Archive for July, 2009
Documenting A Business Management System: The Required Procedures
The six required procedures, (which can now be combined into four documents in ISO 9001:2008), that need to be written are:
1. How the company controls its documents
2. How the company controls its records
3. How it processes nonconforming product
4. How it conducts and records internal audits
5. How it processes corrective actions
6. How it processes preventive actions
The standard does not dictate how to do any of these processes; it simply provides guidelines and states that a company must document how it performs these processes. A company should not document processes or required procedures based on perceptions of the standard or what an auditor looks for. A company must document its management system based on how it conducts business.
Any other work instructions—flow charts or procedures that a company feels it needs to effectively produce the given product or service—should be done in a format that best suits the purpose controlling these processes. The most important part of documenting any type of process—management process or product process—is to define the inputs, outputs and measurements of the process. The better a company defines how to measure each process, the easier it will be to monitor the outputs (data) and pin point the areas that require improvement.
Documenting a management system: The Manual
The first step in implementing an ISO 9001 system is to document a quality management system. The required documentation is a quality manual that could be called a business systems manual because it covers the scope of the entire business, not just the quality aspects. There also are six required procedures (control of documents; control of records; internal audits; and control of nonconforming product, corrective action and preventive action). The company may define any additional documentation.
The business systems manual. There are three requirements to be included:
1. A scope that includes any exclusions
2. The procedures or reference to the procedures for the management system
3. A complete description of the interaction between the various processes that are required to operate the business.
These are the only requirements of a manual. Yet so many companies write 30- to 60-page manuals that have so much detail and often refer to outdated processes or requirements. When written correctly, the manual could be a perfect marketing tool to send to customers that simply tells them the scope of the management system and provides a picture of the interrelation of processes. The interrelation of processes can be as simple as an overall picture of how a company’s processes flow, and needs to incorporate control of production/service (planning, measuring and monitoring) and continual improvement processes (control of nonconforming, corrective and preventive action, and internal audit, analysis of data and management review).
Why do some companies get discouraged when implementing a management system?
Some of the horror stories about ISO 9001 certification include companies that have binders of procedures, work instruction and forms and have been trying to implement ISO 9001 unsuccessfully for years. Some have spent $50,000 and others more than $200,000 on internal resources and/or consultants. Some have had a prior quality manager who wrote a management system and then left the company, and no other employee knew how to continue the management system requirements. Some have gone through three quality managers, each defining, adding to the last quality management system or adding confusion by changing requirements.
In many instances, companies that have invested considerable time and money in the process of certification have a hard time letting go of it even when it has proven not to be effective or useful. A company must decide if it wants to chase bad money with good money when faced with this problem. It must consider letting the existing management system go and documenting a new and effective management system from scratch. An important part of the ISO 9001 standard is preventing recurrence of a problem. Therefore, it is simple common sense to change or improve a management system and the associated philosophy when the management system is found ineffective.
The benefits of ISO 9001 when implemented correctly
The main purpose of implementing an ISO 9001 system is to improve a process, eliminate waste, save money and ensure that the company will be a contender in future markets. Every process in a company should have a measurement that shows if it is effective and/or met the desired result (the plan). The best platform to improve a process is when the quality policy and measurable objectives are defined clearly, and communicated clearly throughout an organization.
In many instances, a company will not be able to find a way to measure the effectiveness of a certain process or understand how it feeds into overall goals and objectives. In these instances one must further investigate what is the purpose of this process and if it should be eliminated or modified to satisfy the company’s objectives—the why and what if questions.
Some business process reengineering steps are extremely difficult to measure and define, such as a process required to meet a safety requirement, regulatory requirement or customer requirement. It also is important to include the performance indicators of processes so that when an action is taken (corrective or preventive) the effectiveness of those actions can be measured. The most effective method to measure effectiveness is to measure and track costs. This includes cost of nonconformity so when problems are corrected and processes improved, cost savings can be measured.
Auditing to ISO 9001:2008
There are two types of auditing required to become registered to the ISO 9001 standard: auditing by an external certification body (external audit) and audits by internal staff trained for this process (internal audits). The aim is a continual process of review and assessment, to verify that the system is working as it’s supposed to, find out where it can improve and to correct or prevent problems identified. It is considered healthier for the internal auditor to audit outside their usual management line, so as to bring a degree of independence to their judgments.
Under the 1994 standard, the auditing process could be adequately addressed by performing “compliance auditing”:
- Tell me what you do (describe the business process)
- Show me where it says that (reference the procedure manuals)
- Prove that that is what happened (exhibit evidence in documented records)
How this led to preventive actions was not clear.
The 2000 standard uses the process approach. While auditors perform similar functions, they are expected to go beyond the mere iso audit for “compliance” by focusing on risk, status and importance. This means they are expected to make more judgments on what is effective, rather than merely adhering to what is formally prescribed. The difference from the previous standard can be explained thus:
Under the 1994 version, the question was broadly “Are you doing what the manual says you should be doing?”, whereas under the 2000 version, the question is more “Will this process help you achieve your stated objectives? Is it a good process or is there a way to do it better?”.
Avoid documentation mistakes
If your company is preparing to become ISO 9001 certified, you should know what you need and what you don’t need. Some companies are overzealous and become obsessed with over-documenting their systems, rather than focusing on what their procedures actually are and documenting them. While ISO 9001 requires documented procedures, the standard doesn’t specify what they should include or how they should be formatted. The fact that many companies miss is that a third-party auditor will not be concerned with the format, but rather with the content of the procedures and how closely they align with what the company actually does.
Documents should be written to define a company’s processes, not to make processes sound more impressive than they are. A common nonconformance found in an ISO audit is not that a company was unable to meet a standard’s requirement, but its inability to meet a requirement in one of its own documents. A company can essentially sabotage itself by over-thinking its documentation. ISO 9001:2008 requires a manual and six documented procedures. Fulfill those requirements; other written procedures are unnecessary.
The Process Approach ISO 9001:2008
Every organization is made up of a series of interacting processes. A process is a set of activities that uses resources (people, machines, etc.) to transform inputs into outputs.
The process approach considers the interaction between these processes, and the inputs and outputs that tie these processes together. The output of one process becomes the input of another.
The ISO 9001 Standard is designed to manage and improve those processes.
- Identify the key processes.
- Define the quality standards for those processes.
- Decide how process quality will be measured.
- Document how you will achieve the desired quality, as determined by your measurements.
- Evaluate your quality and continuously improve.
Once these are identified, an organization can ensure its processes are effective (the right process is followed the first time), and efficient (continually improved to ensure processes use the least amount of resources).
What Are the Benifits of AS9100, and Why Now?
Under the circumstances of today’s economy, one might ask “why should my company spend the time and money to become certified to AS9100?” Companies are downsizing ant an alarming rate, cutting costs and basically operating in survival mode. So you may ask, why now? The best answer is to look at the benefits of AS9100 certification going forward into the future. Those companies that have successfully implemented AS9100 now, will realize these benefits then:
· AS9100 Provides access to the best practices of the aerospace industry
· Demonstrates your commitment to deliver quality products and services to your customers
· Brings your quality management system to level with the global standard adopted by the aerospace industry
· Improves your new market / new customer prospects on a worldwide basis
· Reduces multiple expectations and number of 2nd and 3rd party audits
· Creates independent feedback to foster continual improvement
· Improved customer satisfaction
· Reduces organizational waste, inefficiencies, and defects
· Facilitates continual improvement in business processes and customer satisfaction
· Improves process consistency and stability
What are The Supplier Requirements For AS9100?
The industry is quickly moving toward requiring their subcontractors and suppliers to be AS 9100 compliant and/or certified. By conforming to AS 9100 or becoming registered by a third party, suppliers can gain a competitive advantage and benefit from the improved processes and continuous improvement that is the foundation of ISO 9001:2000 certified Quality Management Systems.
Effective Dec. 2003 the Boeing Company began requiring all Boeing suppliers to be BQMS (Boeing’s Quality Management System) approved or have a waiver. AS 9100 Rev. B is a significant part of Boeing’s BQMS requirements.
General Electric Aircraft Engines (GEAE) was one of the first manufacturers to require AS 9000 compliance by all of their direct material suppliers. Currently, GEAE is requiring AS 9100 certification for all new suppliers, and existing suppliers have a gap audit and a certification audit performed to coincide with their existing surveillance audit schedule.
Common Obstacles to ISO 9001 Implementation and Registration
1. Too much documentation – unnecessary procedures, work instructions, forms, etc.
2. Lack of top management commitment and support – top management pays lip service or does not get involved.
3. Not providing adequate resources – budget, personnel, consultant, training, etc., to get the job done effectively.
4. Resistance to change – some process owners and functional managers may resist changes to processes and accountability for objectives.
5. Not setting realistic timeframes for business management system(BMS) development and implementation
6. Not providing adequate information and training resulting in conflicting interpretation of requirements and what needs to get done.
7. Not communicating BMS plans
8. Lack of discipline – personnel not following policies and procedures
9. Not understanding processes and how to use them effectively to manage the business.
10. Policies and procedures imposed by head office or other organizations.
11. Improper use of BMS system tools – e.g., corrective action; management reviews; etc.
12. Not understanding ISO 9001 requirements; not getting external help; and getting poor support and interpretations from the Certification Body.
By recognizing these obstacles and hurdles, you should be able to successfully avoid them on the path to ISO 9001 certification.