ISO 9001 & ISO 14001 Standards

Integrating Management Systems Within The ISO 9001 Standards

Integrating Management Systems Within The ISO 9001 Standards

Today’s free market economies increasingly encourage diverse sources of supply and provide opportunities for expanding markets. Fair competition needs to be based on identifiable, clearly defined common references that are recognised from one country to the next. A standard, internationally recognised, developed by consensus among trading partners, serves as the language of trade. The International Organisation for Standardisation (ISO) has developed around 8?700, mostly technical related standards on this basis. Standards Series such as ISO 9001, ISO 14000 and what is to be known as ISO 18000 and ISO 26000 are Management related. These standards contain generic guidelines for Management Systems in the area of Quality, Environment, Occupational Health & Safety and Human Resources.

ISO is a word derived from the Greek isos, meaning “equal”. ISO 9001 Standards are developed and updated by the International Organisation for Standardisation which has around 150 member bodies. A member body of ISO is the national body “most representative of standardisation in its country”.(eg. Germany – DIN, USA – ANSI, Australia – SAA).
More than 50 countries, as well as the European Community have adopted ISO 9001 which is recognised internationally as a benchmark for measuring quality in a trade context. Since its first issue in 1987, approximately 430?000 companies have been using ISO 9000. Being a standard coming from an organisation that is usually involved in the development of technical standards, ISO 9000 is often regarded as a document that belongs in the hands of a technician exposed to production line quality control. At a closer look, however, ISO 9001 Standard Series provide guidance in the development and application of Management Systems as well as Quality Control in Manufacturing and Administration.

ISO has been developing a number of Management System Guidelines for various aspects of business. The most recent are the ISO 14000 Environmental Management System Guidelines. This is an international standard that will affect business in the near future. ISO 14000 has been designed to integrate with ISO 9001. However, apart from international standards there are local standards a company has to comply with. To remain compliant with local standards, further manuals and/or procedures are required (eg. lifting procedure in a warehouse to satisfy Work Safety requirements). A company may have several Manuals describing its Management Systems (eg. Human Resources, Quality, Security, Health/Safety, Finances). An overall link between the systems is often missing which makes the monitoring and the assessment of effectiveness difficult. Double handling of information, contradicting instructions, high maintenance costs, administrative excess and lack of overall transparency are common results.
ISO 9000 Standard Series for Quality (of) Management Systems provide generic guidance for the development of an overall Management System, ISO 14000 provides guidance for Environmental Management, etc. Transparency and monitoring of all business activities can be achieved by integrating all systems into one.
Complaints that ISO 9000 is paralysing operations and, that it does not reflect reality are usually a result of not clearly understanding how the standard can be properly structured to address the needs of a company. ISO 9000 can be structured by focusing on “best practice” process rather than the standard, by fitting the standard to the process and not the process to the standard. Having recognised this, ISO has been working on a new structure for ISO 9000, called “Vision 2000?, taking a process orientated approach to ensure that “best practice” as well as several standards can be addressed within one system. Focusing on process allows the development of a practical “working document”, providing an effective management tool. Having learned from the past, the trend to Process Orientated Management Systems started about three years ago in Europe and is finding increasing approval from certification bodies.Every company has its own culture and key individuals.
The business environment influences processes in certain ways (eg. employee market, laws, infrastructure, client, etc.)
To ensure competitiveness a company needs to ensure adequate flexibility in their system to effectively respond to changes in the business environment.
An effective system is a lean system that incorporates all necessary functions, controls of activities and “best practice” without being caught up in detail.
An effective system must also be flexible enough to enable the proper controls on outsourcing and sub-contracting of activities (eg. production, administration, service, etc.)

Tags: iso 9001, iso 9001 standard, ISO 9001 Standards

Records Required by ISO 9001 Standard

Records Required by ISO 9001 Standard
ISO 9000 requires that records be kept of critical operations. Record keeping is the fourth tier of required documentation in ISO 9000, following the Quality Policy Manual, Procedures, and Work Instructions.
Questions you may have include:
•What is a record?
•What are the required records?
•What is the reason for these records?
This lesson will answer those questions. There is a mini-quiz near the end of the lesson.
What is a record?
Records consist of any historical documentation, such as summaries or meetings and reviews, specifications, invoices, results of tests and such. This is different than procedures and instructions that tell what do to. Instead, a record is the history of what has been done.
Records required
The following lists the records required under ISO 9001 version 2000, along with the referring sub-paragraph number from the standard. ISO 9002 and ISO 9003 would be subsets of this list. Of course, a company may choose to include additional records that they deem important.
Para.
Record Required
5.6.1
Management reviews
6.2.2 (e)
Education, training, skills and experience
7.1 (d)
Evidence that the realization processes and resulting product fulfill requirements
7.2.2
Results of the review of the requirements relating to the product and actions arising from the review
7.3.2
Design and development inputs
7.3.4
Results of design and development reviews and any necessary action
7.3.5
Results of design and development verification and any necessary action
7.3.6
Results of design and development validation and any necessary action
7.3.7
Results of the review of design and development changes and any necessary action
7.4.1
Results of supplier evaluations and actions arising from evaluations
7.5.2 (d)
As required by the organization to demonstrate the validation of processes where subsequent monitoring and measurement cannot verify the resulting output
7.5.3
Unique identification of the product, where traceability is a requirement
7.5.4
Customer property that is lost, damaged, or otherwise found to be unsuitable for use
7.6 (a)
Standards used for calibration or verification of measuring equipment where no international or national measurement standards exist
7.6
Validity of previous results when measuring equipment is found not to conform to its requirements
7.6
Results of calibration or verification of measuring equipment
8.2.2
Internal audit results
8.2.4
Evidence of product conformity with the acceptance criteria and indication of the authority responsible for the release of the product
8.3
Nature of the product nonconformities and any subsequent actions taken, including concessions obtained
8.5.2
Results of corrective actions
8.5.3
Results of preventive actions
Reason for records
The reason to keep records is for future use as a reference in case of questions related to contractual and legal matters, work techniques, verification of work done, and other parts essential to the company running smoothly. The company management should use sound judgment as to what records are non-essential and how long to keep a specific record.

Tags: iso 9001

ISO 9001 Standards Gap Analysis

ISO 9001 Standards Gap Analysis

One of the first steps in implementing ISO 9000 is to perform a gap analysis. This is the technical name for an initial comparison of the Quality Management System to the ISO 9001:2008 Standard. The goal in find the gap between the standard and the QMS. The Gap Analysis will establish the scope of the implementation project and will therefore be important information for determining the amount of resources that will be required to complete the project in the given timeline.
Typically the gap analysis is based on a Gap Analysis checklist. These can be purchased from several different sources on the web ( like theISOstore.com). A second option is to use the internal audit checklist from this web site as a gap analysis checklist. Either way, the key to have a list of questions based on the standard that will uncover any weaknesses in the QMS before the project begins.
Gap Analysis Auditors
Performing gap analysis is best done by someone who is familiar with the ISO 9001 standard. If the company has no one with this experience, then consider outside training for the person who will be the lead internal auditor. Without grasping the goals behind the standard, you and your company can waste a lot of time improperly documenting flaws and over engineering solutions.
Performing a Gap Analysis
I recommend performing a basic ISO 9000 awareness training before the gap analysis. The awareness training will help reduce fear or resistance to the change that sometimes comes with a large company wide project. Once everyone understands the goals of the ISO project and is ready to be audited, start the gap analysis in sections. Covering sections 4,5,6,7 and 8 all in one audit is a mind melting experience. Start with section 4 to see how fast you can properly document the a section. Then schedule the remaining section based on your experience.
As you go through each section, you will either find that a system is already in place that meets the requirements of the ISO9001 standard or you will write a finding for that section. If you find that the system is in place, simply log the document numbers on the gap analysis sheet and move on. If you find that a large portions of the quality systems are missing, then you can write the equivalent of a major finding with a larger scope and not waste too much time listing every detail of what is missing.
How to use the result of the gap analysis
Once you have completed the gap analysis, you will have a list of missing or under-developed documents, records and systems. If you use the checklist from this web site, the result of the gap analysis will be a list of individual item that must be corrected. If the check sheet said “what document is used to the describe record retention?” and you found no document, then the document should be created. Once you feel that everything is in place, then you will want to repeat the audit to confirm that you can answer every question on the internal audit checklist with a positive response.
If the gap analysis show that your systems are in relatively good shape with some area for improvement, then I would make the gap analysis the first record in your internal audit notebook. This will help build a history of audits. If the gap analysis shows major flaws, you may want to fix them and then perform an internal audit as the first record to meet your internal auditing requirements. External auditor will frequently look at your internal auditing records to see if there are any blatant problems with the QMS, so don’t make their job too easy.

Tags: iso 9001

IMPLEMENTATION GUIDANCE FOR ISO 9001:2008

IMPLEMENTATION GUIDANCE FOR ISO 9001:2008

The Justification Study identified the need for an amendment, provided that the impact on users would be limited and that changes would only be introduced when there were clear benefits to users.

The key focuses of the ISO 9001:2008 amendment were to enhance the clarity of ISO 9001:2000 and to enhance its compatibility with ISO 14001:2004.

A tool for assessing the impacts versus benefits for proposed changes was created to assist the drafters of the amendment in deciding which changes should be included, and to assist in the verification of drafts against the identified user needs. The following decision making principles were applied:

1) No changes with high impact would be incorporated into the standard;

2) Changes with medium impact would only be incorporated when they provided a correspondingly medium or high benefit to users of the standard;

3) Even where a change was low impact, it had to be justified by the benefits it delivered to users, before being incorporated.

The changes incorporated in this ISO 9001:2008 edition were classified in terms of impact into the following categories:

1. No Changes or minimum changes on user documents, including records.

2. No changes or minimum changes to existing processes of the organization.

3. No additional training required or minimal training required.

4. No effectes on current certifications.

Tags: iso 9001:2008

What Is New In ISO 9001:2008 Standards

The new edition of ISO 9001 is an amendment and not a revision; in other words, the changes are very small. They are broadly as follows:

- the user-feedback survey on ISO 9001:2000 revealed that there were some ambiguities and some points needing clarification. These have been tidied up, along with clarification inareas that were previously too open to interpretation.

- the new edition has improved compatibility with ISO 14001 for those wishing to integrate their ISO 14001 certification with their ISO 9001 certification.

ISO 9001:2008 – What it means to certified organizations

For certified organizations, the transition period runs from 14 November 2008 to 31 December 2009. All organizations need to be compliant with ISO 9001:2008 by the end of 2009 to retain their certification. BSI’s clients will be audited against the new edition of the standard at their next continuing assessment or re-certification visit.

Antony Barrett, product marketing manager responsible for ISO 9001 at BSI Management Systems UK, comments: “We don’t see anyone having any problems in achieving the 2008 edition of the standard.” Client managers will work with clients to manage the process.

Tags: iso 9001

ISO 9001 — a way of managing for conformance

Quality assurance, according to the Standard, is a way of managing that prevents non-conformance and thus “assures quality”. This is what makes ISO 9001 different from other standards: it is a management standard, not a product standard. It goes beyond product standardisation: it is standardising not what is made but how it is made. To use standards to dictate and control how organisations work was to extend the role of standards to new territory. To take such a step we might have firstly established that any such requirements worked — that they resulted in ways of working which improved performance.

Yet the plausibility of this Standard, and the fact that those who had an interest in maintaining it were (and still are) leading opinion, prevented such enquiries. In simple terms the Standard asks managers to say what they do, do what they say and prove it to a third party.

ISO 9000 (1994) paragraph 1: “The requirements specified are aimed primarily at achieving customer satisfaction by preventing non-conformity at all stages from design through servicing.”

To put it another way, the Standard asserts that preventing non-conformance achieves customer satisfaction. But does it? Of course it matters to customers that a product works. But there is no guarantee that the Standard will ensure even that. Furthermore, customers take a total view of an organisation — how easy it is to do business with — in respect of all things of importance to each and every customer.

ISO 9001 requires managers to “establish and maintain a documented quality system as a means of ensuring that product conforms to specified requirements”. Loosely translated this is “say what you do”. Management is supposed to “define and document its policy for quality . . . including its commitment to quality”.

What management would not declare its commitment to quality? But would they know what it means? Would they argue (as they should) that quality management is a different and better way to do business, or would they believe that ISO 9000 will take care of quality? The Standard encourages managers to think of “quality” and “business as usual” as separate and distinct. It helps managers avoid the revelation that quality means a wholly different view of management. Instead, the organisation “shall appoint a management representative who, irrespective of other responsibilities, shall have defined authority and responsibility” [for ISO 9000]. At a practical level this means only one executive might decide he or she had better learn a thing or two about quality. However, would being responsible for ISO 9001 lead to learning about quality or simply enforcing the ISO 9000 regime in an organisation?

Key to the regime is auditing. The Standard requires organisations to conduct internal quality audits to “verify whether quality activities comply with planned arrangements”. This can be loosely translated as “do you do as you say?” and the purpose of the audit is to see that you do. It was not until the 1994 review that the words were changed to “quality activities and related results”. It was a Standard which was rooted in the philosophy of inspection: fifteen years after its initial promulgation the promoters sought to extend the focus to results. But results or improvements assessed by what means? Inspection. By the time the Standard was adopted world-wide, quality thinking had moved a long way from the philosophy of inspection. It is now understood, at least by a few, that quality is achieved through managing the organisation as a system and using measures which enable managers to improve flow and reduce variation (which we explore in chapters 5 and 7). The defenders argue that there is nothing stopping a company having ISO 9000 and implementing methods for managing flow and reducing variation, but where are such companies? Few of the companies we researched, formally and informally, knew anything about this thinking. The Standard does not talk about it; moreover, the Standard effectively discourages managers from learning about it by representing quality in a different way.

According to ISO 8402 (quality vocabulary), quality is:

“The totality of features and characteristics of a product or service that bear on its ability to satisfy stated or implied needs.”

Everything we have learned about ISO 9000 suggests that the people who created this definition were thinking about the things which need to be controlled, those things which “bear on its ability . . .”. The builders of the Standard assumed that customer needs would be listed in contractual agreements between the supplier and customer.  ISO 9000 has a “make” logic — procedures for “how you do what you do” — and a “control” logic — check to see that it is done. It is a relic of the era when contractual agreements were perceived to be an important device for regulating the behaviour of suppliers. In these ways, ISO 9000 encouraged “planning for quality”.

Planning for quality sounds plausible, but it assumes many things: that the plan is the right plan, that it is feasible, that people will “do it”, that performance will improve. It is an approach which, paradoxically, leads to poor decisions. Planners of quality systems, guided by ISO 9000, start with a view of how the world should be as framed by the Standard. Understanding how an organisation is working, rather than how someone thinks it should, is a far better place from which to start change of any kind.

Tags: iso 9001

Process Based Auditing Of Quality Management System

Process Based Auditing Of Quality Management System

Any effective quality management system (including the subsystems) works as a control process, which has the ability to detect deviations and nonconforming products and assures that the corrective and preventive action measures are effective. The regulatory auditor should check that all subsystems and processes of the quality management system are structured as self-regulating control processes. For example Deming’s PDCA cycle demonstrates such a process with the following components:

i) Plan – Has the manufacturer established the objectives and processes to enable the quality system to deliver the results in accordance with the regulatory requirements?

ii) Do – Has the manufacturer implemented the quality system and the processes?

iii) Check – Has the manufacturer checked process monitoring and measurement results against the objectives and the regulatory requirements? Does the manufacturer evaluate the effectiveness of the quality system periodically through internal audits and management reviews?

iv) Act – Has the manufacturer implemented effective corrective and preventive actions? Confirm that the company is committed to providing high quality safe and effective medical devices, and that the company is conforming with applicable laws and regulations. These are generic questions that can be asked throughout the audit.

Sampling

In general there are two ways of sampling records for review which are useful in regulatory audits risk based and statistical. Where possible, auditors should select samples based on factors which are most likely to affect the safety of the patient. In this situation sampling tables are not necessary. The auditor may however decide to select a statistically valid sample. A sample can also be drawn using a combination of risk based and statistical sampling.

Audit Planning

i) Further to the requirements given in the chapter 11 of GHTF Guidelines for Regulatory Auditing of Quality Systems of Medical Device Manufacturers – Part 1:

General Requirements (SG4/N28R2), some more consideration should be given to the following points: Information from the Manufacturer Estimation of audit duration, frequency and targeted on-site auditing time Further points to consider are given in chapter 6. Information required from the manufacturer

ii) In the planning phase, the following information should be requested from the manufacturer to estimate the audit duration and to prepare the audit plan for Regulatory Auditing of Quality Systems of Medical Device: manufacturer’s name, address contact name, telephone, fax numbers and e-mail addresses ? total number of employees (all shifts) covered by the scope of the audit ? range and class of medical devices being manufactured types of devices? sold and/or planned to be sold in the countries and/or regions for which the regulatory requirements will be assessed, including a complete list of authorizations (e.g. licenses) issued for those devices (where applicable) location and function of each site to be included in the audit a list of activities on each site the involvement of any? special manufacturing processes, e.g. software, sterilization, etc. a list of the activities performed by subcontractors and their locations, including the type of control that is exercised over those outsourced operations any existing audit results from other auditing organizations e.g. from USA, Australia, Europe, Canada, Japan. do they install or service the medical devices produced changes since the last audit, if applicable.

ii) Audit frequency The audit frequency is dependent on the factors mentioned in Appendix 3, the regulatory requirements and history of the Manufacturer.

iv) Audit duration The audit duration has a significant effect on both regulatory agencies and industry. It is dependent on factors such as the audit scope and specific regulatory requirements to be assessed, as well on the range, class and complexity of devices, and the size and complexity of the manufacturer. If not specifically mentioned, the considerations in this section are applicable to initial, and surveillance audits.

v) Relation between audit frequency and audit duration Audit duration depends on the audit frequency. In the following an annual audit frequency is the baseline as reference in IAF Guidance on the Application of ISO/IEC Guide 62. For more or less frequent audits, audit duration should be adapted accordingly. vi) Method of estimating audit duration When auditing organizations are planning regulatory audits, sufficient time should be allowed for the audit team to establish the conformity status of a medical device manufacturer’s quality system with respect to the relevant regulatory requirements. Any additional time required to assess national or regional regulatory requirements must be justified.

Tags: quality management system

KEY CONSIDERATIONS IN IMPLEMENTING ISO 9001 IN SMEs

In the case of all of the transitions depicted, real benefits from the QMS are more likely to be experienced if the QMS is implemented directly into the core structure of the organization. SMEs must be cautious against establishing a QMS that is run separately in parallel to its other systems. In SMEs, the parallel subsystem most commonly exhibits itself as a separate Quality Assurance, or in some cases, ISO 9001 department. Possible reasons for this may include the existence of rigid departmental boundaries in some SMEs or overemphasis on core activities. As Yauch and Steudel [10] note, SMEs tend to focus their attention on “…necessary routine activities (such as sales, production, shipping, etc.) rather than activities aimed at improving processes or systems.” If a SME insists on establishing a separate quality department, its level of effectiveness can be increased by embedding the QMS in widely-used organizational systems where practical. The integration is largely a function of how well the QMS manages to share information with other subsystems and its ability to align with the policies, norms, goals, and values in place throughout the organization.

In SMEs, training and staff development is more likely to be ad hoc and small scale because of modest human and financial resources and the absence of a specific training budget. To prevent the problems arising from lack of education and training, two things must be done:

1. Education of Top Management: The centralization of decision-making processes within many SMEs means that the management can either be the main stumbling block to change or the main catalyst for change. Therefore, any approach to ISO 9001implementation must involve considerable education for the top management of the organization to create awareness and understanding of the implementation process as a change initiative. Implementing a fully functional and documented QMS requires motivation by top management to appreciate, achieve, and implement the necessary measures to meet the standards’ criteria.

2. Education and Training of Employees: SMEs are often under pressure to quickly gain ISO 9001 registration. Meeting the requirements of the standard in a short period of time can prove a formidable obstacle for a small company. Since most SMEs do not possess the needed expertise internally, they may be inclined to hire external experts to provide the necessary technical expertise and manpower. However, having a functioning and documented QMS requires more than that. It requires ensuring that all employees in the organization clearly know what is expected of them and how they can contribute to the attainment of their organizations’ goals. This will likely require the preparation and implementation of a training plan tailored specifically to the unique characteristics and maturity level of the SME.

As emphasized throughout the paper, a QMS is not going to produce the expected results unless it is fully functional. While auditing must therefore verify the existence of the necessary documentation, it must also focus on the functionality of the QMS. The measurement of the functionality and the qualitative and financial impacts of a QMS have been the subject of several studies, including Kaynak. Among the categories used to measure functionality and performance improvement, two are particularly noteworthy for our purposes: management commitment and employee involvement. A QMS cannot be functional in the absence of those two characteristics. Therefore, as a minimum, internal and external auditors should continually verify top management’s commitment to increased company-wide quality awareness and improvement in addition to employee involvement in the design, implementation, operation, and improvement of quality related processes and procedures.

Tags: iso 9001

Introduction to ISO 9001 Standard Certification

Introduction to ISO 9001 Standard Certification

Certification is a way to attest, by the intermediary of a third-party certifier, to a company’s ability to provide a service, product or system in accordance with client requirements and regulation requirements. ISO and IEC give the following definition:
Procedure by which a third party gives written assurancethat a product, process or service complies with the requirementsspecified in a benchmark.The ISO 9000 family of standards corresponds to all the management best practices benchmarks as regards quality, which are defined by ISO (the International Organisation for Standardization).
ISO 9000 standards were originally written in 1987, with revisions taking place in 1994 and 2000. Thus, the 2000 version of the ISO 9001 standard, which is part of the ISO 9000 family, is written “ISO 9001:2000?. The ISO 9001:2000 standard mainly focuses on the processes used to produce a service or product, whereas the ISO 9001:1994 standard was mainly focused on the product itself. Here is an overview of all the different standards in the ISO 9000 family:
ISO 9000: “Quality Management Systems – Basic Principles and Vocabulary”. The ISO 9000 standard describes the principles of a quality management system and defines the terminologyISO 9001: “Quality Management Systems – Requirements”. The ISO 9001 standard describes the requirements relative to a quality management system either for internal use or for contractual or certification purposes. Therefore, this standard is a group of requirements that companies must followISO 9004: “Quality Management Systems – Guidelines for Improving Performance”. This standard, which is intended for internal use and not for contractual purposes, focuses particularly on continually improving performanceISO 10011: “Guidelines for auditing quality management and/or environmental management systems”.

Tags: iso 9001 standard

The ISO 9001 Standards & ISO 14001 Standards and the environment

The ISO 9001 Standards & ISO 14001 Standards and the environment

The ISO 14000 family of International Standards on environmental management is a relative newcomer to ISO’s portfolio – but enviroment-related standardization is far from being a new departure for ISO.

In fact, ISO has two-pronged approach to meeting the needs of business, industry, governments, non-governmental organizations and consumers in the field of the environment.

On the one hand, it offers a wideranging portfolio of standardized sampling, testing and analytical methods to deal with specific environmental challenges. It has developed more than 350 International Standards (out of a total more
than 12000) for the monitoring of such aspects as the quality of air, water and soil. These standards are means of providing business and government with scientifically valid data on the environmental effects of economic activity.

They also serve in a number of countries as the technical basis for environmental regulations.

ISO is leading a strategic approach by developing environmental management system standards that can be implemented in any type of organization in either public or private sectors (companies, administration, public utilities). To spearhead this strategic approach, ISO establish a new technical commitee, ISO /TC 207, Environmental management, in

1993. This followed ISO’s successful pioneering experience in management system standardization with the ISO 9000 series for quality management.

ISO’s direct involvement in environmental management stemmed from an intensive consultation process, carried out within the framework of a Strategic Advisory Group on Environment (SAGE),set up in 1991, in which 20 countrie, 11 international organizations and more than 100 environmental experts participated in defining the basic requirements of a new approach to environment-related standards.

This pioneering work was consolidated with ISO’s commitment to support the objective of “sustainable development” dicussed at the United Nations Conference on Environment and Development in Rio de Janeiro in 1992.

Today, delegations of business and government experts from 55 countries have participate actively within TC 207,

and another 16 countries have observer status. These delegations are chosen by the national standars institute concerned and they are required to bring to TC 207 a national consensus on issue being addressed by the commitee.

This national consensus is derived from a process of consultation with interested parties.

From its beginning, it was recognized that ISO/TC 207 should have close cooperation with ISO/TC 176, Quality management and quality assurance, in the areas of management systems, auditing and related terminology. Active efforts are under way to ensure compatibility of ISO environmental management and quality management standards, for the benefit of all organizations wishing to implement them.

Tags: ISO 9001 Standards