Quality System Guidance: 2000 Quality Certification Bureau ...kvaliteta.inet.hr/e-quality/prethodni/6/QM 2000.pdf · Quality Certification Bureau Inc. ... The information and guidance

Quality System Guidance: 2000

Quality Certification Bureau Inc.

Overview of ISO 9001:2000 Quality Management System

The information and guidance contained in this booklet is intended to be used for informational purposes only. It is not intended to be taken as or in place of professional advice offered specific to your organization.

Apr 15/02/Rev.10 /lb/ word/qcb/standards/iso9001y2kthirdedition

Page 2 of 62

Welcome to Quality System Guidance: 2000 The aim of this Quality Sytem Guidance: 2000 Guide is to provide organizations with clear, easy to follow information on the ISO 9001: 2000 Standard. This guide is suitable for organizations that are: þ currently registered to one of the ISO 9000 standards and must upgrade their

system to ISO 9001:2000 þ organizations not currently registered and are seeking reliable, general information

to understand ISO 9001 requirements Whether you are actively developing your plan to transition your existing ISO 9001 system to the 2000 edition of the standard or you are new to the world of quality management, this guide will be a valuable tool in your library. This Guide is made available free of charge. The information contained within is presented by Quality Certification Bureau Inc. It is one of our fundamental values that as an accredited registrar, QCB offers selected information relating to International System Standards, free of charge to the marketplace.

Page 3 of 62

Introduction

Section Content

vv Quality Management Systems (Section 1)

vv Transition Planning Basics & Tips (Section 2)

vv ISO 9000 Overview - A Quality Focus (Section 3)

vv Top management responsibilities in ISO 9001:2000 (Section 4)

vv ISO 9001:2000 requirements & guidance (Section 5)

vv QCB Registration Services and Request for Information Contacts (Section 6)

Page 4 of 62

Quality Management Systems Section 1

What are they? All businesses, large and small, already have an established way of doing things, i.e. how their business is managed. Quality systems standards identify those features that can help a business consistently meet their customer’s requirements. They are not about imposing something totally new. Quality systems are about evaluating and documenting how and why things are done, and recording the results to show it was completed. Most businesses will already be carrying out many of the operations that the standards specify. Why have one? Some purchasers in both the private and public sectors are looking for the confidence given by a business having a demonstrated quality system. While meeting these expectations is one reason for having a quality system, there are other reasons. These may include the following:

! Improvement of performance, co-ordination and productivity. ! Identification of your business objectives and your customer’s expectations. ! Achievement and maintenance of the quality of the product provided, to

continually meet the purchaser’s i.e. customer’s stated or implied needs. ! Management has confidence that the intended quality is being achieved

and maintained. ! Evidence to purchasers and potential customers of the organization’s capabilities. ! Certification/Registration. ! Opportunity to compete on the same basis as larger organizations.

While the quality system can help in achieving these expectations, don’t forget that it is only a means and cannot take the place of the goals you set for your business. You should regularly review and upgrade your quality system to ensure that worthwhile and economically viable improvements are achieved. In the 2000 edition of the ISO 9000 standards, there is a clear path of quality improvement mandatory requirements that can be used as a basis for improvement programs. A quality system, on its own, will not automatically lead to improvement of work processes or your product quality. It won’t solve all your problems. It is a means for you to take a more systematic approach to your business. Quality systems are not just for big companies. Since quality systems are about how the business is managed, they can be applied to all sizes of companies and to all

Page 5 of 62

aspects of management, such as marketing, sales and finance, as well as the core business. It is up to you to decide the extent of application. Quality system standards are generic in nature and concerned with how the business operations are managed. Because of this, it is often difficult for some business sectors to understand how to apply to their specific fields. When implementing a Quality Sysytem the following questions should be considered: ! How will this system help our customers? ! How will this system help our organization? ! What can we change to make it better? ! Does this meet the intent of the standard? System standard vs. Product standard

Quality system standards should not be confused with product standards. Most organizations, new to the concepts of quality systems and in particular the ISO 9000 series of standards, confuse product quality with the concept of quality management. The use of product standards, quality system standards and quality improvement approaches are all different means of improving your customer’s satisfaction and the competitiveness of your business and they are not of each other. Paperwork driven system? Quality systems should not result in excessive bureaucracy or paperwork or lack of flexibility. Practically all businesses will already have a management structure and this should be the basis on which the quality system is built. You will probably find that you are already carrying out the requirements of the standard but have not recorded how. Maximum use should be made of existing personnel, capabilities and documents. Changes or additions should be made only if they are absolutely necessary. What does Certification/Registration mean? Certification may be regarded as the formal recognition by others of your quality system. In some areas, certified quality systems are considered to be registered and the term “registration” is used instead of certification. If you are considering certification/registration, your first step is to hold discussions with the certifying bodies to find out what is offered, what the likely costs are, the period for which the certification/registration will apply and how frequently they will want to look at your quality system. Some bodies may include an initial pre-assessment in their offer. This can be of major benefit in finding out what needs to be done. Before the actual certification/registration, it is essential to have the system in place and running for a few months. This will also save you time and money.

Page 6 of 62

Certification/registration bodies do not operate on the principle of “what is going to happen.” They want to see what has happened. A few months of records demonstrating the operation of your quality system will be worth more than all the promises. The other benefit is that you can see the system in operation and have the opportunity to fine-tune the system. Any problems that you find can be rectified at this stage will simplify the certification/registration process. Purchase of Standards and Guideline documents Canada Standards Council of Canada United States American Society for Quality Ph: 613.238.3222 Ph: 1.800.248.1946 www.scc.ca www.asq.org Direct contact: IHS Canada 1.800.267.8220

Page 7 of 62

Transition Planning Basics & Tips Section 2 “Printed with permission by Kathy Roberts (Sunrise Consulting, Inc.) and Jeanne Ketola (Pathway Consulting, Inc.) from their RAB Approved ISO 9001:2000 Transition Course.”

Transition planning basics Companies holding an ISO 9001, ISO 9002 or ISO 9003 (1994) registration have until Dec. 15, 2003, to become compliant to ISO 9001:2000. Typically, registrars will verify compliance to the new requirements during their routine surveillance audits. Everyone knows how quickly three years can pass, so organizations should develop transition-planning activities as soon as possible. The following transition strategies are considered "high-level" and do not include all of the details. Transition Strategies 1. Discuss changes with top managers to ensure their commitment. 2. Determine and plan resource allocation. 3. Appoint an ISO 9001:2000 transition team and project leader. 4. Ensure that the transition team is adequately trained and understands ISO 9001:2000. 5. Contact the registrar to confirm transition policies and timing. 6. Ensure that internal auditors are trained in ISO 9001:2000. 7. Develop a high-level project timeline with assigned tasks, personnel and due dates. 8. Ensure frequent timeline review so the project stays on track. 9. Determine and provide training on the changes for appropriate personnel. 10. Involve top management throughout the transition process. The transition time for each organization will vary depending on several factors: Management commitment--This is the most important factor in a successful transition. Management must allocate adequate resources and time to implement the new requirements. Management must also be committed to upgrading the system. Maturity of the quality management system--If an organization already has effective systems in place for the new requirements, the transition time will be shorter. Conversely, if it only has a basic system in place, it will take longer to develop and implement systems to meet the new requirements. Adequate resources--Without enough resources assigned to the transition plan, the activities won't get implemented in time. Solid action plan--The plan should include a timeline, a list of specific activities, personnel involved and due dates. A frequent timeline review is necessary to ensure that the plan stays on track and that any roadblocks can be dealt with right away.

Page 8 of 62

Transition planning tips When developing the transition plan, organizations should focus on the following key topics: documentation, training, auditing and management. These four areas will require modifications due to ISO 9001:2000's new requirements. Following are a few tips for each category that will help get the transition process started.

Documentation • Identify and document quality management system processes within the quality

manual. • Develop a cross-reference matrix that shows how the ISO 9001:2000

requirements are aligned within the existing documentation structure. • Determine if any gaps exist in documentation, and develop actions to close the

gaps. • Utilize the existing quality manual as a springboard for new documentation. • Consider whether this is a good opportunity to streamline existing

documentation.

Training • Identify training needs, and ensure that training supports the achievement of the

quality objectives. • Define personnel competency needs. • Determine how identified competencies will be communicated (e.g., job

descriptions and training plans). • Train personnel to handle any new changes that affect them, and record the

training. • Determine and document established criteria to verify training effectiveness.

Auditing

• Provide ISO 9001:2000 training for internal auditors. • Reduce the scope of audits by breaking them into smaller chunks until auditors

become comfortable with the changes. • Review the audit plan, and ensure that audits are grouped logically (i.e., 5.1, 5.3,

5.4.1, 5.4.2). • Ensure that enough objective evidence is available to confirm the effectiveness

of the quality management system. (This may require three months of records.) • Modify audit checklists to align with ISO 9001:2000's requirements.

Page 9 of 62

Management • Ensure that the resources for implementing the upgrades are allocated. • Review the quality policy, and ensure that it aligns with the quality objectives. • Ensure that quality objectives are measurable. • Ensure that quality objectives are established at relevant functions within the

organization. • Confirm that people are aware of how they contribute to the achievement of the

quality objectives. • Evaluate how well current measurements and data are used as a basis for

quality management system improvement. Ensure that the measures support quality objectives.

• Review how customer information is currently monitored. Ensure that necessary changes are made to include customer perceptions as one of the measures of performance of the quality management system and that methods and the use of such information is included.

• Ensure that the continual improvement of the quality management system is effectively planned and implemented.

• Ensure that supplier relationships are included in improvement activities.

A Sample Transition Planning Model

ABC Company, located in San Francisco, California, began its transition planning activities last fall by requesting an internal assessment to ISO 9001:2000. The Internal Auditors had attended two separate courses on ISO 9001:2000. The Quality Assurance Manager, Joe Smith, was present during the assessment and stated that issues within Section 4 Quality Management System and Section 8 Measurement, Analysis and Improvement were noted during the audit. The audit team noted the following noncompliances: 4.1 General requirements: Processes needed for the quality management system and their application throughout the organization were not identified. 4.2.2 Quality manual: No description existed of the interaction between the processes of the quality management system. 8.2.2 Internal audits: No evidence existed that previous audit results are considered during audit planning; reporting on verification results was not included in follow-up activities.

Page 10 of 62

8.2.3 Monitoring and measurement of processes: Methods were not applied for monitoring processes within the quality management system. 8.5.3 Preventive action: There was no documented procedure for preventive action requirements.

Summary When asked what major challenges ABC faces in making the transition to ISO 9001:2000, Joe Smith cites the organization of the company's current activities in accordance with the new requirements. "This includes using a matrix to link the 'new' numbering system to the 'old' 1994 numbering system and ensuring that relevant documentation addresses the new requirements," explains Smith. "Another challenge is ensuring our effort of showing that the interaction between the processes of our quality management system is correct and has management's approval. We further need to clarify current objectives and goals, set up to monitor them effectively and make them visible. Our final hurdle is training all employees about the changes and getting the internal auditors trained and ready." For ABC Company, the transition has been easier than expected because the ISO 9001:2000 standard contains requirements for systems that the organization already has in place, such as measuring customer satisfaction. (For six years, ABC has been conducting customer satisfaction surveys that have been used as a management tool to help identify how well it's satisfying its customers.) For organizations developing their transition plans, Smith offers this advice: "Train each department's personnel separately by focusing on the changes in requirements for their specific area. Because the standard is more 'business friendly,' show management how some of the systems--such as customer satisfaction surveys, product teams reducing defects, and stated goals and objectives--are already in place. Set your plan first. Review the changes in the standard against what you do in your company. Consider a pre-assessment by a third party. Perform a gap analysis of any observations or findings from the pre-assessment in order to determine who needs to do what to meet the requirements. Obtain target dates from those employees that will be responsible. Follow up on the assigned items until they are closed. Finally, perform an in-house audit to the new requirements to determine the readiness of your facility."

Page 11 of 62

With less than 36 months left to comply with ISO 9001:2000, organizations must avoid pitfalls in the transition planning process that will cost them unnecessary delays and wasted time. The following list offers some of the common pitfalls, but there are more, and organizations need to consider what additional problems may occur. q Total commitment from management and/or transition team members isn't secured

before the transition. q Management isn't trained in the new requirements. q Personnel undocument the organization's current documentation. q Appropriate personnel aren't provided training on new documentation.

q Adequate resources aren't allocated to implement the transition plan activities. q Internal auditors aren't adequately trained in ISO 9001:2000. q Pertinent information about the transition isn't effectively communicated within the

organization. q The organization waits until the last minute. q No formal plan is developed. More Information Do you need any more information? Some sources of advice that you may be able to consult are: ! Industry or professional associations ! Internet sites

! Other businesses working on a transition plan to ISO 9001:2000 ! Certification/registration bodies ! Consultancies ! Customers

Transition Planning Pitfalls

Page 12 of 62

DEFINITIONS For the purposes of the International Standards, the definitions given in ISO 9000 and the following definitions apply. Product: result of a process Process: a set of interrelated or interacting activities which transform inputs into outputs Customer satisfaction: customer's perception of the degree to which the customer's requirements have been fulfilled Quality: degree to which a set of inherent characteristics fulfils requirements

Page 13 of 62

ISO 9000:2000 Overview ~ A Quality Improvement Focus Section 3 The ISO 9000 Series of Standards The original ISO 9000 family, issued in 1987, was based on the understanding of an earlier era in which quality was thought to be primarily a technical discipline – the preview of the quality professional. In the 1980s, we discovered that this view was incomplete. We heard the slogan “Quality is a human resources problem, not a technical problem.” So programs were developed to get workers involved in quality improvement. Today, most organizations understand that all work is accomplished through processes that are most effective when they are actively managed. As the 1990s, advanced it became clear that quality has both a technical and a human side. It is not surprising to find this maturing of quality thinking and application in the mid-1990s reflected in revisions to quality system standards. This natural progression did not directly create the need to revise the ISO 9000 family; but it may be useful to view the most recent edition, ISO 9000:2000, in the context of the evolution of quality thinking. Quality Management Principles Technical Committee (TC) 176, the group responsible for the ISO 9000 family, developed a consensus on a set of quality management principles. The eight principles which resulted from this work have been used as the foundation for the ISO 9000:2000 series of standards. These principles were a basis for developing ISO 9001:2000, but they do not formally appear in that document. While each principle has a place within the ISO 9001 requirements, the extent of application to ISO 9001 is quite limited compared with its application in the new ISO 9004. Eight Quality Management Principles

u Customer focused organization u Leadership u Involvement of people u Process approach u System approach to management u Continual improvement u Factual approach to decision making u Mutually beneficial supplier relationship

TWO KEY STANDARDS

ISO 9001 & ISO 9004ISO 9001 & ISO 9004

• Intended to be used together

• Intent was to create a user-friendly pair of

standards applicable to all types of product

and all sectors of the economy

Page 14 of 62

ISO 9001:2000 vs. ISO 9001:1994 There are three characteristics of ISO 9001:2000 that make it different from its predecessors: 1. Focus on processes. The ISO 9001:2000 standard is based on a typical business

process: activities where inputs are converted into outputs. The process approach ensures that the relationships between requirements and elements are much more visible than in the old standards.

2. Focus on customer satisfaction. While the old standards were based on meeting

customer requirements, ISO 9001:2000 recognizes that quality is more than doing what is required by the contract with the customer. Quality is based on both objective and subjective criteria. Customer satisfaction is introduced as a mandatory concept in ISO 9001:2000.

3. Continuous improvement. The new standard is clearly based on the continuous

improvement cycle: plan, do, check, and act. There are now specific requirements for gathering data (measurements), analysis of these data and improvement.

Five major clauses of ISO 9001:2000

ISO 9001:2000ISO 9001:20005 MAJOR SECTIONS 5 MAJOR SECTIONS

• Quality Management System

• Management responsibility

• Resource management

• Product realization

• Measurement, analysis and improvement

Page 15 of 62

Management Responsibilities Section 4

Role of top management There is a great emphasis in the standard on the role of top management. Top management must establish policy, set measurable objectives, and conduct management reviews. These duties are not new. The top management duties, new in ISO 9001:2000 edition, relate to customer focus. Top management must communicate the importance of meeting customer and regulatory requirements. This includes ensuring that the needs and expectations of the customers are understood, translated into internal requirements, and met. ISO 9001:2000 is also much more specific about the areas to be considered in management reviews. Customer satisfaction and continual improvement In addition to customer focus, the standard also emphasizes customer satisfaction as part of top management’s role. Information on customer satisfaction must be monitored as one of the measurements of quality management system performance. The organization must collect and analyze data to provide information on customer satisfaction. The standard has a requirement that the organization plan its activities for continual improvement of the quality management system. The measurable objectives of the organization must be set with improvement in mind. Measurement, collection, and analysis of data are required as methods for identifying areas for improvement. Resources Another of top management’s roles is to ensure the availability of necessary resources. ISO 9001:2000 has a clause dedicated to the management of those resources. Resource needs must be determined in order to implement and improve the quality management system, as well as to address customer satisfaction. Human resources and competency needs must be determined. As with ISO 9001:1994, needed training must be provided and records kept. The standard also requires evaluation of training effectiveness. Personnel must be made aware of the importance of their activities to meeting quality objectives. The standard also covers the facilities and work environment needed to achieve conformity of the product. The facilities requirement is new but states little more than the obvious fact that facilities must be provided. It is important to remember that the standard does not cover occupational health and safety issues beyond those needed to achieve conformity of product.

Page 16 of 62

Checklist ISO 9001:2000 Section 5

ISO 9001:2000

Quality Management System

Checklist of requirements

4

Page 17 of 62

4 QUALITY MANAGEMENT SYSTEM CHECKLIST

Comply 4.1 General Requirements Y N

N/A

Has the organization established, documented, implemented and maintained a quality management system and continually improved its effectiveness in accordance with the requirements of this International Standard?

Has the organization:

a) identified the processes needed for the quality management system and their application throughout the organization? (see 1.2)

b) determined the sequence and interaction of these processes?

c) determined criteria and methods to ensure that both the operation and control of these processes are effective?

d) ensured the availability of resources and information necessary to support the operation and monitoring of these processes?

e) monitored, measured and analysed these processes?

f) implemented actions necessary to achieve planned results and continual improvement of these processes?

Have these processes been managed by the organization in accordance with the requirements of this international Standard? Where an organization chooses to outsource any process that affects product conformity with requirements, has the organization ensured control over such processes? Has control of such outsourced processes been identified within the quality management system?

Guidance The quality management system should: a. Identify the processes needed for the quality management system. Also, identify all

activities that affect the quality of the product. For example, certain accounting activities (such as payroll) may not be part of the scope of a quality system (unless accounting is a core part of the business).

b. Determine the sequence and interaction of these processes. In order to control

ongoing activities, an organization first needs to know what these activities are. Which activities are carried out, in which sequence, and what is the relationship between them?

c. Determine criteria and methods needed to ensure the effective operation and control of these processes. Activities need to be controlled. This means that they should be organized in such a way that customer requirements are consistently met. As stated earlier, customer requirements are not only the written requirements in contracts; they cover all customer expectations, both objective and subjective. In short, the

Page 18 of 62

quality management system should be beneficial to customers and to the organization itself. In this way it is a management tool, and not a goal in itself.

d. Resources and information are key factors in controlling activities. The quality management system should be a dynamic system. It is not something that is created once and then remains unchanged. Customers change; markets change; organizations change; and the people in an organization change. A quality management system should reflect these changes so that it remains a dynamic tool for serving customers. It should be a help now AND in the future.

e. Monitor, measure and analyse these processes. Improvement is only possible if you

know where to improve. This means that you need to collect data on the effectiveness of your operations. However, data alone will not give you any information. Data will only become useful if you analyse them. This analysis should give you the necessary information to determine where your organization stands.

f. An important addition in ISO 9001:2000 is the requirement to improve the quality management system. This means that it should not only be a tool for control of processes, but also for continuous improvement: knowing performance based on analysis of data and information, and improving the organization based on this knowledge.

Comply 4.2 DOCUMENT REQUIREMENTS CHECKLIST Y N

N/A

4.2.1 General

Does the quality management system documentation include:

a) documented statements of a quality policy and quality objectives?

b) a quality manual?

c) documented procedures required by this International Standard?

d) documents needed by the organization to ensure the effective planning, operation and control of its processes?

e) records required by this International Standard? (see 4.2.4)

Guidance: 4.2.1 Document Requirements – General ISO 9001:2000 requires that certain aspects of the quality management system are documented. Specifically, this includes a quality policy, quality objectives, a quality manual, procedures, planning documents and quality records. Procedures describe what is being done in an organization. They help to make things clear for personnel, and they can also help create consistency in work. A quality management system is not a set of procedures describing every minute detail of an organization’s operation. The quality management system should be an effective, user-

Page 19 of 62

friendly balance of procedures, work instructions and forms, which will assist personnel in their day-to-day work. The effectiveness of procedures depends on how they are applied to an organization. In other words, they should be tailored to an organization. In a small organization with relatively simple processes and activities, procedures should (accordingly) be limited and simple. Larger organizations with more complicated activities should have more detailed procedures, but in all cases the procedures should still be as practical as possible. Please note that ISO 9001:2000 does not in all cases require documented procedures. In some cases there is no need to document existing practices. However, there must still be a procedure in place: a consistent way of performing the work involved.

Note: The following documented procedures are required by ISO 9001:2000.

• Control of Documents • Corrective Action • Control of Records

• Preventive Action • Internal Audit • Control of Nonconforming Product

Comply 4.2 DOCUMENT REQUIREMENTS CHECKLIST (cont’d) Y N

N/A

4.2.2 Quality Manual

Has the organization established and maintained a quality manual that includes a) the scope of the quality management system, including details of and

justification for any exclusions? (see 1.2)

b) the documented procedures established for the quality management system, or referenced to them?

c) a description of the interaction between the processes of the quality management system?

Guidance: 4.2.2 Quality Manual The quality manual is the “road map” of the quality management system. It should give readers an overview of how the quality management system operates. The quality manual must state the scope of the quality management system. This can be communicated in a single sentence stating exactly what the organization does. For example, "The design and manufacture of class 'A' widgets" Exclusions to the standard must be stated in the manual. Exclusions must be limited to requirements within clause 7 and not affect the organization's ability, or responsibility, to provide product that meets customer and applicable regulatory requirements.

Page 20 of 62

The quality manual must include or reference the 6 documented procedures required by ISO 9001:2000 as well as any other documented procedures utilized in the quality management system. ISO 9001:2000 requires that the quality manual contain a description of the interaction between the processes of the quality management system. This discription must clearly indicate how the activities of the organization interact. This can be done effectively in a flow chart; however, any format is acceptable as long as it describes the interaction between all processes of the quality management system (i.e. purchasing, design, inspection, training, monitoring and measuring, etc.).


N/A

4.2.3 Control of Documents Are documents required by the quality management system controlled? Has a documented procedure been established to define the controls needed: a) to approve documents for adequacy prior to issue?

b) to review and update as necessary and re-approve documents?

c) to ensure that changes and the current revision status of documents are identified?

d) to ensure that relevant versions of applicable documents are available at points of use?

e) to ensure that documents remain legible and readily identifiable?

f) to ensure that documents of external origin are identified and their distribution controlled?

g) to prevent the unintended use of obsolete documents, and to apply suitable identification to them if they are retained for any purpose?

Guidance:

4.2.3 Control of Documents The intent of this element is to ensure that people use the correct versions of the correct documents. The use of incorrect or obsolete documents can result in mistakes and, ultimately, in nonconforming product and/or service. New or revised documents should be approved prior to issue. This does not necessarily mean that documents need to be signed. Any form of approval is acceptable as long as the procedure indicates what constitutes the evidence that documents are approved. Once documents are approved, the new or revised documents need to be available at the locations where they are used or needed. Obsolete documents need to be removed or destroyed. If obsolete documents are not destroyed, they should be identified so that people know they are obsolete.

Page 21 of 62

In order to control the use of documents, ISO 9001:2000 requires a method for identifying the current revision status of documents. One way this can be done is by maintaining a master list that identifies all controlled documents and their revision status (number, date, or equivalent). Any controlled document can be compared with this master list to verify if the latest revision is in use. Another possible method that precludes the use of obsolete documents is the use of a master file of original documents (such as drawings). Of all requirements of ISO 9001:2000, this is one that is most likely to be over-applied. It is important not to lose sight of the intent of this requirement: to control the distribution of documents to make sure that work is being carried out according to the correct set of instructions. Document control is basically about making sure that the document that is in use is the applicable approved issue. This is important because people must have the information they need to do the jobs. There is a risk of ending up with complex arrangements for updating and retrieving documents. The standard requires information to be up-to-date, but does not specify how this should be done. There is a lot of flexibility. By adopting the simplest and most practical methods of document control, unnecessary bureaucracy and costs can be avoided.


N/A

4.2.4 Control of Records

Have records been established and maintained to provide evidence of conformity to requirements and of the effective operation of the quality management system? Are records legible, readily identifiable and retrievable? Has a documented procedure been established to define the controls needed for the identification, storage, protection, retrieval, retention time and disposition of records?

Guidance:

4.2.4 Control of Records There is a difference between documents and records. Essentially, documents are used to describe or control how things are to be done and are capable of being revised to reflect changing circumstances. Records are generated as a result of some activity and are statements of facts existing at the time. Records cannot be revised. For example: a form which is used for ordering products and/or services from vendors (purchase order) is a document. A completed purchase order stating what has been ordered from the vendor is a record. Other examples of records are: - minutes of management reviews; - inspection records; - quotations; - customer orders; - audit reports; - training records;

Page 22 of 62

- corrective/preventive action records; - minutes of design review meetings; - completed nonconformance reports. Each organization should identify which records are used and a documented procedure should define how these records are identified, where they are stored, how they are retrieved, how they are protected, what their retention time is, and how they are disposed of. 5 MANAGEMENT RESPONSIBILITY CHECKLIST

Comply 5.1 MANAGEMENT COMMITMENT Y N

N/A

Has top management provided evidence of its commitment to the development and implementation of the quality management system and continually improve its effectiveness by:

a) communicating to the organization the importance of meeting customer as well as statutory and regulatory requirements?

b) establishing the quality policy?

c) ensuring that quality objectives are established?

d) conducting management reviews?

e) ensuring the availability of resources?

Guidance: 5.1 Management Commitment Top management should be the driving force when implementing, maintaining, and improving a quality management system. What people do, and how this affects customers (in other words: the quality management system), cannot be effectively managed without a clear commitment from top management. This is not a commitment in “words”; it is the continuous and active demonstration to everyone in the organization that meeting customers’ expectations is vital for the existence of the organization. As a minimum, top management should: - communicate to the organization the importance of meeting customer as well as

regulatory requirements ; - establish a quality policy and objectives; - conduct management reviews ; and - ensure the availability of resources.

Page 23 of 62

Comply 5.2 Customer Focus Checklist Y N

N/A

Has top management ensured that customer requirements are determined and are met with the aim of enhancing customer satisfaction? (see 7.2.1 and 8.2.1)

Guidance 5.2 Customer Focus Every organization depends on its customers. Without satisfied customers, the organization cannot exist. Therefore, this requirement of ISO 9001:2000 is the core of the quality management system. An organization should be able to answer the following questions on a continuous basis: - What do customers need and what do they expect? - What does this mean for the organization? What is the organization required to do in

order to meet these customer expectations? - Does the organization understand customer requirements and are these

requirements actually met? There should be some method of establishing how the customer requirements are determined. Methods could include: - carrying out market/customer surveys; - access to industry reports; - identification of niche marketing opportunities.

Comply 5.3 Quality Policy Checklist Y N

N/A

Has top management ensured that the quality policy:

a) is appropriate to the purpose of the organization? b) includes a commitment to comply with requirements and continually improve

the effectiveness of the quality management system? c) provides a framework for establishing and reviewing quality objectives? d) is communicated and understood within the organization? e) is reviewed for continuing suitability?

Guidance 5.3 Quality Policy

The quality policy is a clear statement by the organization to indicate what is important in terms of quality. The quality policy establishes: - a commitment to quality; - a commitment to continuous improvement; - what the business does;

Page 24 of 62

- what the quality objectives are, and how they are reviewed. Obviously, the policy needs to be relevant for the type of activities an organization performs. It is important that the quality policy covers the whole organization and is relevant to the expectations of all customers. Therefore, customer requirements should be determined before the quality policy is established. All employees need to understand the quality policy, how it affects them, and their role in the quality system. It is important to keep in mind that the quality policy may be suitable today, but may not be suitable in the future due to changing circumstances. The quality policy must therefore be regularly reviewed for suitability.

Comply 5.4 Planning Checklist Y N

N/A

5.4.1 Quality Objectives Has top management ensured that quality objectives, including those needed to meet requirements for product (see 7.1 a), are established at relevant functions and levels within the organization? Are the quality objectives measurable and consistent with the quality policy?

Guidance 5.4.1 Quality Objectives Planning While the quality policy is a generic statement indicating what is important for the organization in terms of quality, the quality objectives are specific goals to be achieved within a certain time frame. Examples of specific goals are: - reduce scrap by 10% within the next 6 months; - increase customer satisfaction by 10% within the next year; - reduce number of nonconforming products by 15% within the next year; - reduce the number of key vendors from 100 to 25 in the next three years, etc. ISO 9001:2000 specifically refers to quality objectives at the relevant functions and levels within the organization. This means, for example, that an organization with sales, design, purchasing, and production departments (functions) needs to have quality objectives for each department, in addition to quality objectives for the organization as a whole. An organization is free in choosing the quality objectives, as long as they are relevant to the products/services of the organization and the quality policy. Quality objectives must

Page 25 of 62

be measurable and must include objectives directly related to the products or services of the organization.

Comply 5.4 Planning Checklist (cont’d) Y N

N/A

5.4.2 Quality Management System Planning Has top management ensured that: a) the planning of the quality management system is carried out in order to meet

the requirements given in 4.1, as well as the quality objectives? b) the integrity of the quality management system is maintained when changes

to the quality management system are planned and implemented?

Guidance 5.4.2 Quality Management System Planning How is quality achieved? Once the customer’s requirements are known, it is important to plan the activities necessary to deliver the desired product and/or service, to achieve the quality objectives, and to ensure continual improvement. This includes identifying activities necessary to deliver the product and/or service, necessary resources, verification activities (such as inspections), criteria for acceptability of product and/or service, and the records to be established in the process. Planning does not have to be a sophisticated process. Examples of documenting planning activities are: - the quality manual and associated procedures; - work orders; - travellers; - production plans. Planning should be consistent with the complexity of the organization. For example, a small organization with routine processes can choose to document their planning activities in a set of simple procedures. A larger organization with customized products and/or services will need to document how quality will be achieved for each customized order in work orders and/or travellers. Planning should not only apply to delivering the required product and/or service and achieving quality objectives, but also to organizational change. Changes in an organization should be planned in order to minimize the risk of negative effects on quality of product and/or service.

Comply 5.5 Responsibility, Authority and Communication Checklist Y N

N/A

5.5.1 Responsibility and Authority Has top management ensured that responsibilities and authorities are defined and communicated within the organization?

Page 26 of 62

Guidance 5.5.1 Responsibility & Authority There can be no effective way of working if employees do not know their responsibilities. Everyone should know what they are expected to do (responsibilities) and what they are allowed to do (authorities). They should know their role (position) in the organization and how this relates to other roles (positions). Others in the organization should be aware of this if they deal with these employees. Descriptions do not have to be elaborate or complex. It is important that descriptions clearly reflect the “real life” situation and allow for flexibility. One method of identifying responsibilities and authorities is to have a job description, supplemented by a simple organization chart. Another example method is to define authorities, responsibilities and roles/interrelations in procedures or training documents.


N/A

5.5.2 Management Representative Has top management appointed a member of management who, irrespective of other responsibilities, has the responsibility and authority that includes; a) ensuring that processes needed for the quality management system are

established, implemented and maintained? b) reporting to top management on the performance of the quality management

system and any need for improvement? c) ensuring the promotion of awareness of customer requirements throughout

the organization?

Guidance 5.5.2 Management Representative Someone with management authority should act as the organization’s management representative for quality or “quality manager”. This person must have the necessary authority within the organization to ensure that the quality management system is working. ISO 9001:2000 specifically requires this person to be a member of management within the organization. People from outside the organization (for example, consultants) cannot be the management representative unless they have a management position within the organization. Obviously, the management representative can have other responsibilities as well. The authority of the management responsibility must include at least the duties as described in paragraph 5.5.2.

Page 27 of 62

It is important to note that it is not the role of the management representative to “run" the quality system. A quality system can only be effective if it is carried by all personnel in the organization, especially top management. The management representative has a supportive role: ensuring that the necessary data is collected, reporting to and advising top management.


N/A

5.5.3 Internal Communication Has top management ensured that appropriate communication processes are established within the organization and that communication takes place regarding the effectiveness of the quality management system?

Guidance 5.5.3 Internal Communication In order to establish an effective quality management system, it is not only necessary that employees know their roles/interrelations, responsibilities, and authorities, but there should also be established ways of communication between people within the organization. Management should ensure that people have the information necessary in order to be able to do their work, and ensure that quality requirements, objectives, and achievements are communicated to all relevant personnel. Tools for communication may include: - team briefings; - visual management activities; - notice boards; - audio-visual and electronic media.

Page 28 of 62

Comply 5.6 Management Review Checklist Y N

N/A

5.6.1 General

Has top management reviewed the organization’s quality management system, at planned intervals, to ensure its continuing suitability, adequacy and effectiveness? Do these reviews include assessing opportunities for improvement and the need for changes to the quality management system, including the quality policy and quality objectives. Are records from management reviews maintained? (see 4.2.4).

5.6.2 Review Input

Does the input from the management review include information on: a) results of audits?

b) customer feedback?

c) process performance and product conformity?

d) status of preventative and corrective actions?

e) follow-up actions from previous management reviews?

f) changes that could affect the quality management system?

g) recommendations for improvement?

5.6.3 Review Output

Does the output from the management review include any decisions and actions related to: a) improvement of the effectiveness of the quality management system and its

processes?

b) improvement of product related to customer requirements?

c) resource needs?

Guidance 5.6 Management Review The complete quality management system should be reviewed by top management on a regular basis. Management decides the frequency, but it should be frequent enough to ensure the effectiveness of the system (usually once or more per year). Management reviews make quality management systems dynamic. Without these reviews, a system may become ineffective over time. Organizations change, customers/markets change, and people change. These changes require modifications in the quality management system. Regular management reviews ensure that the quality management system is still suitable, adequate, and effective in a changed environment.

In order to be effective, management reviews should be well prepared. This allows top management to assess the effectiveness of the quality management system based on

Page 29 of 62

the quality policy and the quality objectives, and to define the opportunities for improvement and the need for changes.

The results of management reviews should be in the form of specific actions, ensuring that improvements are made in products, processes, and the management system, and that resource needs are identified. The results of management reviews should be recorded in some way; perhaps in minutes, checklists, or to-do lists. A management review does not necessarily have to be conducted in one meeting (i.e. once per year). A series of meetings can be held, each covering a part of the quality management system, or a part of the organization. 6 RESOURCE MANAGEMENT CHECKLIST

Comply 6.1 Provision of Resources Y N

N/A

Has the organization determined and provided the resources needed: a) to implement and maintain the quality management system and continually improve its effectiveness? b) to enhance customer satisfaction by meeting customer requirements?

Guidance This section of ISO 9001:2000 covers the specific requirements for management of resources. These resources include human resources, facilities and work environment. Sufficient resources must be allocated for implementing, maintaining and improving the quality management system, as well as for enhancing customer satisfaction and meeting customer requirements.

Comply 6.2 Human Resources Checklist Y N

N/A

6.2.1 General Are personnel performing work affecting product quality competent on the basis of appropriate education, training, skills and experience?

Guidance 6.2.1 Human Resources Every person working in an organization must be qualified to do his/her job. This means that qualification criteria should be established based on education, experience, and training.

Page 30 of 62

Comply 6.2 Human Resources Checklist (cont’d) Y N

N/A

6.2.2 Competence, Awareness and Training Has the organization:

a) determined the necessary competence for personnel performing work

affecting product quality?

b) provided training or taken other actions to satisfy these needs? c) evaluated the effectiveness of the actions taken? d) ensured that its personnel are aware of the relevance and importance of their activities and how they contribute to the achievement of the quality objectives? e) maintained appropriate records of education, training, skills and experience?

(see 4.2.4)

Guidance 6.2.2 Competence, Awareness and Training Employees need to be aware of the relevance and importance of their activities and how they contribute to the achievement of the quality objectives. In order for an organization to have qualified/competent people, it should consider the following steps: - Determine the competency and training needs. The competency and training of the

people in an organization needs to be reviewed regularly relative to the needed (required) competence and training. This should not only be done for new employees, but also for existing employees. There should be a mechanism for identifying needs on a regular basis. One way this can be done is by means of performance evaluations.

- Provide training to address identified needs. Once the need for training is established, the training should actually be provided.

- Evaluate the effectiveness of training. Training is never a goal in itself. On a regular basis, companies should ask: was the training effective in accomplishing its goals?

Comply 6.3 Infrastructure Checklist Y N

N/A

Has the organization determined, provided and maintained the infrastructure needed to achieve conformity to product requirements? Infrastructure includes, as applicable: a) buildings, workspace and associated utilities; b) process equipment (both hardware and software); and c) supporting services (such as transport or communication).

Page 31 of 62

Guidance

6.3 Infrastructure Failure of equipment (such as welding equipment in a machine shop), lack of facilities (such as shortage of shelf space at a distributor), or lack of repair/maintenance capability can have serious effects on the quality of product and/or service. It is therefore essential that infrastructure is identified and controlled.

The focus should be on the infrastructure that is most important for the type of organization. For example, a manufacturer of chemical products should probably focus on equipment and maintenance, while a law firm will put more emphasis on workspace and associated facilities. Similarly, if an organization has equipment that can easily be replaced without affecting quality of product and/or service, maintenance activities can be relatively simple and limited. More complex equipment that is difficult to replace should have a more extensive maintenance program.

Comply 6.4 Work Environment Checklist Y N

N/A

Has the organization determined and managed the work environment needed to achieve conformity to product requirements?

Guidance 6.4 Work Environment Resources are not complete if the work environment is not considered. Working conditions can influence the quality of product and/or service, and should therefore be controlled. It is up to individual organizations to define these conditions, to be aware of and be in compliance with regulatory requirements. Participation of those who are actually affected by the work environment may be beneficial when defining the work environment. This element needs more emphasis in industries where work environment can have a high impact on quality (for example, foundries and certain chemical manufacturers).

Page 32 of 62

7 PRODUCT REALIZATION CHECKLIST Comply 7.1 Planning of Product Realization Y N

N/A

Has the organization planned and developed the processes needed for product realization? Is planning of product realization consistent with the requirements of the other processes of the quality management system? (see 4.1) In planning product realization, has the organization determined the following, as appropriate: a) quality objectives and requirements for the product? b) the need to establish processes, documents and provide resources specific

to the product? c) require verification, validation, monitoring, inspection and test activities

specific to the product and the criteria for product acceptance? d) records needed to provide evidence that the realization processes and

resulting product meet requirements? (see 4.2.4) Is the output of this planning in a form suitable for the organization’s method of operations.

Guidance

This requirement is about controlling operations. An organization needs to ensure that all activities take place under controlled conditions. In other words: operations must be organized in such a way that the customers are provided with the products or services that they want. Most organizations already have their operations well organized. The best indicator for this is the fact that most of their customers are satisfied with the product they get. However, the key word here is consistency. Controlled conditions imply that an organization is consistently providing products that meet customers’ expectations. Therefore, activities need to be documented. However, it is important to realize that it is not necessary to document all activities. It is only important to document an activity if the absence of such a procedure would adversely affect quality. It is useless to create a procedure for a chef that explains how to cook, for a surgeon that explains how to operate, or for a truck driver that explains how to drive. If there is a problem in this area, it is probably better to consider training. Rather, documented procedures should focus on those activities that require coordination and communication, or that are dependent on critical data and information. For example: a procedure may describe the sequence of certain operations, or may include acceptance criteria and tolerances.

While a lack of documented procedures may result in inconsistencies and misunderstandings, it is important to consider that too many procedures will not be effective either. Over-documentation can easily result in unnecessary bureaucracy or inflexibility. The number and type of procedures should be dependent on the size and complexity of the organization. A small distributor with only a few employees will likely have very simple and straightforward documentation, while a large nuclear plant may

Page 33 of 62

need very sophisticated procedures in order to keep their operations under control. Organizations need to identify the activities for which instructions are necessary and then document them.

A word about flexibility: it is not the existence of procedures that will make an organization inflexible. Rather, it is the content of the procedures that will create either flexibility or inflexibility.

Procedures can take many forms: work instructions, operator instructions, specifications, flow charts, checklists, or even pictures or videos. Each organization needs to determine which format(s) will meet its needs best. In any case, a procedure and its format should be practical and easy to understand by the people who use it. Before creating any new procedures, it is always a good idea to consider the documentation that is already in place. This documentation may go a long way in meeting the requirements of ISO 9001:2000.

Comply 7.2 Customer-Related Processes Checklist Y N

N/A

7.2.1 Determination of Requirements Related to the Product Has the organization determined: a) requirements specified by the customer, including the requirements for

delivery and post-delivery activities? b) requirements not stated by the customer but necessary for specified or

intended use, where known? c) statutory and regulatory requirements related to the product? d) any additional requirements determined by the organization?

Guidance 7.2 Customer Related Processes 7.2.1 Determination of Requirements Related to the Product In order to be able to provide a product that meets customers’ expectations, it is necessary to know exactly what are the requirements for the product. For each product, an organization needs to consider: - the requirements that are specified by the customer. For example, a car

manufacturer will need to know exactly the type, model, colour, required delivery time, etc. This includes requirements after delivery of product is complete, such as servicing of products or warranty activities.

- the requirements not specified by the customer. For example, a car manufacturer will need to use special coatings and coating techniques in order to prevent rust.

- statutory and regulatory requirements. For example: A car manufacturer must comply with numerous requirements that are imposed by regulatory bodies, such as safety requirements.

Page 34 of 62

- other requirements determined by the organization. For example, a car manufacturer that wishes to focus on customers with high incomes will define specific requirements for the design of cars: size, model, power and speed.

Comply 7.2 Customer-Related Processes Checklist (cont’d) Y N

N/A

7.2.2 Review of Requirements Related to the Product Has the organization reviewed the requirements related to the product? Is this review conducted prior to the organization’s commitment to supply a product to the customer (e.g. submission of tenders, acceptance or contracts of orders, acceptance of changes to contracts or orders) and does it ensure that: a) product requirements are defined? b) contract or order requirements differing from those previously expressed are

resolved? c) the organization has the ability to meet the defined requirements? Are records of the results of the review and actions arising from the review being maintained? (see 4.2.4) Where the customer provides no documented statement of requirement, are the customer requirements confirmed by the organization before acceptance? Where product requirements are changed, does the organization ensure that relevant documents are amended and that relevant personnel are made aware of the changed requirements?

Guidance 7.2.2 Review of Requirements Related to the Product The intent of this requirement is that organizations ensure that they understand and can meet customer requirements before promising the customer that the product or service can be provided. In order to avoid misunderstandings about what exactly the customer ordered, it is necessary to review the customer’s request or order. A request for quotation that is received from a customer needs to be reviewed before a quote is submitted. An organization must determine if: - the information from the customer is clear and specific; - it has the capability to provide the requested product.

Page 35 of 62

Once a quotation is provided to the customer and the customer places an order (accepting the quotation), the order and the quotation must be compared to determine if there are any differences between them. Any differences need to be resolved with the customer. If the customer places an order without having been previously quoted, this order needs to be reviewed before it is accepted. An organization must determine if: - the order is clear and specific; - it has the capability to provide the requested product. ISO 9001:2000 requires that organizations maintain records of these reviews. The record of the review can be as simple as a notation on the request for quotation or the order with the initials of the reviewer and the date. If the request for quotation or order is not accepted (for whatever reason) or needs clarification, follow-up actions must also be recorded. For verbal orders (for example by telephone) it is important to confirm the order before acceptance. This can be done, for example, by reading it back to the customer, asking for confirmation. In general, verbal and electronic orders need some special considerations to record the order. For example, the details of a telephone order may be recorded on a pad, and an electronic order may be recorded by printing it or saving it in the computer. It is possible that an existing order needs to be changed. If this is the case, it should be clear how this change is to be handled. Most organizations handle these changes in the same way as a new order. It is also important that these changes are communicated to all individuals who are affected by them. Typically, the purchasing department, the scheduling department, and the production department are affected, and should therefore be informed.

Comply 7.2 Customer-Related Processes Checklist Y N

N/A

7.2.3 Customer Communication Has the organization determined and implemented effective arrangements for communicating with customers in relation to a) product information? b) enquiries, contracts or order handling, including amendments? c) customer feedback, including customer complaints?

Guidance 7.2.3 Customer Communication The satisfaction of customers does not only depend on the quality of final product, but also on the communication between the organization and the customers. Poor communication, even if acceptable product is provided, can result in dissatisfied customers. Therefore, it should be clear who has the responsibility and authority to

Page 36 of 62

communicate with the customers. It is important that the following questions are answered:

- Who provides product information to the customer, and how is it provided? How does the organization ensure that this product information is correct and timely?

- Who is responsible for handling requests for quotations and customers’ orders? - By whom and how is customer feedback received and handled? This includes both

planned feedback (for example, as a result of customer surveys), and unplanned feedback (for example, customer complaints).

By considering these issues, an organization can ensure that both internal operations and communication with the customer are controlled.

Comply 7.3 Design and Development Checklist Y N

N/A

7.3.1 Design and Development Planning

Has the organization planned and controlled the design and development of product?

During the design and development planning, has the organization determined:

a) the design and development stages?

b) the review, verification and validation that are appropriate to each design and development stage?

c) the responsibilities and authorities for design and development?

Does the organization manage the interfaces between different groups involved in design and development to ensure effective communication and clear assignment of responsibility?

Is planning output updated, as appropriate, as the design and development progresses?

Guidance 7.3.1 Design & Development It is as important for design and development activities to be controlled as it is for operations to be controlled. Design and development activities can be complex and it is not always easy to keep the timelines under control. While it is in no way the intent of this requirement to restrict the creativity of the designer, it is very important to ensure that the design and development process is controlled. Like any other operation, the type and extent of the design control should be dependent on the complexity of the design, and the number of people involved. In some cases, design and development plans can be as simple as a short flow-chart or checklist. In more complex designs, more sophisticated planning techniques are necessary.

Page 37 of 62

The first step is to create a clear design and development plan. This plan should identify responsibilities/authorities and specific timelines. It should describe which groups or individuals are involved (for example: customers, subcontractors, regulatory bodies, etc.) and how. It should also clearly identify the stages of the design process, including any checks and/or verifications for each stage. It is not uncommon for conditions to change during the design and development process. A design and development plan only has value if it is being updated when these changes occur.

Comply 7.3 Design and Development Checklist (cont’d) Y N

N/A

7.3.2 Design and Development Inputs Have inputs related to product requirements been determined and records maintained? (see 4.2.4) Do these inputs shall include: a) functional and performance requirements? b) applicable statutory and regulatory requirements? c) where applicable, information derived from previous similar designs? d) other requirements essential for design and development? Are these inputs reviewed for adequacy? Are requirements complete, unambiguous and not in conflict with each other?

Guidance 7.3.2 Design and Development Inputs In every design and development process, simple or complex, it is crucial to know what is required. The design and development input is defined by all requirements that the design must meet in order to be successful. In other words, it should be clear how the final product is going to look and which conditions must be fulfilled. For example: - A chef will need to consider the characteristics of the meal that he/she is going to

design: type of meal, taste, type of ingredients, size, etc. - Before designing a prosthesis for a patient, a dentist will need to gather information

about the patient and assess his/her preferences. - A designer of customized oil field equipment will need to have detailed information

about application, dimensions, materials, tolerances, etc.

Page 38 of 62


N/A

7.3.3 Design and Development Outputs Are the outputs of design and development provided in a form that enables verification against the design and development input and approved prior to release? Do design and development outputs ; a) meet the input requirements for design and development? b) provide appropriate information for purchasing, production and for service

provision? c) contain or reference product acceptance criteria? d) specify the characteristics of the product that are essential for its safe and

proper use?

Guidance 7.3.3 Design and Development Outputs The design and development output is the result of the design and development process. The output is a clear description of the product, containing detailed information for production. For example, based on the customer’s requirements (design input), the chef will be able to clearly and specifically describe the process of preparing the meal, including the type and quantity of ingredients. In this example, the design output is documented on a recipe. Other examples of design and development outputs are: - an engineering design that is generally in the form of drawings and calculations; - a fashion design that is in the form of sketches with specification relating to the fabric

to be used; - a graphics art design that is in the form of a particular layout to be used in a

publication. The format of the design and development output is obviously dependent on the type of organization. The design and development plan should describe what form output should be in. Whatever the format, it is essential that the output meet the input requirements, that it contains clear criteria for acceptance or rejection, and that it clearly defines the characteristics of the product.

Page 39 of 62


N/A

7.3.4 Design and Development Review At suitable stages, are systematic reviews of design and development performed in accordance with planned arrangements (see 7.3.1) a) to evaluate the ability of the results of design and development to meet

requirements? b) to identify any problems and propose necessary actions? Do participants in such reviews include representatives of functions concerned with the design and development stage(s) being reviewed? Are records of the results of the reviews and any necessary actions maintained? (see 4.2.4).

Guidance 7.3.4 Design and Development Review Design and development review is a check to determine if the design and development activities are on track. More specifically, organizations need to verify if design is adequate in meeting the customer’s and other requirements (design and development input). For simple designs it may be sufficient to have only one design review at the very end of the design process. However, performing only one design review may be very risky for more complex designs. If there are any problems identified as a result of the design review, it may be very costly and in some cases too late to go back and redo some of the design activities in order to correct the problems. The results of the design reviews, including any problems that are identified and their solutions, must be recorded. This may be as simple as noting on the plan that the review has been carried out, as well as any follow-up actions, signed off by the reviewer and dated. However, more complex designs may be reviewed in a formal meeting, and the minutes of this meeting would constitute the design review record. Thorough design reviews can prevent problems in a later stage. Therefore, all relevant parties should be involved. This may include internal departments, as well as customers and subcontractors.


N/A

7.3.5 Design and Development Verification Is verification performed in accordance with planned arrangements (see 7.3.1) to ensure that the design and development outputs have met the design and development input requirements? Are records of the results of the verification and any necessary actions maintained? (see 4.2.4)

Page 40 of 62

Guidance 7.3.5 Design and Development Verification Design and development verification is the formal check that is done at the end of the design and development process to see if the results meet the original requirements. For example: does the drawing meet the customer’s, regulatory, and other requirements? Does the recipe meet the customer’s expectations? If the design and development output is approved, the organization will go ahead with manufacturing the product or providing the service based on the design. Therefore, it should be clear (for example in the design plan) who is authorized to perform the design and development verification, how the verification is done, and where it is recorded.


N/A

7.3.6 Design and Development Validation Are design and development validations performed in accordance with planned arrangements (see 7.3.1) to ensure that the resulting product is capable of meeting the requirements for the specified application or intended use, where known? Wherever practicable, are validations completed prior to the delivery or implementation of the product? Are records of the results of validation and any necessary actions maintained? (see 4.2.4).

Guidance 7.3.6 Design and Development Validation After the design and development verification is completed, the actual product (or service) is produced/created. Design validation is checking that the actual physical product meets the original input requirements. This is the final stage of the design and development process and is a valuable opportunity to prevent serious financial loss. Design and development validation should be performed before delivery of the product to the customer so that any problems can be corrected. Sometimes it is impractical to perform design and development validation before delivery of the product to the customer. For example, certain types of oilfield equipment or medical prostheses. With these sorts of products, the organization should perform checks of the parts of the final product. In other cases, performing design and development validation before introducing the new product is required by law, for example, in the case of introducing a new medicine. If the design and development output is, in itself, the actual product, then design and development verification and validation are one and the same activity. This may be the case, for example, for an engineering firm.

Page 41 of 62

ISO 9001:2000 requires that the results of design and development validation activities be recorded, including follow-up actions where applicable.


N/A

7.3.7 Control of Design and Development Changes Are design and development changes identified and records maintained? Are the changes reviewed, verified and validated, as appropriate, and approved before implementation? Do the review of design and development changes include evaluation of the effect of the changes on constituent parts and product already delivered? Are records of the results of the review of changes and any necessary actions maintained?

Guidance

7.3.7 Control of Design and Development Changes

Stable designs are very rare. Most designs are subject to frequent changes sometimes before the design process is finished. It is as important to control these changes as it is to control the original design and development process. It should be clear how these changes are handled and what effects they have on the product. Most organizations choose to handle any changes to designs similar to the way new designs are handled.

7.4 PURCHASING CHECKLIST Functions / Departments

Comply 7.4.1 Purchasing Process Y N

N/A

Does the organization ensure that purchased product conforms to specified purchase requirements? Is the type and extent of control applied to the supplier and the purchased product dependent upon the effect of the purchased product on subsequent product realization or the final product? Does the organization evaluate and select suppliers based on their ability to supply product in accordance with the organization’s requirements? Is criteria for selection, evaluation and re-evaluation established. Are records of the results of evaluations and any necessary actions arising from the evaluation maintained? (see 4.2.4)

Guidance 7.4.1 Purchasing Process An organization can do an excellent job of controlling its own activities, but if suppliers are not performing satisfactorily, the organization and its customers may be negatively affected. It is crucial that suppliers are controlled, especially if they are particularly important for the operation of an organization.

Page 42 of 62

This requirement of ISO 9001:2000 is related to ensuring that organizations get good products from their suppliers. Obviously not all suppliers are equally important. The standard requires more energy to be spent on those suppliers that have the most impact on the quality of product. For example, steel pipe manufacturers will need to put emphasis on the control of the supplier of steel rather than on the supplier of spare parts (such as bearings) for their machinery. On the other hand, a distributor of bearings will need to ensure that the supplier of bearings provides good product and on time. - Organizations need to identify which materials and services that they buy can affect

the quality of their products. Then they need to establish criteria for the selection of suppliers that can provide these materials and services

7.4 PURCHASING CHECKLIST (cont’d) Functions / Departments

Comply 7.4.2 Purchasing Information Y N

N/A

Does purchasing information describe the product to be purchased, including where appropriate: a) requirements for approval of product, procedures, processes and

equipment? b) requirements for qualification of personnel? c) quality management system requirements? Does the organization ensure the adequacy of specified purchase requirements prior to their communication to the supplier?

Guidance 7.4.2 Purchasing information While it is important that organizations are clear in ordering what they want, it is equally important not to give unnecessary details in purchase orders. Purchase orders that are too detailed can lead to confusion, and should therefore be avoided. Rather than describing all the details of a product, it is often much better to limit the purchase order to simply mentioning the catalogue number (as long as this is a unique number and the supplier has the correct catalogue). It is acceptable to give verbal instructions to a supplier, although this makes for ordering complex products or services very difficult (for example, the services of an engineering firm). In all cases, it is the intent of this requirement to avoid misunderstandings between supplier and receiver. If an organization chooses to place a verbal order with a supplier, it will need to keep a record of what was ordered. This enables the organization to verify that it is actually getting what was asked for.

Page 43 of 62

Lastly, ISO 9001:2000 requires that the purchasing documentation contains the correct information before issuing it to a supplier. This verification can possibly be done by the purchasing manager or by the purchasing agent.

7.4 PURCHASING CHECKLIST (cont’d) Functions / Departments

Comply 7.4.3 Verification of Purchased Product

Y N N/A

Has the organization established and implemented the inspection or other activities necessary for ensuring that purchased product meets specified purchase requirements.

Where the organization or its customer intends to perform verification at the supplier’s premises, does the organization state the intended verification arrangements and method of product release in the purchasing information?

Guidance 7.4.3 Verification of Purchased Product An organization needs to ensure that the product or service from the supplier meets its requirements. In most cases, this means that organizations verify the adequacy of the product or service upon receipt. Sometimes, however, an organization chooses to visit the supplier and perform this verification on their premises. It is important to realize that ISO 9001:2000 does not require that all received product is verified in all cases. For example, it does not make sense to do a 100% inspection on all shipments of bolts, especially if these bolts hardly affect the quality of products and if the supplier has proven to have had a good history. The type and extent of the verification of purchased product (or service) should depend on: - the type of product or service that is being ordered; - the history of the supplier; - the characteristics of the supplier (for example: does it have a quality system in

place?) If an organization or its customers want to verify purchased product on the premises of the supplier, then the organization needs to clearly indicate in the purchasing documentation: - what is going to be verified; - how it is going to be verified.

Page 44 of 62

Comply 7.5 Production and Service Provision Checklist Y N

N/A

7.5.1 Control of Production and Service Provision Does the organization plan and carry out production and service provision under controlled conditions. Do controlled conditions include, as applicable a) the availability of information that describes the characteristics of the

product? b) the availability of work instructions, as necessary? c) the use of suitable equipment? d) the availability and use of monitoring and measuring devices? e) the implementation of monitoring and measurement? f) the implementation of release, delivery and post-delivery activities?

Guidance 7.5 Product & Service Provision

Section 7.1 states that operations need to be controlled in order to be able to provide acceptable product to customers. Some specific control mechanisms for organizations are required, specifically: 7.5.1 Control of Production and Service Provision

- The availability of information that specifies the characteristics of the products For example, in a foundry the exact specifications to which the metal needs to be manufactured will be needed; in a travel agency specific flight information, airport information and conditions for cancellation or change will be needed.

- The availability of work instructions. These instructions only need to be documented where the absence of such instructions could adversely affect the quality of the product (see 7.1).

- The use of suitable equipment for production and service operations. Ovens are crucial pieces of equipment for foundries to have; computer systems with on-line connection to airlines are probably equally important in travel agencies.

- The availability and use of monitoring and measuring devices and the implementation of monitoring activities- see 7.6. – Control of Monitoring & Measuring Devices

- The implementation of release, delivery, and post-delivery activities. It should be clear how product is released and delivered to the customer. For example, delivery can be done by the organization itself or by a subcontractor. Or, the customer can pick up the product. In some cases there is a (written or verbal) requirement for the organization to perform additional activities after the delivery of the product to the customer. Examples

Page 45 of 62

of these activities are warranties, software support, and after-installation services. If there is a requirement to perform these servicing activities, then it should be clear how these activities are performed, and there should be procedures in place for critical activities.

Comply 7.5 Production and Service Provision Checklist (cont’d) Y N

N/A

7.5.2 Validation of Processes for Production and Service Provision Does the organization validate any processes for production and service provision where the resulting output cannot be verified by subsequent monitoring or measurement? This includes any process where deficiencies become apparent only after the product is in use or the service has been delivered. Does validation demonstrate the ability of these processes to achieve planned results? Has the organization established arrangements for these processes including, as applicable: a) defined criteria for review and approval of the processes? b) approval of equipment and qualification of personnel? c) use of specific methods and procedures? d) requirements for records? (see 4.2.4) e) revalidation?

Guidance 7.5.2 Validation of Processes for Production and Service Provision Verification/inspection of products before they are provided to the customer is a valuable opportunity to prevent delivery of product that does not meet customers’ requirements. However, sometimes it is not possible to fully verify the quality of the product without using or destroying it. For example, it is not possible to fully verify the strength of a weld unless a destructive test is performed or the product is actually used. Similarly, for many service industries, the service provided is instantaneous, which does not readily allow verification before delivery of that service. For example, a lawyer who defends a client in court is obviously not able to verify his services before delivery. Failure to represent the client correctly will only be detected when the judge rules. In these cases the activities can only be controlled (validated) with the use of qualified personnel, qualified equipment, and qualified processes based on specific procedures. A process can be qualified, for example, by doing a destructive test on a sample of the products. The results of this destructive test can then represent other products with the same characteristics. ISO 9001:2000 requires that records be maintained for activities that require validation.

Page 46 of 62

It should be noted that validation is only necessary if there is a risk of providing product that does not meet customers’ requirements. For example, esthetic welding may not have to be validated if it does not affect the quality of the product.


N/A

7.5.3 Identification and Traceability Where appropriate, has the organization identified the product by suitable means throughout product realization? Has the organization identified the product status with respect to monitoring and measurement requirements? Where traceability is a requirement, has the organization controled and recorded the unique identification of the product? (see 4.2.4)

Guidance 7.5.3 Identification and Traceability Activities can only be controlled if it is clear what the status of the product is. Clear identification of the product can avoid misunderstandings about what has happened to it and what still needs to happen. For example, product in the receiving area of a manufacturing plant should be clearly marked as to whether a receiving inspection has taken place. If a receiving inspection has taken place, it should be clear what the result of this inspection was (pass or fail). Similarly, material that is used in a machine shop should be identifiable as to which specific job it belongs, and in which stage of production it is. In the service industry, this requirement may have similar importance. For example, a courier service cannot function without clear identification on the packages as to which services are required (delivery time, registration, etc.), and a warehouse/distributor will need to have some way of identifying the product in stock. There are several ways of identifying products. The most obvious is using tags or stickers with part numbers, bar codes, job numbers, etc. The identification may be engraved in the product itself, or the product may simply be marked by a colour. Sometimes it is more practical to identify a product by its location. For example, deficient product may be identified as nonconforming by segregating it and placing it in a specific area that is marked “nonconforming product”. In all cases ISO 9001:2000 requires that it is clear if the product has been verified/inspected and that the results of the inspection are also clear. Sometimes traceability is a requirement (and even regulated). For example, in pressure vessel manufacturing, it is common for the identification of a given material to be recorded and traced through all manufacturing stages. In this way, the final components can be traced back to the original material certificate. If traceability is

Page 47 of 62

required, ISO 9001:2000 states that the material be uniquely identified and that records are maintained that show evidence of traceability.


N/A

7.5.4 Customer Property Has the organization exercised care with customer property while it is under the organization’s control or being used by the organization? Does the organization identify, verify, protect and safeguard customer property provided for use or incorporation into the product? If any customer property is lost, damaged or otherwise found to be unsuitable for use, is this reported to the customer and records maintained? (see 4.2.4).

Guidance 7.5.4 Customer property If there are any products, materials, or tools on an organization’s premises that are owned by a customer, workers must exercise care with this property. This means that they must ensure that the product is not lost or damaged. If it is lost or damaged, this needs to be recorded and the customer needs to be notified. Customer property should be identified and verified (for example, by performing a receiving inspection). Examples of customer property are: motor vehicles left for service or repair, clothing that a customer left at a laundry or customer-owned material in a warehouse.

Comply 7.5 Production and Service Provision Checklist Y N

N/A

7.5.5 Preservation of Product Does the organization preserve the conformity of product during internal processing and delivery to the intended destination? Does this preservation include identification, handling, packaging, storage and protection? Is preservation applied to the constituent parts of a product?

Guidance 7.5.5 Preservation of Product

Obviously it is as important that an organization handle its own product/material with care, as it is to protect customer’s property. Some common examples of where special handling techniques are required are:

- Metals handling where stainless steel can have corrosion resistance impaired if the stainless steel is handled with ordinary steel grips or chains. Covering the grips, chains, and other handling tools with rubber, plastic, or similar materials is the usual practice.

Page 48 of 62

Most copper-based metals are susceptible to corrosion from finger marks. Where corrosion may affect performance, such as in printed circuit boards or decorative applications, gloves need to be worn to prevent such marking.

- Food handling where cleaning of utensils after use is very necessary, for health reasons.

- Electrical and electronic equipment where safe handling practices are required to avoid damage from electrostatic discharges. Similarly, packing or packaging needs to be done in such a way that it does not affect the product. Packaging should be appropriate to the product. For example, bulk grain may be packed by filling the carrying container, provided the container does not contaminate the product. On the other hand, the packaging of certain chemicals is regulated to ensure that they do not spill or contact with water. Also, unsuitable storage can deteriorate the condition of product. Product in stock must be protected, especially if the product has a limited shelf life. Checking the condition of product in stock regularly can do this.

Comply 7.6 Control of Monitoring & Measuring Devices Checklist Y N

N/A

Has the organization determined the monitoring and measurement to be undertaken and the monitoring and measuring devices needed to provide evidence of conformity of product to determined requirements? (see 7.2.1)

Has the organization established processes to ensure that monitoring and measurement can be carried out and are carried out in a manner that is consistent with the monitoring and measurement requirements?

Where necessary to ensure valid results, is measuring equipment : a) calibrated or verified at specified intervals, or prior to use, against

measurement standards traceable to international or national measurement standards; where no such standards exist, the basis used for calibration or verification shall be recorded?

b) adjusted or re-adjusted as necessary? c) identified to enable the calibration status to be determined? d) safeguarded from adjustments that would invalidate the measurement

result? e) protected from damage and deterioration during handling, maintenance

and storage/

In addition, does the organization assess and record the validity of the previous measuring results when the equipment is found not to conform to requirements? Does the organization take appropriate action on the equipment and any product affected? Are records of the results of calibration and verification maintained? (see 4.2.4).

When used in the monitoring and measurement of specified requirements, is the ability of computer software to satisfy the intended application confirmed? Is this undertaken prior to initial use and reconfirmed as necessary?

Page 49 of 62

Guidance 7.6 Control of Monitoring & Measuring Devices Verifications, inspections and tests are important ways to ensure that the product meets the customer’s expectations. This can be done by monitoring and measuring the characteristics of the product (see 8.2.4). For example, a pharmacist measures the exact amount and weight of the medicine before providing it to the customer. However, if his measuring device (an electronic scale) is measuring incorrectly, or if it is not accurate enough, then the measurement is useless. Therefore, this section of ISO 9001:2000 requires organizations to ensure that measurement devices are controlled so that they measure correctly. Examples of measurement and monitoring devices are: scales, gages, thermometers, micrometers, calipers, and thickness meters. They should be calibrated periodically. Calibration is the act of comparing the measurement device against a reference standard to determine how accurate it is and whether or not it is still capable of meeting the precision required for the measurement made with it. Where necessary, the measuring device needs to be adjusted. Organizations are free in determining the frequency of calibration, provided that the frequency is consistent with the type of measurement device and the intensity of use. For a reference standard to have validity, it must be traceable back to an appropriate recognized accurate source. This is normally a national or international standard (such as a meter or a kilogram). If an (inter)national standard does not exist, then the organization needs to define the reference standard on its own. It is important to determine how accurate the measurements need to be. This will depend upon how much tolerance is permissible in what is being measured. A measuring device usually has to be capable of measuring to a much closer tolerance than the tolerance specified for the item being measured. Also, there is no point in having measurement devices calibrated to unnecessarily high precision if that precision is not needed for the operation. A pharmacist typically needs high accuracy equipment, while the accuracy of a wire cutter used by a distributor is relatively low. The results of the calibrations need to be recorded. If the measuring device appears to be out of calibration, then it is necessary to look at the results of the measurements that were previously taken with this device. For example, if a scale is out of calibration, someone may need to re-inspect the product that was recently inspected with this device (provided the product has not yet been shipped to the customer). Organizations need to decide which corrective action is appropriate (see 8.5.2). It is important to protect a measuring device from damage or deterioration. This means that it must be suitably stored when not in use, and it must be correctly handled. Also,

Page 50 of 62

adjustments may invalidate the calibration; a possible prevention method is to ensure that only trained personnel is authorized to use the measuring device. Sometimes computer software is used in the process of monitoring and measurement of requirements. If this is the case, the software must be checked to verify that it performs the required functions. 8 MEASUREMENT, ANALYSIS AND IMPROVEMENT

Comply 8.1 General Checklist Y N

N/A

Has the organization planned and implemented the monitoring, measurement, analysis and improvement processes needed: a) to demonstrate conformity of the product? b) to ensure conformity of the quality management system? c) to continually improve the effectiveness of the quality management

system? Does this include determination of applicable methods, including statistical techniques, and the extent of their use?

Guidance The previous sections relate to organizing activities in such a way that customers’ expectations are consistently met. An organization that has met those requirements has the controls in place, but does not necessarily know if the controls are working. In order for an organization to improve, it needs to have information on where it stands today. How satisfied are the customers? Does the organization actually meet all requirements? Are activities (processes) effectively and efficiently organized? Does the product actually meet the expectations? And, what happens if the product does not meet the expectations? The answers to these questions are related to the requirements in this section. Improvement will result from analyzing this information and taking the necessary corrective and preventive action. The information that organizations need does not necessarily have to be sophisticated. Usually a few crucial pieces of information or a short summary can give enough information to determine if action is necessary. Organizations should define what is the crucial information that they need. The following paragraphs will help in doing this.

Page 51 of 62

8 MEASUREMENT, ANALYSIS AND IMPROVEMENT Comply 8.2 Monitoring and Measurement Checklist Y N

N/A

8.2.1 Customer Satisfaction As one of the measurements of the performance of the quality management system, does the organization monitor information relating to customer perception as to whether the organization has met customer requirements? Are the methods for obtaining and using this information determined?

Guidance 8.2.1 Customer Satisfaction Probably one of the most crucial categories of information is the satisfaction of customers. Since customers deteremine the future of organizations, it needs to be determined how satisfied they are. In order to do this, organizations need to know which issues are important for their customers and then define how they will measure whether the customers are satisfied with these issues. One way of getting information about how satisfied customers are is to monitor the customer complaints. However, it is important to realize that this will give a very limited picture. First, it is quite common that only a small portion of dissatisfied customers actually complain. Second, customer complaints do not give any information about the satisfied customers. Customer satisfaction can be objective and subjective. Examples of objective information are: • Did the customer receive the product before 5:00 PM, as required? • Was the shipment complete? Examples of subjective information include: • Is the customer satisfied with the way we answered his questions and concerns? • Is the customer satisfied with the performance of a product? (for example: a car) There are several ways of measuring customer satisfaction. Examples are: • Questionnaires and surveys. This is a relatively cost effective way of measuring

customer satisfaction, but the downside is that the response may be low. • Direct communication with customers. This is much more time consuming, but it

is an excellent way of getting to know the needs of customers, and the method itself can contribute to raising customer satisfaction.

• Reports of consumer organizations. This information gives a good overview, but is not always available and seldom gives information about individual customers.

Page 52 of 62

Comply 8.2.2 Internal Audit Checklist

Y N N/A

Has the organization conducted internal audits at planned intervals to determine whether the quality management system: a) conforms to the planned arrangements (see 7.1), to the requirements of

this International Standard and to the quality management system requirements established by the organization?

b) is effectively implemented and maintained? Is an audit program planned, taking into consideration the status and importance of the processes and areas to be audited, as well as the results of previous audits? Are the audit criteria, scope, frequency and methods defined? Selection of auditors and conduct of audits shall ensure objectivity and impartiality of the audit process. Have auditors audited their own work? Are the responsibilities and requirements for planning and conducting audits, and for reporting results and maintaining records (see 4.2.4) defined in a documented procedure? Does the management responsible for the area being audited ensure that actions are taken without undue delay to eliminate detected nonconformities and their causes? Do follow-up activities include the verification of the actions taken and the reporting of verification results?

Guidance 8.2.2 Internal Audit A second source of information is a periodic self-assessment (internal audit). This allows an organization to determine the strengths and weaknesses of the quality system in place. It should become apparent whether or not the quality system meets the requirements of this standard and if the system has been effectively maintained. Each organization should appoint an internal auditor who is qualified (see 6.2.1). This individual should not be auditing his/her own work. The auditor should be objective and impartial of the audit process. The planning of audits needs preparation. Critical areas in the organization or departments that have been reorganized should be audited more frequently and/or more in-depth than other areas. Similarly, if there are indications of weaknesses in certain areas, for example customer complaints or previous audit findings, then these areas deserve more attention during internal audits. An auditor should look for evidence of compliance to the requirements. Are the activities done in the way they should be done? This is not an exercise in finding mistakes. Rather, it is gathering information about the system so that the organization

Page 53 of 62

knows its strengths and weaknesses and can therefore improve. Evidence of compliance can be collected, for example, by interviewing people, observing activities and looking at records and procedures. Organizations need to keep records of the results of internal audits. This can be done on a checklist or on a report. Either way, it should be clear which requirements have been audited and which areas were or were not in compliance with the requirements. These results then need to be reported to management so that timely corrective actions can be taken where necessary. ISO 9001:2000 requires that the responsibilities and requirements for conducting internal audits be documented in a procedure.

Comply 8.2.3 Monitoring & Measurement of Processes Checklist Y N N/A

Does the organization apply suitable methods for monitoring and, where applicable, measurement of the quality management system processes? Do these methods demonstrate the ability of the processes to achieve planned results? When planned results are not achieved, have correction and corrective action been taken, as appropriate, to ensure conformity of the product?

Guidance 8.2.3 Monitoring & Measurement of Processes The third source of information is related to measurement of processes (activities). Organizations need to determine how they are going to measure whether activities are being adequately carried out. Examples of measurements of activities are:

- Timeliness. A certain operation may typically take 15 minutes. How often is this operation being performed in 16 minutes or more?

- Efficiency. How much of a certain type of material is processed in one hour? How many people were involved in producing one batch?

- Reaction time. What was the reaction time of people to special internal or external requests/concerns (such as customer complaints)?

- Cost reduction. What was the reduction of costs related to not meeting the requirements? An example of these costs is premium freight: extra costs of high-speed delivery because of excessive production times.

Page 54 of 62

Comply 8.2.4 8.2.4 Monitoring and Measurement of Product Checklist Y N

N/A

Does the organization monitor and measure the characteristics of the product to verify that product requirements have been me? Is this carried out at appropriate stages of the product realization process in accordance with the planned arrangements? (see 7.1) Is evidence of conformity with the acceptance criteria maintained? Do records indicate the person(s) authorizing release of product? (see 4.2.4). Are methods in place to ensure that product release and service delivery shall not proceed until the planned arrangements (see 7.1) have been satisfactorily completed, unless otherwise approved by a relevant authority and, where applicable, by the customer?

Guidance 8.2.4 Monitoring and Measurement of Product A fourth source of information is based on measurements of the characteristics of the product (inspections and tests). This may be a verification of quantity, dimensions, weight, thickness, hardness, etc. Basically, it covers any activity that determines whether something is acceptable. Each individual organization needs to decide where these inspections and tests should be carried out. The general rule is that they should be performed at critical stages of processes. Typically, this is the case when a product is passed on to the next production stage or when there is a substantial risk of errors or deficiencies. A car manufacturer will want to perform several in-process inspections and inspections of parts because without these inspections a deficiency may not be detected later, or it may be very costly to correct it. Similarly, the types of inspections or tests performed should be dependent on the critical nature of the product or the process. In some cases, such as a distributor receiving bearings, an inspection may be as simple as checking the type and number of bearings received. Inspections of final products are always critical because there will not be opportunity to correct any deficiencies after this point (unless it is not possible to perform a full final inspection – see 7.5.5).

In performing inspection and testing, 100% of the product does not have to be tested. There are many products made where a sampling procedure is used and the batch passed or rejected on the basis of the sample. The subsequent detection of nonconforming product (see 8.3) does not mean that the sampling procedure is incorrect. However, a continuing and perhaps higher than expected level of nonconformances may suggest that the sampling plan or procedure needs investigating.

Page 55 of 62

Obviously, an inspection or test is only useful if the acceptance criteria are known. The result of the inspection or test is either a pass or a fail, based on these acceptance criteria. Preferably, acceptance criteria should be measurable (such as in dimensions or quantities), but they can also be subjective, for example criteria for visual inspections or taste tests. The results of inspections and tests need to be recorded. Examples of inspection records are checklists, pick tickets, job cards, or work orders. In any case, it is wise to use the records that are already in use by the organization as much as possible. For example, in small machine shops with only a few employees, it is common practice for machine operators to inspect their own work before passing it on to the next machining station. Consecutive operators sign a job card as it follows the work in progress. This is a good practice because the work of the next operator down the line is affected if the ‘incoming’ work is not correct. Also, the next operator can check the previous operator’s work. The record should clearly state who performed the inspection and what the result of the inspection was (pass/fail). If an inspection or test needs to be performed, then product should not proceed to the next activity or production stage until the inspection or test has been completed with positive results. A product can only be released without inspection or test if there is an approval from the customer.

Comply 8.3 Control of Nonconforming Product Checklist Y N

N/A

Has the organization ensured that a product which does not conform to product requirements, is identified and controlled to prevent its unintended use or delivery? Are the controls and related responsibilities and authorities for dealing with nonconforming products defined in a documented procedure?

Does the organization deal with nonconforming products by one or more of the following ways? a) by taking action to eliminate the detected nonconformity; b) by authorizing its use, release or acceptance under concession by a

relevant authority and, where applicable, by the customer; c) by taking action to preclude its original intended use of application.

Are records of the nature of nonconformities and any subsequent actions taken, including concessions obtained, maintained? (see 4.2.4)

When nonconforming product is corrected is it subject to re-verification to demonstrate conformity to the requirements?

When nonconforming product is detected after delivery or use has started, Has the organization taken action appropriate to the effects, or potential effects, or the nonconformity?

Page 56 of 62

Guidance 8.3 Control of Nonconforming Product

It is important that inspections are carried out; it is equally important that people know what to do with the nonconforming (deficient) product if it fails the inspection. Most importantly, organizations should ensure that nonconforming products are not treated as conforming product and delivered to the customer. Control of nonconformity should be done by clearly identifying the product as nonconforming. Segregation in designated areas and marking of the product are the most obvious examples. Someone in each organization should have the authority to decide what to do with nonconforming product. The product may be corrected by repairing, reworking, or re-grading for alternative applications. If all other approaches fail, the product can be scrapped. Unless it is scrapped, the nonconforming product (after repair, rework, etc.) should be re-inspected. Sometimes it is an option to use nonconforming product and release it to the customer. This is only allowed with a concession (approval) from the customer and/or other parties. In the event that a nonconformance is detected after delivery, appropriate actions need to be taken. For example, if a catering company discovers that it has inadvertently used processed meat that was past its ‘use-by-date’ (shelf life), a number of actions might be required to fix the problem: - investigate to find out the extent of the problem; / segregate and quarantine the

product; - recall the product from retail outlets and customers; / involve regulatory authorities. For service industries, it may be difficult or impossible to physically identify or segregate nonconforming service. These organizations, however, are still required to ensure that the nonconforming service does not reach the customer, where possible, and to correct the problem. ISO 9001:2000 requires that a documented procedure describe how nonconforming products are controlled, as well as the related responsibilities and authorities

Page 57 of 62

Comply 8.4 Analysis of Data Checklist Y N

N/A

Has the organization determined, collected and analysed appropriate data to demonstrate the suitability and effectiveness of the quality management system and to evaluate where continual improvement of the effectiveness of the quality management system can be made? Does this include data generated as a result of monitoring and measurement and from other relevant sources?

Does the analysis of data provide information relating to a) customer satisfaction? (see 8.2.1); b) conformity to product requirements? (see 7.2.1); c) characteristics and trends of processes and products including

opportunities for preventive action? d) suppliers?

Guidance 8.4 Analysis of Data The sources of information listed above can provide organizations with valuable data, but this data is only valuable if it is analyzed. For example, the data may indicate that there was an increase in the number of nonconforming products in a certain period. However, it is only possible for an organization to take the necessary action (see 8.5) if it is provided with an analysis of this data. For example: What was the type of nonconforming product? What was the main cause of the nonconformances? Were there any circumstances that were different from previous periods? Is this problem confirmed by other sources of information, such as internal audits? The results of the analysis should enable organizations to answer the following questions: How satisfied are customers? Are customers’ requirements being met? Do processes and products meet the requirements? How do suppliers perform?

Comply 8.5 Improvement Checklist Y N

N/A

8.5.1 Continual Improvement Does the organization continually improve the effectiveness of the quality management system through the use of the quality policy, quality objectives, audit results, analysis of data, corrective- and preventative actions and management review?

Page 58 of 62

Guidance 8.5 Improvement Each organization should continually seek to improve, rather than wait for a problem to reveal opportunities for improvement. Potential improvements can range from short projects to long-term activities. Examples are: - Sitting down with the most important suppliers in order to increase the effectiveness

of the communication and to reduce nonconformances; - Making an action plan to reduce the reject from a certain type of machine; - Finding opportunities to reduce the delivery time. Continual improvement should be based on all relevant information available. Audit results and other data should be analyzed and compared with the policy and objectives so that corrective and preventive actions can be taken to ensure continual improvement. Management reviews should be used as tools for enhancing this improvement process.

Comply 8.5.2 Corrective Action Checklist Y N

N/A

Does the organization take action to eliminate the cause of nonconformities in order to prevent recurrence? Are corrective actions appropriate to the effects of the nonconformities encountered? Has a documented procedure been established to define requirements for a) reviewing nonconformities (including customer complaints)? b) determining the causes of nonconformities? c) evaluating the need for action to ensure that nonconformities do not recur? d) determining and implementing action needed? e) records of the results of action taken? (see 4.2.4) f) reviewing corrective action taken?

Guidance 8.5.2 Corrective Action Improvement does not happen without implementing changes. This requirement is related to ensuring that actions are identified, taken and verified for implementation/effectiveness. If a problem occurs, action needs to be taken to ensure that the problem is corrected and that it does not re-occur. This involves finding the cause of the problem, recording the results of the action taken and verifying that the action was effective. The intent of this requirement is to have a disciplined approach for making sure that actions happen and are effective.

Page 59 of 62

Comply 8.5.3 Preventive Action Checklist Y N

N/A

Has the organization determined action to eliminate the causes of potential nonconformities in order to prevent their occurrence? Are preventive actions appropriate to the effects of the potential problems? Has a documented procedure been established to define requirements for a) determining potential nonconformities and their causes? b) evaluating the need for action to prevent occurrence of nonconformities? c) determining and implementing action needed? d) records of results of action taken? (see 4.2.4) e) reviewing preventive action taken?

Guidance 8.5.3 Preventive Action It is better to prevent a problem than to correct a problem. Based on the information available to them, organizations must identify ways of preventing problems from occurring in the first place. Examples of preventive actions are: - purchasing additional tools or machinery, because of an expected increase in

activities or production; - checking computer systems to see if they are capable of handling information from a

new customer; - introducing a new identification system for nonconforming product, so that any

potential misunderstandings can be avoided. Preventive actions should be handled in the same way as corrective actions. There should be a disciplined approach for ensuring that they are implemented and effective.

- END -

Page 60 of 62

Section 6

PROFILE

COMPANY NAME: Quality Certification Bureau Inc. Head Office Contact Person: Julie Press Title: Vice President - Marketing Address: #103, Advanced Technology Centre

9650 – 20th Avenue Edmonton, Alberta, Canada T6N 1G1

Telephone: (780) 496-2463 Fax: (780) 496-2464 E-mail: [email protected] Web Site Address: www.qcbinc.com Date Incorporated: January 25, 1993 Company History: In 1992, the President of Quality Certification Bureau Inc. (QCB), Mr. Tim Purnell, identified a need in the registration market for a registrar of ISO 9000 Quality Management Systems to be based in Western Canada. At that time, the only access to registration services for Western Canadian companies was through Eastern Canada, the U.S. or Europe. The new registrar would need to be both customer service based and internationally recognized. To achieve these objectives, Quality Certification Bureau’s quality system and procedures were designed and written around customer needs. To satisfy international recognition, QCB acquired accreditation from the Dutch Council for Accreditation (RvA), one of the most internationally recognized accreditors of registrars. A Canadian owned and based company, QCB also achieved accreditation from the Standards Council of Canada. As QCB’s reputation as a service oriented organization grew, the client base expanded rapidly. Before long, QCB had opened sales offices in various parts of Canada and the US. Over the past nine years, expansions have continued and QCB is currently represented throughout the world. For a complete listing of QCB offices please refer to our web page www.qcbinc.com. Service Description: QCB provides third party audit and registration of ISO 9000, QS-9000 or equivalent Quality Management Systems and registration to the ISO 14001 based Environmental Management Systems standard. As an additional service to our clients, QCB offers training courses. We regularly participate in seminars relating to effective auditing and to the interpretation and application of the various standards.

Page 61 of 62

Accomplishments: QCB currently provides active services to over 1000 clients, which, in nine short years of business history is a significant accomplishment. These clients include some of the most recognizable names in Canadian and U.S. business. With head office in Edmonton, Alberta and fourteen sales offices worldwide, we are experiencing steady growth. We have expanded the types of business we are able to serve. Initially, registration was offered to a variety of manufacturing companies. QCB now registers many other types of organizations including legal, medical, engineering, architectural, consulting and inspection companies. QCB Auditing Philosophy: QCB's approach to registration is one of partnering with our clients. Our audit teams are tasked to assist clients in identifying opportunities for improvement that will be beneficial to their company. A registered quality system is a business tool. Our job is to ensure that the business tool is utilized in the most efficient and effective manner. While it is certainly true that we must audit for compliance to the requirements of the applicable standard and the company’s own quality system, our clients must also feel satisfied that the service we render and the partnership we form is of long term value. Summary: QCB has enjoyed rapid and diverse expansion during our nine-year history. To a large degree, we attribute this growth to our continuing commitment to provide our clients with superior service. We have also had the opportunity to contribute to the development of several of the international standards, giving us the ability to provide our clients with valuable insight regarding upcoming changes. The nature of our business allows us the pleasure of forming unique relationships with our clients. We pride ourselves on being flexible and responsive to clients’ needs, accommodating “special requests” as a regular part of our service. We have always maintained the strong position that we are a service company, first and foremost, and have tried to incorporate this philosophy into everything we do.

TO REQUEST A QUOTATION FOR REGISTRATION SERVICES

Three easy methods to contact QCB to request information or request a quotation

1. Visit our WEB site: www.qcbinc.com

2. Phone: 1-800-268-7321 (toll free in North America)

3. Email: [email protected]

A Client Service Representative will acknowledge your inquiry and prepare a quotation customized to your organizations’ needs. Please provide the following information when requesting a quotation for registration services:

oo Name of organization oo Contact Name oo Phone / fax / email / web site oo Address(s) of locations to be registered oo Standard to which registration is sought (ISO 9001:2000; ISO 9001:1994; QS9000 or ISO 14001)

oo Description of the organizations products / activities oo Scope of the quality management system (i.e.: the design, manufacture and sale of precision

metal widgets)

Page 62 of 62

We welcome feedback from all sources regarding our services or this publication. Should you have any comments for us, please forward them to the address noted below:

Quality Certification Bureau Inc. Attention: Tim Purnell, President

#103, 9650 20th Avenue Advanced Technology Building

Edmonton, Alberta, Canada, T6N 1G1 Email: [email protected] WEB: www.qcbinc.com