ISO 14001 provides a logical, common-sense approach for
businesses to adopt. To start it is recommended to carry out an
environmental review of the business and the Annex to the Standard
provides guidance on the approach required. The Standard then
requires a management system to be developed that addresses the
key environmental issues that were identified by the review as being
relevant to the business, through a rational programme of control and
continual improvement.
There are five key steps to ISO 14001 EMS implementation, and
subsequent operation which are clearly laid out in just three pages of
text.
The five key steps are:
1. Environmental Policy
2. Planning
3. Implementation and Operation
4. Checking and Corrective Action
5. Management Review
Step 1. Environmental Policy
The company or organisation must write an environmental policy
statement which is relevant to the business activities and approved by
top management. Their full commitment is essential if environmental
management is to work. The ISO 14001 Standard clearly sets out
what to cover in the policy. Often a one page document is sufficient.
Produce a first issue and expect to amend it several times before
assessment and registration as knowledge grows in the company.
Step 2. Planning
Plan what the EMS is to address.
Environmental aspects
First make lists of the environmental aspects (issues) that are relevant
to the business. The environmental review mentioned earlier should
provide most of this information and the Annex to ISO 14001 provides
guidance on the format for doing this.
Consider the inputs, outputs and processes/activities of the business in
relation to;
a) emissions to air
b) releases to water
c) waste management
d) contamination of land
e) use of raw materials and natural resources
f) other local environmental and community issues
Consider both site (direct) and offsite (ie. indirect) aspects that you
control or have influence over (such as suppliers) and in relation to
normal operations, shut-down and start-up conditions and reasonably
foreseeable and emergencies situations.
A simple written procedure is then required to determine which of the
aspects identified are really or probably significant (important) and
training needs, outline the key stages of the project and dates that will
lead to the target achievement).
Gradually apply environmental management programme thinking to
such things as the introduction of new products, new or improved
processes and other key activities of the business. In particular,
ensure existing projects become environmental management projects
where there is a significant environmental impact involved, so that the
EMS becomes company wide. This is a frequent oversight found
during ISO 14001 assessments. The EMS must cover the whole
business – like a net thrown over the whole business and for example
including such things as engineering and maintenance
Step 3. Implementation and Operation
Structure and responsibility
Appoint one or more people, depending on the size of the business, to
have authority and responsibility for implementing and maintaining the
EMS and provide sufficient resources. (It’s worth monitoring costs
carefully and benchmarking these against key consumption figures so
that improvements delivered by the EMS become apparent).
Training, awareness and competence
Implement a procedure to provide environmental training appropriate
to identified needs for management, the general workforce, project
teams and key plant operators. This can have far reaching benefits
on employee motivation. The workforce is usually very supportive of
moves to achieve genuine environmental improvement. Every
company has its share of cynics but even some of these can be won
over with time. Training will vary from a general briefing for the
workforce to detailed environmental auditor training.
Communication
Implement procedures to establish a system of internal and external
communication to receive environmental information and respond to it
and to circulate new information to people that need to know. This will
include: new legislation, information from suppliers, customers and
neighbours and communications both with employees and for
employees about progress with the EMS. This process can often
generate worthwhile ideas from employees themselves for future
environmental improvements.
Environmental management system documentation
The EMS itself needs to be documented with a manual, procedures
and work instructions but keep it brief and simple. The Standard
clearly states where procedures are required. Eleven system
procedures are required to maintain the EMS, plus operating work
instructions but if you already have ISO 9000, this will cover most of six
of the procedures required and a quality system can certainly be
expanded to cover ISO 14001 as well. Cross reference the EMS
manual to other environmental and quality documents to link the EMS
and to integrate it with existing business practices.
Operational control
Implement additional operating procedures (work instructions) to
control the identified significant (important) aspects of production
processes and other activities. Some of these will already exist but
may need a ‘bit of polish’. Don’t forget significant aspects that relate to
goods and services from suppliers and contractors.
Emergency preparedness and response
Implement procedures to address reasonably foreseeable
emergencies and to minimise their impact should they occur. (eg. Fire,
major spillages of hazardous materials, explosion risks etc.)
Step 4. Checking and Corrective Action
Monitoring and measurement
Implement procedures to monitor and measure the progress of
projects against the targets which have been set, the performance of
processes against the written criteria using calibrated equipment (verify
monitoring records) and regularly check (audit) the company’s
compliance with legislation that has been identified as relevant to your
business. The most effective way of doing this is through regular
progress meetings.
Nonconformance and corrective and preventive action
Implement procedures to enable appropriate corrective and
subsequent preventive action to be taken where breaches of the EMS
occur (eg. process control problems, delays in project process, noncompliance
with legislation, incidents etc.).
Records
Implement procedures to keep records generated by the
environmental management system. The Annex to the Standard
suggests those that are likely to be required.
Environmental management system audit
Implement a procedure to carry out audits of each part of the EMS and
company activities and operations to verify both compliance with the
EMS and with ISO 14001. Audit results must be reported to top
management . A typical audit cycle is one year but more critical
activities will require auditing more frequently.
Step 5. Management Review
At regular intervals (typically annual), top management must conduct
through meetings and record minutes of a review of the EMS, to
determine that it is still appropriate and effective or to make changes
where necessary. Top management will need to consider audit
results, project progress, changing circumstances and the requirement
of ISO 14001 for continual improvement, through setting and achieving
further environmental targets.
Wednesday, September 30, 2009
ISO 9001:2008 Requirements – QMS
ISO 9001:2008 Requirements – Quality Management System
Establish, document, implement, and maintain a quality management system. Continually improve its effectiveness in accordance with ISO 9001 requirements. Implement the system to:? Determine processes needed for the quality management system (and their application throughout the organization)? Determine process sequence and interaction? Determine criteria and methods for process operation and control? Ensure resources and supporting information are available? Monitor, measure where applicable, and analyze these processes? Implement actions to achieve planned results and continual process improvementManage these processes in accordance with ISO 9001 requirements. Define the type and extent of control applied to any outsourced processes that affect product conformity to requirements.NOTE 1: Processes needed for the quality management system include the processes for management activities (see 5), provision of resources (see 6), product realization (see 7), and measurement, analysis, and improvement (see 8).NOTE 2: An outsourced process is a process the organization needs for its quality management system, and which the organization chooses to have performed by an external party.NOTE 3: Ensuring control over outsourced processes does not absolve your organization of the responsibility to conform to all customer, statutory, and regulatory requirements. The type and extent of control applied to an outsourced process can be influenced by factors such as:? Potential impact of the outsourced process on your organization’s capability to provide product that conforms to requirements? Degree to which the control for the process is shared? Capability of achieving the necessary control through the application of 7.4
Establish, document, implement, and maintain a quality management system. Continually improve its effectiveness in accordance with ISO 9001 requirements. Implement the system to:? Determine processes needed for the quality management system (and their application throughout the organization)? Determine process sequence and interaction? Determine criteria and methods for process operation and control? Ensure resources and supporting information are available? Monitor, measure where applicable, and analyze these processes? Implement actions to achieve planned results and continual process improvementManage these processes in accordance with ISO 9001 requirements. Define the type and extent of control applied to any outsourced processes that affect product conformity to requirements.NOTE 1: Processes needed for the quality management system include the processes for management activities (see 5), provision of resources (see 6), product realization (see 7), and measurement, analysis, and improvement (see 8).NOTE 2: An outsourced process is a process the organization needs for its quality management system, and which the organization chooses to have performed by an external party.NOTE 3: Ensuring control over outsourced processes does not absolve your organization of the responsibility to conform to all customer, statutory, and regulatory requirements. The type and extent of control applied to an outsourced process can be influenced by factors such as:? Potential impact of the outsourced process on your organization’s capability to provide product that conforms to requirements? Degree to which the control for the process is shared? Capability of achieving the necessary control through the application of 7.4
ISO 9001:2008 Requirements – Documentation Requirements
ISO 9001:2008 Requirements – Documentation Requirements
Include in the quality management system documentation:? Documented statements of a quality policy and quality objectives? A quality manual? Documented procedures and records required by ISO 9001? Documents and records determined by the organization to be necessary for the effective planning, operation, and control of its processesNOTE 1: Where “documented procedure” appears within the Standard, this means that the procedure is established, documented, implemented, and maintained. A single document may address the requirements for one or more procedures. A requirement for a documented procedure may be covered by more than one document.NOTE 2: The extent of the quality management system documentation can differ from one organization to another due to:? Size of the organization and type of activities? Complexity of processes and their interactions? Competence of personnelNOTE 3: The documentation can be in any form or type of medium.4.2.2 Quality ManualEstablish and maintain a quality manual with:? Scope of the quality management system? Details and justification for any exclusions? Procedures or references to the procedures? Description of interaction between processes4.2.3 Control of DocumentsControl the documents required by the quality management system. Records are a special type of document and must be controlled as required by clause 4.2.4.
Establish a documented procedure to:? Approve documents for adequacy prior to issue? Review, update as necessary, and re-approve documents? Identify the changes and current document revision status? Make relevant documents available at points of use? Ensure the documents remain legible and readily identifiable? Identify external documents and control their distribution? Prevent obsolete documents from unintended use? Apply suitable identification if obsolete documents are retained4.2.4 Control of RecordsEstablish and control records as evidence of conformity to requirements and to demonstrate the effective operation of the quality management system.Establish a documented procedure to define the controls needed for record:? Identification? Storage? Protection? Retrieval? Retention? DispositionKeep records legible, readily identifiable, and retrievable.
Include in the quality management system documentation:? Documented statements of a quality policy and quality objectives? A quality manual? Documented procedures and records required by ISO 9001? Documents and records determined by the organization to be necessary for the effective planning, operation, and control of its processesNOTE 1: Where “documented procedure” appears within the Standard, this means that the procedure is established, documented, implemented, and maintained. A single document may address the requirements for one or more procedures. A requirement for a documented procedure may be covered by more than one document.NOTE 2: The extent of the quality management system documentation can differ from one organization to another due to:? Size of the organization and type of activities? Complexity of processes and their interactions? Competence of personnelNOTE 3: The documentation can be in any form or type of medium.4.2.2 Quality ManualEstablish and maintain a quality manual with:? Scope of the quality management system? Details and justification for any exclusions? Procedures or references to the procedures? Description of interaction between processes4.2.3 Control of DocumentsControl the documents required by the quality management system. Records are a special type of document and must be controlled as required by clause 4.2.4.
Establish a documented procedure to:? Approve documents for adequacy prior to issue? Review, update as necessary, and re-approve documents? Identify the changes and current document revision status? Make relevant documents available at points of use? Ensure the documents remain legible and readily identifiable? Identify external documents and control their distribution? Prevent obsolete documents from unintended use? Apply suitable identification if obsolete documents are retained4.2.4 Control of RecordsEstablish and control records as evidence of conformity to requirements and to demonstrate the effective operation of the quality management system.Establish a documented procedure to define the controls needed for record:? Identification? Storage? Protection? Retrieval? Retention? DispositionKeep records legible, readily identifiable, and retrievable.
The Similarity between ISO 9001 and BS 7799-2
The Similarity between ISO 9001 and BS 7799-2
BS 7799-2:2002 is a specification for an Information Security Management System (ISMS). It is shortly to be upgraded to the status of a full
International Standard, and published as ISO/IEC 27001. The normative part of this standard has four sections and an annex . The requirements of the four sections are associated with the PDCA cycle. The annex defines all the controls that must be considered for generating the SOA. Thus the structure of BS 7799-2:2002, as will be ISO/IEC 27001, can be simply described as:
A PDCA framework;
An SOA.
ISO 9001:2000 is a specification for a Quality Management System (QMS). The normative part of this standard has five normative sections,
numbered 4 – 8. All of these requirements must be met in order to claim conformance with the standard, save for section 7 (Product Realisation),
where the standard states in paragraph 1.2 “Where exclusions are made, claims of conformity to this International Standard are not acceptable unless
these exclusions are limited to requirements within clause 7, an such exclusions do not affect the organisation’s ability, or responsibility, to provide
product that meets customer and applicable regulatory requirements”.
In Table 2 we relate the requirements of sections 4, 5, 6 and 8 to the PDCA framework. We treat section 7 as an SOA.
The BS 7799-2:2002 standard gives instruction on how the controls documented in BS 7799-2 Annex A are to be determined as being applicable or nonapplicable. In particular, if the control is applicable it must be justified in terms of the results of a risk assessment.
The controls listed in Section 7 of ISO 9001 may be excluded with justification. Thus, Section 7 of ISO 9001 may be treated in exactly the same manner as BS 7799-2 Annex A provided that applicable quality controls are also justified by
reference to a risk assessment. Conversely for an integrated MS, information security controls that are declared to be non-applicable should also be
justified as not applicable by reference to a risk assessment, in order to bring the two standards into line. Interestingly, this requirement was present in
BS 7799-2:1999 but was dropped in the 2002 revision.
The amalgamation of these two approaches in an integrated MS should not be seen as a disadvantage. The justification of non-applicable information security controls greatly simplifies the task of determining, given a change of threat or
business practice, whether a non-applicable control has now become applicable. The justification of Product Realisation controls by way of a reference to a risk assessment serves to remind us that, for many organisations, quality controls are not uniform across the whole organisation but are commensurate with the degree of risk involved.
For example, in the software business, a fixed price assignment with tight timescales to produce a bespoke software system has a greater risk than a
time and materials contract to supply programming staff, and the quality controls applied to management planning and reporting of the two projects would be very different.
BS 7799-2:2002 is a specification for an Information Security Management System (ISMS). It is shortly to be upgraded to the status of a full
International Standard, and published as ISO/IEC 27001. The normative part of this standard has four sections and an annex . The requirements of the four sections are associated with the PDCA cycle. The annex defines all the controls that must be considered for generating the SOA. Thus the structure of BS 7799-2:2002, as will be ISO/IEC 27001, can be simply described as:
A PDCA framework;
An SOA.
ISO 9001:2000 is a specification for a Quality Management System (QMS). The normative part of this standard has five normative sections,
numbered 4 – 8. All of these requirements must be met in order to claim conformance with the standard, save for section 7 (Product Realisation),
where the standard states in paragraph 1.2 “Where exclusions are made, claims of conformity to this International Standard are not acceptable unless
these exclusions are limited to requirements within clause 7, an such exclusions do not affect the organisation’s ability, or responsibility, to provide
product that meets customer and applicable regulatory requirements”.
In Table 2 we relate the requirements of sections 4, 5, 6 and 8 to the PDCA framework. We treat section 7 as an SOA.
The BS 7799-2:2002 standard gives instruction on how the controls documented in BS 7799-2 Annex A are to be determined as being applicable or nonapplicable. In particular, if the control is applicable it must be justified in terms of the results of a risk assessment.
The controls listed in Section 7 of ISO 9001 may be excluded with justification. Thus, Section 7 of ISO 9001 may be treated in exactly the same manner as BS 7799-2 Annex A provided that applicable quality controls are also justified by
reference to a risk assessment. Conversely for an integrated MS, information security controls that are declared to be non-applicable should also be
justified as not applicable by reference to a risk assessment, in order to bring the two standards into line. Interestingly, this requirement was present in
BS 7799-2:1999 but was dropped in the 2002 revision.
The amalgamation of these two approaches in an integrated MS should not be seen as a disadvantage. The justification of non-applicable information security controls greatly simplifies the task of determining, given a change of threat or
business practice, whether a non-applicable control has now become applicable. The justification of Product Realisation controls by way of a reference to a risk assessment serves to remind us that, for many organisations, quality controls are not uniform across the whole organisation but are commensurate with the degree of risk involved.
For example, in the software business, a fixed price assignment with tight timescales to produce a bespoke software system has a greater risk than a
time and materials contract to supply programming staff, and the quality controls applied to management planning and reporting of the two projects would be very different.
Improve your performance management with new version of ISO 9001
A quality management system enables you to manage your business processes effectively:
it is much more than a set of rules and procedures. When properly implemented and maintained, a QMS addresses the needs of your organisation and delivers tangible business benefits.
The new version of ISO 9001 has recently been published. One of the main aims of ISO 9001:2008 is to facilitate integration with other standards. Although there are no new requirements as such, there are some key clarifications to be taken into account.
There are three main objectives to the new standard:
Detail, clarify, improve the understanding of ISO 9001:2000 (previous version)
Improve compatibility with ISO 14001:2004 Simplify the way in which ISO 9001 can be integrated with other management system standards (such as OHSAS 18001)
There are no new requirements in the new standard:
The title, scope, and structure of the standard are unchanged
The process approach is confirmed
Compatibility with the latest revision of ISO 14001:2004 is maintained and improved upon
Preservation of the quality management principles included in ISO 9000:2000
There are five main areas to note. The relevant sections of the standard are noted in brackets.
1. A reinforcement of the notion of product conformity
2. Compatibility with other standards is evolving
3. A better understanding of outsourced processes
4. An editorial clarification of some requirements – for instance;
A reinforcement of the notion of product conformity2.3.4.
An editorial clarification of some requirements – for instance;A better understanding of outsourced processesCompatibility with other standards is evolving
• (6.4) work environment, including an explanatory note on work environment giving examples,
to help meet product conformity requirements
• (8.2.1) measurement of customer satisfaction, including a note broadening the scope beyond
satisfaction surveys to include other channels such as customer feedback5.
• (Introduction) the notion of risk
• (5.5.2) appointment of a management représentative
• (6.2.2) assessing the effectiveness of achieving compétence
• (8.5.2 et 3) assessing the effectiveness of corrective and preventive actions?
Some additional explanations regarding the requirements of the standard;An editorial clarification of some requirements – for instance;A better understanding of outsourced processesCompatibility with other standards is evolvingA reinforcement of the notion of product conformity
it is much more than a set of rules and procedures. When properly implemented and maintained, a QMS addresses the needs of your organisation and delivers tangible business benefits.
The new version of ISO 9001 has recently been published. One of the main aims of ISO 9001:2008 is to facilitate integration with other standards. Although there are no new requirements as such, there are some key clarifications to be taken into account.
There are three main objectives to the new standard:
Detail, clarify, improve the understanding of ISO 9001:2000 (previous version)
Improve compatibility with ISO 14001:2004 Simplify the way in which ISO 9001 can be integrated with other management system standards (such as OHSAS 18001)
There are no new requirements in the new standard:
The title, scope, and structure of the standard are unchanged
The process approach is confirmed
Compatibility with the latest revision of ISO 14001:2004 is maintained and improved upon
Preservation of the quality management principles included in ISO 9000:2000
There are five main areas to note. The relevant sections of the standard are noted in brackets.
1. A reinforcement of the notion of product conformity
2. Compatibility with other standards is evolving
3. A better understanding of outsourced processes
4. An editorial clarification of some requirements – for instance;
A reinforcement of the notion of product conformity2.3.4.
An editorial clarification of some requirements – for instance;A better understanding of outsourced processesCompatibility with other standards is evolving
• (6.4) work environment, including an explanatory note on work environment giving examples,
to help meet product conformity requirements
• (8.2.1) measurement of customer satisfaction, including a note broadening the scope beyond
satisfaction surveys to include other channels such as customer feedback5.
• (Introduction) the notion of risk
• (5.5.2) appointment of a management représentative
• (6.2.2) assessing the effectiveness of achieving compétence
• (8.5.2 et 3) assessing the effectiveness of corrective and preventive actions?
Some additional explanations regarding the requirements of the standard;An editorial clarification of some requirements – for instance;A better understanding of outsourced processesCompatibility with other standards is evolvingA reinforcement of the notion of product conformity
Tuesday, September 29, 2009
Demonstrating conformity with ISO 9001:2008
Demonstrating conformity with ISO 9001:2008
For organizations wishing to demonstrate conformity with the requirements of ISO 9001:2008, for the purposes of certification/registration, contractual, or other reasons, it is important to remember the need to provide evidence of the effective implementation of the QMS.
Organizations may be able to demonstrate conformity without the need for extensive documentation.
To claim conformity with ISO 9001:2008, the organization has to be able to provide objective evidence of the effectiveness of its processes and its quality management system. Clause 3.8.1 of ISO 9000:2005 defines “objective
evidence” as “data supporting the existence or variety of something” and notes that “objective evidence may be obtained through observation, measurement, test, or other means.”
Objective evidence does not necessarily depend on the existence of documented procedures, records or other documents, except where specifically mentioned in ISO 9001:2008. In some cases, (for example, in clause 7.1(d)
Planning of product realization, and clause 8.2.4 Monitoring and measurement of product), it is up to the organization to determine what records are necessary in order to provide this objective evidence.
Where the organization has no specific internal procedure for a particular activity, and this is not required by the standard, (for example, clause 5.6 Management Review), it is acceptable for this activity to be conducted using as a basis the relevant clause of ISO 9001:2008. In these situations, both internal and external audits may use the text of ISO 9001:2008 for conformity assessment purposes.
For organizations wishing to demonstrate conformity with the requirements of ISO 9001:2008, for the purposes of certification/registration, contractual, or other reasons, it is important to remember the need to provide evidence of the effective implementation of the QMS.
Organizations may be able to demonstrate conformity without the need for extensive documentation.
To claim conformity with ISO 9001:2008, the organization has to be able to provide objective evidence of the effectiveness of its processes and its quality management system. Clause 3.8.1 of ISO 9000:2005 defines “objective
evidence” as “data supporting the existence or variety of something” and notes that “objective evidence may be obtained through observation, measurement, test, or other means.”
Objective evidence does not necessarily depend on the existence of documented procedures, records or other documents, except where specifically mentioned in ISO 9001:2008. In some cases, (for example, in clause 7.1(d)
Planning of product realization, and clause 8.2.4 Monitoring and measurement of product), it is up to the organization to determine what records are necessary in order to provide this objective evidence.
Where the organization has no specific internal procedure for a particular activity, and this is not required by the standard, (for example, clause 5.6 Management Review), it is acceptable for this activity to be conducted using as a basis the relevant clause of ISO 9001:2008. In these situations, both internal and external audits may use the text of ISO 9001:2008 for conformity assessment purposes.
The Benefits To Integrate ISO 14001:2004 and ISO 9001:2008
The Benefits To Integrate ISO 14001:2004 and ISO 9001:2008
Reduce the time and cost of implementing the new specification by acquiring a concise, yet thorough understanding the scope of ISO 14001:2004 and key terms.
Avoid spinning your wheels by learning precisely which modifications and additions to ISO 14001:2004 require your attention for compliance with ISO 9001:2008.
Get a quick handle, through hands-on activities, on the environmental aspects of ISO 14001:2004, including how to:- Develop an environmental policy statement appropriate for your company- Integrate processes for identifying environmental aspects and impacts- Identify environmental objectives, set related targets, and establish programs for achieving results- Integrate environmental responsibilities and authorities into a management system- Outline an environmental awareness and training program- Establish environmental metrics and indicators for monitoring performance- Integrate requirements on non-conformance and corrective and preventive actions into your existing system- Understand the purpose and scope of the environmental management review- Integrate document control requirements of ISO 14001:2004 into your current system- Identify those operations that need to be controlled under EMS and identify emergency operations and contingencies that must be considered as part of EMS
Get off to a running start by learning to use a versatile prioritization matrix to identify and prioritize significant environmental aspects and impacts.
Optimize understanding and retention with the Plexus Learning Model- Multiple learning channels through lecture, coaching, group activities, innovative learning exercises and case studies.- Hands-on insights. Lecturing is minimized so learning is maximized.- Learn by doing. Connect the lessons learned to your real world by using your current circumstances as examples for activities.
Reduce the time and cost of implementing the new specification by acquiring a concise, yet thorough understanding the scope of ISO 14001:2004 and key terms.
Avoid spinning your wheels by learning precisely which modifications and additions to ISO 14001:2004 require your attention for compliance with ISO 9001:2008.
Get a quick handle, through hands-on activities, on the environmental aspects of ISO 14001:2004, including how to:- Develop an environmental policy statement appropriate for your company- Integrate processes for identifying environmental aspects and impacts- Identify environmental objectives, set related targets, and establish programs for achieving results- Integrate environmental responsibilities and authorities into a management system- Outline an environmental awareness and training program- Establish environmental metrics and indicators for monitoring performance- Integrate requirements on non-conformance and corrective and preventive actions into your existing system- Understand the purpose and scope of the environmental management review- Integrate document control requirements of ISO 14001:2004 into your current system- Identify those operations that need to be controlled under EMS and identify emergency operations and contingencies that must be considered as part of EMS
Get off to a running start by learning to use a versatile prioritization matrix to identify and prioritize significant environmental aspects and impacts.
Optimize understanding and retention with the Plexus Learning Model- Multiple learning channels through lecture, coaching, group activities, innovative learning exercises and case studies.- Hands-on insights. Lecturing is minimized so learning is maximized.- Learn by doing. Connect the lessons learned to your real world by using your current circumstances as examples for activities.
Wednesday, September 16, 2009
ISO 9000 family of standards and SMEs
ISO 9000 family of standards and SMEs
The ISO 9000 quality management system is generic in nature and applicable to all companies, regardless of the type and size of the business, including small and medium enterprises (SMEs), and they are applicable to all categories of products, whether hardware, software, processed materials or services. ISO 9001:2008 specifies what is required to be done by an organization but does not indicate how it should be done, thus giving the enterprise a lot of flexibility to run its business.
It is simple to use, clear in language and easily understandable. The new standard is also appropriate for small companies, as it does not demand the type of paper bureaucracy needed for the implementation of the 1994 version. Only six documented procedures are now required and need for other procedures/documents can be decided by the company. Companies will, however, be required to provide objective evidence that the QMS has been effectively implemented. A small company may find it appropriate to include the description of its entire QMS within a single Quality Manual, including all the documented procedures required by the standard.
The process-based approach given in the new standard will tend to ensure that systems are documented and implemented in a manner that suits a SME’s own way of doing business. This approach makes it easier for SMEs to implement, instead of just taking over an artificial structure of QMS imposed from outside. It will also be easier for SMEs managed by their owners to demonstrate “top management commitment” towards QMS. Furthermore, in a SME, it is easier to ensure effective internal communication, better utilization of resources, people clearly understanding their roles and responsibilities, etc.
The new standard has included a provision for deciding on the applicability of
certain product realization processes included in section 7 of the standard. For example, if the SME has no responsibility for the design and development of the product it provides, the SME may say so, giving the reasoning behind it, in the Quality Manual; the certification body, being satisfied that this corresponds, would then award it certification to ISO 9001:2008. Similarly, other product realization processes such as purchasing, product identification and traceability, control of measuring devices may also be excluded if these are not applicable for the type of products or services being provided by the company.
It is also possible that SMEs may not have adequate in-house expertise or there may be other constraints to perform all processes on their own. In such cases, the new standard also permits the outsourcing of any of the QMS processes, providing the company has control over such processes. The nature of this control will depend on the nature of the outsourced or subcontracted processes and the risk involved. For example, the design and development process may be subcontracted to an expert or a specialized agency, inspection/verification of goods purchased may be subcontracted to an inspection agency, internal audit of QMS can be outsourced, etc. However, overall responsibility for ensuring control on all outsourced processes as per requirements of the standard would remain with the company’s management.
The ISO 9000 quality management system is generic in nature and applicable to all companies, regardless of the type and size of the business, including small and medium enterprises (SMEs), and they are applicable to all categories of products, whether hardware, software, processed materials or services. ISO 9001:2008 specifies what is required to be done by an organization but does not indicate how it should be done, thus giving the enterprise a lot of flexibility to run its business.
It is simple to use, clear in language and easily understandable. The new standard is also appropriate for small companies, as it does not demand the type of paper bureaucracy needed for the implementation of the 1994 version. Only six documented procedures are now required and need for other procedures/documents can be decided by the company. Companies will, however, be required to provide objective evidence that the QMS has been effectively implemented. A small company may find it appropriate to include the description of its entire QMS within a single Quality Manual, including all the documented procedures required by the standard.
The process-based approach given in the new standard will tend to ensure that systems are documented and implemented in a manner that suits a SME’s own way of doing business. This approach makes it easier for SMEs to implement, instead of just taking over an artificial structure of QMS imposed from outside. It will also be easier for SMEs managed by their owners to demonstrate “top management commitment” towards QMS. Furthermore, in a SME, it is easier to ensure effective internal communication, better utilization of resources, people clearly understanding their roles and responsibilities, etc.
The new standard has included a provision for deciding on the applicability of
certain product realization processes included in section 7 of the standard. For example, if the SME has no responsibility for the design and development of the product it provides, the SME may say so, giving the reasoning behind it, in the Quality Manual; the certification body, being satisfied that this corresponds, would then award it certification to ISO 9001:2008. Similarly, other product realization processes such as purchasing, product identification and traceability, control of measuring devices may also be excluded if these are not applicable for the type of products or services being provided by the company.
It is also possible that SMEs may not have adequate in-house expertise or there may be other constraints to perform all processes on their own. In such cases, the new standard also permits the outsourcing of any of the QMS processes, providing the company has control over such processes. The nature of this control will depend on the nature of the outsourced or subcontracted processes and the risk involved. For example, the design and development process may be subcontracted to an expert or a specialized agency, inspection/verification of goods purchased may be subcontracted to an inspection agency, internal audit of QMS can be outsourced, etc. However, overall responsibility for ensuring control on all outsourced processes as per requirements of the standard would remain with the company’s management.
Costs Of Setting Up A Quality Management System
Costs Of Setting Up A Quality Management System
Common implementation costs that companies incur can be broken down into direct and indirect costs.
The direct costs include, inter alia, the following:
• hiring consultants or external trainers, if required;
• sending personnel for external training;
• acquiring relevant national and international standards of the ISO 9000 family and other related books and publications; and
• acquiring additional equipment, instruments and other resources as identified by the company.
The indirect costs include, inter alia, the following:
• time spent by the management and other staff in developing the system;
• reorganization of the processes, including improvements in the house-keeping, if required;
• external calibration charges for equipment to ensure national and/or international measurement traceability;
• organizing in-house training;
• time spent by internal auditors for periodic internal audits;
• corrective actions, including revision of manuals and procedures, if required; and
• expenditure on word-processing, stationery and other consumables required for the preparation of manuals and documenting procedures, etc.
Some factors can help to lower the above costs. They include:
• having people in the company already conversant with QMS requirements;
• having documented system-related activities such as work instructions, quality plans, procedures, etc. already in place;
• using consultants only for specific activities like gap analysis, training of
auditors, pre-assessment audits, etc., and having in-house staff oversee the remaining activities.
On the other hand, there are factors that can mean higher implementation costs for the company. For example, if your company carries out activities at different locations, or if your company is involved in product design and development, this may increase costs.
Common implementation costs that companies incur can be broken down into direct and indirect costs.
The direct costs include, inter alia, the following:
• hiring consultants or external trainers, if required;
• sending personnel for external training;
• acquiring relevant national and international standards of the ISO 9000 family and other related books and publications; and
• acquiring additional equipment, instruments and other resources as identified by the company.
The indirect costs include, inter alia, the following:
• time spent by the management and other staff in developing the system;
• reorganization of the processes, including improvements in the house-keeping, if required;
• external calibration charges for equipment to ensure national and/or international measurement traceability;
• organizing in-house training;
• time spent by internal auditors for periodic internal audits;
• corrective actions, including revision of manuals and procedures, if required; and
• expenditure on word-processing, stationery and other consumables required for the preparation of manuals and documenting procedures, etc.
Some factors can help to lower the above costs. They include:
• having people in the company already conversant with QMS requirements;
• having documented system-related activities such as work instructions, quality plans, procedures, etc. already in place;
• using consultants only for specific activities like gap analysis, training of
auditors, pre-assessment audits, etc., and having in-house staff oversee the remaining activities.
On the other hand, there are factors that can mean higher implementation costs for the company. For example, if your company carries out activities at different locations, or if your company is involved in product design and development, this may increase costs.
Benefits Of Obtaining ISO 9000 Certification
Benefits Of Obtaining ISO 9000 Certification
Implementing a quality management system brings internal benefits to most organizations, as well as opening up opportunities vis-à-vis the outside world.
Internal benefits to the company include:
• improved customer focus and process orientation within the company;
• improved management commitment and decision-making;
• better working conditions for employees;
• increased motivation of employees;
• reduced cost of internal failures (lower rates of rework, rejection, etc.) and external failures (fewer customer returns, replacements, etc.); and last but not least,
• continual improvement of the quality management system.
The following external benefits are generated:
• customers are more confident that they will receive products conforming to their requirements, which in turn results in higher customer satisfaction;
• an improved image of the company;
• more aggressive publicity, as customers can be informed of the benefits of their doing business with a company that manages the quality of its outputs;
• more confidence that the company’s products meet relevant regulatory
requirements;
• better objective evidence to defend product liability charges if such are brought by customers.
Refer http://www.iso9001-standard.us for more information.
Implementing a quality management system brings internal benefits to most organizations, as well as opening up opportunities vis-à-vis the outside world.
Internal benefits to the company include:
• improved customer focus and process orientation within the company;
• improved management commitment and decision-making;
• better working conditions for employees;
• increased motivation of employees;
• reduced cost of internal failures (lower rates of rework, rejection, etc.) and external failures (fewer customer returns, replacements, etc.); and last but not least,
• continual improvement of the quality management system.
The following external benefits are generated:
• customers are more confident that they will receive products conforming to their requirements, which in turn results in higher customer satisfaction;
• an improved image of the company;
• more aggressive publicity, as customers can be informed of the benefits of their doing business with a company that manages the quality of its outputs;
• more confidence that the company’s products meet relevant regulatory
requirements;
• better objective evidence to defend product liability charges if such are brought by customers.
Refer http://www.iso9001-standard.us for more information.
Wednesday, September 9, 2009
Summaries of changes to ISO 14001
Summaries of changes to ISO 14001
ISO 14001 year 2004 changes are consider having some effect on EMS ISO 14001, the changes require reviewing the EMS and taking action for transition (information is under control of TC 207). Considering the most relevant changes in advancing / transition to ISO 14001 2004 standard includes (an overview for transition / implementation):
Clause 4.1, Scope – requires defining the scope of the EMS (environmental management system) linking to the organizations activities, products, and services (and processes). First consider defining the scope of the EMS within the “boundaries” of products, services, activities, and processes as these relate [for ISO 9001:2000 organizations consider requirement 4.1, and organizations implementing ISO 14001 may be helpful reading ISO 9001:2000 clause 4.1]. The previous indicates an overview on how the EMS fulfills ISO 14001 2004 [some thoughts are internal auditing, management system review providing that these link].
Clause 4.2, Policy – The scope of the EMS and its policy must be consistent. The requirements for the policy remains about the same, now explicitly indicating that must be developed by top management, and other explicit terms in tune with the 1996 version.
Clause 4.3.1, Environmental Aspects Identification – Changes involve in assisting to clarifying statements from 1996 version and the change of the “or” for “and” (within the scope of the EMS); “… products and services…” Control and influence are now mutually exclusive, whilst introducing planned and new developments… new and modified activities… Considering identifying significant aspects must occur from development, implementation, and maintaining the EMS (see 4.1). Information on environmental aspects needs be in documentation format.
To a more assertive statement, “… over which it can be expected to have…” changes to the following “…those which it can influence.”
Clause 4.3.2, Legal and Other Requirements – The wording changes to “legal” in better addressing context to different world regions. Consideration must be given with changes to clause 4.1, for development, implementation, and maintaining the EMS.
Clause 4.3.3 – No significant change.
Clause 4.3.4 – No significant change.
Clause 4.4.1 , Resources, Roles, Responsibility and Authority, please note that this is a new title. This title reflects the importance and relevancy of each term to the EMS. Some minor wording changes include from “…provide…” to “…ensure the availability…” Do not forget that this will require reviewing auditing, planning, and responding to emergencies.
Clause 4.4.2, Competence, Training and Awareness – Whilst using the same
terms in the title notice the change in sequence. This change reflects the expected order of importance of the terms-subjects. Also consider that introduces a new phrase that broadens the individuals within an EMS; “…persons working for, or on behalf of …” Combining these previous two sentences, provides for the organization to include not only relevancy to significant environmental aspects but as well extending to those working for or in behalf of the organization . (Note: also consider that training provider and supporting services are inclusive to 4.4.6).
Clause 4.4.3, Communication – In specifically addressing the European Requirements (EMAR / EMAS), if the organization decides communicating externally the environmental aspects (environmental performance), ISO 14001:2004 address this issue. This is strictly on a volunteer globally, realizing that within the European Union is require.
Clause 4.4.4, Environmental Management System Documentation – in pursuit
of continuing compatibility with ISO 9001:2000 the term applied is “Documentation.”
Thereof, consider this clause also in the light of ISO 9001:2000 when integrating
EMS and QMS. The EMS documentation and records must be those to ascertain
objective evidence on the effectiveness of implementing the policy, planning, and
execution (including improving), control of operations, verification, and control,
improving, and reviewing the EMS.
Clause 4.4.5, Document Control – Again, changing the title and wording reflects
compatibility with ISO 9001:2000. Other than compatibility between QMS ISO
9001:2000 and EMS ISO 14001:2004 there are no significant changes.
4.4.6, Operational Control – No significant change.
4.4.7, Emergency Preparedness and Response – The structure changes by
placing some of its already content in bullets to emphasize each as pointer for the organization to address.
4.5.1, Monitoring and Measurement – Best to see new clause 4.5.2.
4.5.2, Evaluation of Legal Compliance – This is a new clause
[Note: addressing the concern of many government entities / authorities on
their responsibility on environmental and social issues and EMS ISO 14001 1996].
This is construe as the most impacting change to ISO 14001 2004 – this “new” clause brings the last paragraph of 4.5.1 as a separate clause. This clause brings the importance of periodically reviewing legal requirements / compliance under which the organization ascribes. It implies provision of records to demonstrate that this review occurs. This requires that the EMS be review to address the requirements of this “new” clause.
4.5.3, Non Conformance, Corrective and Preventive Action – Includes clarifications ascertaining that prevention (measures or potential of non conformity)and corrective action are two occurring events (which may be mutually inclusive).
Thereof, “action to eliminate the causes of potential non conformities to prevent their occurrence” can lead to changes in your EMS procedures.
4.5.4, Records – States that organizations need records to demonstrate
implementation of procedures and achieving results. These must demonstrate complying with the EMS (procedures and results). Whilst record retention times are not specifically required, record retention needs being specified (consider legal requirements and contractual agreements such that provide a demonstrable sustainable EMS).
4.5.5, Environmental Management System Audit – Whilst there are no wording changes, auditing must be reviewed in the light and effect of other changes (such as 4.5.1, 4.4.2).
4.6, Management Review – The wording provides (more direct) compatibility with ISO 9001:2000, which includes inputs and outputs for reviewing the EMS. Addition includes reviewing for improving the EMS (from target and not merely objectives).
The advent of ISO 14001:2004 shall not require additional training, unless otherwise the organization decides for a short review presentation or an “IMS” (integrated management systems,” integration of management systems such as ILO-OSH, OSH.MS, OSHAS 18001, ISO 9001 and variants with ISO 14001.) It will require reviewing the EMS by management, (perhaps a gap analysis), acting on any changes, inclusive to auditing against ISO 14001:2004 before transition.
ISO 14001 year 2004 changes are consider having some effect on EMS ISO 14001, the changes require reviewing the EMS and taking action for transition (information is under control of TC 207). Considering the most relevant changes in advancing / transition to ISO 14001 2004 standard includes (an overview for transition / implementation):
Clause 4.1, Scope – requires defining the scope of the EMS (environmental management system) linking to the organizations activities, products, and services (and processes). First consider defining the scope of the EMS within the “boundaries” of products, services, activities, and processes as these relate [for ISO 9001:2000 organizations consider requirement 4.1, and organizations implementing ISO 14001 may be helpful reading ISO 9001:2000 clause 4.1]. The previous indicates an overview on how the EMS fulfills ISO 14001 2004 [some thoughts are internal auditing, management system review providing that these link].
Clause 4.2, Policy – The scope of the EMS and its policy must be consistent. The requirements for the policy remains about the same, now explicitly indicating that must be developed by top management, and other explicit terms in tune with the 1996 version.
Clause 4.3.1, Environmental Aspects Identification – Changes involve in assisting to clarifying statements from 1996 version and the change of the “or” for “and” (within the scope of the EMS); “… products and services…” Control and influence are now mutually exclusive, whilst introducing planned and new developments… new and modified activities… Considering identifying significant aspects must occur from development, implementation, and maintaining the EMS (see 4.1). Information on environmental aspects needs be in documentation format.
To a more assertive statement, “… over which it can be expected to have…” changes to the following “…those which it can influence.”
Clause 4.3.2, Legal and Other Requirements – The wording changes to “legal” in better addressing context to different world regions. Consideration must be given with changes to clause 4.1, for development, implementation, and maintaining the EMS.
Clause 4.3.3 – No significant change.
Clause 4.3.4 – No significant change.
Clause 4.4.1 , Resources, Roles, Responsibility and Authority, please note that this is a new title. This title reflects the importance and relevancy of each term to the EMS. Some minor wording changes include from “…provide…” to “…ensure the availability…” Do not forget that this will require reviewing auditing, planning, and responding to emergencies.
Clause 4.4.2, Competence, Training and Awareness – Whilst using the same
terms in the title notice the change in sequence. This change reflects the expected order of importance of the terms-subjects. Also consider that introduces a new phrase that broadens the individuals within an EMS; “…persons working for, or on behalf of …” Combining these previous two sentences, provides for the organization to include not only relevancy to significant environmental aspects but as well extending to those working for or in behalf of the organization . (Note: also consider that training provider and supporting services are inclusive to 4.4.6).
Clause 4.4.3, Communication – In specifically addressing the European Requirements (EMAR / EMAS), if the organization decides communicating externally the environmental aspects (environmental performance), ISO 14001:2004 address this issue. This is strictly on a volunteer globally, realizing that within the European Union is require.
Clause 4.4.4, Environmental Management System Documentation – in pursuit
of continuing compatibility with ISO 9001:2000 the term applied is “Documentation.”
Thereof, consider this clause also in the light of ISO 9001:2000 when integrating
EMS and QMS. The EMS documentation and records must be those to ascertain
objective evidence on the effectiveness of implementing the policy, planning, and
execution (including improving), control of operations, verification, and control,
improving, and reviewing the EMS.
Clause 4.4.5, Document Control – Again, changing the title and wording reflects
compatibility with ISO 9001:2000. Other than compatibility between QMS ISO
9001:2000 and EMS ISO 14001:2004 there are no significant changes.
4.4.6, Operational Control – No significant change.
4.4.7, Emergency Preparedness and Response – The structure changes by
placing some of its already content in bullets to emphasize each as pointer for the organization to address.
4.5.1, Monitoring and Measurement – Best to see new clause 4.5.2.
4.5.2, Evaluation of Legal Compliance – This is a new clause
[Note: addressing the concern of many government entities / authorities on
their responsibility on environmental and social issues and EMS ISO 14001 1996].
This is construe as the most impacting change to ISO 14001 2004 – this “new” clause brings the last paragraph of 4.5.1 as a separate clause. This clause brings the importance of periodically reviewing legal requirements / compliance under which the organization ascribes. It implies provision of records to demonstrate that this review occurs. This requires that the EMS be review to address the requirements of this “new” clause.
4.5.3, Non Conformance, Corrective and Preventive Action – Includes clarifications ascertaining that prevention (measures or potential of non conformity)and corrective action are two occurring events (which may be mutually inclusive).
Thereof, “action to eliminate the causes of potential non conformities to prevent their occurrence” can lead to changes in your EMS procedures.
4.5.4, Records – States that organizations need records to demonstrate
implementation of procedures and achieving results. These must demonstrate complying with the EMS (procedures and results). Whilst record retention times are not specifically required, record retention needs being specified (consider legal requirements and contractual agreements such that provide a demonstrable sustainable EMS).
4.5.5, Environmental Management System Audit – Whilst there are no wording changes, auditing must be reviewed in the light and effect of other changes (such as 4.5.1, 4.4.2).
4.6, Management Review – The wording provides (more direct) compatibility with ISO 9001:2000, which includes inputs and outputs for reviewing the EMS. Addition includes reviewing for improving the EMS (from target and not merely objectives).
The advent of ISO 14001:2004 shall not require additional training, unless otherwise the organization decides for a short review presentation or an “IMS” (integrated management systems,” integration of management systems such as ILO-OSH, OSH.MS, OSHAS 18001, ISO 9001 and variants with ISO 14001.) It will require reviewing the EMS by management, (perhaps a gap analysis), acting on any changes, inclusive to auditing against ISO 14001:2004 before transition.
Friday, September 4, 2009
ISO 14001:2004 Environment Management System Audit
ISO 14001 Section 4.5.4, Environmental Management System Audits, requires that organizations establish and maintain programs and procedures to conduct periodic EMS audits. The EMS audits must determine if the EMS:
• is properly implemented and maintained
• conforms to the planned arrangements
• meets the requirements of the ISO 14001 standard.
ISO 14001 Section 4.5.4 requires the programs and procedures to define:
• audit scope
• audit frequency
• audit methodologies
• responsibilities and requirements for conducting audit
• communication of the audit results.
• is properly implemented and maintained
• conforms to the planned arrangements
• meets the requirements of the ISO 14001 standard.
ISO 14001 Section 4.5.4 requires the programs and procedures to define:
• audit scope
• audit frequency
• audit methodologies
• responsibilities and requirements for conducting audit
• communication of the audit results.
Implementing ISO 9000 Quality Management System
Implementation of ISO 9000 affects the entire organization right from the start. If pursued with total dedication, it results in ‘cultural transition’ to an atmosphere of continuous improvement.The process of implementing ISO 9000 depends on:???? The sophistication of your existing quality program,???? The size of your organization, and???? The complexity of your process.The 14 essential steps, briefly described below, are to be followed through in order to implement ISO 9000 quality management system successfully.Step 1: Top management commitmentStep 2: Establish implementation teamStep 3. Start ISO 9000 awareness programsStep 4: Provide TrainingStep 5. Conduct initial status surveyStep 6: Create a documented implementation planStep 7. Develop quality management system documentationStep 8: Document controlStep 9. ImplementationStep 10. Internal quality auditStep 11. Management reviewStep 12. Pre-assessment auditStep 13. Certification and registrationStep 14: Continual ImprovementStep 1: Top Management CommitmentThe top management (managing director or chief executive) should demonstrate a commitment and a determination to implement an ISO 9000 quality management system in the organization. Without top management commitment, no quality initiative can succeed. Top management must be convinced that registration and certification will enable the organization to demonstrate to its customers a visible commitment to quality. It should realize that a quality management system would improve overallbusiness efficiency by elimination of wasteful duplication in management system.The top management should provide evidence of its commitment to the development and implementation of the quality management system and continually improve its effectiveness by:a. Communicating to the organization the importance of meeting customer as well as statutory and regulatory requirements,b. Defining the organization’s quality policy and make this known to every employee,c. Ensuring that quality objectives are established at all levels and functions,d. Ensuring the availability of resources required for the development andimplementation of the quality management system,e. Appointing a management representative to coordinate quality management system activities, and Conducting management review.The top management should also consider actions such as:1. Leading the organization by example,2. Participating in improvement projects,3. Creating an environment that encourages the involvement of people.This type of top management commitment may be driven by:1. Direct marketplace pressure: requirements of crucial customers or parentconglomerates.2. Indirect marketplace pressure: increased quality levels and visibility among competitors.3. Growth ambitions: desire to exploit market opportunities.4. Personal belief in the value of quality as a goal and quality management systems as a means of reaching that goal.The top management should identify the goals to be achieved through the quality management system. Typical goals may be:• Be more efficient and profitable• Produce products and services that consistently meet customers’ needs andexpectations• Achieve customers satisfaction• Increase market share• Improve communications and morale in the organization• Reduce costs and liabilities• Increase confidence in the production systemStep 2. Establish Implementation TeamISO 9000 is implemented by people. The first phase of implementation calls for the commitment of top management – the CEO and perhaps a handful of other key people.The next step is to establish implementation team and appoint a ManagementRepresentative (MR) as its coordinator to plan and oversee implementation. Its members should include representatives of all functions of the organization -Marketing, Design and development, Planning, Production, Quality control, etc.In the context of the standard, the MR is the person within the Organization who acts as interface between organization management and the ISO 9000 registrar. His role is, in fact, much broader than that. The MR should also act as the organization’s “quality management system champion,” and must be a person with:
1. Total backing from the CEO,2. Genuine and passionate commitment to quality in general and the ISO 9000 qualitymanagement system in particular,3. The dignity – resulting from rank, seniority, or both – to influence managers and others of all levels and functions,4. Detailed knowledge of quality methods in general and ISO 9000 in particular.The members of the implementation team should also be trained on ISO 9000 quality management systems by a professional training organization.
Step 3. Start ISO 9000 Awareness ProgramsISO 9000 awareness programs should be conducted to communicate to theemployees the aim of the ISO 9000 quality management system; the advantage it offers to employees, customers and the organization; how it will work; and their roles and responsibilities within the system. Suppliers of materials and components should also participate in these programs.The awareness program should emphasize the benefits that the organization expects to realize through its ISO 9000 quality management system. The program should also stress the higher levels of participation and self-direction that the quality management system renders to employees. Such a focus will go far to enlist employee support and commitment.The programs could be run either by the implementation team or by experts hired to talk to different levels of employees.Step 4. Provide TrainingSince the ISO 9000 quality management system affects all the areas and all personnel in the organization, training programs should be structured for different categories of employees – senior managers, middle-level managers, supervisors and workers. The ISO 9000 implementation plan should make provision for this training. The training should cover the basic concepts of quality management systems and the standard and their overall impact on the strategic goals of the organization, the changed processes, and the likely work culture implications of the system. In addition, initial training mayalso be necessary on writing quality manuals, procedures and work instruction; auditing principles; techniques of laboratory management; calibration; testing procedures, etc.When in-house capacity to carry out such training is not available, it may be necessary to participate in external training courses run by professional training organizations.Alternatively, an external training institution could be invited to conduct in-house training courses.
Step 5. Conduct Initial Status SurveyISO 9000 does not require duplication of effort or redundant system. The goal of ISO 9000 is to create a quality management system that conforms to the standard. This does not preclude incorporating, adapting, and adding onto quality programs already in place. So the next step in the implementation process is to compare the organization’s existing quality management system, if there is one — with the requirements of thestandard (ISO 9001:2008).For this purpose, an organization flow chart showing how information actually flows (not what should be done) from order placement by the customer to delivery to this customer should be drawn up. From this over-all flow chart, a flow chart of activities in each department should be prepared.With the aid of the flow charts, a record of existing quality management system should be established. A significant number of written procedures may already be in place.Unless they are very much out of date, these documents should not be discarded.Rather, they should be incorporated into the new quality management system.Documents requiring modification or elaboration should be identified and listed. Thisexercise is some times referred to as ” gap analysis”. During these review processes,wide consultation with executives and representatives of various unions andassociations within the organization is required to enlist their active cooperation.In the review process, documents should be collected, studied and registered for further use, possibly after they have been revised. Before developing new quality management system documentation, you need to consider with which quality requirements or department you should start. The best is to select an area where processes are fairly well organized, running effectively and functioning satisfactorily.The basic approach is to determine and record how a process is currently carried out.We can do this by identifying the people involved and obtaining information from them during individual interviews. Unfortunately, it often happens that different people will give different, contradicting versions of a process. Each one may refer to oral instructions that are not accurate or clear. This is why the facts are often not described correctly the first time around, and have to be revised several times.Once it has been agreed how to describe the current process, this process has to be adapted, supplemented and implemented according to the requirements of the quality standard (ISO 9001:2008). This requires organizational arrangements, the drawing up of additional documents and possible removal of existing documentation (e.g. procedures, inspection/test plans, inspection/test instructions) and records (e.g.inspection/test reports, inspection/test certificates).In introducing a quality management system, the emphasis is on the improvement of the existing processes or the re-organization of processes.In general, the steps to follow are the following:Ascertain and establish the following:What is the present operation/process? What already exists?
Analyze the relevant sections of the quality standard – ISO 9001:2000:What is actually required? If necessary, supplement and change operational arrangements in accordance with the standard, develop documents and records, and describe operations/processes:What is the desired operation/process?Figure 1: Steps in introducing a quality management systemThe above gap analysis can be done internally, if the knowledge level is there. Or aformal pre-assessment can be obtained from any one of a large number of ISO 9000consulting, implementing, and registration firms.Step 6. Create a Documented Implementation PlanOnce the organization has obtained a clear picture of how its quality management system compares with the ISO 9001:2008 standard, all non-conformances must be addressed with a documented implementation plan. Usually, the plan calls for identifying and describing processes to make the organization’s quality management system fully in compliance with the standard.The implementation plan should be thorough and specific, detailing:???? Quality documentation to be developed???? Objective of the system???? Pertinent ISO 9001:2008 section???? Person or team responsible???? Approval required???? Training required???? Resources required???? Estimated completion dateThese elements should be organized into a detailed chart, to be reviewed andapproved. The plan should define the responsibilities of different departments and personnel and set target dates for the completion of activities. Once approved, the Management Representative should control, review and update the plan as the implementation process proceeds.Typical implementation action plan is shown in Figure 2. Use ISO 10005:1995 for guidance in quality planning
Step 7. Develop Quality Management System DocumentationDocumentation is the most common area of non-conformance among organizations wishing to implement ISO 9000 quality management systems. As one company pointed out: “When we started our implementation, we found that documentation was inadequate. Even absent, in some areas. Take calibration. Obviously it’s necessary, and obviously we do it, but it wasn’t being documented. Another area was inspection and testing. We inspect and test practically every item that leaves here, but our documentation was inadequate”.Documentation of the quality management system should include:???? Documented statements of a quality policy and quality objectives,???? A quality manual,???? Documented procedures and records required by the standard ISO 9001:2008, and???? Documents needed by the organization to ensure the effective planning, operation and control of its processes.Quality documentation is generally prepared in the three levels indicated in the box that follows. Use ISO 10013:1995 for guidance in quality documentation.
In small companies, the above levels of documentation could be presented in one manual; otherwise, separate manuals should be prepared.A list of the documents to be prepared should be drawn up and the responsibility for writing the documents should be assigned to the persons concerned in various functional departments. They should be advised to prepare the drafts within a specific time frame.Step 8: Document ControlOnce the necessary quality management system documentation has been generated, a documented system must be created to control it. Control is simply a means of managing the creation, approval, distribution, revision, storage, and disposal of the various types of documentation. Document control systems should be as simple and as easy to operate as possible — sufficient to meet ISO 9001:2008 requirements and that is all.Document control should include:???? Approval for adequacy by authorized person (s) before issue,???? Review, updating and re-approval of documents by authorized person (s),???? Identification of changes and of the revision status of documents,???? Availability of relevant versions of documents at points of use,???? Identification and control of documents of external origin,???? Assurance of legibility and identifability of documents, and???? Prevention of unintended use of obsolete documents.The principle of ISO 9000 document control is that employees should have access to the documentation and records needed to fulfil their responsibilities.Step 9. ImplementationIt is good practice to implement the quality management system being documented as the documentation is developed, although this may be more effective in larger firms. In smaller companies, the quality management system is often implemented all at once throughout the organization. Where phased implementation takes place, the effectiveness of the system in selected areas can be evaluated.It would be a good idea initially to evaluate areas where the chances of a positive evaluation are high, to maintain the confidence of both management and staff in the merits of implementing the quality management system.The implementation progress should be monitored to ensure that the qualitymanagement system is effective and conforms to the standard. These activities include internal quality audit, formal corrective action and management review.Step 10. Internal Quality AuditAs the system is being installed, its effectiveness should be checked by regular internal quality audits. Internal quality audits are conducted to verify that the installed quality management system:
???? Conform to the planned arrangements, to the requirements of the standard (ISO 9001:2008) and to the quality management system requirements established by your organization, and???? Is effectively implemented and maintained.Even after the system stabilizes and starts functioning, internal audits should be planned and performed as part of an ongoing strategy.A few staff members should be trained to carry out internal auditing. Use ISO 19011 for guidance in auditing, auditor qualification and programmes.Step 11. Management ReviewWhen the installed quality management system has been operating for three to six months, an internal audit and management review should be conducted and corrective actions implemented. The management reviews are conducted to ensure the continuing suitability, adequacy and effectiveness of the quality management system.????The review should include assessing opportunities for improvement and the need for changes to the quality management system, including the quality policy and quality objectives.The input to management review should include information on:???? Results of audits,???? Customer feed back,???? Process performance and product conformity,???? Status of preventive and corrective actions,???? Follow-up actions from previous management reviews,???? Changes that could affect the quality management system, and???? Recommendations for improvements.Management reviews should also address the pitfalls to effective implementation, including lack of CEO commitment, failure to involve everyone in the process, and failure to monitor progress and enforce deadlines.Step 12. Pre-assessment AuditWhen system deficiencies are no longer visible, it is normally time to apply for certification. However, before doing so, a pre-assessment audit should be arranged with an independent and qualified auditor. Sometimes certification bodies provide this service for a nominal charge. The pre-assessment audit would provide a degree of confidence for formally going ahead with an application for certification.Step 13. Certification and RegistrationOnce the quality management system has been in operation for a few months and has stabilized, a formal application for certification could be made to a selected certification agency. The certification agency first carries out an audit of the documents (referred to as an “adequacy audit”). If the documents conform to the requirements of the quality standard, then on-site audit is carried out. If the certification body finds the system to be working satisfactorily, it awards the organization a certificate, generallyfor a period of three years. During this three-year period, it will carry out periodic surveillance audits to ensure that the system is continuing to operate satisfactorily.Step 14: Continual ImprovementCertification to ISO 9000 should not be an end. You should continually seek to improve the effectiveness and suitability of the quality management system through the use of:???? Quality policy???? Quality objectives???? Audit results???? Analysis of data???? Corrective and preventive actions???? Management reviewISO 9004:2008 provides a methodology for continual improvement.
1. Total backing from the CEO,2. Genuine and passionate commitment to quality in general and the ISO 9000 qualitymanagement system in particular,3. The dignity – resulting from rank, seniority, or both – to influence managers and others of all levels and functions,4. Detailed knowledge of quality methods in general and ISO 9000 in particular.The members of the implementation team should also be trained on ISO 9000 quality management systems by a professional training organization.
Step 3. Start ISO 9000 Awareness ProgramsISO 9000 awareness programs should be conducted to communicate to theemployees the aim of the ISO 9000 quality management system; the advantage it offers to employees, customers and the organization; how it will work; and their roles and responsibilities within the system. Suppliers of materials and components should also participate in these programs.The awareness program should emphasize the benefits that the organization expects to realize through its ISO 9000 quality management system. The program should also stress the higher levels of participation and self-direction that the quality management system renders to employees. Such a focus will go far to enlist employee support and commitment.The programs could be run either by the implementation team or by experts hired to talk to different levels of employees.Step 4. Provide TrainingSince the ISO 9000 quality management system affects all the areas and all personnel in the organization, training programs should be structured for different categories of employees – senior managers, middle-level managers, supervisors and workers. The ISO 9000 implementation plan should make provision for this training. The training should cover the basic concepts of quality management systems and the standard and their overall impact on the strategic goals of the organization, the changed processes, and the likely work culture implications of the system. In addition, initial training mayalso be necessary on writing quality manuals, procedures and work instruction; auditing principles; techniques of laboratory management; calibration; testing procedures, etc.When in-house capacity to carry out such training is not available, it may be necessary to participate in external training courses run by professional training organizations.Alternatively, an external training institution could be invited to conduct in-house training courses.
Step 5. Conduct Initial Status SurveyISO 9000 does not require duplication of effort or redundant system. The goal of ISO 9000 is to create a quality management system that conforms to the standard. This does not preclude incorporating, adapting, and adding onto quality programs already in place. So the next step in the implementation process is to compare the organization’s existing quality management system, if there is one — with the requirements of thestandard (ISO 9001:2008).For this purpose, an organization flow chart showing how information actually flows (not what should be done) from order placement by the customer to delivery to this customer should be drawn up. From this over-all flow chart, a flow chart of activities in each department should be prepared.With the aid of the flow charts, a record of existing quality management system should be established. A significant number of written procedures may already be in place.Unless they are very much out of date, these documents should not be discarded.Rather, they should be incorporated into the new quality management system.Documents requiring modification or elaboration should be identified and listed. Thisexercise is some times referred to as ” gap analysis”. During these review processes,wide consultation with executives and representatives of various unions andassociations within the organization is required to enlist their active cooperation.In the review process, documents should be collected, studied and registered for further use, possibly after they have been revised. Before developing new quality management system documentation, you need to consider with which quality requirements or department you should start. The best is to select an area where processes are fairly well organized, running effectively and functioning satisfactorily.The basic approach is to determine and record how a process is currently carried out.We can do this by identifying the people involved and obtaining information from them during individual interviews. Unfortunately, it often happens that different people will give different, contradicting versions of a process. Each one may refer to oral instructions that are not accurate or clear. This is why the facts are often not described correctly the first time around, and have to be revised several times.Once it has been agreed how to describe the current process, this process has to be adapted, supplemented and implemented according to the requirements of the quality standard (ISO 9001:2008). This requires organizational arrangements, the drawing up of additional documents and possible removal of existing documentation (e.g. procedures, inspection/test plans, inspection/test instructions) and records (e.g.inspection/test reports, inspection/test certificates).In introducing a quality management system, the emphasis is on the improvement of the existing processes or the re-organization of processes.In general, the steps to follow are the following:Ascertain and establish the following:What is the present operation/process? What already exists?
Analyze the relevant sections of the quality standard – ISO 9001:2000:What is actually required? If necessary, supplement and change operational arrangements in accordance with the standard, develop documents and records, and describe operations/processes:What is the desired operation/process?Figure 1: Steps in introducing a quality management systemThe above gap analysis can be done internally, if the knowledge level is there. Or aformal pre-assessment can be obtained from any one of a large number of ISO 9000consulting, implementing, and registration firms.Step 6. Create a Documented Implementation PlanOnce the organization has obtained a clear picture of how its quality management system compares with the ISO 9001:2008 standard, all non-conformances must be addressed with a documented implementation plan. Usually, the plan calls for identifying and describing processes to make the organization’s quality management system fully in compliance with the standard.The implementation plan should be thorough and specific, detailing:???? Quality documentation to be developed???? Objective of the system???? Pertinent ISO 9001:2008 section???? Person or team responsible???? Approval required???? Training required???? Resources required???? Estimated completion dateThese elements should be organized into a detailed chart, to be reviewed andapproved. The plan should define the responsibilities of different departments and personnel and set target dates for the completion of activities. Once approved, the Management Representative should control, review and update the plan as the implementation process proceeds.Typical implementation action plan is shown in Figure 2. Use ISO 10005:1995 for guidance in quality planning
Step 7. Develop Quality Management System DocumentationDocumentation is the most common area of non-conformance among organizations wishing to implement ISO 9000 quality management systems. As one company pointed out: “When we started our implementation, we found that documentation was inadequate. Even absent, in some areas. Take calibration. Obviously it’s necessary, and obviously we do it, but it wasn’t being documented. Another area was inspection and testing. We inspect and test practically every item that leaves here, but our documentation was inadequate”.Documentation of the quality management system should include:???? Documented statements of a quality policy and quality objectives,???? A quality manual,???? Documented procedures and records required by the standard ISO 9001:2008, and???? Documents needed by the organization to ensure the effective planning, operation and control of its processes.Quality documentation is generally prepared in the three levels indicated in the box that follows. Use ISO 10013:1995 for guidance in quality documentation.
In small companies, the above levels of documentation could be presented in one manual; otherwise, separate manuals should be prepared.A list of the documents to be prepared should be drawn up and the responsibility for writing the documents should be assigned to the persons concerned in various functional departments. They should be advised to prepare the drafts within a specific time frame.Step 8: Document ControlOnce the necessary quality management system documentation has been generated, a documented system must be created to control it. Control is simply a means of managing the creation, approval, distribution, revision, storage, and disposal of the various types of documentation. Document control systems should be as simple and as easy to operate as possible — sufficient to meet ISO 9001:2008 requirements and that is all.Document control should include:???? Approval for adequacy by authorized person (s) before issue,???? Review, updating and re-approval of documents by authorized person (s),???? Identification of changes and of the revision status of documents,???? Availability of relevant versions of documents at points of use,???? Identification and control of documents of external origin,???? Assurance of legibility and identifability of documents, and???? Prevention of unintended use of obsolete documents.The principle of ISO 9000 document control is that employees should have access to the documentation and records needed to fulfil their responsibilities.Step 9. ImplementationIt is good practice to implement the quality management system being documented as the documentation is developed, although this may be more effective in larger firms. In smaller companies, the quality management system is often implemented all at once throughout the organization. Where phased implementation takes place, the effectiveness of the system in selected areas can be evaluated.It would be a good idea initially to evaluate areas where the chances of a positive evaluation are high, to maintain the confidence of both management and staff in the merits of implementing the quality management system.The implementation progress should be monitored to ensure that the qualitymanagement system is effective and conforms to the standard. These activities include internal quality audit, formal corrective action and management review.Step 10. Internal Quality AuditAs the system is being installed, its effectiveness should be checked by regular internal quality audits. Internal quality audits are conducted to verify that the installed quality management system:
???? Conform to the planned arrangements, to the requirements of the standard (ISO 9001:2008) and to the quality management system requirements established by your organization, and???? Is effectively implemented and maintained.Even after the system stabilizes and starts functioning, internal audits should be planned and performed as part of an ongoing strategy.A few staff members should be trained to carry out internal auditing. Use ISO 19011 for guidance in auditing, auditor qualification and programmes.Step 11. Management ReviewWhen the installed quality management system has been operating for three to six months, an internal audit and management review should be conducted and corrective actions implemented. The management reviews are conducted to ensure the continuing suitability, adequacy and effectiveness of the quality management system.????The review should include assessing opportunities for improvement and the need for changes to the quality management system, including the quality policy and quality objectives.The input to management review should include information on:???? Results of audits,???? Customer feed back,???? Process performance and product conformity,???? Status of preventive and corrective actions,???? Follow-up actions from previous management reviews,???? Changes that could affect the quality management system, and???? Recommendations for improvements.Management reviews should also address the pitfalls to effective implementation, including lack of CEO commitment, failure to involve everyone in the process, and failure to monitor progress and enforce deadlines.Step 12. Pre-assessment AuditWhen system deficiencies are no longer visible, it is normally time to apply for certification. However, before doing so, a pre-assessment audit should be arranged with an independent and qualified auditor. Sometimes certification bodies provide this service for a nominal charge. The pre-assessment audit would provide a degree of confidence for formally going ahead with an application for certification.Step 13. Certification and RegistrationOnce the quality management system has been in operation for a few months and has stabilized, a formal application for certification could be made to a selected certification agency. The certification agency first carries out an audit of the documents (referred to as an “adequacy audit”). If the documents conform to the requirements of the quality standard, then on-site audit is carried out. If the certification body finds the system to be working satisfactorily, it awards the organization a certificate, generallyfor a period of three years. During this three-year period, it will carry out periodic surveillance audits to ensure that the system is continuing to operate satisfactorily.Step 14: Continual ImprovementCertification to ISO 9000 should not be an end. You should continually seek to improve the effectiveness and suitability of the quality management system through the use of:???? Quality policy???? Quality objectives???? Audit results???? Analysis of data???? Corrective and preventive actions???? Management reviewISO 9004:2008 provides a methodology for continual improvement.
ISO 14001 Auditing and Registration
ISO 14001 Registration
A registration system has grown up around the implementation of the ISO 9000 quality management documents and has formed the basis for a similar system of registration to ISO 14001. At this writing, ISO 14001 is the only specification_ document of the ISO 14000 series and the only standard that is intended to be auditable; all of the other standards are, or will be, guidance documents.
Registrars – Globally, there are 40 – 50 or more organizations established to register organizations to ISO 14001. These registration organizations are accredited by the standards bodies in, for the most part, major industrial nations that have adopted ISO 14001 as their country’s EMS standard. In the U.S., for example, the body that accredits registrars is the ANSI-ASQ National Accreditation Board (ANAB). ANAB passes on the credentials of registrars to register organizations to ISO 14001.
ISO 14001 Audits
First-, second-, or third-party auditors can assess an organization’s conformity to the requirements of the standard. First-party Audits – In the first-party circumstance, the internal auditors of the implementing organization conduct an audit to determine that the EMS has been properly implemented and is being maintained. If the organization passes the internal audit, it may self declare_ its conformity to ISO 14001.
Second-party Audits – In the second-party circumstance, the audit is conducted by a representative of a party interested in the environmental performance of the implementing organization. The interested party_ may be a customer, an environmental regulator, an insurance company, or any other organization affected by the environmental performance of the implementing organization. The second-party audit can be a condition of doing business with the auditor’s organization.
Third-party Audits – In the third-party circumstance, an external EMS auditor conducts an audit, usually at the request of the implementing organization, to determine if the organization conforms to the requirements of ISO 14001. The third-party audit is most often for the purpose of certifying_ that the organization is in conformity with the requirements of ISO 14001.
Typically, when a registration is awarded, it is for a period of three years with a provision for the periodic conduct of surveillance_ audits to ensure continuing conformity.
A principal benefit of the third-party audit is that it compels organizations to continually maintain the EMS in order to pass the follow-up surveillance audits; without this, there might be slippage in the maintenance of ISO 14001.
It is not a requirement of implementing ISO 14001 that organizations have a registration audit conducted; this is a decision made by each organization based upon its determination of the commercial value or necessity of certifying. When an ISO 14001 EMS is intended to be audited,
the requirements must be implemented and documented sufficiently for an auditor/registrar to be
able to conduct the audit based on the finding of objective evidence that the organization has implemented an EMS conforming to ISO 14001.
Establishing objective evidence requires a higher level of documentation and record keeping than is required for mere implementation of ISO 14001. The implementation of ISO 14001 is a simpler task for the organization when it is only seeking to implement the policy and sixteen procedures than when it is implementing with the intention or expectation of being audited.
A registration system has grown up around the implementation of the ISO 9000 quality management documents and has formed the basis for a similar system of registration to ISO 14001. At this writing, ISO 14001 is the only specification_ document of the ISO 14000 series and the only standard that is intended to be auditable; all of the other standards are, or will be, guidance documents.
Registrars – Globally, there are 40 – 50 or more organizations established to register organizations to ISO 14001. These registration organizations are accredited by the standards bodies in, for the most part, major industrial nations that have adopted ISO 14001 as their country’s EMS standard. In the U.S., for example, the body that accredits registrars is the ANSI-ASQ National Accreditation Board (ANAB). ANAB passes on the credentials of registrars to register organizations to ISO 14001.
ISO 14001 Audits
First-, second-, or third-party auditors can assess an organization’s conformity to the requirements of the standard. First-party Audits – In the first-party circumstance, the internal auditors of the implementing organization conduct an audit to determine that the EMS has been properly implemented and is being maintained. If the organization passes the internal audit, it may self declare_ its conformity to ISO 14001.
Second-party Audits – In the second-party circumstance, the audit is conducted by a representative of a party interested in the environmental performance of the implementing organization. The interested party_ may be a customer, an environmental regulator, an insurance company, or any other organization affected by the environmental performance of the implementing organization. The second-party audit can be a condition of doing business with the auditor’s organization.
Third-party Audits – In the third-party circumstance, an external EMS auditor conducts an audit, usually at the request of the implementing organization, to determine if the organization conforms to the requirements of ISO 14001. The third-party audit is most often for the purpose of certifying_ that the organization is in conformity with the requirements of ISO 14001.
Typically, when a registration is awarded, it is for a period of three years with a provision for the periodic conduct of surveillance_ audits to ensure continuing conformity.
A principal benefit of the third-party audit is that it compels organizations to continually maintain the EMS in order to pass the follow-up surveillance audits; without this, there might be slippage in the maintenance of ISO 14001.
It is not a requirement of implementing ISO 14001 that organizations have a registration audit conducted; this is a decision made by each organization based upon its determination of the commercial value or necessity of certifying. When an ISO 14001 EMS is intended to be audited,
the requirements must be implemented and documented sufficiently for an auditor/registrar to be
able to conduct the audit based on the finding of objective evidence that the organization has implemented an EMS conforming to ISO 14001.
Establishing objective evidence requires a higher level of documentation and record keeping than is required for mere implementation of ISO 14001. The implementation of ISO 14001 is a simpler task for the organization when it is only seeking to implement the policy and sixteen procedures than when it is implementing with the intention or expectation of being audited.
Thursday, September 3, 2009
ISO Software - Audit Control System
ISO Software - Audit Control System
The ISO 9000 Audit Control Software were designed to handle all aspects of an internal or external audit programme, from planning audits to the follow-up of corrective actions against deficiencies found. The ISO 9000 Audit Control Software increases the accountability and efficiency of your internal/external audits by developing core processes with clearly defined audit plans, step-by-step procedures, and standardized auditor roles and responsibilities. It will help to put you to the right path toward developing a well-organized ISO 9001:2008 internal /external audit system.The ISO 9000 Audit Control Software Provides:-
Audit Schedule - maintains the audit schedule, checklist preparation and all audit info.
Track Non-Conformance – System will help to track all non-conformances found during the audit, including actions & verification.
Corrective Action Report (CAR) - Update of the corrective action.
Security: System provide User Right Control module which enable System Administrator to define the access right to authorized users and activity allowed.
The ISO 9000 Audit Control Software were designed to handle all aspects of an internal or external audit programme, from planning audits to the follow-up of corrective actions against deficiencies found. The ISO 9000 Audit Control Software increases the accountability and efficiency of your internal/external audits by developing core processes with clearly defined audit plans, step-by-step procedures, and standardized auditor roles and responsibilities. It will help to put you to the right path toward developing a well-organized ISO 9001:2008 internal /external audit system.The ISO 9000 Audit Control Software Provides:-
Audit Schedule - maintains the audit schedule, checklist preparation and all audit info.
Track Non-Conformance – System will help to track all non-conformances found during the audit, including actions & verification.
Corrective Action Report (CAR) - Update of the corrective action.
Security: System provide User Right Control module which enable System Administrator to define the access right to authorized users and activity allowed.
Scope of the ISO 9001 quality management system
The standard requires the quality manual to include the scope of the quality management system including details of justification for any exclusion.
The standard addresses activities that may not be relevant or applicable to an organization. The permissible exclusions are explained in section 1.2 of ISO 9001. Here it states that the organization may only exclude requirements that neither affect the organization’s ability, nor its responsibility to provide product that meets customer and applicable regulatory requirements. The requirements for which exclusion is permitted are limited to those in section 7 of the standard.
Under ISO 9000 :2008, it was possible for organizations to exclude functions and processes of their organization that may have been difficult to control or were not part of the order fulfilment cycle. Organizations that designed their own products but not for specific customers could escape bringing these operations into the management system. Marketing was omitted because itoperated before placement of order. Accounting, Administration, Maintenance, Publicity, Public Relations and After Sales Support functions were often omitted because there were no requirements in the standard that specifically dealt with such activities. As there is no function in an organization that does not directly or indirectly serve the satisfaction of interested parties, it is unlikely that any function or process will now be excluded from the management system.
This requirement responds to the System Approach Principle.It is sensible to describe the scope of the management system so as to ensure effective communication. The scope of the management system is one area that generates a lot of misunderstanding particularly when dealing with auditors, consultants and customers. When you claim you have a management system that meets ISO 9001 it could imply that you design, develop, install and service the products you supply, when in fact you may only be a distributor.
Why you need to justify specific exclusions is uncertain because it is more practical tojustify inclusions.
The scope of the management system is the scope of the organization. There is no longer any reason to exclude locations, activities, functions or processes for which there is no requirement in the standard. The reason is because the ISO 9000 family now serves customer satisfaction and is not limited to quality assurance as were the 1994 versions of ISO 9001, ISO 9002 and ISO 9003.
It is not appropriate to address exclusions by inserting pages in the manual corresponding to the sections of the standard and adding justification if not within the scope of the management system – such as ‘We don’t do this!’. It is much more appropriate to use an appendix as indicated previously in the manual contents list. By describing the nature of the business, you are establishing boundary conditions. If in doing so you do not mention that you design products, it will be interpreted that design is not applicable. For exclusions relative to detail requirements, the Compliance Matrix may suffice but for an unambiguous solution, it is preferable to produce an exposition that addresses each requirement of the standard.
The standard addresses activities that may not be relevant or applicable to an organization. The permissible exclusions are explained in section 1.2 of ISO 9001. Here it states that the organization may only exclude requirements that neither affect the organization’s ability, nor its responsibility to provide product that meets customer and applicable regulatory requirements. The requirements for which exclusion is permitted are limited to those in section 7 of the standard.
Under ISO 9000 :2008, it was possible for organizations to exclude functions and processes of their organization that may have been difficult to control or were not part of the order fulfilment cycle. Organizations that designed their own products but not for specific customers could escape bringing these operations into the management system. Marketing was omitted because itoperated before placement of order. Accounting, Administration, Maintenance, Publicity, Public Relations and After Sales Support functions were often omitted because there were no requirements in the standard that specifically dealt with such activities. As there is no function in an organization that does not directly or indirectly serve the satisfaction of interested parties, it is unlikely that any function or process will now be excluded from the management system.
This requirement responds to the System Approach Principle.It is sensible to describe the scope of the management system so as to ensure effective communication. The scope of the management system is one area that generates a lot of misunderstanding particularly when dealing with auditors, consultants and customers. When you claim you have a management system that meets ISO 9001 it could imply that you design, develop, install and service the products you supply, when in fact you may only be a distributor.
Why you need to justify specific exclusions is uncertain because it is more practical tojustify inclusions.
The scope of the management system is the scope of the organization. There is no longer any reason to exclude locations, activities, functions or processes for which there is no requirement in the standard. The reason is because the ISO 9000 family now serves customer satisfaction and is not limited to quality assurance as were the 1994 versions of ISO 9001, ISO 9002 and ISO 9003.
It is not appropriate to address exclusions by inserting pages in the manual corresponding to the sections of the standard and adding justification if not within the scope of the management system – such as ‘We don’t do this!’. It is much more appropriate to use an appendix as indicated previously in the manual contents list. By describing the nature of the business, you are establishing boundary conditions. If in doing so you do not mention that you design products, it will be interpreted that design is not applicable. For exclusions relative to detail requirements, the Compliance Matrix may suffice but for an unambiguous solution, it is preferable to produce an exposition that addresses each requirement of the standard.
Subscribe to:
Posts (Atom)