ISO 9001 Records Disposition
Disposition in this context means the disposal of records once their useful life
has ended. The requirement should not be confused with that on the retention
of records. Retention times are one thing and disposal procedures quite
another.
The ISO 9001 standard does not specifically require records to be authenticated, certified
or validated other than product verification records in clause 8.2.4. A set of
results without being endorsed with the signature of the person who captured
them or other authentication lacks credibility. Facts that have been obtained by
whatever means should be certified for three reasons:
They provide a means of tracing the result to the originator in the event of
problems.
They indicate that the provider believes them to be correct.
They enable you to verify whether the originator was appropriately
qualified.
They give the results credibility.
If the records are generated by computer and retained in computerized form,
a means needs to be provided for the results to be authenticated. This can be
accomplished through appropriate process controls by installing provisions for
automated data recording or preventing unauthorized access.
Tuesday, August 11, 2009
Control of ISO 9000 records
The ISO 9001 standard requires records to be established and
maintained to provide evidence of conformity to require-
ments and the effective operation of the quality manage-
ment system.
A record is defined in ISO 9000 as a document stating
results achieved or providing evidence of activities
performed.
Although a record is a document, the document
control requirement of clause 4.2.3 do not apply to
records primarily because records are not issued,
neither do they exhibit revision status simply
because they are results that are factual when
recorded. If the facts change, a new record is usually
created rather than the previous record revised. Even
where a record is revised and new facts added, the
old facts remain identified as to their date. The only reason for revising facts
contained in a record without changing the identity of the record or the date
when they were collected is where the facts were incorrectly recorded. This
subtle difference demands different treatment for documents that are classed
as records to those that are classed as informative. As with other types of
documents, records result from processes and may be used as inputs to other
processes.
Records required by the management system means records used or
generated by the management system. There is therefore no requirement to
produce records solely to satisfy an auditor. The records required are those for
the effective operation of the organization’s processes (see clause 4.1d of ISO
9001). If a record has no useful purpose within the management system there
is no requirement that it be established or maintained.
This does not mean that a record is required to prove conformity with every
single requirement for every product and service. There are those records
required by the standard (see below) that are required for every product and
service where applicable and in all other cases, audit records showing
compliance on a sample of operations would be sufficient.
Compliance with many requirements can be demonstrated by observation,
analysis, interview or examination of documentation. If a result or an activity
is not required to be recorded in order to manage the organization effectively
and satisfy the interested parties, it is not necessary to maintain records of it.
maintained to provide evidence of conformity to require-
ments and the effective operation of the quality manage-
ment system.
A record is defined in ISO 9000 as a document stating
results achieved or providing evidence of activities
performed.
Although a record is a document, the document
control requirement of clause 4.2.3 do not apply to
records primarily because records are not issued,
neither do they exhibit revision status simply
because they are results that are factual when
recorded. If the facts change, a new record is usually
created rather than the previous record revised. Even
where a record is revised and new facts added, the
old facts remain identified as to their date. The only reason for revising facts
contained in a record without changing the identity of the record or the date
when they were collected is where the facts were incorrectly recorded. This
subtle difference demands different treatment for documents that are classed
as records to those that are classed as informative. As with other types of
documents, records result from processes and may be used as inputs to other
processes.
Records required by the management system means records used or
generated by the management system. There is therefore no requirement to
produce records solely to satisfy an auditor. The records required are those for
the effective operation of the organization’s processes (see clause 4.1d of ISO
9001). If a record has no useful purpose within the management system there
is no requirement that it be established or maintained.
This does not mean that a record is required to prove conformity with every
single requirement for every product and service. There are those records
required by the standard (see below) that are required for every product and
service where applicable and in all other cases, audit records showing
compliance on a sample of operations would be sufficient.
Compliance with many requirements can be demonstrated by observation,
analysis, interview or examination of documentation. If a result or an activity
is not required to be recorded in order to manage the organization effectively
and satisfy the interested parties, it is not necessary to maintain records of it.
Monday, August 10, 2009
ISO 9000 vs Quality
ISO 9000 was conceived to bring about an improvement in product quality. It
was believed that if organizations were able to demonstrate they were
operating a quality system that met international standards, customers would
gain greater confidence in the quality of products they purchased. It was also
believed that by operating in accordance with documented procedures, errors
would be reduced and consistency of output ensured. If you find the best way
of achieving a result, put in place measures to prevent variation, document it
and train others to apply it, it follows that the results produced should be
consistently good.
The requirements of the standard were perceived to be a list of things to do
to achieve quality. The ISO co-ordinator would often draw up a plan based on
the following logic:
1. We have to identify resource requirements so I will write a procedure on
identifying resource requirements
2. We have to produce quality plans so I will write a procedure on producing
quality plans
3. We have to record contract review so I will write a procedure on recording
contract reviews
4. We have to identify design changes so I will write a procedure on identifying
design changes
The requirements in the standard were often not expressed as results to be
achieved. Requirements for a documented procedure to be established resulted
in just that. Invariably the objectives of the procedure were to define something
rather than to achieve something. This led to documentation without any clear
purpose that related to the achievement of quality. Those producing the
documentation were focusing on meeting the standard not on achieving quality.
Those producing the product were focusing on meeting the customer
requirement but the two were often out of sync. As quality assurance became
synonymous with procedures, so people perceived that they could achieve
quality by following procedures. The dominance of procedures to the exclusion
of performance is a misunderstanding of the implementers. The standard
required a documented system that ensured product met specified requirements – a
clear purpose. Once again the implementers lost sight of the objective. Or was it
that they knew the objective but in order to meet it, the culture would have to
change and if they could get the badge without doing so, why should they?
Issuing a procedure was considered to equate to task completed. Unfortu-
nately, for those on the receiving end, the procedures were filed and forgotten.
When the auditor came around, the individual was found to be totally
unaware of the ‘procedure’ and consequently found noncompliant with it.
However, the auditor would discover that the individual was doing the right
things so the corrective action was inevitably to change the procedure. The
process of issuing procedures was not questioned, the individual concerned
was blamed for not knowing the procedure and the whole episode failed to
make any positive contribution to the achievement of quality. But it left the
impression on the individual that quality was all about following procedures.
It also left the impression that quality was about consistency and providing
you did what you said you would do regardless of it being in the interests of
satisfying customers, it was OK. One is left wondering whether anyone
consulted the dictionary in which quality is defined as a degree of excellence?
Another problem was that those who were to implement requirements were
often excluded from the process. Instead of enquiring as to the best way of
meeting a requirement, those in charge of ISO 9000 implementation assumed
that issuing procedures would in fact cause compliance with requirements. It
requires a study of the way work gets done to appreciate how best to meet a
requirement. Procedures were required to be documented and the range and
detail was intended to be appropriate to the complexity of the work, the
methods used and the skills and training needed. The standard also only
required work instructions where their absence would adversely affect quality.
It is as though the people concerned did not read the requirement properly or
had no curiosity to find out for themselves what ISO had to say about
procedures – they were all too ready to be told what to do without questioning
why they should be doing it.
More often than not, the topics covered by the standard were only a sample
of all the things that need to be done to achieve the organization’s objectives.
The way the standard classified the topics was also often not appropriate to the
way work was performed. As a consequence, procedures failed to be
implemented because they mirrored the standard and not the work. ISO 9000
may have required documented procedures but it did not insist that they be
produced in separate documents, with titles or an identification convention
that was traceable to the requirements.
Critics argue (Seddon, John, 2000)3 that ISO 9000 did not enable organiza-
tions to reduce variation as a result of following the procedures. It is true that
ISO 9000 did not explain the theory of variation – it could have done, but
perhaps it was felt that this was better handled by the wealth of literature
available at the time. However, ISO 9000 did require organizations to identify
where the use of statistical techniques was necessary for establishing,
controlling and verifying process capability but this was often misunderstood.
Clause 4.14 of ISO 9001 required corrective action procedures – procedures to
identify variation and eliminate the cause so this should have resulted in a
reduction in variation. The procedures did not always focus on results – they
tended to focus on transactions – sending information or product from A to B.
The concept of corrective action was often misunderstood. It was believed to be
about fixing the problem and preventive action was believed to be about
preventing recurrence. Had users read ISO 8402 they should have been
enlightened. Had they read Deming they would have been enlightened but in
many cases the language of ISO 9000 was a deterrent to learning. Had the
auditors understood variation, they too could have assisted in clarifying these
issues but they too seemed ignorant – willing to regard clause 4.20 as not
applicable in many cases.
Clause 4.6 of the undervalued and forgotten standard ISO 9000 –1 starts with
‘The International Standards in the ISO 9000 family are founded upon the
understanding that all work is accomplished by a process.’ In clause 4.7 it starts
with ‘Every organization exists to accomplish value-adding work. The work is
accomplished through a network of processes’ In clause 4.8 it starts with ‘It is
conventional to speak of quality systems as consisting of a number of elements.
The quality system is carried out by means of processes which exist both within
and across functions’ Alas, few people read ISO 9000–1 and as a result the
baggage that had amassed was difficult to shed especially because there were
few if any certification bodies suggesting that the guidance contained in ISO
9000 –1 should be applied. Unfortunately, this message from ISO 9000 –1 was not
conveyed through the requirements of ISO 9001. ISO 9001 was not intended as
a design tool. It was produced for contractual and assessment purposes but was
used as a design tool instead of ISO 9000 –1 and ISO 9004 –1.
was believed that if organizations were able to demonstrate they were
operating a quality system that met international standards, customers would
gain greater confidence in the quality of products they purchased. It was also
believed that by operating in accordance with documented procedures, errors
would be reduced and consistency of output ensured. If you find the best way
of achieving a result, put in place measures to prevent variation, document it
and train others to apply it, it follows that the results produced should be
consistently good.
The requirements of the standard were perceived to be a list of things to do
to achieve quality. The ISO co-ordinator would often draw up a plan based on
the following logic:
1. We have to identify resource requirements so I will write a procedure on
identifying resource requirements
2. We have to produce quality plans so I will write a procedure on producing
quality plans
3. We have to record contract review so I will write a procedure on recording
contract reviews
4. We have to identify design changes so I will write a procedure on identifying
design changes
The requirements in the standard were often not expressed as results to be
achieved. Requirements for a documented procedure to be established resulted
in just that. Invariably the objectives of the procedure were to define something
rather than to achieve something. This led to documentation without any clear
purpose that related to the achievement of quality. Those producing the
documentation were focusing on meeting the standard not on achieving quality.
Those producing the product were focusing on meeting the customer
requirement but the two were often out of sync. As quality assurance became
synonymous with procedures, so people perceived that they could achieve
quality by following procedures. The dominance of procedures to the exclusion
of performance is a misunderstanding of the implementers. The standard
required a documented system that ensured product met specified requirements – a
clear purpose. Once again the implementers lost sight of the objective. Or was it
that they knew the objective but in order to meet it, the culture would have to
change and if they could get the badge without doing so, why should they?
Issuing a procedure was considered to equate to task completed. Unfortu-
nately, for those on the receiving end, the procedures were filed and forgotten.
When the auditor came around, the individual was found to be totally
unaware of the ‘procedure’ and consequently found noncompliant with it.
However, the auditor would discover that the individual was doing the right
things so the corrective action was inevitably to change the procedure. The
process of issuing procedures was not questioned, the individual concerned
was blamed for not knowing the procedure and the whole episode failed to
make any positive contribution to the achievement of quality. But it left the
impression on the individual that quality was all about following procedures.
It also left the impression that quality was about consistency and providing
you did what you said you would do regardless of it being in the interests of
satisfying customers, it was OK. One is left wondering whether anyone
consulted the dictionary in which quality is defined as a degree of excellence?
Another problem was that those who were to implement requirements were
often excluded from the process. Instead of enquiring as to the best way of
meeting a requirement, those in charge of ISO 9000 implementation assumed
that issuing procedures would in fact cause compliance with requirements. It
requires a study of the way work gets done to appreciate how best to meet a
requirement. Procedures were required to be documented and the range and
detail was intended to be appropriate to the complexity of the work, the
methods used and the skills and training needed. The standard also only
required work instructions where their absence would adversely affect quality.
It is as though the people concerned did not read the requirement properly or
had no curiosity to find out for themselves what ISO had to say about
procedures – they were all too ready to be told what to do without questioning
why they should be doing it.
More often than not, the topics covered by the standard were only a sample
of all the things that need to be done to achieve the organization’s objectives.
The way the standard classified the topics was also often not appropriate to the
way work was performed. As a consequence, procedures failed to be
implemented because they mirrored the standard and not the work. ISO 9000
may have required documented procedures but it did not insist that they be
produced in separate documents, with titles or an identification convention
that was traceable to the requirements.
Critics argue (Seddon, John, 2000)3 that ISO 9000 did not enable organiza-
tions to reduce variation as a result of following the procedures. It is true that
ISO 9000 did not explain the theory of variation – it could have done, but
perhaps it was felt that this was better handled by the wealth of literature
available at the time. However, ISO 9000 did require organizations to identify
where the use of statistical techniques was necessary for establishing,
controlling and verifying process capability but this was often misunderstood.
Clause 4.14 of ISO 9001 required corrective action procedures – procedures to
identify variation and eliminate the cause so this should have resulted in a
reduction in variation. The procedures did not always focus on results – they
tended to focus on transactions – sending information or product from A to B.
The concept of corrective action was often misunderstood. It was believed to be
about fixing the problem and preventive action was believed to be about
preventing recurrence. Had users read ISO 8402 they should have been
enlightened. Had they read Deming they would have been enlightened but in
many cases the language of ISO 9000 was a deterrent to learning. Had the
auditors understood variation, they too could have assisted in clarifying these
issues but they too seemed ignorant – willing to regard clause 4.20 as not
applicable in many cases.
Clause 4.6 of the undervalued and forgotten standard ISO 9000 –1 starts with
‘The International Standards in the ISO 9000 family are founded upon the
understanding that all work is accomplished by a process.’ In clause 4.7 it starts
with ‘Every organization exists to accomplish value-adding work. The work is
accomplished through a network of processes’ In clause 4.8 it starts with ‘It is
conventional to speak of quality systems as consisting of a number of elements.
The quality system is carried out by means of processes which exist both within
and across functions’ Alas, few people read ISO 9000–1 and as a result the
baggage that had amassed was difficult to shed especially because there were
few if any certification bodies suggesting that the guidance contained in ISO
9000 –1 should be applied. Unfortunately, this message from ISO 9000 –1 was not
conveyed through the requirements of ISO 9001. ISO 9001 was not intended as
a design tool. It was produced for contractual and assessment purposes but was
used as a design tool instead of ISO 9000 –1 and ISO 9004 –1.
Quality Management
There are two schools of thought on quality management. One views quality
management as the management of success and the other the elimination of
failure. They are both valid. Each approaches the subject from a different
angle:
The ‘success’ school is characterized by five questions (Hoyle, David and
Thompson, John, 2001)3 :
1 What are you trying to do?
2 How do you make it happen?
3 How do you know it’s right?
4 How do you know it’s the best way of doing it?
5 How do you know it’s the right thing to do?
The ‘failure elimination’ school is characterized by five different questions
1 How do you know what is needed?
2 What could affect your ability to do it right?
3 What checks are made to verify achievement?
4 How do you ensure the integrity of these checks?
5 What action is taken to prevent a recurrence of failure?
In an ideal world, if we could design products, services and processes that
could not fail we would have achieved the ultimate goal. Success means not
only that products, services and processes fulfil their function but also that the
function is what customers’ desire. Failure means not only that products,
services and processes would fail to fulfil their function but also that their
function was not what customers desired. A gold-plated mousetrap that does
not fail is not a success if no one needs a gold-plated mousetrap!
The introductory clause of ISO 9001:1994 contained a statement that the aim
of the requirements is to achieve customer satisfaction by prevention of
nonconformities. (This was indicative of the failure school of thought.) The
introductory clause of ISO 9001:2000 contains a statement that the aim is to
enhance customer satisfaction through the effective application of the quality
management system and the assurance of conformity to customer and
applicable regulatory requirements. (This is indicative of the success school of
thought.)
In reality you cannot be successful unless you know of the risks you are
taking and plan to eliminate, reduce or control them. A unification of these
approaches is what is therefore needed for organizations to achieve, sustain
and improve quality. You therefore need to approach the achievement of
quality from two different angles and answer two questions. What do we need
to do to succeed and what do we need to do to prevent failure?
Quality does not appear by chance, or if it does it may not be repeated. One
has to design quality into the products and services. It has often been said that
one cannot inspect quality into a product. A product remains the same after
inspection as it did before, so no amount of inspection will change the quality
of the product. However, what inspection does is measure quality in a way that
allows us to make decisions on whether or not to release a piece of work. Work
that passes inspection should be quality work but inspection unfortunately is
not 100% reliable. Most inspection relies on human judgement and this can be
affected by many factors, some of which are outside our control (such as the
private life, health or mood of the inspector). We may also fail to predict the
effect that our decisions have on others. Sometimes we go to great lengths in
preparing organization changes and find to our surprise that we neglected
something or underestimated the effect of something. We therefore need other
means to deliver quality products – we have to adopt practices that enable us
to achieve our objectives while preventing failures from occurring.
management as the management of success and the other the elimination of
failure. They are both valid. Each approaches the subject from a different
angle:
The ‘success’ school is characterized by five questions (Hoyle, David and
Thompson, John, 2001)3 :
1 What are you trying to do?
2 How do you make it happen?
3 How do you know it’s right?
4 How do you know it’s the best way of doing it?
5 How do you know it’s the right thing to do?
The ‘failure elimination’ school is characterized by five different questions
1 How do you know what is needed?
2 What could affect your ability to do it right?
3 What checks are made to verify achievement?
4 How do you ensure the integrity of these checks?
5 What action is taken to prevent a recurrence of failure?
In an ideal world, if we could design products, services and processes that
could not fail we would have achieved the ultimate goal. Success means not
only that products, services and processes fulfil their function but also that the
function is what customers’ desire. Failure means not only that products,
services and processes would fail to fulfil their function but also that their
function was not what customers desired. A gold-plated mousetrap that does
not fail is not a success if no one needs a gold-plated mousetrap!
The introductory clause of ISO 9001:1994 contained a statement that the aim
of the requirements is to achieve customer satisfaction by prevention of
nonconformities. (This was indicative of the failure school of thought.) The
introductory clause of ISO 9001:2000 contains a statement that the aim is to
enhance customer satisfaction through the effective application of the quality
management system and the assurance of conformity to customer and
applicable regulatory requirements. (This is indicative of the success school of
thought.)
In reality you cannot be successful unless you know of the risks you are
taking and plan to eliminate, reduce or control them. A unification of these
approaches is what is therefore needed for organizations to achieve, sustain
and improve quality. You therefore need to approach the achievement of
quality from two different angles and answer two questions. What do we need
to do to succeed and what do we need to do to prevent failure?
Quality does not appear by chance, or if it does it may not be repeated. One
has to design quality into the products and services. It has often been said that
one cannot inspect quality into a product. A product remains the same after
inspection as it did before, so no amount of inspection will change the quality
of the product. However, what inspection does is measure quality in a way that
allows us to make decisions on whether or not to release a piece of work. Work
that passes inspection should be quality work but inspection unfortunately is
not 100% reliable. Most inspection relies on human judgement and this can be
affected by many factors, some of which are outside our control (such as the
private life, health or mood of the inspector). We may also fail to predict the
effect that our decisions have on others. Sometimes we go to great lengths in
preparing organization changes and find to our surprise that we neglected
something or underestimated the effect of something. We therefore need other
means to deliver quality products – we have to adopt practices that enable us
to achieve our objectives while preventing failures from occurring.
ISO 9001:2008 Documentation Requirements
ISO 9001:2008 clause 4.1 General requirements requires an organization to “establish, document, implement, and maintain a quality management system and continually improve its effectiveness in accordance with the requirements of this International Standard”
ISO 9001:2008 Clause 4.2.1 General explains that the quality management system documentation shall include:
documented statements of a quality policy and quality objectives;
a quality manual
documented procedures required by this International Standard
documents needed by the organization to ensure the effective planning, operation and control of its processes, and
records required by this International Standard;
The notes after Clause 4.2 make it clear that where the standard specifically requires a “documented procedure”, the procedure has to be established, documented, implemented and maintained. It also emphasizes that the extent of the QMS documentation may differ from one organization to another due to:
the size of organization and type of activities;
the complexity of processes and their interactions, and
the competence of personnel.
All the documents that form part of the QMS have to be controlled in accordance with clause 4.2.3 of ISO 9001:2008, or, for the particular case of records, according to clause 4.2.4.
Guidance on Clause 4.2 of ISO 9001:2008
The following comments are intended to assist users of ISO 9001:2008 in understanding the intent of the general documentation requirements of the International Standard.
a) Documented statements of a quality policy and objectives:
Requirements for the quality policy are defined in clause 5.3 of ISO 9001:2008. The documented quality policy has to be controlled according to the requirements of clause 4.2.3.Note: Organizations that are revising their quality policy for the first time, or in order to meet the amended requirements in ISO 9001:2008, should pay particular attention to clause 4.2.3 (c), (d) and (g).
Requirements for quality objectives are defined in clause 5.4.1 of ISO 9001:2008. These documented quality objectives are also subject to the document control requirements of clause 4.2.3.
b) Quality Manual:
Clause 4.2.2 of ISO 9001:2008 specifies the minimum content for a quality manual. The format and structure of the manual is a decision for each organization, and will depend on the organization’s size, culture and complexity. Some organizations may choose to use the quality manual for other purposes besides that of simply documenting the QMS
A small organization may find it appropriate to include the description of its entire QMS within a single manual, including all the documented procedures required by the standard.
Large, multi-national organizations may need several manuals at the global, national or regional level, and a more complex hierarchy of documentation.
The quality manual is a document that has to be controlled in accordance with the requirements of clause 4.2.3.
c) Documented procedures:
ISO 9001:2008 specifically requires the organization to have “documented procedures” for the following six activities:4.2.3 Control of documents4.2.4 Control of records8.2.2 Internal audit8.3 Control of nonconforming product8.5.2 Corrective action8.5.3 Preventive action
These documented procedures have to be controlled in accordance with the requirements of clause 4.2.3
Some organizations may find it convenient to combine the procedure for several activities into a single documented procedure (for example, corrective action and preventive action). Others may choose to document a given activity by using more than one documented procedure (for example, internal audits). Both are acceptable.
Some organizations (particularly larger organizations, or those with more complex processes) may require additional documented procedures (particularly those relating to product realization processes) to implement an effective QMS.
Other organizations may require additional procedures, but the size and/or culture of the organization could enable these to be effectively implemented without necessarily being documented. However, in order to demonstrate compliance with ISO 9001:2008, the organization has to be able to provide objective evidence (not necessarily documented) that its QMS has been effectively implemented.
d) Documents needed by the organization to ensure the effective planning, operation and control of its processes:
In order for an organization to demonstrate the effective implementation of its QMS, it may be necessary to develop documents other than documented procedures. However, the only documents specifically mentioned in ISO 9001:2008 are:- Quality policy (clause 4.2.1.a)- Quality objectives (clause 4.2.1.a)- Quality manual (clause 4.2.1.b)
There are several requirements of ISO 9001:2008 where an organization could add value to its QMS and demonstrate conformity by the preparation of other documents, even though the standard does not specifically require them. Examples may include:- Process maps, process flow charts and/or process descriptions- Organization charts- Specifications- Work and/or test instructions- Documents containing internal communications- Production schedules- Approved supplier lists- Test and inspection plans- Quality plans
All such documents have to be controlled in accordance with the requirements of clause 4.2.3 and/or 4.2.4, as applicable
e) Records:
Examples of records specifically required by ISO 9001:2008 are presented in Annex B.
Organizations are free to develop other records that may be needed to demonstrate conformity of their processes, products and quality management system.
Requirements for the control of records are different from those for other documents, and all records have to be controlled according to those of clause 4.2.4 of ISO 9001:2008.
ISO 9001:2008 Clause 4.2.1 General explains that the quality management system documentation shall include:
documented statements of a quality policy and quality objectives;
a quality manual
documented procedures required by this International Standard
documents needed by the organization to ensure the effective planning, operation and control of its processes, and
records required by this International Standard;
The notes after Clause 4.2 make it clear that where the standard specifically requires a “documented procedure”, the procedure has to be established, documented, implemented and maintained. It also emphasizes that the extent of the QMS documentation may differ from one organization to another due to:
the size of organization and type of activities;
the complexity of processes and their interactions, and
the competence of personnel.
All the documents that form part of the QMS have to be controlled in accordance with clause 4.2.3 of ISO 9001:2008, or, for the particular case of records, according to clause 4.2.4.
Guidance on Clause 4.2 of ISO 9001:2008
The following comments are intended to assist users of ISO 9001:2008 in understanding the intent of the general documentation requirements of the International Standard.
a) Documented statements of a quality policy and objectives:
Requirements for the quality policy are defined in clause 5.3 of ISO 9001:2008. The documented quality policy has to be controlled according to the requirements of clause 4.2.3.Note: Organizations that are revising their quality policy for the first time, or in order to meet the amended requirements in ISO 9001:2008, should pay particular attention to clause 4.2.3 (c), (d) and (g).
Requirements for quality objectives are defined in clause 5.4.1 of ISO 9001:2008. These documented quality objectives are also subject to the document control requirements of clause 4.2.3.
b) Quality Manual:
Clause 4.2.2 of ISO 9001:2008 specifies the minimum content for a quality manual. The format and structure of the manual is a decision for each organization, and will depend on the organization’s size, culture and complexity. Some organizations may choose to use the quality manual for other purposes besides that of simply documenting the QMS
A small organization may find it appropriate to include the description of its entire QMS within a single manual, including all the documented procedures required by the standard.
Large, multi-national organizations may need several manuals at the global, national or regional level, and a more complex hierarchy of documentation.
The quality manual is a document that has to be controlled in accordance with the requirements of clause 4.2.3.
c) Documented procedures:
ISO 9001:2008 specifically requires the organization to have “documented procedures” for the following six activities:4.2.3 Control of documents4.2.4 Control of records8.2.2 Internal audit8.3 Control of nonconforming product8.5.2 Corrective action8.5.3 Preventive action
These documented procedures have to be controlled in accordance with the requirements of clause 4.2.3
Some organizations may find it convenient to combine the procedure for several activities into a single documented procedure (for example, corrective action and preventive action). Others may choose to document a given activity by using more than one documented procedure (for example, internal audits). Both are acceptable.
Some organizations (particularly larger organizations, or those with more complex processes) may require additional documented procedures (particularly those relating to product realization processes) to implement an effective QMS.
Other organizations may require additional procedures, but the size and/or culture of the organization could enable these to be effectively implemented without necessarily being documented. However, in order to demonstrate compliance with ISO 9001:2008, the organization has to be able to provide objective evidence (not necessarily documented) that its QMS has been effectively implemented.
d) Documents needed by the organization to ensure the effective planning, operation and control of its processes:
In order for an organization to demonstrate the effective implementation of its QMS, it may be necessary to develop documents other than documented procedures. However, the only documents specifically mentioned in ISO 9001:2008 are:- Quality policy (clause 4.2.1.a)- Quality objectives (clause 4.2.1.a)- Quality manual (clause 4.2.1.b)
There are several requirements of ISO 9001:2008 where an organization could add value to its QMS and demonstrate conformity by the preparation of other documents, even though the standard does not specifically require them. Examples may include:- Process maps, process flow charts and/or process descriptions- Organization charts- Specifications- Work and/or test instructions- Documents containing internal communications- Production schedules- Approved supplier lists- Test and inspection plans- Quality plans
All such documents have to be controlled in accordance with the requirements of clause 4.2.3 and/or 4.2.4, as applicable
e) Records:
Examples of records specifically required by ISO 9001:2008 are presented in Annex B.
Organizations are free to develop other records that may be needed to demonstrate conformity of their processes, products and quality management system.
Requirements for the control of records are different from those for other documents, and all records have to be controlled according to those of clause 4.2.4 of ISO 9001:2008.
Assessing the Corporate Impact of ISO 14000 Certification
The 1990s have indeed been a period of change. This has seen a change from a perspective that
emphasized trade-offs (you can have only one of the following quality) to a paradigm that stresses
simultaneity (you can simultaneously achieve lower costs and higher quality and shorter lead times).
This has also become a period when more and more managers are expected to become increasingly
environmentally conscious. Being environmentally responsible is no longer viewed as something that is
primarily done for publicity sake or to avoid prosecution. Rather it is seen as a matter of good business.
An indication of the increasing importance of the environment is the recent emergence of the ISO
14000 environmental standard. There are several features that make this new standard noteworthy.
First, it builds on the success of ISO 9000, and its variants (e.g., QS 9000).
Second, ISO 14000 is an international standard. It is hoped that it will replace the numerous and often
conflicting standards found in various countries. Third, ISO 14000 shifts attention from the outcome
(reduced pollution) to processes. However, being a new standard, the introduction of ISO 14000 has
raised a number of questions, namely:
1. What is the status of environmental management systems in most American plants and how are they perceived by management?
2. How are the predispositions of management towards ISO 14000 influenced by factors such as pastexperience with ISO 9000, corporate orientation towards environmental responsibility, industrial factors, importance of international trade to corporate performance and the functional positions of the respondents?
3. To what extent do the respondents see a relationship between ISO 14000 registration and success and improved market, or corporate performance?
4. How effective is ISO 14000 relative to the other alternatives available for improving environmental performance?
These and other questions formed the focus of a recently completed two-stage study into the status of ISO 14000 certification in the United States. The first phase consisted of a large-scale survey (consisting of some 16 pages) that were sent out to managers in various functions across the United States. This phase generated a database of 1,510 respondents. In the second phase, the researchers examined detailed case studies of eight plants shorter lead times, lower costs or higher? experience with ISO 14000. These plants were drawn from five categories:
ISO 14000 not being consider/only do it if mandated;
Assessing suitability of ISO 14000;
Planning for ISO 14000/Pursuing ISO 14000 Certification;
Implementing ISO 14000/Pilot Plants in North America; and,
Successfully certified in ISO 14000.
Implications for the Purchasing Professional
To date, the purchasing professions have played a relatively minor role in the ISO 14000-certification process. For the most part, interest in certification has been confined to within the firm. However, this
certification process can and does present the purchasing professional with certain opportunities to improve both environmental and strategic performance not only within the firm but also within the supply
chain. The results point out the need for purchasing professionals to take a more active role within the ISO 14000-certification process. They must start looking for and exploiting previously overlooked opportunities.
ISO 14000-certification represents a growth in opportunities.
In short, this study shows that there is much more action than hype about the ISO 14000 environmental standards. The early results are in and the evidence, while not complete, indicates that ISO 14000-certification does work. It does achieve the twin objectives of reduced pollution and improved corporate performance.
emphasized trade-offs (you can have only one of the following quality) to a paradigm that stresses
simultaneity (you can simultaneously achieve lower costs and higher quality and shorter lead times).
This has also become a period when more and more managers are expected to become increasingly
environmentally conscious. Being environmentally responsible is no longer viewed as something that is
primarily done for publicity sake or to avoid prosecution. Rather it is seen as a matter of good business.
An indication of the increasing importance of the environment is the recent emergence of the ISO
14000 environmental standard. There are several features that make this new standard noteworthy.
First, it builds on the success of ISO 9000, and its variants (e.g., QS 9000).
Second, ISO 14000 is an international standard. It is hoped that it will replace the numerous and often
conflicting standards found in various countries. Third, ISO 14000 shifts attention from the outcome
(reduced pollution) to processes. However, being a new standard, the introduction of ISO 14000 has
raised a number of questions, namely:
1. What is the status of environmental management systems in most American plants and how are they perceived by management?
2. How are the predispositions of management towards ISO 14000 influenced by factors such as pastexperience with ISO 9000, corporate orientation towards environmental responsibility, industrial factors, importance of international trade to corporate performance and the functional positions of the respondents?
3. To what extent do the respondents see a relationship between ISO 14000 registration and success and improved market, or corporate performance?
4. How effective is ISO 14000 relative to the other alternatives available for improving environmental performance?
These and other questions formed the focus of a recently completed two-stage study into the status of ISO 14000 certification in the United States. The first phase consisted of a large-scale survey (consisting of some 16 pages) that were sent out to managers in various functions across the United States. This phase generated a database of 1,510 respondents. In the second phase, the researchers examined detailed case studies of eight plants shorter lead times, lower costs or higher? experience with ISO 14000. These plants were drawn from five categories:
ISO 14000 not being consider/only do it if mandated;
Assessing suitability of ISO 14000;
Planning for ISO 14000/Pursuing ISO 14000 Certification;
Implementing ISO 14000/Pilot Plants in North America; and,
Successfully certified in ISO 14000.
Implications for the Purchasing Professional
To date, the purchasing professions have played a relatively minor role in the ISO 14000-certification process. For the most part, interest in certification has been confined to within the firm. However, this
certification process can and does present the purchasing professional with certain opportunities to improve both environmental and strategic performance not only within the firm but also within the supply
chain. The results point out the need for purchasing professionals to take a more active role within the ISO 14000-certification process. They must start looking for and exploiting previously overlooked opportunities.
ISO 14000-certification represents a growth in opportunities.
In short, this study shows that there is much more action than hype about the ISO 14000 environmental standards. The early results are in and the evidence, while not complete, indicates that ISO 14000-certification does work. It does achieve the twin objectives of reduced pollution and improved corporate performance.
What is ISO14000 Environmental Management Systems
What is ISO 14000?ISO 14000 is a series of international standards on environmental management. It provides a framework for the development of an environmental management system and the supporting audit programme.
The main thrust for its development came as a result of the Rio Summit on the Environment held in 1992.
ISO 14000 is an Environmental Management System (EMS), which requires that an organization consider the environmental aspects of its products and services.
Iso14000 approach forces you to take a hard look at all areas of your business that has an environmental impact.
Iso14000 is the world’s first series of Internationally accepted Standards for Environmental Management Systems (EMS).
Iso14000 elevates Environmental Management to a Strategic Level that can be applied to any organization, from any industry, anywhere in the world.
ISO 14000 is a series of voluntary standards and guideline reference documents.
The part of the overall management system that includes organizational structure, planning activities, responsibilities, practices, procedures, processes and resources for developing, implementing, achieving, reviewing and maintaining the environmental policy.
ISO 14000 is an Environmental Management System (EMS) who’s purpose is:
· A management commitment to pollution prevention.
· An understanding of the environmental impacts (reducing) of an organization’s activities.
A commitment (pollution prevention) to employees, neighbors and customers
The History of ISO 14000As a number of national standards emerged (BS 7750 being the first), the International Organization for Standardisation (ISO) created a group to investigate how such standards might benefit business and industry. As a result this group recommended that an ISO committee be created to create an international standard.
What is ISO 14001?ISO 14001 is the corner stone standard of the ISO 14000 series. It specifies a framework of control for an Environmental Management System against which an organization can be certified by a third party.
The environment cannot be protected by our convictions or goodwill alone. Efforts to protect the environment must be planned, coordinated and organized into a system, such as ISO 14001.
· ISO 14004 provides guidance on the development and implementation of environmental management systems
· ISO 14010 provides general principles of environmental auditing (now superseded by ISO 19011)
· ISO 14011 provides specific guidance on audit an environmental management system (now superseded by ISO 19011)
· ISO 14012 provides guidance on qualification criteria for environmental auditors and lead auditors (now superseded by ISO 19011)
· ISO 14013/5 provides audit program review and assessment material.
· ISO 14020+ labeling issues
· ISO 14030+ provides guidance on performance targets and monitoring within an Environmental Management System
· ISO 14040+ covers life cycle issues
Of all these, ISO14001 is not only the most well known, but is the only ISO 14000 standard against which it is currently possible to be certified by an external certification authority.
ISO14000 – Introduction
After the success of the ISO9000 series of quality standards, the International Standards Organization published a comprehensive set of standards for environmental management. This series of standards is designed to cover the whole area of environmental issues for organizations in the global marketplace.
History of Development
The ISO 14000 series emerged primarily as a result of the Uruguay round of the GATT negotiations and the Rio Summit on the Environment held in 1992. While GATT concentrates on the need to reduce non-tariff barriers to trade, the Rio Summit generated a commitment to protection of the environment across the world. The environmental field has seen a steady growth of national and regional standards. The British Standards Institution has BS 7750 , the Canadian Standards Association has environmental management, auditing, eco-labeling and other standards, the European Union has all of these plus the eco-management and audit regulations , and many other countries (e.g. USA, Germany and Japan) have introduced eco-labeling programs.
The main thrust for its development came as a result of the Rio Summit on the Environment held in 1992.
ISO 14000 is an Environmental Management System (EMS), which requires that an organization consider the environmental aspects of its products and services.
Iso14000 approach forces you to take a hard look at all areas of your business that has an environmental impact.
Iso14000 is the world’s first series of Internationally accepted Standards for Environmental Management Systems (EMS).
Iso14000 elevates Environmental Management to a Strategic Level that can be applied to any organization, from any industry, anywhere in the world.
ISO 14000 is a series of voluntary standards and guideline reference documents.
The part of the overall management system that includes organizational structure, planning activities, responsibilities, practices, procedures, processes and resources for developing, implementing, achieving, reviewing and maintaining the environmental policy.
ISO 14000 is an Environmental Management System (EMS) who’s purpose is:
· A management commitment to pollution prevention.
· An understanding of the environmental impacts (reducing) of an organization’s activities.
A commitment (pollution prevention) to employees, neighbors and customers
The History of ISO 14000As a number of national standards emerged (BS 7750 being the first), the International Organization for Standardisation (ISO) created a group to investigate how such standards might benefit business and industry. As a result this group recommended that an ISO committee be created to create an international standard.
What is ISO 14001?ISO 14001 is the corner stone standard of the ISO 14000 series. It specifies a framework of control for an Environmental Management System against which an organization can be certified by a third party.
The environment cannot be protected by our convictions or goodwill alone. Efforts to protect the environment must be planned, coordinated and organized into a system, such as ISO 14001.
· ISO 14004 provides guidance on the development and implementation of environmental management systems
· ISO 14010 provides general principles of environmental auditing (now superseded by ISO 19011)
· ISO 14011 provides specific guidance on audit an environmental management system (now superseded by ISO 19011)
· ISO 14012 provides guidance on qualification criteria for environmental auditors and lead auditors (now superseded by ISO 19011)
· ISO 14013/5 provides audit program review and assessment material.
· ISO 14020+ labeling issues
· ISO 14030+ provides guidance on performance targets and monitoring within an Environmental Management System
· ISO 14040+ covers life cycle issues
Of all these, ISO14001 is not only the most well known, but is the only ISO 14000 standard against which it is currently possible to be certified by an external certification authority.
ISO14000 – Introduction
After the success of the ISO9000 series of quality standards, the International Standards Organization published a comprehensive set of standards for environmental management. This series of standards is designed to cover the whole area of environmental issues for organizations in the global marketplace.
History of Development
The ISO 14000 series emerged primarily as a result of the Uruguay round of the GATT negotiations and the Rio Summit on the Environment held in 1992. While GATT concentrates on the need to reduce non-tariff barriers to trade, the Rio Summit generated a commitment to protection of the environment across the world. The environmental field has seen a steady growth of national and regional standards. The British Standards Institution has BS 7750 , the Canadian Standards Association has environmental management, auditing, eco-labeling and other standards, the European Union has all of these plus the eco-management and audit regulations , and many other countries (e.g. USA, Germany and Japan) have introduced eco-labeling programs.
Subscribe to:
Comments (Atom)