ISO 9001:2008 Documentation Requirements
ISO 9001:2008 clause 4.1 General requirements requires an organization to “establish, document, implement, and maintain a quality management system and continually improve its effectiveness in accordance with the requirements of this International Standard”
ISO 9001:2008 Clause 4.2.1 General explains that the quality management system documentation shall include:
documented statements of a quality policy and quality objectives;
a quality manual
documented procedures required by this International Standard
documents needed by the organization to ensure the effective planning, operation and control of its processes, and
records required by this International Standard;
The notes after Clause 4.2 make it clear that where the standard specifically requires a “documented procedure”, the procedure has to be established, documented, implemented and maintained. It also emphasizes that the extent of the QMS documentation may differ from one organization to another due to:
the size of organization and type of activities;
the complexity of processes and their interactions, and
the competence of personnel.
All the documents that form part of the QMS have to be controlled in accordance with clause 4.2.3 of ISO 9001:2008, or, for the particular case of records, according to clause 4.2.4.
Guidance on Clause 4.2 of ISO 9001:2008
The following comments are intended to assist users of ISO 9001:2008 in understanding the intent of the general documentation requirements of the International Standard.
a) Documented statements of a quality policy and objectives:
Requirements for the quality policy are defined in clause 5.3 of ISO 9001:2008. The documented quality policy has to be controlled according to the requirements of clause 4.2.3.Note: Organizations that are revising their quality policy for the first time, or in order to meet the amended requirements in ISO 9001:2008, should pay particular attention to clause 4.2.3 (c), (d) and (g).
Requirements for quality objectives are defined in clause 5.4.1 of ISO 9001:2008. These documented quality objectives are also subject to the document control requirements of clause 4.2.3.
b) Quality Manual:
Clause 4.2.2 of ISO 9001:2008 specifies the minimum content for a quality manual. The format and structure of the manual is a decision for each organization, and will depend on the organization’s size, culture and complexity. Some organizations may choose to use the quality manual for other purposes besides that of simply documenting the QMS
A small organization may find it appropriate to include the description of its entire QMS within a single manual, including all the documented procedures required by the standard.
Large, multi-national organizations may need several manuals at the global, national or regional level, and a more complex hierarchy of documentation.
The quality manual is a document that has to be controlled in accordance with the requirements of clause 4.2.3.
c) Documented procedures:
ISO 9001:2008 specifically requires the organization to have “documented procedures” for the following six activities:4.2.3 Control of documents4.2.4 Control of records8.2.2 Internal audit8.3 Control of nonconforming product8.5.2 Corrective action8.5.3 Preventive action
These documented procedures have to be controlled in accordance with the requirements of clause 4.2.3
Some organizations may find it convenient to combine the procedure for several activities into a single documented procedure (for example, corrective action and preventive action). Others may choose to document a given activity by using more than one documented procedure (for example, internal audits). Both are acceptable.
Some organizations (particularly larger organizations, or those with more complex processes) may require additional documented procedures (particularly those relating to product realization processes) to implement an effective QMS.
Other organizations may require additional procedures, but the size and/or culture of the organization could enable these to be effectively implemented without necessarily being documented. However, in order to demonstrate compliance with ISO 9001:2008, the organization has to be able to provide objective evidence (not necessarily documented) that its QMS has been effectively implemented.
d) Documents needed by the organization to ensure the effective planning, operation and control of its processes:
In order for an organization to demonstrate the effective implementation of its QMS, it may be necessary to develop documents other than documented procedures. However, the only documents specifically mentioned in ISO 9001:2008 are:- Quality policy (clause 4.2.1.a)- Quality objectives (clause 4.2.1.a)- Quality manual (clause 4.2.1.b)
There are several requirements of ISO 9001:2008 where an organization could add value to its QMS and demonstrate conformity by the preparation of other documents, even though the standard does not specifically require them. Examples may include:- Process maps, process flow charts and/or process descriptions- Organization charts- Specifications- Work and/or test instructions- Documents containing internal communications- Production schedules- Approved supplier lists- Test and inspection plans- Quality plans
All such documents have to be controlled in accordance with the requirements of clause 4.2.3 and/or 4.2.4, as applicable
e) Records:
Examples of records specifically required by ISO 9001:2008 are presented in Annex B.
Organizations are free to develop other records that may be needed to demonstrate conformity of their processes, products and quality management system.
Requirements for the control of records are different from those for other documents, and all records have to be controlled according to those of clause 4.2.4 of ISO 9001:2008.
Monday, August 31, 2009
Establishing a ISO 9001 records procedure
The standard requires records to remain legible, readily identifiable and retrievable and that a procedure defines the controls needed for the identification, storage, protection, retrieval, retention time and disposition of records. Records have a life cycle. They are generated during
which time they acquire an identity and are then assigned for storage for a prescribed period. During use and storage they need to be protected from inadvertent or malicious destruction and as they may be required to support current activities or investigations, they need to be brought out of storage quickly. When their usefulness has lapsed, a decision is made as to whether to
retain them further or to destroy them. Readily retrievable means that records can be obtained on demand within a reasonable period (hours not days or weeks) Readily identifiable means that
the identity can be discerned at a glance.
Although the requirement implies a single procedure, several may be necessary because there are several unconnected tasks to perform. A procedure cannot in fact ensure a result. It may prescribe a course of action which if followed may lead to the correct result, but it is the process that ensures the result not the procedure.
The revised requirement omits several aspects covered in clause 4.16 of the 1994 version.
Collection of records is now addressed by Analysis of data (clause 8.4)
Indexing of records is a specific form of identification and is therefore already addressed
Access is now addressed by the requirement for record retrieval
Filing is a specific form of storage and is therefore already addressed
You may only need one procedure which covers all the requirements but this is not always practical. The provisions you make for specific records should be included in the documentation for controlling the activity being recorded. For example, provisions for inspection records should be included in the inspection procedures; provisions for design review records should be included in the design review procedure. Within such procedures you should provide the forms (or content requirement for the records), the identification, collection/ submission provisions, the indexing and filing provisions. It may be more practical to cover the storage, disposal and retention provisions in separate procedures because they may not be type-dependent. Where each department retains their own records, these provisions may vary and therefore warrant
separate procedures.
Unlike prescriptive documents, records may contain handwritten elements and therefore it is important that the handwriting is legible. If this becomes a problem, you either improve discipline or consider electronic data capture.
Records also become soiled in a workshop environment so may need to be protected to remain legible. With electronically captured data, legibility is often not a problem. However, photographs and other scanned images may not transfer as well as the original and lose detail so care has to be taken in selecting appropriate equipment for this task.
Whatever the records, they should carry some identification in order that you can determine what they are, what kind of information they record and what they relate to. A simple way of doing this is to give each record a reference number and a name or title in a prominent location on the record.
1994 –2000 Differences
Previously the standard covered retrieval in four ways. It required:
(a) that quality records be made available for evaluation by the customer or his representative for an agreed period, where agreed contractually
Records can take various forms – reports containing narrative, computer data, and forms containing data in boxes, graphs, tables, lists and many others. Where forms are used to collect data, they should carry a form number and name as their identification. When completed they should carry a serial number to give each a separate identity. Records should also be traceable to the product or service they represent and this can be achieved either within the reference number or separately, provided that the chance of mistaken identity is eliminated. The standard does not require records to be identifiable to the product involved but unless you do make such
provision you will not be able to access the pertinent records or demonstrate conformance to specified requirements.
which time they acquire an identity and are then assigned for storage for a prescribed period. During use and storage they need to be protected from inadvertent or malicious destruction and as they may be required to support current activities or investigations, they need to be brought out of storage quickly. When their usefulness has lapsed, a decision is made as to whether to
retain them further or to destroy them. Readily retrievable means that records can be obtained on demand within a reasonable period (hours not days or weeks) Readily identifiable means that
the identity can be discerned at a glance.
Although the requirement implies a single procedure, several may be necessary because there are several unconnected tasks to perform. A procedure cannot in fact ensure a result. It may prescribe a course of action which if followed may lead to the correct result, but it is the process that ensures the result not the procedure.
The revised requirement omits several aspects covered in clause 4.16 of the 1994 version.
Collection of records is now addressed by Analysis of data (clause 8.4)
Indexing of records is a specific form of identification and is therefore already addressed
Access is now addressed by the requirement for record retrieval
Filing is a specific form of storage and is therefore already addressed
You may only need one procedure which covers all the requirements but this is not always practical. The provisions you make for specific records should be included in the documentation for controlling the activity being recorded. For example, provisions for inspection records should be included in the inspection procedures; provisions for design review records should be included in the design review procedure. Within such procedures you should provide the forms (or content requirement for the records), the identification, collection/ submission provisions, the indexing and filing provisions. It may be more practical to cover the storage, disposal and retention provisions in separate procedures because they may not be type-dependent. Where each department retains their own records, these provisions may vary and therefore warrant
separate procedures.
Unlike prescriptive documents, records may contain handwritten elements and therefore it is important that the handwriting is legible. If this becomes a problem, you either improve discipline or consider electronic data capture.
Records also become soiled in a workshop environment so may need to be protected to remain legible. With electronically captured data, legibility is often not a problem. However, photographs and other scanned images may not transfer as well as the original and lose detail so care has to be taken in selecting appropriate equipment for this task.
Whatever the records, they should carry some identification in order that you can determine what they are, what kind of information they record and what they relate to. A simple way of doing this is to give each record a reference number and a name or title in a prominent location on the record.
1994 –2000 Differences
Previously the standard covered retrieval in four ways. It required:
(a) that quality records be made available for evaluation by the customer or his representative for an agreed period, where agreed contractually
Records can take various forms – reports containing narrative, computer data, and forms containing data in boxes, graphs, tables, lists and many others. Where forms are used to collect data, they should carry a form number and name as their identification. When completed they should carry a serial number to give each a separate identity. Records should also be traceable to the product or service they represent and this can be achieved either within the reference number or separately, provided that the chance of mistaken identity is eliminated. The standard does not require records to be identifiable to the product involved but unless you do make such
provision you will not be able to access the pertinent records or demonstrate conformance to specified requirements.
Preparing the ISO 9001 quality manual
The standard requires a quality manual to be establishedand maintained that includes the scope of the qualitymanagement system, the documented procedures or refer-ence to them and a description of the sequence andinteraction of processes included in the quality manage-ment system.
ISO 9000 defines a quality manual as a documentspecifying the quality management system of an organi-zation. It is therefore not intended that themanual be a response to the requirements ofISO 9001. As the top-level document describingthe management system it is a system descriptiondescribing how the organization is managed.Countless quality manuals produced to satisfy ISO 9000 :2008, were nomore than 20 sections that paraphrased the requirements of the standard.Such documentation adds no value. They are of no use to managers, staff orauditors. Often thought to be useful to customers, organizations would gainno more confidence from customers than would be obtained from theirregistration certificate.
This requirement responds to the System Approach Principle.A description of the management system is necessary as a means of showinghow all the processes are interconnected and how they collectively deliver thebusiness outputs. It has several uses as :a means to communicate the vision, values, mission, policies and objectivesof the organizationa means of showing how the system has been designeda means of showing linkages between processesa means of showing who does whatan aid to training new peoplea tool in the analysis of potential improvementsa means of demonstrating compliance with external standards and regulations
When formulating the policies, objectives and identifying the processes toachieve them, the manual provides a convenient vehicle for containing suchinformation. If left as separate pieces of information, it may be more difficult tosee the linkages.The requirement provides the framework for the manual. Its content maytherefore include the following:1 Introduction(a) Purpose (of the manual)(b) Scope (of the manual)(c) Applicability (of the manual)(d) Definitions (of terms used in the manual)2 Business overview(a) Nature of the business/organization – its scope of activity, its productsand services(b) The organization’s interested parties (customers, employees, regulators,shareholders, suppliers, owners etc.)(c) The context diagram showing the organization relative to its externalenvironment(d) Vision, values(e) Mission3 Organization(a) Function descriptions(b) Organization chart(c) Locations with scope of activity4 Business processes(a) The system model showing the key business processes and how they areinterconnected(b) System performance indicators and method of measurement(c) Business planning process description(d) Resource management process description(e) Marketing process description(f) Product/service generation processes description(g) Sales process description(h) Order fulfilment process description5 Function matrix (Relationship of functions to processes)6 Location matrix (Relationship of locations to processes)7 Requirement deployment matrices(a) ISO 9001 compliance matrix(b) ISO 14001 compliance matrix(c) Regulation compliance matrices (FDA, Environment, Health, Safety,CAA etc.)8 Approvals (List of current product, process and system approvals)
ISO 9000 defines a quality manual as a documentspecifying the quality management system of an organi-zation. It is therefore not intended that themanual be a response to the requirements ofISO 9001. As the top-level document describingthe management system it is a system descriptiondescribing how the organization is managed.Countless quality manuals produced to satisfy ISO 9000 :2008, were nomore than 20 sections that paraphrased the requirements of the standard.Such documentation adds no value. They are of no use to managers, staff orauditors. Often thought to be useful to customers, organizations would gainno more confidence from customers than would be obtained from theirregistration certificate.
This requirement responds to the System Approach Principle.A description of the management system is necessary as a means of showinghow all the processes are interconnected and how they collectively deliver thebusiness outputs. It has several uses as :a means to communicate the vision, values, mission, policies and objectivesof the organizationa means of showing how the system has been designeda means of showing linkages between processesa means of showing who does whatan aid to training new peoplea tool in the analysis of potential improvementsa means of demonstrating compliance with external standards and regulations
When formulating the policies, objectives and identifying the processes toachieve them, the manual provides a convenient vehicle for containing suchinformation. If left as separate pieces of information, it may be more difficult tosee the linkages.The requirement provides the framework for the manual. Its content maytherefore include the following:1 Introduction(a) Purpose (of the manual)(b) Scope (of the manual)(c) Applicability (of the manual)(d) Definitions (of terms used in the manual)2 Business overview(a) Nature of the business/organization – its scope of activity, its productsand services(b) The organization’s interested parties (customers, employees, regulators,shareholders, suppliers, owners etc.)(c) The context diagram showing the organization relative to its externalenvironment(d) Vision, values(e) Mission3 Organization(a) Function descriptions(b) Organization chart(c) Locations with scope of activity4 Business processes(a) The system model showing the key business processes and how they areinterconnected(b) System performance indicators and method of measurement(c) Business planning process description(d) Resource management process description(e) Marketing process description(f) Product/service generation processes description(g) Sales process description(h) Order fulfilment process description5 Function matrix (Relationship of functions to processes)6 Location matrix (Relationship of locations to processes)7 Requirement deployment matrices(a) ISO 9001 compliance matrix(b) ISO 14001 compliance matrix(c) Regulation compliance matrices (FDA, Environment, Health, Safety,CAA etc.)8 Approvals (List of current product, process and system approvals)
Scope of the ISO 9001 quality management system
The standard requires the quality manual to include the scope of the quality management system including details of justification for any exclusion.
The standard addresses activities that may not be relevant or applicable to an organization. The permissible exclusions are explained in section 1.2 of ISO 9001. Here it states that the organization may only exclude requirements that neither affect the organization’s ability, nor its responsibility to provide product that meets customer and applicable regulatory requirements. The requirements for which exclusion is permitted are limited to those in section 7 of the standard.
Under ISO 9000 :2008, it was possible for organizations to exclude functions and processes of their organization that may have been difficult to control or were not part of the order fulfilment cycle. Organizations that designed their own products but not for specific customers could escape bringing these operations into the management system. Marketing was omitted because itoperated before placement of order. Accounting, Administration, Maintenance, Publicity, Public Relations and After Sales Support functions were often omitted because there were no requirements in the standard that specifically dealt with such activities. As there is no function in an organization that does not directly or indirectly serve the satisfaction of interested parties, it is unlikely that any function or process will now be excluded from the management system.
This requirement responds to the System Approach Principle.It is sensible to describe the scope of the management system so as to ensure effective communication. The scope of the management system is one area that generates a lot of misunderstanding particularly when dealing with auditors, consultants and customers. When you claim you have a management system that meets ISO 9001 it could imply that you design, develop, install and service the products you supply, when in fact you may only be a distributor.
Why you need to justify specific exclusions is uncertain because it is more practical tojustify inclusions.
The scope of the management system is the scope of the organization. There is no longer any reason to exclude locations, activities, functions or processes for which there is no requirement in the standard. The reason is because the ISO 9000 family now serves customer satisfaction and is not limited to quality assurance as were the 1994 versions of ISO 9001, ISO 9002 and ISO 9003.
It is not appropriate to address exclusions by inserting pages in the manual corresponding to the sections of the standard and adding justification if not within the scope of the management system – such as ‘We don’t do this!’. It is much more appropriate to use an appendix as indicated previously in the manual contents list. By describing the nature of the business, you are establishing boundary conditions. If in doing so you do not mention that you design products, it will be interpreted that design is not applicable. For exclusions relative to detail requirements, the Compliance Matrix may suffice but for an unambiguous solution, it is preferable to produce an exposition that addresses each requirement of the standard.
The standard addresses activities that may not be relevant or applicable to an organization. The permissible exclusions are explained in section 1.2 of ISO 9001. Here it states that the organization may only exclude requirements that neither affect the organization’s ability, nor its responsibility to provide product that meets customer and applicable regulatory requirements. The requirements for which exclusion is permitted are limited to those in section 7 of the standard.
Under ISO 9000 :2008, it was possible for organizations to exclude functions and processes of their organization that may have been difficult to control or were not part of the order fulfilment cycle. Organizations that designed their own products but not for specific customers could escape bringing these operations into the management system. Marketing was omitted because itoperated before placement of order. Accounting, Administration, Maintenance, Publicity, Public Relations and After Sales Support functions were often omitted because there were no requirements in the standard that specifically dealt with such activities. As there is no function in an organization that does not directly or indirectly serve the satisfaction of interested parties, it is unlikely that any function or process will now be excluded from the management system.
This requirement responds to the System Approach Principle.It is sensible to describe the scope of the management system so as to ensure effective communication. The scope of the management system is one area that generates a lot of misunderstanding particularly when dealing with auditors, consultants and customers. When you claim you have a management system that meets ISO 9001 it could imply that you design, develop, install and service the products you supply, when in fact you may only be a distributor.
Why you need to justify specific exclusions is uncertain because it is more practical tojustify inclusions.
The scope of the management system is the scope of the organization. There is no longer any reason to exclude locations, activities, functions or processes for which there is no requirement in the standard. The reason is because the ISO 9000 family now serves customer satisfaction and is not limited to quality assurance as were the 1994 versions of ISO 9001, ISO 9002 and ISO 9003.
It is not appropriate to address exclusions by inserting pages in the manual corresponding to the sections of the standard and adding justification if not within the scope of the management system – such as ‘We don’t do this!’. It is much more appropriate to use an appendix as indicated previously in the manual contents list. By describing the nature of the business, you are establishing boundary conditions. If in doing so you do not mention that you design products, it will be interpreted that design is not applicable. For exclusions relative to detail requirements, the Compliance Matrix may suffice but for an unambiguous solution, it is preferable to produce an exposition that addresses each requirement of the standard.
Managing processes In ISO 9001 Standard
The standard requires the organization to manage the identified processes in accordance with the requirements of ISO 9001. The first stage in managing a process is to establish what it is you are trying to achieve, what requirements you need to satisfy, what goals you are aiming at; then establish how you will measure your achievements. The next stage is to define the process you will employ to deliver the results. Managing the process then involves managing all the inherentcharacteristics of the process in such a manner that the requirements of customers and interested parties are fulfilled by the process outcomes. This means:Managing the process inputsManaging the workManaging the physical resourcesManaging the financial resourcesManaging the human resourcesManaging the constraintsManaging the outputs
Process management is therefore much more than managing activities and therefore when describing processes, one needs more than a flow chart of activities. The chart is a diagrammatical representation of a process but only one aspect. One can also add numerical data to the charts to indicate resources, cycle times, delays, costs etc. but the intangible factors of the human environment cannot be reduced to numerical data to add to the charts.
The notes to clause 4.1 of ISO 9001 need some explanation. It is stated that the processes needed for the management system include management activities, provision of resources, product realization and measurement. This note could cause confusion because it suggests that these are the processes that are needed for the management system. It would be unwise to use this as the model and far better to identify the processes from observing how the business operates. The term provision of resources should be Resource Management, which is thecollection of processes covering financial, human and physical resources.
Product realization is also a collection of processes such as design, production, service delivery, etc. Measurement is not a single process but a sub-process within each process. Grouping all the measurement processes together serves no useful purpose except it matches the standard – a purpose of little value in managing the organization.
The second note refers to outsourcing processes although it is difficult to imagine that management activities, product realization or measurement would be outsourced in its entirety. It is likely that market research; design, product verification, equipment calibration and other specialized services may be outsourced. While outsourcing comes under purchasing, it is correct to point out that the organization should control any outsourced processes. The supplier of the process is usually referred to as a subcontractor because they provide services to the organization’s requirements not their own. Control of subcontractors is covered by clause 7.4 but in meeting clause 7.4.3, you need to treat suppliers and subcontractors differently.
Process management is therefore much more than managing activities and therefore when describing processes, one needs more than a flow chart of activities. The chart is a diagrammatical representation of a process but only one aspect. One can also add numerical data to the charts to indicate resources, cycle times, delays, costs etc. but the intangible factors of the human environment cannot be reduced to numerical data to add to the charts.
The notes to clause 4.1 of ISO 9001 need some explanation. It is stated that the processes needed for the management system include management activities, provision of resources, product realization and measurement. This note could cause confusion because it suggests that these are the processes that are needed for the management system. It would be unwise to use this as the model and far better to identify the processes from observing how the business operates. The term provision of resources should be Resource Management, which is thecollection of processes covering financial, human and physical resources.
Product realization is also a collection of processes such as design, production, service delivery, etc. Measurement is not a single process but a sub-process within each process. Grouping all the measurement processes together serves no useful purpose except it matches the standard – a purpose of little value in managing the organization.
The second note refers to outsourcing processes although it is difficult to imagine that management activities, product realization or measurement would be outsourced in its entirety. It is likely that market research; design, product verification, equipment calibration and other specialized services may be outsourced. While outsourcing comes under purchasing, it is correct to point out that the organization should control any outsourced processes. The supplier of the process is usually referred to as a subcontractor because they provide services to the organization’s requirements not their own. Control of subcontractors is covered by clause 7.4 but in meeting clause 7.4.3, you need to treat suppliers and subcontractors differently.
Sunday, August 30, 2009
ISO 9001 / ISO 14001 Video
Watch ISO 14001 Video at http://www.youtube.com/watch?v=KUxbyQUGSnU
Watch ISO 9001 Video at http://www.youtube.com/watch?v=G8WI2MgyS7w
Watch ISO 9001 Video at http://www.youtube.com/watch?v=G8WI2MgyS7w
Thursday, August 27, 2009
ISO 9000 Series and Six Sigma
ISO (International Organization for Standardization) 9000 series standards were first published in 1987, revised in 1994, and re-revised in 2000 by the ISO. The 2000 revision, denoted by ISO 9000:2000, has attracted broad expectations in industry.
As of the year 2001, more than 300,000 organizations world-wide have been certified to the ISO 9000 series standards. It embodies a consistent pair of standards, ISO 9001:2000 and ISO 9004:2000, both of which have been significantly updated and modernized. The ISO 9001:2000 standard specifies requirements for a quality management system for which third-party certification is possible, whereas ISO 9004:2000 provides guide- lines for a comprehensive quality management system and performance improvement through Self-Assessment.
The origin and historical development of ISO 9000 and Six Sigma are very different. The genesis of ISO 9000 can be traced back to the standards that the British aviation industry and the U.S. Air Force developed in the 1920s to reduce the need for inspection by approving the conformance of suppliers’ product quality. These standards developed into requirements for suppliers’ quality assurance systems in a number of western countries in the 1970s. In 1987 they were amalgamated into the ISO 9000 series standards.
Independent of ISO 9000, the same year also saw the launch of Six Sigma at Motorola and the launch of Self-Assessment by means of the Malcolm Baldrige National Quality Award in USA. Both Six Sigma and Self-Assessment can be traced back to Walter A. Shewhart and his work on variation and continuous improvement in the 1920s. It was Japanese industry that pioneered a broad application of these ideas from the 1950s through to the 1970s. When variation and continuous improvement caught the attention of some of the American business leaders in the late 1980s, it took the form of the Malcolm Baldrige National Quality Award, on a national level, and of Six Sigma at Motorola.
Some people are wondering if the ISO 9000:2000 series standards make Six Sigma superfluous. They typically refer to clause 8 of ISO 9001: “Measurement, analysis, improvement.”
It requires that companies install procedures in operations for the measurement of processes and data analysis using statistical techniques with the demonstration of continuous improvement . They also partly refer to the ISO 9004:2000 standards that embody guidelines and criteria for Self-Assessment similar to the national quality awards.
The author firmly believes that Six Sigma is needed regardless of whether a company is compliant with the ISO 9000 series. The two initiatives are not mutually exclusive and the objectives in applying them are different. A Six Sigma program is applied in organizations based on its top-line and bottom-line rationales. The primary objective for applying the ISO 9000 series standards is to demonstrate the company’s capability to consistently provide conforming products and/or services. Therefore, the ISO 9000 series standard falls well short of making Six Sigma superfluous.
The ISO 9000 series standards have from their early days been regarded and practiced by industry as a minimum set of requirements for doing business. The new ISO 9000:2000 stan
dards do not represent a significant change to this perspective. Six Sigma on the other hand, aims at world-class performance, based on a pragmatic framework for continuous improvement.
The author believes that Six Sigma is superior in such important areas as rate of improvement, bottom-line and top-line results, customer satisfaction, and top-level management commitment. However, considering the stronghold of ISO 9000 in industry, Six Sigma and ISO 9000 are likely to be applied by the same organization, but for very different purposes.
As of the year 2001, more than 300,000 organizations world-wide have been certified to the ISO 9000 series standards. It embodies a consistent pair of standards, ISO 9001:2000 and ISO 9004:2000, both of which have been significantly updated and modernized. The ISO 9001:2000 standard specifies requirements for a quality management system for which third-party certification is possible, whereas ISO 9004:2000 provides guide- lines for a comprehensive quality management system and performance improvement through Self-Assessment.
The origin and historical development of ISO 9000 and Six Sigma are very different. The genesis of ISO 9000 can be traced back to the standards that the British aviation industry and the U.S. Air Force developed in the 1920s to reduce the need for inspection by approving the conformance of suppliers’ product quality. These standards developed into requirements for suppliers’ quality assurance systems in a number of western countries in the 1970s. In 1987 they were amalgamated into the ISO 9000 series standards.
Independent of ISO 9000, the same year also saw the launch of Six Sigma at Motorola and the launch of Self-Assessment by means of the Malcolm Baldrige National Quality Award in USA. Both Six Sigma and Self-Assessment can be traced back to Walter A. Shewhart and his work on variation and continuous improvement in the 1920s. It was Japanese industry that pioneered a broad application of these ideas from the 1950s through to the 1970s. When variation and continuous improvement caught the attention of some of the American business leaders in the late 1980s, it took the form of the Malcolm Baldrige National Quality Award, on a national level, and of Six Sigma at Motorola.
Some people are wondering if the ISO 9000:2000 series standards make Six Sigma superfluous. They typically refer to clause 8 of ISO 9001: “Measurement, analysis, improvement.”
It requires that companies install procedures in operations for the measurement of processes and data analysis using statistical techniques with the demonstration of continuous improvement . They also partly refer to the ISO 9004:2000 standards that embody guidelines and criteria for Self-Assessment similar to the national quality awards.
The author firmly believes that Six Sigma is needed regardless of whether a company is compliant with the ISO 9000 series. The two initiatives are not mutually exclusive and the objectives in applying them are different. A Six Sigma program is applied in organizations based on its top-line and bottom-line rationales. The primary objective for applying the ISO 9000 series standards is to demonstrate the company’s capability to consistently provide conforming products and/or services. Therefore, the ISO 9000 series standard falls well short of making Six Sigma superfluous.
The ISO 9000 series standards have from their early days been regarded and practiced by industry as a minimum set of requirements for doing business. The new ISO 9000:2000 stan
dards do not represent a significant change to this perspective. Six Sigma on the other hand, aims at world-class performance, based on a pragmatic framework for continuous improvement.
The author believes that Six Sigma is superior in such important areas as rate of improvement, bottom-line and top-line results, customer satisfaction, and top-level management commitment. However, considering the stronghold of ISO 9000 in industry, Six Sigma and ISO 9000 are likely to be applied by the same organization, but for very different purposes.
Tuesday, August 25, 2009
Background and Future of ISO 9001:2008
ISO 9001 serves as the basis for benchmarking an organization’s quality management system. Quality management should not be confused with terms such as quality assurance” or quality control. Quality management measures the overall management function in determining the organization’s quality policy, its objectives, and its responsibilities, as well as the quality policy implementation through means such as quality assurance and quality control. Quality assurance measures all planned and systematic activities implemented within the organizations quality system. Quality control is the operational techniques and activities used to fulfil quality requirements (e.g., meeting a customer’s specifications or requirements for a given product or service).
Revision of the ISO 9000 standards has been under discussion for a number of years. Soon after the 1994 revisions, ISO Technical Committee 176 began the task of overcoming the standard’s manufacturing bias while, at the same time, overcoming other persistent criticisms that the standard did not adequately cover all aspects of the QMS.
The development of ISO 9001:2008 has been a particularly interesting process to behold. It is an object lesson in consensus building. ISO Technical Committee 176, with the participation of various national standards bodies, has actually managed to overcome criticisms from apparently opposite directions and written a document that appears to be acceptable to the great majority of ISO’s member bodies.
The manufacturing industry criticized the older versions of ISO 9001 for its failure to include a large range of quality management requirements in the standard. Some manufacturing industries considered ISO 9001 to be so inadequate that they developed their own expanded, industry-specific versions of the ISO 9001 standard. ISO was also criticized by non-manufacturing industries for catering to the manufacturing industries. Everything about the older versions of ISO 9001 seemed overwhelmingly rooted in a manufacturing environment.
The ISO technical committee found itself in a dilemma and then found a way out. ISO 9001:2008 appears to have actually reached a satisfactory compromise in which the language is generic enough to be applicable to industries other than manufacturing yet specific enough to satisfy the particular concerns of the manufacturing industry.
As far as actual implementation of the new standard was concerned, ISO Technical Committee 176 recommended that implementation of ISO 9001:2008 could begin as early as the fourth quarter of 1999 — one full year in advance of the standard’s scheduled publication. The ISO technical committee made this recommendation because ISO works through a lengthy consultative process to achieve a consensus. Once a consensus was obtained (in early 1999), further changes became improbable.
Revision of the ISO 9000 standards has been under discussion for a number of years. Soon after the 1994 revisions, ISO Technical Committee 176 began the task of overcoming the standard’s manufacturing bias while, at the same time, overcoming other persistent criticisms that the standard did not adequately cover all aspects of the QMS.
The development of ISO 9001:2008 has been a particularly interesting process to behold. It is an object lesson in consensus building. ISO Technical Committee 176, with the participation of various national standards bodies, has actually managed to overcome criticisms from apparently opposite directions and written a document that appears to be acceptable to the great majority of ISO’s member bodies.
The manufacturing industry criticized the older versions of ISO 9001 for its failure to include a large range of quality management requirements in the standard. Some manufacturing industries considered ISO 9001 to be so inadequate that they developed their own expanded, industry-specific versions of the ISO 9001 standard. ISO was also criticized by non-manufacturing industries for catering to the manufacturing industries. Everything about the older versions of ISO 9001 seemed overwhelmingly rooted in a manufacturing environment.
The ISO technical committee found itself in a dilemma and then found a way out. ISO 9001:2008 appears to have actually reached a satisfactory compromise in which the language is generic enough to be applicable to industries other than manufacturing yet specific enough to satisfy the particular concerns of the manufacturing industry.
As far as actual implementation of the new standard was concerned, ISO Technical Committee 176 recommended that implementation of ISO 9001:2008 could begin as early as the fourth quarter of 1999 — one full year in advance of the standard’s scheduled publication. The ISO technical committee made this recommendation because ISO works through a lengthy consultative process to achieve a consensus. Once a consensus was obtained (in early 1999), further changes became improbable.
Friday, August 21, 2009
Origins of the ISO 9001’s Work
The ISO is a federation of non-governmental organizations established in 1947 to develop international standards, improve international communication and collaboration, and facilitate the exchange of goods and services. The federation is currently comprised of close to 100 national standards bodies (member bodies) from countries representing approximately 95 percent of the world’s industrial production.
The headquarters of the ISO 9001 secretariat is in Geneva, Switzerland.2 The ISO 9000’s involvement in establishing environmental standardsbegan in 1991 after organizers for the UN Conference on Environment and Development (held in Rio de Janeiro in 1992) asked whether or not ISO would be attending the conference and whether it was involved in any environmental activities. As a result, the ISO established a Strategic Advisory Group on the Environment (SAGE) in 1991 to assess the need for international environmental management standards.3 SAGE recommended that ISO proceed with an environmental standard by 1992 and that a technical committee be established to carry it through. On June 1, 1993, ISO’s Technical Committee 207 (TC 207) held its first plenary meeting.
TC 207 was directed to establish environmental standards in five areas of environmental management:- environmental management systems; environmental auditing and related- environmental investigation; environmental labeling; environmental performance evaluation; and life-cycle assessment.
Consequently, TC 207 was divided into five subcommittees (SCs) for each category of standard and one SC to cover the terms and definitions of the standards. In addition, a working group, which reports directly to TC 207, was formed to deal with the environmental aspects in product standards. The five SCs have two or more working groups (WGs) that report to them (unlike the WG on product standards previously mentioned which reports directly to TC 207).
The key factor that has propelled the ISO 14000 series of standards forward throughout the early 1990s is the increase in national environmental standards. Examples of these standards include some two dozen eco-labeling schemes worldwide (see Annex 1), the British Standards Institute’s BS 7750 (Specification for Environmental Management Systems), the Canadian Standards Association’s Z750 (A Guide for a Voluntary Environmental Management System), and the EU EMAS (Eco-Management and Audit Scheme). Other similar environmental management standards have been developed by the French Standards Association, the South African Bureau of Standards and the Spanish Standards Association.
With the proliferation of environmental standards, concerns have been expressed that these standards would fragment international markets and unduly favor the companies of the countries or of the regions where these standards were developed, unless they were developed by authoritative and broadly based international bodies. The ISO was to serve this role.
The headquarters of the ISO 9001 secretariat is in Geneva, Switzerland.2 The ISO 9000’s involvement in establishing environmental standardsbegan in 1991 after organizers for the UN Conference on Environment and Development (held in Rio de Janeiro in 1992) asked whether or not ISO would be attending the conference and whether it was involved in any environmental activities. As a result, the ISO established a Strategic Advisory Group on the Environment (SAGE) in 1991 to assess the need for international environmental management standards.3 SAGE recommended that ISO proceed with an environmental standard by 1992 and that a technical committee be established to carry it through. On June 1, 1993, ISO’s Technical Committee 207 (TC 207) held its first plenary meeting.
TC 207 was directed to establish environmental standards in five areas of environmental management:- environmental management systems; environmental auditing and related- environmental investigation; environmental labeling; environmental performance evaluation; and life-cycle assessment.
Consequently, TC 207 was divided into five subcommittees (SCs) for each category of standard and one SC to cover the terms and definitions of the standards. In addition, a working group, which reports directly to TC 207, was formed to deal with the environmental aspects in product standards. The five SCs have two or more working groups (WGs) that report to them (unlike the WG on product standards previously mentioned which reports directly to TC 207).
The key factor that has propelled the ISO 14000 series of standards forward throughout the early 1990s is the increase in national environmental standards. Examples of these standards include some two dozen eco-labeling schemes worldwide (see Annex 1), the British Standards Institute’s BS 7750 (Specification for Environmental Management Systems), the Canadian Standards Association’s Z750 (A Guide for a Voluntary Environmental Management System), and the EU EMAS (Eco-Management and Audit Scheme). Other similar environmental management standards have been developed by the French Standards Association, the South African Bureau of Standards and the Spanish Standards Association.
With the proliferation of environmental standards, concerns have been expressed that these standards would fragment international markets and unduly favor the companies of the countries or of the regions where these standards were developed, unless they were developed by authoritative and broadly based international bodies. The ISO was to serve this role.
Thursday, August 13, 2009
Key Elements of ISO 14001
The Resources, Roles, Responsibility, and Authority; Legal and Other Requirements; Evaluation of Compliance; and Nonconformity, Corrective Action and Preventive Action elements of ISO 14001 are all essential to the ongoing effectiveness of the EMS. This section describes how they function within the overall scheme.
1. Resources, Roles, Responsibility, and Authority (ISO 14001:2004, ?4.4.1)
?4.4.1 of ISO 14001 establishes three important requirements:
1. That management ensure the availability of resources to establish, implement, maintain, and improve the EMS;
2. That roles, responsibilities, and authorities be defined, documented, and communicated in order to facilitate effective environmental management; and
3. That top management appoint a management representative(s) who, irrespective of other responsibilities, will have responsibility and authority for implementing and maintaining the EMS and for reporting to top management on the performance of the EMS.
Ensuring Availability of Resources – Provision of resources for the EMS is almost always an issue within organizations. Although top management usually understands and accepts, at least in principle, the requirement to provide resources, the level of management that makes decisions on capital deployment and operating budgets often does not subscribe to the same requirement. Making the case for resources typically requires the implementation team or management representative to quantify intangibles such as the avoided cost of regulatory fines or the value to the environment of reducing environmental impacts.
When considering the requirement to provide resources, especially financial resources, it may be important to recognize that ISO 14001 requires the provision of resources for the establishment, implementation, maintenance, and improvement of the EMS, not necessarily resources to correct or prevent environmental impacts or to register to ISO 14001. When contemplating the cost of implementing ISO 14001, organizations, again, should think in terms of three separate cost categories:
1) Internal labor and external consultant costs to establish, implement, maintain, and improve the policy and procedural elements of ISO 14001;
2) Capital costs for correction or prevention of environmental impacts; and
3) Costs of registration to ISO 14001, if the organization elects to register.
Roles, Responsibilities, and Authorities – In the past, some organizations have employed a practice of not delegating responsibility and authority for environmental affairs to specific management representatives, reasoning that if the responsibility was diffused throughout the organization, no one person could become personally accountable for non-compliance with regulations or for environmental liabilities. §4.4.1 of ISO 14001 limits such ‘willful ignorance’ by requiring top management of the organization to appoint “specific management representative(s)” to ensure that the EMS is implemented and that top management be apprised of EMS performance. It also requires that the delegation of responsibility and authority be documented and communicated, thus eliminating circumstances where responsibility and authority for the EMS are diffuse or uncertain.
When §4.4.1 is read together with the requirement of the Environmental Policy for a commitment to comply with applicable legal requirements, §4.3.2, Legal and Other
Requirements, requiring a procedure for identifying legal requirements (following), and §4.5.2, Evaluation of Compliance, requiring a procedure for evaluating regulatory compliance, it is evident that the management representative is also responsible for ensuring that the organization is in compliance with applicable regulations. While this responsibility and authority can be delegated, the chain of delegation begins with top management and is passed to the management representative, effectively eliminating any uncertainty as to who is responsible and authorized to ensure regulatory compliance.
EMS Organizational Structure – There is an almost universal norm for the management structure of the EMS organization under ISO 14001. It begins with the top management position, proceeds to the top manager’s leadership team, and then to an EMS implementation team that is generally chaired by the management representative. The departments making up the relevant functions and levels of the organization and environmental, safety, and health professionals comprise the typical implementation team.
Defining Roles, Responsibilities, and Authorities for the EMS – In defining, documenting, and communicating EMS roles, responsibilities, and authorities, it makes sense to begin with top management and proceed through all of the positions having EMS responsibilities. Following is a generic example of how roles, responsibilities, and authorities might be documented and communicated in an EMS Procedures Manual:
Plant Manager
Authority: The Plant Manager has the authority, responsibility, and accountability for managing all aspects of ABC Company’s activities, products, and services at the Anytown facility.Source: Senior Vice President, Manufacturing, ABC Company, Inc.
EMS Responsibilities: Under the requirements of ISO 14001, the Plant Manager shall be specifically responsible for:
1) Defining the Environmental Policy;
2) Delegating authority and responsibility for the establishment, implementation, maintenance, and improvement of the EMS;
3) Providing human, technological, infrastructure, and financial resources and specialized skills; and
4) Periodically reviewing the EMS for suitability, adequacy, and effectiveness and directing changes as necessary to achieve the goals for an EMS and the commitment to continual improvement.
Leadership Team
EMS Responsibilities: The Leadership Team shall advise the Plant Manager on the exercise by
the Plant Manager of his/her responsibilities for the EMS.
Management Representative, Implementation and Maintenance Responsibilities
EMS Authority: The Plant Manager delegates to the Manager, ______ _______, the authority
to establish, implement, maintain, and improve the Environmental Management System and to
ensure that it conforms to the requirements of ISO 14001. In the context of ISO 14001, the
Manager, _____ _________, shall be the Management Representative.
1. Resources, Roles, Responsibility, and Authority (ISO 14001:2004, ?4.4.1)
?4.4.1 of ISO 14001 establishes three important requirements:
1. That management ensure the availability of resources to establish, implement, maintain, and improve the EMS;
2. That roles, responsibilities, and authorities be defined, documented, and communicated in order to facilitate effective environmental management; and
3. That top management appoint a management representative(s) who, irrespective of other responsibilities, will have responsibility and authority for implementing and maintaining the EMS and for reporting to top management on the performance of the EMS.
Ensuring Availability of Resources – Provision of resources for the EMS is almost always an issue within organizations. Although top management usually understands and accepts, at least in principle, the requirement to provide resources, the level of management that makes decisions on capital deployment and operating budgets often does not subscribe to the same requirement. Making the case for resources typically requires the implementation team or management representative to quantify intangibles such as the avoided cost of regulatory fines or the value to the environment of reducing environmental impacts.
When considering the requirement to provide resources, especially financial resources, it may be important to recognize that ISO 14001 requires the provision of resources for the establishment, implementation, maintenance, and improvement of the EMS, not necessarily resources to correct or prevent environmental impacts or to register to ISO 14001. When contemplating the cost of implementing ISO 14001, organizations, again, should think in terms of three separate cost categories:
1) Internal labor and external consultant costs to establish, implement, maintain, and improve the policy and procedural elements of ISO 14001;
2) Capital costs for correction or prevention of environmental impacts; and
3) Costs of registration to ISO 14001, if the organization elects to register.
Roles, Responsibilities, and Authorities – In the past, some organizations have employed a practice of not delegating responsibility and authority for environmental affairs to specific management representatives, reasoning that if the responsibility was diffused throughout the organization, no one person could become personally accountable for non-compliance with regulations or for environmental liabilities. §4.4.1 of ISO 14001 limits such ‘willful ignorance’ by requiring top management of the organization to appoint “specific management representative(s)” to ensure that the EMS is implemented and that top management be apprised of EMS performance. It also requires that the delegation of responsibility and authority be documented and communicated, thus eliminating circumstances where responsibility and authority for the EMS are diffuse or uncertain.
When §4.4.1 is read together with the requirement of the Environmental Policy for a commitment to comply with applicable legal requirements, §4.3.2, Legal and Other
Requirements, requiring a procedure for identifying legal requirements (following), and §4.5.2, Evaluation of Compliance, requiring a procedure for evaluating regulatory compliance, it is evident that the management representative is also responsible for ensuring that the organization is in compliance with applicable regulations. While this responsibility and authority can be delegated, the chain of delegation begins with top management and is passed to the management representative, effectively eliminating any uncertainty as to who is responsible and authorized to ensure regulatory compliance.
EMS Organizational Structure – There is an almost universal norm for the management structure of the EMS organization under ISO 14001. It begins with the top management position, proceeds to the top manager’s leadership team, and then to an EMS implementation team that is generally chaired by the management representative. The departments making up the relevant functions and levels of the organization and environmental, safety, and health professionals comprise the typical implementation team.
Defining Roles, Responsibilities, and Authorities for the EMS – In defining, documenting, and communicating EMS roles, responsibilities, and authorities, it makes sense to begin with top management and proceed through all of the positions having EMS responsibilities. Following is a generic example of how roles, responsibilities, and authorities might be documented and communicated in an EMS Procedures Manual:
Plant Manager
Authority: The Plant Manager has the authority, responsibility, and accountability for managing all aspects of ABC Company’s activities, products, and services at the Anytown facility.Source: Senior Vice President, Manufacturing, ABC Company, Inc.
EMS Responsibilities: Under the requirements of ISO 14001, the Plant Manager shall be specifically responsible for:
1) Defining the Environmental Policy;
2) Delegating authority and responsibility for the establishment, implementation, maintenance, and improvement of the EMS;
3) Providing human, technological, infrastructure, and financial resources and specialized skills; and
4) Periodically reviewing the EMS for suitability, adequacy, and effectiveness and directing changes as necessary to achieve the goals for an EMS and the commitment to continual improvement.
Leadership Team
EMS Responsibilities: The Leadership Team shall advise the Plant Manager on the exercise by
the Plant Manager of his/her responsibilities for the EMS.
Management Representative, Implementation and Maintenance Responsibilities
EMS Authority: The Plant Manager delegates to the Manager, ______ _______, the authority
to establish, implement, maintain, and improve the Environmental Management System and to
ensure that it conforms to the requirements of ISO 14001. In the context of ISO 14001, the
Manager, _____ _________, shall be the Management Representative.
Environmental Management Program
ISO 14001:2004 Section 4.3.4, Environmental Management Program(s), requires that organizations establish and maintain one or more environmental management programs for achieving their objectives. The environmental management program is a key element to the success of an EMS. Properly designed and implemented, environmental management programs should achieve the objectives and, consequently, improve your organization’s environmental performance.
According to ISO 14001 Section 4.3.4 the environmental management program must:
1. address each environmental objective and target
2. designate the personnel responsible for achieving targets at each relevant function and level of the
organization
3. provide an “action plan” describing how each environmental target will be achieved
4. establish a time-frame or a schedule for achieving each target.
An environmental management program is an action plan or a series of action plans to achieve an environmental objective.
According to ISO 14001 Section 4.3.4 the environmental management program must:
1. address each environmental objective and target
2. designate the personnel responsible for achieving targets at each relevant function and level of the
organization
3. provide an “action plan” describing how each environmental target will be achieved
4. establish a time-frame or a schedule for achieving each target.
An environmental management program is an action plan or a series of action plans to achieve an environmental objective.
Tuesday, August 11, 2009
Establishing a ISO 9001 records procedure
Establishing a ISO 9001 records procedure
The ISO 9001 standard requires records to remain legible, readily
identifiable and retrievable and that a procedure defines
the controls needed for the identification, storage,
protec- tion, retrieval, retention time and disposition of records.
Records have a life cycle. They are generated during
which time they acquire an identity and are then
assigned for storage for a prescribed period. During
use and storage they need to be protected from
inadvertent or malicious destruction and as they
may be required to support current activities or
investigations, they need to be brought out of storage
quickly. When their usefulness has lapsed, a decision is made as to whether to
retain them further or to destroy them.
Readily retrievable means that records can be obtained on demand within a
reasonable period (hours not days or weeks) Readily identifiable means that
the identity can be discerned at a glance.
Although the requirement implies a single procedure, several may be
necessary because there are several unconnected tasks to perform. A procedure
cannot in fact ensure a result. It may prescribe a course of action which if
followed may lead to the correct result, but it is the process that ensures the
result not the procedure.
The revised requirement omits several aspects covered in clause 4.16 of the
1994 version.
Collection of records is now addressed by Analysis of data (clause 8.4)
Indexing of records is a specific form of identification and is therefore
already addressed
Access is now addressed by the requirement for record retrieval
Filing is a specific form of storage and is therefore already addressed
You may only need one procedure which covers all the requirements but this
is not always practical. The provisions you make for specific records should be
included in the documentation for controlling the activity being recorded. For
example, provisions for inspection records should be included in the inspection
procedures; provisions for design review records should be included in the
design review procedure. Within such procedures you should provide the
forms (or content requirement for the records), the identification, collection/
submission provisions, the indexing and filing provisions. It may be more
practical to cover the storage, disposal and retention provisions in separate
procedures because they may not be type-dependent. Where each department
retains their own records, these provisions may vary and therefore warrant
separate procedures.
Unlike prescriptive documents, records may contain handwritten elements and
therefore it is important that the handwriting is legible. If this becomes a
problem, you either improve discipline or consider electronic data capture.
Records also become soiled in a workshop environment so may need to be
protected to remain legible. With electronically captured data, legibility is often
not a problem. However, photographs and other scanned images may not
transfer as well as the original and lose detail so care has to be taken in
selecting appropriate equipment for this task.
Whatever the records, they should carry some
identification in order that you can determine what
they are, what kind of information they record and
what they relate to. A simple way of doing this is to
give each record a reference number and a name or
title in a prominent location on the record.
1994 –2000 Differences
Previously the ISO 9001 standard covered retrieval in four ways. It required:
(a) that quality records be
made available for evaluation by the customer or his representative for an
agreed period, where agreed contractually
Records can take various forms – reports containing narrative,
computer data, and forms containing data in boxes, graphs, tables, lists and many others.
Where forms are used to collect data, they should carry a form number and name as their identification. When completed they should carry a serial number to give each a separate identity. Records should also be traceable to the product or service
they represent and this can be achieved either within the reference number or separately, provided that the chance of mistaken identity is eliminated. The standard does not require records to be identifiable to the product involved but unless you do make such
provision you will not be able to access the pertinent records or demonstrate conformance to specified requirements.
The ISO 9001 standard requires records to remain legible, readily
identifiable and retrievable and that a procedure defines
the controls needed for the identification, storage,
protec- tion, retrieval, retention time and disposition of records.
Records have a life cycle. They are generated during
which time they acquire an identity and are then
assigned for storage for a prescribed period. During
use and storage they need to be protected from
inadvertent or malicious destruction and as they
may be required to support current activities or
investigations, they need to be brought out of storage
quickly. When their usefulness has lapsed, a decision is made as to whether to
retain them further or to destroy them.
Readily retrievable means that records can be obtained on demand within a
reasonable period (hours not days or weeks) Readily identifiable means that
the identity can be discerned at a glance.
Although the requirement implies a single procedure, several may be
necessary because there are several unconnected tasks to perform. A procedure
cannot in fact ensure a result. It may prescribe a course of action which if
followed may lead to the correct result, but it is the process that ensures the
result not the procedure.
The revised requirement omits several aspects covered in clause 4.16 of the
1994 version.
Collection of records is now addressed by Analysis of data (clause 8.4)
Indexing of records is a specific form of identification and is therefore
already addressed
Access is now addressed by the requirement for record retrieval
Filing is a specific form of storage and is therefore already addressed
You may only need one procedure which covers all the requirements but this
is not always practical. The provisions you make for specific records should be
included in the documentation for controlling the activity being recorded. For
example, provisions for inspection records should be included in the inspection
procedures; provisions for design review records should be included in the
design review procedure. Within such procedures you should provide the
forms (or content requirement for the records), the identification, collection/
submission provisions, the indexing and filing provisions. It may be more
practical to cover the storage, disposal and retention provisions in separate
procedures because they may not be type-dependent. Where each department
retains their own records, these provisions may vary and therefore warrant
separate procedures.
Unlike prescriptive documents, records may contain handwritten elements and
therefore it is important that the handwriting is legible. If this becomes a
problem, you either improve discipline or consider electronic data capture.
Records also become soiled in a workshop environment so may need to be
protected to remain legible. With electronically captured data, legibility is often
not a problem. However, photographs and other scanned images may not
transfer as well as the original and lose detail so care has to be taken in
selecting appropriate equipment for this task.
Whatever the records, they should carry some
identification in order that you can determine what
they are, what kind of information they record and
what they relate to. A simple way of doing this is to
give each record a reference number and a name or
title in a prominent location on the record.
1994 –2000 Differences
Previously the ISO 9001 standard covered retrieval in four ways. It required:
(a) that quality records be
made available for evaluation by the customer or his representative for an
agreed period, where agreed contractually
Records can take various forms – reports containing narrative,
computer data, and forms containing data in boxes, graphs, tables, lists and many others.
Where forms are used to collect data, they should carry a form number and name as their identification. When completed they should carry a serial number to give each a separate identity. Records should also be traceable to the product or service
they represent and this can be achieved either within the reference number or separately, provided that the chance of mistaken identity is eliminated. The standard does not require records to be identifiable to the product involved but unless you do make such
provision you will not be able to access the pertinent records or demonstrate conformance to specified requirements.
Retention of ISO 9001 records
ISO 9001 Record Retention
It is important that ISO 9000 records are not destroyed before their useful life is over.
There are several factors to consider when determining the retention time for
records.
The duration of the contract – some records are only of value whilst the
contract is in force.
The life of the product – access to the records will probably not be needed for
some considerable time, possibly long after the contract has closed. On
defence contracts the contractor has to keep records for up to 20 years and
for product liability purposes, in the worst-case situation (taking account of
appeals) you could be asked to produce records up to 17 years after you
made the produc
The period between management system assessments – assessors may wish to see
evidence that corrective actions from the last assessment were taken. If the
period of assessment is three years and you dispose of the evidence after 2
years, you will have some difficulty in convincing the assessor that you
corrected the deficiency.
While the ISO 9001 requirement applies only to records, you may also need to
retain tools, jigs, fixtures, test software – in fact anything that is needed to repair
or reproduce equipment in order to honour your long-term commitments.
Should the customer specify a retention period greater than what you
prescribe in your procedures, special provisions will need to be made and this
is a potential area of risk. Customers may choose not to specify a particular
time and require you to seek approval before destruction. Any contract that
requires you to do something different creates a problem in conveying the
requirements to those who are to implement them. The simple solution is to
persuade your customer to accept your policy. You may not want to change
your procedures for one contract. If you can’t change the contract, the only
alternative is to issue special instructions. You may be better off storing the
records in a special contract store away from the normal store or alternatively
attach special labels to the files to alert the people looking after the archives.
It is important that ISO 9000 records are not destroyed before their useful life is over.
There are several factors to consider when determining the retention time for
records.
The duration of the contract – some records are only of value whilst the
contract is in force.
The life of the product – access to the records will probably not be needed for
some considerable time, possibly long after the contract has closed. On
defence contracts the contractor has to keep records for up to 20 years and
for product liability purposes, in the worst-case situation (taking account of
appeals) you could be asked to produce records up to 17 years after you
made the produc
The period between management system assessments – assessors may wish to see
evidence that corrective actions from the last assessment were taken. If the
period of assessment is three years and you dispose of the evidence after 2
years, you will have some difficulty in convincing the assessor that you
corrected the deficiency.
While the ISO 9001 requirement applies only to records, you may also need to
retain tools, jigs, fixtures, test software – in fact anything that is needed to repair
or reproduce equipment in order to honour your long-term commitments.
Should the customer specify a retention period greater than what you
prescribe in your procedures, special provisions will need to be made and this
is a potential area of risk. Customers may choose not to specify a particular
time and require you to seek approval before destruction. Any contract that
requires you to do something different creates a problem in conveying the
requirements to those who are to implement them. The simple solution is to
persuade your customer to accept your policy. You may not want to change
your procedures for one contract. If you can’t change the contract, the only
alternative is to issue special instructions. You may be better off storing the
records in a special contract store away from the normal store or alternatively
attach special labels to the files to alert the people looking after the archives.
Disposition of ISO 9001 records
ISO 9001 Records Disposition
Disposition in this context means the disposal of records once their useful life
has ended. The requirement should not be confused with that on the retention
of records. Retention times are one thing and disposal procedures quite
another.
The ISO 9001 standard does not specifically require records to be authenticated, certified
or validated other than product verification records in clause 8.2.4. A set of
results without being endorsed with the signature of the person who captured
them or other authentication lacks credibility. Facts that have been obtained by
whatever means should be certified for three reasons:
They provide a means of tracing the result to the originator in the event of
problems.
They indicate that the provider believes them to be correct.
They enable you to verify whether the originator was appropriately
qualified.
They give the results credibility.
If the records are generated by computer and retained in computerized form,
a means needs to be provided for the results to be authenticated. This can be
accomplished through appropriate process controls by installing provisions for
automated data recording or preventing unauthorized access.
Disposition in this context means the disposal of records once their useful life
has ended. The requirement should not be confused with that on the retention
of records. Retention times are one thing and disposal procedures quite
another.
The ISO 9001 standard does not specifically require records to be authenticated, certified
or validated other than product verification records in clause 8.2.4. A set of
results without being endorsed with the signature of the person who captured
them or other authentication lacks credibility. Facts that have been obtained by
whatever means should be certified for three reasons:
They provide a means of tracing the result to the originator in the event of
problems.
They indicate that the provider believes them to be correct.
They enable you to verify whether the originator was appropriately
qualified.
They give the results credibility.
If the records are generated by computer and retained in computerized form,
a means needs to be provided for the results to be authenticated. This can be
accomplished through appropriate process controls by installing provisions for
automated data recording or preventing unauthorized access.
Control of ISO 9000 records
The ISO 9001 standard requires records to be established and
maintained to provide evidence of conformity to require-
ments and the effective operation of the quality manage-
ment system.
A record is defined in ISO 9000 as a document stating
results achieved or providing evidence of activities
performed.
Although a record is a document, the document
control requirement of clause 4.2.3 do not apply to
records primarily because records are not issued,
neither do they exhibit revision status simply
because they are results that are factual when
recorded. If the facts change, a new record is usually
created rather than the previous record revised. Even
where a record is revised and new facts added, the
old facts remain identified as to their date. The only reason for revising facts
contained in a record without changing the identity of the record or the date
when they were collected is where the facts were incorrectly recorded. This
subtle difference demands different treatment for documents that are classed
as records to those that are classed as informative. As with other types of
documents, records result from processes and may be used as inputs to other
processes.
Records required by the management system means records used or
generated by the management system. There is therefore no requirement to
produce records solely to satisfy an auditor. The records required are those for
the effective operation of the organization’s processes (see clause 4.1d of ISO
9001). If a record has no useful purpose within the management system there
is no requirement that it be established or maintained.
This does not mean that a record is required to prove conformity with every
single requirement for every product and service. There are those records
required by the standard (see below) that are required for every product and
service where applicable and in all other cases, audit records showing
compliance on a sample of operations would be sufficient.
Compliance with many requirements can be demonstrated by observation,
analysis, interview or examination of documentation. If a result or an activity
is not required to be recorded in order to manage the organization effectively
and satisfy the interested parties, it is not necessary to maintain records of it.
maintained to provide evidence of conformity to require-
ments and the effective operation of the quality manage-
ment system.
A record is defined in ISO 9000 as a document stating
results achieved or providing evidence of activities
performed.
Although a record is a document, the document
control requirement of clause 4.2.3 do not apply to
records primarily because records are not issued,
neither do they exhibit revision status simply
because they are results that are factual when
recorded. If the facts change, a new record is usually
created rather than the previous record revised. Even
where a record is revised and new facts added, the
old facts remain identified as to their date. The only reason for revising facts
contained in a record without changing the identity of the record or the date
when they were collected is where the facts were incorrectly recorded. This
subtle difference demands different treatment for documents that are classed
as records to those that are classed as informative. As with other types of
documents, records result from processes and may be used as inputs to other
processes.
Records required by the management system means records used or
generated by the management system. There is therefore no requirement to
produce records solely to satisfy an auditor. The records required are those for
the effective operation of the organization’s processes (see clause 4.1d of ISO
9001). If a record has no useful purpose within the management system there
is no requirement that it be established or maintained.
This does not mean that a record is required to prove conformity with every
single requirement for every product and service. There are those records
required by the standard (see below) that are required for every product and
service where applicable and in all other cases, audit records showing
compliance on a sample of operations would be sufficient.
Compliance with many requirements can be demonstrated by observation,
analysis, interview or examination of documentation. If a result or an activity
is not required to be recorded in order to manage the organization effectively
and satisfy the interested parties, it is not necessary to maintain records of it.
Monday, August 10, 2009
ISO 9000 vs Quality
ISO 9000 was conceived to bring about an improvement in product quality. It
was believed that if organizations were able to demonstrate they were
operating a quality system that met international standards, customers would
gain greater confidence in the quality of products they purchased. It was also
believed that by operating in accordance with documented procedures, errors
would be reduced and consistency of output ensured. If you find the best way
of achieving a result, put in place measures to prevent variation, document it
and train others to apply it, it follows that the results produced should be
consistently good.
The requirements of the standard were perceived to be a list of things to do
to achieve quality. The ISO co-ordinator would often draw up a plan based on
the following logic:
1. We have to identify resource requirements so I will write a procedure on
identifying resource requirements
2. We have to produce quality plans so I will write a procedure on producing
quality plans
3. We have to record contract review so I will write a procedure on recording
contract reviews
4. We have to identify design changes so I will write a procedure on identifying
design changes
The requirements in the standard were often not expressed as results to be
achieved. Requirements for a documented procedure to be established resulted
in just that. Invariably the objectives of the procedure were to define something
rather than to achieve something. This led to documentation without any clear
purpose that related to the achievement of quality. Those producing the
documentation were focusing on meeting the standard not on achieving quality.
Those producing the product were focusing on meeting the customer
requirement but the two were often out of sync. As quality assurance became
synonymous with procedures, so people perceived that they could achieve
quality by following procedures. The dominance of procedures to the exclusion
of performance is a misunderstanding of the implementers. The standard
required a documented system that ensured product met specified requirements – a
clear purpose. Once again the implementers lost sight of the objective. Or was it
that they knew the objective but in order to meet it, the culture would have to
change and if they could get the badge without doing so, why should they?
Issuing a procedure was considered to equate to task completed. Unfortu-
nately, for those on the receiving end, the procedures were filed and forgotten.
When the auditor came around, the individual was found to be totally
unaware of the ‘procedure’ and consequently found noncompliant with it.
However, the auditor would discover that the individual was doing the right
things so the corrective action was inevitably to change the procedure. The
process of issuing procedures was not questioned, the individual concerned
was blamed for not knowing the procedure and the whole episode failed to
make any positive contribution to the achievement of quality. But it left the
impression on the individual that quality was all about following procedures.
It also left the impression that quality was about consistency and providing
you did what you said you would do regardless of it being in the interests of
satisfying customers, it was OK. One is left wondering whether anyone
consulted the dictionary in which quality is defined as a degree of excellence?
Another problem was that those who were to implement requirements were
often excluded from the process. Instead of enquiring as to the best way of
meeting a requirement, those in charge of ISO 9000 implementation assumed
that issuing procedures would in fact cause compliance with requirements. It
requires a study of the way work gets done to appreciate how best to meet a
requirement. Procedures were required to be documented and the range and
detail was intended to be appropriate to the complexity of the work, the
methods used and the skills and training needed. The standard also only
required work instructions where their absence would adversely affect quality.
It is as though the people concerned did not read the requirement properly or
had no curiosity to find out for themselves what ISO had to say about
procedures – they were all too ready to be told what to do without questioning
why they should be doing it.
More often than not, the topics covered by the standard were only a sample
of all the things that need to be done to achieve the organization’s objectives.
The way the standard classified the topics was also often not appropriate to the
way work was performed. As a consequence, procedures failed to be
implemented because they mirrored the standard and not the work. ISO 9000
may have required documented procedures but it did not insist that they be
produced in separate documents, with titles or an identification convention
that was traceable to the requirements.
Critics argue (Seddon, John, 2000)3 that ISO 9000 did not enable organiza-
tions to reduce variation as a result of following the procedures. It is true that
ISO 9000 did not explain the theory of variation – it could have done, but
perhaps it was felt that this was better handled by the wealth of literature
available at the time. However, ISO 9000 did require organizations to identify
where the use of statistical techniques was necessary for establishing,
controlling and verifying process capability but this was often misunderstood.
Clause 4.14 of ISO 9001 required corrective action procedures – procedures to
identify variation and eliminate the cause so this should have resulted in a
reduction in variation. The procedures did not always focus on results – they
tended to focus on transactions – sending information or product from A to B.
The concept of corrective action was often misunderstood. It was believed to be
about fixing the problem and preventive action was believed to be about
preventing recurrence. Had users read ISO 8402 they should have been
enlightened. Had they read Deming they would have been enlightened but in
many cases the language of ISO 9000 was a deterrent to learning. Had the
auditors understood variation, they too could have assisted in clarifying these
issues but they too seemed ignorant – willing to regard clause 4.20 as not
applicable in many cases.
Clause 4.6 of the undervalued and forgotten standard ISO 9000 –1 starts with
‘The International Standards in the ISO 9000 family are founded upon the
understanding that all work is accomplished by a process.’ In clause 4.7 it starts
with ‘Every organization exists to accomplish value-adding work. The work is
accomplished through a network of processes’ In clause 4.8 it starts with ‘It is
conventional to speak of quality systems as consisting of a number of elements.
The quality system is carried out by means of processes which exist both within
and across functions’ Alas, few people read ISO 9000–1 and as a result the
baggage that had amassed was difficult to shed especially because there were
few if any certification bodies suggesting that the guidance contained in ISO
9000 –1 should be applied. Unfortunately, this message from ISO 9000 –1 was not
conveyed through the requirements of ISO 9001. ISO 9001 was not intended as
a design tool. It was produced for contractual and assessment purposes but was
used as a design tool instead of ISO 9000 –1 and ISO 9004 –1.
was believed that if organizations were able to demonstrate they were
operating a quality system that met international standards, customers would
gain greater confidence in the quality of products they purchased. It was also
believed that by operating in accordance with documented procedures, errors
would be reduced and consistency of output ensured. If you find the best way
of achieving a result, put in place measures to prevent variation, document it
and train others to apply it, it follows that the results produced should be
consistently good.
The requirements of the standard were perceived to be a list of things to do
to achieve quality. The ISO co-ordinator would often draw up a plan based on
the following logic:
1. We have to identify resource requirements so I will write a procedure on
identifying resource requirements
2. We have to produce quality plans so I will write a procedure on producing
quality plans
3. We have to record contract review so I will write a procedure on recording
contract reviews
4. We have to identify design changes so I will write a procedure on identifying
design changes
The requirements in the standard were often not expressed as results to be
achieved. Requirements for a documented procedure to be established resulted
in just that. Invariably the objectives of the procedure were to define something
rather than to achieve something. This led to documentation without any clear
purpose that related to the achievement of quality. Those producing the
documentation were focusing on meeting the standard not on achieving quality.
Those producing the product were focusing on meeting the customer
requirement but the two were often out of sync. As quality assurance became
synonymous with procedures, so people perceived that they could achieve
quality by following procedures. The dominance of procedures to the exclusion
of performance is a misunderstanding of the implementers. The standard
required a documented system that ensured product met specified requirements – a
clear purpose. Once again the implementers lost sight of the objective. Or was it
that they knew the objective but in order to meet it, the culture would have to
change and if they could get the badge without doing so, why should they?
Issuing a procedure was considered to equate to task completed. Unfortu-
nately, for those on the receiving end, the procedures were filed and forgotten.
When the auditor came around, the individual was found to be totally
unaware of the ‘procedure’ and consequently found noncompliant with it.
However, the auditor would discover that the individual was doing the right
things so the corrective action was inevitably to change the procedure. The
process of issuing procedures was not questioned, the individual concerned
was blamed for not knowing the procedure and the whole episode failed to
make any positive contribution to the achievement of quality. But it left the
impression on the individual that quality was all about following procedures.
It also left the impression that quality was about consistency and providing
you did what you said you would do regardless of it being in the interests of
satisfying customers, it was OK. One is left wondering whether anyone
consulted the dictionary in which quality is defined as a degree of excellence?
Another problem was that those who were to implement requirements were
often excluded from the process. Instead of enquiring as to the best way of
meeting a requirement, those in charge of ISO 9000 implementation assumed
that issuing procedures would in fact cause compliance with requirements. It
requires a study of the way work gets done to appreciate how best to meet a
requirement. Procedures were required to be documented and the range and
detail was intended to be appropriate to the complexity of the work, the
methods used and the skills and training needed. The standard also only
required work instructions where their absence would adversely affect quality.
It is as though the people concerned did not read the requirement properly or
had no curiosity to find out for themselves what ISO had to say about
procedures – they were all too ready to be told what to do without questioning
why they should be doing it.
More often than not, the topics covered by the standard were only a sample
of all the things that need to be done to achieve the organization’s objectives.
The way the standard classified the topics was also often not appropriate to the
way work was performed. As a consequence, procedures failed to be
implemented because they mirrored the standard and not the work. ISO 9000
may have required documented procedures but it did not insist that they be
produced in separate documents, with titles or an identification convention
that was traceable to the requirements.
Critics argue (Seddon, John, 2000)3 that ISO 9000 did not enable organiza-
tions to reduce variation as a result of following the procedures. It is true that
ISO 9000 did not explain the theory of variation – it could have done, but
perhaps it was felt that this was better handled by the wealth of literature
available at the time. However, ISO 9000 did require organizations to identify
where the use of statistical techniques was necessary for establishing,
controlling and verifying process capability but this was often misunderstood.
Clause 4.14 of ISO 9001 required corrective action procedures – procedures to
identify variation and eliminate the cause so this should have resulted in a
reduction in variation. The procedures did not always focus on results – they
tended to focus on transactions – sending information or product from A to B.
The concept of corrective action was often misunderstood. It was believed to be
about fixing the problem and preventive action was believed to be about
preventing recurrence. Had users read ISO 8402 they should have been
enlightened. Had they read Deming they would have been enlightened but in
many cases the language of ISO 9000 was a deterrent to learning. Had the
auditors understood variation, they too could have assisted in clarifying these
issues but they too seemed ignorant – willing to regard clause 4.20 as not
applicable in many cases.
Clause 4.6 of the undervalued and forgotten standard ISO 9000 –1 starts with
‘The International Standards in the ISO 9000 family are founded upon the
understanding that all work is accomplished by a process.’ In clause 4.7 it starts
with ‘Every organization exists to accomplish value-adding work. The work is
accomplished through a network of processes’ In clause 4.8 it starts with ‘It is
conventional to speak of quality systems as consisting of a number of elements.
The quality system is carried out by means of processes which exist both within
and across functions’ Alas, few people read ISO 9000–1 and as a result the
baggage that had amassed was difficult to shed especially because there were
few if any certification bodies suggesting that the guidance contained in ISO
9000 –1 should be applied. Unfortunately, this message from ISO 9000 –1 was not
conveyed through the requirements of ISO 9001. ISO 9001 was not intended as
a design tool. It was produced for contractual and assessment purposes but was
used as a design tool instead of ISO 9000 –1 and ISO 9004 –1.
Quality Management
There are two schools of thought on quality management. One views quality
management as the management of success and the other the elimination of
failure. They are both valid. Each approaches the subject from a different
angle:
The ‘success’ school is characterized by five questions (Hoyle, David and
Thompson, John, 2001)3 :
1 What are you trying to do?
2 How do you make it happen?
3 How do you know it’s right?
4 How do you know it’s the best way of doing it?
5 How do you know it’s the right thing to do?
The ‘failure elimination’ school is characterized by five different questions
1 How do you know what is needed?
2 What could affect your ability to do it right?
3 What checks are made to verify achievement?
4 How do you ensure the integrity of these checks?
5 What action is taken to prevent a recurrence of failure?
In an ideal world, if we could design products, services and processes that
could not fail we would have achieved the ultimate goal. Success means not
only that products, services and processes fulfil their function but also that the
function is what customers’ desire. Failure means not only that products,
services and processes would fail to fulfil their function but also that their
function was not what customers desired. A gold-plated mousetrap that does
not fail is not a success if no one needs a gold-plated mousetrap!
The introductory clause of ISO 9001:1994 contained a statement that the aim
of the requirements is to achieve customer satisfaction by prevention of
nonconformities. (This was indicative of the failure school of thought.) The
introductory clause of ISO 9001:2000 contains a statement that the aim is to
enhance customer satisfaction through the effective application of the quality
management system and the assurance of conformity to customer and
applicable regulatory requirements. (This is indicative of the success school of
thought.)
In reality you cannot be successful unless you know of the risks you are
taking and plan to eliminate, reduce or control them. A unification of these
approaches is what is therefore needed for organizations to achieve, sustain
and improve quality. You therefore need to approach the achievement of
quality from two different angles and answer two questions. What do we need
to do to succeed and what do we need to do to prevent failure?
Quality does not appear by chance, or if it does it may not be repeated. One
has to design quality into the products and services. It has often been said that
one cannot inspect quality into a product. A product remains the same after
inspection as it did before, so no amount of inspection will change the quality
of the product. However, what inspection does is measure quality in a way that
allows us to make decisions on whether or not to release a piece of work. Work
that passes inspection should be quality work but inspection unfortunately is
not 100% reliable. Most inspection relies on human judgement and this can be
affected by many factors, some of which are outside our control (such as the
private life, health or mood of the inspector). We may also fail to predict the
effect that our decisions have on others. Sometimes we go to great lengths in
preparing organization changes and find to our surprise that we neglected
something or underestimated the effect of something. We therefore need other
means to deliver quality products – we have to adopt practices that enable us
to achieve our objectives while preventing failures from occurring.
management as the management of success and the other the elimination of
failure. They are both valid. Each approaches the subject from a different
angle:
The ‘success’ school is characterized by five questions (Hoyle, David and
Thompson, John, 2001)3 :
1 What are you trying to do?
2 How do you make it happen?
3 How do you know it’s right?
4 How do you know it’s the best way of doing it?
5 How do you know it’s the right thing to do?
The ‘failure elimination’ school is characterized by five different questions
1 How do you know what is needed?
2 What could affect your ability to do it right?
3 What checks are made to verify achievement?
4 How do you ensure the integrity of these checks?
5 What action is taken to prevent a recurrence of failure?
In an ideal world, if we could design products, services and processes that
could not fail we would have achieved the ultimate goal. Success means not
only that products, services and processes fulfil their function but also that the
function is what customers’ desire. Failure means not only that products,
services and processes would fail to fulfil their function but also that their
function was not what customers desired. A gold-plated mousetrap that does
not fail is not a success if no one needs a gold-plated mousetrap!
The introductory clause of ISO 9001:1994 contained a statement that the aim
of the requirements is to achieve customer satisfaction by prevention of
nonconformities. (This was indicative of the failure school of thought.) The
introductory clause of ISO 9001:2000 contains a statement that the aim is to
enhance customer satisfaction through the effective application of the quality
management system and the assurance of conformity to customer and
applicable regulatory requirements. (This is indicative of the success school of
thought.)
In reality you cannot be successful unless you know of the risks you are
taking and plan to eliminate, reduce or control them. A unification of these
approaches is what is therefore needed for organizations to achieve, sustain
and improve quality. You therefore need to approach the achievement of
quality from two different angles and answer two questions. What do we need
to do to succeed and what do we need to do to prevent failure?
Quality does not appear by chance, or if it does it may not be repeated. One
has to design quality into the products and services. It has often been said that
one cannot inspect quality into a product. A product remains the same after
inspection as it did before, so no amount of inspection will change the quality
of the product. However, what inspection does is measure quality in a way that
allows us to make decisions on whether or not to release a piece of work. Work
that passes inspection should be quality work but inspection unfortunately is
not 100% reliable. Most inspection relies on human judgement and this can be
affected by many factors, some of which are outside our control (such as the
private life, health or mood of the inspector). We may also fail to predict the
effect that our decisions have on others. Sometimes we go to great lengths in
preparing organization changes and find to our surprise that we neglected
something or underestimated the effect of something. We therefore need other
means to deliver quality products – we have to adopt practices that enable us
to achieve our objectives while preventing failures from occurring.
ISO 9001:2008 Documentation Requirements
ISO 9001:2008 clause 4.1 General requirements requires an organization to “establish, document, implement, and maintain a quality management system and continually improve its effectiveness in accordance with the requirements of this International Standard”
ISO 9001:2008 Clause 4.2.1 General explains that the quality management system documentation shall include:
documented statements of a quality policy and quality objectives;
a quality manual
documented procedures required by this International Standard
documents needed by the organization to ensure the effective planning, operation and control of its processes, and
records required by this International Standard;
The notes after Clause 4.2 make it clear that where the standard specifically requires a “documented procedure”, the procedure has to be established, documented, implemented and maintained. It also emphasizes that the extent of the QMS documentation may differ from one organization to another due to:
the size of organization and type of activities;
the complexity of processes and their interactions, and
the competence of personnel.
All the documents that form part of the QMS have to be controlled in accordance with clause 4.2.3 of ISO 9001:2008, or, for the particular case of records, according to clause 4.2.4.
Guidance on Clause 4.2 of ISO 9001:2008
The following comments are intended to assist users of ISO 9001:2008 in understanding the intent of the general documentation requirements of the International Standard.
a) Documented statements of a quality policy and objectives:
Requirements for the quality policy are defined in clause 5.3 of ISO 9001:2008. The documented quality policy has to be controlled according to the requirements of clause 4.2.3.Note: Organizations that are revising their quality policy for the first time, or in order to meet the amended requirements in ISO 9001:2008, should pay particular attention to clause 4.2.3 (c), (d) and (g).
Requirements for quality objectives are defined in clause 5.4.1 of ISO 9001:2008. These documented quality objectives are also subject to the document control requirements of clause 4.2.3.
b) Quality Manual:
Clause 4.2.2 of ISO 9001:2008 specifies the minimum content for a quality manual. The format and structure of the manual is a decision for each organization, and will depend on the organization’s size, culture and complexity. Some organizations may choose to use the quality manual for other purposes besides that of simply documenting the QMS
A small organization may find it appropriate to include the description of its entire QMS within a single manual, including all the documented procedures required by the standard.
Large, multi-national organizations may need several manuals at the global, national or regional level, and a more complex hierarchy of documentation.
The quality manual is a document that has to be controlled in accordance with the requirements of clause 4.2.3.
c) Documented procedures:
ISO 9001:2008 specifically requires the organization to have “documented procedures” for the following six activities:4.2.3 Control of documents4.2.4 Control of records8.2.2 Internal audit8.3 Control of nonconforming product8.5.2 Corrective action8.5.3 Preventive action
These documented procedures have to be controlled in accordance with the requirements of clause 4.2.3
Some organizations may find it convenient to combine the procedure for several activities into a single documented procedure (for example, corrective action and preventive action). Others may choose to document a given activity by using more than one documented procedure (for example, internal audits). Both are acceptable.
Some organizations (particularly larger organizations, or those with more complex processes) may require additional documented procedures (particularly those relating to product realization processes) to implement an effective QMS.
Other organizations may require additional procedures, but the size and/or culture of the organization could enable these to be effectively implemented without necessarily being documented. However, in order to demonstrate compliance with ISO 9001:2008, the organization has to be able to provide objective evidence (not necessarily documented) that its QMS has been effectively implemented.
d) Documents needed by the organization to ensure the effective planning, operation and control of its processes:
In order for an organization to demonstrate the effective implementation of its QMS, it may be necessary to develop documents other than documented procedures. However, the only documents specifically mentioned in ISO 9001:2008 are:- Quality policy (clause 4.2.1.a)- Quality objectives (clause 4.2.1.a)- Quality manual (clause 4.2.1.b)
There are several requirements of ISO 9001:2008 where an organization could add value to its QMS and demonstrate conformity by the preparation of other documents, even though the standard does not specifically require them. Examples may include:- Process maps, process flow charts and/or process descriptions- Organization charts- Specifications- Work and/or test instructions- Documents containing internal communications- Production schedules- Approved supplier lists- Test and inspection plans- Quality plans
All such documents have to be controlled in accordance with the requirements of clause 4.2.3 and/or 4.2.4, as applicable
e) Records:
Examples of records specifically required by ISO 9001:2008 are presented in Annex B.
Organizations are free to develop other records that may be needed to demonstrate conformity of their processes, products and quality management system.
Requirements for the control of records are different from those for other documents, and all records have to be controlled according to those of clause 4.2.4 of ISO 9001:2008.
ISO 9001:2008 Clause 4.2.1 General explains that the quality management system documentation shall include:
documented statements of a quality policy and quality objectives;
a quality manual
documented procedures required by this International Standard
documents needed by the organization to ensure the effective planning, operation and control of its processes, and
records required by this International Standard;
The notes after Clause 4.2 make it clear that where the standard specifically requires a “documented procedure”, the procedure has to be established, documented, implemented and maintained. It also emphasizes that the extent of the QMS documentation may differ from one organization to another due to:
the size of organization and type of activities;
the complexity of processes and their interactions, and
the competence of personnel.
All the documents that form part of the QMS have to be controlled in accordance with clause 4.2.3 of ISO 9001:2008, or, for the particular case of records, according to clause 4.2.4.
Guidance on Clause 4.2 of ISO 9001:2008
The following comments are intended to assist users of ISO 9001:2008 in understanding the intent of the general documentation requirements of the International Standard.
a) Documented statements of a quality policy and objectives:
Requirements for the quality policy are defined in clause 5.3 of ISO 9001:2008. The documented quality policy has to be controlled according to the requirements of clause 4.2.3.Note: Organizations that are revising their quality policy for the first time, or in order to meet the amended requirements in ISO 9001:2008, should pay particular attention to clause 4.2.3 (c), (d) and (g).
Requirements for quality objectives are defined in clause 5.4.1 of ISO 9001:2008. These documented quality objectives are also subject to the document control requirements of clause 4.2.3.
b) Quality Manual:
Clause 4.2.2 of ISO 9001:2008 specifies the minimum content for a quality manual. The format and structure of the manual is a decision for each organization, and will depend on the organization’s size, culture and complexity. Some organizations may choose to use the quality manual for other purposes besides that of simply documenting the QMS
A small organization may find it appropriate to include the description of its entire QMS within a single manual, including all the documented procedures required by the standard.
Large, multi-national organizations may need several manuals at the global, national or regional level, and a more complex hierarchy of documentation.
The quality manual is a document that has to be controlled in accordance with the requirements of clause 4.2.3.
c) Documented procedures:
ISO 9001:2008 specifically requires the organization to have “documented procedures” for the following six activities:4.2.3 Control of documents4.2.4 Control of records8.2.2 Internal audit8.3 Control of nonconforming product8.5.2 Corrective action8.5.3 Preventive action
These documented procedures have to be controlled in accordance with the requirements of clause 4.2.3
Some organizations may find it convenient to combine the procedure for several activities into a single documented procedure (for example, corrective action and preventive action). Others may choose to document a given activity by using more than one documented procedure (for example, internal audits). Both are acceptable.
Some organizations (particularly larger organizations, or those with more complex processes) may require additional documented procedures (particularly those relating to product realization processes) to implement an effective QMS.
Other organizations may require additional procedures, but the size and/or culture of the organization could enable these to be effectively implemented without necessarily being documented. However, in order to demonstrate compliance with ISO 9001:2008, the organization has to be able to provide objective evidence (not necessarily documented) that its QMS has been effectively implemented.
d) Documents needed by the organization to ensure the effective planning, operation and control of its processes:
In order for an organization to demonstrate the effective implementation of its QMS, it may be necessary to develop documents other than documented procedures. However, the only documents specifically mentioned in ISO 9001:2008 are:- Quality policy (clause 4.2.1.a)- Quality objectives (clause 4.2.1.a)- Quality manual (clause 4.2.1.b)
There are several requirements of ISO 9001:2008 where an organization could add value to its QMS and demonstrate conformity by the preparation of other documents, even though the standard does not specifically require them. Examples may include:- Process maps, process flow charts and/or process descriptions- Organization charts- Specifications- Work and/or test instructions- Documents containing internal communications- Production schedules- Approved supplier lists- Test and inspection plans- Quality plans
All such documents have to be controlled in accordance with the requirements of clause 4.2.3 and/or 4.2.4, as applicable
e) Records:
Examples of records specifically required by ISO 9001:2008 are presented in Annex B.
Organizations are free to develop other records that may be needed to demonstrate conformity of their processes, products and quality management system.
Requirements for the control of records are different from those for other documents, and all records have to be controlled according to those of clause 4.2.4 of ISO 9001:2008.
Assessing the Corporate Impact of ISO 14000 Certification
The 1990s have indeed been a period of change. This has seen a change from a perspective that
emphasized trade-offs (you can have only one of the following quality) to a paradigm that stresses
simultaneity (you can simultaneously achieve lower costs and higher quality and shorter lead times).
This has also become a period when more and more managers are expected to become increasingly
environmentally conscious. Being environmentally responsible is no longer viewed as something that is
primarily done for publicity sake or to avoid prosecution. Rather it is seen as a matter of good business.
An indication of the increasing importance of the environment is the recent emergence of the ISO
14000 environmental standard. There are several features that make this new standard noteworthy.
First, it builds on the success of ISO 9000, and its variants (e.g., QS 9000).
Second, ISO 14000 is an international standard. It is hoped that it will replace the numerous and often
conflicting standards found in various countries. Third, ISO 14000 shifts attention from the outcome
(reduced pollution) to processes. However, being a new standard, the introduction of ISO 14000 has
raised a number of questions, namely:
1. What is the status of environmental management systems in most American plants and how are they perceived by management?
2. How are the predispositions of management towards ISO 14000 influenced by factors such as pastexperience with ISO 9000, corporate orientation towards environmental responsibility, industrial factors, importance of international trade to corporate performance and the functional positions of the respondents?
3. To what extent do the respondents see a relationship between ISO 14000 registration and success and improved market, or corporate performance?
4. How effective is ISO 14000 relative to the other alternatives available for improving environmental performance?
These and other questions formed the focus of a recently completed two-stage study into the status of ISO 14000 certification in the United States. The first phase consisted of a large-scale survey (consisting of some 16 pages) that were sent out to managers in various functions across the United States. This phase generated a database of 1,510 respondents. In the second phase, the researchers examined detailed case studies of eight plants shorter lead times, lower costs or higher? experience with ISO 14000. These plants were drawn from five categories:
ISO 14000 not being consider/only do it if mandated;
Assessing suitability of ISO 14000;
Planning for ISO 14000/Pursuing ISO 14000 Certification;
Implementing ISO 14000/Pilot Plants in North America; and,
Successfully certified in ISO 14000.
Implications for the Purchasing Professional
To date, the purchasing professions have played a relatively minor role in the ISO 14000-certification process. For the most part, interest in certification has been confined to within the firm. However, this
certification process can and does present the purchasing professional with certain opportunities to improve both environmental and strategic performance not only within the firm but also within the supply
chain. The results point out the need for purchasing professionals to take a more active role within the ISO 14000-certification process. They must start looking for and exploiting previously overlooked opportunities.
ISO 14000-certification represents a growth in opportunities.
In short, this study shows that there is much more action than hype about the ISO 14000 environmental standards. The early results are in and the evidence, while not complete, indicates that ISO 14000-certification does work. It does achieve the twin objectives of reduced pollution and improved corporate performance.
emphasized trade-offs (you can have only one of the following quality) to a paradigm that stresses
simultaneity (you can simultaneously achieve lower costs and higher quality and shorter lead times).
This has also become a period when more and more managers are expected to become increasingly
environmentally conscious. Being environmentally responsible is no longer viewed as something that is
primarily done for publicity sake or to avoid prosecution. Rather it is seen as a matter of good business.
An indication of the increasing importance of the environment is the recent emergence of the ISO
14000 environmental standard. There are several features that make this new standard noteworthy.
First, it builds on the success of ISO 9000, and its variants (e.g., QS 9000).
Second, ISO 14000 is an international standard. It is hoped that it will replace the numerous and often
conflicting standards found in various countries. Third, ISO 14000 shifts attention from the outcome
(reduced pollution) to processes. However, being a new standard, the introduction of ISO 14000 has
raised a number of questions, namely:
1. What is the status of environmental management systems in most American plants and how are they perceived by management?
2. How are the predispositions of management towards ISO 14000 influenced by factors such as pastexperience with ISO 9000, corporate orientation towards environmental responsibility, industrial factors, importance of international trade to corporate performance and the functional positions of the respondents?
3. To what extent do the respondents see a relationship between ISO 14000 registration and success and improved market, or corporate performance?
4. How effective is ISO 14000 relative to the other alternatives available for improving environmental performance?
These and other questions formed the focus of a recently completed two-stage study into the status of ISO 14000 certification in the United States. The first phase consisted of a large-scale survey (consisting of some 16 pages) that were sent out to managers in various functions across the United States. This phase generated a database of 1,510 respondents. In the second phase, the researchers examined detailed case studies of eight plants shorter lead times, lower costs or higher? experience with ISO 14000. These plants were drawn from five categories:
ISO 14000 not being consider/only do it if mandated;
Assessing suitability of ISO 14000;
Planning for ISO 14000/Pursuing ISO 14000 Certification;
Implementing ISO 14000/Pilot Plants in North America; and,
Successfully certified in ISO 14000.
Implications for the Purchasing Professional
To date, the purchasing professions have played a relatively minor role in the ISO 14000-certification process. For the most part, interest in certification has been confined to within the firm. However, this
certification process can and does present the purchasing professional with certain opportunities to improve both environmental and strategic performance not only within the firm but also within the supply
chain. The results point out the need for purchasing professionals to take a more active role within the ISO 14000-certification process. They must start looking for and exploiting previously overlooked opportunities.
ISO 14000-certification represents a growth in opportunities.
In short, this study shows that there is much more action than hype about the ISO 14000 environmental standards. The early results are in and the evidence, while not complete, indicates that ISO 14000-certification does work. It does achieve the twin objectives of reduced pollution and improved corporate performance.
What is ISO14000 Environmental Management Systems
What is ISO 14000?ISO 14000 is a series of international standards on environmental management. It provides a framework for the development of an environmental management system and the supporting audit programme.
The main thrust for its development came as a result of the Rio Summit on the Environment held in 1992.
ISO 14000 is an Environmental Management System (EMS), which requires that an organization consider the environmental aspects of its products and services.
Iso14000 approach forces you to take a hard look at all areas of your business that has an environmental impact.
Iso14000 is the world’s first series of Internationally accepted Standards for Environmental Management Systems (EMS).
Iso14000 elevates Environmental Management to a Strategic Level that can be applied to any organization, from any industry, anywhere in the world.
ISO 14000 is a series of voluntary standards and guideline reference documents.
The part of the overall management system that includes organizational structure, planning activities, responsibilities, practices, procedures, processes and resources for developing, implementing, achieving, reviewing and maintaining the environmental policy.
ISO 14000 is an Environmental Management System (EMS) who’s purpose is:
· A management commitment to pollution prevention.
· An understanding of the environmental impacts (reducing) of an organization’s activities.
A commitment (pollution prevention) to employees, neighbors and customers
The History of ISO 14000As a number of national standards emerged (BS 7750 being the first), the International Organization for Standardisation (ISO) created a group to investigate how such standards might benefit business and industry. As a result this group recommended that an ISO committee be created to create an international standard.
What is ISO 14001?ISO 14001 is the corner stone standard of the ISO 14000 series. It specifies a framework of control for an Environmental Management System against which an organization can be certified by a third party.
The environment cannot be protected by our convictions or goodwill alone. Efforts to protect the environment must be planned, coordinated and organized into a system, such as ISO 14001.
· ISO 14004 provides guidance on the development and implementation of environmental management systems
· ISO 14010 provides general principles of environmental auditing (now superseded by ISO 19011)
· ISO 14011 provides specific guidance on audit an environmental management system (now superseded by ISO 19011)
· ISO 14012 provides guidance on qualification criteria for environmental auditors and lead auditors (now superseded by ISO 19011)
· ISO 14013/5 provides audit program review and assessment material.
· ISO 14020+ labeling issues
· ISO 14030+ provides guidance on performance targets and monitoring within an Environmental Management System
· ISO 14040+ covers life cycle issues
Of all these, ISO14001 is not only the most well known, but is the only ISO 14000 standard against which it is currently possible to be certified by an external certification authority.
ISO14000 – Introduction
After the success of the ISO9000 series of quality standards, the International Standards Organization published a comprehensive set of standards for environmental management. This series of standards is designed to cover the whole area of environmental issues for organizations in the global marketplace.
History of Development
The ISO 14000 series emerged primarily as a result of the Uruguay round of the GATT negotiations and the Rio Summit on the Environment held in 1992. While GATT concentrates on the need to reduce non-tariff barriers to trade, the Rio Summit generated a commitment to protection of the environment across the world. The environmental field has seen a steady growth of national and regional standards. The British Standards Institution has BS 7750 , the Canadian Standards Association has environmental management, auditing, eco-labeling and other standards, the European Union has all of these plus the eco-management and audit regulations , and many other countries (e.g. USA, Germany and Japan) have introduced eco-labeling programs.
The main thrust for its development came as a result of the Rio Summit on the Environment held in 1992.
ISO 14000 is an Environmental Management System (EMS), which requires that an organization consider the environmental aspects of its products and services.
Iso14000 approach forces you to take a hard look at all areas of your business that has an environmental impact.
Iso14000 is the world’s first series of Internationally accepted Standards for Environmental Management Systems (EMS).
Iso14000 elevates Environmental Management to a Strategic Level that can be applied to any organization, from any industry, anywhere in the world.
ISO 14000 is a series of voluntary standards and guideline reference documents.
The part of the overall management system that includes organizational structure, planning activities, responsibilities, practices, procedures, processes and resources for developing, implementing, achieving, reviewing and maintaining the environmental policy.
ISO 14000 is an Environmental Management System (EMS) who’s purpose is:
· A management commitment to pollution prevention.
· An understanding of the environmental impacts (reducing) of an organization’s activities.
A commitment (pollution prevention) to employees, neighbors and customers
The History of ISO 14000As a number of national standards emerged (BS 7750 being the first), the International Organization for Standardisation (ISO) created a group to investigate how such standards might benefit business and industry. As a result this group recommended that an ISO committee be created to create an international standard.
What is ISO 14001?ISO 14001 is the corner stone standard of the ISO 14000 series. It specifies a framework of control for an Environmental Management System against which an organization can be certified by a third party.
The environment cannot be protected by our convictions or goodwill alone. Efforts to protect the environment must be planned, coordinated and organized into a system, such as ISO 14001.
· ISO 14004 provides guidance on the development and implementation of environmental management systems
· ISO 14010 provides general principles of environmental auditing (now superseded by ISO 19011)
· ISO 14011 provides specific guidance on audit an environmental management system (now superseded by ISO 19011)
· ISO 14012 provides guidance on qualification criteria for environmental auditors and lead auditors (now superseded by ISO 19011)
· ISO 14013/5 provides audit program review and assessment material.
· ISO 14020+ labeling issues
· ISO 14030+ provides guidance on performance targets and monitoring within an Environmental Management System
· ISO 14040+ covers life cycle issues
Of all these, ISO14001 is not only the most well known, but is the only ISO 14000 standard against which it is currently possible to be certified by an external certification authority.
ISO14000 – Introduction
After the success of the ISO9000 series of quality standards, the International Standards Organization published a comprehensive set of standards for environmental management. This series of standards is designed to cover the whole area of environmental issues for organizations in the global marketplace.
History of Development
The ISO 14000 series emerged primarily as a result of the Uruguay round of the GATT negotiations and the Rio Summit on the Environment held in 1992. While GATT concentrates on the need to reduce non-tariff barriers to trade, the Rio Summit generated a commitment to protection of the environment across the world. The environmental field has seen a steady growth of national and regional standards. The British Standards Institution has BS 7750 , the Canadian Standards Association has environmental management, auditing, eco-labeling and other standards, the European Union has all of these plus the eco-management and audit regulations , and many other countries (e.g. USA, Germany and Japan) have introduced eco-labeling programs.
Why is Six Sigma Fascinating in ISO 9000?
Six Sigma has become very popular throughout the whole world. There are several reasons for this popularity. First, it is regarded as a fresh quality management strategy which can replace TQC, TQM and others.
Many companies, which were not quite successful in implementing previous management strategies such as TQC and TQM, are eager to introduce Six Sigma.
Development process of Six Sigma in quality management
Six Sigma is viewed as a systematic, scientific, statistical and smarter (4S) approach for management innovation which is quite suitable for use in a knowledge-based information society.
Second, Six Sigma provides efficient manpower cultivation and utilization. It employs a “belt system” in which the levels of mastery are classified as green belt, black belt, master black belt and champion. As a person in a company obtains certain
training, he acquires a belt. Usually, a black belt is the leader of a project team and several green belts work together for the project team.
Third, there are many success stories of Six Sigma application in well known world-class companies. As mentioned earlier, Six Sigma was pioneered by Motorola and launched as a strategic initiative in 1987. Since then, and particularly from 1995, an exponentially growing number of prestigious global firms have launched a Six Sigma program. It has been noted that many globally leading companies run Six Sigma programs (see Figure 3), and it has been well known that Motorola, GE, Allied Signal, IBM, DEC, Texas Instruments, Sony, Kodak, Nokia, and Philips Electronics among others have been quite successful in Six Sigma. In Korea, the Samsung, LG, Hyundai groups and Korea Heavy Industries & Construction Company have been quite successful with Six Sigma.
Lastly, Six Sigma provides flexibility in the new millennium of 3Cs, which are:
• Change: Changing society
• Customer: Power is shifted to customer and customer demand is high
• Competition: Competition in quality and productivity
The pace of change during the last decade has been unprecedented, and the speed of change in this new millennium is perhaps faster than ever before. Most notably, the power has shifted from producer to customer. The producer-oriented industrial society is over, and the customer-oriented information society has arrived. The customer has all the rights to order, select and buy goods and services. Especially, in e-business, the customer has all-mighty power.
Six Sigma with its 4S(systematic, scientific, statistical and smarter) approaches provides flexibility in managing a business unit.
Many companies, which were not quite successful in implementing previous management strategies such as TQC and TQM, are eager to introduce Six Sigma.
Development process of Six Sigma in quality management
Six Sigma is viewed as a systematic, scientific, statistical and smarter (4S) approach for management innovation which is quite suitable for use in a knowledge-based information society.
Second, Six Sigma provides efficient manpower cultivation and utilization. It employs a “belt system” in which the levels of mastery are classified as green belt, black belt, master black belt and champion. As a person in a company obtains certain
training, he acquires a belt. Usually, a black belt is the leader of a project team and several green belts work together for the project team.
Third, there are many success stories of Six Sigma application in well known world-class companies. As mentioned earlier, Six Sigma was pioneered by Motorola and launched as a strategic initiative in 1987. Since then, and particularly from 1995, an exponentially growing number of prestigious global firms have launched a Six Sigma program. It has been noted that many globally leading companies run Six Sigma programs (see Figure 3), and it has been well known that Motorola, GE, Allied Signal, IBM, DEC, Texas Instruments, Sony, Kodak, Nokia, and Philips Electronics among others have been quite successful in Six Sigma. In Korea, the Samsung, LG, Hyundai groups and Korea Heavy Industries & Construction Company have been quite successful with Six Sigma.
Lastly, Six Sigma provides flexibility in the new millennium of 3Cs, which are:
• Change: Changing society
• Customer: Power is shifted to customer and customer demand is high
• Competition: Competition in quality and productivity
The pace of change during the last decade has been unprecedented, and the speed of change in this new millennium is perhaps faster than ever before. Most notably, the power has shifted from producer to customer. The producer-oriented industrial society is over, and the customer-oriented information society has arrived. The customer has all the rights to order, select and buy goods and services. Especially, in e-business, the customer has all-mighty power.
Six Sigma with its 4S(systematic, scientific, statistical and smarter) approaches provides flexibility in managing a business unit.
Quality Characteristic in ISO 9000
Any feature or characteristic of a product or service that is needed to satisfy
customer needs or achieve fitness for use is a quality characteristic. When
dealing with products the characteristics are almost always technical character-
istics, whereas service quality characteristics have a human dimension. Some
typical quality characteristics are given below.
Product characteristics
1. Accessibility Functionality Size
2. Availability Interchangeability Susceptibility
3. Appearance Maintainability Storability
4. Adaptability Odour – Strength
5. Cleanliness Operability -Taste
6. Consumption Portability – Testability
7. Durability Producibility Traceability
8. Disposability Reliability – Toxicity
9. Emittance Reparability Transportability
10. Flammability Safety – Vulnerability
11. Flexibility Security – Weight
Service quality characteristics
1. Accessibility Credibility – Honesty
2. Accuracy Dependability Promptness
3. Courtesy Efficiency – Responsiveness
4. Comfort Effectiveness Reliability
5. Competence Flexibility – Security
These are the characteristics that need to be specified and their achievement
controlled, assured, improved, managed and demonstrated. These are the
characteristics that form the subject matter of the product requirements
referred to in ISO 9000. When the value of these characteristics is quantified or
qualified they are termed product requirements. We used to use the term quality
requirements but this caused a division in thinking that resulted in people
regarding quality requirements as the domain of the quality personnel and
technical requirements being the domain of the technical personnel. All
requirements are quality requirements – they express needs or expectations that
are intended to be fulfilled by a process output that possesses inherent
characteristics. We can therefore drop the word quality. If a modifying word is
needed in front of the word requirements it should be a word that signifies the
subject of the requirements. Transportation system requirements would be
requirements for a transportation system, Audio speaker design requirements
would be requirements for the design of an audio speaker, component test
requirements would be requirements for testing components, and management
training requirements would be requirements for training managers. ISO 9000
requirements are often referred to as quality requirements as distinct from other
types of requirements but this is misleading. ISO 9000 is no more a quality
requirement than is ISO 1000 on SI units, ISO 2365 for Ammonium nitrate or
ISO 246 for Rolling Bearings. The requirements of ISO 9000 are quality
management system requirements – requirements for a quality management
system.
customer needs or achieve fitness for use is a quality characteristic. When
dealing with products the characteristics are almost always technical character-
istics, whereas service quality characteristics have a human dimension. Some
typical quality characteristics are given below.
Product characteristics
1. Accessibility Functionality Size
2. Availability Interchangeability Susceptibility
3. Appearance Maintainability Storability
4. Adaptability Odour – Strength
5. Cleanliness Operability -Taste
6. Consumption Portability – Testability
7. Durability Producibility Traceability
8. Disposability Reliability – Toxicity
9. Emittance Reparability Transportability
10. Flammability Safety – Vulnerability
11. Flexibility Security – Weight
Service quality characteristics
1. Accessibility Credibility – Honesty
2. Accuracy Dependability Promptness
3. Courtesy Efficiency – Responsiveness
4. Comfort Effectiveness Reliability
5. Competence Flexibility – Security
These are the characteristics that need to be specified and their achievement
controlled, assured, improved, managed and demonstrated. These are the
characteristics that form the subject matter of the product requirements
referred to in ISO 9000. When the value of these characteristics is quantified or
qualified they are termed product requirements. We used to use the term quality
requirements but this caused a division in thinking that resulted in people
regarding quality requirements as the domain of the quality personnel and
technical requirements being the domain of the technical personnel. All
requirements are quality requirements – they express needs or expectations that
are intended to be fulfilled by a process output that possesses inherent
characteristics. We can therefore drop the word quality. If a modifying word is
needed in front of the word requirements it should be a word that signifies the
subject of the requirements. Transportation system requirements would be
requirements for a transportation system, Audio speaker design requirements
would be requirements for the design of an audio speaker, component test
requirements would be requirements for testing components, and management
training requirements would be requirements for training managers. ISO 9000
requirements are often referred to as quality requirements as distinct from other
types of requirements but this is misleading. ISO 9000 is no more a quality
requirement than is ISO 1000 on SI units, ISO 2365 for Ammonium nitrate or
ISO 246 for Rolling Bearings. The requirements of ISO 9000 are quality
management system requirements – requirements for a quality management
system.
Quality Management
There are two schools of thought on quality management. One views quality
management as the management of success and the other the elimination of
failure. They are both valid. Each approaches the subject from a different
angle:
The ‘success’ school is characterized by five questions (Hoyle, David and
Thompson, John, 2001)3 :
1 What are you trying to do?
2 How do you make it happen?
3 How do you know it’s right?
4 How do you know it’s the best way of doing it?
5 How do you know it’s the right thing to do?
The ‘failure elimination’ school is characterized by five different questions
1 How do you know what is needed?
2 What could affect your ability to do it right?
3 What checks are made to verify achievement?
4 How do you ensure the integrity of these checks?
5 What action is taken to prevent a recurrence of failure?
In an ideal world, if we could design products, services and processes that
could not fail we would have achieved the ultimate goal. Success means not
only that products, services and processes fulfil their function but also that the
function is what customers’ desire. Failure means not only that products,
services and processes would fail to fulfil their function but also that their
function was not what customers desired. A gold-plated mousetrap that does
not fail is not a success if no one needs a gold-plated mousetrap!
The introductory clause of ISO 9001:1994 contained a statement that the aim
of the requirements is to achieve customer satisfaction by prevention of
nonconformities. (This was indicative of the failure school of thought.) The
introductory clause of ISO 9001:2000 contains a statement that the aim is to
enhance customer satisfaction through the effective application of the quality
management system and the assurance of conformity to customer and
applicable regulatory requirements. (This is indicative of the success school of
thought.)
In reality you cannot be successful unless you know of the risks you are
taking and plan to eliminate, reduce or control them. A unification of these
approaches is what is therefore needed for organizations to achieve, sustain
and improve quality. You therefore need to approach the achievement of
quality from two different angles and answer two questions. What do we need
to do to succeed and what do we need to do to prevent failure?
Quality does not appear by chance, or if it does it may not be repeated. One
has to design quality into the products and services. It has often been said that
one cannot inspect quality into a product. A product remains the same after
inspection as it did before, so no amount of inspection will change the quality
of the product. However, what inspection does is measure quality in a way that
allows us to make decisions on whether or not to release a piece of work. Work
that passes inspection should be quality work but inspection unfortunately is
not 100% reliable. Most inspection relies on human judgement and this can be
affected by many factors, some of which are outside our control (such as the
private life, health or mood of the inspector). We may also fail to predict the
effect that our decisions have on others. Sometimes we go to great lengths in
preparing organization changes and find to our surprise that we neglected
something or underestimated the effect of something. We therefore need other
means to deliver quality products – we have to adopt practices that enable us
to achieve our objectives while preventing failures from occurring.
http://www.e-wia.com
http://www.iso-consults.com
management as the management of success and the other the elimination of
failure. They are both valid. Each approaches the subject from a different
angle:
The ‘success’ school is characterized by five questions (Hoyle, David and
Thompson, John, 2001)3 :
1 What are you trying to do?
2 How do you make it happen?
3 How do you know it’s right?
4 How do you know it’s the best way of doing it?
5 How do you know it’s the right thing to do?
The ‘failure elimination’ school is characterized by five different questions
1 How do you know what is needed?
2 What could affect your ability to do it right?
3 What checks are made to verify achievement?
4 How do you ensure the integrity of these checks?
5 What action is taken to prevent a recurrence of failure?
In an ideal world, if we could design products, services and processes that
could not fail we would have achieved the ultimate goal. Success means not
only that products, services and processes fulfil their function but also that the
function is what customers’ desire. Failure means not only that products,
services and processes would fail to fulfil their function but also that their
function was not what customers desired. A gold-plated mousetrap that does
not fail is not a success if no one needs a gold-plated mousetrap!
The introductory clause of ISO 9001:1994 contained a statement that the aim
of the requirements is to achieve customer satisfaction by prevention of
nonconformities. (This was indicative of the failure school of thought.) The
introductory clause of ISO 9001:2000 contains a statement that the aim is to
enhance customer satisfaction through the effective application of the quality
management system and the assurance of conformity to customer and
applicable regulatory requirements. (This is indicative of the success school of
thought.)
In reality you cannot be successful unless you know of the risks you are
taking and plan to eliminate, reduce or control them. A unification of these
approaches is what is therefore needed for organizations to achieve, sustain
and improve quality. You therefore need to approach the achievement of
quality from two different angles and answer two questions. What do we need
to do to succeed and what do we need to do to prevent failure?
Quality does not appear by chance, or if it does it may not be repeated. One
has to design quality into the products and services. It has often been said that
one cannot inspect quality into a product. A product remains the same after
inspection as it did before, so no amount of inspection will change the quality
of the product. However, what inspection does is measure quality in a way that
allows us to make decisions on whether or not to release a piece of work. Work
that passes inspection should be quality work but inspection unfortunately is
not 100% reliable. Most inspection relies on human judgement and this can be
affected by many factors, some of which are outside our control (such as the
private life, health or mood of the inspector). We may also fail to predict the
effect that our decisions have on others. Sometimes we go to great lengths in
preparing organization changes and find to our surprise that we neglected
something or underestimated the effect of something. We therefore need other
means to deliver quality products – we have to adopt practices that enable us
to achieve our objectives while preventing failures from occurring.
http://www.e-wia.com
http://www.iso-consults.com
Subscribe to:
Posts (Atom)