IsoQual, Inc.
ISO 9001:2000
Requirements Checklist and
Implementation Guide
for use in conjunction with:
ISO9001:2000 Checklist and Audit Guide
Internal Auditor Training Package, and
Process Assessment Worksheets
for delivery of Internal Auditor Training
and/or
Management / ISO 9000 Implementation Team Training
4 QUALITY MANAGEMENT SYSTEM |
|||
4.1 General Requirements |
Comply |
N/A |
|
|
Y |
N |
|
The organization shall establish, document, implement and maintain a quality management system and continually improve its effectiveness in accordance with the requirements of this International Standard. The organization shall
These processes shall be managed by the organization in accordance with the requirements of this international Standard.
Where an organization chooses to outsource any process that affects product conformity with requirements, the organization shall ensure control over such processes. Control of such outsourced processes shall be identified within the quality management system. |
|
|
|
Guidance
4.1 General Requirements
The quality management system should:
Identify the processes needed for the quality management system (i.e. those processes needed to address requirements of ISO 9001:2000) and identify all activities that affect the quality of the products or services you are in the business of providing. Start by defining key processes associated with YOUR organization's business cycle … from initial contact with a potential customer to final delivery of the products or services you are in the business of providing. Do not overlook processes that you outsource to others; they are still critical to your business success and you must manage them as well. You will ultimately need to be able to demonstrate where you address requirements of ISO 9001:2000 in your business cycle.
4.1 General Requirements - Guidance (cont'd)
Determine the sequence and interaction of these processes. Again, the simplest thing to do is to map out (in flow chart) format YOUR business cycle. Most business cycles follow the same PLAN-DO-CHECK-ACT (PDCA) model advocated by the ISO 9000 standards. The key here is to depict how these processes interrelate and form a system. Managing the `white space' between processes is critical to overall system effectiveness.
Determine criteria and methods needed to ensure the effective operation and control of these processes. The key here is to define how you are going to know when key business processes are effective (i.e. they accomplish desired results) with the overall objective being to achieve high levels of customer satisfaction. Process controls over inputs, transformation activities and outputs can then be established as needed to ensure consistent results.
Resources and information are key inputs to any process and must be planned and controlled to ensure effectiveness. Further, the quality management system IS dynamic and must be continually monitored for effectiveness and improved as needed. Change requires new or different resources and information … hence the need to continually evaluate how these are planned and delivered to meet an ever changing set of requirements: customers change; markets change; organizations change; technology changes, and the people in an organization change.
Monitor, measure and analyze these processes. Improvement is only possible if you know where you are starting from and where you want to go. Hence, measures of effectiveness for key QMS process should be established, baseline performance determined, and improvement objectives established where such improvement is needed or desired. This means that you will need to collect baseline data, set improvement objectives where needed, and monitor performance to ensure desired results are achieved; if not, action should be taken.
f. An important addition in ISO 9001:2000 is the requirement to improve the quality management system. Improvement is a planned activity through the establishment and monitoring of performance against desired results. However, without action, all the data in the world is relatively worthless. But since you can not improve everything at once (and it would probably not be advisable to try to do so) you should identify and prioritize improvement initiatives based on the status and importance of the activity and the real or potential impact of taking no action.
4.2 DOCUMENT REQUIREMENTS |
Comply |
N/A |
|||||
|
Y |
N |
|
||||
The quality management system documentation shall include
|
|
|
|
||||
Guidance:
4.2.1 Document Requirements - General
ISO 9001:2000 requires that you document your quality policy, quality objectives, a quality manual, procedures, planning documents and quality records. The standard has become quite a bit less `prescriptive' regarding the `format' or media used; the bottom line is that, with a few exceptions, organizations can document the quality management system in any format suitable to their business as long as they can prove the information is effectively communicated … and that desired results are achieved.
Procedures describe what is being done in an organization, who is doing it, and how the results are recorded; procedures are typically cross functional (versus work instructions which typically apply to individuals or individual work groups). Procedures are necessary if/when an organization wants to clarify responsibilities and authorities and/or consistent practices. Flow charts, if constructed properly, can also be used to depict the same information contained in a `traditional' procedure format. Keep in mind that your quality management system is not a set of procedures describing every minute detail of an organization's operation … rather it is a well defined, but appropriate and user- friendly balance of procedures, flow charts, job descriptions, work instructions and forms, which will assist personnel in their day-to-day work.
The effectiveness of procedures depends on how they are applied to an organization. In other words, they should be tailored to an organization. In a small organization with relatively simple processes and activities, procedures should (accordingly) be limited and simple. Larger organizations with more complicated activities should have more detailed procedures, but in all cases the procedures should still be as practical as possible.
Please note that ISO 9001:2000 does not in all cases require documented procedures. In some cases there is no need to document existing practices. However, there must still be a `something' in place to ensure work is performed in a consistent way.
Note: The following documented procedures are required by ISO 9001:2001.
Control of Documents (clause 4.2.3)
Corrective Action (clause 8.5.2)
Control of Records (clause 4.2.4)
Preventive Action (clause 8.5.3)
Internal Audit (clause 8.2.2)
Control of Nonconforming Product (clause 8.3)
4.2 DOCUMENT REQUIREMENTS (cont'd) |
Comply |
N/A |
||||
|
Y |
N |
|
|||
4.2.2 Quality Manual The organization shall establish and maintain a quality manual that includes
|
|
|
|
|||
Guidance:
4.2.2 Quality Manual
The quality manual is the “road map” of the quality management system. It should give readers an overview of how the quality management system operates.
The quality manual must state the scope of the quality management system. This can be communicated in a single sentence stating exactly what the organization does. For example, "The design and manufacture of class 'A' widgets at our facility located at …"
Exclusions to the standard must be stated in the manual. Exclusions must be limited to requirements within clause 7 and not affect the organization's ability, or responsibility, to provide product that meets customer and applicable regulatory requirements. Clause 7 of the standard is essentially the “DO” part of the PLAN-DO-CHECK-ACT (PDCA) cycle … so … essentially, you can only `exclude' what you do NOT DO!
The quality manual must include or reference the 6 documented procedures required by ISO 9001:2000 as well as any other documented procedures utilized in the quality management system. More importantly, the quality manual must describe (or depict) the sequence and interaction of quality management system processes. This can be done effectively in a flow chart, especially if it is a `deployment' flow chart - which adds the element of responsibility to the visual workflow depiction. However, any format is acceptable as long as it describes the interaction between quality management system processes required by ISO 9001:2000 (i.e. order handling, planning, purchasing, training, design, product or service provision, inspection, monitoring and measuring, etc.).
4.2 DOCUMENT REQUIREMENTS (cont'd) |
Comply |
N/A |
|||
|
Y |
N |
|
||
Documents required by the quality management system shall be controlled. Records are a special type of document and shall be controlled according to the requirements given in 4.2.4.
A documented procedure shall be established to define the controls needed
|
|
|
|
||
Guidance:
4.2.3 Control of Documents
The intent of document control is to ensure that people have easy access to and use the correct versions of the correct documents. The use of incorrect or obsolete documents can result in mistakes and, ultimately, in nonconforming product and/or service. New or revised documents must be approved prior to issue; any approval method is acceptable as long it clearly indicates what constitutes the evidence of approval. Once documents are approved, the new or revised documents need to be available at the locations where they are used or needed. Obsolete documents need to be removed or destroyed. If obsolete documents are not destroyed, they should be identified as obsolete.
In order to control the use of documents, ISO 9001:2000 requires a method for identifying the current revision status of documents. Since the key to control starts with identification, a good place to begin is to create a master list that identifies all controlled documents and their revision status (number, date, or equivalent). If documents are not `centrally controlled', each person that controls documents will need to establish and maintain there own master list. Any controlled document can be compared with this master list to verify if the latest revision is in use. Another possible method that precludes the use of obsolete documents is the use of a master file of original documents (such as drawings). Master lists and master documents can (and probably should) be maintained electronically wherever possible.
4.2.3 Control of Documents - Guidance (cont'd)
Of all requirements of ISO 9001:2000, this is one that is most likely to be over-applied. However, it is important to control the distribution of documents used to make sure work is being carried out according to the correct set of instructions or information. Just ask yourself: “What information/documents do competent people need to do their jobs?” Then, identify and control that information/documentation and get rid of everything else. There is also a risk of ending up with complex arrangements for updating and retrieving documents. Just remember, that the standard requires information to be up-to-date, but does not specify how this should be done … there is a lot of flexibility … so this is a process only you can simplify (or complicate).
4.2 DOCUMENT REQUIREMENTS (cont'd) |
Comply |
N/A |
|||
|
Y |
N |
|
||
Records shall be established and maintained to provide evidence of conformity to requirements and of the effective operation of the quality management system. Records shall remain legible, readily identifiable and retrievable. A documented procedure shall be established to define the controls needed for the identification, storage, protection, retrieval, retention time and disposition of records. |
|
|
|
||
Guidance:
4.2.4 Control of Records
There is a difference between documents and records. Essentially, documents are used to describe or control how things are to be done and records are used to prove they were accomplished. Records also are THE primary source of data you will be using to evaluate if (and to what degree) desired results are accomplished. Further, records cannot be revised. For example: a form is a document used for ordering products and/or services from vendors and a completed purchase order states what has been ordered from the vendor. Other examples of records are:
management review minutes;
inspection records;
quotes and proposals;
customer orders;
audit reports;
training records;
corrective/preventive action records;
design review minutes;
nonconformance reports.
Each organization should identify which records are used to provide the evidence needed to demonstrate planned activities are accomplished and/or to provide the data needed to evaluate their effectiveness. A documented procedure is needed to define how these records are identified, where they are stored, how they are retrieved, how they are protected, what their retention time is, and how they are disposed of.
5 MANAGEMENT RESPONSIBILITY |
|||
5.1 MANAGEMENT COMMITMENT |
Comply |
N/A |
|
|
Y |
N |
|
Top management shall provide evidence of its commitment to the development and implementation of the quality management system and continually improve its effectiveness by
|
|
|
|
Guidance:
5.1 Management Commitment
Top management MUST BE the driving force for establishing, implementing, maintaining, and improving the quality management system. What people do, and how this affects customers, cannot be effectively managed without a clear commitment from top management. Define who top management is, then define clear responsibilities for taking leadership roles that demonstrate commitment; at a minimum, management must:
communicate to the organization the importance of meeting customer as well as regulatory requirements ;
establish a quality policy and objectives;
conduct management reviews ; and
ensure the availability of resources.
5.2 Customer Focus |
Comply |
N/A |
|
|
Y |
N |
|
Top management shall ensure that customer requirements are determined and are met with the aim of enhancing customer satisfaction (see 7.2.1 and 8.2.1). |
|
|
|
Guidance
5.2 Customer Focus
Every organization depends on its customers. Without satisfied customers, the organization cannot exist. Therefore, this requirement of ISO 9001:2000 is the core of the quality management system. Essentially, you must define how your organization focuses on customers. Specifically: How do they know what you do? How do they know who to contact with questions/concerns? How can they get involved in improving the quality of your products and services? If your organization has the proper customer focus it should be able to answer the following questions on a continual basis:
What do customers need and what do they expect?
What does this mean for the organization? What is the organization required to do in order to meet these customer expectations?
Does the organization understand customer requirements and are these requirements actually met?
In order to maintain a proper customer focus, management needs to monitor customer requirements (and expectations) at the `macro' level; this can be by a variety of methods:
carrying out market/customer surveys;
reviewing sector/industry specific reports;
identifying niche marketing opportunities.
5.3 Quality Policy |
Comply |
N/A |
|
|
Y |
N |
|
Top management shall ensure that the quality policy:
|
|
|
|
|
|
|
|
|
|
|
|
Guidance
5.3 Quality Policy
Your quality manual, by definition, contains policy that governs or directs every aspect of your quality management system … i.e. it contains policy governing interaction with customers, accepting orders, purchasing needed materials and services, performing planning functions, qualifying and training people, performing and verifying work, etc.
The quality policy statement is a `one-liner' that embodies all of this into one concise statement indicating the overriding emphasis of all lower level policies. The quality policy statement should communicate to customers and employees:
a commitment to quality;
a commitment to continual improvement;
what your business does;
what your quality objectives are, and how they are reviewed.
It is important that the quality policy covers the whole organization and is relevant to the expectations of all customers. Therefore, customer requirements should be determined before the quality policy is established.
All employees need to understand the quality policy, how it affects them, and their role in the quality system.
It is important to keep in mind that the quality policy may be suitable today, but may not be suitable in the future due to changing circumstances. The quality policy must therefore be regularly reviewed for suitability (usually during management review; see clause 5.6).
5.4 Planning |
Comply |
N/A |
|
|
Y |
N |
|
Top management shall ensure that quality objectives, including those needed to meet requirements for product (see 7.1 a), are established at relevant functions and levels within the organization. The quality objectives shall be measurable and consistent with the quality policy.
|
|
|
|
Guidance
Quality Objectives
While the quality policy statement indicates what is important for the organization in general terms, quality objectives must specific goals to be achieved within a certain time frame, and must be measurable. The establishment and monitoring of progress against measurable quality objectives is the key to effective quality system planning at the `macro' level. Measurable improvement objectives are meaningless without a baseline performance measure; examples are:
reduce scrap by 10% within the next 6 months;
reduce repeat problems by 90% within the next year;
increase customer satisfaction by 10% within the next year;
reduce number of nonconforming products by 15% within the next year;
reduce the number of key vendors from 100 to 25 in the next three years, etc.
ISO 9001:2000 specifically requires that quality objectives at relevant functions and levels within the organization. This means, for example, that an organization with sales, design, purchasing, and production departments (or functions) should have quality objectives for each department that are consistent with the quality objectives established at the `macro' level for the organization as a whole. Look for objectives already in place at all levels in the organization and evaluate them for consistency with the `macro' level quality objectives you establish. Many organizations establish perform goals (or objectives) for each key manager; you may discover that such objectives are not consistent with the `macro' quality objectives and should be changed. You can use periodic functional/individual performance reviews to assess progress and convey how achievement of lower level objectives contributes to the `big picture'.
An organization is free in choosing quality objectives, as long as they are relevant to the products/services of the organization and the quality policy. Start small … and build on a firm foundation. You should have at least one `macro' level quality objective regarding supplier performance, overall quality system effectiveness, and customer satisfaction - you will be required to monitor and measure performance in these areas anyway (see clause 7.4.1, 5.6 and 8.2.1).
5.4 Planning (cont'd) |
Comply |
N/A |
|
|
Y |
N |
|
Top management shall ensure that
|
|
|
|
Guidance
5.4.2 Quality Management System Planning
Product quality planning is covered in detail under clause 7.1; job planning and control is covered in detail under clause 7.5.1; planning for improvement is covered in detail under clause 8.5. QMS planning activities related to clause 5.4.2 include identifying activities and resources needed to establish and improve the quality system itself; such planning does not have to be a sophisticated process. In fact, this requirement is met through completion of other activities required by the standard: you plan to achieve the quality objectives (see clause 5.4.1) and ensure continual improvement (see clause 8.5) through the management review process (see clause 5.6). Outputs of quality planning include:
the quality system itself (i.e. the quality manual and associated procedures);
resources for establishing, maintaining and improving the quality system;
QMS planning should not only apply to achieving quality objectives, but also to organizational change. Changes in an organization should be planned in order to minimize the risk of negative effects on quality of product and/or service; this is normally accomplished through a strategic planning process. In any case, changes and their impact on the organization and the quality system should be an agenda item for every management review meeting (see clause 5.6).
5.5 Responsibility, Authority and Communication |
Comply |
N/A |
||
|
Y |
N |
|
|
Top management shall ensure that responsibilities and authorities are defined and communicated within the organization.
|
|
|
|
|
Guidance
Responsibility and Authority
There can be no effective way of working if employees do not know their responsibilities or if responsibilities and authorities are `vague'. Everyone should know what they are expected to do (responsibilities) and what they are allowed to do (authorities). They should know their role (position) in the organization and how this relates to other roles (positions). Others in the organization (as well as customers) should be aware of these relationships. Organization charts, job descriptions, deployment flow charts, and procedures can be used to define organizational responsibilities and authorities … but organization charts alone rarely define how things really get done in an organization.
Descriptions do not have to be elaborate or complex. It is important that descriptions clearly reflect the “real life” situation and allow for flexibility. One method of identifying responsibilities and authorities is to have a simple procedure or deployment flow chart supplemented by a job description or training document. Also, placing an organization chart in the quality manual will help customers identify key personnel and delegated responsibilities and authorities in the organization.
5.5 Responsibility, Authority and Communication |
Comply |
N/A |
||
|
Y |
N |
|
|
Top management shall appoint a member of management who, irrespective of other responsibilities, shall have responsibility and authority that includes
|
|
|
|
|
Guidance
5.5.2 Management Representative
Top management must delegate management authority to someone in the organization to act as their representative for “quality management system issues”. This person must have the necessary authority within the organization to ensure that the quality management system is working. ISO 9001:2000 specifically requires this person to be a member of management within the organization. People from outside the organization (for example, consultants) cannot be the management representative unless they have a management position within the organization. Obviously, the management representative can have other responsibilities as well; however, regardless of other responsibilities, the management representative should have direct access to top management on any issue regarding the quality management system.
The authority of the management responsibility must include at least the duties as described in clause 5.5.2 (a, b and c).
It is important to note that it is not the role of the management representative to “run" the quality system `independent' of top management. A quality system can only be effective if it is carried out by all personnel in the organization, especially top management. The management representative has a supportive role: ensuring that the necessary data is collected and reported to top management for action as warranted. Again, the key is that the management representative must have direct access to top management so quality system issues requiring their attention are not impeded.
5.5 Responsibility, Authority and Communication |
Comply |
N/A |
|
|
Y |
N |
|
Top management shall ensure that appropriate communication processes are established within the organization and that communication takes place regarding the effectiveness of the quality management system.
|
|
|
|
Guidance
5.5.3 Internal Communication
In order to establish an effective quality management system, it is not only necessary that employees know their roles, responsibilities, and authorities, but there should also be clear and effective ways for people within the organization to communicate.
Management should ensure that people have the information necessary in order to be able to do their work, and ensure that quality requirements, objectives, and achievements are communicated to all relevant personnel.
Most organizations already have a wide variety of internal communication systems in place and need only describe them; communication systems/tools include any visible top management activity, as well as:
audio-visual and electronic media (kiosks, newsletters, notice boards, intranet);
team meetings (staff, production and improvement team meetings);
awareness/training programs (new customers, processes/systems, products/ services);
employee performance reviews.
5.6 Management Review |
Comply |
N/A |
|
|
Y |
N |
|
Top management shall review the organization's quality management system, at planned intervals, to ensure its continuing suitability, adequacy and effectiveness. This review shall include assessing opportunities for improvement and the need for changes to the quality management system, including the quality policy and quality objectives.
Records from management reviews shall be maintained (see 4.2.4).
The input to management review shall include information on
The output from the management review shall include any decisions and actions related to
|
|
|
|
Guidance
5.6 Management Review
The complete quality management system should be reviewed by top management on a regular basis. Management decides the frequency, but it should be frequent enough to ensure the effectiveness of the system (usually once per year is adequate). Management reviews are not implementation status meetings … they are system effectiveness review sessions … looking a data over time to see if the desired results (objectives and plans) are being achieved … and taking action if/when needed.
Management reviews make quality management systems dynamic. Without these reviews, a system may become ineffective over time. Organizations change, customers/markets change, and people change. These changes require modifications in the quality management system. Regular management reviews ensure that the quality management system is still suitable, adequate, and effective in a changed environment.
5.6 Management Review - Guidance (cont'd)
In order to be effective, management reviews should be well prepared. This allows top management to assess the effectiveness of the quality management system based on the quality policy and the quality objectives, and to define the opportunities for improvement and the need for changes. This means attendees must come with data/trends … know what it means … and be prepared to offer related recommendations.
The results of management reviews should be in the form of specific actions, ensuring that improvements are made in products/services and processes/systems, and that resource needs are identified. Management review outputs can also set the direction for the future (i.e. new/revised policy can be issued, improvement objectives can be established, and/or specific improvement initiatives can be approved). The results of management reviews should be recorded in some way; usually in meeting minutes, checklists, or to-do lists.
A management review does not necessarily have to be conducted in one meeting (i.e. once per year). A series of meetings can be held, each covering a part of the quality management system, or a part of the organization.
6 RESOURCE MANAGEMENT |
|
||
6.1 Provision of Resources |
Comply |
N/A |
|
|
Y |
N |
|
The organization shall determine and provide the resources needed
|
|
|
|
Guidance
This section of ISO 9001:2000 covers the specific requirements for planning and management of needed resources. These resources include human resources, facilities, equipment, and work environment. Sufficient resources must be allocated for implementing, maintaining and improving the quality management system, as well as for enhancing customer satisfaction and meeting customer requirements.
6.2 Human Resources |
Comply |
N/A |
|
|
Y |
N |
|
Personnel performing work affecting product quality shall be competent on the basis of appropriate education, training, skills and experience.
|
|
|
|
Guidance
General
Every person in an organization must be competent at what they do; this means that qualification criteria should be established based on education, experience, and training.
6.2 Human Resources (cont'd) |
Comply |
N/A |
|
|
Y |
N |
|
The organization shall
|
|
|
|
Guidance
6.2.2 Competence, Awareness and Training
Employees need to be aware of the relevance and importance of their activities and how they contribute to the achievement of quality objectives. In order for an organization to have qualified/competent people, it should consider the following steps:
Determine competency needs. Job requirements change, so employee qualifications and training needs should be continually reviewed, not just upon employment. The mechanism for identifying needs on a regular basis is most often tied to periodic employee performance reviews but also may be the output of strategic planning.
Provide training to address identified needs. Once the need for training is established, the training should actually be provided.
Evaluate the effectiveness of training. Training is never a goal in itself. On a regular basis, organizations should ask: did the training accomplish desired results?
6.3 Infrastructure |
Comply |
N/A |
|
|
Y |
N |
|
The organization shall determine, provide and maintain the infrastructure needed to achieve conformity to product requirements. Infrastructure includes, as applicable
|
|
|
|
Guidance
6.3 Infrastructure
Failure of equipment (such as welding equipment in a machine shop), lack of facilities (such as shortage of storage space in a warehouse), or lack of repair/maintenance capability can have serious effects on the quality or timeliness of product and/or service. It is therefore essential that infrastructure is identified and controlled.
The focus should be on the infrastructure that is most important for the type of organization. For example, a manufacturer will probably focus on production equipment and maintenance, while a software development firm will put more emphasis on computer hardware and software, and a service organization will focus on workspace and associated facilities. Similarly, if an organization has equipment that can easily be replaced without affecting quality of product and/or service, maintenance activities can be relatively simple and limited. More complex equipment that is difficult to replace should have a more extensive maintenance program. Where `breakdown maintenance' is the core of the maintenance strategy, redundant systems and spare parts inventories for long lead time or hard to get materials may be critical.
6.4 Work Environment |
Comply |
N/A |
|
|
Y |
N |
|
The organization shall determine and manage the work environment needed to achieve conformity to product requirements. |
|
|
|
Guidance
6.4 Work Environment
Resources must be provided to establish and control working conditions needed to assure product/service quality or to ensure consistent process performance.
In addition, organizations must define how they manage achieve compliance with applicable statutory or regulatory environmental requirements, and may include a requirement for an organization to be compliant with ISO 14001 or other environmental management system standard.
7 PRODUCT REALIZATION |
|||
7.1 Planning of Product Realization |
Comply |
N/A |
|
|
Y |
N |
|
The organization shall plan and develop the processes needed for product realization. Planning of product realization shall be consistent with the requirements of the other processes of the quality management system (see 4.1).
In planning product realization, the organization shall determine the following, as appropriate:
The output of this planning shall be in a form suitable for the organization's method of operations. |
|
|
|
Guidance
7.1 Planning of Product Realization
Clause 7 relates to the “DO” portion of the PLAN-DO-CHECK-ACT (PDCA) cycle. This requirement is about planning for whatever your organization `does'.
Therefore, plans for controlling what you `do' need to be documented. First, it is only important to document what you plan to `do' if the absence of such documentation would adversely affect quality. The degree of and reliance on training and employee competence will often be the single most deciding factor in determining the level of documentation (including planning documents) needed.
Product realization plans can take can take many forms: formal product control plans, work instructions, operator instructions, specifications, flow charts, checklists, or even pictures or videos. Each organization needs to determine which format(s) will meet its needs best.
In many cases, the customer may also require you to develop and submit your product realization plans to them for approval prior to commencing work. In most cases, organizations have product realization `plans' already in place and all they will need to do is identify them and define responsibilities for their establishment, approval, execution, and periodic review/update.
7.2 Customer-Related Processes |
Comply |
N/A |
|
|
Y |
N |
|
The organization shall determine
|
|
|
|
Guidance
Determination of Requirements Related to the Product
In order to be able to provide a product that meets customers' expectations, it is necessary to know exactly what the customer's requirements for the product are, as well as statutory/regulatory requirements and requirements based on known/intended use of a product that only you or other product experts know. Accordingly, you need to consider:
the requirements that are specified by the customer (usually in a customer order, including requirements after delivery of product is complete, such as servicing of products or warranty activities).
the requirements not specified by the customer (usually based on known or intended use). For example, the use of special coatings and coating techniques in order to prevent rust.
statutory and regulatory requirements (usually imposed by local, regional, national, international and/or sector/industry specific environmental and/or safety statutory requirements or regulatory agencies).
other requirements determined by the organization (usually based on product/service performance expectations and other customer expectations such as luxury and convenience features, appearance, etc.
7.2 Customer-Related Processes (cont'd) |
Comply |
N/A |
|
|
Y |
N |
|
The organization shall review the requirements related to the product. This review shall be conducted prior to the organization's commitment to supply a product to the customer (e.g. submission of tenders, acceptance or contracts of orders, acceptance of changes to contracts or orders) and shall ensure that
Records of the results of the review and actions arising from the review shall be maintained (see 4.2.4).
Where the customer provides no documented statement of requirement, the customer requirements shall be confirmed by the organization before acceptance.
Where product requirements are changed, the organization shall ensure that relevant documents are amended and that relevant personnel are made aware of the changed requirements. |
|
|
|
Guidance
Review of Requirements Related to the Product
The intent of this requirement is to ensure that organizations understand and can meet ALL requirements before promising the customer that the product or service can be provided. In order to avoid misunderstandings about what the customer wants (and expects), it is necessary to review all requirements identified per clause 7.2.1. At a minimum, all quotes/proposals, customer orders (and subsequent changes) should be reviewed.
A request for quotation that is received from a customer needs to be reviewed before a quote is submitted. An organization must determine if:
the information from the customer is clear and specific;
it has the capability to provide the requested product.
Once a quotation is provided to the customer and the customer places an order (accepting the quotation), the order and the quotation must be compared to determine if there are any differences between them. Any differences need to be resolved with the customer.
7.2.2 Review of Requirements Related to the Product - Guidance (cont'd)
If the customer places an order without having been previously quoted (as is the case in many organizations with `standard' products or services as advertised in brochures or catalogues), the order still needs to be reviewed before it is accepted. An organization must determine if:
the order is clear and specific;
it has the capability (and capacity) to provide the requested product or service.
Records of these reviews must be kept; the record can be as simple as a notation on the request for quotation or the order with the initials of the reviewer and the date. If the request for quotation or order is not accepted (for whatever reason) or needs clarification, follow-up actions must also be recorded. For verbal orders (for example by telephone) it is important to confirm the order before acceptance. This can be done, for example, by reading it back to the customer, asking for confirmation. In general, verbal and electronic orders need some special considerations to record the order. For example, the details of a telephone order may be recorded on a pad, and an electronic order may be recorded by printing it or saving it in the computer.
Once accepted, orders often need to be changed. If this is the case, it should be clear how this change is to be handled. Many times the change only affects quantity or date of delivery; however, in some cases technical aspects of the order will change. The type and scope of review needed should be based on the nature of the change. Most organizations handle changes in the same way as a new order. In any case, all changes must be agreed to by the customer and communicated to all individuals who are affected by them. Typically, the purchasing department, the scheduling department, and the production department are affected, and should therefore be informed.
7.2 Customer-Related Processes |
Comply |
N/A |
|
|
Y |
N |
|
7.2.3 Customer Communication The organization shall determine and implement effective arrangements for communicating with customers in relation to
|
|
|
|
Guidance
7.2.3 Customer Communication
The satisfaction of customers does not only depend on the quality of final product or service, but also on the communication between the organization and its customers. Poor communication, even if acceptable product or service is provided, can result in dissatisfied customers.
Therefore, it should be clear who has the responsibility and authority to communicate with the customers. It is important that the following questions are answered:
Who provides product information to the customer, and how is it provided? How does the organization ensure that this product information is correct and timely?
Who is responsible for handling requests for quotations and customers' orders?
By whom and how is customer feedback received and handled? This includes both planned feedback (for example, as a result of customer surveys), and unplanned feedback (for example, customer complaints).
The organization's systems for communicating with the customer needs to be readily available to the customer; therefore the quality manual is usually the best place to discuss customer communications … or at least lead customers to a location (i.e. brochure, web site, etc.) where customer contact data is detailed.
7.3 Design and Development |
Comply |
N/A |
|
|
Y |
N |
|
The organization shall plan and control the design and development of product. During the design and development planning, the organization shall determine
The organization shall manage the interfaces between different groups involved in design and development to ensure effective communication and clear assignment of responsibility. Planning output shall be updated, as appropriate, as the design and development progresses.
|
|
|
|
Guidance
Design and Development Planning
Quality by design is not just a catchy phrase … few things are better than they were designed to be … and things can be perfectly made to a poor design. So .. it is at least equally as important to control design and development activities as it is to control operations. Design and development activities can be complex and it is not always easy to keep the timelines under control. The intent of design control is maximize the output of this creative process … not restrict it … and this can only be done effectively through the establishment and execution of a meaningful design plan.
The type and extent of the design plan should be dependent on the complexity of the design and the number of people involved. In some cases, design plans can be as simple as a short flow chart or checklist; in more complex designs, more sophisticated planning techniques are necessary. The design plan should identify responsibilities/authorities and specific timelines; it should describe which groups or individuals are involved (for example: customers, subcontractors, regulatory bodies, etc.) and how. It should also clearly identify the stages of the design process, including any checks and/or verifications for each stage.
It is not uncommon for conditions to change during the design and development process. A design and development plan only has value if it is being updated when these changes occur.
7.3 Design and Development (cont'd) |
Comply |
N/A |
|
|
Y |
N |
|
Inputs related to product requirements shall be determined and records maintained (see 4.2.4).
These inputs shall include:
These inputs shall be reviewed for adequacy. Requirements shall be complete, unambiguous and not in conflict with each other.
|
|
|
|
Guidance
7.3.2 Design and Development Inputs
In every design and development process, simple or complex, it is crucial to know what is required. The design and development input is defined by all requirements that the design must meet in order to be successful. In other words, it should be clear how the final product is going to look and which conditions must be fulfilled.
7.3 Design and Development (cont'd) |
Comply |
N/A |
|
|
Y |
N |
|
The outputs of design and development shall be provided in a form that enables verification against the design and development input and shall be approved prior to release.
Design and development outputs shall
|
|
|
|
Guidance
7.3.3 Design and Development Outputs
Design and development output is the result of the design and development process and the design plan should describe what form output should be in. Whatever the format, it is essential that the output meet the input requirements, that it contains clear criteria for acceptance or rejection, and that it clearly defines the characteristics of the product.
7.3 Design and Development (cont'd) |
Comply |
N/A |
|
|
Y |
N |
|
At suitable stages, systematic reviews of design and development shall be performed in accordance with planned arrangements (see 7.3.1)
Participants in such reviews shall include representatives of functions concerned with the design and development stage(s) being reviewed. Records of the results of the reviews and any necessary actions shall be maintained (see 4.2.4).
|
|
|
|
Guidance
7.3.4 Design and Development Review
Design and development review is a check to determine if the design and development activities are on track. More specifically, organizations need to verify if design is adequate in meeting customer and other requirements (design and development input). For simple designs it may be sufficient to have only one design review at the very end of the design process; however, performing only one design review may be very risky for more complex designs. If there are any problems identified as a result of the design review, it may be very costly and in some cases too late to go back and redo some of the design activities in order to correct the problems. Since thorough design reviews can prevent problems in a later stage, all relevant parties should be involved, including appropriate internal departments/functions, as well as customers and subcontractors.
The results of the design reviews, including any problems that are identified and their solutions, must be recorded. This may be as simple as noting on the plan that the review has been carried out, as well as any follow-up actions, signed off by the reviewer and dated. However, more complex designs may be reviewed in a formal meeting, and the minutes of this meeting would constitute the design review record.
7.3 Design and Development (cont'd) |
Comply |
N/A |
|
|
Y |
N |
|
Verification shall be performed in accordance with planned arrangements (see 7.3.1) to ensure that the design and development outputs have met the design and development input requirements. Records of the results of the verification and any necessary actions shall be maintained (see 4.2.4).
|
|
|
|
Guidance
7.3.5 Design and Development Verification
Design and development verification is the formal check that is done at the end of the design and development process to see if the results meet the original requirements. For example: does the drawing meet the customer's, regulatory, and other requirements?
If the design and development output is approved, the organization will go ahead with manufacturing the product or providing the service based on the design; therefore, it should be clearly stated in the design plan who is authorized to perform the design and development verification, how the verification is done, and where it is recorded.
7.3 Design and Development (cont'd) |
Comply |
N/A |
|
|
Y |
N |
|
Design and development validation shall be performed in accordance with planned arrangements (see 7.3.1) to ensure that the resulting product is capable of meeting the requirements for the specified application or intended use, where know. Wherever practicable, validation shall be completed prior to the delivery or implementation of the product. Records of the results of validation and any necessary actions shall be maintained (see 4.2.4).
|
|
|
|
Guidance
7.3.6 Design and Development Validation
Design validation is checking that the actual product/service created performs as intended. This is the final stage of the design and development process and is a valuable opportunity to prevent serious financial loss. Design and development validation should be performed before delivery of the product to the customer so that any problems can be corrected.
7.3.6 Design and Development Validation (cont'd)
Sometimes it is impractical to perform design and development validation before delivery of the product to the customer; in such cases, the organization should perform checks of the parts of the final product.
In other cases, performing design and development validation before introducing the new product is required by law; for example, in the case of introducing a new medicine.
If the design and development output is, in itself, the actual product, then design and development verification and validation are one and the same activity. This may be the case, for example, for an engineering firm.
ISO 9001:2000 requires that the results of design and development validation activities be recorded, including follow-up actions where applicable.
7.3 Design and Development (cont'd) |
Comply |
N/A |
|
|
Y |
N |
|
Design and development changes shall be identified and records maintained. The changes shall be reviewed, verified and validated, as appropriate, and approved before implementation. The review of design and development changes shall include evaluation of the effect of the changes on constituent parts and product already delivered.
Records of the results of the review of changes and any necessary actions shall be maintained |
|
|
|
Guidance
7.3.7 Control of Design and Development Changes
Stable designs are very rare. Most designs are subject to frequent changes sometimes before the design process is finished. It is as important to control these changes as it is to control the original design and development process. It should be clear how these changes are handled and what effects they have on the product. Most organizations choose to handle any changes to designs similar to the way new designs are handled.
7.4 PURCHASING |
|||
|
Comply |
N/A |
|
|
Y |
N |
|
The organization shall ensure that purchased product conforms to specified purchase requirements. The type and extent of control applied to the supplier and the purchased product shall be dependent upon the effect of the purchased product on subsequent product realization or the final product.
The organization shall evaluate and select suppliers based on their ability to supply product in accordance with the organization's requirements.
Criteria for selection, evaluation and re-evaluation shall be established. Records of the results of evaluations and any necessary actions arising from the evaluation shall be maintained (see 4.2.4).
|
|
|
|
Guidance
7.4.1 Purchasing Process
An organization can do an excellent job of controlling its own activities, but if suppliers are not performing satisfactorily, the organization and its customers may be negatively affected. It is crucial that suppliers are controlled, especially if they are particularly important for the operation of an organization.
This requirement of ISO 9001:2000 is related to ensuring that organizations get good products from their suppliers. Obviously not all suppliers are equally important. The standard requires more energy to be spent on those suppliers that have the most impact on the quality of the organization's product/services. For example, a metal fabricator will need to put emphasis on the control of the supplier of steel rather; while a repair service will need to put emphasis on the control of the supplier of new and/or refurbished replacement parts.
Organizations need to identify which materials and services that they buy most affect the quality of their products/services.
Then they need to establish criteria for the evaluation and selection of suppliers that can provide these materials and services.
Finally, they need to define a system for on-going supplier monitoring and periodic re-evaluation to determine if/when improvement or other action is needed.
7.4 PURCHASING (cont'd) |
|||
|
Comply |
N/A |
|
|
Y |
N |
|
Purchasing information shall describe the product to be purchased, including where appropriate:
The organization shall ensure the adequacy of specified purchase requirements prior to their communication to the supplier.
|
|
|
|
Guidance
7.4.2 Purchasing Information
While it is important that organizations are clear in ordering what they want, it is equally important not to give unnecessary details in purchase orders. Purchase orders that are too detailed can lead to confusion, and should therefore be avoided. Rather than describing all the details of a product, it is often much better to limit the purchase order to simply mentioning the catalogue number (as long as this is a unique number and the supplier has the correct catalogue).
It is acceptable to give verbal instructions to a supplier, although this makes for ordering complex products or services very difficult (for example, the services of an engineering firm). In all cases, it is the intent of this requirement to avoid misunderstandings between supplier and receiver. If an organization chooses to place a verbal order with a supplier, it will need to keep a record of what was ordered. This enables the organization to verify that it is actually getting what was asked for.
Finally, ISO 9001:2000 requires that the organization verify that purchasing information is correct before communicating it to a supplier. This verification is usually done by the purchasing manager or by the purchasing agent with input from quality or other technical personnel. The effectiveness and efficiency of this process can be greatly enhanced through automation, especially when integrated with other planning and resource management processes.
7.4 PURCHASING (cont'd) |
|||
|
Comply |
N/A |
|
|
Y |
N |
|
The organization shall establish and implement the inspection or other activities necessary for ensuring that purchased product meets specified purchase requirements.
Where the organization or its customer intends to perform verification at the supplier's premises, the organization shall state the intended verification arrangements and method of product release in the purchasing information.
|
|
|
|
Guidance
7.4.3 Verification of Purchased Product
An organization needs to ensure that the product or service from the supplier meets its requirements. In most cases, this means that organizations verify the adequacy of the product or service upon receipt. Sometimes, however, an organization chooses to visit the supplier and perform this verification on their premises.
It is important to realize that ISO 9001:2000 does not require that all received product is verified in all cases. For example, it does not make sense to do a 100% inspection on all shipments of bolts, especially if these bolts hardly affect the quality of products and if the supplier has proven to have a good history. The type and extent of the verification of purchased product (or service) should depend on:
the type of product or service that is being ordered;
the history of the supplier;
the characteristics of the supplier (for example: does it have a quality system in place?)
Note: some organizations may include receiving inspection activities as part of clause 8.2.4, Monitoring and Measurement of Product.
If an organization or its customers want to verify purchased product on the premises of the supplier, then the organization needs to clearly indicate in the purchasing documentation:
what is going to be verified;
how it is going to be verified.
7.5 Production and Service Provision |
Comply |
N/A |
|
|
Y |
N |
|
The organization shall plan and carry out production and service provision under controlled conditions. Controlled conditions shall include, as applicable
|
|
|
|
Guidance
7.5.1 Control of Production and Service Provision
This clauses addresses general `job' planning and control activities, including the establishment of production plans/schedules and other information and resources needed to carry out specific work assignments, including:
The availability of information that specifies the characteristics of the products (for example: drawings, specifications, and other product/service specific information).
The availability of work instructions; includes only those needed by `competent' personnel (clause 6.2.2) or where the absence of such instructions could adversely affect the quality of the product, usually identified during product quality planning (clause 7.1).
The use of suitable equipment for production and service operations, usually identified during product quality planning (clause 7.1) and maintained per clause 6.3.
The availability and use of monitoring and measuring devices and the implementation of monitoring activities, usually identified during product quality planning (clause 7.1) and controlled per clause 7.6.
The release and storage/delivery of finished goods/services, and (where applicable) any post-delivery activities. It must be clear how product is released and delivered to the customer. For example, delivery can be done by the organization itself or by a subcontractor; or the customer can pick up the product. In some cases there is a (written or verbal) requirement for the organization to perform additional activities after the delivery of the product to the customer; it should be clear how these activities are performed, and there should be procedures in place for critical activities.
7.5 Production and Service Provision (cont'd) |
Comply |
N/A |
|
|
Y |
N |
|
The organization shall validate any processes for production and service provision where the resulting output cannot be verified by subsequent monitoring or measurement. This includes any process where deficiencies become apparent only after the product is in use or the service has been delivered. Validation shall demonstrate the ability of these processes to achieve planned results. The organization shall establish arrangements for these processes including, as applicable:
|
|
|
|
Guidance
7.5.2 Validation of Processes for Production and Service Provision
Verification/inspection of products before they are provided to the customer is a valuable opportunity to prevent delivery of product that does not meet customers' requirements. However, sometimes it is not possible to fully verify the quality of the product without using or destroying it. For example, it is not possible to fully verify the strength of a weld unless a destructive test is performed or the product is actually used. Similarly, for many service industries, the service provided is instantaneous, which does not readily allow verification before delivery of that service. For example, a lawyer who defends a client in court is obviously not able to verify his services before delivery. Failure to represent the client correctly will only be detected when the judge rules.
In these cases the activities can only be controlled (validated) with the use of qualified personnel, qualified equipment, and qualified processes based on a set of specified procedures or criteria. A process can be qualified, for example, by doing a destructive test on a sample of the products. The results of this destructive test can then represent other products with the same characteristics. ISO 9001:2000 requires that records be maintained for activities that require validation.
It should be noted that validation is only necessary if there is a risk of providing product that does not meet customers' requirements. For example, esthetic welding may not have to be validated if it does not affect the quality of the product.
7.5 Production and Service Provision (cont'd) |
Comply |
N/A |
|
|
Y |
N |
|
Where appropriate, the organization shall identify the product by suitable means throughout product realization.
The organization shall identify the product status with respect to monitoring and measurement requirements.
Where traceability is a requirement, the organization shall control and record the unique identification of the product (see 4.2.4). |
|
|
|
Guidance
7.5.3 Identification and Traceability
Activities can only be controlled if it is clear what the product is and where it is in the product realization process (i.e. its status). Clear identification of the product can avoid misunderstandings about what has happened to it and what still needs to happen.
For example, product in the receiving area of a manufacturing plant should be clearly marked as to whether a required receiving inspection has taken place. If a receiving inspection has taken place, it should be clear what the result of this inspection was (pass or fail). Similarly, material that is used in a machine shop should be identifiable as to which specific job it belongs, and in which stage of production it is. In the service industry, this requirement may have similar importance. For example, a courier service cannot function without clear identification on the packages as to which services are required (delivery time, registration, etc.), and a warehouse/distributor will need to have some way of identifying the product in stock.
There are several ways of identifying products. The most obvious is using tags or stickers with part numbers, bar codes, job numbers, etc. The identification may be engraved in the product itself, or the product may simply be marked by a color. Sometimes it is more practical to identify a product by its location. For example, deficient product may be identified as nonconforming by segregating it and placing it in a specific area that is marked “nonconforming product”. In all cases ISO 9001:2000 requires that it is clear if the product has been verified/inspected and that the results of the inspection are also clear.
Sometimes traceability is a customer specified requirement (and even regulated). For example, in pressure vessel manufacturing, it is common for the identification of a given material to be recorded and traced through all manufacturing stages. In this way, the final components can be traced back to the original material certificate. If traceability is required, ISO 9001:2000 states that the material be uniquely identified and that records are maintained that show evidence of traceability to specified or other appropriate degree.
7.5 Production and Service Provision (cont'd) |
Comply |
N/A |
|
|
Y |
N |
|
The organization shall exercise care with customer property while it is under the organization's control or being used by the organization. The organization shall identify, verify, protect and safeguard customer property provided for use or incorporation into the product. If any customer property is lost, damaged or otherwise found to be unsuitable for use, this shall be reported to the customer and records maintained (see 4.2.4). |
|
|
|
Guidance
7.5.4 Customer Property
If there are any products, materials, or tools on an organization's premises that are owned by a customer, workers must exercise care with this property. This means that they must ensure that the property is and remains suitable for use or processing. If it is lost or damaged, this needs to be recorded and the customer needs to be notified.
Customer property should be identified and verified (for example, by performing a receiving inspection). Examples of customer property are: motor vehicles left for service or repair, clothing that a customer left at a laundry, customer-owned material in a warehouse or proprietary information provided to aid in planning, design, manufacture, installation or delivery.
At a minimum, customer property should be handled, stored and processed with the same level of care and control as applies to the organization's own property (see clause 7.5.5).
7.5 Production and Service Provision |
Comply |
N/A |
|
|
Y |
N |
|
The organization shall preserve the conformity of product during internal processing and delivery to the intended destination. This preservation shall include identification, handling, packaging, storage and protection. Preservation shall also apply to the constituent parts of a product. |
|
|
|
Guidance
7.5.5 Preservation of Product
Obviously it is as important that an organization handle its own product/material with care, as it is to protect customer's property. Some common examples of where special handling techniques are required are:
Metals handling where stainless steel can have corrosion resistance impaired if the stainless steel is handled with ordinary steel grips or chains. Covering the grips, chains, and other handling tools with rubber, plastic, or similar materials is the usual practice. Most copper-based metals are susceptible to corrosion from finger marks. Where corrosion may affect performance, such as in printed circuit boards or decorative applications, gloves need to be worn to prevent such marking.
Food handling where cleaning of utensils after use is very necessary, for health reasons.
Electrical and electronic equipment where safe handling practices are required to avoid damage from electrostatic discharges.
Similarly, packing or packaging needs to be done in such a way that it does not adversely affect product quality. Packaging should be appropriate to the product. For example, bulk grain may be packed by filling the carrying container, provided the container does not contaminate the product. On the other hand, the packaging of certain chemicals is regulated to ensure that they do not spill or contact with water.
Also, unsuitable storage can deteriorate the condition of product. The organization should define its system of inventory control (including the identification of various types of storage areas and the applicable controls in place for each area of type of area). Product in stock must be protected, especially if the product has a limited shelf life. Checking the condition of product in stock regularly can do this.
Finally, the organization should describe its methods for delivering product/service to the customer and for ensuring protection to final destination.
7.6 Control of Monitoring and Measuring Devices |
Comply |
N/A |
|
|
Y |
N |
|
The organization shall determine the monitoring and measurement to be undertaken and the monitoring and measuring devices needed to provide evidence of conformity of product to determined requirements (see 7.2.1). The organization shall establish processes to ensure that monitoring and measurement can be carried out and are carried out in a manner that is consistent with the monitoring and measurement requirements. Where necessary to ensure valid results, measuring equipment shall be:
In addition, the organization shall assess and record the validity of the previous measuring results when the equipment is found not to conform to requirements. The organization shall take appropriate action on the equipment and any product affected. Records of the results of calibration and verification shall be maintained (see 4.2.4). When used in the monitoring and measurement of specified requirements, the ability of computer software to satisfy the intended application shall be confirmed. This shall be undertaken prior to initial use and reconfirmed as necessary. |
|
|
|
Guidance
7.6 Control of Monitoring and Measuring Devices
Verifications, inspections and tests are important ways to ensure that the product meets the customer requirements and expectations. This can be done by monitoring and measuring the characteristics of the product (see clause 8.2.4). For example, a pharmacist measures the exact amount and weight of the medicine before providing it to the customer. However, if his measuring device (an electronic scale) is measuring incorrectly, or if it is not accurate enough, then the measurement is useless.
Therefore, this section of ISO 9001:2000 requires organizations to ensure that measurement devices are capable (precise and accurate enough) and controlled so that they consistently provide accurate measures. Examples of measurement and monitoring devices are: scales, gages, thermometers, micrometers, calipers, and thickness meters. Most monitoring and measurement devices will require periodic calibration. Calibration is the act of comparing the measurement device against a reference standard to determine how accurate it is and whether or not it is still capable of meeting the precision required for the measurement made with it. Where necessary, the measuring device needs to be adjusted.
7.6 Control of Monitoring and Measuring Devices - Guidance (cont'd)
Organizations are free in determining the frequency of calibration, provided that the frequency is consistent with the type of measurement device and the intensity of use.
For a reference standard to have validity, it must be traceable back to an appropriate recognized accurate source. This is normally a national or international standard (such as a meter or a kilogram). If an (inter)national standard does not exist, then the organization needs to define the reference standard on its own.
It is important to determine how accurate the measurements need to be; this will depend upon how much tolerance is permissible in what is being measured. A measuring device usually has to be capable of measuring to a much closer tolerance than the tolerance specified for the item being measured. Also, there is no point in having measurement devices calibrated to unnecessarily high precision if that precision is not needed for the operation. A pharmacist typically needs high accuracy equipment, while the accuracy of a wire cutter used by a distributor is relatively low.
The results of the calibrations need to be recorded. If the measuring device appears to be out of calibration, then it is necessary to look at the results of the measurements that were previously taken with this device. For example, if a scale is out of calibration, someone may need to re-inspect the product that was recently inspected with this device (provided the product has not yet been shipped to the customer). Organizations need to decide which corrective action is appropriate (see clause 8.5.2).
It is important to protect a measuring device from damage or deterioration. This means that it must be suitably stored when not in use, and it must be correctly handled. Also, adjustments may invalidate the calibration; a possible prevention method is to ensure that only trained personnel are authorized to use the measuring device.
Sometimes computer software is used in the process of monitoring and measurement of requirements. If this is the case, the software must be checked to verify that it performs the required functions.
8 MEASUREMENT, ANALYSIS AND IMPROVEMENT |
|||
8.1 General |
Comply |
N/A |
|
|
Y |
N |
|
The organization shall plan and implement the monitoring, measurement, analysis and improvement processes needed:
This shall include determination of applicable methods, including statistical techniques, and the extent of their use.
|
|
|
|
Guidance
8.1 General
The previous sections relate to organizing activities in such a way that customer requirements and expectations are consistently met. An organization that has met those requirements has the controls in place, but does not necessarily know if the controls are working. In order for an organization to improve, it needs to have information on where it stands today. How satisfied are the customers? Does the organization actually meet all requirements? Are activities (processes) effectively and efficiently organized? Does the product actually meet the expectations? And, what happens if the product does not meet the expectations?
The answers to these questions are related to the requirements in this section. Improvement will result from analyzing this information and taking the necessary corrective, preventive and/or other improvement action.
The information that organizations need to plan for improvement does not have to be sophisticated. Usually a few crucial pieces of information or a short summary can give enough information to determine if action is necessary. Organizations should define what is the crucial information that they need and how they will analyze it for decision-making.
The organization should also discuss its plans for using statistical tools to monitor and measure product and processes for effectiveness and/or improvement.
8 MEASUREMENT, ANALYSIS AND IMPROVEMENT |
|||
8.2 Monitoring and Measurement |
Comply |
N/A |
|
|
Y |
N |
|
As one of the measurements of the performance of the quality management system, the organization shall monitor information relating to customer perception as to whether the organization has met customer requirements. The methods for obtaining and using this information shall be determined. |
|
|
|
Guidance
8.2.1 Customer Satisfaction
Probably one of the most crucial categories of information is the satisfaction of customers. Since customers determine the future of organizations, it needs to be determined how satisfied they are. In order to do this, organizations need to know which issues are important for their customers and then define how they will measure the customer's perception of how well they're doing with regards to these issues.
One way of getting information about how dissatisfied customers are is to monitor the customer complaints. However, it is important to realize that this will give a very limited picture. First, it is quite common that only a small portion of dissatisfied customers actually complain. Second, customer complaints do not give any information about satisfied customers or the level of customer satisfaction. Note: per notes contained in the definition of customer satisfaction (see ISO 9000:2000) the absence of complaints/returns does not necessarily mean there is a high level of customer satisfaction. Customer satisfaction can be objective and subjective.
Examples of objective information are:
Did the customer receive the product before 5:00 PM, as required?
Was the shipment complete?
Examples of subjective information include:
Is the customer satisfied with the way we answered their questions and concerns?
Is the customer satisfied with the performance of a product or delivery of a service?
8.2.1 Customer Satisfaction (cont'd)
There are several ways of measuring customer satisfaction. Examples are:
Questionnaires and surveys. This is a relatively cost effective way of measuring customer satisfaction, but the downside is that the response may be low. A better strategy is to periodically survey key customers or customer groups.
Direct communication with customers. This is much more time consuming, but it is an excellent way of getting to know the needs of customers, and the method itself can contribute to raising customer satisfaction. However, very little `extra time' is needed if customer contact personnel conduct a `mini' survey during their `routine' customer contacts (i.e. phone calls, interviews, conferences, meetings) and quantify/summarize results in a manner that will result in actionable data.
Reports of consumer organizations. This information gives a good overview, but is not always available and seldom gives information about individual customers.
8.2.2 Internal Audit
|
Comply |
N/A |
|
|
Y |
N |
|
The organization shall conduct internal audits at planned intervals to determine whether the quality management system:
An audit program shall be planned, taking into consideration the status and importance of the processes and areas to be audited, as well as the results of previous audits. The audit criteria, scope, frequency and methods shall be defined. Selection of auditors and conduct of audits shall ensure objectivity and impartiality of the audit process. Auditors shall not audit their own work.
The responsibilities and requirements for planning and conducting audits, and for reporting results and maintaining records (see 4.2.4) shall be defined in a documented procedure.
The management responsible for the area being audited shall ensure that actions are taken without undue delay to eliminate detected nonconformities and their causes. Follow-up activities shall include the verification of the actions taken and the reporting of verification results
|
|
|
|
Guidance
Internal Audit
A second source of information is a periodic self-assessment (internal audit). This allows an organization to determine the strengths and weaknesses of the quality system in place. It should become apparent whether or not the quality system meets the requirements of this standard and if the system has been effectively maintained.
ISO 9001:2000 requires that the responsibilities and requirements for conducting internal audits be documented in a procedure.
Audits should be planned and conducted based on the status and importance of the area, function, process or system involved. Critical, new or changed processes/systems, and departments (or functions) that have been recently reorganized should be audited more frequently and/or more in-depth than others. Similarly, any data indicating a weakness exists (i.e. customer complaints or previous audit findings) should be used to identify processes or departments/functions that deserve more attention during internal audits.
Each organization should appoint an internal auditor who is qualified (see clause 6.2.1). The audit process itself must be objective and impartial and auditors cannot audit their own work. An auditor should look for evidence of compliance to the requirements. Are the activities done as planned (i.e. as defined in quality system documents)? Do managers have data that demonstrates process/system effectiveness? Are corrective, preventive or other improvement actions taken as planned? Are actions taken effective? This is not an exercise in finding mistakes. Rather, it is gathering information about the system so that the organization knows its strengths and weaknesses and can therefore improve. Evidence of compliance can be collected, for example, by interviewing people, observing activities and looking at records and procedures.
'Value added' internal audits can be a great resource for improvement ideas, preventive actions and data that managers can use to determine if/when a process is effective (accomplishes desired results) and efficient (with a minimum amount of resources). Value added internal audit activities should only be carried out with management's blessing; include them in the scope of each audit if/when desired by management.
Organizations need to keep records of the results of internal audits. This can be done on a checklist or on a report. Either way, it should be clear which requirements have been audited and which areas were or were not in compliance with the requirements.
These results then need to be reported to management so that timely corrective, preventive or other improvement actions can be taken where necessary.
8.2.3 Monitoring and Measurement of Processes |
Comply |
N/A |
|
|
Y |
N |
|
The organization shall apply suitable methods for monitoring and, where applicable, measurement of the quality management system processes. These methods shall demonstrate the ability of the processes to achieve planned results. When planned results are not achieved, correction and corrective action shall be taken, as appropriate, to ensure conformity of the product.
|
|
|
|
Guidance
8.2.3 Monitoring and Measurement of Processes
The third source of information is related to measurement of processes (activities). Organizations need to determine how they are going to measure whether activities are being adequately carried out. Examples of measurements of activities are:
Timeliness. A certain operation may typically take 15 minutes. How often is this operation being performed in 16 minutes or more?
Efficiency. How much of a certain type of material is processed in one hour? How many people were involved in producing one batch?
Reaction time. What was the reaction time of people to special internal or external requests/concerns (such as customer complaints)?
Cost reduction. What was the reduction of costs related to not meeting the requirements? An example of these costs is premium freight: extra costs of high-speed delivery because of excessive production times.
Process monitoring and measurement activities are typically used to minimize the need for or reliance on product inspection and test to ensure product quality.
Process monitoring activities can include operator process monitoring (usually defined in work instructions established per clause 7.5.1).
In addition, the organization should define more `formal' process monitoring activities (including methods for monitoring process performance against established parameters or other desired results) and define actions for process adjustment to minimize product or service nonconformities.
|
Comply |
N/A |
|
|
Y |
N |
|
The organization shall monitor and measure the characteristics of the product to verify that product requirements have been met. This shall be carried out at appropriate stages of the product realization process in accordance with the planned arrangements (see 7.1).
Evidence of conformity with the acceptance criteria shall be maintained. Records shall indicate the person(s) authorizing release of product (see 4.2.4).
Product release and service delivery shall not proceed until the planned arrangements (see 7.1) have been satisfactorily completed, unless otherwise approved by a relevant authority and, where applicable, by the customer. |
|
|
|
Guidance
8.2.4 Monitoring and Measurement of Product
A fourth source of information is based on measurements of the characteristics of the product (inspections and tests). This may be a verification of quantity, dimensions, weight, thickness, hardness, etc. Basically, it covers any activity that determines whether something is acceptable.
Each individual organization needs to decide where these inspections and tests should be carried out. The general rule is that they should be performed at critical stages of processes. Typically, this is the case when a product is passed on to the next production stage or when there is a substantial risk of errors or deficiencies. A car manufacturer will want to perform several in-process inspections and inspections of parts because without these inspections a deficiency may not be detected later, or it may be very costly to correct it.
Similarly, the types of inspections or tests performed should be dependent on the critical nature of the product or the process. In some cases, such as a repair service center receiving new or refurbished replacement parts, an inspection may be as simple as checking the type and number of parts received.
Inspections of final products are always critical because there will not be opportunity to correct any deficiencies after this point. At a minimum, a final `audit' should be performed to ensure all planned activities (including all key product/service realization processes and related product/service inspections and tests) have been performed as planned with satisfactory results.
8.2.4 Monitoring and Measurement of Product - Guidance (cont'd)
In performing inspection and testing, 100% of the product does not have to be tested. There are many products made where a sampling procedure is used and the batch passed or rejected on the basis of the sample. The subsequent detection of nonconforming product (see 8.3) does not mean that the sampling procedure is incorrect. However, a continuing and perhaps higher than expected level of nonconformances may suggest that the sampling plan or procedure needs investigating.
Obviously, an inspection or test is only useful if the acceptance criteria are known. The result of the inspection or test is either a pass or a fail, based on these acceptance criteria. Preferably, acceptance criteria should be measurable (such as in dimensions or quantities), but they can also be subjective, for example criteria for visual inspections or taste tests.
The results of inspections and tests need to be recorded. Examples of inspection records are checklists, pick tickets, job cards, or work orders. In any case, it is wise to use the records that are already in use by the organization as much as possible. For example, in small machine shops with only a few employees, it is common practice for machine operators to inspect their own work before passing it on to the next machining station. Consecutive operators sign a job card as it follows the work in progress. This is a good practice because the work of the next operator down the line is affected if the `incoming' work is not correct. Also, the next operator can check the previous operator's work.
The record should clearly state who performed the inspection and what the result of the inspection was (pass/fail).
If an inspection or test needs to be performed, then product should not proceed to the next activity or production stage until the inspection or test has been completed with positive results. A product can only be released without inspection or test if there is an appropriate approval, usually provided by the customer.
8.3 Control of Nonconforming Product |
Comply |
N/A |
|
|
Y |
N |
|
The organization shall ensure that product which does not conform to product requirements is identified and controlled to prevent its unintended use or delivery. The controls and related responsibilities and authorities for dealing with nonconforming product shall be defined in a documented procedure. The organization shall deal with nonconforming product by one or more of the following ways:
Records of the nature of nonconformities and any subsequent actions taken, including concessions obtained, shall be maintained (see 4.2.4). When nonconforming product is corrected it shall be subject to re-verification to demonstrate conformity to the requirements. When nonconforming product is detected after delivery or use has started, the organization shall take action appropriate to the effects, or potential effects, or the nonconformity. |
|
|
|
Guidance
8.3 Control of Nonconforming Product
It is important that inspections are carried out; it is equally important that people know what to do with the nonconforming (deficient) product if it fails the inspection. Most importantly, organizations should ensure that nonconforming products are not treated as conforming product and delivered to the customer. Control of nonconformity should be done by clearly identifying the product as nonconforming. Segregation in designated areas and marking of the product are the most obvious examples.
Someone in each organization should have the authority to decide what to do with nonconforming product. The product may be corrected by repairing, reworking, or re-grading for alternative applications. If all other approaches fail, the product can be scrapped.
Unless it is scrapped, the nonconforming product (after repair, rework, etc.) should be re-inspected. Sometimes it is an option to use nonconforming product and release it to the customer. This is only allowed with a concession (approval) from the customer and/or other parties.
Note: Nonconforming service cannot be segregated, regraded for alternate use or scrapped, but it needs to be clearly identified and the disposition documented (usually rework or other customer approved action).8.3 Control of Nonconforming Product - Guidance (cont'd)
In the event that a nonconformance is detected after delivery, appropriate actions need to be taken. For example, if a catering company discovers that it has inadvertently used processed meat that was past its `use-by-date' (shelf life), a number of actions might be required to fix the problem:
investigate to find out the extent of the problem; / segregate and quarantine the product;
recall the product from retail outlets and customers; / involve regulatory authorities.
For service industries, it may be difficult or impossible to physically identify or segregate nonconforming service. These organizations, however, are still required to ensure that the nonconforming service does not reach the customer, where possible, and to correct the problem.
ISO 9001:2000 requires that a documented procedure describe how nonconforming products are controlled, as well as the related responsibilities and authorities.
8.4 Analysis of Data |
Comply |
N/A |
|
|
Y |
N |
|
The organization shall determine, collect and analyse appropriate data to demonstrate the suitability and effectiveness of the quality management system and to evaluate where continual improvement of the effectiveness of the quality management system can be made. This shall include data generated as a result of monitoring and measurement and from other relevant sources. The analysis of data shall provide information relating to
|
|
|
|
Guidance
8.4 Analysis of Data
The sources of information listed above can provide organizations with valuable data, but this data is only valuable if it is analyzed and actionable. For example, the data may indicate that there was an increase in the number of nonconforming products in a certain period. However, it is only possible for an organization to take the necessary action (see 8.5) if it is provided with an analysis of this data. For example: What was the type of nonconforming product? What was the main cause of the nonconformances? Were there any circumstances that were different from previous periods? Is this problem confirmed by other sources of information, such as internal audits?
8.4 Analysis of Data - Guidance (cont'd)
The results of the analysis should enable organizations to answer the following questions: How satisfied are customers? Are customers' requirements being met? Do processes and products meet the requirements? How do suppliers perform?
8.5 Improvement |
Comply |
N/A |
|
|
Y |
N |
|
The organization shall continually improve the effectiveness of the quality management system through the use of the quality policy, quality objectives, audit results, analysis of data, corrective- and preventative actions and management review. |
|
|
|
Guidance
8.5.1 Continual Improvement
Each organization should continually seek to improve, rather than wait for a problem to reveal opportunities for improvement. Potential improvements can range from short projects to long-term activities. Examples are:
Sitting down with the most important suppliers in order to increase the effectiveness of the communication and to reduce nonconformances;
Making an action plan to reduce the reject from a certain type of machine;
Finding opportunities to reduce the delivery time.
Continual improvement should be based on all relevant information available. Audit results and other data should be analyzed and compared with the policy and objectives so that corrective and preventive actions can be taken to ensure continual improvement. Management reviews should be used as tools for enhancing this improvement process.
Often, it is not practical or advisable to take all needed actions at once, so it becomes necessary to prioritize improvement actions on the basis of their status and importance to determine when action should be taken. The output of the continual improvement planning process should be a list of improvement initiatives and anticipated results. The effectiveness of these actions should be reviewed as a normal part of the corrective/preventive action processes (see clause 8.5.2 and clause 8.5.3) or during management reviews (see clause 5.6)
8.5.2 Corrective Action |
Comply |
N/A |
|
|
Y |
N |
|
The organization shall take action to eliminate the cause of nonconformities in order to prevent recurrence. Corrective actions shall be appropriate to the effects of the nonconformities encountered.
A documented procedure shall be established to define requirements for
|
|
|
|
Guidance
8.5.2 Corrective Action
Every indication of a failure (i.e. complaint, rejection, audit finding, return, etc.) requires an immediate correction. In addition, the organization needs to evaluate whether a corrective action is needed to prevent (or minimize the likelihood of) the failure from recurring.
This requirement is related to ensuring that corrective actions are identified, taken and verified for timely and effective implementation.
This involves finding the cause of the problem, recording the results of the action taken and verifying that the action was effective.
The intent of this requirement is to have a disciplined approach to problem solving (i.e. identifying the root cause of the problem, the actual costs with the failure, and the potential costs/risks associated with taking no action to prevent its recurrence.
Corrective actions are ineffective when they do not achieve desired results (usually meaning, the problem/failure recurs).
8.5.3 Preventive Action |
Comply |
N/A |
|
|
Y |
N |
|
The organization shall determine action to eliminate the causes of potential nonconformities in order to prevent their occurrence. Preventive actions shall be appropriate to the effects of the potential problems.
A documented procedure shall be established to define requirements for
|
|
|
|
Guidance
8.5.3 Preventive Action
It is better to prevent a problem from occurring than to correct a new or recurring problem. Based on the information available to them, organizations must identify ways of preventing problems from occurring in the first place. Examples of preventive actions are:
purchasing additional tools or machinery, because of an expected increase in activities or production;
checking computer systems to see if they are capable of handling information from a new customer;
introducing a new identification system for nonconforming product, so that any potential misunderstandings can be avoided;
providing training on new processes, equipment, customer requirements, etc.
Preventive actions are usually handled in the same way as corrective actions, just with a different `focus'.
This involves finding the cause of the potential problem or failure, recording the anticipated results of the action taken and verifying that the action was effective.
The intent of this requirement is to have a disciplined approach to risk analysis (i.e. identifying the root cause of the potential problem and the potential costs/risks associated with taking no action to prevent its occurrence.
Preventive actions are ineffective when they do not achieve desired results (usually meaning, the problem/failure occurs).
Page 2 of 1