ISO 9001:2008 Documentation Requirements
ISO 9001:2008 clause 4.1 General requirements requires an organization to “establish, document, implement, and maintain a quality management system and continually improve its effectiveness in accordance with the requirements of this International Standard”
Clause 4.2.1 General explains that the quality management system documentation shall include:
documented statements of a quality policy and quality objectives;
a quality manual documented procedures required by this International Standard documents needed by the organization to ensure the effective planning, operation and control of its processes, and records required by this International Standard;
The notes after Clause 4.2 make it clear that where the standard specifically requires a “documented procedure”, the procedure has to be established, documented, implemented and maintained. It also emphasizes that the extent of the QMS documentation may differ from one organization to another due to:
the size of organization and type of activities;
the complexity of processes and their interactions, and
the competence of personnel.
All the documents that form part of the QMS have to be controlled in accordance with clause 4.2.3 of ISO 9001:2008, or, for the particular case of records, according to clause 4.2.4.
Tuesday, September 29, 2009
Demonstrating conformity with ISO 9001:2008
Demonstrating conformity with ISO 9001:2008
For organizations wishing to demonstrate conformity with the requirements of ISO 9001:2008, for the purposes of certification/registration, contractual, or other reasons, it is important to remember the need to provide evidence of the effective implementation of the QMS.
Organizations may be able to demonstrate conformity without the need for extensive documentation.
To claim conformity with ISO 9001:2008, the organization has to be able to provide objective evidence of the effectiveness of its processes and its quality management system. Clause 3.8.1 of ISO 9000:2005 defines “objective
evidence” as “data supporting the existence or variety of something” and notes that “objective evidence may be obtained through observation, measurement, test, or other means.”
Objective evidence does not necessarily depend on the existence of documented procedures, records or other documents, except where specifically mentioned in ISO 9001:2008. In some cases, (for example, in clause 7.1(d)
Planning of product realization, and clause 8.2.4 Monitoring and measurement of product), it is up to the organization to determine what records are necessary in order to provide this objective evidence.
Where the organization has no specific internal procedure for a particular activity, and this is not required by the standard, (for example, clause 5.6 Management Review), it is acceptable for this activity to be conducted using as a basis the relevant clause of ISO 9001:2008. In these situations, both internal and external audits may use the text of ISO 9001:2008 for conformity assessment purposes.
For organizations wishing to demonstrate conformity with the requirements of ISO 9001:2008, for the purposes of certification/registration, contractual, or other reasons, it is important to remember the need to provide evidence of the effective implementation of the QMS.
Organizations may be able to demonstrate conformity without the need for extensive documentation.
To claim conformity with ISO 9001:2008, the organization has to be able to provide objective evidence of the effectiveness of its processes and its quality management system. Clause 3.8.1 of ISO 9000:2005 defines “objective
evidence” as “data supporting the existence or variety of something” and notes that “objective evidence may be obtained through observation, measurement, test, or other means.”
Objective evidence does not necessarily depend on the existence of documented procedures, records or other documents, except where specifically mentioned in ISO 9001:2008. In some cases, (for example, in clause 7.1(d)
Planning of product realization, and clause 8.2.4 Monitoring and measurement of product), it is up to the organization to determine what records are necessary in order to provide this objective evidence.
Where the organization has no specific internal procedure for a particular activity, and this is not required by the standard, (for example, clause 5.6 Management Review), it is acceptable for this activity to be conducted using as a basis the relevant clause of ISO 9001:2008. In these situations, both internal and external audits may use the text of ISO 9001:2008 for conformity assessment purposes.
ESTABLISHING THE INITIAL STATE OF THE QMS For SME
Establishing The Initial State of The ISO 9001 QMS For SME
The implementation of an ISO 9001 conformant system must recognize that it is but a step in a long-term development of a continually improving QMS. Unfortunately, it is often the case that ISO 9001 is taken as a means to an end, where the implementation of a QMS is not the primary objective, rather certification is. As a result, SMEs may end up with stacks of documentation waiting to be processed that adds no value, but cost.
According to the requirements of ISO 9001, an organization must develop only six documented procedures: (1) control of documents, (2) control of quality records, (3) internal audits, (4) control of non-conformities, (5) corrective action, and (6) preventative action. A quality manual and several records are also required. The development of other procedures, work instructions, and
other documents is largely at the discretion of the organization. From the very beginning of the process, it is therefore essential that SMEs establish a balanced view between a short-term focus (marketing/sales) and a long-term focus (achieving company-wide quality awareness through TQM). ISO documentation should be considered as an enabler along that way and SMEs must guard against the creation of unnecessary documentation.
However, even when such a view is adopted, many SMEs struggle to move from their initial state to a fully functional ISO 9001 QMS. Over the last several years, we have been involved in ISO 9001 implementation projects in seven different SMEs. The SMEs have ranged in size from approximately 20 employees to 500 employees. The SMEs have been drawn from a variety of sectors in Virginia, including manufacturing, distribution, and services. Based on our experience, we developed a schematic of initial states of an organization in terms of the existence and functionality of the ISO 9001 QMS . Throughout this paper, existence is equated with the documentation required by the standard while functionality is equated with an effectively operated QMS that leads to increased customer satisfaction and continuous improvement of business results.
A successful QMS must be fully functional and appropriately documented. With that in mind, there are four main states in which SMEs can be located in the beginning of the implementation process:
1. Complete Death: No documentation, no functioning.
This is the state in which there is no indication of the existence and functionality of the QMS. No documentation exists and no processes are in place to help ensure the quality of the product.
Relatively few companies will find themselves in this situation.
2. Informally Alive: No documentation, some level of functioning.
Many SMEs exhibit an organic structure characterized by an absence of standardization and the prevalence of loose and informal working relationships. SMEs operating in this state are more likely to rely on people rather than a system. In such situations, key personnel may resist documentation for two key reasons “(1) documentation is considered a waste of time and (2) documentation of processes and procedures makes the individual less dependable” [2]. SMEs in this state perform some or all of the processes required by ISO 9001 and the QMS may function fairly well. However, they are not willing and ready to document those processes unless there is a cultural change lead by top management.
3. Formally Death: Some level of documentation, no functioning.
SMEs categorized in this state have documented processes and procedures at some degree, however, the documents are generally not followed and do not necessarily reflect the actual manner in which the organization undertakes its operations and management. This situation highlights the fact that the mere existence of documentation does not necessarily lead to a functional QMS. Moreover, such a situation may help perpetuate the view that ISO 9001 is a way for SMEs to market their products and services but that implementation of the standard requires stacks of documents that offer no value.
4. Formally Alive: Some level of documentation, some level of functioning.
Each SME considered in this state, achieves a unique combination of the existence and functionality of processes and procedures that may or may not be required by ISO 9001. This situation is closest to the desired state of full functionality (100%) of the ISO 9001 QMS and full documentation (100%) of this functionality.
The implementation of an ISO 9001 conformant system must recognize that it is but a step in a long-term development of a continually improving QMS. Unfortunately, it is often the case that ISO 9001 is taken as a means to an end, where the implementation of a QMS is not the primary objective, rather certification is. As a result, SMEs may end up with stacks of documentation waiting to be processed that adds no value, but cost.
According to the requirements of ISO 9001, an organization must develop only six documented procedures: (1) control of documents, (2) control of quality records, (3) internal audits, (4) control of non-conformities, (5) corrective action, and (6) preventative action. A quality manual and several records are also required. The development of other procedures, work instructions, and
other documents is largely at the discretion of the organization. From the very beginning of the process, it is therefore essential that SMEs establish a balanced view between a short-term focus (marketing/sales) and a long-term focus (achieving company-wide quality awareness through TQM). ISO documentation should be considered as an enabler along that way and SMEs must guard against the creation of unnecessary documentation.
However, even when such a view is adopted, many SMEs struggle to move from their initial state to a fully functional ISO 9001 QMS. Over the last several years, we have been involved in ISO 9001 implementation projects in seven different SMEs. The SMEs have ranged in size from approximately 20 employees to 500 employees. The SMEs have been drawn from a variety of sectors in Virginia, including manufacturing, distribution, and services. Based on our experience, we developed a schematic of initial states of an organization in terms of the existence and functionality of the ISO 9001 QMS . Throughout this paper, existence is equated with the documentation required by the standard while functionality is equated with an effectively operated QMS that leads to increased customer satisfaction and continuous improvement of business results.
A successful QMS must be fully functional and appropriately documented. With that in mind, there are four main states in which SMEs can be located in the beginning of the implementation process:
1. Complete Death: No documentation, no functioning.
This is the state in which there is no indication of the existence and functionality of the QMS. No documentation exists and no processes are in place to help ensure the quality of the product.
Relatively few companies will find themselves in this situation.
2. Informally Alive: No documentation, some level of functioning.
Many SMEs exhibit an organic structure characterized by an absence of standardization and the prevalence of loose and informal working relationships. SMEs operating in this state are more likely to rely on people rather than a system. In such situations, key personnel may resist documentation for two key reasons “(1) documentation is considered a waste of time and (2) documentation of processes and procedures makes the individual less dependable” [2]. SMEs in this state perform some or all of the processes required by ISO 9001 and the QMS may function fairly well. However, they are not willing and ready to document those processes unless there is a cultural change lead by top management.
3. Formally Death: Some level of documentation, no functioning.
SMEs categorized in this state have documented processes and procedures at some degree, however, the documents are generally not followed and do not necessarily reflect the actual manner in which the organization undertakes its operations and management. This situation highlights the fact that the mere existence of documentation does not necessarily lead to a functional QMS. Moreover, such a situation may help perpetuate the view that ISO 9001 is a way for SMEs to market their products and services but that implementation of the standard requires stacks of documents that offer no value.
4. Formally Alive: Some level of documentation, some level of functioning.
Each SME considered in this state, achieves a unique combination of the existence and functionality of processes and procedures that may or may not be required by ISO 9001. This situation is closest to the desired state of full functionality (100%) of the ISO 9001 QMS and full documentation (100%) of this functionality.
Monday, September 14, 2009
ISO 9001 Standards In General
ISO 9001 Standards In General
The adoption of a quality management system should be a strategic decision of an organization. The design and implementation of an organization’s quality management system is influenced by— its business environment, changes in that environment, or risks associated with that environment,— its varying needs,— its particular objectives,— the products it provides,— the processes it employs,— its size and organizational structure.It is not the intent of this International Standard to imply uniformity in the structure of quality management systems or uniformity of documentation.The quality management system requirements specified in this International Standard are complementary to requirements for products. Information marked “NOTE” is for guidance in understanding or clarifying theassociated requirement.This International Standard can be used by internal and external parties, including certification bodies, to assess the organization’s ability to meet customer, statutory and regulatory requirements applicable to theproduct, and the organization’s own requirements.The quality management principles stated in ISO 9000 and ISO 9004 have been taken into consideration during the development of this International Standard.
The adoption of a quality management system should be a strategic decision of an organization. The design and implementation of an organization’s quality management system is influenced by— its business environment, changes in that environment, or risks associated with that environment,— its varying needs,— its particular objectives,— the products it provides,— the processes it employs,— its size and organizational structure.It is not the intent of this International Standard to imply uniformity in the structure of quality management systems or uniformity of documentation.The quality management system requirements specified in this International Standard are complementary to requirements for products. Information marked “NOTE” is for guidance in understanding or clarifying theassociated requirement.This International Standard can be used by internal and external parties, including certification bodies, to assess the organization’s ability to meet customer, statutory and regulatory requirements applicable to theproduct, and the organization’s own requirements.The quality management principles stated in ISO 9000 and ISO 9004 have been taken into consideration during the development of this International Standard.
ISO 9001 – Compatibility with other management systems
ISO 9001 – Compatibility with other management systems
ISO 9001 and ISO 9004 are quality management system standards which have been designed to complement each other, but can also be used independently.ISO 9001 specifies requirements for a quality management system that can be used for internal application by organizations, for certification, or for contractual purposes. It focuses on the effectiveness of the qualitymanagement system in meeting customer requirements.ISO 9004 gives guidance on a wider range of objectives of a quality management system than does ISO 9001, particularly for the continual improvement of an organizations overall performance and efficiency, as well as its effectiveness. ISO 9004 is recommended as a guide for organizations whose top management wishes to move beyond the requirements of ISO 9001, in pursuit of continual improvement of performance. However, it is not intended for certification or for contractual purposes.
During the development of this International Standard, due consideration was given to the provisions of ISO 14001:2004 to enhance the compatibility of the two standards for the benefit of the user community.This International Standard does not include requirements specific to other management systems, such as those particular to environmental management, occupational health and safety management, financial management or risk management. However, this International Standard enables an organization to align or integrate its own quality management system with related management system requirements. It is possible foran organization to adapt its existing management system(s) in order to establish a quality management system that complies with the requirements of this International Standard.
ISO 9001 and ISO 9004 are quality management system standards which have been designed to complement each other, but can also be used independently.ISO 9001 specifies requirements for a quality management system that can be used for internal application by organizations, for certification, or for contractual purposes. It focuses on the effectiveness of the qualitymanagement system in meeting customer requirements.ISO 9004 gives guidance on a wider range of objectives of a quality management system than does ISO 9001, particularly for the continual improvement of an organizations overall performance and efficiency, as well as its effectiveness. ISO 9004 is recommended as a guide for organizations whose top management wishes to move beyond the requirements of ISO 9001, in pursuit of continual improvement of performance. However, it is not intended for certification or for contractual purposes.
During the development of this International Standard, due consideration was given to the provisions of ISO 14001:2004 to enhance the compatibility of the two standards for the benefit of the user community.This International Standard does not include requirements specific to other management systems, such as those particular to environmental management, occupational health and safety management, financial management or risk management. However, this International Standard enables an organization to align or integrate its own quality management system with related management system requirements. It is possible foran organization to adapt its existing management system(s) in order to establish a quality management system that complies with the requirements of this International Standard.
Certification In ISO 9001 Standards
Certification In ISO 9001 Standards
Certification involves an independent assessment of your quality system to confirm that it meets the requirements of ISO 9001. You will need to design, document and implement your own quality system. The system will need to cover all the requirements of the ISO 9001 standard. Many certification bodies will not conduct a formal assessment until the system has been operating for at least three months. Your quality system cannot be audited until you have generated documentary evidence to show that you are meeting the standard. To find a certification body with relevant experience in your sector and accreditation from the United Kingdom Accreditation Service (UKAS). Certification by a non-UKAS accredited body is likely to lead to credibility problems with your customers. Arrange a visit from the certification body’s auditors. UKAS prohibits auditors from acting as consultants. They will not tell you how to meet the standard but can offer advice. They will seek objective evidence that you are complying with each of the clauses of the ISO 9001 standard. The auditors will tell you of any shortcomings in your system. If you satisfy the standard, the auditors put your name forward for certification. You will be required to correct these problems within a specified timeframe. You can also be certificated if the auditors only identify a small number of ‘minor’ problems. Once you are certificated, you can display the certification body’s logo, and if the body is UKAS-accredited, the UKAS ‘tick and crown’ symbol (consult UKAS about exceptions to this rule). If the auditors identify more serious ‘major’ problems, you will be required to correct these before certification. These surveillance visits normally take place twice a year at agreed dates. All certification bodies are required to revisit registered companies to ensure they still meet the requirements of the standard. You will be given time to deal with any minor or major problems which are identified before any action is taken to withdraw your certificate.
Certification involves an independent assessment of your quality system to confirm that it meets the requirements of ISO 9001. You will need to design, document and implement your own quality system. The system will need to cover all the requirements of the ISO 9001 standard. Many certification bodies will not conduct a formal assessment until the system has been operating for at least three months. Your quality system cannot be audited until you have generated documentary evidence to show that you are meeting the standard. To find a certification body with relevant experience in your sector and accreditation from the United Kingdom Accreditation Service (UKAS). Certification by a non-UKAS accredited body is likely to lead to credibility problems with your customers. Arrange a visit from the certification body’s auditors. UKAS prohibits auditors from acting as consultants. They will not tell you how to meet the standard but can offer advice. They will seek objective evidence that you are complying with each of the clauses of the ISO 9001 standard. The auditors will tell you of any shortcomings in your system. If you satisfy the standard, the auditors put your name forward for certification. You will be required to correct these problems within a specified timeframe. You can also be certificated if the auditors only identify a small number of ‘minor’ problems. Once you are certificated, you can display the certification body’s logo, and if the body is UKAS-accredited, the UKAS ‘tick and crown’ symbol (consult UKAS about exceptions to this rule). If the auditors identify more serious ‘major’ problems, you will be required to correct these before certification. These surveillance visits normally take place twice a year at agreed dates. All certification bodies are required to revisit registered companies to ensure they still meet the requirements of the standard. You will be given time to deal with any minor or major problems which are identified before any action is taken to withdraw your certificate.
Wednesday, September 9, 2009
ISO 9001:2008 Requirements – Management Responsibility
ISO 9001:2008 Requirements - Management Responsibility
All requirements in clause 5 are the responsibility of top management.5.1 Management CommitmentProvide evidence of management commitment to develop and implement the quality management system, as well as, continually improve its effectiveness by:? Expressing the importance of meeting requirements? Establishing the quality policy and quality objectives? Conducting management reviews? Ensuring the availability of necessary resources
5.2 Customer FocusEnsure customer requirements are determined and met in order to improve customer satisfaction.5.3 Quality PolicyEnsure the quality policy is:? Appropriate to the purpose of the organization? Focused on meeting requirements and continual improvement? Used as a framework for quality objectives? Communicated and understood at appropriate levels? Reviewed for continuing suitability5.4 Planning5.4.1 Quality ObjectivesEnsure quality objectives, including those needed to meet product requirements, are established at the relevant functions and levels within the organization. Ensure quality objectives are measurable and consistent with the quality policy.5.4.2 Quality Management System PlanningEnsure that planning for the quality management system:? Meets the general requirements (4.1), as well as, quality objectives (5.4.1)? Maintains the system integrity when changes are planned and implemented5.5 Responsibility, Authority, and Communication5.5.1 Responsibility and AuthorityEnsure responsibilities and authorities are defined and communicated within the organization.
5.5.2 Management RepresentativeAppoint a member of your management who, irrespective of other duties, has the responsibility and authority to:? Ensure the needed processes are established, implemented, and maintained? Report to top management on quality management system performance? Report to top management on any need for improvement? Ensuring the promotion of awareness of customer requirementsNOTE: The responsibility of a management representative can include being the liaison with external parties on matters relating to the quality management system.5.5.3 Internal CommunicationEnsure the appropriate communication processes are established and carried out within the organization regarding the effectiveness of the system.5.6 Management Review5.6.1 GeneralReview the quality management system at planned intervals to:? Ensure a suitable, adequate, and effective system? Assess possible opportunities for improvement? Evaluate the need for any changes to the system? Consider the need for changes to the quality policy and objectivesMaintain records of the management reviews.5.6.2 Review InputInputs for management review must include information on:? Results of audits? Customer feedback? Process performance and product conformity? Status of preventive and corrective actions? Follow-up actions from earlier reviews? Changes that could affect the quality system? Recommendations for improvement
5.6.3 Review OutputOutputs from the management review must include any decisions and actions related to:? Improvement of the effectiveness of the quality management system and its processes? Improvement of product related to customer requirements? Resource needs
All requirements in clause 5 are the responsibility of top management.5.1 Management CommitmentProvide evidence of management commitment to develop and implement the quality management system, as well as, continually improve its effectiveness by:? Expressing the importance of meeting requirements? Establishing the quality policy and quality objectives? Conducting management reviews? Ensuring the availability of necessary resources
5.2 Customer FocusEnsure customer requirements are determined and met in order to improve customer satisfaction.5.3 Quality PolicyEnsure the quality policy is:? Appropriate to the purpose of the organization? Focused on meeting requirements and continual improvement? Used as a framework for quality objectives? Communicated and understood at appropriate levels? Reviewed for continuing suitability5.4 Planning5.4.1 Quality ObjectivesEnsure quality objectives, including those needed to meet product requirements, are established at the relevant functions and levels within the organization. Ensure quality objectives are measurable and consistent with the quality policy.5.4.2 Quality Management System PlanningEnsure that planning for the quality management system:? Meets the general requirements (4.1), as well as, quality objectives (5.4.1)? Maintains the system integrity when changes are planned and implemented5.5 Responsibility, Authority, and Communication5.5.1 Responsibility and AuthorityEnsure responsibilities and authorities are defined and communicated within the organization.
5.5.2 Management RepresentativeAppoint a member of your management who, irrespective of other duties, has the responsibility and authority to:? Ensure the needed processes are established, implemented, and maintained? Report to top management on quality management system performance? Report to top management on any need for improvement? Ensuring the promotion of awareness of customer requirementsNOTE: The responsibility of a management representative can include being the liaison with external parties on matters relating to the quality management system.5.5.3 Internal CommunicationEnsure the appropriate communication processes are established and carried out within the organization regarding the effectiveness of the system.5.6 Management Review5.6.1 GeneralReview the quality management system at planned intervals to:? Ensure a suitable, adequate, and effective system? Assess possible opportunities for improvement? Evaluate the need for any changes to the system? Consider the need for changes to the quality policy and objectivesMaintain records of the management reviews.5.6.2 Review InputInputs for management review must include information on:? Results of audits? Customer feedback? Process performance and product conformity? Status of preventive and corrective actions? Follow-up actions from earlier reviews? Changes that could affect the quality system? Recommendations for improvement
5.6.3 Review OutputOutputs from the management review must include any decisions and actions related to:? Improvement of the effectiveness of the quality management system and its processes? Improvement of product related to customer requirements? Resource needs
ISO 9001:2008 Requirements – Resource Management
ISO 9001:2008 Requirements – Resource Management
6.1 Provision of ResourcesDetermine and provide the resources necessary to:? Implement and maintain the quality management system? Continually improve the effectiveness of the system? Enhance customer satisfaction by meeting customer requirements6.2 Human Resources6.2.1 GeneralEnsure people performing work affecting conformity to product requirements are competent based on the appropriate education, training, skills, and experience.NOTE: Conformity to product requirements can be affected directly, or indirectly, by personnel performing any task within the quality management system.6.2.2 Competence, Training, and AwarenessThe organization must:? Determine the competency needs for personnel? Provide training (or take other actions) to achieve the necessary competence? Evaluate the effectiveness of the actions taken? Inform employees of the relevance and importance of their activities? Ensure they know their contribution to achieving quality objectives? Maintain education, training, skill, and experience records
6.3 InfrastructureDetermine, provide, and maintain the necessary infrastructure to achieve product conformity. Infrastructure includes, as applicable:? Buildings, workspace, and associated utilities? Process equipment (both hardware and software)? Supporting services (such as transport, communication, or information systems)6.4 Work EnvironmentDetermine and manage the work environment needed to achieve product conformity.NOTE: The term “work environment” relates to those conditions under which work is performed, including physical, environmental, and other factors such as noise, temperature, humidity, lighting, or weather.
6.1 Provision of ResourcesDetermine and provide the resources necessary to:? Implement and maintain the quality management system? Continually improve the effectiveness of the system? Enhance customer satisfaction by meeting customer requirements6.2 Human Resources6.2.1 GeneralEnsure people performing work affecting conformity to product requirements are competent based on the appropriate education, training, skills, and experience.NOTE: Conformity to product requirements can be affected directly, or indirectly, by personnel performing any task within the quality management system.6.2.2 Competence, Training, and AwarenessThe organization must:? Determine the competency needs for personnel? Provide training (or take other actions) to achieve the necessary competence? Evaluate the effectiveness of the actions taken? Inform employees of the relevance and importance of their activities? Ensure they know their contribution to achieving quality objectives? Maintain education, training, skill, and experience records
6.3 InfrastructureDetermine, provide, and maintain the necessary infrastructure to achieve product conformity. Infrastructure includes, as applicable:? Buildings, workspace, and associated utilities? Process equipment (both hardware and software)? Supporting services (such as transport, communication, or information systems)6.4 Work EnvironmentDetermine and manage the work environment needed to achieve product conformity.NOTE: The term “work environment” relates to those conditions under which work is performed, including physical, environmental, and other factors such as noise, temperature, humidity, lighting, or weather.
Saturday, September 5, 2009
Preparing the ISO 9001 quality manual
The ISO 9001 standards requires a quality manual to be establishedand maintained that includes the scope of the qualitymanagement system, the documented procedures or refer-ence to them and a description of the sequence andinteraction of processes included in the quality manage-ment system.
ISO 9000 defines a quality manual as a documentspecifying the quality management system of an organi-zation. It is therefore not intended that themanual be a response to the requirements ofISO 9001. As the top-level document describingthe management system it is a system descriptiondescribing how the organization is managed.Countless quality manuals produced to satisfy ISO 9000 :2008, were nomore than 20 sections that paraphrased the requirements of the standard.Such documentation adds no value. They are of no use to managers, staff orauditors. Often thought to be useful to customers, organizations would gainno more confidence from customers than would be obtained from theirregistration certificate.
This requirement responds to the System Approach Principle.A description of the management system is necessary as a means of showing how all the processes are interconnected and how they collectively deliver the business outputs. It has several uses as :a means to communicate the vision, values, mission, policies and objectives of the organization a means of showing how the system has been designed a means of showing linkages between processes a means of showing who does what an aid to training new people a tool in the analysis of potential improvements a means of demonstrating compliance with external standards and regulations
When formulating the policies, objectives and identifying the processes toachieve them, the manual provides a convenient vehicle for containing such information. If left as separate pieces of information, it may be more difficult tosee the linkages.The requirement provides the framework for the manual. Its content maytherefore include the following:1 Introduction(a) Purpose (of the manual)(b) Scope (of the manual)(c) Applicability (of the manual)(d) Definitions (of terms used in the manual)2 Business overview(a) Nature of the business/organization – its scope of activity, its productsand services(b) The organization’s interested parties (customers, employees, regulators,shareholders, suppliers, owners etc.)(c) The context diagram showing the organization relative to its externalenvironment(d) Vision, values(e) Mission3 Organization(a) Function descriptions(b) Organization chart(c) Locations with scope of activity4 Business processes(a) The system model showing the key business processes and how they areinterconnected(b) System performance indicators and method of measurement(c) Business planning process description(d) Resource management process description(e) Marketing process description(f) Product/service generation processes description(g) Sales process description(h) Order fulfilment process description5 Function matrix (Relationship of functions to processes)6 Location matrix (Relationship of locations to processes)7 Requirement deployment matrices(a) ISO 9001 compliance matrix(b) ISO 14001 compliance matrix(c) Regulation compliance matrices (FDA, Environment, Health, Safety,CAA etc.)8 Approvals (List of current product, process and system approvals)
ISO 9000 defines a quality manual as a documentspecifying the quality management system of an organi-zation. It is therefore not intended that themanual be a response to the requirements ofISO 9001. As the top-level document describingthe management system it is a system descriptiondescribing how the organization is managed.Countless quality manuals produced to satisfy ISO 9000 :2008, were nomore than 20 sections that paraphrased the requirements of the standard.Such documentation adds no value. They are of no use to managers, staff orauditors. Often thought to be useful to customers, organizations would gainno more confidence from customers than would be obtained from theirregistration certificate.
This requirement responds to the System Approach Principle.A description of the management system is necessary as a means of showing how all the processes are interconnected and how they collectively deliver the business outputs. It has several uses as :a means to communicate the vision, values, mission, policies and objectives of the organization a means of showing how the system has been designed a means of showing linkages between processes a means of showing who does what an aid to training new people a tool in the analysis of potential improvements a means of demonstrating compliance with external standards and regulations
When formulating the policies, objectives and identifying the processes toachieve them, the manual provides a convenient vehicle for containing such information. If left as separate pieces of information, it may be more difficult tosee the linkages.The requirement provides the framework for the manual. Its content maytherefore include the following:1 Introduction(a) Purpose (of the manual)(b) Scope (of the manual)(c) Applicability (of the manual)(d) Definitions (of terms used in the manual)2 Business overview(a) Nature of the business/organization – its scope of activity, its productsand services(b) The organization’s interested parties (customers, employees, regulators,shareholders, suppliers, owners etc.)(c) The context diagram showing the organization relative to its externalenvironment(d) Vision, values(e) Mission3 Organization(a) Function descriptions(b) Organization chart(c) Locations with scope of activity4 Business processes(a) The system model showing the key business processes and how they areinterconnected(b) System performance indicators and method of measurement(c) Business planning process description(d) Resource management process description(e) Marketing process description(f) Product/service generation processes description(g) Sales process description(h) Order fulfilment process description5 Function matrix (Relationship of functions to processes)6 Location matrix (Relationship of locations to processes)7 Requirement deployment matrices(a) ISO 9001 compliance matrix(b) ISO 14001 compliance matrix(c) Regulation compliance matrices (FDA, Environment, Health, Safety,CAA etc.)8 Approvals (List of current product, process and system approvals)
Managing processes In ISO 9001 Standard
The ISO 9001 standards requires the organization to manage the identified processes in accordance with the requirements of ISO 9001. The first stage in managing a process is to establish what it is you are trying to achieve, what requirements you need to satisfy, what goals you are aiming at; then establish how you will measure your achievements. The next stage is to define the process you will employ to deliver the results. Managing the process then involves managing all the inherent characteristics of the process in such a manner that the requirements of customers and interested parties are fulfilled by the process outcomes. This means:Managing the process inputs Managing the work Managing the physical resources Managing the financial resources Managing the human resources Managing the constraints Managing the outputs
Process management is therefore much more than managing activities and therefore when describing processes, one needs more than a flow chart of activities. The chart is a diagrammatical representation of a process but only one aspect. One can also add numerical data to the charts to indicate resources, cycle times, delays, costs etc. but the intangible factors of the human environment cannot be reduced to numerical data to add to the charts.
The notes to clause 4.1 of ISO 9001 need some explanation. It is stated that the processes needed for the management system include management activities, provision of resources, product realization and measurement. This note could cause confusion because it suggests that these are the processes that are needed for the management system. It would be unwise to use this as the model and far better to identify the processes from observing how the business operates. The term provision of resources should be Resource Management, which is thecollection of processes covering financial, human and physical resources.
Product realization is also a collection of processes such as design, production, service delivery, etc. Measurement is not a single process but a sub-process within each process. Grouping all the measurement processes together serves no useful purpose except it matches the standard – a purpose of little value in managing the organization.
The second note refers to outsourcing processes although it is difficult to imagine that management activities, product realization or measurement would be outsourced in its entirety. It is likely that market research; design, product verification, equipment calibration and other specialized services may be outsourced. While outsourcing comes under purchasing, it is correct to point out that the organization should control any outsourced processes. The supplier of the process is usually referred to as a subcontractor because they provide services to the organization’s requirements not their own. Control of subcontractors is covered by clause 7.4 but in meeting clause 7.4.3, you need to treat suppliers and subcontractors differently.
Process management is therefore much more than managing activities and therefore when describing processes, one needs more than a flow chart of activities. The chart is a diagrammatical representation of a process but only one aspect. One can also add numerical data to the charts to indicate resources, cycle times, delays, costs etc. but the intangible factors of the human environment cannot be reduced to numerical data to add to the charts.
The notes to clause 4.1 of ISO 9001 need some explanation. It is stated that the processes needed for the management system include management activities, provision of resources, product realization and measurement. This note could cause confusion because it suggests that these are the processes that are needed for the management system. It would be unwise to use this as the model and far better to identify the processes from observing how the business operates. The term provision of resources should be Resource Management, which is thecollection of processes covering financial, human and physical resources.
Product realization is also a collection of processes such as design, production, service delivery, etc. Measurement is not a single process but a sub-process within each process. Grouping all the measurement processes together serves no useful purpose except it matches the standard – a purpose of little value in managing the organization.
The second note refers to outsourcing processes although it is difficult to imagine that management activities, product realization or measurement would be outsourced in its entirety. It is likely that market research; design, product verification, equipment calibration and other specialized services may be outsourced. While outsourcing comes under purchasing, it is correct to point out that the organization should control any outsourced processes. The supplier of the process is usually referred to as a subcontractor because they provide services to the organization’s requirements not their own. Control of subcontractors is covered by clause 7.4 but in meeting clause 7.4.3, you need to treat suppliers and subcontractors differently.
Requirement Of ISO 14001 Standards
REQUIREMENTS OF ISO 14001In order to effectively implement and benefit from an ISO 14001 EMS, it is important tohave an understanding of the standard’s requirements. A quick review of the standardshows that it is structured following the Plan, Do, Check, Improve philosophy of theTotal Quality Management movement, as follows:PLAN4.2 Policy4.3 PlanningDO4.4 Implementation and OperationCHECK4.5 Checking and Corrective ActionIMPROVE4.6 Management ReviewWithin these five elements are 17 sub-elements stating the various requirements.4.2 Policy4.3 Planning4.3.1 Environmental Aspects4.3.2 Legal and Other Requirements4.3.3 Objectives and Targets4.4.4 Environmental Management Programs4.4 Implementation and Operation4.4.1 Structure and Responsibility4.4.2 Training Awareness and Competence4.4.3 Communications4.4.4 EMS Documentation4.4.5 Document Control4.4.6 Operation Control4.4.7 Emergency Planning and Response4.5 Checking and Corrective Action4.5.1 Monitoring and Measurement4.5.2 Nonconformance, Corrective, and Preventive Action4.5.3 Records4.5.4 EMS Audit4.6 Management ReviewWithin these 17 sub-elements are all of the requirements, or “shalls”, necessary to conform to ISO 14001. There is no substitute for reading the standard in terms of recognizing the requirements. As a matter of fact, no auditor should embark on an audit without having easily available the criteria to which they are doing the audit. However,below we briefly summarize the key points of the sub-elements. This summary is not intended to be a replacement for ISO 14001, and should not be used exclusively as such during an audit.Detailed Section by Section Summary4.2 PolicyISO 14001 requires that the organization have a policy statement to drive the EMS.These tend to be short, one page or less documents, and simply affirm the commitments. There is no expectation that specific details be noted in the policy. For example, the commitment to pollution prevention can simply be stated saying, “we are committed to prevention of pollution”. The policy must be clearly endorsed by top management and be available to the public and employees. Although the availability to the public can be rather passive; i.e. “is here if they want it”, there is an expectation that the employee awareness is more proactive. Section 4.2 of ISO 14001 lists the other requirements of the policy.4.3.1 Environmental AspectsThis element requires a procedure that not only identifies the aspects and impacts, but also provides for determination of significance, and keeping the information up to date.ISO 14001 does not prescribe what aspects should be significant, or even how todetermine significance. However, it is expected the organization will develop aconsistent and verifiable process to do so.4.3.2 Legal and Other RequirementsThis is a requirement for a procedure that explains how the organization obtainsinformation regarding its legal and other requirements, and makes that informationknown to key functions. This is not the assessment or compliance audit requirement, butrather a more up front determination of requirements.4.3.3 Objectives and TargetsThere is no requirement for a procedure in this element, only that objectives and targetsbe documented. It does require that certain items be considered in developing theobjectives, such as legal requirements and prevention of pollution. It is sometimeseasiest to develop a procedure anyway for this element to be able to verify theseconsiderations were made.4.3.4 Environmental Management Programs (EMP)EMPs are the detailed plans and programs explaining how the objectives and targets willbe accomplished. These EMPs usually note responsible personnel, milestones and dates,and measurements of success. Noting monitoring and measurement parameters directlyin the EMP facilitates conforming to 4.5.1 on Monitoring and Measurement discussedbelow.4.4.1 Structure and ResponsibilityISO 14001 requires that the relevant management and accountability structure be definedin this element. This usually takes the form of an organizational chart. Also, theorganization must denote the Management Representative who is responsible to overseethe EMS and report to management on its operation.4.4.2 Training Awareness and CompetenceThe key point in this element is that personnel must receive applicable training regardingthe EMS. Specific requirements are itemized in ISO 14001, and include general,company-wide items such as knowing the policy, to more function-specific training onaspects and emergency response. An organization usually responds to this element with atraining matrix, cross-referencing to training materials and records.4.4.3 CommunicationsProcedures are required for both internal and external communications. Note that ISO14001 only requires procedures, and allows the organization to decide for itself thedegree of openness and disclosure of information. Whatever the decision in terms ofdisclosure, that decision process must be recorded.4.4.4 EMS DocumentationThis requirement is simply that the organization has documented the system in either electronic or paper form such that it addresses the elements of the standard and providesdirection to related documentation. Not all ISO 14001-required procedures need to bedocumented, as long as the system requirements can be verified.4.4.5 Document Control.Procedures are required to control documents, such as system procedures and work instructions, and to ensure that current versions are distributed and obsolete versions areremoved from the system.4.4.6 Operational ControlThis element is the one which connects the EMS with the organization as a whole. Here,the critical functions related to significant aspects and objectives and targets are identified and procedures and work instructions created to ensure proper execution of activities.Requirements for communicating applicable system requirements to contractors are also addressed.4.4.7 EmergencyPlanning and Response Although typically addressed through conventional emergency response plans, thiselement also requires that a process exist for identifying the potential emergencies, inaddition to planning and mitigating them. A linkage to the aspects analysis, where impacts are assessed, is appropriate. Emergency incidents include those that may not be regulated, but may still cause significant impact as defined by the organization.4.5.1 Monitoring and MeasurementProcedures are required describing how the organization will monitor and measure key parameters of operations. These parameters relate to the significant aspects, objectives and targets and legal and regulatory compliance. In order to properly manage the system, measurements must be taken of its performance to provide data for action. Responses to this element usually cross reference to many other specific procedures and work instructions describing measurement and equipment calibration. It is in this element thatwe find the requirement for what is commonly referred to as a compliance audit.4.5.2 Nonconformance, Corrective, and Preventive ActionThis element requires procedures for acting on Non-conformances identified in the system, including corrective and preventive action. Non-conformances may be identified through audits, monitoring and measurement, and communications. The intent is to correct thesystem flaws. Typically, Corrective Action Report (CAR) forms are the norm, noting the nonconformance, the suggested fix, and closure of the action when completed. Note that this requirement does not imply in any way that the party identifying the nonconformance must be the one to suggest the fix. Instead, it is expected that the system provide for theinformation to be routed to the most appropriate party to address the concern.4.5.3 RecordsRecords are expected to exist to serve as verification of the system operating. For example, records include audit reports and training records. Unlike controlleddocuments, records are “once and done” documents, resulting from the execution of some process or procedure. Procedures in this element are required for the maintenance of records.4.5.4 EMS AuditsISO 14001 requires that the system provide for internal audits. This procedures(s) will include methodologies, schedules, and processes to conduct the audits. Interestingly, the EMS audit will in essence, audit the audit process itself!4.6 Management ReviewThis element requires that periodically, top management will review the EMS to ensure itis operating as planned. If not, resources must be provided for corrective action. For areas where there are no problems, the expectation is that with time, management will provide for improvement programs. Usually there is no detailed procedure for thiselement, although records of agendas, attendance, and agreed upon action items aremaintained as verification.
Subscribe to:
Posts (Atom)