Embed Size (px)
DESCRIPTION
ISO 9001 explained by ASQ
Citation preview
STANDARDS
Get Your Ducks in a Row
A step-by-step guide to implementing an ISO 9001 quality managementsystem
by John Orthaber
In 50 Words or Less:
Although the ISO 9001 quality management system (QMS) has produced considerable benefits, someorganizations still don’t see the value, likely because of skepticism and lack of understanding.These guidelines and pieces of detailed information can help you successfully implement an ISO 9001 QMS.
The ISO 9001 quality management system (QMS) has been around since 1987 and is generally acknowledged toproduce some fairly significant benefits, including improved profitability, higher sales and better employee morale.
But there are still a lot of organizations reluctant to climb on the ISO 9001 QMS bandwagon. Some of this is likely dueto skepticism—the belief it will not live up to its claims—but a lot of it is simply due to a lack of understanding.Business owners are unsure how to implement the system and think the implementation process will be too costly andtoo disruptive. They don’t fully understand the system and are looking for answers.
What follows is a breakdown of the ins and outs of implementing an ISO 9001 QMS, including information on what theimplementation process entails, all types of system documentation, ways to gather and manage information, how tomake physical and administrative changes, how long an implementation takes and costs involved.
But before jumping into what the implementation process involves, read online sidebar, "What makes the ISO 9001QMS work?"
What makes the ISO 9001 QMS work?
In addition to the marketing advantages, which everyone seems to understand, there are a number of differentaspects to the ISO 9001 quality management system (QMS) that contribute to its success. Of these, three tend tostand out:
1. The documented instructions.2. The third-party audits.3. The system requirements that lead to operational improvements.
The instructions ensure the processes used for managing an organization’s basic functions are performed in the samemanner, regardless of personnel changes. They coordinate the activities of the various people responsible forimplementing any given assignment, they demand employee involvement, and they are, in effect, contracts that canbe used to hold employees accountable for their actions. They engage employees and add control and accountability.
The third-party audits add stability and sustainability. The system requires that a qualified, unbiased third-partyregistrar audit the complete system at least once every three years. Failing to correct violations cited in this audit canmean losing your registration, which, in most cases, provides a strong incentive for keeping the system active and upto date.
The internal audits, surveys and data-gathering processes identify problems and opportunities. The managementmeetings and the corrective and preventive action procedures serve to analyze and implement solutions to theseproblems and opportunities. The end result is that it is difficult not to make improvements.
It’s not surprising the ISO 9001 QMS is the most popular management program on the planet.
—J.O.
The implementation process is comprised of three discrete parts implemented concurrently: developing thedocumentation; gathering and managing the historical information used for managing the system; and implementingthe physical and administrative changes needed to meet the standard’s requirements.
System documentation
On the surface, it may seem as though developing this documentation should not be too difficult. You must have amanual that includes a policy, objectives and scope, and that explains how the quality system processes interact.Plus, you must have written instructions for:
Managing the procedures and all other system documentation.
Managing the records associated with the system procedures.Conducting internal audits.Controlling nonconforming product.Implementing corrective action.Implementing preventive action.
Section 4.2.1.d of ISO 9001:2008 also hints at the need for additional documentation. It says you should include"documents, including records, determined by the organization to be necessary to ensure effective planning,operation and control of its processes." But the standard does not define these documents, and technically— asidefrom the manual and these six instructions—anything more is optional.
The reality, however, is if you want an effective and sustainable QMS, a significant amount of additionaldocumentation is needed. The system should establish consistency and eliminate misunderstandings, which is bestfacilitated with clear and unambiguous written instructions. Policies, a pervasive part of any system, have absolutelyno value if they are not in writing. Enforcing accountability is extremely difficult if the responsibilities are not spelledout, all of which add up to a fair amount of documentation.
These documents are typically segregated into the following groups:
1. A system manual that provides background information and explains how the system works.2. An administrative procedure manual that includes the procedures and policies specifically designed to explain
how companies manage the system processes and how they intend to comply with ISO 9001 requirements.These are the procedures and policies used to manage administrative processes, such as marketing, HR,quality control, infrastructure, purchasing, engineering and design, inventory control and planning.
3. An operating manual that includes instructions addressing the job-specific manufacturing and service-relatedactivities, such as production, construction, repair and assembly operations.
4. Reference documentation or documents—such as industry standards, equipment maintenance manuals,corporate auditing guidelines and employee policies—that define practices, procedures or performance criterianot covered by the other documents. These can be generated either externally or internally.
Rules for developing this system documentation, item by item follow:
1. The system manual
Give auditors more than they ask for, because the manual sets the stage for the registration process. It is theauditing process starting point, and it should explain what the organization is trying to accomplish, how the qualitysystem works and how the quality system is controlled.
The standard requires brief descriptions of the operation, quality policy, goals and objectives, and system scope, aswell as explanations of the processes used to frame the system and how these processes interact. In addition, themanual is the best place to explain how the system is structured, who manages it and how it’s managed. It is not theplace for any procedures.
2. Administrative procedure manual
Include only administrative processes in the administrative procedure manual, but make sure to include theprocesses important to managing your operation, not just the ones the standard requires. Keep in mind the standarddoes not claim to be all inclusive. For instance, it says little about inventory control, but this is a major concern formost manufacturing companies, and the process for managing inventories is a logical addition to the QMS.
The same can be said for product costs. It is difficult to develop the cost of quality if you don’t establish product costs.Nor is there anything in the standard for managing environmental, safety or financial activities, all of which may havea significant impact on the way you run your organization.
Organize the administrative procedure manual while paying attention to your administrative processes—for example,marketing, HR, quality control and purchasing—whereby the processes become the chapter titles.
The procedures, forms and other documents used to support the procedures comprise the chapter content. Thechapters may include any number of different procedures. For example, the chapter on HR may include individualprocedures for hiring, training and evaluating employees.
A common mistake is to try to format the administrative procedure manual along the lines of the standard. Besidesbeing difficult and unnecessary, this destroys the personalized character of the system and shifts the focus away fromconditions unique to your operation. It would be highly unusual if your processes were identical to those used in thestandard.
The better approach is to build a system based on your organization’s needs and worry about whether all thestandard requirements are accounted for when you are done. There is no value in trying to match your instructionnumbers to those used for identifying the requirements in the standard.
Systems fail when the procedures are incomplete or difficult to read. The procedures should include a purpose,
y p p p p p ,policies relevant to the purpose, an explanation of why things are done the way they are done and explanations ofhow things are done. They should be written to the comprehension level of the employees using them and shouldleave absolutely no doubt about who is accountable for the assigned responsibilities.
Use flowcharts and process maps with discretion. They are not the panacea some seem to think. The first drawbackto using flowcharts and process maps is that the majority of employees in most manufacturing operations do notknow how to read them.
One of my cardinal rules for writing administrative instructions is that everybody should be capable of reading andunderstanding all the instructions. Some of the best ideas come from people who are not actively involved with theinstruction. It is a mistake to sacrifice their input by confusing them with something they can’t read.
Second, the primary purpose of flowcharts and process maps is to identify the process activities flow. They do notshow the record creation and trail, and they do not identify responsibilities or the responsibilities’ hand-off, both ofwhich are critical to developing effective instructions.
Start the implementation process by thinking through and documenting the administrative instructions. Whendocumentation is done last, the tendency is to document what you do.
The better approach is to determine what you should do, put it in writing and then do what you say. This meansthinking through and documenting the procedural changes before implementing the physical and administrativechanges. The management system implementation process is an excellent opportunity to make some improvements.
3. Operating manuals
Too many companies generate too much unnecessary documentation. The key to developing operating manuals is tounderstand the balance between training and documentation requirements, and know how much information isneeded.
The standard requires employers to provide employees with the information needed to correctly perform theirassigned responsibilities. Proof of this is through documentation showing they have been given written instructions orthrough training records.
Written operating instructions are valuable because they make it easier to hold employees accountable for theiractions. From that standpoint, it is necessary to document only those aspects of an operation that are subject toerror, misinterpretation or misunderstanding. This normally can be done with minimal effort and without a great dealof detail. The information can usually be gleaned from past mistakes, employee comments and common sense.
It’s always easier to add to steps than to simplify lengthy, complex instructions. The average employee rarely readslengthy, detailed instructions, and instructions of this nature almost never get revised.
4. Reference documentation
Reference documents come in many different shapes and sizes. There can be multiple copies of any given documentscattered throughout an organization. Some documents are subject to frequent revisions. To ensure the proper use ofthese documents, the system must include instructions for identifying, assigning, upgrading and maintaining locationcontrol.
More considerations
In addition to breaking down the four types of documentation, there are a few other things to consider.
No two organizations have the same goals and objectives or do things exactly the same way. This means there arealways some differences between organizations’ procedures and policies. It also means off-the-shelf documentationthat solves all your needs doesn’t exist.
The challenge in developing the documentation is to minimize the effort without sacrificing value. The best way toaccomplish this is to find well-formatted documentation examples, then to alter the content to fit your situation and fillin the missing parts. Ask your consultant for help or check the internet for assistance.
Templates can be helpful, but they tend to work with only those requirements that lend themselves to genericsolutions. Even then, a generic solution may not be the best solution for your situation. Most do not take intoconsideration the related policies, and it is highly unlikely they will include explanations that are relevant to youroperation’s unique conditions.
Gathering, managing information
The standard says records shall be maintained in the case of management review meeting minutes (5.6.1);education, training, skills and experience (6.2.2); product validation and verification (7.1.d); inputs for product design
and development (7.3.2); and calibration records (7.6).
In addition, the compliance auditors will require evidence of conformity to all the requirements included in thestandard. This means you must be able to give the auditors either physical evidence or documented records. In manycases, records are the preferred and, sometimes, the only option.
These records—the historical data used to manage the various system processes—confirm the quality system iscontrolled, customer requirements are understood, audits are conducted, customers are heard, problems are foundand corrected, nonconforming goods are managed, suppliers are performing, products are traceable, and incominggoods are inspected.
The method of managing these records is generally some combination of a file management program, database files—such as Microsoft Access—and hard-copy files, such as binders and file folders.
Each record management method has advantages and disadvantages. File management programs—which typicallycost more than $1,000—are typically tamper-proof and can handle a large volume of information (for moreinformation on the costs involved in implementing an ISO 9001 QMS, see online sidebar, "How much will it cost?").
How much will it cost?
Almost all the costs of implementing ISO 9001fall into one of the following categories:
Registration costs: Registrars are free to set their own rates, which are generally predicated on a daily rate perperson, plus expenses. This means the cost is dependent on the registrar and the registrar’s location.
Implementation is a two-audit process: a desk audit and a compliance audit, which means at least two trips. If thesystem is complex, the compliance audit may require more than one auditor. Most organizations feel lucky to getaway with anything less than $2,000 per trip and a total first-time registration fee of less than $5,000. Implementationregistration is a one-time event, but keep in mind the system has to be reregistered annually.
Consulting fees and expenses: The cost and the quality of these services can vary widely. In addition to providingadvice, consultants can prepare the documentation, provide database files for managing system information andperform some of the training.
The majority bill their services against measurable deliverables—for example, gap analysis completion, manualcompletion and progress payments against the administrative procedures.
Writing the administrative procedures is normally the most difficult and most expensive part of the project.Organizations with the time and resources to write their own procedures can usually save some money.
Training: There are two types of training costs to consider: auditor training and job-performance training. Dependingon whether the performance training is needed to meet a requirement in the standard or simply for enhancementpurposes, it may be possible to defer some of these costs until after the registration process is complete.
If you don’t already have a certified internal lead auditor on the payroll, however, the auditor training cost isunavoidable and will likely cost somewhere between $1,200 and $1,900. Organizations requiring several internalauditors can sometimes save by qualifying a staff person to train new auditors.
Internal labor: While consultants can provide advice, prepare some of the documentation and help conduct surveys,the customer is almost always responsible for collecting and managing the system records, writing the operatinginstructions, conducting internal audits, and implementing the administrative and operational changes.
The amount of internal labor needed is normally based on the organization’s size and nature. The bigger and morecomplex the organization, the more internal labor needed.
The standard requires appointing an ISO 9001 representative, who must be a staff member who reports directly tothe person in charge of the organization on all matters relating to the management of the system. It normally is apart-time job for most small and mid-size organizations.
Incidental expenses:With some exceptions, the incidental expenses associated with implementing an ISO 9001system are minimal. They typically include office supplies, inexpensive software, signs and banners, andhousekeeping supplies. Some exceptions include expensive software, computers and communication networking, andlayout changes needed to accommodate material management and housekeeping requirements. —J.O.
The file management programs are designed to be paperless systems. Assignments, authorization levels, and recordadditions and revisions are keyed into the program, which, under certain conditions, triggers action commands thatare communicated via e-mail.
While a few programs are tailored to primarily manage ISO 9001 records, most are universal in nature and designedto manage all types of records. This means the user is responsible for developing the forms and reports needed tomanage specific types of records.
Database files are more flexible, easier to manage and less expensive. Some can be purchased for less than $100.You can develop your own or purchase files that are programmed to deal with specific types of records, includingcalibration, training, purchasing, auditing and maintenance. Files designed for conducting customer and personnelsurveys are also available. Some can be downloaded from the internet, while others are available on CD.
While almost everyone ends up with some hard-copy records—for example, documents that can’t be scanned, containsignatures or are available to all employees—building a record-keeping policy completely based on paper documentsis risky, even for small companies.
It’s too easy to misplace documents that move from one person to the next, and it is difficult to manage informationthat is located in various files and different offices and that is assigned to different people. Responsibilities changehands, and individuals tend to change the way information is gathered and filed.
Manual record-keeping frequently results in unnecessary duplication—for example, sales using a different customerlist than the person tracking customer complaints. It also makes it difficult to gather, analyze and disseminateinformation. File cabinets are not as accessible as computers and do not have the sorting, reporting, linking andanalyzing capabilities database files have.
Physical, administrative changes
The final component is implementing administrative and physical changes needed to comply with the standard’srequirements.
If the standard requires them, the changes must be implemented before the system can be registered. If they areunique to your operation and not cited in the standard—even if they may be no less important to running yourbusiness—implementing the changes prior to registration is not mandatory.
Some of the changes for specific departments include:
Top management:
Identify the processes needed to achieve the organizational goals and determine how these processes interact.Develop an organizational policy and organizational objectives.Establish the key indicators needed to measure performance against the objectives.Ensure the resources needed to manage the system are available.Conduct at least one management review meeting per the conditions outlined in ISO 9001.Communicate system developments to all employees.Demonstrate that the key performance indicators are measured, evaluated and communicated.Ensure the administrative systems are safe and secure.
ISO 9001 representative:
Ensure the system documentation is sound and current, and that changes to the system are approved beforethey are implemented.Ensure relevant versions of applicable documents are available at points of use.Ensure the auditors are adequately trained.Develop an audit schedule, and conduct audits of all system procedures.Demonstrate that the corrective and preventive action processes are working.
HR:
Verify that all employees have a basic understanding of the ISO 9001 system.Establish qualification criteria for all the administrative and operational job functions.Prove that all employees, including top-level executives, meet their job function qualifications.Establish a training program for developing employee skills.
Purchasing:
Demonstrate that all primary vendors are qualified and that their performance is routinely evaluated.Prove material specifications are verified before they are released to vendors.
Sales, customer service:
Demonstrate that customer feedback, including complaints, is gathered and analyzed.Prove that processing capabilities are reviewed before orders for new products are confirmed.
Engineering:
Demonstrate that the information released to production is current, accurate and complies with customerrequirements.Show that product changes affecting form, fit or function are implemented with customer approval.Demonstrate that the critical performance characteristics are verified and validated before product changes or
new products are released to the market.
Planning:
Demonstrate that the capacity to make the product or provide the service in accordance with the order’s termsis available.Prove that you provided the personnel responsible for making the products or providing the services with theinformation needed to fulfill the order’s terms.
Production:
Establish a calibration program that complies with the standard’s requirements.Demonstrate that machinery capabilities have been validated.Prove that nonconforming materials are not mixed with conforming materials.Confirm that shipments comply with customer requirements.Prove that incoming materials comply with purchase specifications.Demonstrate how materials with a limited shelf life are managed.
While system documentation and information management are the paperwork part of the system, these physical andadministrative changes are the action part; they represent the part of the implementation process that makes thesystem work. It’s the part in which you ensure employees are actually complying with the standard’s requirementsand create the infrastructure that allows them to do what they need to do.
How long will it take?
The implementation process is typically less complicated and goes faster in small and mid-size companies. Ten to 14months is typical for the average mid-size manufacturing company, which is loosely defined as 50 to 300 employees.Anything longer is an indication something is wrong.
Under ideal conditions, it may be possible to register a small organization in as few as six months. Some controllingfactors are the nature of the approach, available resources, having the right people in the right places and the extentof upper management’s commitment.
It is reasonable to expect that under normal conditions, large companies should be able to implement a system inless than two years. They can frequently do it a lot faster than that; it depends on the complexity of the business andnumber of divisions and locations.
In many cases, the implementation process can be sped up by independently registering individual parts of theorganization, including locations, divisions or even departments. This breaks the task down into smaller, more easilydefinable parts and allows an organization to work on more than one part at a time. It also makes it possible to putoff implementing the parts you are not yet ready to tackle while still acquiring certification on other parts.
Staying on schedule largely depends on how much implementation experience you have. The standard contains 52different compliance requirements, which, in turn, include about 135 "shall statements." With some exceptions—regardless of the size of the organization or nature of the business—you must comply with all of them.
In a nutshell
The secrets to successfully implementing an ISO 9001 QMS are understanding the scope of the project, having theright attitude, developing an implementation plan, understanding how to write and organize the administrativeprocedures, and having a good adviser.
Attitudes are contagious. If leaders and managers are not perceived as approaching the project with positiveattitudes, the feeling will filter down to the employees responsible for implementing the system and, ultimately, to allthe employees. This makes the implementation process more difficult and diminishes the system’s quality.
A written implementation plan establishes the starting and ending points, and defines the benchmark activities. It’swhat keeps the project on track.
The administrative procedures are a reflection of the organization’s personality. The procedures determine how theorganization complies with the standard’s requirements, create accountability and provide administrative efficiencies.Employee interest is directly related to the ability of these procedures to communicate effectively.
Finally, ISO 9001 is not a guidebook. It defines the "what" but not the "how." The "how" can sometimes involve asomewhat complex tangle of implementation activities.
Given all these considerations, implementing a system is not overly difficult or extremely expensive, and the rewardsmore than pay for the effort. Now might be a good time to climb on the bandwagon.
Bibliography
International Organization for Standardization, ISO 9001—Quality management systems—requirements, 2008.
John Orthaber is president and owner of 9000 Advisers in Middleton, TN. He earned an executive MBA from theUniversity of Memphis in Tennessee. He is a certified RABQSA lead auditor and an ASQ member.
Copyright © 2005-2008 American Society for Quality. All rights reserved.Republication or redistribution of ASQ content is expressly prohibited without the prior written consent.ASQ shall not be liable for any errors in the content, or for any actions taken in reliance thereon.
![ISO 9001-2008.ppt [Read-Only] - ASQ-1302 · ISO 9001:2008 Changes to the New ... 7.5.1 Control of Production and Service Provision ... Note removed: Reference to ISO 10011 Added Note:](https://img.pdfslide.us/doc/110x75/5b3efa3c7f8b9af46b8b9711/iso-9001-2008ppt-read-only-asq-iso-90012008-changes-to-the-new-751.jpg)
