Posts Tagged ‘iso 9001’
ISO 9001:2008 Section 4.2.3 Control of Documents (Software)
Documents required by the quality management system are controlled. Records required by the quality management system are controlled according to the requirements given in 4.2.4. A documented procedure is established to define the controls needed:
- to approve documents for adequacy prior to issue,
- to review and update as necessary and re-approve documents,
- to ensure that changes and the current revision status of documents are identified,
- to ensure that relevant versions of applicable documents are available at points of use,
- to ensure that documents remain legible and readily identifiable,
- to ensure that documents of external origin determined by the organization to be necessary for the planning and operation of the quality management system are identified and their distribution controlled, and
- to prevent the unintended use of obsolete documents, and to apply suitable identification to them if they are retained for any purpose.
A basis of the quality management system is the control of documents. Document control is an essential preventive measure ensuring that only approved, current documentation is used throughout the organization. Unintentional use of obsolete documents can have significant negative consequences on quality, costs and customer satisfaction.
“For those responsible for managing their organization’s quality system it is best to design a document control process that is simple to use, easy to monitor and effective to prevent the use of obsolete documentation.” There are many ways to comply with section 4.2.3 of the ISO 9001 standard, and nowhere in the standard does it say how, so it is completely up to the organization to decide which method they will use. Most common methods include hiring dedicated staff, detailed procedures and specialized quality management software programs.
ISO 9001: Determine the necessary competence for personnel performing work affecting conformity to product requirements (Section 6.2.2 a)
There are two excellent reasons to train employees to your quality management system and your processes:
• Every employee can have potential impacts on the QMS; and
• It is a requirement of ISO 9001:2008 and virtually any well functioning quality system
Each person and function within your facility plays a critical role in the quality management system. For this reason, your training program should cast a wide net. Every employee and manager should be aware of the quality policy; the significant impacts of their work activities, key quality roles and responsibilities, procedures that apply to their work, and the importance of conformance with ISO 9001 requirements. Employees should understand the potential consequences of not following the requirements of the QMS (such as poor product performance, reduced customer satisfaction, and loss of business).
All personnel should receive appropriate training and support to be competent at their work.
Training should be tailored to the different needs of various levels or functions in the facility. However, training is just one element of establishing competence, which is typically based on a combination of education, training, and experience. You should establish criteria to measure the competence of individuals performing tasks that can impact on the quality of your products.
Training is needed both in technical work and for general awareness on the part of all employees
To define requirements for each job position questions to ask:
- “What job-specific knowledge area(s) must be well understood by someone in this job?”
- “What manual, mental or interpersonal skills must an employee have to do this job well?”
- “What natural abilities or talents must someone possess to be effective in this job?”
The result from this exercise is a list of competencies for the job that can be used for hiring purposes and subsequent training and development plans. Once the list is prioritized to include only the most critical competencies, you will need to document them in some appropriate manner (job descriptions, training matrix, or other means).
ISO 9001/AS9100 Who Owns Your System?
ISO 9001:2008 requires top management to actively participate in their organization’s quality management system by developing and implementing quality objectives and periodically evaluating the health of the system. This concept may seam foreign to some top managers, as some organizations still subscribe to the notion that the management of their quality system belong to the quality manager. As a lead quality management systems auditor I have seen this time and time again, often with bad news for those at the top. Without the ongoing participation and commitment from top management, it is virtually impossible to maintain a quality system that consistently meets the ISO 9001 standard or any other standard for that matter.
Top management must be involved at all stages of the quality system, from planning to implementation and ongoing maintenance. Some key areas where management should be involved are as follows:
- Setting Quality policies, planning, and objectives
- Appointing a Management representative and giving them the authority to fulfill their job responsibilities.
- Conducting Management Reviews that involve all of the required inputs and outputs of the QMS and making decisions that will promote continuous improvement.
- Enlisting and Utilizing customer feedback to meet customer satisfaction requirements
- Being visibly involved so that employees know that this is a business management system that is being driven from the top down.
What is most important is that “everyone” is involved with your quality management system, and realizing that no one person in the organization owns it, “everyone” owns it. Everyone must do their part, or as sure as I’m sitting here, the quality system will never deliver the results that is expected. When I hear someone say that ISO 9001 is just another expense, (No Benefit), to be endured for the sake of the customer, I know that these companies do not understand the overall commitment, (Involvement), required to receive any benefit. What type of company do you work for?
ISO 9001 Customer Satisfaction How Do I Measure This?
ISO 9001:2008 requires that customer satisfaction is monitored but does not specify methods. You must decide how to satisfy this requirement in a way that makes since to your organization. What can you measure that will improve your customer satisfaction ratings and add value to your organization at the same time. Some measures you may consider are as follows:
1. Do you deliver on time?
2. Do you deliver in full?
3. What feedback do you get from sales or service engineers?
4. Are the key accounts growing?
5. Customer audits or report cards? If favourable, use them as evidence of customer satisfaction.
6. Direct feedback from the customer both positive and negative, track them. If enough customers are saying the same things about your company, you may want to put some measurement in place to resolve these issues. If they are saying something wonderful about you, make this a priority to provide this service to all your customers.
Remember, you are in business to grow and the best way to do this is to satisfy your customers. Focus on measurements that will result in setting you apart from your competition. Don’t give lip service to customer satisfaction because you will suffer a finding during your surveillance audit because you cannot produce evidence that you even know what your customers think of your performance. If you have a hard time determining what you should be measuring and analyzing, ask your customers what is important to them.
ISO 9001, What Should I Be Auditing and How Often?
The ISO 9001 standard does not specifically tell you what processes need to be audited or how often they should be audited. It does however state that the audits you do perform should be planned, and based on status and importance. So what does this translate to mean? Should you audit everything process every year, maybe, maybe not. The standard does not tell you how often, how many or what to audit, you decide what makes since for your organization (where can you get the most value and keep your quality system functioning as intended).
The best advise that I can give is review your process maps, non-conformances, past internal and third party audits, and determine where your quality management system needs attention. Where are the black holes that cause lost time, lost money, customer dissatisfaction (where are the points that are or could significantly impact your ability to satisfy your customer or grow your business). Answer these questions and you will be able to develop a planned audit schedule that will add value to your quality system. Don’t audit every process every year unless every process in your system is not functioning as you intended it to or does not meet the ISO 9001 standard requirements. If this is the case you would not be certified in the first place. Don’t audit for the sake of auditing this is costly and time consuming, get the most out of your internal audits by making them address real issues that can improve the entire quality system.
How many audits should you conduct each year? You decide how many audits will be enough to keep your quality management system functioning properly. Keep in mind, you cannot successfully improve your processes unless you periodically review them. Nothing stays the same, so if you don’t review your processes periodically they will come back to bite you via loss of business, non-conformances, increased costs, obsolete documentation, and ultimately loss of certification.
How Do You Define ‘Risk’?
Risk may be defined in terms of exposure to a hazard (an incident), likelihood of an incident occurring, and the consequences of the incident. It should be pointed out that the ‘outrage factor’ must be considered as part of the consequences of an incident. Public opinion of an organization can be greatly affected by the way it manages its risk,( especially in the area of Occupational Health & Safety). The outrage factor can greatly magnify risk.
Generally we cannot predict the consequences of an incident, so it is difficult to rate risks in order of importance, to provide a basis for distribution of resources to control risk. We can however, assess the likelihood of an incident by using statistics to measure probability in many cases.
In practice it is usually enough to identify hazards and take appropriate action to minimize the associated risk, based on reasonable expectation of the outcomes of exposure.
The term ‘safe’ is used to denote a situation or condition where there is minimal acceptable risk, i.e. where the risk is tolerable to stakeholders.
When determining what is acceptable risk, it is important to remember the ISO risk management principles:
- Risk management should create value
- Risk management should be an integral part of organizational processes
- Risk management should be part of decision making
- Risk management should explicitly address uncertainty
- Risk management should be systematic and structured
- Risk management should be based on the best available information
- Risk management should be tailored
- Risk management should take into account human factors
- Risk management should be transparent and inclusive
- Risk management should be dynamic, iterative and responsive to change
- Risk Management should be capable of continual improvement and enhancement
Finding an ISO 9001 Auditor that fits the needs of your company
Finding an ISO auditor that fits well with your company is fundamental to a successful certification experience. You want to work with a person that you are comfortable with and that is comfortable with you! Here are some tips that you can follow to find an auditor that you know you will work well with your company:
Try to find a registrar that has somebody who can answer your questions, someone that you feel comfortable with and meets your financial requirements. Make sure the registrar has auditors with experience in your area. What good is a registrar that has an auditor that lives down the street from you if they’ve only audited service processes? They’ve never audited a machine shop, and you’re a machine shop.
You want an auditor that fits you and your company and gives you good observations and opportunities for improvement as they audit. Ask to talk with your potential auditor. It’s always nice to be able to converse with somebody so you get to know who they are before you meet them. If they are in the area, maybe they can drop in just to talk to you, just to put a face to the name.
Some registrars have auditors all over the United States and even some overseas. Be careful when you are trying to find an auditor close to you. Sometimes you are going to find that the auditor you like isn’t close to you. If you like that person, and are willing to pay travel expenses, the registrar should be happy to send that person to you.
Remember you are the customer, make sure you exercise your right to selecting the auditor that best fits your needs.
ISO 9001/AS9100, Why Do I Have To Conduct A Management Review?
Just as a person should have periodic physical exams, your QMS must be reviewed periodically to stay “healthy.” Management reviews are critical to continual improvement and ensure that the quality management system will continue to meet your facility’s needs over time.
The ISO 9001 standard states, the purpose of a management review is to review the Quality Management System to ensure its continuing adequacy, suitability and effectiveness. This should include an evaluation of the performance of the system based on existing data (review inputs), and should also address any decisions or actions necessary to improve the management system and its related processes (review outputs).
To make your reviews meaningful, such reviews should be performed at least annually, although they may be performed on a more frequent basis, including quarterly or even monthly. The frequency of these reviews is your choice, but I personally recommend that organizations with “newer” systems perform this function on a more frequent basis, at least for the first 18-24 months.
Records of these reviews should be maintained in accordance with your documented control of record procedures. These records should include, the date of the review, participants in the review, criteria by which the system is measured, (Inputs), strengths and weaknesses of the system, and any decisions or actions that are required (Outputs). Such inputs should include, but are not limited to the following:
- Results of Internal Audits
- Customer feedback, both positive and negative
- Process performance and product conformity
- Status of corrective and preventive actions (Are they closed and are the actions taken effective)
- Follow-up of actions from previous management reviews (Are actions being completed?)
- Any changes that could affect the quality system (Personnel, facility, regulations, business direction etc.)
- Recommendations for improvement
Outputs from this review should include and decisions or actions related to the following:
- Improvement of the effectiveness of the QMS and its processes
- Improvement related to customer requirements
- Resource needs to support the QMS.
Quality Management Systems Auditing, Make It Worth Your Time
With the upgrade of the ISO9000 series of standards from the 1994 to 2008 series, the focus of the audits has shifted from purely procedural adherence towards measurement of the actual effectiveness of the quality management system or the total process, and the results that have been achieved through the implementation of a QMS. And now with the upgrades of the AS9100 quality standard, there are even more ways to develop and implement corrective and preventive actions that will greatly benefit the organization.
Audits are an essential management tool to be used for verifying objective evidence of processes, to assess how successfully processes have been implemented, for assessing the effectiveness of achieving any defined target levels, to provide evidence concerning reduction and elimination of problem areas. For the benefit of the organization, quality auditing should not only report non-conformances and corrective actions, but also highlight areas of good practice. By highlighting these areas other departments may share information and amend their working practices as a result, which contributes to continual improvement.
There are times that auditing feels like an arduous ordeal, and those being auditee feel as though they are being personally judged. The most important part of conducting an audit is to communicate with the auditee the intent of the audit and their role in it. For an audit to give meaningful information back to the organization, you must get the cooperation of those being audited. Let them know that the audit is not a tool to punish but rather an opportunity to improve the organization as a whole. Finds are not bad things, quite the contrary they are the building blocks for the continued success of the organization (continual improvement). Why not make it the responsibility of each employee to contribute at least one opportunity for improvement each year. Just think how much better your company will be after one year.
Getting The Most Out Of Your Quality Objectives
ISO 9001:2008 mentions quality objectives at least 14 times. Basically, quality objectives allow us to measure our progress and make improvements. How else can we conclude if we’re doing the right things and what we should do next? Without metrics you have no way of knowing if there has been a return on investment for an improvement initiative, capital expenditure, or new product design.
Objectives are the essential links between day-to-day activities and strategic planning. They make it possible for individuals throughout the organization to monitor processes and communicate performance to the decision makers. When we develop our strategic objectives (the ones that will move us to the next level of quality or profitability), what should we be looking at and how should we be looking at it.
The standards for ISO 9001 and AS9100 require that objectives be set and implemented to promote continuous improvement. If you were to set objectives that had no measureable metric and no time line for completing, how would you ever know if you had completed them or if they made any difference at all?
As a third party auditor, I have seen many failed attempts at setting meaningful objectives. The primary reason for these failures is lack of understanding of what should be included when setting these goals.
A good rule of thumb is to always include the following information in each objective:
- A starting point-Where are we now?
- A desired result-where do we want to be and what do we want to accomplish?
- When do we expect to complete this objective-Put a stake in the ground.
Example:
“We will improve our delivery performance to our customers from 85% to 95% by December 2010.”
Once you have set your objective now you must show progress toward completion-measure and report. Make decisions and take action to keep moving in the right direction. If you miss your deadline, don’t worry, you can always push your time-line out. The primary reason for objectives is to keep moving toward improving your quality management system and better satisfying your customers. Competition is steep in today’s economy; keeping ahead of the competition requires planning and measuring on a regular basis. Make your objectives count; they can be the difference between success and failure.