Wednesday, June 15, 2011

ISO 9001 Video

ISO 9001 is a written set of rules (a Standard) published by an international standards writing body (International Organization for Standardization. The rules define practices that are universally recognized and accepted for assuring that organizations consistently understand and meet the needs of their customers.
ISO 9000 is also highly generic. Its principles can be applied to any organization providing any product or service anywhere in the world.
Since meeting customer needs is one of the (many) definitions of quality, ISO 9001 is often called a quality system or a quality management system. But the rules, referred to as requirements, go beyond quality matters as they are traditionally understood. The requirements fall roughly into the following types:

a. Requirements that help assure that the organizations output (whether product, service, or both) meets customer specifications. (Making, and keeping, them happy.)

b. Requirements that assure that the quality system is consistently implemented and verifiable. (We must actually do what we say we are supposed to do. This must be verifiable via independent, objective
audit.)

c. Requirements for practices that measure the effectiveness of various aspects of the system. (In God we trust; all others bring data.)

d. Requirements that support continuous improvement of the companys
ability to meet customer needs. (We cannot sit still. We must strive to get better all the time, because customers change, and competitors gain strength.)

Nothing in ISO 9000 is new. The first edition, published by ISO in 1987, was drawn almost word for word from a British quality system standard. It in turn evolved from a long succession of written quality system specifications that had their ultimate origin in the defense and arms industries. Most of the practices required by ISO 9000 have been in use in industries of various kinds for decades. One intent of ISO 9001 is to simplify things for organizations. ISO 9001 strives to harmonize the sometimes conflicting, sometimes redundant quality programs that have traditionally been imposed by major corporations on their suppliers. (Note, however, that ISO 9000 is not meant to supersede customer, legal, or regulatory requirements.)

Very often, major customers require or strongly suggest that their suppliers implement ISO 9001 systems. Equally often, such customers require independent verification that suppliers are meeting the equirements.

So third-party registration bodies audit suppliers, confirm compliance to the ISO 9001 standards, and register the suppliers. It does not stop there. To stay registered, suppliers must undergo periodic (often semi-annual) surveillance audits, also carried out by their registration body.

Implementing an ISO 9001 quality system is neither cheap, nor easy. How costly and difficult it can be depends on:

a. The level of commitment of senior management. (The single most important factor.)

b. Where you are when you start. If you have already implemented a disciplined, documented quality system, you will have a less difficult time migrating to ISO 9001. (But that does not mean you will waltz to registration, either.)

c. Whether your company (or any part of it) is design responsible or not.

d. How much time you have. If you are under the customers gun and have merely months to get the job done, the process will be highly stressful.

e. The physical size and configuration of your company.

The bottom line is this. ISO 9001 is a comprehensive set of rules—a business system, really—that can cause the way your organization runs to profoundly change, almost always for the better. Yet, because it is often customer-mandated, many suppliers regard ISO 9001 as just another hoop to jump through to keep our customers happy.

They see their choice as swallow hard, pony up, and jump through the hoops; or walk away from the customer. What many do not fully appreciate is that implementing ISO 9001—expensive, exhausting, and annoying as it can be—can also have the salutary effect of improving the performance of your organization. Not just at first, but on an ongoing basis.






Wednesday, June 1, 2011

ISO 9001 Standards Gap Analysis

One of the first steps in implementing ISO 9000 is to perform a gap analysis. This is the technical name for an initial comparison of the Quality Management System to the ISO 9001:2008 Standard. The goal in find the gap between the standard and the QMS. The Gap Analysis will establish the scope of the implementation project and will therefore be important information for determining the amount of resources that will be required to complete the project in the given timeline.
Typically the gap analysis is based on a Gap Analysis checklist. These can be purchased from several different sources on the web ( like theISOstore.com). A second option is to use the internal audit checklist from this web site as a gap analysis checklist. Either way, the key to have a list of questions based on the standard that will uncover any weaknesses in the QMS before the project begins.
Gap Analysis Auditors
Performing gap analysis is best done by someone who is familiar with the ISO 9001 standard. If the company has no one with this experience, then consider outside training for the person who will be the lead internal auditor. Without grasping the goals behind the standard, you and your company can waste a lot of time improperly documenting flaws and over engineering solutions.
Performing a Gap Analysis
I recommend performing a basic ISO 9000 awareness training before the gap analysis. The awareness training will help reduce fear or resistance to the change that sometimes comes with a large company wide project. Once everyone understands the goals of the ISO project and is ready to be audited, start the gap analysis in sections. Covering sections 4,5,6,7 and 8 all in one audit is a mind melting experience. Start with section 4 to see how fast you can properly document the a section. Then schedule the remaining section based on your experience.
As you go through each section, you will either find that a system is already in place that meets the requirements of the ISO9001 standard or you will write a finding for that section. If you find that the system is in place, simply log the document numbers on the gap analysis sheet and move on. If you find that a large portions of the quality systems are missing, then you can write the equivalent of a major finding with a larger scope and not waste too much time listing every detail of what is missing.
How to use the result of the gap analysis
Once you have completed the gap analysis, you will have a list of missing or under-developed documents, records and systems. If you use the checklist from this web site, the result of the gap analysis will be a list of individual item that must be corrected. If the check sheet said “what document is used to the describe record retention?” and you found no document, then the document should be created. Once you feel that everything is in place, then you will want to repeat the audit to confirm that you can answer every question on the internal audit checklist with a positive response.
If the gap analysis show that your systems are in relatively good shape with some area for improvement, then I would make the gap analysis the first record in your internal audit notebook. This will help build a history of audits. If the gap analysis shows major flaws, you may want to fix them and then perform an internal audit as the first record to meet your internal auditing requirements. External auditor will frequently look at your internal auditing records to see if there are any blatant problems with the QMS, so don’t make their job too easy.

Integrating Management Systems Within The ISO 9001 Standards

Today’s free market economies increasingly encourage diverse sources of supply and provide opportunities for expanding markets. Fair competition needs to be based on identifiable, clearly defined common references that are recognised from one country to the next. A standard, internationally recognised, developed by consensus among trading partners, serves as the language of trade. The International Organisation for Standardisation (ISO) has developed around 8?700, mostly technical related standards on this basis. Standards Series such as ISO 9000, ISO 14000 and what is to be known as ISO 18000 and ISO 26000 are Management related. These standards contain generic guidelines for Management Systems in the area of Quality, Environment, Occupational Health & Safety and Human Resources.

ISO is a word derived from the Greek isos, meaning “equal”. ISO 9000 Standards are developed and updated by the International Organisation for Standardisation which has around 150 member bodies. A member body of ISO is the national body “most representative of standardisation in its country”.(eg. Germany – DIN, USA – ANSI, Australia – SAA).
More than 50 countries, as well as the European Community have adopted ISO 9000 which is recognised internationally as a benchmark for measuring quality in a trade context. Since its first issue in 1987, approximately 430?000 companies have been using ISO 9000. Being a standard coming from an organisation that is usually involved in the development of technical standards, ISO 9000 is often regarded as a document that belongs in the hands of a technician exposed to production line quality control. At a closer look, however, ISO 9000 Standard Series provide guidance in the development and application of Management Systems as well as Quality Control in Manufacturing and Administration.

ISO has been developing a number of Management System Guidelines for various aspects of business. The most recent are the ISO 14000 Environmental Management System Guidelines. This is an international standard that will affect business in the near future. ISO 14000 has been designed to integrate with ISO 9000. However, apart from international standards there are local standards a company has to comply with. To remain compliant with local standards, further manuals and/or procedures are required (eg. lifting procedure in a warehouse to satisfy Work Safety requirements). A company may have several Manuals describing its Management Systems (eg. Human Resources, Quality, Security, Health/Safety, Finances). An overall link between the systems is often missing which makes the monitoring and the assessment of effectiveness difficult. Double handling of information, contradicting instructions, high maintenance costs, administrative excess and lack of overall transparency are common results.
ISO 9000 Standard Series for Quality (of) Management Systems provide generic guidance for the development of an overall Management System, ISO 14000 provides guidance for Environmental Management, etc. Transparency and monitoring of all business activities can be achieved by integrating all systems into one.
Complaints that ISO 9000 is paralysing operations and, that it does not reflect reality are usually a result of not clearly understanding how the standard can be properly structured to address the needs of a company. ISO 9000 can be structured by focusing on “best practice” process rather than the standard, by fitting the standard to the process and not the process to the standard. Having recognised this, ISO has been working on a new structure for ISO 9000, called “Vision 2000?, taking a process orientated approach to ensure that “best practice” as well as several standards can be addressed within one system. Focusing on process allows the development of a practical “working document”, providing an effective management tool. Having learned from the past, the trend to Process Orientated Management Systems started about three years ago in Europe and is finding increasing approval from certification bodies.Every company has its own culture and key individuals.
The business environment influences processes in certain ways (eg. employee market, laws, infrastructure, client, etc.)
To ensure competitiveness a company needs to ensure adequate flexibility in their system to effectively respond to changes in the business environment.
An effective system is a lean system that incorporates all necessary functions, controls of activities and “best practice” without being caught up in detail.
An effective system must also be flexible enough to enable the proper controls on outsourcing and sub-contracting of activities (eg. production, administration, service, etc.)

Tuesday, June 29, 2010

Quality Management System Preliminary Gap Analysis


Quality Management System Preliminary Gap Analysis
Decide on a number from 0 to 5 for each item below. The scoring criteria are given in a table at the end. 1 to 5 Make notes to explain your score for future reference.
1. Have you established, documented, implemented and now maintain a Quality Management System (QMS) to any system including ISO 9001?
2. Have you identified the processes needed for your QMS and
a. the sequence of your production and service delivery processes,

b. the criteria and methods needed to ensure the processes are effective, and3. Do you have

c. have the resources and the information you need to support the processes?

d. a Quality Manual including your Quality Policy and quality objectives, and

e. written procedures and work instructions?

4. Do your records provide evidence that your business processes are effective?6. Has your Top Management communicated the importance of meeting customer and other business requirements to all the employees?9. Are your quality objectives measurable?

5. Is your Top Management committed to the development and implementation of a new QMS (i.e. based on the 2008 version of ISO 9001)?

7. Has your Top Management made a commitment to ensure your customers’ requirements are top priority?

8. Do your quality objectives include requirements for production and delivery?

10. Have the responsibilities and authorities of managers and employees been defined and communicated to them?

11. Does your management have the drive and resources needed

a. to implement, and maintain a QMS and continually improve its effectiveness, and

b. to enhance customer satisfaction by meeting customer requirements?

12. Does your organization have procedures to select competent personnel for work activities?

13. Does your organization provide training or take other action to help develop your people?

14. Does your organization provide adequate:

a. buildings, workspace and utilities,

b. process equipment, and

c. supporting services such as transport or communication?

15. When you receive a customer order do you review it for

a. requirements specified by the customer, including the delivery and post-delivery activities,

b. requirements not stated by the customer but necessary for specified use or known and intended use, and

c. statutory and regulatory requirements related to the product?

16. Do you inform your customers concerning

a. product information,

b. enquiries, contracts or order handling, including changes, and

c. channels for customer feedback and complaints?

17. Does your organization plan and control product design and development activities?

18. Does your organization maintain records of design or development review, verification and validation activities and resulting action?

19. Does your organization inspect or otherwise confirm that purchased products, materials, components and services conform to your specified purchase requirements?

20. Does your organization select suppliers depending on how important the purchased product is for production?

21. Does your organization evaluate suppliers (subcontractors or vendors) based on their ability to satisfy your requirements?

22. Do you ensure production has

a. the information that describes the characteristics of the product,

b. the necessary work instructions,

c. suitable equipment, and

d. the monitoring and measuring devices needed?

23. Does your organization regularly confirm that your production and service processes are capable of consistently meeting your requirements?

24. Are parts, components, subassemblies and products identified throughout production or service delivery?

25. Are monitoring and measurement requirements clearly shown with the status of the product?

26. Where traceability is a requirement, does production keep records of unique product identification?

27. Do you care for and protect customers’ property under your control or being used by your people?

28. Do you look after your product (including the parts or components) during both production and delivery to the customer, by providing suitable identification, packaging, storage, preservation and handling?

29. Do you have instructions needed to identify inspection or monitoring activities to be done during production or service delivery and the devices to be used?

30. Is your measuring equipment:

a. Calibrated or verified at specified intervals, or prior to use?

b. Adjusted or re-adjusted as necessary?

c. Identified to enable the calibration status to be determined?

d. Safeguarded from adjustments that would invalidate the measurement result?

e. Protected from damage and deterioration during handling, maintenance and storage?

31. Does your organization monitor customer information that shows you have satisfied customer requirements?

32. Does your organization conduct internal quality audits at planned intervals?

33. Does your organization use suitable methods to monitor and, where practical, measure the performance of your processes?

34. Does your organization inspect or measure the characteristics of finished products and record the results?

35. Does your organization identify nonconforming products and review them for disposition?

36. Does your organization collect and analyze data to assess the suitability and effectiveness of the QMS?

37. Does your organization use data to evaluate or identify where continual improvement of the QMS can be made?

38. Does your organization continually improve the effectiveness of the QMS?

39. Does your organization take corrective action to eliminate the causes of problems and to prevent their recurrence?

40. Does your organization determine and eliminate potential nonconformities in order to prevent their occurrence?

To score this table:

0 – You do not understand what is required or believe it is necessary

1 – Your organization does not perform this activity

2.- You understand this activity is a good thing to do but do not do it

3 – You do this sometimes

4 – You do this but not very well

5 – You do this quite well.

Add all the points together.

150 – 200

You are almost ready to complete your ISO 9001 QMS and apply for certification/

registration.

100 – 149

You are ready to implement the QMS. This will likely improve your business results.

0 – 99

You have a lot to do but should begin. You could consider seeking help from a

consultant or specialist.

Improve your performance management with new version of ISO 9001

A quality management system enables you to manage your business processes effectively:

it is much more than a set of rules and procedures. When properly implemented and maintained, a QMS addresses the needs of your organisation and delivers tangible business benefits.

The new version of ISO 9001 has recently been published. One of the main aims of ISO 9001:2008 is to facilitate integration with other standards. Although there are no new requirements as such, there are some key clarifications to be taken into account.

There are three main objectives to the new standard:

Detail, clarify, improve the understanding of ISO 9001:2000 (previous version)

Improve compatibility with ISO 14001:2004 Simplify the way in which ISO 9001 can be integrated with other management system standards (such as OHSAS 18001)

There are no new requirements in the new standard:

The title, scope, and structure of the standard are unchanged

The process approach is confirmed

Compatibility with the latest revision of ISO 14001:2004 is maintained and improved upon

Preservation of the quality management principles included in ISO 9000:2000

There are five main areas to note. The relevant sections of the standard are noted in brackets.

1. A reinforcement of the notion of product conformity

2. Compatibility with other standards is evolving

3. A better understanding of outsourced processes

4. An editorial clarification of some requirements – for instance;

A reinforcement of the notion of product conformity2.3.4.

An editorial clarification of some requirements – for instance;A better understanding of outsourced processesCompatibility with other standards is evolving

• (6.4) work environment, including an explanatory note on work environment giving examples,

to help meet product conformity requirements

• (8.2.1) measurement of customer satisfaction, including a note broadening the scope beyond

satisfaction surveys to include other channels such as customer feedback5.

• (Introduction) the notion of risk

• (5.5.2) appointment of a management représentative

• (6.2.2) assessing the effectiveness of achieving compétence

• (8.5.2 et 3) assessing the effectiveness of corrective and preventive actions?

Some additional explanations regarding the requirements of the standard;An editorial clarification of some requirements – for instance;A better understanding of outsourced processesCompatibility with other standards is evolvingA reinforcement of the notion of product conformity.

Thursday, October 1, 2009

Preparing ISO 9001 Quality Manual

Preparing ISO 9001 Quality Manual
The standard requires a quality manual to be established and maintained that includes the scope of the quality management system, the documented procedures or reference to them and a description of the sequence and interaction of processes included in the quality management system.
ISO 9001 defines a quality manual as a document specifying the quality management system of an organization. It is therefore not intended that the quality manual be a response to the requirements of ISO 9001. As the top-level document describing the management system it is a system description describing how the organization is managed.
Countless quality manuals produced to satisfy ISO 9001:2008, were no more than 20 sections that paraphrased the requirements of the standard. Such documentation adds no value. They are of no use to managers, staff or auditors. Often thought to be useful to customers, organizations would gain no more confidence from customers than would be obtained from their registration certificate.
A description of the management system is necessary as a means of showing how all the processes are interconnected and how they collectively deliver the business outputs. It has several uses as :
1. a means to communicate the vision, values, mission, policies and objectives of the organization
2. a means of showing how the system has been designed
3. a means of showing linkages between processes
4. a means of showing who does what an aid to training new people
5. a tool in the analysis of potential improvements
6. a means of demonstrating compliance with external standards and regulations
When formulating the policies, objectives and identifying the processes to achieve them, the manual provides a convenient vehicle for containing such information. If left as separate pieces of information, it may be more difficult to see the linkages.
The requirement provides the framework for the quality manual. Its content may therefore include the following:
1 Introduction
(a) Purpose (of the manual)
(b) Scope (of the manual)
(c) Applicability (of the manual)
(d) Definitions (of terms used in the manual)
2 Business overview
(a) Nature of the business/organization – its scope of activity, its products and services
(b) The organization’s interested parties (customers, employees, regulators, shareholders, suppliers, owners etc.)
(c) The context diagram showing the organization relative to its external environment
(d) Vision, values
(e) Mission
3 Organization
(a) Function descriptions
(b) Organization chart
(c) Locations with scope of activity
4 Business processes
(a) The system model showing the key business processes and how they are interconnected
(b) System performance indicators and method of measurement
(c) Business planning process description
(d) Resource management process description
(e) Marketing process description
(f) Product/service generation processes description
(g) Sales process description
(h) Order fulfilment process description
5 Function matrix (Relationship of functions to processes)
6 Location matrix (Relationship of locations to processes)
7 Requirement deployment matrices
(a) ISO 9001 compliance matrix
(b) ISO 14001 compliance matrix
(c) Regulation compliance matrices (FDA, Environment, Health, Safety, CAA etc.)
8 Approvals (List of current product, process and system approvals)
The process descriptions can be contained in separate documents and should cover the topics identified previously (see Documents that ensure effective planning, operation and control of processes ).
As the quality manual contains a description of the management system a more apt title would be a Management System Manual (MSM) or maybe a title reflecting its purpose might be Management System Description (MSD).
In addition a much smaller document could be produced that does respond to the requirements of ISO 9001, ISO 14001, and the regulations of regulatory authorities. Each document would be an exposition produced purely to map your management system onto these external requirements to demonstrate how your system meets these requirements. When a new requirement comes along, you can produce a new exposition rather than attempt to change your system to suit all parties. A model of such relationships is illustrated in Figure 4.10. The process descriptions that emerge from the Management System Manual describe the core business processes and are addressed in Chapter 4 under the heading of Documents that ensure effective operation and control of processes.

Scope Of The Quality Management System

Scope Of The Quality Management System
The ISO 9001 standard requires the quality manual to include the scope of the quality management system including details of justification for any exclusion. The standard addresses activities that may not be relevant or applicable to an organization. The permissible exclusions are explained in section 1.2 of ISO 9001. Here it states that the organization may only exclude requirements that neither affect the organization’s ability, nor its responsibility to provide product that meets customer and applicable regulatory requirements. The requirements for which exclusion is permitted are limited to those in section 7 of the standard.
Under ISO 9001:2008, it was possible for organizations to exclude functions and processes of their organization that may have been difficult to control or were not part of the order fulfilment cycle. Organizations that designed their own products but not for specific customers could escape bringing these operations into the management system. Marketing was omitted because it operated before placement of order. Accounting, Administration, Maintenance, Publicity, Public Relations and After Sales Support functions were often omitted because there were no requirements in the standard that specifically dealt with such activities. As there is no function in an organization that does not directly or indirectly serve the satisfaction of interested parties, it is unlikely that any function or process will now be excluded from the quality management system.
It is sensible to describe the scope of the quality management system so as to ensure effective communication. The scope of the quality management system is one area that generates a lot of misunderstanding particularly when dealing with auditors, consultants and customers. When you claim you have a management system that meets ISO 9001 it could imply that you design, develop, install and service the products you supply, when in fact you may only be a distributor. Why you need to justify specific exclusions is uncertain because it is more practical to justify inclusions.
The scope of the quality management system is the scope of the organization. There is no longer any reason to exclude locations, activities, functions or processes for which there is no requirement in the standard. The reason is because the ISO 9000 family now serves customer satisfaction and is not limited to quality assurance as were the 1994 versions of ISO 9001, ISO 9002 and ISO 9003.
It is not appropriate to address exclusions by inserting pages in the manual corresponding to the sections of the standard and adding justification if not within the scope of the management system – such as ‘We don’t do this!’.
It is much more appropriate to use an appendix as indicated previously in the manual contents list. By describing the nature of the business, you are establishing boundary conditions. If in doing so you do not mention that you design products, it will be interpreted that design is not applicable.
For exclusions relative to detail requirements, the Compliance Matrix may suffice but for an unambiguous solution, it is preferable to produce an exposition that addresses each requirement of the standard.