Risk Management In ISO 9000 Standard

Risk Management In ISO 9000 Standard

In each human endeavour there is an element of risk; personal, project or financial, or a combination of them all. The job of the responsible individual is to identify the risk and act accordingly. We all do these ‘risky’ things, almost daily, aware that we are taking a risk. Rather than staying away from the risk we become adept at identifying it and having a strategy for dealing with it if the risk materialises. This is what risk management is about, and is an ability that is important in virtually every endeavour.

The popular misconception that risk management is difficult or complicated stems from the bureaucratic methodology of some system-oriented organisations and managers. It is neither complicated or bureaucratic, and need not be. Risk management is basically a simple proposition with a complexity dictated by the nature of the situation to which it applies – usually a project, and the parties involved. In its basic form risk management involves:

1. Identifying risk – Looking for anything that threatens the successful completion of the project against the original requirement. Risks can be environmental, organisational, technical, legal, economic or commercial.

2. Counteracting risk – Taking action to remove or reduce the probability of a risk being realised. The response depends on the nature or seriousness of the risk.

3. Acting when the risk event occurs – Invoking whatever contingency measures were devised for the risk that has materialised.

And for this to happen needs:

4. Monitoring at all stages – This typically means documenting a risk assessment in a profile that identifies the risk, the probability of its occurrence, and the impact if it does materialise. Factors that score paramount are those that require the greatest attention and monitoring. A good risk manager will devise contingency plans that reduce either the probability or the impact of these occurrences, and so remove them from the scene.

Working within a formal structured management system similar to that defined by ISO 9000 requires the application of risk assessment practices to satisfy the requirements of the Standard. Auditors of such systems may not find specific references to risk management in these areas even though the identification of potential failure (8.5.3) is wholly concerned with a topic that is nothing less than risk management.

Well managed risk taking is an essential feature of any forward thinking enterprise, since risk is an element of any progression or advancement. It is the adoption of effective risk management in conjunction with the continuing need to drive forward from a comfortable position that leads to progress and advancement. Doing what we always do purely because the risks appear to be negligible or are well known is to be ‘risk averse’, and for progressive organisations cannot be acceptable. Neither is it acceptable to pursue new ideas without an understanding of their potential benefit, proper planning, a clear idea of the threats to these benefits being achieved , and a strategy for dealing with them should they materialise. We need to manage in a manner that is neither predictable or reckless. Risk assessment is an essential tool to support this strategy.

ISO 9000 Document Management Software System

ISO 9000 Document Management Software System

Today’s manufacturing companies that seek ISO 9001 compliance-(regardless of their motivation to do so) probably don’t find it that difficult to create intelligent documentation. After all, a few days with a good consultant or a quality manager can take care of document creation. The problem lies in the gap between what employees are doing and what employees are supposed to be doing (in terms of adhering to documentation) and the gap between the manner in which processes are being implemented and the manner in which they should be implemented ( in accordance with documentation). In other words, the problem lies in the way processes are strategized and applied and in the way employees commit to standards when compared against existing documentation. How can a company overcome these issues? The answers may be simpler than you think.

Automation is the Answer for ISO Control
If your underlying processes are poorly strategized then an automated document management software system won’t be of much use. However, once the processes have been effectively planned (and applied) a document management software system can speed process-to-process management by leaps and bounds. Companies that automate not only to comply with ISO standards but to generate more revenue by performing less administrative labor save weeks and even years worth of time just by automating their processes and documentation control with a document management software system.

Making Amends
The right document management software system and ISO document control would also allow companies to find deviations and nonconformance events faster and move those events to resolution phases in a small fraction of the time they were originally routed—if they were routed at all. Some ISO 9000 document management software systems may even be combined with a CAPA QMS solution. This is especially valuable when determining the root cause of major to minor deviations.

A Document Management Software System and Employee Training
ISO standards do not require any type of automation but ISO standards lend themselves to automation in a way that’s quite remarkable. Take for instance the following document management requirements from the official ISO 9001 International Standard.

ISO 9001 Section 4.2.3
ISO standards make it clear that ISO 9001 “approved” companies must define (i.e., document) how they will approve documentation, how they will identify documentation changes, how they will update/reapprove revised documentation, how external documentation will be managed and how assurance will be provided that documentation will be available when it is required. 1 And that’s only a shadow of things to come! A document management software system designed for strict compliance can automate the approval of documentation, the identification of document changes, updates and reapproval notifications, external documentation management and high-level document security. Some solutions also integrate training and online exams as well.

How Much Could You Save?
Chances are high that automation will save you thousands, tens of thousands or even hundreds of thousands of dollars annually depending on the size of your company. Just foregoing a typical document routing process (a manual process) can save many employees fruitless trips back and forth from one office to another. Who wouldn’t want to avoid those time consuming searches through 3-ring binders and lost documentation due to employee absence or neglect?

Conclusion
Regulation and control are the future for manufacturing. Gone are the days of free experimentation and a blind eye toward material waste. Today is the day of premeditated design, quality assurance and web-based automation. If your company plans to be, or already is, compliant with ISO 9001 standards why not consider automating those ISO 9001 controls with a document management software system.

Document Control System in Manufacturing Industry

Document Control System In Manufacturing Industry

Many traditional paper documents would be generated in a manufacturing business as in the examples listed below:

• Statutory documents such as licenses, records and reports
• Transactional documents such as purchase and sales invoices, shipping documents and cash vouchers
• Production related documents such as operations manuals, specification sheets, production and maintenance schedules, machine production reports, material handling documents, store bin cards and gate passes

• Management reports where the recipient prefer printed paper documents to computer screen views
• Business documents such as correspondence, contracts, brochures and reference materials

However, in a modern system, the majority of documents would be generated as computer documents, and remain as such. Different kinds of databases like financial accounts, inventory records and different kinds of analyses are examples. The core functions outlined in the previous section would each produce a continuing flow of voluminous documents.

In addition to providing management information, document management systems also do the following:

• Ensure that only authorized persons are able to access sensitive documents
• Minimize the danger of damage and loss of important documents

• Preserve the documents as long as needed by statute or for management purposes

How to Get an ISO 14001 Accreditation

If you are someone who is looking into getting an ISO 14001, then you may be wondering exactly why it is that you have to get this accreditation. First, you have to understand that ISO stands for the International Organisation of Standardisation. This is a series of standards that have been developed with a singular level of guidance for all companies to measure up to. The particular 14001 deals with the requirements that you will need to have in order to measure up to the environmental standards that have been set forth by the ISO.

While you do not necessarily have to get the ISO 14001 accreditation to operate your business, it is something you can do to prove to your clients and customers that you are doing your part to help out with the environment. However, you may be confused on how to go about getting this important accreditation, but it is not as difficult to attain as you might think, and most businesses should be able to get the certification within a year of the application. You should know that they will want to make sure that you have been following some form of environmental standards for at least three months prior to your application. To do this you can write an environmental review of your company’s environmental impact as it is in its current operating state. You will then want to make sure that you provide this information when you send off your initial paperwork to begin the overall process.

In order to help prove that your company is doing its part to be environmentally aware you will have to go through an initial audit once the application has been filled out and filed. After the audit has been completed you will get a list of issues that the auditor feels you need to resolve before you can be certified for the ISO 14001. You will need to work on and correct these issues before the second audit is conducted, and they will give you a time period (usually three to six months) when they will return to check on your progress.

When the second audit occurs they will once again assess the overall business and then they will address the issues that were laid out in the previous audit. If everything goes well then your company will have proven that they are doing what they can to meet the standard set forth in ISO 14001, and they will then receive accreditation. However, this is not the end of the process. Even though you are now recognised as having environmentally conscious policies that are congruent with the international standards, you will have to go through periodic audits every three years to make sure that you are still operating correctly. Not only this, but every three months partial aspects of your company will be analysed to see that they are still working within the standards as well. As long as you remain within the compliance terms you will continue to receive your ISO 14001 certification.

Is Green Business Really Environmentally Sustainable ?

Is Green Business Really Environmentally Sustainable ?

Green Business is about a good management of a range of issues including reduced carbon footprint and good energy management but also including a broader environmental sustainability, within a practical environmental management system. The most effective system is ISO 14001. Many other approaches are less than effective

There is a wide variety of concepts that are understood by some as environmental management systems or EMS and this varies in different industries. The concept has evolved over time. Essentially the name says it all – A system to enable the business owner or manager to manage environmental problems both real and potential.

Owners and managers setting out to have a green business do not always achieve their aim of environmental sustainability and may not even include reduced carbon footprint and good energy management.

Many industry groups have developed industry wide simplistic programs that they call EMS that actually miss the S for system and some really only have a checklist approach that is based on an “average” or “typical” business in that industry. So effectively they also miss much of the environment. Many do not really involve any management either. Some are very superficial in the way that they select the environmental aspects they manage because they have been drawn up to be generic and cut out the need for the business owner to stop and think. In this case it is difficult to understand how any process of continual improvement can result.

One of these programs are as simple as a checklist, or what many involved call a “tick and flick” exercise. These are barely even educational for the business owner and have no ongoing benefits like reduction of costs or legal protection.

Even where the business owners and or managers spend a lot of time filling in forms and communicating with neighbours, there is often a real lack of understanding of how to identify and varied environmental risks in an individual businesses and why these need to be manage. They can easily miss things and even find they are risking legal implications in areas that are not typical and so not covered by the so called system..

An effective management system needs individual businesses to identify and understand what their environmental risks are or may be. These risks need to be managed and there also needs to be a feedback system going into a regularly reviewed system for continual improvement. This can be enhanced with auditing by qualified independent auditors, whether internal or external; although the greatest benefit does come from employing and independent external auditing body such as a certification body.

There were some early ISO 14001 systems that gave the system a bad name because they were based on outdated engineering and military approaches to ISO systems are overly paper heavy and full of jargon. These were not suitable for small business and farms. These systems have given ISO 140001 a bad name in some circles.

Unfortunately many consultants have come from an old style quality management background without any real understanding of or training in the environment. The training to upgrade from quality auditing only involves doing a three day seminar with a minimal assessment by a training organization. Then they audit with a rigid paper based approach and do a serious disservice to both their clients and to the auditing industry.

Small to medium businesses benefit from a simpler approach based on a real understanding of the issues involved and a genuine understanding of risks. Such systems are based on ISO 14001 and have a real emphasis on keeping things simple and minimizing paperwork. These give very real benefits to the businesses involved.

Sample ISO 9001 Internal Auditing Procedure

1. PURPOSE
The purpose of this procedure is to define the steps that follows in planning, performing, reporting, recording, and following up on internal audits.
conducts internal audits to determine whether the quality management system:
- Conforms to planned arrangements, to the requirements of ISO 9001 and to the quality management system requirements established by (QMS Manual policies, procedures, work instructions, and forms)
- Is effectively implemented and maintained.

2. SCOPE
This procedure applies to all company personnel who are responsible for planning, development, use, and maintenance of the quality management system.

3. DEFINITIONS
None

4. REFERENCES
4.1 Quality Manual,
5. ASSOCIATED DOCUMENTS
5.1 Audit Check List,
5.2 ERC/ERO Procedure,
5.4 Audit Schedule,
5.3 Audit Notebook

6. PROCEDURE
NOTE 1: This procedure is typically initiated about four weeks prior to the execution of an internal audit as called for by ’s audit schedule. The audit schedule is established and maintained by The Quality Assurance Manager.
NOTE 2: Every element in the quality system is audited on a regular basis and at minimum of once per year. Activities are audited more frequently if there are significant changes taking place (i.e., many new hires/high turnover of personnel, modified procedures and work instructions, etc.) or if there is a history of problems in that area.
NOTE 3: Only qualified personnel may perform internal auditing activities. These qualified personnel are classified as internal auditors and have received the following training as a minimum: 1 day training on internal auditing techniques, 1 day training on the ISO 9001 Standard, this training may be performed by previously trained internal auditors.

6.1 AUDIT PLANNING, COORDINATION, AND PREPARATION
6.1.1 The Quality Assurance Manager defines the specific criteria, scope, methods, and objectives for the upcoming internal audit based on the status, maturity, and importance of specific elements in ’s quality system.
Audits shall be carried out to a defined scope and shall be as follows,
a) Planned: as per the internal audit plan
b) Unplanned: arising as a result of,
- Customer complaints
- Following the implementation of actions defined in a corrective action report
- Following the identification of additional or amended procedures for products
NOTE 4: In planning the particular audit, these activities include determining the extent and boundaries of the audit (locations, activities, processes); set of policies, procedures and/or requirements to be audited against; auditing methods; and audit objectives.
6.1.2 The Quality Assurance Manager selects the appropriate auditor to ensure objectivity and impartiality of the audit process.
6.1.3 The Quality Assurance Manager and the auditor review the proposed audit program to ensure that it is consistent with and effective for the defined audit criteria, scope, methods, and objectives.
6.1.4 Prior to the audit date, auditor reviews the appropriate quality system documentation, records of completed corrective and preventive actions, and past audit findings for the activities to be audited, and then develops a checklist covering the quality system elements and activities to be audited.

6.2 INTERNAL QUALITY AUDIT INVESTIGATION

6.2.1 The auditor will contact the personnel in the area being audited at the time indicated on the audit program, and briefly review the audit criteria, scope, methods and objectives with them.
NOTE 5: The checklists only serve as a guide to the auditors, and other areas may be investigated as deemed necessary by the auditors or as requested by the auditee.
6.2.2 When a nonconformance is identified, the auditor presents the nature of the nonconformity and the evidence to the personnel involved for verification, clarification, and addresses any questions or concerns that the personnel may have, as well as to give advice, when requested, regarding any problems which are uncovered.
6.2.3 If the nonconformance is confirmed, then go to step 6.2.5.
6.2.4 If the possible nonconformance requires further clarification the auditor will discuss the situation with the Quality Assurance Manager.
6.2.5 After the facts of the nonconformity are verified (or modified), the auditor either drafts nonconformance statement or documents the necessary information for writing one later.
NOTE 6: The nonconformance statement includes the nature of the nonconformity, the actual evidence obtained, and the nature of the requirement that is not being complied with (i.e., the appropriate ISO 9001 clause number, the appropriate quality system document section/page/paragraph, what the personnel says is the normal practice, contract requirements, statutory regulations, current standards, and any other relevant requirements).

6.3 REPORTING AND FOLLOW-UP
6.3.1 Within 2 weeks of completing the internal audit program, the auditor prepares a brief internal audit report and submits it to The Quality Assurance Manager for review and approval.
NOTE 7: The audit report includes the audit’s criteria, scope, methods and objectives, the names and titles of the audit team members, a summary of general observations (i.e., general degree of compliance and any significant problems encountered), all statements of nonconformities, weaknesses, and/or opportunities for improvement, and verification results for follow-up activities performed during the audit.
6.3.2 The Quality Assurance Manager reviews and approves the internal audit report, and then distributes copies of the report to senior management and the personnel of the audited areas that were directly involved in the audit.
NOTE 8: Any additional comments or observations of the Quality Assurance Manager can be attached to the report, but the auditor’s observations be will not be deleted or modified by The Quality Assurance Manager.
6.3.3 The Quality Assurance Manager request a Engineering Change Request for any nonconformity listed in the Internal Audit Report and for any weaknesses and “opportunities for improvement” identified and documented.
6.3.4 The Quality Assurance Manager updates and maintains the long-range audit schedule based upon the documented results of the audit and the planned corrective and preventive actions.
6.3.5 The Quality Manager shall maintain an audit notebook detailing all internal and external audits carried out.
- Long-range audit schedule
- Internal audit program
- Completed checklists- signed and dated by each auditor
- Audit report

7. REVIEW PROCEDURE
Any suggested improvements or modifications to this procedure are to be passed on to the Quality Assurance Manager for discussion at the next Quality Review Committee meeting.

Management Review IN ISO 9001 Standard

One of the most important factors in determining the success of an ISO 9001 implementation is management commitment and management understanding of what makes a good quality systems. Our turnkey Quality Management System (QMS) gives you everything you need to educate your entire company from top to bottom.

Management review is one of the key elements to building a sustainable quality system. To do this, management must be committed. This means that the management must do more than just say they are committed, they must allocate the resources to make sure that the company can continuously improve quality. Most quality systems fail from the top down! That is why external auditor almost always review the management review documentation every audit. External ISO 9001 auditors look for this commitment by evaluating the management review records. Management reviews should focus on both the quality of the products and the quality of the QMS. In general, it is very simple to maintain compliance of the management review portion of the standard. It can be done with a simple notebook that is maintained as a quality record. The Management review procedure includes a list of documentation that should be included in management review meeting. Management reviews should be done a least once per year and auditors like to see them quarterly.

Under ISO 9001, executive management has defined responsibilities. Although most of the work required to implement and maintain ISO certification is done below the executive level, ISO requires involve of personnel at the top of the organization.

It is the leader of an organization that set the goals and objectives for the quality of the company. It is also the leader that assigns resources (responsibility and authority) throughout the organization. Because of this, the leaders must be kept aware of the status of the quality system and product/service quality so they make good decision.
Much of how the company accomplishes these tasks is covered in the quality manual. Here are the 8 areas that should be address in the quality system to assure compliance to the ISO standard.

Top Management must:

Show A Commitment To The Customer

This requirement includes maintain records showing their commitment to the a customer focus, the quality system and the continuous improvement system. The use of a customer survey program is an excellent way to meet the ISO requirements for a customer focus. It is also an excellent way to keep in touch with your customers.

Make Quality Important

This includes communicating to the organization the importance of meeting the customer regulatory, legal needs as well as their produce or service needs (customer focus). Training and posting quality information around the building can do this.

Establish A Quality Policy

This should include a concise quality statement in conjunction with quality goals and a quality manual. The policy verbiage should include a commitment to continuous improvement. This information must be communicated to and understood by the entire organization.

Establish, Monitor And Update Quality objectives

These objectives should be measurable and should be relevant to all levels of the company. I recommend that they be publicly posted where everyone can see them and their status may also be posted.

Assign Resources

Ensure that resources are available to achieve the quality goals. This is the area where many companies do not meet the requirements but it is very hard to audit this general statement. Resources should be identified and planned. Planning includes manuals, procedure, work instructions and quality plans.

Assign Responsibility And Authority

Ensure that responsibilities and authorities are assigned and communicated to individuals. Responsibilities can be assigned as part of the personnel records ( see training summary sheet). Having authority means that the individual must be empowered to make changes.

Designate A Management Representative

This person will report the QMS status at periodic management reviews and promote awareness of the importance of meeting the customers needs. This is usually the quality, engineering or production manager.

Conduct Periodic Management Reviews

Management review meetings should include inputs from audits, customer feedback, process performance analysis, preventive and corrective actions system, follow-up from previous management meetings and areas for improvement. The output from the management reviews should include resource assignments, action targeting improvement of the products, processes and QMS.

The records for the management review are frequently audited so I recommend keeping a organized notebook with tabs for each management review. The creation of a check sheet (listing all the reports to be shown to top management) will make this periodic task simple to maintain. The check sheet can also be used to keep track of attendance and log feedback that is generated during the meeting.

Corrective and Preventive Actions In ISO 9001 Standard

Corrective and Preventive actions are used to adjust the manufacturing processes, quality system and product documentation to continuously improve product and service quality. This process never ends. Corrective and preventive actions are usually based on an engineering change request and engineering change order system. In general it is recommended that all feedback from internal and external sources be entered into the engineering change request system. This can include customer survey results, customer complaints, nonconforming material data, field failure data, work-in-process testing results, internal audit results, external audit results and suggestions from personnel. The inputs are then entered into the Engineering Change Request System. This system is used to queue workload for the engineering and quality problem solvers. The engineering manager or quality manager then reviews this bulk of requests for prioritization. The highest priority issues are assigned to personnel who create an engineering change order to correct the problem. Some engineering change requests will be denied and the denial will be justified in the ECR system before the item is closed. Other requests will generate an Engineering Change Order that includes an assignment to a project manager. The engineering change order will include complete details on how to correct the problem and when the change will take effect. This system is a closed loop system that will continuously improve quality. The status of the ECR and ECO systems should be used as input for the management review meetings.

The process of managing this data usually requires a database since priorities change on a daily basis and the amount of input can be very large, even at small companies. A database is also advised since the system can be used to generate automated reports that are used in the management reviews. Without constant supervision, engineering requests and change orders can pile up and start dragging down the company.

Corrective and preventive actions are listed separately in the standard to drive home the point that you can not have successful company that only corrects problems, you must prevent problems.

Corrective and preventive actions also go hand-in-hand with the requirement for continuous improvement. If the company is analyzing their mistakes, anticipating future mistakes and continuously improving, The quality of the product and services at the company will eventually be GREAT. The corrective and preventive actions system is the most critical element for an efficient quality system. Corrective and preventive actions are made using Engineering Change Requests (ECR) andEngineering Change Orders (ECO).

Any quality problem or suggestion should generate an ECR. This is the queue for engineering. If the engineering/quality manager decides that an action is required, then an ECO is created and assigned to someone with the resources to correct and prevent future problems.

ECOs should be generated by negative customer feedback, negative trend in product performance, observed areas for improvement, upgrades to documentation, or any other continuous improvement activities. Engineering change orders are the lifeblood of the organization and they must always be flowing to keep the organization strong and growing.

With this in mind, it is critical that the engineering change order system quick, simple and effective. I highly recommend the use of a database for managing ECRs and ECOs. This will give you a searchable history of changes to your products and is the best tool for continuous improvement.

About ISO 14001:2004 Standards

The ISO 14001 aims to reduce the environmental carbon footprints that many businesses leave behind today because of not taking the right steps to be environmental sustainable. This standard promotes the decrease in the waste of necessary business resources and also reduces the pollution that can sometimes be a by product of a business.

About ISO 14001

The most updated version of the ISO 14001 was released in the year 2004 by the International Organisation of Standardization (ISO), which was attended by members from all the committees from around the world. In order for a company to be awarded the ISO 14001 standard certificate, an external auditor has to audit the company by an audit body that has been accredited by an accreditation body. The certification auditors are required to be accredited by the International Registrar of Certification Auditor and the certification body has to be accredited by the Registrar Accreditation Board in the USA or by the National Accreditation Board in Ireland.

The structure of ISO 14001 is very much like the ISO 9000, which is management standard, so these two standards can be implemented side by side to achieve the best results. As a part of the ISO 14000family, which deals with different aspects of environmental issues, ISO 14001:2004 and ISO 14002 deal with environmental management system (EMS). ISO 14001 gives the requirements for the

EMS and ISO 14002 gives the basic guidelines for EMS.

Environmental Management System with ISO 14001:2004

The EMS, as per the requirements of the ISO 14001, enables the company, may it be of any size, location and income to:

• It helps the company improve its environmental strategy and this positively affects their environmental performance.
• It helps in identifying and controlling the environmental impact that the activities, services or products of the company might have.
• And it helps in carrying out a systematic approach to set environmental targets and objectives, to achieve these and also to demonstrate that they have been achieved.

How does it work?

ISO 14001 does not specify or chalk out a definite level that each business has to reach. If the performance was determined, then it would have to be done for every specific business. But that is not how it works and has a very different approach, like:

• The ISO has various standards dealing with environmental issues. ISO 14001 deals with a framework provided for a strategic and holistic approach to the businesses environmental policy, actions and plans.
• It gives the general requirements for the EMS.
• This also states the reference to the communication requirements for the communication of the environmental management issues between the company, stakeholders, the public and the regulators.
• As these standards are not company specific, any and every business can undertake them as long as they are dedicated to the continued and improved environmental performance and they have a commitment to comply with the set norms.

About ISO 14001:2004 Standards

The ISO 14001 aims to reduce the environmental carbon footprints that many businesses leave behind today because of not taking the right steps to be environmental sustainable. This standard promotes the decrease in the waste of necessary business resources and also reduces the pollution that can sometimes be a by product of a business.

About ISO 14001

The most updated version of the ISO 14001 was released in the year 2004 by the International Organisation of Standardization (ISO), which was attended by members from all the committees from around the world. In order for a company to be awarded the ISO 14001 standard certificate, an external auditor has to audit the company by an audit body that has been accredited by an accreditation body. The certification auditors are required to be accredited by the International Registrar of Certification Auditor and the certification body has to be accredited by the Registrar Accreditation Board in the USA or by the National Accreditation Board in Ireland.

The structure of ISO 14001 is very much like the ISO 9000, which is management standard, so these two standards can be implemented side by side to achieve the best results. As a part of the ISO 14000family, which deals with different aspects of environmental issues, ISO 14001:2004 and ISO 14002 deal with environmental management system (EMS). ISO 14001 gives the requirements for the

EMS and ISO 14002 gives the basic guidelines for EMS.

Environmental Management System with ISO 14001:2004

The EMS, as per the requirements of the ISO 14001, enables the company, may it be of any size, location and income to:

• It helps the company improve its environmental strategy and this positively affects their environmental performance.
• It helps in identifying and controlling the environmental impact that the activities, services or products of the company might have.
• And it helps in carrying out a systematic approach to set environmental targets and objectives, to achieve these and also to demonstrate that they have been achieved.

How does it work?

ISO 14001 does not specify or chalk out a definite level that each business has to reach. If the performance was determined, then it would have to be done for every specific business. But that is not how it works and has a very different approach, like:

• The ISO has various standards dealing with environmental issues. ISO 14001 deals with a framework provided for a strategic and holistic approach to the businesses environmental policy, actions and plans.
• It gives the general requirements for the EMS.
• This also states the reference to the communication requirements for the communication of the environmental management issues between the company, stakeholders, the public and the regulators.
• As these standards are not company specific, any and every business can undertake them as long as they are dedicated to the continued and improved environmental performance and they have a commitment to comply with the set norms.

Quality Management System Preliminary Gap Analysis

Quality Management System Preliminary Gap Analysis

Decide on a number from 0 to 5 for each item below. The scoring criteria are given in a table at the end. 1 to 5 Make notes to explain your score for future reference.

1. Have you established, documented, implemented and now maintain a Quality Management System (QMS) to any system including ISO 9001?

2. Have you identified the processes needed for your QMS and

a. the sequence of your production and service delivery processes,

b. the criteria and methods needed to ensure the processes are effective, and3. Do you have

c. have the resources and the information you need to support the processes?

d. a Quality Manual including your Quality Policy and quality objectives, and

e. written procedures and work instructions?

4. Do your records provide evidence that your business processes are effective?6. Has your Top Management communicated the importance of meeting customer and other business requirements to all the employees?9. Are your quality objectives measurable?

5. Is your Top Management committed to the development and implementation of a new QMS (i.e. based on the 2008 version of ISO 9001)?

7. Has your Top Management made a commitment to ensure your customers’ requirements are top priority?

8. Do your quality objectives include requirements for production and delivery?

10. Have the responsibilities and authorities of managers and employees been defined and communicated to them?

11. Does your management have the drive and resources needed

a. to implement, and maintain a QMS and continually improve its effectiveness, and

b. to enhance customer satisfaction by meeting customer requirements?

12. Does your organization have procedures to select competent personnel for work activities?

13. Does your organization provide training or take other action to help develop your people?

14. Does your organization provide adequate:

a. buildings, workspace and utilities,

b. process equipment, and

c. supporting services such as transport or communication?

15. When you receive a customer order do you review it for

a. requirements specified by the customer, including the delivery and post-delivery activities,

b. requirements not stated by the customer but necessary for specified use or known and intended use, and

c. statutory and regulatory requirements related to the product?

16. Do you inform your customers concerning

a. product information,

b. enquiries, contracts or order handling, including changes, and

c. channels for customer feedback and complaints?

17. Does your organization plan and control product design and development activities?

18. Does your organization maintain records of design or development review, verification and validation activities and resulting action?

19. Does your organization inspect or otherwise confirm that purchased products, materials, components and services conform to your specified purchase requirements?

20. Does your organization select suppliers depending on how important the purchased product is for production?

21. Does your organization evaluate suppliers (subcontractors or vendors) based on their ability to satisfy your requirements?

22. Do you ensure production has

a. the information that describes the characteristics of the product,

b. the necessary work instructions,

c. suitable equipment, and

d. the monitoring and measuring devices needed?

23. Does your organization regularly confirm that your production and service processes are capable of consistently meeting your requirements?

24. Are parts, components, subassemblies and products identified throughout production or service delivery?

25. Are monitoring and measurement requirements clearly shown with the status of the product?

26. Where traceability is a requirement, does production keep records of unique product identification?

27. Do you care for and protect customers’ property under your control or being used by your people?

28. Do you look after your product (including the parts or components) during both production and delivery to the customer, by providing suitable identification, packaging, storage, preservation and handling?

29. Do you have instructions needed to identify inspection or monitoring activities to be done during production or service delivery and the devices to be used?

30. Is your measuring equipment:

a. Calibrated or verified at specified intervals, or prior to use?

b. Adjusted or re-adjusted as necessary?

c. Identified to enable the calibration status to be determined?

d. Safeguarded from adjustments that would invalidate the measurement result?

e. Protected from damage and deterioration during handling, maintenance and storage?

31. Does your organization monitor customer information that shows you have satisfied customer requirements?

32. Does your organization conduct internal quality audits at planned intervals?

33. Does your organization use suitable methods to monitor and, where practical, measure the performance of your processes?

34. Does your organization inspect or measure the characteristics of finished products and record the results?

35. Does your organization identify nonconforming products and review them for disposition?

36. Does your organization collect and analyze data to assess the suitability and effectiveness of the QMS?

37. Does your organization use data to evaluate or identify where continual improvement of the QMS can be made?

38. Does your organization continually improve the effectiveness of the QMS?

39. Does your organization take corrective action to eliminate the causes of problems and to prevent their recurrence?

40. Does your organization determine and eliminate potential nonconformities in order to prevent their occurrence?

To score this table:

0 – You do not understand what is required or believe it is necessary

1 – Your organization does not perform this activity

2.- You understand this activity is a good thing to do but do not do it

3 – You do this sometimes

4 – You do this but not very well

5 – You do this quite well.

Add all the points together.

150 – 200

You are almost ready to complete your ISO 9001 QMS and apply for certification/

registration.

100 – 149

You are ready to implement the QMS. This will likely improve your business results.

0 – 99

You have a lot to do but should begin. You could consider seeking help from a

consultant or specialist.

ISO 9001 — a way of managing for conformance

Quality assurance, according to the Standard, is a way of managing that prevents non-conformance and thus “assures quality”. This is what makes ISO 9001 different from other standards: it is a management standard, not a product standard. It goes beyond product standardisation: it is standardising not what is made but how it is made. To use standards to dictate and control how organisations work was to extend the role of standards to new territory. To take such a step we might have firstly established that any such requirements worked — that they resulted in ways of working which improved performance.

Yet the plausibility of this Standard, and the fact that those who had an interest in maintaining it were (and still are) leading opinion, prevented such enquiries. In simple terms the Standard asks managers to say what they do, do what they say and prove it to a third party.

ISO 9000 (1994) paragraph 1: “The requirements specified are aimed primarily at achieving customer satisfaction by preventing non-conformity at all stages from design through servicing.”

To put it another way, the Standard asserts that preventing non-conformance achieves customer satisfaction. But does it? Of course it matters to customers that a product works. But there is no guarantee that the Standard will ensure even that. Furthermore, customers take a total view of an organisation — how easy it is to do business with — in respect of all things of importance to each and every customer.

ISO 9001 requires managers to “establish and maintain a documented quality system as a means of ensuring that product conforms to specified requirements”. Loosely translated this is “say what you do”. Management is supposed to “define and document its policy for quality . . . including its commitment to quality”.

What management would not declare its commitment to quality? But would they know what it means? Would they argue (as they should) that quality management is a different and better way to do business, or would they believe that ISO 9000 will take care of quality? The Standard encourages managers to think of “quality” and “business as usual” as separate and distinct. It helps managers avoid the revelation that quality means a wholly different view of management. Instead, the organisation “shall appoint a management representative who, irrespective of other responsibilities, shall have defined authority and responsibility” [for ISO 9000]. At a practical level this means only one executive might decide he or she had better learn a thing or two about quality. However, would being responsible for ISO 9001 lead to learning about quality or simply enforcing the ISO 9000 regime in an organisation?

Key to the regime is auditing. The Standard requires organisations to conduct internal quality audits to “verify whether quality activities comply with planned arrangements”. This can be loosely translated as “do you do as you say?” and the purpose of the audit is to see that you do. It was not until the 1994 review that the words were changed to “quality activities and related results”. It was a Standard which was rooted in the philosophy of inspection: fifteen years after its initial promulgation the promoters sought to extend the focus to results. But results or improvements assessed by what means? Inspection. By the time the Standard was adopted world-wide, quality thinking had moved a long way from the philosophy of inspection. It is now understood, at least by a few, that quality is achieved through managing the organisation as a system and using measures which enable managers to improve flow and reduce variation (which we explore in chapters 5 and 7). The defenders argue that there is nothing stopping a company having ISO 9000 and implementing methods for managing flow and reducing variation, but where are such companies? Few of the companies we researched, formally and informally, knew anything about this thinking. The Standard does not talk about it; moreover, the Standard effectively discourages managers from learning about it by representing quality in a different way.

According to ISO 8402 (quality vocabulary), quality is:

“The totality of features and characteristics of a product or service that bear on its ability to satisfy stated or implied needs.”

Everything we have learned about ISO 9000 suggests that the people who created this definition were thinking about the things which need to be controlled, those things which “bear on its ability . . .”. The builders of the Standard assumed that customer needs would be listed in contractual agreements between the supplier and customer. ISO 9000 has a “make” logic — procedures for “how you do what you do” — and a “control” logic — check to see that it is done. It is a relic of the era when contractual agreements were perceived to be an important device for regulating the behaviour of suppliers. In these ways, ISO 9000 encouraged “planning for quality”.

Planning for quality sounds plausible, but it assumes many things: that the plan is the right plan, that it is feasible, that people will “do it”, that performance will improve. It is an approach which, paradoxically, leads to poor decisions. Planners of quality systems, guided by ISO 9000, start with a view of how the world should be as framed by the Standard. Understanding how an organisation is working, rather than how someone thinks it should, is a far better place from which to start change of any kind.