Embed Size (px)
DESCRIPTION
IMPLEMENTING QMS
Citation preview
Quality Management Systems Training for SMEs
Leonardo da Vinci Project
GUIDELINES FOR THE IMPLEMENTATION OF
A QUALITY MANAGEMENT SYSTEM (QMS),
ACCORDING TO THE ISO 9001:2008 STANDARD, TO
SME’S.
This book was produced in the framework of Leonardo da Vinci project “Small Business Quality Management Systems”. This project was carried out with the support of the Commission of the European Community.
The content of this book does not necessarily reflect the position of the European Community or the National Agency, nor does it invoke any responsibility on their part.
2
TITLE:ISO 9001:2008 APPLICATION GUIDE
CHAPTER 1. INTRODUCTION..............................................................................................................71.1. CONTEXT..............................................................................................................................................7CHAPTER 2. GENERAL...........................................................................................................................92.1. THE SENSE OF THE WORD “QUALITY”.........................................................................................92.2. THE DEVELOPMENT PHASES OF QUALITY: CULTURE, PRINCIPLES AND METHODS..........102.3. QUALITY MANAGEMENT SYSTEM.................................................................................................132.4. WHY THE IMPLEMENTATION OF A QUALITY MANAGEMENT SYSTEM?...............................142.5. THE ISO 9000:2008 STANDARD..............................................................................................14CHAPTER 3. APPLICATION OF THE STANDARD ISO 9001 IN SMES..........................163.1. SME....................................................................................................................................................163.1.1.EU DEFINITION..................................................................................................................................163.1.2.THE HIDDEN GIANTS........................................................................................................................173.2. IMPLEMENTING THE ISO STANDARD...........................................................................................203.2.1.WHAT SHOULD ISO (NOT) BE ABOUT........................................................................................203.2.2.MANAGEMENT PRINCIPLES.............................................................................................................213.2.3.ISO IN SMES - SOME CHARACTERISTICS HAVING IMPACT...................................................243.2.4.REALIZATION OF ISO REQUIREMENTS AND DIFFERENCES BETWEEN SMES AND LARGE ENTERPRISES..................................................................................................................................................26CHAPTER 4. THE STANDARD ISO 9001:2008.........................................................................374.1. INTRODUCTION..................................................................................................................................374.2. CHARACTERISTICS AND CONTENTS OF ISO 9001:2008 STANDARD................................374.3. OTHER RELATED STANDARDS........................................................................................................394.4. QUALITY MANAGEMENT SYSTEM (CLAUSE 4)..........................................................................394.4.1.GENERAL REQUIREMENTS (CLAUSE 4.1)...................................................................................404.4.2. DOCUMENTATION REQUIREMENTS (CLAUSE 4.2).................................................................444.5. MANAGEMENT RESPONSIBILITY (CLAUSE 5)............................................................................504.5.1. MANAGEMENT COMMITMENT (CLAUSE 5.1)............................................................................504.5.2. CUSTOMER FOCUS (CLAUSE 5.2)...............................................................................................514.5.3. QUALITY POLICY (CLAUSE 5.3)..................................................................................................524.5.4. PLANNING (CLAUSE 5.4)..............................................................................................................524.5.5. RESPONSIBILITY, AUTHORITY AND COMMUNICATION (CLAUSE 5.5)................................524.5.6. MANAGEMENT REVIEW (CLAUSE 5.6)......................................................................................534.6. RESOURCE MANAGEMENT (CLAUSE 6).......................................................................................544.7. PRODUCT REALISATION (CLAUSE 7)...........................................................................................554.7.1. PLANNING OF PRODUCT REALIZATION (CLAUSE 7.1)..........................................................574.7.2. CUSTOMER-RELATED PROCESSES (CLAUSE 7.2)....................................................................584.7.3. DESIGN AND DEVELOPMENT (CLAUSE 7.3).............................................................................594.7.4. PURCHASING (CLAUSE 7.4).........................................................................................................604.7.5. PRODUCTION AND SERVICE PROVISION (CLAUSE 7.5)........................................................614.7.6. CONTROL OF MONITORING AND MEASURING DEVICES (CLAUSE 7.6).............................634.8. MEASUREMENT, ANALYSIS AND IMPROVEMENT (CLAUSE 8)...............................................644.9. MINIMUM REQUIREMENTS ACCORDING TO ISO......................................................................684.10. PERMISSIBLE EXCLUSIONS.............................................................................................................68CHAPTER 5. STEPS TO IMPLEMENT A QMS.............................................................................695.1. STEPS TO DECIDE.............................................................................................................................695.1.1.DECISION TO IMPLEMENT A QMS...............................................................................................695.1.2.FIRST PLANNING OF RESOURCES..................................................................................................705.1.3.EXTERNAL CONSULTANTS...............................................................................................................705.2. FIRST SELF ASSESSMENT...............................................................................................................715.3. DETAILED IMPLEMENTATION PLAN...............................................................................................745.4 DEVELOPMENT OF QM HANDBOOK.................................................................................................755.5 DESIGN OR CHECK UP OF PROCESSES.............................................................................................765.6 FINAL IMPLEMENTATION – QMS KICK OFF....................................................................................795.6.1.TRAINING............................................................................................................................................795.7 INTERNAL AUDIT...................................................................................................................................805.8 EXTERNAL AUDIT...................................................................................................................................825.8.1.CERTIFICATION BODY......................................................................................................................825.8.2.THE CERTIFICATION PROCESS.......................................................................................................825.9 CONTINUAL IMPROVEMENT.................................................................................................................84CHAPTER 6. ADDITIONAL REQUIREMENTS..............................................................................86
4
6.1. MANAGEMENT SYSTEM STANDARDS............................................................................................866.2. EUROPEAN DIRECTIVES AND TECHNICAL STANDARDS...........................................................88CHAPTER 7. GLOSSARY......................................................................................................................90BIBLIOGRAPHY.........................................................................................................................................94
INDEX OF TABLES
Table 3.1
Recent development in SME perception in EU 16
Table 3.2 The ISO-related differences between SMEs and large
enterprises in a nutshell 27
Table 4.1 Records required by ISO 9001:2008 43
Table 4.2
Audit list (abridged and artificial version) 56
INDEX OF FIGURES
Figure 3.1
European enterprises by size 16
Figure 3.2
Issued ISO 9000 certificates, world total 17
Figure 3.3
Distribution of issued certificates among world regions (2007)
17
Figure 3.4
Share of certificates of conformity to ISO 9001:2008 on
ISO 9000 total 18
Figure 3.5 M
processes according to the eight ISO 9000 principles 21
Figure 4.1
Process map of a construction company (artificial) 37
Figure 4.2 Artificial example of process flow
chart 38
Figure 4.3
Some of the 7 quality tools 39
Figure 4.4
Typical QMS Processes 49
Figure 5.1
Example of a first assessment checklist 62
Figure 5.2
5
Example of a strengths and weaknesses analysis 63
Figure 5.3
Force Field Analysis 63
Figure 5.4
Example of an implementation plan with milestones 64
Figure 5.5 QM
Handbook Hierarchies 66
Figure 5.6
SIPOC method 67
Figure 5.7 Example of a process map 68
6
CHAPTER 1. INTRODUCTION
1.1. Context
During the last decades enterprises made an effort to achieve quality as a measure to increase their competitiveness. This quality goal was usually achieved by trial and error, costing, to enterprises, a great deal in terms of time and money, not to mention the effect on clients, in the cases of error. To organise the procedure of obtaining and maintaining quality, a series of international standards were created in the form of ISO model. This way the improvement of quality could be obtained through standard procedures already tried and tested in many other enterprises. The whole procedure very often includes re-engineering of the company and, in every case, training of the personnel. The revision of the standard in 2008 version imposes more obligations.
Yet SMEs, which represent an important percentage of the total enterprises power in Europe, have complained that implementing the ISO 9000 was expensive, as it required additional staff and paperwork. They also complained that its demands were irrelevant to SMEs operational dimensions.
Companies are facing new challenges due to the more dynamic economic situation. Markets appear and vanish within short periods of time and customers show growing expectations about the quality of delivered goods and services. Responding to these facts, many industrial sectors, principally the automotive industry, have decided to implement generally accepted quality management tools which lead, finally, to the establishment of quality management systems (QMS) after e.g. ISO, VDA or QS standards. An undoubted advantage of such a procedure is not only a support function for the systematic way of managing quality relevant issues within their own organisation but also the knowledge that a supplier who fulfils the criteria of such an accepted QMS – i.e. the organisation is certified to such a standard - stands for high quality products and services. The supplier selection process was massively supported by the emerging certification activities and in some areas it has even become a minimum criterion for it.
Large companies, especially, began to get certified to ISO 9000 standards whereas more and more small and medium sized enterprises have decided to choose this way within the last few years.
Therefore a lot of enterprises require from their suppliers and their subcontractors certification at ISO-9001 and application of quality processes, while in certain sectors the certification is imposed by the national legislation. Furthermore clients are becoming active participants in requiring certified products and providers.
The achievement of quality
The power of SMEs in Europe
The lack of educational material and tools for SMEs
Consideration of branche specific situations / Internal and external reasons for implementing a QMS
7
Criteria, if for implementing a QMS, can be subdivided mainly into two different groups: internal aspects e.g. internal quality improvements like reduction of rework or cost savings and external aspects e.g. lower reclamation rate, better image, differentiation via long term quality strategy.
Another reason for implementing a QMS is that it can be required by the customer (but it must not be the only reason!).
Educational programs and educational materials are then necessary. The majority of them address large enterprises and there is a lack of educational material and tools specially designed for small enterprises with practical guidelines that can help on the implementation of ISO-9000 without bureaucratic procedures. Moreover, even if the requirements of ISO-9001 are single, their way of application varies between the enterprises with different objectives, sectors and methods of operation.
Some professional organizations have already proposed guidelines to explain how to adapt the general requirements of ISO-9001 to their own case; but, in general, those tools do not address the specific needs of small enterprises.
8
CHAPTER 2. GENERAL
2.1. The sense of the word “Quality”
The word "Quality", being an abstract concept, can have many different definitions, such as "essential and distinguishable attribute of someone or something " or "feature defining the individual nature of something"; these are just some of the many definitions of the entry "Quality" that one can find in the dictionary.
A traditional meaning - but nowadays quite old fashioned - is "conformity to specific requirements". This acceptation matches the concept of quality directly to the features of the product/service itself (Quality as feature), emphasizing its fulfilment. In this sense, the quality implies that the requirements of the production process are clearly specified and entirely respected, without any guarantee that these requirements will respond to customer expectations, who is not necessarily taken into consideration.
On the contrary, the current concept of “quality” of any product/service implies the skills to understand the user’s need, and through the precise determination of the requirements, its fulfilment. This acceptation –underlining “the adequacy to usage” (Quality as value) focuses on user’s needs.
With the acceptation of Quality as “value”, many definitions of the word “quality” have been elaborated, and two of these are particularly important:
1. “Quality” intended as the features of the products meeting customer needs and determining his satisfaction. In this sense, the meaning of quality is oriented to profit. The goal of a better quality is to enhance customer satisfaction, and finally, to increase the profit. As increasing or improving quality involves money investments, we have also an increase on costs. In this sense, Quality means “higher costs”.
2. “Quality” intended as absence of flaws and errors which require repairing activities which usually bring to market shares loss, customer discontent and so on. In this sense the word “quality” is oriented to costs and better quality means “lower costs”.
Finally, ISO 9000:2008 defines the word “quality” as: "degree to which a set of inherent characteristics fulfils requirements”.
It must be specified that (explanatory notes in the regulations):- "the term quality can be used with adjectives such as poor, good or excellent; while the term “ inherent means existing in something, especially as a permanent characteristic”.
The many different definitions of word “quality”
Quality as feature
Quality as value
Quality means “higher costs”
Quality means “lower costs”
The ISO 9000:2000 definition
9
2.2. The development phases of Quality: culture, principles and methods
The origin of the problems related to Quality can be associated to the beginning of “trade” activities. It is a very old concept, strictly related to the establishment of the market itself with its main characters: the buyer-user and the seller-producer. In time, the meaning of “quality” has undergone different relevant evolutions, which have often changed its common meaning.
Let us concentrate on the main acceptations of “quality” developed during the 20th century.
In the years preceding the First World War there was a strong difference between “quantity” and “quality”, the former considered as belonging to production, the latter to the product final testing. Quantity is the main goal while quality is considered as one of many possible factors for success. Sometimes the buyer himself follows the production process and performs the final tests.
Between 1935 and 1945 the so-called Quality Control activities (QC) are generated. They are the set of actions which permits to point out and measure the product features, comparing them to formerly specified parameters. In these years the perspective changes, but the idea to intervene in the production process in order to guarantee the conformity of the product to the project itself, remains unchanged; actually, the production is deeply analysed and checking phases are included to guarantee the quality of the final product. Servicing companies are still not included in this Quality management method, because the “service” is not considered a measurable and valuable result.
In the 50s the approach to Quality is greatly modified and gradually the idea is spread that no business activity can be totally separated from the other ones. Consequentially, successful results can be obtained only thanks to the integration and coordination of the many different company departments. In these years the Total Quality (TQM) approach is born in the USA. The QC is still bound to each single activity and it doesn’t control the entire structure yet: however, the trend extends Quality control concepts to the organization and planning phases.
In the 60s the concept of Quality is newly modified and systematically operates on both production process and product itself, the so-called Quality Guarantee (QG). QG is a management system which considers the integration of several activities, whose strong connections contribute to determine the quality of the product itself. Activities such as action planning, staff training, records filing and management,
After the First World War
Between 1935 and 1945
In the 50s
In the 60s
10
adjustment actions, etc.
The most relevant innovations of the QG method, compared to the older approaches, are:
- integrated approach to Quality management, considered as part of the system, controlled by the entire organization, and most of all by the management;
- immediate applicability to services;
- attention to planning and activity recording;
- widening of planning and testing concepts, from production to designing.
The difference between Quality Guarantee and Quality Total Management systems is basically on their different approaches: the former is static, the latter is dynamic.
The Total Quality system puts Quality at the very first place among the business values and its goal is to improve its relationship with its customers.
The active orientation to Quality implies the introduction of innovative attitudes and differs from traditional approaches in three points:
1. improvement of quality as a continuing process;
2. improvement through fixed policies and goals;
3. education of the whole organization to Quality as a rule.
In the 70-80s the concept of Quality is also extended to servicing companies. In “Quality in Services” we can distinguish two different approaches. The traditional approach is based on the identification of customer needs and expectations and the subsequent product design, the activation of Quality process (in terms of mistake reductions), control planning and its improvement.
The other approach - the so-called “staff-oriented” approach - asserts that a quality program should be based on a change of culture, values, attitudes of the whole personnel; its most important points are basically staff management and customer feedback.
The starting point is the identification of the “product” offered by the servicing company and its features -in comparison with any manufactured product - such as:
- the product does not exist before purchasing;
- the product cannot be stocked;
- production and consumption happens in the same time;
In the 70-80s
11
- the customer is involved in the production phase;
- the product cannot be touched;
- mobility of the service supply system.
The attention paid to services helps to change the perspective when facing problems regarding quality: the organization starts considering not only the “product”, but also all management and technical activities implied in the “product”, that is the business process.
The process includes all the activities oriented to a final result, performed by different business units. Each of them adds a new value to the product, directly proportional to its integration skills and ability to work for targets.
Managing for processes means highly supervising all the connections among different activities, identifying customer needs aiming to his satisfaction, and exploiting business outputs as the common target.
Whoever is responsible for Quality starts investing in the “Quality System” concept, i.e. running the business aiming for Quality. The structure of a Quality system can be summarized as:
1. definition of the business and its goals
2. assignment of tasks and responsibilities
3. identification of means and staff
4. implementation and management of operative modalities through monitoring and checking
According to Quality policy, the business is more and more oriented towards customer satisfaction and his needs become the organization target, at the lower organizational costs.
Creating Quality means providing “internal quality” and “external quality”.“External quality” refers to the customer relationship modalities, and above all, the awareness of his needs, attitudes, expectations, how carefully his request is considered, how much care is given to the communication process (welcome, service and farewell), problem solving skills, and easiness in anticipating – if needed – his needs and wishes, offering services not explicitly requested. “External quality” also means the establishment of good relationships with suppliers, media, etc. as the corporate image contributes, in large measure, to the perception and determination of “external quality”.
“Internal quality” refers to all that is related to worker’s
12
satisfaction and parameters such as: shifts, information circulation, time management, accomplished tasks feedback, and so on. Therefore, quality can be defined as conformity of the “service” to internal and external customer satisfaction.
The 1990-2009 period is characterized by the increasing demand of “social quality” aiming to consumers, citizens and user’s satisfaction. The main goal is now the improvement of life quality, and all companies develop more integrated systems to manage quality, environment and safety. In this contest is set the SA 8000 standard (Social Accountability). The origin and development of this first standard on social responsibility is a world-wide recognized reference point. Its main goal is to eliminate unfair and cruel work conditions in all kind of business.
The 1990-2009 period
2.3. Quality Management System
The “quality management system” is a wide concept and it can be defined as a systemic set of management procedures used to monitor, check and improve the organization operative and financial performances, aiming to offer the best product/service at lower costs.
The management procedures constituting the “quality management system” include some activity subsets, respectively indicated as: “Quality assurance”, “Quality control” and “Quality improvement”.
“Quality assurance” (QA) activities aim to guarantee that all changes in the process are clearly identified and valuated. It also guarantees that all product/service specifications - necessary to satisfy both customer and product/service producer’s requirements - are clearly fixed.
“Quality control” (QC) is a process – also known as “quality statistical control” – which permits to valuate the performance of the current organization processes, individuating and performing the actions necessary to eliminate undesired performances. Thanks to this process QI standards can be fully respected. The activities to correct irregular products can be or not be included in QC environment.
“Quality improvement” is a systematic and continuing activity, which involves all business processes, aiming at high performances.
Anyway, a “quality management system” must be based on policies aiming to reach high quality goals. Actually, all business actions reflect the management policy on fields such as finance, product/service typology, social problems, personnel safety and so on.
Finally, a “quality management system” must be accompanied by a good “quality technology system”: technologies able to obtain, monitor, control and improve the quality of the product/service itself.
Definition
Quality assurance
Quality control
Quality improvement
13
2.4. Why the implementation of a Quality Management System?
The creation of a quality management system can help the organization to enhance customer satisfaction as well as of the other interested parties. Moreover, a well implemented quality management system provides the business with the structure to activate continual improvement actions.
The increasing of customer satisfaction (CS) - as well as of the other interested parties involved in production - and the activation of continual improvement (CI) are strictly linked to each other. Actually, considering the continuously changing customer needs and expectations, as well as competition and technical progress, the continual improvement of products and processes is an essential condition to remain in the market.
The increasing of people’s satisfaction and the activation of continual improvement can be obtained only if the organization considers some important principles, such as:
Principle 1 Customer focusPrinciple 2 LeadershipPrinciple 3 Involvement of peoplePrinciple 4 Process approachPrinciple 5 System approach to managementPrinciple 6 Continual improvementPrinciple 7 Factual approach to decision makingPrinciple 8 Mutually beneficial supplier approach
Customer satisfaction and Continual improvement
The principles of CS and CI
2.5. The ISO 9000:2008 standard
ISO 9000 is a set of international standards published for the first time in 1987 by Geneva International Organization for Standardization (ISO). Firms can use these standards to individuate requirements necessary to maintain an efficient quality management system.
For example, the standards indicate the requirements needed for the right calibration of measurement and testing equipment (e.g. of scales and weights) or to maintain an adequate registration system.
The ISO 9000 standards are the result of an international agreement of “good management practice”, in order to guarantee products/services in line with customer quality expectations, through processes, management and control.
ISO 9000 standards is a set of guidelines and requirements to implement and maintain a quality management system, applicable to any kind of public or private organization, regardless of its activity and size.
The ISO 9000 includes three main documents:
ISO 9000:2005, Quality management systems –
The origin of the ISO 9000
The ISO 9000 series
14
Fundamentals and vocabulary.
ISO 9001:2008, Quality management systems – Requirements.
ISO 9004:2000- under revision, Quality management systems – Guidelines for performance improvements.
As the set of ISO 9000 - 2000 edition and up- includes only one model for quality management system (ISO 9001), the organization intending to implement a quality management system should determine which items of the standard they want to use for management actions and should develop its own system with those requirements. The organization can get an exclusion from the implementation of some clauses of the 7th
paragraph of the standard, if not applicable due to the nature of the company. Design and development must be controlled and documented if applied by the company.
The current ISO 9001:2008 edition being active from February 2009 on and the undergoing revision of ISO 9004 introduce minor only changes to the previous edition. The main ones have to do with:
Rephrasing to improve consistency between the ISO 9000 series standards and those of ISO 22000 and ISO 14000.
Adding the concept of business environment and risk
Better definition of the control over outsourced processes
Upgrading statutory and regulatory requirements
Including the goal of managing the work environment needed to achieve conformity to requirements, this meaning physical, environmental and other factors
Definition of personal data as a key example of type of customer property that have to be protected.
Information systems as a key example of the type of support services that may impact conformity to product requirements, as an example of calibration (verification and configuration))
Making explicit reference to post delivery activities such as warranty provisions, maintenance services and supplementary services such as recycling of final disposal
A third – independent – part, the certification body certifies the conformity of the quality management system according to ISO 9001 standards. The certification will show the business processes area, which the certification has been requested for, as well as any other management actions foreseen in ISO 9001 regulations not considered by the organization under certification.
The current ISO 9000 edition (2008)
15
CHAPTER 3. APPLICATION OF THE STANDARD ISO 9001 IN SMES
The aim of this chapter is firstly to introduce briefly the SME phenomenon and its specifics and secondly to outline how these specifics affect the implementation of quality management system in a SME
Objective of chapter 3
3.1. SME
Micro, small and medium-sized enterprises (SMEs) are socially and economically important, they represent 99 % of all enterprises in the EU and provide around 651 million jobs. Besides that, they are an essential source for entrepreneurial spirit and innovation.
Since SMEs play a key role in the economies, the term SME is a frequently used one. However, there is not one single definition used by all, on the contrary: the criteria for a small and medium-sized enterprise can vary not only between different European countries, but even within one country, depending for example on the field of activity of the enterprise. Selective approach to SMEs (different criteria for being considered a SME depending on field of activity) can for example be applied as one of criteria for obtaining entrepreneurship support in various aid programs.
3.1.1. EU definition
To introduce one definition, we have chosen the SME definition of EU, used apart from statistical purposes also to handle this economic phenomenon with respect to support schemes (especially state aid, Structural Funds and the Research and Development Framework Programme). In addition, the European definition gives us the opportunity to demonstrate, that the content of the term SME also undergoes changes in time.
Since 1996 the following European description of a SME was used based on Recommendation 96/280/EC:to the group of SMEs count all enterprises with less than 250 employees, with the balance sum lower than 27 mil. EUR/year or the turnover per year max. 40 mil. EUR. At the same time the independency requirement has to be fulfilled (not 25% or more of capital or votes may be owned by one enterprise or a group of enterprises, not matching with the SME definition).
Since the economic development has been considered as relevant for the position of SMEs, the criteria have been revised and a new definition published by Recommendation 2003/361/EC
The EU definition
1 Compare (http://europa.eu.int/comm/enterprise/enterprise_policy/sme_definition/index_en.htm)
16
in May 2003. It will be applied as of 1 January 2005.2 While the headcount requirement remains the same, there are changes regarding the turnover an balance sheet sums:
Table 3.1 Recent development in SME perception in EU
Enterprise category Medium-sized
enterprise
Small enterprise
Micro enterprise
‘96-‘04 ’05- ‘96-‘04
’05- ‘96-‘04
’05-
Headcount < 250 < 250 < 50 < 50 < 10 < 10
Turnover max. (mil. EUR) 40 50 7 10 - 2
Balance sheet total (mil. EUR)
27 43 5 10 - 2
According to EC, the main aim of the increase of the financial ceilings is to avoid penalizing enterprises that invest. While the increase is significant in percentage terms, it should not affect the number of SMEs on the market. From an economic point of view, it is neutral since it takes account of subsequent price and productivity increases while maintaining the staff ceilings.
3.1.2. The hidden giants
As stated in the introduction to this chapter, SMEs play a key role in our economy. Sometimes they are even called the hidden giants or the real giants of the European economy, since large enterprises form only 1 % of the total number of enterprises. More than that, 93 % of all enterprises are micro enterprises (0-9 employees)3.
Figure 3.1 European enterprises by size
SMEs – hidden giants
2 On 6 May 2003 the Commission adopted a new Recommendation 2003/361/EC regarding its SME definition (replacing Recommendation 96/280/EC). For more information please see: http://europa.eu.int/comm/enterprise/enterprise_policy/sme_definition/index_en.htm.3 SMEs in focus. Observatory of European SMEs 2002, European Communities, 2002
(Source: SMEs in focus. Observatory of European SMEs 2002; EC, 2002)
Two thirds of all jobs (private non-primary sector) are in SMEs, split up roughly equally between micro enterprises, small and medium sized. The size-class distribution of employment, however, differs, between countries. Very important is also, that SMEs create - unlike large enterprises - a net increase of job opportunities.
The strong position of SMEs, especially micro enterprises can be considered specific for Europe: an average European enterprise employs 6 people, while a Japanese 10 and an American 19 people. Therefore SMEs account only for 33 % of employment in Japan and 46 % in USA whereas in EU for 66 %.4
Europe’s private sector jobs are in:Employment by firm size
When linking the important market position of SMEs in Europe to the importance of ISO implementation three figures might be interesting:
world total of ISO 9000 certificates which shows a constant increase,
ISO certification
4 idem
18
Figure 3.2 Issued ISO 9000 certificates, world total(Source: http://www.iso.org/iso/survey2007.pdf)
distribution of issued certificates among world regions, which proves the strong emphasis laid on ISO certification in European countries,
Figure 3.3 Distribution of issued certificates among world regions (2007)
(Source: http://www.iso.org/iso/survey2007.pdf)
19
number of certificates issued to the revised standard ISO 9001:2000 (which replaces the 1994 versions of ISO 9001, ISO 9002 and ISO 9003), which more than tripled in 2002 in comparison to 2001 and represented nearly 30 % of the overall ISO 9000 total at the end of 2002
Figure 3.4 Share of certificates of conformity to ISO 9001:2000 on ISO 9000 total (2002)
(Source: http://www.iso.ch/iso/en/iso9000-14000/pdf/survey12thcycle.pdf)
Even if the extent of this manual does not allow us to go deeper in on the issue, the high share of Europe in issued ISO certificates together with the overwhelming majority of European enterprises being SMEs and the high acceptance of the new standard let us expect a high potential of QMS implementation according to ISO 9001:2000 in SMEs in Europe.
3.2. Implementing the ISO standard3.2.1. What should ISO (not) be about
Depending on the size of the enterprise, the implemented quality management system should not draw up something, that would be totally different from how the organization conducted its business until now. Please notice, that all enterprises already have a form of management system and possibly already fulfill some of the standard’s requirements, even if they have not, as yet, necessarily defined and documented how they do it. The aim of the ISO standard is definitely not to impose a totally new management system or to force the owner to change existing management activities.
On the contrary, implementing a quality management system according to ISO 9000+ should be understood as a strategic mean to control the business, monitor what is going on and
The “sense” of QMS implementationin a SMEs
20
which areas should be focused on. All requirements of the standard should be applied with insight and commitment. The quality management system should, to a maximal extent, implement modes already existing in the enterprise and in addition proved, known and used by employees. Only then can the enterprise fully benefit from implementation of the quality management system – it can improve internal processes and serve as a tool for excellent market performance.
3.2.2. Management principles
In an SME as well as in a large enterprise the company management consists of several mutually dependant factors, such as management of human resources, supplier - purchaser relationship, financial management, marketing, production/services management, safety management, environmental management etc.
The ISO 9001:2008 standard covers in different clauses the whole management diversity outlined above. Before implementing the standard even in small and medium-sized enterprises the top management should first of all get acquainted with the eight management principles, the standard builds on, namely:Principle 1 Customer focusPrinciple 2 LeadershipPrinciple 3 Involvement of peoplePrinciple 4 Process approachPrinciple 5 System approach to managementPrinciple 6 Continual improvementPrinciple 7 Factual approach to decision makingPrinciple 8 Mutually beneficial supplier approach
Despite the fact, that these eight principles are not explicit mentioned in the ISO 9001:2008 standard, they provide a framework for implementation of good management practice. To make you aware of that we have linked the principles with different fields of management activities, discussed in individual clauses of the standard. It regards e.g.:
ensuring resources for human resources development, development and maintenance of infrastructure and improvement of the work environment, effective involvement of employees in processes (principle 2 and 3),
ensuring credible information, so that top management can define the basic long-term orientation of the company – quality policy,
setting concrete short-term measurable tasks – annual quality objectives for lower management (coming out of principles 1, 2 and 3),
concluding commercially and technically clear contracts for products/services (principles 1 and 4),
ensuring economically convenient, high-quality inputs for the main activity (principle 8),
controlling own activity – concerning main processes of
The eight management principles of ISO 9001:2008
21
production or providing services the ISO 9001 methodology ensures an adequate level of documentation of relevant production and control procedures and instructions, compliance with operational practice, proper way to handle controlled documentation, identification and retrospective traceability (principle 4),
ensuring outputs of main processes, thus products or services of such a quality, that meet customer’s requirements (principle 1); the level of customer’s satisfaction is proved by gathering and evaluating information and by implementing measures, resulting from the evaluation (principles 4 a 7),
development of continual improvement program, being at the same time an effective management tool and a means to activate employees; it includes internal quality controls and transparent, consequent corrective and preventive actions (principle 6).
The principles of process and system approach (4 and 5) illustrate two aspects: firstly the importance of links between single processes and secondly the importance of links between processes, resources (financial, qualified employees, infrastructure, work environment, information) and conditions (framework outlined through requirements of interested parties).
At the same time active participation of the organization is required while executing changes and improving the knowledge level of employees, both being pre-requisites for continual improvement (principle 6). Decisions are based on facts – results of tests and analyses (principle 7). Other key factors - attitudes, motivation and competence of employees are more or less included in all eight principles.
Summarizing, the eight principles for quality management outlined above can be divided into two main management areas:
1. process management - applying process and system principles, implementing tools and attitudes of company’s management (principle 4 and 5, further 1, 6, 7 and 8),
2. human resources management – implementing tools in order to form attitudes systematically, to increase work ability and to create an environment supporting effective and efficient functioning of human factor (principle 2 and 3, but also 1, 6 and 7).
While providing management in both these fields, the new ISO 9000:2008 standard stresses evidential care for compliance with superior laws and standards, related to the main product.
The two main management areas
22
Figure 3.5 QM processes according to the eight ISO 9000 principles: 1 Customer focus, 2 Leadership, 3 Involvement of people, 4 Process approach, 5 System approach to management, 6 Continual improvement, 7 Factual approach to decision making, 8 Mutually beneficial supplier approach
23
3.2.3. ISO in SMEs - some characteristics having impact
Even if there is a single ISO 9001:2008 standard and so is the set of requirements on quality management system, there are some differences in the character of SMEs and large enterprises having influence on the implementation. Some of the differences bring about an easier start for SMEs, generally they ask for special attention. Within the group of SMEs micro and small enterprises have an even more specific position. Therefore the two groups will be dealt with separately.
Medium-sized enterprises (50 to 250 employees)
When implementing a QMS each member of the company must be aware of the importance of this step and must be motivated to contribute. Because of their smaller size, it is less difficult for the quality manager of a medium-sized enterprise to involve everyone than it is in large enterprises.
Furthermore, compared to large enterprises medium-sized enterprises may have a more plain organizational structure, run a lower number of processes liable to QMS and can manage with more simple communication tools. This might lead to a significant reduction of system documentation. On the other hand, the number of employees and the level of complexity of the enterprise usually result (different than in micro and small enterprises) in an - at least partly - documented system of conducting business, so that there is a certain base to build on when working out the quality documentation.
Another specific resulting from the company’s character is a usually emphasized customer focus. Since market potential of medium sized enterprises is limited compared to the possibilities of large enterprises or chains, they can be considered rather dependent on certain customers (big, important, regionally present), but in some aspects also strong supplier-dependent. Therefore these enterprises mostly care for good supplier – purchaser relationship.
Micro and small enterprises (up to 50 employees)
The obvious advantage of micro and small enterprises is that they are quite often family-related businesses with a director at the head, who usually is the owner as well. Consequently, he/she is directly motivated to lead the company towards prosperity, to satisfy old and to attract new customers. The customer focus is in general additionally strengthened since micro and small enterprises operate usually in regional markets and are in contact with an often limited number of customers and suppliers. A consequent care for good supplier – purchaser relationship is thus a precondition to survive.
The informality of the management brings a further advantage: the director/owner gives oral indications on who does what and
The specifics of medium sized enterprises related to ISO implementation
The specifics of micro and small enterprises related to ISO implementation
24
how and thus gives constant guidance, checks and controls the quality of the product/service, the others follow the instructions. The small size and informal management make it easier to motivate everybody within the company for the QMS.
In general, all enterprises have an established way or system of conducting business. As explained above, in micro and small enterprises informality is quite effective, however, it is rarely documented. In connection with lack of documented procedures and processes the quality documentation usually has to be worked out from scratch.
Micro and small enterprises have a very plain organizational structure and can manage with few, simple communication tools. This results in a significant reduction of system documentation. On the other hand, the unavoidable accumulation of functions requires multi skilled employees together with a well-advised definition of authorities and responsibilities, not forgetting a focus on communication, its content and the way of documenting it.
Another difference between micro and small enterprises on one hand and medium sized enterprises and on the other can consist (but not necessarily) in the number of management processes, where all management effectiveness requirements are consequently applied, including stated measurable indicators helping to follow the effectiveness trends.
25
3.2.4. Realization of ISO requirements and differences between SMEs and Large Enterprises
In the previous chapter some characteristic aspects have been appointed, having impact on ISO implementation in SMEs. Please find here an overview of areas which are considered specific, enriched by the findings resulting from the Correspondence table, enclosed further on in this chapter.
First of all some specifics of the ISO implementation result directly from the very nature of SMEs, such as the character of:
management - informal, directly motivated, plain organizational structure, requires good definition of responsibilities/authorities
personnel - few, multi skilled, cumulated functions, not responsible exclusively for QMS
documentation - lack of documented procedures
communication - simple form and tools
supplier-purchaser relations, customer focus - more depending on certain subjects, regionally limited
processes – lower number, structure rather simple
Further, from the correspondence table some additional trends emerge as significant for the implementation of individual clauses and specific requirements in SMEs. To summarize the most obvious ones:
Group vs. individual
Where in a large enterprise a management meeting and group decision is needed, in an SME the responsibility often lies with the owner/managing director - clauses 5.1 Management responsibility and 5.6 Management review mirror clearly this aspect.
SMEs vs. large enterprises
Group vs. individual
Long-term vs. short-term
Dealing clauses 5.4 Planning, 6.1 Provision of resources, 6.3 Infrastructure, 7.1 Planning and product realization etc. there has been stated a strong emphasis on short-term planning by SMEs respecting the cash-flow development. This can be partly explained by the dependence on individual orders.
Shifting outside
While in a large enterprise some activities and inputs are provided internally, in the case of a SME they are substituted by activities/inputs delivered from outside. Consider e.g. clause 7.4 Purchasing where input control tests are often replaced by output control results and certificates from supplier. Similar by 7.3 Design and development carried out by customer or 7.5 Production and service provision often based on customer’s
Long-term vs. short-term
Shifting outside
26
documentation. Last but not least, sometimes 8.2.2 internal audits cannot be provided by trained employees – internal auditors, because of their low number and thus possible conflict of interests.
Cumulated responsibilities
Where in a large enterprise selected employees are appointed and trained to carry responsibility for a certain activity, in SMEs this task has often to be executed by somebody with other cumulated functions – consider e.g. 5.5 Responsibility, authority, communication with no quality manager being a member of top management such as in large enterprises but with the managing director being usually responsible for the implementation or 7.6. Control of monitoring and measuring devices with responsibility for compliance of the devices with laws on metrology automatically lying with the managing director when there is no other management member appointed. (It must be added; that the extent of the accumulation depends on the sector the company is operating in and by production companies even on the type of production and quality controls required.)
Flexible extent
Another new thing about ISO 9001:2008 standard is, that it enables the enterprise to fulfill a requirement “in an adequate way” (to a certain extent), which was not possible by e.g. standards in automotive industry. This approach means that e.g. by 4.2 Documentation requirements the complexity of quality documentation will be lower in SMEs as well as its quantity, that extent and amount of information gathered in the frame 8.2.1 Customers satisfaction will differ in SMEs and large enterprises or that in the frame of 8.5 Improvement there might not be a separate Continual improvement program but concrete tasks resulting from periodic evaluation based on quality objectives.Alternatively, it has to be stressed that the ISO 9001:2008 standard will not „forgive“ the SME anything simply because “it is small“. Exceptions in the sense of letting out are possible only by requirements, discussed in clause 7. Product realization. And even then possible exceptions are available to all kinds of enterprises (not depending on size), the eligibility of every exception has, however, to be justified. Hereby a simple rule can be applied: no requirements affecting quality of the product/service may be excluded.
Cumulated responsibilities
Flexible extent
Correspondence table
The requirements of the ISO 9001:2008 standard are defined in clauses 4 till 8. In this chapter and in the previous one (3.2.3 ISO in SMEs - some characteristics having impact) we have outlined some differences between SMEs and large enterprises, which can affect the implementation of the quality management system. The table below links these differences together with the requirements of the standard (clauses 4-8) and gives you an easy to use overview of those requirements, which may require
The differences between SMEs and large enterprises related to the ISO requirements
27
a particular approach when implementing the standard in a SME. The correspondence table is drawn up according to clauses and requirements of the ISO 9001:2008 standard.
28
Table 3.2 The ISO related differences between SMEs and large enterprises in a nutshell ISO 9001:2008 standard – Correspondence table
Clause Large enterprise SME Comments
4. Quality Management System4.1 General
requirements
Quality management system has to be established, documented, implemented, maintained and continually improved in accordance with requirements of ISO 9001:2000.
If an organization will claim or imply conformity to ISO 9001:2008, then it may not exclude from its QMS requirements that do not meet the criteria stated in clause 1.2 Application of the standard.
4.2 Documentation requirements
Documented statements of quality policy and quality objectives. Three-level documentation (quality manual, regulations, work instructions).High number of users = high number of copies, partial documentation centres, voluminous system documentation, usually electronic version (intranet), hypertext links, links to related documents, forms etc.Documents and records have to be controlled.
Documented statements of quality policy and quality objectivesTwo-level documentation (Quality manual and work instructions). Obligatory regulations broadly discussed in the Quality manualLow number of users = low number of copies, one documentation centre.Form more simple, e.g. Quality manual in form of one file folder with all related documents including example forms used for records etc.Documents and records have to be controlled.
Quality policy is the basic unifying document declaring the needs of the enterprise and its customers; it should include a long-term visionQuality objectives have to set up concrete milestones on the way to fulfill the visionQuality manual – by SMEs the most suitable way to describe the interaction between processes of the QMS may be the graphical one; in some cases process cards or hyperlinks in electronic documents may be advised
The ISO 9001:2008 edition previews that a single document may include the requirements for one or more procedures.
5. Management responsibility5.1 Managemen
t commitment
Management usually consists of several responsible employees – (managing director, directors specialists). The company’s owner may stay outside QMS (stock corporation).
Owners as managing directors directly control the company. A specific case is a one-owner-company, where the management is executed directly by the owner, who does not need a “management meeting” to make strategic decisions.
By SMEs this field is quite often left out. But even in their case, the management has to specify its vision and long-term intentions related to the business subject, own optimal product and its presentation on the market. The intention of a SME can be e.g. to become partner of a certain client (supplier of an automotive industry or electro-engineering subject), in the case of commerce or services e.g. to be authorized partner (dealer or service provider) etc.
29
The management shows personal involvement and activity while improving the QMS and stimulating continual improvement through internal message about the importance of meeting customer’s requirements and requirements imposed by related superior laws and standards.
5.2 Customer focus
Usually, information source for the company’s orientation is own marketing. Customer’s needs are to be understood as market potential – having identified it prevents wrong decisions regarding future orientation.
Information for company’s future orientation mostly won due to membership in associations, internet etc.Own marketing limited, possibly due to relative high costs.
Both managers and employees of SMEs usually are more directly motivated to lead the company towards prosperity and thus to satisfy old and to attract new customers.
5.3 Quality policy
Basic unifying document declaring the results desired by the enterprise. It should be appropriate to the purpose of the organization and include a long-term vision. It should include the commitment to comply with requirements and continually improve the QMS. The quality policy provides a framework for establishing and reviewing quality objectives.All employees should be aware of the declared quality policy of the organization.
Even in the case of SMEs, the management has to specify its vision and long-term intentions related to the business subject, own optimal product and its presentation on the market. The intention of a SME can be e.g. to become partner of a certain client (supplier of an automotive industry or electro-engineering subject), in the case of commerce or services e.g. to be authorized partner (dealer or service provider) etc.
5.4 Planning Detailed financial plan and exact calculation of development expenses.Factual production planEstablishing measurable quality objectives consistent with quality policy.
Annual plan in financial indicators, cash-flow depending on development expenses, main activity often controlled by operative plan.Establishing measurable quality objectives consistent with quality policy.
Planning is an integral part of any enterprise management. In the case of SMEs, however, some of the plans (e. g. investment plan, training plan etc.) might be understood only as a framework and may be controlled operatively according to actual cash-flow development.
5.5 Responsibility, authority, communication
Branched organizational structure, easier defining of authorities and responsibilities, executive and control functions.Management representative is usually a member of top management, can be helped in QMS administrative tasks by an employee.Sophisticated means of communication (e.g. intranet)
Simple organizational structure, often cumulated functions. When distributing responsibilities and authorities, specifics of the SME and characteristics of individual managers have to be taken into account.Management representative for QMS usually has other cumulated functions.Elementary communication means (e.g. joint management and production meetings)
Appointing a member of management responsible for the QMS is essential. It has to be a strong leader provided with authority to coordinate the whole system. While there is usually a new position established in large enterprises, in micro enterprises the task is often taken over by one of the managing directors or by the owner himself.
30
5.6 Management review
Complex report on given period as input for management review.Review during a management meeting, documented in minutes, formulated remarks and actions resulting from the evaluation.New challenges for Quality objectives or continual improvement program.
Complex report on given period as input for management review.Documented owner’s standpoint to the report (by companies, where the influence of management meeting members on the owner is only advisory), including specification of actions if necessary.Review of quality objectives.
Management review means a recapitulation of the whole QMS in regular periods (annual, biannual). Unlike other system requirements, applied by SMEs already before the implementation of QMS, it is not common in SMEs to execute management review in an extent requested by the standard. In the context of strategic management such a standstill and recapitulation is very useful. The standard requires decisions to be made based on facts, not opinions. In the context of management review original intentions, objectives and resulting tasks can be modified.
6. Resource management6.1 Provision of
resourcesDetailed financial plan and exact calculation of development expenses.
Planned resources respecting the cash-flow oscillation in the course of the year.
Even an SME should determine resources needed to implement and maintain the QMS and to meet quality objectives and should specify how the resources will be provided. In the case of SME, distribution of resources during the year might be controlled operatively according to cash-flow development.
6.2 Human resources
Human resources department/section with divided personnel and educational activities.Map of company’s qualification structure, specification of work positions, personal development plans.
Evaluation of employees through interview. Annual training plan.
Evaluation of training quality and effectiveness.
Cumulated personnel work and training management.
Map of company’s qualification structure, specification of work positions.
Annual training plan.
Training evaluation.
Good personnel work can be done even in an SME. It is necessary to evaluate the performance and reserves of every employee and to plan the use of it in a broader context, in new fields or at least by conserving the actual state. Employees, however, have to feel that they are followed and evaluated and that the company counts on them. The most suitable form of applying the requirement is a simple evaluation of ability and planning personal development of every single employee (regular detecting of training needs, training plans, evaluation). Use of experience and ability of employees is typical for SMEs-service providers, where the quality of the service often depends on experience of single employees.
6.3 Infrastructure
Demanding, large infrastructure.Infrastructure development planning
Rather simple infrastructure.Infrastructure development realized
SMEs often develop their infrastructure more dynamically than large enterprises.
31
based on long-term strategic plans, making use of different investment studies and scenarios.
Annual maintenance plan.
under conditions of more simple decision making processes (owner makes short-term decisions based on actual resources).Annual maintenance plan.
Continual detecting of the means needed to ensure conformity of the products involves technology, measuring devices, information system, car park, communication technologies, work tools for employees. It is to be recommended to improve the infrastructure development plan in relation to quality objectives.
6.4 Work environment
The organization determines and manages the work environment needed to achieve conformity to product requirements.Besides control of compliance to obligatory requirements of related laws and standards (according to sector and field of activity) additional surveys are carried out on the impact of work environment on the quality of the product (especially in production companies).
The organization determines and manages the work environment needed to achieve conformity to product requirements.
As an SME: do not forget to fulfill requirements of related laws and standards, as well as obligatory revision of state authorities!
The ISO9001:2008 edition pays special attention to the management of the work environment needed in order to achieve conformity to sales requirements.
7. Product realization7.1 Planning and
product realization
Main activity (production) usually planned in an annual or quarterly detailed factual plan. Planning quality, detecting risks.
Products as well as production processes have to meet requirements defined by laws and superior standards.
If the production cannot be long-term factual planned (company satisfies direct demand of individual customers), than a planning in e.g. financial indicators is necessary.Products as well as production processes have to meet requirements defined by laws and superior standards.
Even in an SME it is useful to set requirements for the product. Consequently, there should be records providing evidence that the realization process and the product meet set requirements.
7.2 Customer-related processes
During the decision process regarding order acceptance all managers influencing the order have to make their comments. The standpoint has to be documented (recommended - in information system).Negotiations with customer specifying the contract are documented.
Review of order acceptance has always to be documented (at least simplified), even if the owner decides.
Records on order acceptance review make part of controlled documentation.
7.3 Design and development
The company usually disposes of own capacity for product/processes development.
Cases appear, that companies ensure development mainly utilizing co-operating experts. This demands proper documentation reflecting
By SMEs the development of the product often happens by the customer, which can be qualified as not fulfilling of the requirement and may be even reason for
32
requirements of clause 7.3. of the standard.
exclusion.
7.4 Purchasing List of suppliers for a limited period derives by running companies from repeated evaluation. Members of production and technical control department should be involved in the evaluation.The company has an own test room, where input control of purchased material is executed and its release into production approved.It is used to execute customer audits by supplier.
Evaluation of suppliers for a limited period and documenting of the list of approved suppliers has to be done even if a strong accumulation of information and responsibilities exists.Acquiring output control results and certificates from the supplier can replace the input control tests.
Even by SMEs evaluation of suppliers forms an important input for preventive actions and negotiations with partners. In the organization a permanent drive for evaluation has to be evident.
7.5 Production and service provision
Production or providing services is usually operated according to own documentation and procedures. Processes being verified.All material in production is properly signed, marking enables backward tracing of all relevant information.Procedures for providing service of own products exist, service realization documented.
Production or providing services often carried out according to documentation or procedures delivered by the customer. Documentation verified and released before use. Processes verified.Procedures for providing service of own products doe not always exist.
If there is no service for own products provided and there is a co-operation with a service provider assigned instead. This co-operation has to be exactly specified (especially quality requirements).
7.6 Control of monitoring and measuring devices
In the frame of QMS laws on metrology usually count as superior standard. Member of metrology department participates in management.Calibration of measuring devices often provided internally. If the company uses to do calibration of measuring devices itself, calibration procedures have to be defined.
If there is no management member appointed as responsible for compliance with laws on metrology, than this responsibility lies automatically on the managing director of the company. Calibration of measuring devices is usually provided by an external competent center.
Even if calibration of measuring devices is carried out externally, in the company there has to be kept documentation that meets requirements of clause. 7.6 of the standard.
33
8. Measurement, analysis and improvement8.1. General The organization shall plan and
implement processes needed to demonstrate conformity of the product, ensure conformity of the QMS and its continually improvement.Used methods should be defined, including statistical methods (if applied).
In SMEs the use of analyses and statistical methods is rather restricted. However, also in SMEs there are certain monitoring, measurement and improvement outputs and processes such as management review report (owner’s documented standpoint), records of nonconformity, corrective and preventive actions records etc., which should be analyzed and used for improvement.
8.2 Monitoring and measurement8.2.1 Customer
satisfactionBesides top management also members of other departments have the possibility to obtain information on customer’s satisfaction directly from customers, e.g. members of the marketing or service department. Collected information is processed, selected, and based on evaluation necessary actions are defined.
Relevant information on customer’s satisfaction can usually be collected only by top management members or by the owner. Structure of the information needed (checklist) and strategy of its acquisition have to be worked out beforehand. Obtained information is evaluated, necessary actions defined.
Even in SMEs the collected information on customer’s satisfaction should be documented in written form even in case of a strong accumulation of information by one person.
8.2.2 Internal audit
Internal audit plan guarantees that all departments and all clauses of the standard will be checked up in the course of current year.There is a team of own auditors ensuring the realization of internal audits. Members of this team are regularly retrained, their work evaluated.Summary of through internal audits acquired information forms an essential part of the management review report.
External auditors can be accepted for carrying out internal audits only if - because of a low number of employees - own auditors cannot ensure internal audits without facing conflict of interests. Audit plan for one year worked out in advance, compliance with requirements of the standard as well as extent and content of audits are monitored thoroughly.Audit findings have to be reflected and if necessary the QMS improved.
Even if the audit is ensured by external auditors, the audit procedure has to be described and documented According to requirements of clause 8.2.2 of the standard.
8.2.3 Monitoring and measurement of processes
All management and production activities are, to an adequate extent, monitored and evaluated. By specific production processes (e.g. welding, surface treatment) may the data, acquired as a result of control, be further used in the system of product monitoring and measuring.
By SMEs the number of processes liable to monitoring and measurement will be considerably lower than by large enterprises.
8.2.4 Monitoring and measurement of product
Control between individual operations as well as output control is carried out by professional inspectors, members of independent technical control department. All types of
Control between individual operations and sometimes also output control carried out by production workers in form of self-test. In that case, workers are extra trained for control activity
Thanks to the controls nonconformities can be detected.
34
controls are specified in controlling and testing procedures.Control documents archived as quality records.
and based on training they are entrusted with control.Evidence of conformity/authorization of release should be documented.
35
8.3 Control of nonconforming product
Nonconforming (half-finished) product must be separated and protected from (even unintended) use, assessed and handled in one of the by the standard accepted ways.
Even by SMEs, monitoring and analysis of nonconformities is one of the inputs to be considered for decision on a corrective/preventive action.
8.4 Analysis of data
Adequate analyses are a non-excludable instrument for decision making and management.
The standard requires decisions to be made based on facts, not opinions. Monitoring of processes/products and analysis of acquired data is thus unavoidable even by SMEs (in appropriate extent).
8.5 Improvement
The company usually has a separate document to deal with improvement, the Continual improvement program. It expands on declared quality objectives specifying minor important tasks.
Annual quality objectives include usually also minor concrete tasks ensuring development of the enterprise. Thanks to a frequent actualization and completion in the course of the year an up-to-date state and effectiveness is guaranteed.
Overview of actions undertaken to improve the QMS forms a part of the complex report on given period (being input for management review).
8.5.2 Corrective action
The corrective action control system guarantees in both, a large enterprise as well as a SME, that suggestions for preventing insufficiencies will be evaluated, a procedure for a corrective action will be established and executed and result of the action controlled.
Every corrective action has to be proportional to consequences of nonconformity stated.
8.5.3 Preventive action
The preventive action control system guarantees in both, a large enterprise as well as a SME, that suggestions for preventing insufficiencies will be evaluated, a procedure for a preventive action will be established and executed and result of the action controlled.
Every preventive action has to be proportional to consequences of possible nonconformity.
36
CHAPTER 4. THE STANDARD ISO 9001:2008
4.1. Introduction
The objective of the chapter 4 of these guidelines is to present the requirements as stated in ISO 9001:2008 international standard, in an easy to understand way and to give examples of their fulfilment.
A new requirement of the 2000 version standard is the documentation of the control methods of potential outsourced processes of the company (TC 176, ISO 9000 Introduction and Support Package: Guidance on "Outsourced processes"). This element refers only to outsourced processes that may affect product conformity with specific requirements. For example, if an apparel industry outsources the clothes’ sewing or processing, the control methods over the external supplier must be documented, as well as their results.
Chapters 4.2 presents the main characteristics of ISO 9001:2008 standard that differentiates it from the version ISO 9001:1994
Chapter 4.3 presents the standards ISO 9000 and ISO 9004 that are related to ISO 9001.
Chapters 4.4-4.8 include the respective clauses 4-8 of the standard and their interpretation. In this way it is easy for the beginner as well as for the advanced reader to study this guidelines in relation to the standard, so as to understand it better and fulfil the requirements.
Objective of the chapter 4
Outsourced processes
Structure of the chapter 4
4.2. Characteristics and contents of ISO 9001:2008 standard
ISO 9001:2008 is a quality management system international standard, issued by ISO. It was first issued in 1987, based on the British standard BS 5750. It was first time revised in 1994 (series ISO 9000:1994), second time in 2000 (series ISO 9000:2000) and the last revision is that of 2008.
This new version contains no new requirements. It contains only a few changes and clarifications in “Notes”. The points of clarification focus on outsourcing, documentation, management representative, employee competence, design verification and validation, process monitoring, control of nonconforming product and corrective and preventive action.
Introduction to ISO 9001:2008
Main characteristics of the current version of ISO 9000
The international standard ISO 9001:2008 maintains the process approach of the previous version. As process is defined ‘any activity that receives inputs and converts them to outputs’. The processes of the company are linked together and outputs from one process can be input to another.
The systematic identification and management of the processes employed within an organization and the interactions between such processes may be referred to as the ‘process approach’.
Process approach
37
The company has to identify and analyse its processes and their interactions and document them in the extent that it is needed to ensure their good performance.
The standard categorises company processes in 4 categories:
Management
Resources management
Product realisation
Measurement, analysis and improvement
ISO 9001:2008 pays special attention to the fulfilment of customer needs and expectations. One of the main responsibilities of top management is to ‘ensure that customer needs and expectations are determined, converted into requirements and fulfilled with the aim of achieving customer satisfaction’ as stated in paragraph 5.2.
Chapter 7.2 of the standard describes in detail the way, with which management shall identify and review customer requirements. According to paragraph 7.2.1 regulatory and legal requirements should also be taken into consideration.
In addition paragraph 8.2.1 states that the company shall establish a way to monitor and measure customer satisfaction.
Customer oriented
0 Introduction0.1 General0.2 Process approach0.3 Relationship with ISO 90040.4 Compatibility with other management systems
1 Scope1.1 General1.2 Application
2 Normative reference3 Terms and definitions4 Quality management system
4.1 General requirements4.2 Documentation requirements
5 Management responsibility5.1 Management commitment5.2 Customer focus5.3 Quality policy5.4 Planning5.5 Responsibility, authority and communication5.6 Management review
6 Resource management6.1 Provision of resources6.2 Human resources6.3 Infrastructure6.4 Work environment
7 Product realization
Contents of the standard
38
7.1 Planning of product realization7.2 Customer-related processes7.3 Design and development7.4 Purchasing7.5 Production and service provision7.6 Control of monitoring and measuring devices
8 Measurement, analysis and improvement8.1 General8.2 Monitoring and measurement8.3 Control of nonconforming product8.4 Analysis of data8.5 Improvement
4.3. Other related standards
Directly related to ISO 9001:2008 are the standards ISO 9000:2000 and ISO 9004:2000. These two standards do not have a certification value.
ISO 9000:2000 Quality management systems - Fundamentals and vocabulary has double scope. At first it provides the fundamental concepts for quality management systems in an informative way. Secondly it provides the terminology used in the ISO 9001 international standard. This second part has a normative character.
ISO 9000:2000
ISO 9004:2000 Quality management system – Guidelines for performance improvement is an independent standard that may be used in relation to ISO 9001:2000 standard. ISO 9004 has similar structure with ISO 9001, so that the two standards can be easily used together. ISO 9004 is wider in scope than ISO 9001, focusing on company’s overall performance improvement. ISO 9004:2000 are not guidelines for implementing ISO 9001:2000 and is not intended for certification or contractual use. The two International Standards are designed to be used together, but can also be used independently.
ISO 9004:2000
4.4. Quality Management System (clause 4)
This chapter follows the structure and content of ISO 9001:2008 standard in order to facilitate its interpretation. When appropriate, there are citations of the ISO 9000:2000 and ISO 9001:2008 standards and applications of standard requirements in practice.
Words or sentences marked with apostrophe and italic (“italic”) are direct citations from ISO 9000:2000 and ISO 9001:2000 standards.
39
Reference of each chapter to the ISO 9001:2000 standard is presented after titles (e.g. clause 4.1).
Documented procedures and records required by ISO 9001:2000 are marked with a picture of book.
4.4.1.General Requirements (clause 4.1)
“The organization shall establish, document, implement and maintain a quality management system and continually improve its effectiveness in accordance with the requirements of this International Standard.”
´Establish, document, implement and maintain` should not be interpreted as separate words. Instead, it is expected to see a functioning management system to direct and control an organization with regard to quality, e.g. encouraging organizations to analyse customer requirements and defining the processes that contribute to the achievement of a product5.
The focus should be on continually improving the system’s ability to produce conforming6 products in an effective and efficient manner. ´Improvement ´ refers to the actions taken to enhance the features and characteristics of products and/or to increase the effectiveness and efficiency of processes. The term ´continual ´recognises that improvements may be made in a step-like manner and not necessarily as a smooth, joined-together flowing process.
The only part that ISO 9001:2008 standard requires to be documented concerns here the chapter 4.4.2. Documentation Requirements. Otherwise organizations can by themselves determine the necessary level of documentation. Also, it is completely within their rights to manipulate order of the standard to suit own needs, e.g. by rearranging the standard’s clauses into a more practical sequences. Although documentation requirement concerns only one chapter, our recommendation is to document also the processes (discussed below), because by documenting them many of the standard requirements will be rather easily met, such as control methods, which as a separate matter are otherwise difficult to prove to the auditor.
Management system
5 Product: result of a process i.e. result of a set of interrelated or interacting activities which transforms inputs into outputs (process: set of interrelated or interacting activities which transforms inputs into outputs)6 Conformity: fulfilment of a requirement. Requirement: need or expectation that is stated, generally implied or obligatory. Nonconformity: non-fulfilment of a requirement.
40
Design and Development
Technical support an Maintenance
-Order entry Production- Shipment
Management Information management
Measurementof processes
Finance ADP Cleaning and Security
CORE PROCESSES
CUSTOMER
CU
STO
MER
Figure 4.1 Process map of a construction company (artificial)
ISO 9001:2008 states that the top management in an organization shall ensure the planning of the Quality Management System, including following six (a–f) clauses:
a) Identify the processes and their application:
Identification of processes means that all essential activities that are needed to produce the products or supply the services (or both) should be identified, including management activities, provision of resources and measurement. Processes are discussed in detail in chapter 4.7.
Identification of processes and their application can be documented (e.g. process map), but also an obvious knowledge base shared by all practitioners might suffice. Although documentation is not specifically required, it is recommended since it is an illustrative and useful communication tool about organization’s mission.
b) Determine the sequence and interaction of processes:
This is a follow-up to a) above. A useful and demonstrative tool showing sequence of processes and linkages between them is a process map. Since it presents all essential activities, it actually clarifies the whole meaning of an organization, a reason for its existence (mission). Usually a process map is a one-page illustration showing the sequence and interaction of top-level processes and including indicators for lower level processes and additional information.
Process map is not a requirement of ISO 9001:2008, and sometimes a text-only description might be more suitable in some organizations. Example of a process map is presented in the figure below. The map is an artificial example of the process
map in a construction company:
In this process map there are three core processes which serve the external customers and bring money to the company (the outputs of core processes are those that a customer buys from
Process map
41
the company; that is why the customer is presented in the map). At the top there are three boxes including management, information management and measurement of processes. There are activities applied to all processes in the company e.g. where management includes strategic decision, quality policy, management reviews etc. Below the core processes there are supporting activities – finance, ADP and cleaning and securing – to support the performance of core processes. When seeing this one page map, it easily presents the purpose of the company i.e. what products and services it sells to customers and what activities and resources are needed to produce them and to support them.
In addition to a process map, many organization use second-level models displaying one box of the process map in a more detailed way. The most popular model is a process flow chart (see figure 6 as an example of a process flow chart). They identify inputs, resources, process owner, control methods, outputs, records and other necessary information concerning the process. The third-level models are usually too detailed to be displayed in a model, and thus they are usually defined in work instructions.
According to Oxebridge Quality Resources, Inc. (2003) graphical process models provide a number of benefits, including:
Process flow chart
Figure 4.2 Artificial example of process flow chart
42
- providing employees with an understanding of how the processes they perform affect subsequent processes, departments and employees
- providing a means for employees to understand what their internal customers (the subsequent processes shown on the diagrams) need from them
- providing a quick and easy “snapshot” of a process that can link to subsequent, and more detailed, instructions or documents
- providing a single place to summarize all important aspects of a process, including its objectives and owners.
c) Determine criteria and methods needed to ensure that both the operation and control of processes are effective:
This involves a set of policies, procedures, requirements and methods, that are needed to ensure a smooth operation of processes. Usually they are self-evident matters such as previews if all necessary information is included, procedures completed and parameters met, and other practical things to be checked out about activity in question.
This clause addresses the use of statistical tools in the control of processes. The tools and methodology of Statistical Process Control (SPC) and Six Sigma can be too difficult for small enterprises, but some of them e.g. histogram, scatter diagram, fishbone chart and control chart, which all belong to Seven Quality Tools, are rather easy-to-use tools. The use of statistical tools is recommended by ISO 9001:2008, but they are not compulsory.
Statistical tools (e.g. 7 quality tools)
To summarize data from a process that has been collected over time, and graphically present its frequency distribution in bar form (Brassard & Ritter 1994).
To study and identify the possible relationship between the changes observed in two different sets of variables (Brassard & Ritter 1994).
To identify, explore, and graphically display, in increasing detail, all of the possible causes related to a problem or condition to discover its root causes (Brassard & Ritter 1994).
To monitor, control, and improve process performance over time by studying variation and its source (Brassard & Ritter 1994).
43
d) Ensure the availability of resources and information necessary to support the operation and monitoring of processes:
Resources include human resources, infrastructure and work environment. They are discussed in chapter 4.6.
e) Monitor, measure and analyse processes:
Usually monitoring and measuring are done as an integral part of the operation. It means that the performance of processes should be evaluated and rated somehow, in order to analyze whether they perform well and produce expected results. Many times the terms inspection and test are used synonymously with monitoring and measurement.
Example of a metric in order processing-production-shipment process (a process starting from order entry, then proceeding to production, shipment to the customer and finally ending to the point when customer receives the delivery) is the number of shipments delivered in time. Its sub-processes, e.g. production, might have their own metrics such as raw material consumption and machining time. Some of the metrics equal to quality objectives, which are discussed in chapter 4.4.2.
f) Implement actions necessary to achieve planned results and continual improvement of processes:
This is a claim that the processes must perform as indicated in clauses a)–e) and continually improve their ability to do so. It is up to every organisation whether it chooses to document these clauses or not.
4.4.2. Documentation Requirements (clause 4.2)
ISO 9000:2008 defines document as “information and its supporting medium7”. It can be a “record8, specification9,
Document
7 Medium: paper, magnetic, electronic or optical computer disc, photograph or master sample, or a combination thereof. 8 Record: document stating results achieved or providing evidence of activities performed9 Specification: document stating requirements, e.g. procedure document, process specification and test specification, product specification, performance specification and drawing
Figure 4.3 Some of the 7 quality tools
44
procedure document, drawing, report or standard”.
Documentation shall include:
a) Statements of quality policy and quality objectives:
Quality policy: “Overall intentions and direction of an organization related to quality as formally expressed by top management.”
There is no specific description of the structure and the contents of quality policy, but there are some principles to follow: Firstly, it is the uppermost document to address the commitment of top management to continually improve system’s ability to comply with requirements (incl. description of what is meant by continual improvement). Furthermore, it has to be aligned with any other policy and aims of the organization, be communicated, understood and found meaningful, and be used as a framework for setting various objectives. It is important to show dedication to improve competence and empower personnel, and to meet statutory and regulatory requirements and interests of stakeholders.
Usually quality policy is a one page statement signed by the top manager. It doesn’t need to be contained in the quality manual, nor to be signed. Since quality policy is a formal part of the QMS, it is usually included to the manual and signed by top management to show evidence of its endorsement.
Example of quality policy (abridged and artificial version):
Our mission is to be a leading supplier of high quality products (name of
the products) in Scandinavia and Northern Europe. This vision will be met
by:
- Providing goods which consistently exceed the expectations of our
external customers.
- Involving all our employees and partners in an effort to continually
improve the value of our products, services and processes.
- Ensuring that when complaints are received, they will be responded
in a timely manner with a view to eliminate the root cause and
prevent recurrence.
In order to achieve these objectives, it is important that all our employees
understand this quality policy and associated quality objectives. We will
continuously make an effort to comply with the requirements of ISO
9001:2008 and improve the effectiveness of our Quality Management
System.
Quality objectives: “Something sought, or aimed for, related to quality...Top management shall ensure that quality objectives, including those needed to meet
Quality policy
Quality objectives
45
requirements for product, are established at relevant functions and levels within the organization. The quality objectives shall be measurable and consistent with the quality policy.”
Quality objectives are realistic objectives converted from the quality policy and focused on all critical activities in the organization. It is advisable to link objectives to quality policy, because it makes the policy more understandable and concrete, and it is easier for personnel to see what is their contribution to achieve objectives and finally, how the objectives support intentions of quality policy. Of course, not all the objectives and associated metrics have a visible link to quality policy, but at least they align with the general direction.
According to ISO 9001:2008, the objectives shall be measurable, which usually means a comparison with some fixed unit of a known size and capacity. An example of converting objectives and metrics from the quality policy is presented below. Not all objectives are measurable, and for them there should be some other measuring system to suit particular purposes of the organization.
Example:
See the previous chapter of quality policy: ...Ensuring that when complaints are received, they will be responded in a timely manner..
OBJECTIVE: a quick response time to customer complaintsMETRIC: database of complaints (If a written form is used for processing of customer complaints, it is easy to see how many complaints have been responded to and at what response time)
Same sentence continues with:
...with a view to eliminate the root cause and prevent recurrence.
OBJECTIVE: Elimination of causes and prevention of recurrenceMETRIC: Number of corrective and preventive actions
Objectives can even be expanded to each process, because every process has an objective and it exists to accomplish something, whether it is known and written down or not. As presented earlier, a metric of order processing-production-shipment process could be the number of shipments delivered in time to the customer.
Management can keep specific numeric goals for objectives (e.g. 90 % of complaints responded within one day; 0 % corrective action rate). Usually it is advisable to keep them separate at management use only, because updating of numeric figures would require too frequent revision of quality policy, and also less than 100 % figures may be offensive to the customer.
b) A quality manual
A quality manual is a must, it must exist. It can be a printed or
Quality manual
46
electronic document, but it can vary in detail and format to suit best the purpose of an organization. Quality manual specifies the Quality Management System of an organization and proves that all ISO 9001:2008 requirements are met.
If some requirements cannot be applied due to the nature of an organization and its product, they can be excluded. However, the exclusions are limited to requirements within clause 7 (chapter 4.7 here). Such exclusions shall not affect the organization’s ability, or responsibility, to provide product that meets customer and applicable regulatory requirements. The fact that a specific process (e.g. manufacturing, design & development) is outsourced is not a justification for the exclusion. Instead, the organization must be able to demonstrate that it has sufficient control to ensure such processes. Possible exclusions can be for example
- Design and development; where the organization has no responsibility for the design and development of the products it provides.
- Identification and traceability; applicable where there is no specific traceability requirement for the organization’s products.
- Customer property; where an organization doesn’t use customer property in its product or product realization processes. However, if the customer provides a proprietary design for the product, it cannot be excluded.
- Control of monitoring and measuring devices; where the organization doesn’t need monitoring or measuring devices to provide evidence of conformity of its product (e.g. in service organizations).
c) Documented procedures required by ISO 9000
The mandatory documented procedures include
- control of documents; There shall be a documented procedure in the quality manual about how to approve and update documents, how to store and protect them (e.g. back up of files, safe deposits for documents, retention time), how to control and update external documents like industry standards and customer drawings and how to prevent unintended use of obsolete documents. At some point it is advisable to name an authorized person to carry out these activities.
- control of quality records; The same procedure as above, applying to records presented in section e).
- internal audit; Documented procedure about how to conduct internal auditing: how often, what activities and areas of the system to include, who will report etc. See chapter 4.8 for more information.
Documented procedures (mandatory)
Other documents
47
- control of nonconforming product; Documented procedure about how to control nonconforming product. See chapter 4.8 for more information.
- corrective action; Documented procedure about how to review nonconformities, determine their causes, implement action needed, document results and review corrective action taken. See chapter 4.8 for more information.
- preventive action; Documented procedure to detect root causes for nonconformities in order to prevent nonconformities to occur in the first place. See chapter 4.8 for more information.
d) Documents needed to ensure the effective planning, operation and control of processes
There are several requirements of ISO 9001:2000 where an organization could add value to its Quality Management System and demonstrate conformity by the preparation of other documents, even though the standard does not specifically require them. Examples may be:
- process maps, process models/flow charts
- organization charts
- specifications
- work and/or test instructions
- documents containing internal communications
- production schedules
- approved supplier lists
- test and inspection plans
- quality plans. (ISO/TC 176/SC 2: 4).
These documents are not mandatory, but by using them many of the standard requirements will be quite easily met. They act as a documented proof to auditors about meeting the requirements, at the same time communicating them effectively to own employees.
e) records required by ISO 9000
These are the records specifically required by ISO 9001:2008. Examples of each record are presented too.
Mandatory records
48
Table 4.1 Records required by ISO 9001:2008
Clause
Record required
5.6.1 Records from management reviews
Example: Table of minutes, memo or equivalent document presenting the results and actions made in a management review.
6.2.2 (e)
Records of education, training skills and experience
Example: An Excel-table including information of employees´ education and work history, training during current employment, specific skills etc. => All in one database; easier to predict future training needs. Alternative records are copies of curriculum vitae, certificates and attendance sheets from training.
7.1 (d) Evidence that the realization processes and resulting product fulfil requirements
Example: Usually these are normal delivery documents, such as work orders or equivalent documents.
7.2.2 Results of the review of requirements related to the product and actions arising from the review
Example: The record of the review can be e.g. a signature on a quotation or an order-entry into a computerized system. The idea is to check if all customer requirements can be met by checking e.g. raw material availability and delivery time.
7.3.2 Design and development (inputs for R & D, review and verification of results against the input requirements, validation prior to delivery or implementation)
Example: A memo, drawing or equivalent document to present all needed information, including product parameters, possible amendments, accomplished results and authorized validation of the product prior to delivery or implementation. The use of planning tools or organization’s own models of conducting design and development is advisable.
7.4.1 Results of supplier evaluations and any necessary actions arising from the evaluations
Example: This can be discussed during internal auditing and be reported in the table of minutes.
7.5.2 (d)
Demonstration of the validation of processes where the resulting output cannot be verified by subsequent monitoring or measurement
Example: A document showing acceptance of tolerances and parameters.
7.5.3 Record of the identification of the product, where traceability is a requirement
Example: Usually a work order includes information for traceability.
7.5.4 Reports on customer property that is lost, damaged or otherwise found to be unsuitable for use. ISO 9001:2008 previews that customer data are also considered as customer property and have to be protected.
49
Example: The use of internal complaint form.
7.6 a) Records on calibration and verification (basis for calibration or verification of measuring equipment where no international or national measurement standards exist; results)
Example: Memo of calibration.
8.2.2 Internal audit results and follow-up actions
Example: Documented audit report.
8.2.4 Indication of the person(s) authorizing release of product
Example: Usually stated on a work order.
8.3 Nature of the product nonconformities and any subsequent actions taken, including concessions obtained
Example: The use of internal complaint form.
8.5.2 Results of corrective action
Example: Nonconformities are documented using an internal complaint form or a written complaint sent by the customer. Nonconformities are discussed and corrective actions composed (useful tools: fishbone, brainstorming). Results are documented on table of minutes and relevant instructions and information distributed to personnel.
8.5.3 Results of preventive action
Example: The use of different methods (such as Failure Mode and Effect Analysis, FMEA) to detect root causes i.e. factors that can, at some point in the future, cause conformities such as customer complaints or deficiencies in products.
4.5. Management Responsibility (clause 5)
4.5.1. Management Commitment (clause 5.1)
“Top management10 shall provide evidence of its commitment to the development and implementation of the quality management system
10
50
and continually improving its effectiveness by
a) communicating to the organization the importance of meeting customer as well as statutory and regulatory requirements,
b) establishing the quality policy,
c) ensuring that quality objectives are established,
d) conducting management reviews, and
e) ensuring the availability of resources.”
All the above mentioned 5 ways (a–e) are mandatory options for the top management to prove its consistent support to the development, implementation and continual improvement of the Quality Management System. Options b–e are discussed as own subsequent chapters. Option a) is discussed in the next chapter and chapter 4.7.2. In addition to customer requirements, the management should also ensure that all statutory and regulatory requirements are identified, communicated in the organization and updated for the latest version. Statutory and regulatory requirements can be in written or electronic form, since many of the requirements are available within public databases on the internet.
4.5.2. Customer Focus (clause 5.2)
“Top management shall ensure that customer requirements are determined and are met with the aim of enhancing customer satisfaction.”
This sentence is quite superfluous, because its requirements are discussed in several references in the standard. For example, during the management reviews customer requirements and priorities and process performance can be discussed and necessary actions taken.
The sentence itself emphasizes the obligation that top management takes an active and leading role in ensuring all of the customer requirements. Many times though this is achieved in normal checking and other practical procedures accompanied with good customer and internal communications. It is something that every organization should know: what are those properties in our
51
products and operations (e.g. product properties, maintenance availability, means of delivery, quick response time) that the customer appreciates the most? By writing these down in the quality manual many of the standard requirements will be met.
4.5.3. Quality Policy (clause 5.3)
Quality policy is the premier document to address the commitment of top management to continually improve system’s ability to comply with requirements. It is strongly emphasized in the standard that quality policy must be issued by the top management. Quality policy was earlier discussed in detail in chapter 4.4.2. a).
4.5.4. Planning (clause 5.4)
Planning includes the establishment of quality objectives and planning of the Quality Management System, both being responsibilities of top management. The establishment of quality objectives was earlier discussed in chapter 4.4.2 a). Likewise, the planning of QMS was discussed in chapter 4.4.1 a)–f).
When there are changes to QMS (e.g. because of corrective and preventive actions or because of adaptations to specific market, customer preferences or to statutory/regulatory requirements), their effect on present procedures and conflicts with the system has to be considered.
4.5.5. Responsibility, Authority and Communication (clause 5.5)
“Top management shall ensure that responsibilities and authorities are defined and communicated within the organization.”
52
Each person in charge of some critical activity must have a precise conception of their assignments. Typically the responsibilities and authorities appear as part of several documents, such as assignment contracts, organisational charts and process maps. When responsibilities and authorities are not documented, they have to be communicated otherwise, for example during classroom training.
ISO 9001:2008 also requires that top management has to appoint a management representative to look after QMS affairs and to report about them to the top management. Usually the representative organizes internal audits, reports on performance to management, monitors customer complaints and effects of corrective and preventive actions etc. It is intended that the representative is a regular member of the management team. His authority and responsibility has to be defined and communicated as any other assignment.
Internal communication within the organization must be effective to ensure, that correct information is transmitted from one function, process or individual to another.
Management representative
4.5.6. Management Review (clause 5.6)
“Top management shall review the organization’s quality management system, at planned intervals, to ensure its continuing suitability, adequacy and effectiveness. This review shall include assessing opportunities for improvement and the need for changes to the quality management system, including the quality policy and quality objectives.”
The idea of the reviews is that the top management review of the performance of the system at certain intervals laid out beforehand. There is no maximum interval specified in the standard, but a common practice is to have them once per year or more frequently if needed.
The idea of the reviews is to analyse the information of audit findings (including corrective and preventive actions), customer complaints, process capabilities, performance indicators, product conformance, improvement activities, needs for a change and any other relevant issues in order to see where we are now and how
53
we have operated, and where we want to go. A common practice is that the management representative collects the information from relevant persons and forwards the report for a management review. Decisions from previous management reviews should also be included, which could be a separate page attached to a minutes of the review.
The results of the review can lead to updates of QMS, policies and objectives, actions to increase customer satisfaction or overall effectiveness, allocation of necessary resources and to some other actions needed to improve the performance of QMS.
The ISO 9001:2008 standard specifically requires a documented record from management reviews.
The format of the record is informal, it can be e.g. a conventional minutes of meeting.
The way of conducting reviews is up to an organisation to decide: they can be dedicated reviews or combined with any other relevant management activity.
4.6. Resource Management (clause 6)
The standard ISO 9001:2008 requires that the organization should identify the resources needed to support and improve the quality systems processes, and to achieve customer satisfaction. Resources include human resources, infrastructure and work environment.
Concerning human resources, the standard requires that before organizations assign personnel to an activity they will first have to define a minimum competence requirement for the activity in terms of education, training, skills and experience. This may be handled by e.g. job descriptions, although specific documentation requirement doesn’t exist. Furthermore, the standard requires that if there are competence gaps, the organization has to provide training or take other actions to fill the gap. It is stated in the standard that the personnel has to be aware of the relevance and importance of their activities and how they contribute to the achievement of quality objectives. High priority is given to knowing the customer needs. Training and meetings are some possible ways to ensure this awareness. The effectiveness of actions taken has to be evaluated somehow, e.g. by monitoring the process performance.
54
There is one documentation requirement concerning human resources management: the organization has to
maintain appropriate records of the individual’s education, training, skills and experience. Some examples of records are curriculum vitae, copies of certificates and attendance sheets from training. Alternatively, some organizations may choose to fill in a separate form for each employee, including their education, work and training history and extension studies during current employment.
Concerning infrastructure, the organization has to identify facility needs, provide needed facilities and maintain them, and perform these actions on two levels: as a part of top management’s consideration and on a individual contract basis. The ISO 9000:2008 standard defines infrastructure as a “system of facilities, equipment and services needed for the operation of an organization”. Infrastructure includes, as applicable, buildings, workspace and associated utilities, process equipment (hardware and software) and supporting services such as transport and communication.
Correspondingly, the same standard defines work environment as a “set of conditions under which work is performed” (conditions include physical, social, psychological and environmental factors; physical conditions including factors such as temperature, humidity, vibration, air quality, lighting and cleanliness). The organization has to determine what effect the human and physical factors have on quality and ensure that the right conditions exist.
4.7. Product Realisation (clause 7)
This chapter of product realisation includes planning of product realization, customer-related processes, design and development, purchasing, production and service provision, and control of monitoring and measuring devices (chapters 4.7.1–4.7.6). Usually all these activities are part of the processes, i.e. jobs and activities within an organization with an effort to produce something for the internal or external customers, and therefore, will be naturally handled when identifying the processes. When the standard presents them separately, they seem a little bit illogical.
In order to better understand product realization and the Quality Management Systems as a whole, we present here the typical processes that constitute the QMS. In figure 7 there are four typical process groups: 1) management processes including strategic decisions, determination of quality policy and quality objectives and other management tasks, 2) product realization processes which describe the sector which the organization is in, including the activities that are needed to produce the products and services to internal and external customers, 3) processes of
Typical QMS processes
55
resource management including determination and allocation of human resources, infrastructure and work environment, and 4) measurement, analysis and improvement processes which ensure that the product and QMS meet the requirements and the system is continually improved.
Figure 4.4 Typical QMS Processes
Management processes are specifically required by ISO 9001:2008 standard, all used by the top management and applied to the entire company. Resource management is put in separate in the figure, but it can also be understood to be part of management processes, since ensuring the resources is one of the duties of top management.
Product realization processes are different for every company, although some processes generally exist in any company: for production operations they typically involve activities like order entry, purchasing and production, and for service companies service provision e.g. customer greeting and events coordination. Note that this chapter is the only part where exclusions can be made. This refers to ISO 9001:2008 clause: “Where any requirement(s)...cannot be applied due to the nature of an organization and its product, this can be considered for exclusion...unless such exclusions do not affect the organization’s ability, or responsibility, to provide product that meets customer and applicable regulatory requirements”. Sometimes an organization might decide to exclude design and development activities or outsourced processes, if they are not an integral part of organization’s core business and do not affect product conformity. For example some raw material can be so critical that its purchase from suppliers and delivery at a right time is essential to their own production and delivery processes and thus,
56
it should be controlled and included to the QMS.
Measurement, analysis and improvement processes include activities such as control and inspection during production, criteria of nonconforming product and metrics to measure process performance (e.g. raw material consumption, amount of customer complaints, in-time deliveries). These activities are typically done as a part of processes, so in this respect they are more like the tools and methods rather than processes. They are used as tools to improve process performance and assure their smooth operations.
4.7.1. Planning of Product Realization (clause 7.1)
Planning of product realization means that the organization should plan and develop processes for the realization of the product. To clarify this, it means that the organization should prove that it has the correct operations, documents and resources in order to produce the required product, starting with the enquiry process and leading through to the delivery process. In its simplest form the proof of this is nothing more than the processes of the QMS. When at least the most important and critical processes and procedures (e.g. quality plan, project) are documented in written or graphically (e.g. process flow chart), they easily prove to the auditor both the existence of product realization plans and many control and acceptance criteria required by the standard.
The outset for planning product realization are quality objectives, including customer and statutory requirements. They determine what the product should be. Next step is to ensure that all activities (i.e. processes), documents and resources needed for a product realization are available. This is particularly relevant when a new product is to be introduced. Furthermore, the standard requires that there are adequate acceptance methods and criteria on both the product and the processes.
There is one documentation requirement here: identification of what records are to be generated by the processes and required to provide evidence of product conformance. Usually these are normal delivery documents, such as work order or an equivalent document (which will be naturally presented when describing the performance of processes).
Right operations, documents, controls, inspections and resources
57
4.7.2. Customer-related Processes (clause 7.2)
Concerning the requirements related to the product, the ISO 9001:2008 standard states that “the organization shall determine
- requirements specified by the customer, including the requirements for delivery and post-delivery activities
- requirements not stated by the customer but necessary for specified or intended use, where known,
- statutory and regulatory requirements related to the product, and
- any additional requirements determined by the organization.”
The first clause means that the organization has to know what customer requirements in terms of product characteristics and delivery and post-delivery activities such as after-sales service and technical support, it should comply with. Usually these requirements are mentioned in purchasing document. Equally important is to identify hidden and silent needs of the customer, the needs that even the customer itself is not conscious of. By deeply analyzing customer satisfaction questionnaires some of these needs can be detected, but it requires much more than just summarizing the findings – a deep speculation and retrieving of ground reasons and root causes is needed. Other means to get insight of customer requirements are interviewing them, participating in joint development projects with customers, etc.
The second clause includes the requirements that are not known by the customer but are necessary for the intended use of the product. Examples of these might be some regulatory rules and standards.
The third clause of statutory and regulatory requirements is quite unambiguous: statutory and regulatory requirements have to be addressed during the design, manufacture, delivery and servicing of the product. The information needed should be available to every relevant person in the organization.
The last clause of additional requirements refers to the product properties which are developed as a response to the customer’s unstated expectations. These are the expectations that are hidden and not mentioned by the customer, but based on the idea of the organization of what the customer appreciates.
The ISO 9001:2008 further requires that the review of requirements related to the product should be made before committing to supply
Customer needs – recognized and silent needs
58
the product. This review should involve all relevant activities affected by an order, for example before quotation and upon receipt of a contract or order. For example when receiving an order, the raw material availability, delivery time, possible amendments compared to previous quotation and other things have to be checked in order to meet the defined requirements. The standard specifically requires that there should be a documented record of the review, which can be a signature on a quotation or an order-entry into a computerized system.
Customer-related processes also include customer communication, which has to provide the customer with correct product information (using e.g. brochures and datasheets), and effective handling of enquiries, orders, customer complaints and other feedback.
All the requirements of this clause 4.7.2 are naturally included in the normal order handling process. Again, we recommend here the documentation of the process to prove its existence.
4.7.3. Design and Development (clause 7.3)
The ISO 9001:2008 standard states that “the organization shall determine
- the design and development stages,
- the review, verification and validation that are appropriate to each design and development stage, and
- the responsibilities and authorities for design and development”.
Following records are imposed by the standard in order to ensure that design and development activities are
carried out systematically, including, that all relevant information is available all the time and it is reviewed regularly:
- Records of inputs relating to product requirements; including functional and performance requirements, statutory and regulatory requirements, information on previous similar designs when applicable, and other essential requirements. Example: a technical drawing accompanied with all necessary details.
- Records of the review of design and development; the idea is to check design outputs (drawings, specifications, calculation etc) against the specified inputs, assess how good the design is, identify any problems and to propose necessary actions.
A systematic and identified process of design and development
59
Example. Authorized signature on a drawing after review.
- Records of verification; Verification means that there’s objective evidence that specified requirements have been fulfilled. Example: authorized signature on a drawing.
- Records of validation; Validation confirms that the actual product performs as it should under specified conditions. Validation should be completed, when applicable, prior to the delivery or implementation of the product. Example: prototypes.
- Records of changes in design and development; the changes should be reviewed, verified, validated and approved before implementation. Example: authorized signature on a drawing.
When the design and development activities are rather simple, it is convenient to combine for example review and verification into a single activity. In small organizations the responsibility and authority of design and development very often rest with only a few people, perhaps only with the owner. Also, many time the new ideas for design and development come from the customer, either from the final end-user or from a subcontractor.
When design and development is a central part of organization’s business, it is advisable to document it as a graphical process. This helps to establish a more logical and systematic way to produce new products or applications.
4.7.4. Purchasing (clause 7.4)
According to ISO 9001:2008, “the organization shall ensure that purchased product conforms to specified purchase requirements. The type and extent of control applied to the supplier and the purchased product shall be dependent upon the effect of the purchased product on subsequent product realization or the final product”.
All the purchased products and services are not critical to the achievement of quality of the final product and therefore may not require same control as some other more critical item. Sometimes it is enough to check the quantities and possible transit damages of the dispatch, but when the purchased item is more critical, its inspection at supplier’s premises prior to the delivery might be appropriate. Other ways to control the outsourced processes are
Control of purchased items
60
by carrying out periodic audits of the supplier, by close monitoring customer satisfaction or by providing a full specification of the process parameters that have to be met (ISO/TC 176/SC 2: Guidance on “Outsourced processes”).
The standard requires that the organization should evaluate and select suppliers in order to ensure that suppliers meet the requirements. The criteria for selection and evaluation have to exist. One criterion can be a good historical performance of the supplier in the past or the existence of certified quality management system by the supplier. Evaluation can be done by reviewing the records of historical performance, visiting suppliers´ premises, evaluating product samples or conducting a survey (a written questionnaire with a few critical issues sent to suppliers). The suppliers have to be re-evaluated in order to ensure that they are constantly able to meet the requirements.
According to the standard, there should be records of the results of evaluations and any necessary actions, like
records of historical performance of the suppliers, a list of approved suppliers, etc.
Successful purchasing calls for a clear definition of the purchased item (product characteristics, quantity, required delivery date, possible testing or inspection, etc). If there are any requirements for review, approval or other qualifications, they should be stated clearly.
Verification of purchased product means that the products are inspected or otherwise verified in order to ensure that they meet specified purchase requirements. The standard does not say that all incoming goods must be inspected. Instead, the organization can freely decide methods of verification. Sometimes it can be a review of purchase documents against delivery note or at the other end, an extensive inspection of the goods before their dispatch. Person responsible for purchases should possess relevant knowledge and skills to make a complaint to supplier when necessary, since this is the way to improve both their own and the supplier’s operation.
Evaluation and approval of suppliers
4.7.5. Production and Service Provision (clause 7.5)
The ISO 9001:2008 standard states that “the organization shall plan and carry out production and service provision under
61
controlled conditions”. This is a standard requirement to make sure that production and
servicing processes are effective and that the focus is on the prevention of nonconformities rather than on inspection and testing to detect them. Controlled conditions include, when applicable, that there is adequate product information available (specifications, drawings, work orders etc), suitable equipment and preventive maintenance are used, products and processes are monitored and measured with applicable devices, and that there are suitable methods and procedures for a product release and service delivery. These requirements may sound artificial, since in practice many of them are already in use – order processing surely has adequate documentation, suitable production equipment, exact product parameters to meet the qualification, and specific procedures to be done before the dispatch or service delivery. The language of standard sounds artificial, but it refers to practical everyday procedures that have to be effective. Great emphasis is on preventive actions: on preventive maintenance to ensure that machines and equipment are working, on preventive identification of root causes that might emerge in a form of nonconformities, errors, lack of information, customer complaints etc.
If there are special processes where the resulting output cannot be verified by monitoring and measuring and where deficiencies become apparent only after the product is in use or service has been delivered, it has to be proved that these processes as themselves are qualified along with the personnel. This is called a validation of processes. Examples of these special processes are food preparation and air traffic control services.
Referring to the previous chapter, there should be records verifying that the special processes are qualified and able to produce planned outputs. Example: a document showing acceptance of tolerances and parameters or a memo of calibration.
Concerning the product identification and traceability, the ISO 9001:2008 standard states that “where appropriate, the organization shall identify the product by suitable means throughout product realization”. Identification means that when the products cannot be identified inherently, they should be marked, labelled and located in a way that connects the product to a particular batch, work order, raw material and any other source of origin, and shows the status of the product (e.g. tested, inspected or not).
If traceability is specifically required for example by the customer, the organization shall control and record the unique identification of the product. Example: Usually this information is recorded on a work order. Sometimes even a work number suffices to track each process step.
Furthermore, the ISO 9001:2008 states that “the organization
Effective processes
Prevention of non-conformities
62
shall identify, verify, protect and safeguard customer property provided for use or incorporation into the product”. Customer property is any material or supplies provided by the customer to the organization, e.g. material and components, tooling, packaging material and drawings.
“If any customer property is lost, damaged or otherwise found to be unsuitable for use, this shall be reported to the customer and records maintained.” Example: an internal complaint form.
Generally, the organization should preserve the
products, materials and components from receipt through processing to delivery in a way that damages and deterioration won’t occur. Preservation includes identification, handling, packaging, storage and protection. Storage and handling are especially important for time and moisture sensitive material (e.g. foodstuffs), components that can deteriorate because of electrostatic discharge and for other equivalent material.
4.7.6. Control of Monitoring and Measuring Devices (clause 7.6)
This clause of monitoring and measuring devices concerns the fact that the organization should, when necessary, measure the product and monitor process performance with applicable devices in order to be convinced that the product will meet all its requirements. In order to understand this better, in practice monitoring and measuring usually means inspection and test during relevant points e.g. during production.
Monitoring and measuring device can be a “measuring instrument, software, measurement standard, reference material or auxiliary apparatus or combination thereof necessary to realize a measurement process” (ISO 9000:2008).
When it is necessary to ensure valid results, measuring equipment should be calibrated or otherwise verified, “against measurement standards traceable to international or national measurement standards; where no such standards exist, the basis used for calibration or verification shall be recorded (ISO 9001:2008)”.
There should be records of calibration and verification results.
Example: The organization may wish to keep a list of devices to be calibrated at certain time intervals. This can be a simple Excel-
63
table. Results of each calibration can be attached to the list.
4.8. Measurement, Analysis and Improvement (clause 8)
This clause includes four main chapters: monitoring and measurement, control of nonconforming product, analysis of data and continual improvement.
Monitoring and measurement
The clause of monitoring and measurement requires that the organization has to show that it has established a system which produces information of 1) customer satisfaction, 2) internal audits, 3) process performance and 4) product conformance, in order “to demonstrate conformity of the product, to ensure conformity of the quality management system, and to continually improve the effectiveness of the quality management system”. The idea is to prove that there is systematic way to monitor processes and products (e.g. by inspection and test), analyse customer-, product- and process-related information, and based on this information take relevant improvement actions. When the standard puts it as a requirement it might sound complicated and difficult, but in practice they are usually normal information flows, inspection and checking against tolerances during the production, and other so called self-evident back-up things in everyday operations. When processes are documented, it proves the existence of all relevant requirements.
The standard emphasizes the meaning of customer satisfaction. The ISO 9001:2008 standard states: “As one of the measurements of the performance of the quality management system, the organization shall monitor information relating to customer perception as to whether the organization has met customer requirements.” It is essential that everybody in the organization know what is meant by customer satisfaction and dissatisfaction. Information should be gathered on both. The ways to get feedback from the customers are e.g. visits to customers´ premises or vice versa, direct communication with them, complaint handling, customer satisfaction questionnaires and news in the media.
The ISO 9001:2008 standard requires that “the organization shall conduct internal audits at planned intervals...” Internal audit is a systematic evaluation performed within an organization to ensure
A system to provide information
64
that the organization employs the principles of standard requirements and the processes perform according to standard and the organization’s own requirements. Auditing should be done at planned intervals, but at least annually during twelve months and covering all the units of the organization.
At first, the management and/or management representative has to plan an audit programme to decide what activities and areas of the system are the most critical ones and therefore to be audited at that time. The activities and areas of quality management systems where problems, nonconformities and changes have been more frequent are subject to be included. Also, the findings of previous audits should be considered if they reveal the areas of nonconformities. During the auditing all deficiencies should be identified. In a following page there’s an example of a simple audit list including areas to be audited and their time schedule (Table 1). In this example, the matters that are checked and have no deficiencies are marked with a cross. If deficiencies are noticed they are written down under the list. The idea is to check matters in any month during one year.
Table 4.2. Audit list (abridged and artificial version)
Area / activity to be audited Jan Feb Marc
h
April May June
Acceptance criteria for the most important suppliers are defined and in use. There is a record of approved suppliers.
The performance of suppliers is monitored and evaluated regularly. Feedback is given to suppliers.
X
Purchasing and sales orders include all relevant information and there is no possibility for false interpretation.
X
Methods to check incoming goods are defined and in use. X
There are predefined areas to be used for the storage of goods. X
Condition of goods in storage is evaluated at relevant intervals. To prevent the damage and deterioration a proper storage is applied.
X
Means to identify products, parts, components, raw material etc is used (e.g. marking with a stamp, a part number on a work order).
X
When traceability is required, all the material and parts used can be identified from a written document.
X
65
The criteria for nonconforming products exist and are applied. X
The ISO 9001:2008 standard requires a documented procedure for internal audits: “The responsibilities and
requirements for planning and conducting audits, and for reporting results and maintaining records shall be defined in a documented procedure”. Documented procedure can be mentioned in a quality manual, defining the scope, frequency, methods of auditing and records (such as list presented here) to be generated.
The organization should have at least two internal auditors since the one performing audit should not audit his own work. Usually auditors are organization’s own employees but when necessary, they can be outside consultants too. In a small organization where there are only few employees, the one auditor usually is the owner and another is some manager or person with required knowledge of an audited matter. The auditors report the results of auditing to the management who is responsible to ensure that corrective actions are taken without undue delay to eliminate detected nonconformities and their causes. There should be some evidence that corrective actions are taken and they are effective.
The ISO 9001:2008 standard clause of monitoring and measurement of processes, “the organization shall apply suitable methods for monitoring and, where applicable, measurement of the quality management system processes”, means that once the organization has determined suitable methods it should implement them. This clause is actually a restatement for what has been mentioned earlier about monitoring and measuring processes.
Similarly, the clause of monitoring and measurement of product, “the organization shall monitor and measure the characteristics of the product to verify that product requirements have been met”, is a restatement to implement the methods. Methods can be e.g. inspection and test by the person performing the task, or taking of testing samples at certain time intervals. Furthermore, “evidence of conformity with the acceptance criteria shall be maintained. Records shall indicate the person(s) authorizing release of product”. In practice this requirement is met as a consequence of normal checking and inspection procedures and using relevant documents. For example concerning the production process, if the product has no deficiencies it proceeds to the next stage e.g. to packaging and further to shipment. Examples of the records that indicate acceptance criteria and authorized persons usually are work orders or records in operations management programme. They also track the order to the correct raw material, components, machines and employees.
Control of nonconforming product
The ISO 9001:2008 standard states: “The organization shall ensure that product which does not conform to
66
product requirements is identified and controlled to prevent its unintended use or delivery...”
“...The controls and related responsibilities and authorities for dealing with nonconforming product shall be defined in a documented procedure…Records of the nature of nonconformities and any subsequent actions taken, including concessions obtained, shall be maintained.”
When nonconforming product is corrected, the standard requires that it should be subject to re-verification by a relevant authority or, where applicable, by the customer.
Analysis of data
This clause concerns the organization’s requirement to determine, collect and analyse appropriate data relating to customer satisfaction, product conformity, characteristics and trends of processes and products including opportunities for preventive action, and suppliers, “to demonstrate the suitability and effectiveness of the quality management system and to evaluate where continual improvement of the effectiveness of the quality management system can be made”.
Improvement
This clause is, by and large, a restatement of the above: “The organization shall continually improve the effectiveness of the quality management system through the use of the quality policy, quality objectives, audit results, analysis of data, corrective and preventive actions and management review”.
In order to simplify this circle of continual improvement it can be described as follows: Quality policy and quality objectives (derived from the quality policy) steer the organization towards the targets, as they tell the employees where to aim at and what kind of performance is needed from everyone in order to reach the targets. Audits are conducted to find out whether processes perform according to the principles of standard and targets set by the organization. They also address the possible opportunities for improvements. If any deficiencies are noticed, they are handled during management reviews along with any other relevant information relating to customers, suppliers, own products and processes etc. As a result, corrective and preventive actions are taken for the improvement. Naturally, improvement actions are implemented when there is a need for them, not only as a result of audits and management reviews. It is essential to empower and commit personnel to make improvement actions in relation to everyday operations.
The ISO 9001:2008 standard puts a great emphasis on the elimination of root causes. It is not enough to solve the symptom
Continual improvement
67
of the problem, but the root cause of it in order to prevent it recurring. Typical root causes are lack of information and training.
The ISO 9000:2008 standard explains, that “corrective action is taken to prevent recurrence whereas preventive action is taken to prevent occurrence”. In other words, preventive actions try to eliminate the root cause of the problem in order to prevent its occurrence in the first place. When concerning corrective action, the problem has already happened and actions are taken to prevent its recurrence again in the future. It has to be noted that corrective and preventive actions do not have to be implemented for every nonconforming situations, but a cost-value
consideration has to be made to decide whether actions are worth for implementation or not.
The standard requires that there should be a documented procedure both to corrective action and preventive action, including
- reviewing of nonconformities (not concerning preventive action)
- determining the causes of nonconformities
- evaluating the need for action to prevent recurrence/occurrence
- determining and implementing action needed
- records of the results of action taken
- reviewing corrective/preventive action taken.
4.9. Minimum Requirements According to ISO
The only part what ISO 9001:2008 standard requires to be documented concerns chapter 4.4.2 Documentation Requirements. Otherwise organizations can by themselves determine the necessary level of documentation.
In many parts documentation is advisable, although not specifically required as a mandatory requirement by the standard. At least the product realization processes are recommended, since documentation proves the existence of meeting many standard requirements rather easily. Also, it provides employees with an understanding of how their performance affects other processes and employees and how the process as a whole has to perform smoothly in order to produce required products and services.
4.10. Permissible Exclusions
Permissible exclusions were discussed in chapter 4.7 Product
68
realization. To make a restatement, such exclusions shall not affect the organization’s ability, or responsibility, to provide product that meets customer and applicable regulatory requirements. The fact that a specific process (e.g. manufacturing, design & development) is outsourced is not a justification for the exclusion. Instead, the organization must be able to demonstrate that it has sufficient control to ensure such processes. In chapter 4.4.2 b) there were some examples of possible exclusions.
69
CHAPTER 5. STEPS TO IMPLEMENT A QMS
5.1. Steps to decide
Every decision making process in a company is accompanied by a more or less detailed research of data or at least discussion of experience and personal opinion of business leaders. Implementation of a quality management system, which could be quite a challenging task especially for smaller sized companies, also needs a certain amount of preparation and planning.
Some preparation work is necessary
5.1.1. Decision to implement a QMS
If a company wants to decide if it should implement a QMS it has to take a lot of different facts into consideration, which could be worked out in an internal management meeting. Main players in this meeting are the general manager who has to decide from a more strategic viewpoint, and the existing quality representative (quality manager) who should be aware of more QMS details (necessary resources, costs, etc.) and its business impact. The marketing/sales manager or a technical officer may support the decision making process by daily business experience.
Some companies start their own research but most of the time the decision is made after a deep discussion of the topic with a chances and risk analysis, which is strongly connected with the later first planning of resources (5.1.3). In addition to that, a person who will take the responsibility for the next steps has to be named – of course the quality manager (QM) is the best-qualified person. If there is no quality manager available who has the necessary knowledge about this topic, it might be a worthwhile investment to send the management representative to an external training on QMS. Quality managers should be able to build and improve the management system but also bring in as well an excellent level of social competence.
Once the decision is made by the top management as another early step the whole management level should be informed and committed to the QMS because full management support is a crucial factor for a successful implementation process. Lack of information about what a QMS stands for and which changes will occur might create misunderstandings and restrictions against the implementation process. The top management has the task to create a positive awareness for this new quality initiative by providing the necessary information and participative leadership.
Another important decision the management has to take is the level of outsourcing during the implementation process, which means the scope of consultant involvement.
Definition of quality manager / First information to the management level
70
5.1.2. First planning of resources
Implementing a QMS could be quite a challenge for a company because the elements of a QMS are interdependent with most of the vital parts of the organisation. For this reason a first rough projects plan with the most important milestones and the corresponding resources should be sketched. Many QMS implementations are divided into phases like:
Start-up phase: collection of information about QMS, decision making process, training on QM, support of consultants, benchmarking
assessment phase: identification of actual strengths and weaknesses
system building phase: management handbook, creation of documents, identification and description of key processes and quality relevant issues
training phase: training of staff in all areas of the organisation
improvement phase: first review of the system (internal audit) and improvement activities
auditing phase: external certification audit
Each of these phases should be roughly estimated concerning time plus money and in addition to that clear responsibilities should be defined. During the next step – the self assessment – this plan should be reviewed and revised.
Rough projects plan including main phases and resources for implemen-tation
5.1.3. External consultants
Organisations choose different ways how to implement a QMS regarding the scope of external involvement. The range runs from a totally “home made” system to a complete outsourcing of all implementation activities. An advantage of the first case is that deep knowledge about the system is built up in the company whereas the danger of creating only a sub optimal QMS is higher because of the fact that a consultant will encompass high implementation experience often in the same branch. The decision which grade of outsourcing has to be taken is depended on certain factors. Some of the most important are:
Level of internal knowledge: if there is already an expert in the company, the planning and implementation can easily be done in house. Perhaps external help could be worthwhile during the internal audit phase. Furthermore the role of consultants is to adjust the requirements of the standard to each company, since the standard is quite general and “open”, so an inexperienced person could omit things.
Available internal human resources: some companies are so lean in their organisational structures that it is not
Outsourcing factors: internal knowledge, available internal human resources, financial resources
71
possible to transfer enough staff capacity to a new implementation project and work for this reason intensively with external consultants. Furthermore external consultants can stimulate the staff in the implementation of the quality process.
Financial resources: of course external consultants cost money but in most cases the payback time of this investment is very short because of an efficient project management system and high knowledge about how to design a QMS could save a lot of money in the longer run. In addition to that many companies hire consultants with high reputation and use this fact as a first marketing instrument for their customers.
Either way the top management of the company has to take care that the QMS is strictly result oriented, which means it has to be aligned with the company’s success factors and its strategy. QMS that are focused only on achieving the certificate are not strictly result oriented and are often perceived as red tape and a topic, which is for the QM department or the quality manager himself only.
For the two following phases, it is a great advantage to work with an external consultant because he has a new and neutral look on the enterprise and on its organization.
5.2. First self assessment
The first self assessment or horizontal assessment (some or all aspects of the ISO standard) has the goal to figure out which actual level of QMS maturity the organisation has and where the fields of highest potentials are as every organisation that is seeking certification is required to:
Formalize the way things are done
Demonstrate assurance that things are done in the right way
Monitor the effectiveness of what is done and
Improve
For this reason using some tools could be very helpful. Beside some software products which are provided by many different companies and are designed to help identifying “unknown land in the ISO world”, check lists, strengths-weaknesses analysis and forced field analysis are often used tools for the first assessment. Normally the first self-assessment is a mixture of analysis and workshops, respectively in small companies one single assessment workshop. The output of all these methods and tools is to measure and assess the actual state of the
Check lists / Strenghts and weaknesses analysis / Force field analysis
72
organisation against the elements of the ISO standard.
Checklists are the most frequent tools, which are used in this phase and can easily be found in ISO literature. In long lists there are detailed questions about every single element of the ISO but for smaller sized companies a certain amount of simplification work is often necessary because in this case the organisational structures and documentations are less complex. The best way to conduct checklists is an individual interview with key persons of the company.
Chapter 5: Management responsibility Question: Yes No Remarks
5.1.1 Does a quality policy exist?
X
5.1.2 Do management reviews exist and do they include all essential aspects?
X There is no systematic customer satisfaction analysis
5.1.3 …? X ……
Figure 5.1 Example of a first assessment checklist.
In the workshop itself the concentrated results should be presented and discussed. One of the most common supportive tools is the so called strengths and weaknesses analysis, whereby the areas of high ISO maturity are highlighted against the areas of extraordinary low maturity in a kind of balance sheet.
Figure 5.2 Example of a strengths and weaknesses analysis
Beside this comparison of the organisational state in relation to ISO elements, human aspects and the organisational change process should be taken into consideration. A very simple method to do this is the so called force field analysis (FFA). The underlying model of the FFA states that during a change process there will always be enforcing and constraining forces in an
Output Input Definition of ISO elements
In columns. Visualization of
strengths and weaknesses.
Definition of improvement actions.
Elements of ISO Elements of ISO
Processes Processes
…… ……
Continual Improvement Continual Improvement
Supplier Development Supplier Development
…… . …… .
…… ……
…… ……
Elements of ISO Elements of ISO
Processes
…… ……
Continual Improvement Continual Improvement
Supplier Development Supplier
Development
…… . …… .
…… ……
…… ……
Level of maturity Level of maturity
Weak Weak Average Average Strong Strong
Level of maturity Level of maturity
Weak Weak Average Average Strong Strong Assessment of maturity
levels of the elements.
Identification of critical elements (low level).
73
organisation such as the mind set of specific employees (e.g. members of works council), experience with former changes, motivational aspects, incentive systems, etc. As well as in the strength and weaknesses analysis both kinds of forces are listed and discussed. As the major result enforcing aspects should be supported by actions and constraining aspects should be weakened or eliminated.
Figure 5.3 Force Field Analysis
With the collected, discussed and committed knowledge of the actual ISO maturity and change aspects, a more detailed implementation plan can be developed.
5.3. Detailed implementation plan
The implementation plan is strongly interrelated with all afore mentioned contents and draws a general picture of what should be done and when it should be done until the certification audit has been successfully passed and encompasses the system building phase, the training phase, the improvement phase and the audit phase of the implementation project.
Between each of these phases milestones should be defined which are in most cases points for top management reports or workshops. For example the milestone after the system building phase could be a completed QM handbook plus ready designed and described processes. After the training phase all learning and training activities should be completed whereas the milestone for the improvement phase could be a successfully passed internal audit with a timetable for the elimination of minor and major nonconformities. And finally the audit phase could be completed by the certification of the company whereas the last phase (improvement) shouldn’t find an end at all.
Project organisation / Goal description / Early planning of trainings / Definition of quality policy
74
Figure 5.4 Example of an implementation plan with milestones (no details are shown in this graph)
Besides phases and milestones the project organisation should be clearly defined. Even in small companies it doesn’t make sense that one single person is in charge of every activity during the whole implementation project. For this reason it is common to create a multi layer project organisation. This means that different employees of various departments are responsible for smaller tasks; the quality manger or the external consultant does the coordination and the main decisions and directives are given by a steering group which consists of top management members. As mentioned above, the steering group is only active in milestone workshops or if there are exceptional decisions to make.
All subprojects and tasks have to have at least a very short form of goal description:
What is to be done (if necessary in form of a detailed description)?
Until when should it be done (check the correlation with the master plan)?
Who should do it?
Which resources are available (staff, money and infrastructure)?
One of the core elements of systems engineering – a widely used philosophical approach on how to build a QMS – states that it is crucial to establish a model or system from the top perspective and on this basis continue step by step towards more detailed levels. This “low to high detail” dogma is as applicable in the implementation plan: start with the master plan (phases) and develop top down until the most detailed level is reached. Feedback and results are reported bottom up and are collected and condensed until the top level (steering group meeting) is reached. Only under these conditions can a permanent flow of
75
information be guaranteed.
Of course many software solutions are available to support these planning issues (e.g. MS Project) but for small enterprises, in particular, where the knowledge of project management tools is often not very well established it sometimes makes more sense to sketch the plan simply on a flip chart and pin it on a wall.
The earlier training activities can be done the better for the QMS because the more employees that are aware of the new system and are involved in the implementation process, the easier the information will flow. Especially in the first phases as it may be necessary to train selected groups of employees in the basics of ISO standards and in the tools they will have to use during the following phases (process orientation, documentation of quality relevant issues, etc.). Training and quality education of employees is one of the most important and regarding the duration of the corresponding activities, one of the most underestimated aspects.
One of the first steps in the implementation plan is the discussion and definition of the quality policy and quality objectives wherein the top management draws a picture of strategic quality issues. As a rule the quality policy describes how the company is aiming at permanent improvement via the QMS, the importance of quality for every single member of the organisation and the relationship with customers and suppliers. Of course it has to be aligned with the company’s general strategy, it should be known and understood by all employees and should be much more than only a lip-service by the company’s leaders.
5.4 Development of QM Handbook
The Din ISO 9000:ff, also known as process-oriented standard, requires a process-oriented composition within the company but also of the QM system. The standards demand the development and the introduction of a documented quality system, which can consist of different elements. One of these elements is the QM handbook, where the structure of the documentation is set down; usually the content is oriented to the original structure of the DIN ISO 9001:2000 (guidelines on creating the handbook ISO/DIS 100 13 "Guidelines for developing handbooks") using in most cases the following chapters.
Quality Management System
Management Responsibility
Resource Management
Product Realization Requirements
Remedial Requirements-Measurement, Analyses and
Structure of documen-tation / Customer benefit
76
Improvement
In addition, it must contain, or refer to, the instructions on procedure that are an integral part of the QM system. By the figure of the process architecture of the company using a systemic process model, varying levels are visualised. These levels correspond with the different documents within the QM system. Typical examples are: in level 1 - statements of the quality policy and quality objectives, in level 2 - process instructions, introduction on procedures (describing responsibilities, purviews, and relationships with the staff and stating how different activities must be performed), in level 3 - work instructions (descriptions of activities related to the workplace) and other quality relevant documents.
Figure 5.5 QM Handbook Hierarchies
From the customer's view, the QM handbook offers the possibility to verify the supplier has adhered to the specifications and guidelines of the customer and is making every effort to fulfil the quality requirements. So the QM handbook documents the operative installation and further development of the whole Quality Management System.
5.5 Design or check up of processes
Processes are the core element of the “new” (2008) revision of the ISO 9000 standard (available from the 1st January 2004). In almost every element there can be found one or more statements how processes should be monitored, measured and improved whereas a closer description of the way that processes should be identified is not provided.
First of all it is necessary to define what is understood by processes. In general a process is a logical and sequential flow of activities which are repeatable and fulfil the following criteria:
Clear starting point and end (process boarders)
Well defined input factors (material, information, human
SIPOC method / Process map / Levels of processes / Performance indicators
Black Box Level 1
Level 2
Level 4
Level 3
Black Box Vision
QM Handbook Q-Policy and Objectives
Process Model Process Instructions,
Work Flows
Work procedures, Formularies, Functional descriptions
77
resources, etc.) and a clear output (result)
Suppliers and customers
A tool, which encompasses theses elements, is the so called SIPOC method. SIPOC stands for Supplier – Input – Process – Output – Customer and helps to identify the main aspects of processes. As the first step the process is sketched as a black box (top down procedure) and the starting point and the end are determined. Then continue to develop on the right side of the process and proceed with the output and the customers. A critical point is the correct identification of customer’s needs and later the continuous improvement in fulfilling these needs. As a last step the input is specified and the suppliers are named. It is important to understand that suppliers are not only external companies but also internal departments or processes (internal supplier-customer relationships).
Figure 5.6 SIPOC method
As mentioned in the preceding chapter, in most companies processes are seen in different levels. The highest level of process visualisation is called a process map and shows the interaction between the main processes of the organisation. In these process maps, there can be found, as a rule, three different types of processes:
Core or key processes: these are value adding processes where the start is normally defined by a certain customer need and the end is the delivered good or service – this means core processes are so called customer-to- customer processes.
Support processes: core processes are normally not able to work properly without a certain amount of support. For example: a production process needs the support of a maintenance process – customers are not willing to pay for the maintenance, but it is necessary for a continuous
Input
Name the supplier of the process.
Define start and end.
Specify the output and the customers of the process.
Output Consistent understanding of
process.
Clear boundary of process.
Identify the necessary input factors.
Name the process.
Process Process
End Start
Output Customer Customer
Input Supplier Supplier
78
performance of the value adding process.
Management processes: these processes are mainly planning, steering and development activities, like strategic planning or controlling. Again, customers do not pay for them but they are necessary for the long term survival of the company
Normally, the definition of a specific process map is the first step in this project phase: main processes are identified, interactions are visualised and process owners are named. The latter is one of the most important functions in a process oriented organisation. Process owners (PRO’s) are responsible for the detailed definition and sufficient resource supply of the process. In addition to that, they have to care for the right measurement tools (performance indicators) and continual improvement.
Figure 5.7: Example of a process map
Once this process map is sketched and approved by top management every process has to be defined in more detail by process owners until in level two or three a clear structure is achieved which can be displayed in a flow chart. In these flow charts step after step of the processes are defined and adjusted together with some additional information:
Responsibilities
Corresponding documents and records
Interfaces with other processes
Flow of information
A process owner also to find the right performance indicators because the ISO standard demands monitoring and improvement of processes. Most of the time output indicators (customer satisfaction, productivity, yield, etc.) are defined but in many cases input or process indicators could be of great help (e.g. cost, time, quality).
Of course this detailed definition of processes needs to be coordinated by the quality manager or/and the external experts. At the end of this phase the company has a well defined process map or model where different levels lead to detailed descriptions of procedures which have to be linked to the QM handbook as
Support processes Support processes Management processes Management processes
KP3: Marketing
KP3: Marketing Customers Customers
MP1: Strategic MP1: Strategic Contolling
SP1: SP1: Maintenance
RP3: Human RP3: Human Resources
Key processes
SP2: SP2: Procurement
KP2: Production KP2:
Production KP1:
Research and Development KP1:
Research and Development
79
described in the preceding chapter.
5.6 Final implementation – QMS kick off
Now, as the formal aspects of the QMS are established the official release of the system should be the next step. Management and the management representative have to ensure that every process and procedure, which is followed together with every document and form, which is used in the organisation has to be part of the QMS from now on. On the one hand the new tools have to be provided by the system and on the other hand the users have to have the capability to work with them. Normally employees are informed about the system in advance but now they have to be trained in procedures and tool handling in quality relevant areas, which could be an extensive task especially in larger companies.
5.6.1. Training
Planning and deploying QMS training is a critical factor in many ways. First: numerous organisations fail in the certification audit because employees do not know the relevant quality documents and procedures as individually they do not operate with them. Second: training costs a lot of time and a lot of money – this is why management tries to keep the training efforts low and third: customized training is required for every class of employees.
For all of these reasons companies create training plans wherein classes of employees are defined and connected with training contents inclusive dates in form of a matrix. These training plans should be finished before the official start or release of the QMS is done. Of course not only blue collar workers have to be trained, a high percentage of employees of all departments and hierarchies will have to take part in different training initiatives. In general there are four types of trainings used during an QMS implementation:
Management training: provides upper and middle management with an overview of the ISO standard, the requirements and what they look like at the own location (changes in processes or responsibilities) are discussed, and maybe it is told about the benefits of certification explained.
Start-up training: provides all employees with an introduction to the QMS and how the management intends to implement it. Especially what the next steps will be and how individuals will be affected by the QMS.
Point training: provides all or most employees with information regarding specific procedures and working instructions such as design & development, production processes, equipment handling or corrective actions.
Customized training / Training plans
80
Work instruction training: trains all employees on the documentation describing their jobs. This training can be minimal if the employee is already doing the job, but helps ensure that everyone is doing the job correctly and in the same way.
As mentioned above, an effective and efficient training process is absolutely crucial for the future success of the QMS and must be defined quite soon in the project so that everyone will be ready to use the QMS from the end of its implementation.
5.7 Internal Audit
Internal Audits – also known as First Party Audits - are normally used before the first official certification and in addition during two following independent audits. The organisation should conduct internal audits at planned intervals to determine two different characteristics of the quality system. Firstly it should prove the conformity to the planned arrangements, to the requirements of the international standard and to – their own – quality management system requirements and secondly the effective implementation and maintenance.
The flow of the internal Audit consists of three major steps and is defined in a documented procedure:
Prearrangement, information and scheduling: all involved persons should be informed on time when and how long they should be prepared for the internal audit.
Controlling QM documents: these documents could be QM handbook, process descriptions, quality reports, procedures, working instructions, etc. An experienced auditor will recognize the critical areas and elements and will focus his interview on these fields.
Internal audit: (introduction, analysing and testing, variation description, final report, and documentation) most internal auditors use a predefined checklist which is the output of the preceding document controlling phase for interviews and make additional site inspections. Audit checklists ensure that nothing is missed, highlight critical areas and provide a record of the acceptable and unacceptable evidences. All unacceptable evidences must be recorded in detail for future tracing and for non compliance reporting. Every action during the audit should follow the circle: ask – look – check – record.
An audit program should be planned, taking into consideration the status and importance of the different processes running in the company. The criteria for the audit, scopes, frequencies and methods should be defined. Especially in smaller companies the management representative is also the auditor. This person is responsible for the audit, should be objective and impartial, the only
First party audit / Preparation and behaviour / Audit report
81
restriction is to audit the own work. To sum up, there are 8 major points which describe the behaviour of an internal auditor during the auditing process:
Act goal oriented
Determinate employee motivation
Define your minimum standards of acceptance
Consider benefit and work relationship
Count only facts and no assumptions
If a nonconformity is found do not criticise, look for the reasons, record all details, try to assess if the nonconformity is a single case of if it is “normal”
Understand yourself as a partner of the auditees
Communicate honestly (explanations, open ended questions, good listening)
As a result an audit report with all nonconformities is generated and presented to the management. Such a report should include:
Scope and target of the audit
Date and signature of auditor
Members of the audit team
Referring documents (ISO 9000:2008, QM handbook, etc.)
Detected Nonconformities
Assessment of ISO standard conformance
Capability of QMS achieving the defined quality objectives
The management who are responsible for the organisation being audited should ensure that identified problems (corrective and preventive improvement activities) are solved without delay. The objective is to detect and eliminate the reasons for nonconformities and their causes. Following activities should include the verification of these actions and the reporting and documentation of the results.
Only when the results of the internal audit shows a high conformance to the ISO 9000 standards should a company apply for an external audit, which is the next logical step. If many major nonconformities are detected during the internal audit, the company should really think about postponing the external audit and work on the elimination of nonconformities. This is particularly so when problems emerge among employees and new/further training is required which often costs more time than fixing documentation or system problems.
82
5.8 External audit
External audits, certification audits or third party audits are the highlights of all ISO 9000:2008 implementation processes. Many problems and surprises could be avoided with a professional choice and management of the certification process because a lot of companies underestimate the importance of this part.
5.8.1. Certification Body
When choosing a certification body to carry out ISO 9000:2008 certification, there are some aspects an organization needs to take into account. The first point is that an organization can implement ISO without seeking certification, but many reasons speak for an independent audit: for example if it is a contractual or regulatory requirement, if it is a market requirement or to meet customer preferences or if the management thinks it will motivate staff by setting a clear goal for the development of the management system.
If the decision has been made to apply for a certificate some criteria for the choice of the certification body should be taken into account:
It has to be clarified whether or not the certification body has been accredited and, if so, by whom. Accreditation means that a certification body has been officially approved as competent to carry out certification in specified business sectors by a national accreditation body.
The cheapest certification body might prove to be the most costly if its auditing is below standard, or if its certificate is not recognized by the company’s customers.
It should be evaluated whether the certification body has auditors with experience in the organisation’s business sector.
Maybe most of all “harmony” between auditor and auditee should be taken into consideration because both sides have to cooperate for a long period of time.
Choosing a certifcation body
5.8.2. The certification process
The certification process is never a one day activity. It takes some preparation and cooperation with the external auditors because they need to be informed about the formal aspects of the company’s QMS, like the handbook and procedures plus some basic data of the company itself (size, branch, etc.). For this reason the cooperation with the certification body will occur in some steps, like a first information meeting, maybe a pre-audit,
Information meeting / Pre-audit / Certification audit / Surveillance audit
83
the certification audit and periodical surveillance audits.
An information meeting will be the first opportunity for the company representatives to meet the so called registrar (external auditor) who will perform the ISO 9000 quality audit. In this meeting the timetable of the certification phase is adjusted and the form of cooperation is discussed.
Although a pre-audit is not a formal requirement for certification, it could be a highly beneficial step for many organisations because documentation is reviewed according to the requirements of the appropriate standard. A pre-audit will help to educate management and staff on third party auditing. It will also eliminate many possible surprises and it will help assure those people who are implementing the quality system that the process is on track for successful certification.
Certification audit: in addition to assessing whether or not the organisation is in compliance with the applicable ISO 9000 standard, the final audit also assesses whether the system is implemented effectively and is capable of achieving the quality and objectives of the company’s product or service. The size of the business will determine the number of auditors needed to perform the formal certification audit. Many small businesses or offices may be audited by a single auditor in a day, while very large organizations may be audited by several auditors over several days. The auditor(s) will evaluate the elements of the quality management system according to the requirements of the appropriate ISO 9000 standard.
Audits are typically performed by:
Touring the facilities and observing ongoing operations
Interviewing employees
Reviewing documentation and evaluating quality-related records.
In most cases at the conclusion of the audit, a closing meeting is conducted during which any identified problems are reviewed. If all goes well, the organisation will be recommended for certification and will be issued an ISO 9000 certificate. If nonconformities are identified required follow-up actions are defined by the auditor. Certification is generally not considered a “pass / fail” activity but an eventual certainty, unless the company decides not to proceed or is simply unable to correct it’s problems.
Once certification is achieved, the auditors will return periodically for routine surveillance visits. These follow-up examinations ensure that the management system continues to operate effectively and continual improvement activities are
84
implemented.
Finally for the enterprises: if the organization is certified to ISO 9001:2008, the full designation should be used, not just ISO 9001 because latter one might concern either the 2008, or 2000 or 1994 version.
5.9 Continual improvement
Continual Improvement is one of the cornerstones of the ISO 9000 standard and can be found in almost every single element. Every company selects its own approach on how to achieve this target because “the right way” of improvement actions is determined by several factors like speed of change, knowledge level of employees, application of tools, number of hierarchies and leadership style. Independent from this, the ISO 9000 standard demands that every single individual has to know the quality goals and how he or she may contribute to them. For this reason continual improvement has to be established on every level of processes and in every element of the QM handbook whereby three main levels of improvement can be subdivided:
Top management improvement: this organisational level has to take care that the framework for a QMS in working order (effectiveness and efficiency) is permanently improved, products fulfil customer requirements and use mainly the instrument of management reviews which is described in the ISO 9000 standard (audit results, customer feedback, Process performance, product conformity, preventive and corrective actions, recommendations for improvement, etc.).
Process owner improvement: as already mentioned, process owners have to take care of the optimum performance of their processes and have to monitor, measure and improve them continuously. The main instrument is the use of process oriented performance indicators.
Employee improvement: every employee is responsible for producing the best possible quality (zero waste and zero defects) and for this reason continuous improvement process (CIP) activities like proposal systems or quality circles are established.
Many companies face the problem that after a successful certification audit everybody returns to normal business where continual improvement actions are reduced to a minimum. As mentioned above, the ISO standard demands permanent activities for continual improvement, which should animate companies to keep up their efforts for high customer satisfaction and efficient internal processes. It can easily be
Management review / Process management / Continuous improvement process
85
seen that both elements are definitely success factors of almost every company. Companies which use the QMS as their improvement driver develop success oriented QMS structures; in contrast to that so called “certification QMS” fulfil the minimum requirements but do not boost their company towards a quality leader on the markets.
As a lesson learned many companies use internal audits (system audits, process audits, etc.) as a regular tool and discuss the results in the form of corrective and preventive improvement actions standardised in several management meetings. Companies that have achieved such an integrated improvement where the QMS is the main instrument for standardisation, measurement and improvement have reached one of the highest levels in QM.
86
CHAPTER 6. ADDITIONAL REQUIREMENTS
As stated in chapter 4.2 of the present guidelines, ISO 9001 does not only consider customer requirements but also regulatory and legal requirement. In this framework sometimes a company in order to obtain an ISO 9001 certification must meet other requirements as well. These other requirements can be other management systems standards, European directives, technical standards or national laws, presidential degrees and directives.
6.1. Management system standards
ISO 14001: Environmental management system belongs to the ISO 14000 series of international standards on environmental management. ISO 14001 is the standard that specifies the requirements for the certification of an organisation that has implemented an environmental management system.
ISO 14001 is meant to develop a systematic management approach to the environmental concerns of an organization. The goal of this approach is continual improvement in environmental management.
Requirements of ISO 14001 standard described in chapter 4 of the standard are categorised in:
General requirements
Environmental policy
Planning
Implementation and operation
Checking and corrective actions
Management review
ISO 9001 gives in Annex 1 the correspondence between the two standards.
ISO 14001: Environmental management system
EMAS: Eco Management and Audit Scheme is a voluntary standard designed by European Commission and intended to be used by both private and public organisations throughout European Union and European Economic Area. Since 2001 EMAS has integrated ISO 14001 as the environmental standard required by EMAS.
EMAS aims at organisations that want to evaluate, report and improve their environmental performance.
EMAS: Eco Management and Audit Scheme
HACCP: Hazardous analysis of Critical Control Points is a standard HACCP:
87
applying in the food industry. It aims at eliminating risks for health and hygiene related to all stages of the food industry: supplies, manufacturing, storage and distribution.
HACCP involves seven principles:
Analyse hazards.
Identify critical control points.
Establish preventive measures with critical limits for each control point.
Establish procedures to monitor the critical control points.
Establish corrective actions to be taken when monitoring shows that a critical limit has not been met
Establish procedures to verify that the system is working properly
Establish effective record keeping to document the HACCP system.
Although an American system, HACCP has been adapted by many European organisations and in some countries it is legally required.
HACCP applies to all companies that produce, store and distribute food products.
Hazardous analysis of Critical Control Points
OHSAS 18001 Health and Safety Management System is intended to help an organisation to control occupational health and safety risks.OHSAS 18001 was created by a number of the worlds leading national standards bodies, certification bodies, and specialist consultancies. OHSAS 18001 has been developed to be compatible with the ISO 9001 and ISO 14001 management systems standards, in order to facilitate the integration of quality, environmental and occupational health and safety management systems by organizations, should they wish to do so. OHSAS 18001 can be applied to all types of companies and organisations The OHSAS specification gives requirements for an occupational health and safety management system, to enable an organisation to control its risks and improve its performance. It does not state specific occupational health and safety performance criteria, nor does it give detailed specifications for the design of a management system.
OHSAS 18001: Health and Safety Management System
ISO 17799: Information Security Management System is ‘a comprehensive set of controls comprising best practices in
ISO 17799: Information
88
information security’. It was published in December of 2000, based on the British standard BS7799 and since then it gained worldwide recognition in the information security industry.
The ISO 17799 standard comprises ten prime sections:
Security Policy
System Access Control
Computer & Operations Management
System Development and Maintenance
Physical and Environmental Security
Compliance
Personnel Security
Security Organisation
Asset Classification and Control
Business Continuity Management (BCM)
Within these sections are the detailed statements and clauses that comprise the standard itself.
Security Management System
A company that operates in the construction industry, undertaking public or private works that want to be certified with ISO 9001:2000 standard in the framework of its quality management system should take measures for the occupational health and safety of its employees and for the protection of the environment. In this case the adoption of ISO 14001 and OHSAS 18001 standards are recommended.
An enterprise that wants to implement a management system in the 3 domains (quality, security, environment) cannot do it separately: the two or three management systems must be connected and integrated.
Frequently in SMEs, the same person is the manager of all the management systems implemented, for example quality and security.
Norms in quality, security and environment are built on the same principles: processes approach, continual improvement… this gives rules but also facilitates the building of an integrated system.
ISO 9001 doesn’t explicitly require other standards to be applied, However, the implementation and certification with the globally recognised international standards give the company a
Example: Construction industry
89
competitive advantage.
6.2. European Directives and Technical Standards
European Directives and technical standards regulate European companies, products, processes and services. The new approach standardisation in the European internal market is a recent initiative that aims at bringing together the expertise of European Standards Organisation with that of the European Commission and EFTA. All directives and standards can be found In a single web site at www.newapproach.org. This is a first step in promoting awareness of the role that standards can play in developing the single European market.
European Directives and the associated standards regulate a number of different types of companies. For example we can refer to companies that produce, sell or use medical devices, construction materials, personal protective equipment, pressure equipment, toys, etc. Information on mandatory directives and standards can be found in the New Approach web site, National Organisations of Standardisation, Certification Authorities, Chambers of Commerce and in the relevant Ministries.
www.newapproach.org
Production, distribution and use of medical devices are regulated by the European Directive 93/42/EEC. The directive specifies the requirements that medical devices should conform with, the obligation for CE marking and the obligation for the company to have implemented a quality management system as well as a quality control system. In addition for special medical devices other standards apply such as:
EN 1642:1996: Dentistry - Medical devices for dentistry - Dental implants
EN 50323:1999: General requirements for hearing aids
EN 13503-8:2000 Ophtalmic implants - Intraocular lences
Example: Medical devices
90
CHAPTER 7. GLOSSARY
A audit: systematic, independent and documented process
for obtaining audit evidence and evaluating it objectively to determine the extent to which audit criteria are fulfilled.
audit criteria: set of rules, objectives and/or principles used as a reference for inspection actions (such as policies, procedures, requirements, etc.).
audit program: set of audits planned for a specific time frame and directed towards a specific purpose.
auditor: person with the competence to conduct an audit.
availability: capability to realize a function in a specified time.
C capability: ability of an organization, process or system to
realize a product that will fulfil the customer and other interested parties’ requirements.
characteristic: distinctive feature. competence: ability to apply knowledge and skills. concession: permission to release or use a product that
does not conform to specified requirements. conformity: fulfilment of a requirement. continual improvement: recurring activity to obtain
better results with harder objectives. control and inspection: set of operations required to
evaluate nonconformity through observations and measurements.
corrective action: action to correct a detected nonconformity, eliminating the causes which generated it.
correction: action to eliminate a detected nonconformity (such as rework or repair).
customer: organization or person that receives a product.
D defect: non-fulfilment of a requirement related to an
intended use (generally “deduced” by the customer according to the information communicated by the supplier), or specified by the customer. The distinction between the concepts nonconformity and defect is important as it has legal connotations particularly those associated with product liability issues.
dependability: collective term used to describe the organization availability and its influencing factors.
design and development: set of processes that transform requirements into the specifications of a product, process or system.
91
development: see Design. deviation permit: permission to depart from the originally
specified requirements of a product prior to realization. document: supporting medium stating information.E effectiveness: extent to which planned activities are
achieved. efficiency: relationship between the result achieved and
the resources used.
I information: meaningful data. infrastructure: system of facilities and equipment
needed for the operation of an organization. inspection: see Control and inspection. interested party: person or group having an interest in
the performance or success of an organization.
M management: coordinate activities to direct and control
an organization and/or part of it. measurement: activity to measure a quantity. measurement control system: system necessary to
achieve metrological confirmation and control of measurement processes.
measurement equipment: tools needed to operate the measurement process.
measurement process: set of operations to determine the value of a quantity.
metrological characteristic: distinguishing feature of measurement equipment.
metrological confirmation: set of operations required to ensure that measurement equipment conforms to the requirements for its intended use.
metrological function: function for defining and implementing the measurement control system.
N nonconformity: non-fulfilment of a requirement.
O objective evidence: date supporting the existence or
verity of something. organization: group of people and facilities with an
arrangement of responsibility, authorities and relationships.
organizational structure: arrangement of responsibilities, authorities and relationships between people in an organization.
92
P preventive action: action to correct a potential
nonconformity, eliminating the causes which generated it.
procedures: specified way to carry out an activity or a process.
process: set of interrelated activities which transforms inputs into outputs, producing added value.
product: the result of a process. project: process consisting of a set of activities with start
and finish dates undertaken to achieve an objective conforming to specific requirements, including time, cost and resources.
Q quality: degree to which a set of inherent characteristics
fulfils customer requirements and of the other interested parties.
quality assurance: set of correlated activities, part of the quality management system, capable to guarantee the observance of the requirements.
quality characteristic: inherent characteristic of a product, process or system related to a requirement.
quality control: set of related operations part of quality management, required to monitor results to quality and control requirement fulfilment.
quality improvement: part of quality management focused on increasing the capability of the organization itself.
quality management: coordinated activities to direct and control an organization with regard to quality.
quality management system: management system to direct and control an organization with regard to quality.
quality manual: complex document describing the whole quality management system of an organization.
quality objective: objective related to quality. quality plan: document specifying which procedures and
associated resources shall be applied to a specific process, product or project.
quality planning: part of quality management focused on setting quality objectives and process definition.
quality policy: overall objectives of an organization related to quality, as formally expressed by top management.
R record: document stating results achieved or providing
evidence of activities performed (for example, a control).
93
release: permission to proceed to the next stage of a process.
repair: action on a nonconforming product to make it acceptable for the intended use. Unlike reworking, repairing can involve specific parts of a product.
requirement: need or expectation that is stated, generally implied or obligatory.
review: activity undertaken to determine the suitability, adequacy and effectiveness of the subject matter to achieve established objectives.
rework: action on a nonconforming product to make it conform to the requirements.
S scrap: action on a nonconforming product to preclude its
originally intended use, such as destruction, recycling, etc.
specification: document stating requirements. supplier: person or organization that provides a product. system: set of interrelated elements.
T top management: leaders - a person or a group of
people - managing an organization who establish objectives and try to achieve them.
traceability: ability to trace history, application or location of that which is under consideration.
V validation: confirmation, through the provision of
objective evidence, that the requirements for a specific intended use or application have been fulfilled.
verification: confirmation, through the provision of objective evidence, that the specified requirements have been fulfilled.
W work environment: set of interacting variables which
constitute the contest where people work.
94
BIBLIOGRAPHY
Standards
ISO 9001:2008 ISO 9001:2000 ISO 9000:1994
Literature
Joseph M. Juran. Juran’s Quality Handbook – 5th ed. Mac Grew Hill
Brassard, Michael & Diane Ritter (1994). The Memory JoggerTM II. A Pocket Guide of Tools for Continuous Improvement & Effective Planning. First Edition. Salem, the United Sates of America: GOAL/QPC.
European Committee for Standardization CEN (2000). Quality management systems – Fundamentals and vocabulary (ISO 9000:2000). Management Centre: rue de Stassart, 36 B-1050 Brussels.
European Committee for Standardization CEN (2000). Quality management systems – Requirements (ISO 9001:2000). Management Centre: rue de Stassart, 36 B-1050 Brussels.
ISO´s Technical Committee ISO/TC 176/SC 2 (2001). ISO 9000 Introduction and Support Package: Guidance on the Documentation Requirements of ISO 9001:2000. Available at: http://www.bsi.org.uk/iso-tc176-sc2.
Paris, Christopher (2003). The Complete Guide to Understanding & Implementing ISO 9001´s Process Management Requirements. Part Two: Defining & Mapping Your Company´s Processes. Available at: http://www.oxebridge.com/news.asp?ID=157
Secretariat of ISO/TC 176/SC 2 (2003): (Draft) ISO 9000 Introduction and Support Package: Guidance on “Outsourced processes”. Available at: http://www.bsi.org.uk/iso-tc176-sc2
Web referenceshttp://europa.eu.int/comm/enterprise/enterprise_policy/analysis/doc/execsum_2002_en.pdfhttp://europa.eu.int/comm/enterprise/enterprise_policy/sme_definition/index_en.htmhttp://europa.eu.int/comm/enterprise (SMEs in focus. Observatory of European SMEs 2002, European Communities, 2002)http://www.iso.ch/iso/en/iso9000-14000/pdf/survey12thcycle.pdfhttp://www.eiso.czhttp://www.iso.cz
95
http://www.fmmi.vsb.cz
96
