ISO 9001:2008 Section 4.2.3 Control of Documents (Software)
Documents required by the quality management system are controlled. Records required by the quality management system are controlled according to the requirements given in 4.2.4. A documented procedure is established to define the controls needed:
- to approve documents for adequacy prior to issue,
- to review and update as necessary and re-approve documents,
- to ensure that changes and the current revision status of documents are identified,
- to ensure that relevant versions of applicable documents are available at points of use,
- to ensure that documents remain legible and readily identifiable,
- to ensure that documents of external origin determined by the organization to be necessary for the planning and operation of the quality management system are identified and their distribution controlled, and
- to prevent the unintended use of obsolete documents, and to apply suitable identification to them if they are retained for any purpose.
A basis of the quality management system is the control of documents. Document control is an essential preventive measure ensuring that only approved, current documentation is used throughout the organization. Unintentional use of obsolete documents can have significant negative consequences on quality, costs and customer satisfaction.
“For those responsible for managing their organization’s quality system it is best to design a document control process that is simple to use, easy to monitor and effective to prevent the use of obsolete documentation.” There are many ways to comply with section 4.2.3 of the ISO 9001 standard, and nowhere in the standard does it say how, so it is completely up to the organization to decide which method they will use. Most common methods include hiring dedicated staff, detailed procedures and specialized quality management software programs.
ISO 9001: Where applicable, provide training or take other actions to achieve the necessary competence (Section 6.2.2 b and c)
It is up to the organization to determine the appropriate method to satisfy this quality management system requirement. This can be in the form of on-the-job, job shadowing, mentoring, public seminars, educational courses or any other suitable method.
Follow-up to ensure the competency was effective
Following the training, a suitable evaluation of the employee’s competency level should be completed. The standard requires the organization to:
Evaluate the effectiveness of the actions taken (ref. 6.2.2 c)
Again, the organization must determine the method that works best for their particular needs, ISO 9001 does not specify the how, just the what of the requirement. Verification of effectiveness could be as simple as repeating the competency rating process to ensure the gap has been closed. Other approaches might include:
- Special inspection of the employee’s work until the needed quality level is reached
- Written test following the training
- Formal certification process
- Supervisor follow-up 60 days (or so) following the training or intervention
- Formal performance review
ISO 9001: Determine the necessary competence for personnel performing work affecting conformity to product requirements (Section 6.2.2 a)
There are two excellent reasons to train employees to your quality management system and your processes:
• Every employee can have potential impacts on the QMS; and
• It is a requirement of ISO 9001:2008 and virtually any well functioning quality system
Each person and function within your facility plays a critical role in the quality management system. For this reason, your training program should cast a wide net. Every employee and manager should be aware of the quality policy; the significant impacts of their work activities, key quality roles and responsibilities, procedures that apply to their work, and the importance of conformance with ISO 9001 requirements. Employees should understand the potential consequences of not following the requirements of the QMS (such as poor product performance, reduced customer satisfaction, and loss of business).
All personnel should receive appropriate training and support to be competent at their work.
Training should be tailored to the different needs of various levels or functions in the facility. However, training is just one element of establishing competence, which is typically based on a combination of education, training, and experience. You should establish criteria to measure the competence of individuals performing tasks that can impact on the quality of your products.
Training is needed both in technical work and for general awareness on the part of all employees
To define requirements for each job position questions to ask:
- “What job-specific knowledge area(s) must be well understood by someone in this job?”
- “What manual, mental or interpersonal skills must an employee have to do this job well?”
- “What natural abilities or talents must someone possess to be effective in this job?”
The result from this exercise is a list of competencies for the job that can be used for hiring purposes and subsequent training and development plans. Once the list is prioritized to include only the most critical competencies, you will need to document them in some appropriate manner (job descriptions, training matrix, or other means).
AS9100 C Just Around the Corner, What’s New?
The increased requirements of AS9100, which builds on ISO 9001:2008 elements, will benefit both defense and non-defense customers since the standard focuses on critical areas important to all industries such as supply chain management and process control.
Much has happened in the last year relative to aerospace industry quality management system standards. It was with some anticipation that the latest revision of AS9100, Quality Management Systems—Requirements for Aviation Space and Defense Industries was released.
This latest edition of the standard was a two-fold revision by the International Aerospace Quality Group (IAQG). Not only was it revised to correspond to the root document, ISO 9001:2008, but it was also a significant update to the aerospace requirements of organizations that manufacture and supply products to the aviation, space and defense industries.
This revision of the standard was broadened to be more inclusive of all aspects of the customers and users of the products that concern the IAQG. It is also more detailed to ensure supply chain requirements for registering organizations are aligned with current industry practices.
A summary of some significant changes:
- 7.1.1 Project Management
New requirement for planning and managing product realization in a structured and controlled way. - 7.1.2 Risk Management
New requirement of implementation of a risk management process applicable to the projects & products; responsibility, criteria, mitigation & acceptance. - 7.1.3 Configuration Management
Moved from clause 4.3 to clause 7.1 and added details on the different activities to be covered. - 7.1.4 Control of Work Transfer
Moved from clause 7.5 (Production) to clause 7.1 to add emphasis on having a process for planning and control of transfer activities. - 5.2/8.2.1 Customer Focus/Satisfaction; Formal monitoring of Customer satisfaction data. Added the requirement to monitor data and to develop improvement plans that address deficiencies. The intent is to promote continuous improvement of the product and Customer satisfaction.
- First Article Inspection (FAI) moved to clause 7.5.1.1 and renamed.
Production process verification “FAI” is the requirement to validate the production process’s documentation and tooling and repeat the process when necessary (i.e. when engineering or manufacturing processes change). The requirement was moved from 8.2.4.2 (measurement) to 7.5.1.1 (production) because it is part of product realization and is not intended to be a follow-on activity. - ISO 9001 changes affect AS9100:2009.
The AS9100 standard has been updated to stay consistent with ISO 9001, which will continue to be the baseline. The changes being incorporated into ISO 9001 are considered an amendment and minor in nature.
AS9100 Revision “C” Key Changes
• 6 Additions
• 8 Revisions/Relocations
• 3 Deletions
What Are The Inputs and Outputs and Key Measurables Of A Process?
With ever business process that you put in place there are inherent inputs, outputs and key measurable that will help you determine whether or not you are meeting the objectives of the process. You will first need to determine the inputs of your processes, “What are the key aspects of the process that you would like to achieve?” For instance, in your supplier management process what will be your objective? Your objective should be to have approved suppliers. Now, what will you put in place to achieve your objective: Supplier approval criteria, Supplier Evaluation (inspection discrepancies) and Supplier Reevaluation. These will become the inputs to your supplier management process.
Once you have determined the inputs of your process you will next need to determine the outputs of the process. In the example noted above some possible outputs to the supplier management process would be an Approved Supplier Register, and Receiving Discrepancies. These will become the evidence of your approval process objectives.
Once you have determined the inputs and outputs of your process, you must now measure the process to see if it is accomplishing its intended purpose (Approved Suppliers based on the inputs and outputs you have set in place). Key measurable for a supplier management process may include Supplier Performance data reviewed in Management Review (Receiving Inspections), Evidence of the organizations certification to an international standard (A copy of a current ISO 9001 or AS9100 certificate), results from a supplier audit or survey , etc. You must determine how you will measure a supplier’s performance towards your requirements and then keep records to verify their effectiveness at meeting these requirements.
Quality Management Systems Software Advantage
With all of the software packages out there today, it is hard to believe that there are any companies who still design their quality systems on paper. I grew up on the manual paper version of a quality management system, back when there was a whole department dedicated to document control and everyone had a three ring binder full of documented procedures on their desk. So here we are today with ISO 9001:2008, AS 9100 C and various other international standards which do not require reams of paper to be compliant. When a company decides to implement a new quality management system, I don’t believe anyone sets out to create the quality system from hell, but all too often that is exactly what happens.
Why put yourself through all of that pain and unnecessary cost? There are so many software solutions available today that make getting and maintaining your certification effortless. As a management representative for a small company in Arizona, I was able to manage the quality system and carry out the responsibilities of a supply chain manager without adding one more person to the company for the sake of our quality system. How you may ask is this possible? The answer is a fully customizable software application that put all of our processes and documentation in one place. This software is SaaS based and therefore it is accessible from anywhere internet access is provided. All of our employees, key customers and suppliers were able to view and make entries as need and management decisions where determined through the analysis of the data collected by the system. What was most impressive about the implementation process was how easy it was to train everyone to use the system.
As I said before there are literally thousands of software applications for quality management system implementation. The range of products goes from supper high upfront and maintenance costs, to low upfront and maintenance costs. Complicated canned systems with little customization possibilities to easy fully customizable systems are also available. If your company is use to complicated and costly to believe you are getting a good product, then that’s the road for you. If on the other hand you are a small to midsize company with limited resources, (People and Finances), you may be interested in the latter. Do your research well and you can find a system that will work for you and actually deliver a cost savings benefit. Some items to consider:
Costs
- Upfront Cost
- Monthly Support Costs: or
- Yearly Support Costs:
- Does your system include Unlimited Users and Storage and support and revisions and new features.
- Education & Safety Costs
- Cost for Additional Modules
Applications
- Communication System
- Document Management
- Reports and Graphs
- Master Calendar
- Work Orders
- User Preferences
- Nonconformance
- Corrective Action
- Customer Feedback
- Preventive Action
- Near Miss
- Customer Supplied Product
- Inspection
- Management Review
- Internal Audits
- Calibration Control
- Quality Objectives
- Supplier Approval and Evaluation
- Competency, Training and Awareness
- Purchasing
- Job Management
- Special requirements
ISO 9001/AS9100 Who Owns Your System?
ISO 9001:2008 requires top management to actively participate in their organization’s quality management system by developing and implementing quality objectives and periodically evaluating the health of the system. This concept may seam foreign to some top managers, as some organizations still subscribe to the notion that the management of their quality system belong to the quality manager. As a lead quality management systems auditor I have seen this time and time again, often with bad news for those at the top. Without the ongoing participation and commitment from top management, it is virtually impossible to maintain a quality system that consistently meets the ISO 9001 standard or any other standard for that matter.
Top management must be involved at all stages of the quality system, from planning to implementation and ongoing maintenance. Some key areas where management should be involved are as follows:
- Setting Quality policies, planning, and objectives
- Appointing a Management representative and giving them the authority to fulfill their job responsibilities.
- Conducting Management Reviews that involve all of the required inputs and outputs of the QMS and making decisions that will promote continuous improvement.
- Enlisting and Utilizing customer feedback to meet customer satisfaction requirements
- Being visibly involved so that employees know that this is a business management system that is being driven from the top down.
What is most important is that “everyone” is involved with your quality management system, and realizing that no one person in the organization owns it, “everyone” owns it. Everyone must do their part, or as sure as I’m sitting here, the quality system will never deliver the results that is expected. When I hear someone say that ISO 9001 is just another expense, (No Benefit), to be endured for the sake of the customer, I know that these companies do not understand the overall commitment, (Involvement), required to receive any benefit. What type of company do you work for?
ISO 9001 Customer Satisfaction How Do I Measure This?
ISO 9001:2008 requires that customer satisfaction is monitored but does not specify methods. You must decide how to satisfy this requirement in a way that makes since to your organization. What can you measure that will improve your customer satisfaction ratings and add value to your organization at the same time. Some measures you may consider are as follows:
1. Do you deliver on time?
2. Do you deliver in full?
3. What feedback do you get from sales or service engineers?
4. Are the key accounts growing?
5. Customer audits or report cards? If favourable, use them as evidence of customer satisfaction.
6. Direct feedback from the customer both positive and negative, track them. If enough customers are saying the same things about your company, you may want to put some measurement in place to resolve these issues. If they are saying something wonderful about you, make this a priority to provide this service to all your customers.
Remember, you are in business to grow and the best way to do this is to satisfy your customers. Focus on measurements that will result in setting you apart from your competition. Don’t give lip service to customer satisfaction because you will suffer a finding during your surveillance audit because you cannot produce evidence that you even know what your customers think of your performance. If you have a hard time determining what you should be measuring and analyzing, ask your customers what is important to them.
ISO 9001 Documentation
As a third party auditor, I have seen so many examples of how not to document your quality management system. Most of the mistakes stem from lack of understanding of what the standard really does require. So many times I see companies who have paid someone to come in and document “their” system and nine out of ten times the system is either too complicated or does not reflect what they actually do. A full 90% of the non-conformances which are discovered during a surveillance audit have nothing to do with meeting the requirements of the standard, but are written against the requirements the company has imposed on themselves.
I’m here to tell you it doesn’t have to be so hard to meet the requirements of ISO 9001:2008 and manage your quality management system documentation. Hiring an outside consultant can be a great experience when the consultant facilitates the activities involved in developing your quality system, but leaves the ownership and management of the system to you. This is your system, not the consultants, and should be developed and implemented by your organization so it reflects the actual practices, processes and documentation of your organization.
There are only six required documented procedures and a quality manual that you “have to have “ , all other procedures that you develop are up to you. Don’t add procedures that do not add value to your processes. If you need a procedure to complete a process properly or a customer has required it of you, then you must have that procedure. If you want to have procedures for training purposes only, then call them just that. The key is to keep it simple and manageable, you’re in business to make a profit, not manage a monstrous quality management system. If you are not sure how to go about tackling ISO 9001 certification, call a reputable consultant, they can help set you on the right path. In the end, it is your system, and it should reflect what you do in a way that is transparent and easy to maintain.
ISO 9001, What Should I Be Auditing and How Often?
The ISO 9001 standard does not specifically tell you what processes need to be audited or how often they should be audited. It does however state that the audits you do perform should be planned, and based on status and importance. So what does this translate to mean? Should you audit everything process every year, maybe, maybe not. The standard does not tell you how often, how many or what to audit, you decide what makes since for your organization (where can you get the most value and keep your quality system functioning as intended).
The best advise that I can give is review your process maps, non-conformances, past internal and third party audits, and determine where your quality management system needs attention. Where are the black holes that cause lost time, lost money, customer dissatisfaction (where are the points that are or could significantly impact your ability to satisfy your customer or grow your business). Answer these questions and you will be able to develop a planned audit schedule that will add value to your quality system. Don’t audit every process every year unless every process in your system is not functioning as you intended it to or does not meet the ISO 9001 standard requirements. If this is the case you would not be certified in the first place. Don’t audit for the sake of auditing this is costly and time consuming, get the most out of your internal audits by making them address real issues that can improve the entire quality system.
How many audits should you conduct each year? You decide how many audits will be enough to keep your quality management system functioning properly. Keep in mind, you cannot successfully improve your processes unless you periodically review them. Nothing stays the same, so if you don’t review your processes periodically they will come back to bite you via loss of business, non-conformances, increased costs, obsolete documentation, and ultimately loss of certification.