping. Process mapping involves more than just flow charting. Among other things, it can manage and improve processes by illustrating process measures as well as process flows and interactions. One process-mapping method begins by involving the people who work in the process. Another entails mapping the process as is, taking action to improve it and then preparing a final map of the improved process.
Process owners are directly responsible for the attainment of the objectives. They must be given adequate resources, including competent human resources. They need to review the objectives periodically to ensure the key performance indicators are heading towards their objectives on schedule. If not, they need to initiate corrective actions and if the risks of non-achievement are visible, take preventive actions to control them and steer the KPI’s back on course.
Examples of quality objectives:
- Production rejects <>
- Machine breakdown <>
- Returned products = 0/mth
- Purchasing >95% on-time delivery
- Inventory damage = 0/mth
Conclusion: ISO 9001 requires that the quality management system achieves its objectives in order to realize the quality policy.
How To Get ISO 9001 Certified
The ISO 9001 accreditation is part of the International Organization for Standardization 9000 standards. They are awarded to businesses for quality. The ISO 9001 is recognized worldwide as an award for a company’s internal quality management or actions that the company takes to ensure the product or service they provide is of the highest quality. Customer satisfaction is a major factor in whether a company will be awarded an ISO 9001 accreditation. The International Organization for Standardization in Geneva, Switzerland publishes thousands of international standards to help companies throughout the world more efficiently do business with one another. The 27 page ISO 9001 standard is focused on defining minimum business practices for the production and delivery of a company’s products and services through the implementation of a formal “quality management system”, or QMS. An ISO QMS is made up of certain processes, documentation and other formal practices that control internal company operations to ensure customer requirements are consistently met. To pass an audit, an organization must follow these guidelines: Develop a Quality Management System (QMS) manual. Develop the procedures required by the ISO 9001 Standard. Determine the additional processes and procedures that are needed by the organization to perform work and satisfy the requirements in the ISO Standard. Operate in accordance with the organization’s documented QMS. Provide evidence that the organization is operating according to the QMS. The achievement of an ISO 9001 certification is a milestone in demonstrating to your customers that you have implemented a reliable system of producing and delivering your products and services. The focus of this “system” is twofold: providing consistent products and services; and continual improvement in your processes leading to better results. The ISO 9001 certification is granted by a third-party auditing firm called a Registrar who specializes in quality system auditing. There are a wide variety of Registrars located in every ISO participating country. Some firms have offices internationally; others have a more regional focus. The selection of your Registrar is one of the more important decisions you will make to ensure the best alignment with your type of business, your location(s) and overall cost of maintaining the certification. The initial certification audit is conducted in two parts. The Stage 1 audit is a general review of your QMS documentation to ensure you have addressed all of the requirements of the ISO 9001 standard. Depending upon the size of your business, this can be conducted in a one to two day visit to your facility or virtually via phone. Any discrepancies noted during the Stage 1 audit will be documented in a formal report and must be corrected before the Stage 2 audit. The main part of the ISO audit is the Stage 2 audit which is always conducted onsite at your location(s) and will be focused on the implementation and effectiveness of your QMS. During this audit which can take 1 day (for very small companies) to several days, the auditor(s) will tour your company, speak to managers and employees, and review documentation and records (along with any Stage 1 discrepancies) to ensure that your system is fully implemented. If nonconformances are found, they will be documented in a formal report for correction. Following the Stage 2 audit, you are generally given thirty (30) days to submit corrective action plans for all audit nonconformances. Once corrective actions are received, your certification is complete and your certificate is issued. In order to maintain the certification, you will participate in an annual surveillance audit from your Registrar where they confirm that you are maintaining your QMS. Every third year, a more comprehensive re-certification audit is conducted, similar to the initial certification audit.
Read more at http://www.iso9001store.com
Sunday, August 21, 2011
Document Review In ISO 9000 Standards
The ISO 9000 Standard requires that documents be reviewed.
Previously the implication was that the review was a
check by potential users that the document was fit
for purpose before it was offered for approval. It
could be construed that for a document to receive
approval it must be checked and therefore ‘review
and approval’ in this context are one and the same
and the requirement is in this instance enhanced
rather than relaxed.
A review is another look at something. Therefore
document review is a task that is carried out at any
time following the issue of a document.
This requirement responds to the Continual Improvement principle.
Reviews may be necessary when:
- Taking remedial action (i.e. Correcting an error)
- Taking corrective action (i.e. Preventing an error recurring)
- Taking preventive action (i.e. Preventing the occurrence of an error)
- Taking maintenance action (i.e. Keeping information current)
- Validating a document for use (i.e. When selecting documents for use in
connection with a project, product, contract or other application)
- Taking improvement action (i.e. Making beneficial change to the
information)
Reviews may be random or periodic. Random reviews are reactive and arise
from an error or a change that is either planned or unplanned. Periodic reviews
are proactive and could be scheduled once each year to review the policies,
processes, products, procedures, specification etc. for continued suitability. In
this way obsolete documents are culled from the system. However, if the
system is being properly maintained there should be no outdated information
available in the user domain. Whenever a new process or a modified process
in installed the redundant elements including documentation and equipment
should be disposed of.
Monday, May 16, 2011
Who Is ISO 9001 Consultant?
Who Is ISO 9001 Consultant?
ISO 9001 Consulting has been available ever since the ISO management system standards were initially published in the late 1970′s. As of now, nearly a million business companies internationally have been certified to one or more of several ISO business standards. These include ISO 9001, ISO 14001, AS9100, ISO/TS 16949, etc. The statistics that have been accumulated to date indicate that while many organizations deployed ISO standards using internal know-how, those that used outside ISO 9001 consulting services profited the most in terms of speed of implementation, effectiveness and return on investment.
ISO 9001 Consultancy firms provide a numberof services. Let’s take a look at some of these so that you can determine what collection of services would best suit your company:
How To Interpret The ISO 9001 Standard?
The ISO 9001 quality management system standard can be a hard document to understand. It is written in semi-legal language and specifies requirements in in a very general sense. This is deliberately so, as it is meant to consider just about any type of business activity. Many companies have problems relating it to their specific organizations. An experienced ISO 9001 consultant can show you exactly how to apply the standard to your specific business processes.
ISO 9001 Gap Evaluation
Prior to implementing the ISO standard within your organization, you need to know the gap between your existing business practices and controls relative to ISO 9001. Using ISO 9001 consulting services, you can have an evaluation done of your current management system practices, controls and documentation, to determine to what extent you comply to ISO 9001 requirements. The consultant will give you a detailed audit report listing the gaps in your company, along with their recommendations. This will assist in developing your ISO 9001 project implementation plan to accomplish full compliance.
ISO 9001 Project Planning and Organization
Depending size and complexity of your business, an ISO 9001 implementation project can take as few as 4 months to over 18 months to complete. Your ISO project needs to well-planned in terms of time and resources needed, specific activities to be carried out, who will be responsible for each activity, milestone reviews, authorizations, training, dealing with problems, etc. A good ISO 9001 consultant can be an invaluable resource in assisting a business address with this important activity.
ISO 9001 Business Process Identification and Documentation
ISO 9001 views business processes as the main point of control. These include internal as well as outsourced processes. Quite a few companies have issues differentiationg between processes, departments and functional activities. ISO 9001 consulting experts can assist you identify and effectively document all organizational processes pertaining to your quality management system. These include customer-oriented, management, product realization, resource planning, measurement, support and outsourced processes.
ISO 9001 System Development and Implementation
The main thrust of the ISO 9001 standard is on effective planning, operation and control of thrust all relevant quality management system processes. This is probably the most time-consuming and difficult aspect of any ISO implementation project. Many questions may arise as to what processes must be be controlled, what should be an effective control, how best to communicate and implement it, the inter-process impact, how to set process goals and objectives and what records to keep. Here is where using external ISO 9001 consulting will significantly help in answering these questions, provide focus and speed up implementation.
ISO 9001 Management System Documentation
The latest ISO 9001:2008 standard minimizes the emphasis on documentation and maximizes its attention on effective planning and control. Adequate documentation is however needed for many business processes in order to establish consistent application of effective controls. Some business have either too much or too little documentation. An experienced consultant can help your organization determine where it is needed, how much and how it should be documented.
ISO 9001 Pre-assessment
ISO 9001 Registrars (also referred to as Certification Bodies) conduct their certification audit in two stages. In stage 1, they determine your state of readiness (which includes your planning, documentation and internal review activities) and in stage 2 they evaluate your management system for effective implementation of planned controls, in both cases relative to the ISO 9001 standard. After spending several months of implementation, you feel your company ready for the certification audit, it might be useful to use external consulting to do an assessment to determine if you are truly ready, identify any issues and help you take appropriate corrective action, prior to the Registrar audit.
ISO 9001 Training
ISO 9001 Consultancy services generally provide a number of training alternatives. These include
- ISO 9001 awareness training to employees at all levels
- An executive summary of the ISO standard to senior management
- Process identification, mapping, analysis and improvement
- ISO project management
- ISO documentation and implementation
- Internal audit
- Use of problem-solving tools
Based on the amount of internal expertise inside your organization, you may want to have an external ISO 9001 consulting service provide some or all of this training.
Develop and Maintain your ISO 9001 Internal Audit Program
To be certified and maintain your certification, the ISO 9001 Standard requires your organization to plan and conduct an internal audit program of its quality management system. In these days, some comapnies are short on resources, internal audit expertise and personnel availability outsource the upkeep of their internal audit programs to ISO 9001 consulting firms.
ISO 9001 Continual Improvement Process
The ISO 9001 standard requires your quality management system to be dynamic and work towards continually improving the effectiveness and efficiency of your organization and enhance customer satisfaction. Some ISO 9001 consulting firms have diversified skills and experience in continual improvement strategies and methods. These mayinclude problem-solving, six sigma, lean manufacturing, use of various business software and tools, etc. They can significantly accelerate your pace at gaining further operational efficiency, customer satisfaction and increased business profitability.
Wednesday, November 10, 2010
Risk Management In ISO 9000 Standard
Risk Management In ISO 9000 Standard
In each human endeavour there is an element of risk; personal, project or financial, or a combination of them all. The job of the responsible individual is to identify the risk and act accordingly. We all do these ‘risky’ things, almost daily, aware that we are taking a risk. Rather than staying away from the risk we become adept at identifying it and having a strategy for dealing with it if the risk materialises. This is what risk management is about, and is an ability that is important in virtually every endeavour.
The popular misconception that risk management is difficult or complicated stems from the bureaucratic methodology of some system-oriented organisations and managers. It is neither complicated or bureaucratic, and need not be. Risk management is basically a simple proposition with a complexity dictated by the nature of the situation to which it applies – usually a project, and the parties involved. In its basic form risk management involves:
1. Identifying risk – Looking for anything that threatens the successful completion of the project against the original requirement. Risks can be environmental, organisational, technical, legal, economic or commercial.
2. Counteracting risk – Taking action to remove or reduce the probability of a risk being realised. The response depends on the nature or seriousness of the risk.
3. Acting when the risk event occurs – Invoking whatever contingency measures were devised for the risk that has materialised.
And for this to happen needs:
4. Monitoring at all stages – This typically means documenting a risk assessment in a profile that identifies the risk, the probability of its occurrence, and the impact if it does materialise. Factors that score paramount are those that require the greatest attention and monitoring. A good risk manager will devise contingency plans that reduce either the probability or the impact of these occurrences, and so remove them from the scene.
Working within a formal structured management system similar to that defined by ISO 9000 requires the application of risk assessment practices to satisfy the requirements of the Standard. Auditors of such systems may not find specific references to risk management in these areas even though the identification of potential failure (8.5.3) is wholly concerned with a topic that is nothing less than risk management.
Well managed risk taking is an essential feature of any forward thinking enterprise, since risk is an element of any progression or advancement. It is the adoption of effective risk management in conjunction with the continuing need to drive forward from a comfortable position that leads to progress and advancement. Doing what we always do purely because the risks appear to be negligible or are well known is to be ‘risk averse’, and for progressive organisations cannot be acceptable. Neither is it acceptable to pursue new ideas without an understanding of their potential benefit, proper planning, a clear idea of the threats to these benefits being achieved , and a strategy for dealing with them should they materialise. We need to manage in a manner that is neither predictable or reckless. Risk assessment is an essential tool to support this strategy.
Subscribe to:
Posts (Atom)