ISO/TC176/SC2/WG18/N32t -Working Draft 2 18 February 1998 ... · ISO/TC176/SC2/WG18/N32t -Working Draft 2 18 February 1998 ISO/TC 176/SC 2/N 399 ISO 9001 Quality Assurance ISO 9004

ISO/TC176/SC2/WG18/N32t -Working Draft 2 18 February 1998 ISO/TC 176/SC 2/N 399

ISO 9001 Quality Assurance ISO 9004 Quality Management

© ISO 1998 - All rights reserved3

1 Management Responsibility 1 Management Responsibility

1.1 General 1.1 General

The organization’s management with executiveresponsibility shall define, document anddemonstrate its responsibilities, continuousinvolvement and commitment for fulfillment ofcustomer needs and requirements bya) establishing the organization’s quality policy

and quality objectives;b) establishing a quality management system as

required in this International Standard;c) ensuring the availability of necessary resources

and that all personnel concerned are fullyaware of customer needs and requirements;

d) performing management reviews.

The commitment and involvement of theorganization’s management with executiveresponsibility is crucial for developing andimplementing an effective and efficient qualitymanagement system.The management with executive responsibilityshould focus the organization on sustainedcustomer satisfaction while giving benefits to theother stakeholders.The management with executive responsibilityshould• set directions and communicate how to achieve

customer satisfaction;• define quality objectives and related targets;• provide resources;• encourage employee efforts and recognize the

relevant positive outcomes;• carry out periodic reviews of the quality

results;• develop a culture of continual improvement.•

1.2 Stakeholder needs and requirements 1.2 Stakeholder needs and requirements

For quality assurance purposes the principalstakeholder is the customer.The organization shall establish and followprocedures to identify and define customer needsand requirements with the aim to achievecustomer confidence in the provided productsand services.

Every organization has several stakeholders eachwith typical expectations and needs. Eachstakeholder expects his own benefits frompositive quality trends within the organization.The organization’s management should undertakenecessary activities to give confidence to eachstakeholder.The needs of the stakeholders should becommunicated throughout the organization.

1.3 Quality Policy 1.3 Quality Policy

The organization’s management with executiveresponsibility shall define its policy for qualityand ensure that it

The organization’s policy for quality should beconsistent with other policies within theorganization, be focused on customer satisfaction




a) includes commitment to quality for all levelsof the organization;

b) is relevant to its goals and the needs andrequirements of its customers;

c) provides a framework for setting andreviewing quality objectives;

d) is documented, communicated, understood,implemented and maintained throughout theorganization.

The quality policy shall be regularly reviewed forsuitability and effectiveness.

and take into account the needs and expectationsof all stakeholders.During development and maintenance of thequality policy the following issues should beconsidered• results from management reviews;• goals to be achieved;• evaluation of risks and opportunities;• analysis of competition and of market;• capabilities (eg human, research and

development, technology) to address key newrequirements;

• capability of its suppliers and partners.•

1.4 Quality objectives and planning 1.4 Quality objectives and planning

1.4.1 Quality objectives 1.4.1 Quality objectives

The organization’s management at relevant levelsshall establish and maintain documented qualityobjectives consistent with the organization’squality policy.

The organization’s management with executiveresponsibility should require that theorganization’s managers define and documentquality objectives for the products, processes andactivities under their responsibility. The qualityobjectives should be measurable and consistentwith other objectives within the organization. Quality objectives should at least address• customer satisfaction consistent with

applicable standards and proper businessethics;

• continuous improvement of processes;• prevention of adverse effects resulting from

the organization and its products on thesociety and the environment.

The quality objectives should be communicatedto personnel responsible for the appropriateprocesses and activities.All employees, including newly hired, part-timeand temporary employees, should understand thequality objectives and the commitment needed toachieve these objectives.




1.4.2 Quality planning 1.4.2 Quality planning

The organization’s management shall define anddocument how the quality requirements forproducts and related processes will be met.Quality planning shall be consistent with all otherrequirements of the organization’s qualitymanagement system and shall be documented in aformat to suit the organization’s operatingpractice.The organization shall give consideration to thefollowing issues, as appropriate, in meeting thespecified quality requirements:a) quality objectives and quality plans;b) allocation of specific resources,

responsibilities and authority needed;c) processes that constitute the organization’s

operating practice and which specificdocumented procedures and instructions toapply;

d) identification and acquisition of anyequipment, resources and skills that may beneeded;

e) identification of suitable verification atappropriate stages during the realization anddelivery of the product;

f) clarification of standards of acceptability forall quality requirements, including those whichcontain subjective judgment;

g) need for and preparation of quality records.

The organizations management should define anddocument how the quality objectives will be met.Included in the planning should be aresponsibility for ensuring that qualityrequirements include, as appropriate, provisionsfor safety, potential liabilities and means tominimize risks to personnel, customers and theenvironment.The quality plans may include references to theappropriate documented procedures that form anintegral part of the organization’s qualitymanagement system. They may also constituteparts of a larger overall plan.Quality planning should enable the organizationto improve its quality performance. The resultingplans should be revised regularly to reflectchanges in organizational objectives.

1.5 Quality management system 1.5 Quality management system

1.5.1 General 1.5.1 General

The organization’s management shall establish,document and maintain a quality managementsystem as a means of ensuring that productsconform to specified requirements.The quality management system shall bestructured and adapted to the organization'sparticular type of business taking into accountthe appropriate elements in this International

A quality management system is the integrationof organizational structure, procedures, processesand resources needed to achieve the establishedquality objectives and produce benefits for allstakeholders, customers, owners, employees,society and suppliers.The quality management system should functionin a manner which focuses on




Standard. • continual improvement and sustainedcustomer satisfaction;

• review of processes to assure that they areeffective and efficient;

• that the system is implemented andmaintained and is effective and efficient;

• that the products actually do satisfy customerneeds and expectations;

• that the needs of both society and theenvironment have been addressed;

• problem prevention rather than dependence ondetection after occurrence;

• the development and implementation of anappropriate quality improvement system

1.5.2 Organizational structure 1.5.2 Organizational structure

The responsibility, authority and the interrelationof personnel, including interfaces, shall be definedand documented, particularly for personnel whoneed the organizational freedom and authority to:a) initiate action to prevent the occurrence of

non-conformities relating to the product,process and quality management system;

b) identify and record problems relating to theproduct, process and quality managementsystem;

c) initiate, recommend or provide solutionsthrough designated channels;

d) verify the implementation of solutions;e) control further processing, delivery or

installation of non-conforming product untilthe deficiency or unsatisfactory condition hasbeen corrected.

In organizing a well structured and effectivequality management system, emphasis should beplaced on the identification of potential or actualquality problems and the implementation ofpreventive or corrective action.General and specific quality-relatedresponsibilities should be explicitly defined.Responsibility and authority related to eachactivity contributing to quality should be clearlyestablished.

1.5.3 Quality Manual 1.5.3 Quality Manual

The organization shall prepare a quality manualcovering the requirements of this InternationalStandard. The quality manual shall include ormake reference to the quality management systemprocedures and outline the structure of the

The primary purpose of a quality manual is tooutline the structure of a quality managementsystem serving as a reference in theimplementation and maintenance of the system.The organization is free to structure the quality




documentation used in the quality managementsystem.

management system documentation in a way thatis suitable for its business.Documented procedures should be established formaking changes, modifications, revisions oradditions to the contents of a quality manual

1.5.4 System procedures 1.5.4 System procedures

The organizations management shalla) prepare documented system procedures

consistent with the requirements of thisInternational Standard and the organization’squality policy, and

b) effectively implement the quality managementsystem and its documented procedures.

For the purposes of this International Standard,the range and detail of the procedures that formpart of the quality management system shall bedependent upon the complexity of the work, themethods used, and the skills and training neededby personnel involved in carrying out the work.Document control for system documentationshall be handled per clause 3.1.4.

All documented system procedures should bestated simply, unambiguously andunderstandably, and should specify theobjectives and performance of the variousprocesses or activities which have an impact onthe effectiveness and efficiency of the qualitymanagement system.

1.5.5 Management representative 1.5.5 Management representative

The organization's management with executiveresponsibility shall appoint a member of theorganization's own management who, irrespectiveof other responsibilities, shall have definedauthority fora) ensuring that a quality management system is

established, implemented and maintained inaccordance with the requirements in thisInternational Standard, and

b) reporting on the performance of the qualitymanagement system to the organization'smanagement for review.

The management representative should reportdirectly to the organization’s chief executiveofficer and should regularly participate inmanagement meetings where quality matters arediscussed.

1.6 Management Review 1.6 Management Review

The organization’s quality system shall bereviewed by the management with executive

The management reviews should consist of well-structured and comprehensive evaluations such as




responsibility and in addition by persons fromother appropriate management levels, at definedintervals sufficient to ensure its continuingsuitability, adequacy and effectiveness insatisfying the requirements of this InternationalStandard and the organization's quality policyand objectives.Records of such management reviews shall bedocumented.

• results from audits centered on variouselements of the quality system;

• analysis of customer satisfaction, includingcustomer feedback information;

• analysis of competition and of market;• relevance of existing quality policy and quality

objectives;• the overall effectiveness in satisfying the

guidance in this International Standard;• considerations for updating the quality

system, including the quality policy andquality objectives, in relation to changesbrought about by new technologies, qualityconcepts, market strategies, and social orenvironmental conditions;

• the need or opportunity for improvement. Observations, conclusions and recommendationsissued as a result of such review should bedocumented for necessary action.

2 RESOURCE MANAGEMENT

2 RESOURCE MANAGEMENT

2.1 General 2.1 General

Management shall provide resources needed forthe implementation and control of the qualitysystem. Resources include human resources andother resources such as information,infrastructure, work environment and financialresources.

Appropriate human and other resources (e.g.information, infrastructure, work environment andfinancial resources) essential to the implementationof an organisation's policies and the achievement ofits objectives should be defined and made available.In allocating resources, organisations can developprocedures to track the benefits as well as thecosts of their activities.

2.2 Human Resources 2.2 Human Resources

2.2.1 Deployment of Personnel 2.2.1 Deployment of Personnel

The responsibilities, authorities and functions ofpersonnel as defined by management, shall becommunicated to enable effective deployment.

Functions, responsibilities and authorities relatedto the quality system should be clearly establishedwithin the overall organisational structure. Theefficiency of the organisation depends on the




2.2.2 Training and Qualification

The organisation shall identify training needs.It shall require that all personnel whosefunction impacts upon the quality of theintended product and service, is qualified.

Documented procedures for the control ofeducation, training and qualification ofpersonnel shall be applied in order to providefor systematic development of organisationalcompetence.

effective communication of the above. 2.2.2 Training, Qualification and Awareness The qualification and competence necessary toachieve the organisation's objectives should beidentified. This should be considered in personnelselection, recruitment, training, development ofskills and ongoing education. Appropriate training relevant to the achievementof policies and objectives should be provided to allpersonnel within an organisation. Employeesshould have an appropriate knowledge base, whichincludes training in the methods and skills requiredto perform their tasks in an efficient andcompetent fashion and knowledge of the impacttheir activities can have on the efficiency ifperformed incorrectly. The organisation should also ensure thatcontractors working at the site provide evidencethat they have the requisite knowledge and skillsto perform the work in a responsible manner. Education and training is needed to ensure thatemployees have appropriate and currentknowledge of regulatory requirements, internalstandards, the organisation's policies andobjectives and work procedures. The level anddetail of training may vary according to the task. Training programmes typically have the followingelements:• identification of employee training needs;• development of a training plan to address

defined needs;• verification of conformance of training

programme to regulatory or organisationalrequirements;

• training of target employee groups;




• documentation of training received;• evaluation of training received. Top management has a key role to play in buildingawareness and motivating employees by explainingthe organisation's values and communicating itscommitment to the policies. It is the commitmentof the individual people, in the context of sharedvalues, that transforms a quality system frompaperwork into an effective process. All members of the organisation should understandand be encouraged to accept the importance ofachieving the objectives for which they areresponsible and/or accountable. They in turnshould encourage, where necessary, the othermembers of their organisation to respond in asimilar manner. Motivation to continually improve can beenhanced when employees are recognised forachieving objectives and targets and encouraged tomake suggestions that can lead to improvedperformance. (See also 2.3.3 Work environment)

2.3 OTHER RESOURCES

2.3 OTHER RESOURCES

2.3.1 Information

2.3.1 Information

Information, including data and knowledge,necessary for the quality of the intended productand service shall be defined.

Systems for control, access and protectionof such information shall be documented,implemented and maintained.

To provide for systematic control, internal andexternal information including data andknowledge should be identified relating toactivities such as:

• Contracting• Designing• Process Control• Verification and Testing• Compliance with Legislation• Protection of Intellectual Property• Managing Personnel




Note: For aspects of data control see section 3.1.4

The method for information acquisition shouldbe appropriate and facilitate accuracy andlegibility. Methods could include any or all ofthe following:

• Documentation• Electronic media• Magnetic media• Visual media In all cases, the method should be defined inassociated control plans and work instructions.Suitable training should be provided which includesunderstanding of the use and importance of theinformation.

2.3.2 Infrastructure

2.3.2 Infrastructure

The organisation shall define, document,implement, maintain, and evaluate itsinfrastructure necessary for product and servicerealisation.

Each organisation needs an infrastructure to providethe underlying foundation for its operations. Theinfrastructure may include plants, workspace,hardware, software, tools, services, standards, andfacilities, depending on the organisation’s intendedproducts and services. The reliability, availability,and maintainability of the infrastructure are vital toan organisation’s quality management program.

The organisation should define its infrastructurerequirements. These requirements should include:

The organisation’s infrastructure needs, specified interms such as functionality, performance, safety,security, availability, space, equipment, cost, timeconstraint.

• The infrastructure items selected to satisfy theorganisation’s needs, the functions that they perform,and the services that they provide.

The organisation should establish and install its




infrastructure according to the infrastructurerequirements.

The organisation should document its infrastructureconfiguration. The configuration documentationshould include, as appropriate, buildings, rooms,offices, laboratories, work areas, transport systems,equipment, storage, telecommunication systems,communication services, etc. In addition, the extentto which infrastructure elements should be keptunder configuration management should also beidentified and documented.

The organisation should define and document aninfrastructure maintenance program ensuring thatthe infrastructure continues to meet theinfrastructure requirements. The infrastructuremaintenance document should specify the type andfrequency of needed maintenance and verification ofproper operation of each infrastructure element,based on its criticality and usage. The organisationshould maintain its infrastructure according to theinfrastructure maintenance program.

The organisation should define and document aninfrastructure evaluation program. The evaluationprogram should include:

• An evaluation of the infrastructure requirements,ensuring that they address all the organisation’sinfrastructure needs.

• An evaluation of the infrastructure configuration,ensuring it meets all the infrastructure requirements.

• An evaluation of the infrastructure maintenance,ensuring that the infrastructure is maintained asneeded.

• How often and when an evaluation should be done.

2.3.3 Work Environment 2.3.3 Work Environment

The organisation shall define, document,implement, maintain and evaluate the human andphysical aspects of the work environment needed

The work environment in the organisation is acompound of human aspects and physicalaspects.




to ensure the quality of the intended product orservice.

These aspects can have influence on thecharacteristics of the product as well as on theefficiency of the organisation. The human aspects are especially important in aservice organisation, whilst physical aspects aremore important in a process industry. Human aspects: As a spur to the motivation. development,communication and performance of personnel, theorganisation should consider aspects such as:• creative work methods and opportunities for

greater involvement to realise the potential ofevery member of the organisation;

• understanding of the objectives to be achievedand how they affect quality;

• due recognition and reward for achievementand improvement;

• career planning and development;• safety rules and procedures. Physical aspects: Where they are important for the uniformity ofthe processes and the efficiency, the organisationshould consider aspects such as:• auxiliary materials and utilities (water,

compressed air, electric power, fuels,chemicals) used for processing;

• temperature, humidity, cleanliness. Based on the considerations above, theorganisation should identify, specify limits, defineverification and evaluate procedures for thoseaspects which have negative effect on the productquality, safety and efficiency of the organisation. Chances should result in revision of the pertinentprocedures. Note nn: Consideration should be given to theidentification of any aspect relevant to control




negative effects over the environment, both insideand outside the organisation’s premises. Theseaspects are covered by the environmentalmanagement standards. See ISO 14000 family.

2.3.4 Finance

It is the purpose of the financial resourcemanagement to plan and control financialresources.

Financial resource planning should includeactivities for identifying needs for and sources offinancial resources, estimating, scheduling, andallocating financial resources. The control offinancial resources should include activities forcomparing actual usage against finance plans andtaking necessary action.

The financial reporting of quality related activitiesand the quality system should be reviewed in atimely manner for improvement. The financialreporting of quality related activities should beprepared and regularly provided to and monitoredby management, and be related to other businessmeasures such as "sales", "turnover" or "addedvalue" in order to provide for a realistic,entrepreneurial:

l evaluation of the adequacy and effectivenessof the quality system,

l identification of additional areas requiringattention and improvement, and

l establishment of quality and cost objectivesfor the following period.

It is important that the effectiveness and efficiencyof a quality system be measured in financial terms.The impact of an effective and efficient qualitysystem upon the organisation’s profit and lossstatement can be highly significant, particularly by




improvement of operations, resulting in reducedlosses due to error and by making a contribution tocustomer satisfaction. Such measurement andreporting can provide a means for identifyingineffective or inefficient activities, and initiatinginternal improvement activities.

By reporting quality system activities andeffectiveness and efficiency in financial terms,management will receive the results in a commonbusiness language from all departments.

The financial approach to the process forevaluation and reporting of the quality systemshould be planned and implemented. The approachto financial reporting selected and used byparticular organisations will be dependent upontheir individual structures, their activities, and thematurity of their quality systems. There arevarious approaches to gathering, presenting andanalysing the elements of financial data. Theapproaches such as ”quality cost,” ”process-cost”and ”quality loss” have been found to be useful,but do not exclude others, or adaptations orcombinations of them. These approaches arewidely described in literature.

The elements of financial quality reports are inmany cases already available in the organisation,but in other forms. The reporting as a financialquality report to give inputs to each approachadopted can require regrouping of individualelements from other reports.

3 PROCESS MANAGEMENT

3 PROCESS MANAGEMENT

3 .1- Management Of Processes

3 .1- Management Of Processes

3.1.1 General

3.1.1 General




The organisation shall identify and manageprocesses necessary to provide assurance thatproducts and services will meet customerrequirements. .This section identifies requirements relating tothe management of processes normallyconsidered necessary to assure product or servicequality. The organisation may exclude from itsquality management system certain of theserequirements where it can be shown they are notapplicable and will not affect its ability to meetcustomer requirements. Such exclusions shall− be supported by a documented rationale that

the excluded requirement will not result in arisk to quality

− be consistent with the requirements of otherstandards, regulations etc. applicable to thesupply of their product or service

− be subject to periodic review to verify theircontinued validity.

The following text relates to responses toTG1.8.1 verification comments. It has beenincluded for background information only. ITIS NOT INTENDED THAT THIS TEXTWILL BE INCLUDED IN SUBSEQUENTDRAFTS. The use of ”products and services” waschallenged by TG 1.8.1. It has been retainedon the basis that• using ”product” in accordance with the

ISO definition creates an insurmountablebarrier to creating a document which willbe perceived as being equally relevant toall sectors.

• It enhances compatibility with ISO 14001 With respect to the paragraphs above which

The organisation should identify and managethose processes that are associated with theeffective and efficient achievement of its policy,objectives and targets. In identifying suchprocesses the needs of all the organisationsstakeholders should be considered. −




deal with auditable requirements relating to”tailoring” it is recommended that• the introduction of the standard deals with

the general concept of tailoring and ”how”it should be used

• only Section 3 should be capable of beingtailored since this should accommodate allthe differences between the currentISO9001 and 9002 and the significantmajority of the differences between thecurrent ISO9001 and 9003 particularlythose which can continue to be readilyjustified

The use of ”risk” was challenged by TG1.8.1.It has been retained on the basis that thealternative ”does not affect product quality”does not provide sufficient guarantee thattailoring will not become a licence to ignoreparts of the standard. The use of ”risk” isalso consistent with the output of TG1.3.3 3.1.2 Structure & Interaction of Processes 3.1.2 Structure & Interaction of Processes To ensure that interrelated processes worktogether effectively the organisation shall− review the activities undertaken and identify

those processes which affect the quality ofsupplied products and services

− plan the sequence and interaction of theseprocesses

− identify and implement requirements forlinkage and feedback between processes

− monitor key inputs, activities and outputs toverify that individual processes link togethereffectively

− use the results of monitoring to identifyopportunities for improvement to thestructure and interaction of quality relatedprocesses.

To ensure all processes operate as an efficientnetwork the organisation should undertake ananalysis of how all processes , inputs and outputsinterrelate. In conducting the analysis and determiningsubsequent actions particular considerationshould be given to − processes which produce outputs directly

related to customer requirements− processes which produce outputs affecting

needs of other stakeholders, for example,shareholders, employees, suppliers and society

− processes which produce outputs affecting theefficiency of other processes




..

Effectiveness and efficiency of process interactionshould be achieved by establishing− criteria for measuring process performance and

robustness− methods for verifying that interfaces between

processes operate effectively− methods to identify opportunities for time and

cost reduction within the network oforganisational processes

− feedback loops that facilitate continualimprovement across all processes

3.1.3 Responsibility and Authority 3.1.3 Responsibility and Authority To ensure clarity of allocation of responsibilitiesand authority the organisation shall define anddocument− key responsibilities for development ,

operation and control of quality relatedprocesses

− limits of authority− reporting structures and interrelations

In order that all processes in the organisation canoperate effectively, responsibilities andauthorities for action should be clear and be ableto be understood by appropriate personnel The way in which responsibilities and authorityfor processes are assigned should be compatiblewith− the organizational objectives and culture,− size of organisation, and product sector− stakeholders needs, It should reflect the need to ensure− there is clear ownership and accountability for

process performance− people have the freedom to act within their

areas of responsibility and authority− there is compatibility of accountability and

resource allocation− that lines of reporting do not impede effective

and efficient communication. The assignment of process ownership andaccountability should be subject to periodicreview to ensure that it remains appropriate tothe organizations policy and objectives.




3.1.4 Documentation and data control 3.1.4 Documentation and data control (a) Documentation required To enable quality related processes to besystematically and consistently managed theorganisation shall establish appropriatedocumentation relating to these processes. This documentation shall− include documented procedures where their

absence could adversely affect quality− stipulate information and /or operating criteria

to support the effective operation of theprocesses.

The range and detail of such documentation shallbe dependant upon the complexity of theprocess, the methods used and the skills andtraining needed by personnel involved in carryingout the activity (b) Documentation and data control The organisation shall establish and maintainprocedures for controlling all documents and datarequired for the management of processes, toensure that− they can be located;− they are periodically reviewed, revised as

necessary and approved for adequacy byauthorised personnel;

− the current versions of relevant documents areavailable at all locations where operationsessential to the effective functioning of theprocess are performed;

− obsolete documents are promptly removedfrom all points of issue and points of use, orotherwise assured against unintended use;

− any obsolete documents retained for legaland/or knowledge preservation purposes aresuitably identified

The output from the analysis outlined in 3.1.2above should be used to establish documentation(e.g. procedures ) defining inputs, key controlsand outputs for each identified process. Such documentation should establish a basis for− setting and communicating key features of the

processes− training in process responsibilities and

activities− sharing knowledge and experience in teams and

work groups− measurement and audit of process performance− review and improvement of processes The organisation should review the range anddetail of the procedures and the data collected toconfirm the continuing effectiveness andefficiency of the documented system.Consideration should be given to• whether additional procedures or data are

required for improved process efficiency• whether the existing documentation has

supported process efficiency rather thanimpose unnecessary bureaucracy

The organisation should ensure that the processprocedures and the methods of collecting andretaining data are user friendly and efficient




Documentation shall be legible, revisioncontrolled and readily identifiable, maintained inan orderly manner and retained for a specifiedperiod. Procedures and responsibilities shall beestablished and maintained concerning thecreation and modification of the various types ofdocument. c) Document and data changes Changes to documents and data required forprocess management shall be reviewed andapproved by the same functions/organisationsthat performed the original review and approval,unless specifically designated otherwise. Thedesignated functions/ organisations shall haveaccess to pertinent background information uponwhich to base their review and approval. Where practical the nature of the change shall beidentified in the document or the appropriateattachments. . 3.2 Customer (ISO 9001)

3.2 Customer (ISO 9004)

3.2.1 Identification of customer needs &expectations

3.2.1 Identification of customer needs &expectations

The organization shall establish, to the extentnecessary to ensure customer satisfaction, aprocess for identifying the requirements of theircustomers and /or market. This process shall give consideration to thefollowing− the extent to which customer needs are

formally specified− the necessity for the organisation to define

product or service requirements based on

In order to focus on achieving benefits for allstakeholders the organisation should clearlyidentify who it wishes to categorise as”customers”. In addition to those with whomthere is a contractual relationship to provide aproduct or service, consideration should be givento− users of the service or product who are not

direct customers− internal customers of the various processes

within the organisation




customer needs− implied or unstated needs which must be

addressed to ensure fitness for purpose of theproduct or service

− obligations in relation to the product orservice including warranties, liabilities andlegal compliance

− customer expectations for the availability anddelivery of the product or service

− the need to maintain confidentiality or toprotect customer data and information

− the need to create records to facilitate anyreview of customer requirements

− associated organisations− shareholders− regulators− others who perceive they have a stake in the

performance of the product The organization should have an understanding ofall ”customer” needs and expectations.Consideration should be given to the use of− market research− competitor analyses,− product and service benchmarking,− customer satisfaction surveys− customer and user needs surveys,− customer feedback.− studies of internal customer needs− studies of needs of associated companies,− monitoring of regulatory developments The organisation should consider how the”customer” needs and expectations identifiedwould be best analysed and the resultscommunicated within the organisation. Whereappropriate, identified needs and expectationsshould be documented in preliminaryspecifications as the basis for subsequentdevelopment work.

3.2.2 Review of customer needs andexpectations

3.2.2 Review of customer needs andexpectations

The output of the process for identifyingcustomer requirements shall be reviewed before acommitment to supply a product or deliver aservice is made to the customer. ( e.g. submissionof a tender or acceptance of a contract or order

This review shall ensure− the requirements are adequately defined and

documented

To promote effective decisions and actions theorganisation should undertake an analysis andreview of available data and information.. The review should deal with the needs andexpectations identified to determine− anticipated changes to customer and market

requirements




− where no written statement of requirement isavailable for an order received by verbal meansa record of the order requirements has beenestablished

− any contract or accepted order requirementsdiffering from those in their tender areresolved.

− records of the outcome of the review areretained

The above review provisions shall also beapplied to customer order amendments.

− the adequacy of existing product and servicespecifications

− potential risks to organisational performance− market perceptions of product and service

performance The output of this review should provide a basisfor establishing− development needs and opportunities− internal objectives and targets for efficient

organisational performance− inputs into business planning

3.2.3 Review of organizational capability tomeet defined needs

3.2.3 Review of organizational capability tomeet defined needs

Each commitment to supply a product or service(including accepted tenders, contracts and orders)shall be reviewed to ensure that the organizationhas the capability to meet the definedrequirements. Records of such reviews shall beretained. Before a commitment is made for the supply of anew product or service the organisation shallensure that the need for any additional resourcesand processes is considered. The organization shall identify how anyamendment to order is reviewed againstorganisational capability and the changedrequirements communicated to concernedfunctions within the organization.

The organisation should confirm its capability torespond to the needs and expectations of all itsstakeholders. A process should be established which− utilises the output of 3.2.1 and 3.2.2 above,− confirms their compatibility with the

organisations agreed objectives and− establishes action plans to remedy any

deficiencies in organisational capability. In many instances this will be conducted inrelation to a review of the continued adequacy ofthe organisations objectives and plans.

3.2.4 Customer communication 3.2.4 Customer communication The organization shall: implement effectiveliaison with customers to the extent necessary tosupport the meeting of customer requirements. In establishing its arrangements for liaison theorganisation shall give consideration to the

Effective customer communications are anessential prerequisite for maintainingorganisational objectives and actions in alignmentwith customer needs and user expectations The organisation should consider establishing




communication requirements relating to − product or service information− enquiry and order handling− receipt and processing of customer order

amendments− customer feedback on supply and delivery− customer complaints and other reports

relating to potential product nonconformities;− product recall processes, where appropriate− customer feedback on performance

channels for communication with all stakeholdersto enable timely transfer of information and wellinformed responses by all parties. In determiningcommunication needs particular attention shouldbe given to the content of 3.2.1. The organisation should ensure that informationprovided to customers and users of their productsand services enhances their reputation and futurecustomer loyalty. The information should− facilitate customers to achieve the intended

benefits for the whole of the intended period ofuse or application of the product or service

− assist users and other affected parties to avoidpotential risks associated with the product orservice

encourage feedback on product or serviceperformance, user expectations and suggestedenhancements

3.3 Process Operations

3.3 Process Operations

3.3.1 General 3.3.1 General The organisation shall define , plan and documentthose process which directly affect quality. To provide a basis for confidence in consistentand effective operation the organisation shall− define the significant process parameters that

impact on product or service characteristics I− define the methods used to control critical

process− ensure the availability of appropriate process

documentation (Ref 3.1.4.(a)) for use byrelevant personnel

− document or reference applicabledevelopment plans, quality plans or otherplanning documentation

− where appropriate, define standards and codesof practice relevant to particular processes.

Quality should be built in to all organizationalprocesses. Inadequate planning and control of anyprocess will lead to deterioration performance anda potential loss of efficiency. This requires allaspects that affect both the robustness ofprocesses and the demands that are to be made ofthe process to be considered as part of planningof process operations. Processes should be designed so that− inputs, key activities and outputs are clearly

defined and controlled− they can interact effectively where linkage is

required− they achieve the desired capability of the

process and results




− define the arrangements for measurement,monitoring, verification, recording andcontrolling to ensure that processes areoperating effectively and the resultant productmeets specified requirements.

The organisation shall give consideration to− the capability of processes to be operated and

maintained− personnel training and qualification

requirements for process activities− the facilities, equipment, materials and

software necessary to support a process

− they incorporate provision for feedback as abasis for continual improvement of bothproduct and process.

3.3.2 Design and development 3.3.2 Design and development (a) General The requirements of this section are− relevant to the design and development of all

product and service categories (i.e. hardware,software, processed materials and services)

− applicable to the design and development ofany critical process operations where theireffectiveness cannot be guaranteed by anyother means (See 3.3.4(b) below.)

The requirements need not be applied to serviceor product customisation where the operation ofthe quality planning process (1.4.2) and thecustomer processes(3.2.1 to 3.2.2) ensures thatthe required product or service is adequatelyspecified. In establishing the range and scope of applicationof design and development requirements theorganisation shall ensure compliance with Section3.1.1. The documentation required by Section 3.1.4shall be sufficient to ensure that the design anddevelopment activity− meets the requirements identified as essential

To promote the efficiency of its operations theorganisation should apply the principles ofISO9001 Section3.3.2 to the development of allits key processes whether they be product relatedprocesses or business processes. When designing processes the following should beconsidered− how processes may be able to be simplified so

as to reduce time cost and risk− the need for controls to be developed which

enable process errors to be corrected beforethey result in a loss of quality or value whetherthat loss is internal or external

− how the design of the product or serviceaffects the efficiency of the processes requiredto produce that product or service.

Systems should be developed for a feedback fromproduction and service provision processes toprovide design inputs to the product design .These inputs should be used to ensure there is thegreatest compatibility practical between theproduct design features to ensure customersatisfaction and the ease by which that productcan be produced or delivered. Consideration




for customer satisfaction− results in a product that is fit for it’s intended

application (b) Design and development planning The organisation shall prepare plans for eachdesign and development project . These plansshall describe or reference− the project objectives and expected outputs− the various stages of the design and

development process− design and development methodologies− the arrangements to ensure the disciplined and

orderly conduct of the design anddevelopment project

− key review, verification and validationactivities

The plans and associated documentation shall be− distributed to relevant personnel− regularly reviewed and updated as design and

development evolves. The design and development activities shall beassigned to qualified personnel equipped withadequate resources and appropriate information. The arrangements for communication betweendifferent groups (or individuals) involved in adesign and development project, both internaland external to the organisation, shall be defined. The respective responsibilities and lines ofreporting between such groups shall be clearlyestablished. The authority over the variousaspects of the design and development processshall be defined.

should be given to at least the following− relationships between user needs, product or

service features and the capability for troublefree operation of the processes.

− the implications for resource and materialrequirements

− potential problems of maintainability ofprocess equipment

− potential measurement problems

(c) Design and development inputs. The requirements relating to the product orservice and their intended application shall be




identified and documented. Applicable statutoryand regulatory requirements and any other inputsthat will contribute towards the realisation of thedesign and development shall also be identified. The organisation shall undertake a review toconfirm the completeness and adequacy of thedesign and development inputs. Records shall bemaintained of incomplete, ambiguous orconflicting requirements and the outcome ofsubsequent actions taken to deal with them. (d) Design and development outputs The outputs of the design and developmentprocess shall be documented and expressed in amanner that allows them to be verified againstrelevant input requirements. Design and development output shall:− meet the design and development input

requirements− contain or make reference to acceptance

criteria− identify those characteristics of the design

that are crucial to the safe and proper use andapplication of the product or service.

Design and development output documents shallbe subject to appropriate review and approvalbefore release for use. (e) Design Review At appropriate stages of design anddevelopment, a formal, systematic and criticalreview of the results so far shall be conductedby suitably qualified persons. The reviewprocess shall address, as a minimum− the adequacy of design outputs− points on which any decision is outstanding




− problem areas and potential shortcomings− any identified deficiencies in the set up of the

project or the operation of the design anddevelopment process

− actions required as a result of the review. Participants in the design review process shallinclude representatives of all functions concernedwith the design stage being reviewed. Records of the design reviews and subsequentfollow up actions shall be maintained. (f) Design and development verification. At appropriate stages of design and developmentverification shall be performed to ensure that thedesign output meets the design inputrequirements. The design verification recordsshall be maintained. Note in addition to conducting design reviews,design verification may include activities such as− comparing the new design with a similar

proven design, if available− undertaking tests and demonstrations− undertaking alternative methods of analysis− reviewing the design stage documents before

releases (g) Product and service validation Validation shall be performed to the maximumextent practical to ensure that the product orservice conforms to defined user needs and/orrequirements. Validation is necessary to confirm that theproposed end product or service is capable ofmeeting the needs of customers under anticipatedconditions. Wherever possible it shall be defined,planned and completed prior to the delivery of




the product or implementation of the service. Partial validation of the design or developmentoutputs may be necessary to provide confidencein their adequacy for use in production,construction or delivery. Such partial validationmay use methods such as− reviews involving other stakeholders− modelling and simulation studies− production, construction or delivery trials of

key aspects of the product or service. (h) Configuration management The organisation shall initiate technical andadministrative disciplines, during the design anddevelopment processes, to ensure control of thestatus and arrangement of the various elementsthat will make up or contribute to the product orservice.

The disciplines adopted shall facilitate

• the unique identification of different versionsof the designed or developed product orservice

• the identification and control of the status ofitems during the design and developmentprocess

• the control of related documentation,hardware and software

• the use of correct and accurate information byeveryone working on the product or service atany time during its life cycle

• the control of actions and changes resultingfrom modifications or change requests

• the effective communication of data andinformation relating to product or serviceconfiguration to all appropriate parties.

• provision of a basis for ensuring thecontinuing management of the configuration of




the product or service, throughout its lifecycle

The extent of controls adopted shall

• be compatible with the project size andcomplexity

• take into account the potential effect onquality arising from failures in configurationmanagement

• ensure all design and development changes areidentified, documented, reviewed andapproved by appropriate personnel beforetheir implementation.

3.3.3 Purchasing and procurement 3.3.3 Purchasing and procurement

(a) General The organisation shall establish controls overprocurement and purchasing processes. Thesecontrols shall ensure acquired products orservices which are intended for incorporationinto their own products and services facilitate theachievement of customer satisfaction (b) Supplier Selection The organisation shall− identify those purchased products or services

which have a significant effect on theorganisation’s own ability to meet customerrequirements

− evaluate and select suppliers on the basis oftheir ability to meet specified requirementsincluding any relevant quality system orquality assurance requirements;

− establish and maintain quality records ofacceptable subcontractors

− define the type and extent of control to beexercised over their various suppliers.

(a) General Quality management systems aim to achievequality by building it into the product at everystage and an extension of the purchasing andprocurement system beyond the basicrequirements can yield considerable benefits withrespect to both effectiveness and efficiency. Inthis way, it is possible to place less reliance oninspection by the organization, while at the sametime providing a high level of assurance onproduct quality. The control of purchasedproducts plays a vital part in assuring finalproduct quality. In the case of a service thepurchased item may be presented to the customerwithout further processing, and may represent themost critical element of the service. The quality system should specify an integratedset of controls which ensures that− close and long-term working relationships are

established with suppliers of critical products,− the organisation can apply its verification

resources selectively rather than achieve




The controls applicable to the various suppliersand the products or services supplied shall becompatible with− the type of product or service being supplied

and the immediacy of its impact on theeffectiveness of the organisations ownprocesses

− the impact of product or service beingsupplied on the quality of final product

− ease of checking adequacy of the suppliedproduct or service

− previously demonstrated capability andperformance of these suppliers;

− the results of quality audit or otherassessments of supplier capability, whereavailable

(c) Purchasing data Purchasing documents shall contain data clearlydescribing the product ordered, including, whereapplicable:− the type, class, grade or other precise

identification;− the title or other positive identification, and

applicable issue of specifications, drawings,process requirements, inspection instructionsand other relevant technical data, includingrequirements for approval or qualification ofproduct, procedures, process equipment andpersonnel;

− the title, number and issue of any applicablequality system standard.

The organisation shall review and approvepurchasing documents for adequacy of specifiedrequirements prior to release. (d) Verification of purchased product [

control of purchased products by inspection ortesting.

It is in the interests of both supplier andpurchaser that the ultimate goal of achievingcustomer satisfaction is attained. The organizationcan help improve the quality of purchases byassisting the supplier to develop his qualitysystem. The old confrontational approach - letthe buyer beware - should be avoided in favour ofa mutual assistance approach. A well-defined channel of communicationbetween purchaser and supplier should beestablished that ensures− quality matters can be handled and should

operate at the level of normal contact betweenthe two parties rather than at senior executivelevel only

− the overall purchasing procedure providesmechanisms for the resolution of qualityproblems or other disputes, includingagreement on the return of non-conformingproducts

− provision id made for ,regular visits to thesupplier's site, and reviews to be held betweenthe two parties.

Frequent communication is recommended,especially in the case of critical purchases, evenwhere there are no quality issues.




Where the organisation, its customer or itscustomer’s representative proposes to undertakeverification activities at the supplier’s premises,the organisation shall specify the requiredverification arrangements and the method ofproduct release in the purchasing documents orassociated documentation. . Note: Verification by the customer shall not absolvethe supplier of the responsibility to provideacceptable product, nor shall it precludesubsequent rejection by the customer 3.3.4 Control of process operations 3.3.4 Control of process operations

Production and service provision operationsshall be subject to planned arrangements andcontrols. These shall ensure a consistent level ofprocess capability which will result in themeeting of customer requirements.In determining the arrangements and controlsrequired the organisation shall give considerationto the following in addition to satisfying therequirements of 3.3.1i) the use of suitable production, installation ,

servicing and service provision equipment,and a suitable working environment .Provision shall be made for the maintenance ofsuch equipment and working environments toensure continuing process capability. Thetype and extent of such maintenance shall beconsistent with the potential risks of failing tomeet defined product requirements;

ii) the availability of criteria for workmanship,which shall be stipulated in the clearestpractical manner (e.g. written standards,representative samples or illustrations);

iii) the availability and use of appropriate

Planning for process control should include atleast the following considerations:− factors affecting the quality characteristics to

be built into each step of the process should beidentified, and control features for each ofthese should be established;

− factors affecting the efficiency of the processshould be identified and corresponding controlfeatures established;.

− measurement criteria and methodologies tosupport both of the above should beestablished

Consideration should be given to the preparationof a document which identifies all the measurablefeatures relating to both quality characteristicsand process efficiency as well as methods ofprocess control for the whole process or itsimportant parts. Such a document will contributeto examination of the effectiveness of processcontrol planning and to process quality audit. Processes should be verified as capable of




inspection, measuring and test equipment thatis capable of the necessary accuracy andprecision

iv) exercise of due care with respect to theircustomer’s property while it is under theorganisations control or while it is being usedby the organisation. Such control shall includethe verification, storage and maintenance ofcustomer supplied product provided forincorporation into the supplies or for relatedactivities. Any customer product or propertythat is lost, damaged or is otherwise found tobe unsuitable for use shall be recorded andreported to the customer;

v) where appropriate, the identification ofproduct by suitable means from receiptthough all subsequent processes;

vi) where and to the extent that traceability is adefined requirement, provision for themaintenance and recording of uniqueidentification of individual product or batches;

vii) provision of methods of handling productthat prevent damage or deterioration;

viii) the use of appropriate storage facilities toprevent damage or deterioration of productpending further processing, use or delivery;

ix) application of appropriate methods ofpreservation and segregation of product whilethe product is under the organisation’scontrol. Where product is liable todeterioration, the condition of product instock shall be assessed at appropriateintervals;

x) provision for identifying the status of productby suitable means which indicate theconformance or non-conformance of productwith regard to inspection and tests performed;

xi) provision for control of product movementand release to and from designated statuscategories and associated holding, storage and

producing in accordance with productspecifications utilizing statistical techniqueswherever appropriate and practical. Before fullscale processing commences, inherent variation ofimportant quality characteristics or processcontrol characteristics should be studied When thevariation is large compared to the specificationwidth, i.e. process capability is unsatisfactory,one of the following measures should be taken:• studying causes of variation and improving the

process;• reviewing specifications and modifying

unnecessarily strict specifications, ifappropriate;

• adopting enhanced levels of monitoring andinspection where this is the only basis forensuring minimum standards are maintained

Where increased reliance on monitoring andinspection is found to be necessary considerationshould be given to the application of theapproaches outlined in 3.2.2 above to determine ifa more efficient solution can be achieved throughthe design process.




/or segregation areas and such that onlyproduct that has passed the requiredinspection and tests ( or has been releasedunder an authorised concession) is used,dispatched or installed.

xii) control of packing, packaging and markingprocesses (including materials used) to theextent necessary to ensure conformance tospecified requirements;

xiii) protection of the quality of product afterfinal inspection and test until such times thatit is no longer the responsibility of theorganisation

b) Process Validation The organisation shall identify any processes− the results of which cannot be fully verified

by subsequent inspection and testing of theproduct or service or

− where processing deficiencies may becomeapparent only after the product is in use orthe service has been delivered.

These processes shall be subject to some form ofvalidation to demonstrate their effectiveness andacceptability. The arrangements for validation shall beidentified and recorded and shall giveconsideration to any need for− such processes to be pre-qualified− for the pre-qualification of equipment or

personnel− the use of specific procedural documentation

or records.

NOTE. Such processes requiring validation orpre-qualification of their process capability arefrequently referred to as special processes..




Records shall be maintained for qualifiedprocesses, equipment and personnel, asappropriate

3.3.5 Control of nonconformingproduct

3.3.5 Control of nonconformingproduct

a) General

The organization shall ensure that any product orservice which does not or will not conform tospecified requirements is prevented fromunintended use or installation..The arrangements for ensuring the managementof such situations until compliance withspecified requirements can be re-established shallbe specified in an appropriate documentedprocedure..Control shall provide for identification,documentation and review of the problemencountered and its extent

b) Nonconformity review and disposition

Instances of nonconformity shall be reviewedwith regard to the action to be taken. They maybe:

a) reworked or adjusted to meet the specifiedrequirements, or

b) accepted with or without correction byconcession, or

c) re - assigned for alternative applications, or

d) rejected as unsuitable.

The responsibility for review and authority forthe disposition of nonconformities shall bedefined.

a) General

All personnel within the organization,particularly those engaged in process outputverification of hardware, software, processedmaterial or services should have theresponsibility to report nonconformances at anystage of the process.The mechanism for responding tononconformances should include not onlyprovision for long term action to avoid re-occurrence but also provision for review tomonitor for re-occurrence. The person or personsresponsible for this aspect of the management ofnon-compliances, corrective action, andmonitoring should be defined. It is essential thatall nonconformances are recorded, together withdisposition, as the information will form part ofthe performance data base and provideinformation in the corrective action audit process.

b) Nonconforming product review anddisposition

Nonconforming items should be subjected toreview by designated persons to determinewhether they constitute trends or whether theyare a repetition of earlier occurrences whichshould have been prevented by the correctiveaction system. Persons carrying out the reviewshould be competent to evaluate the effects of thenonconformity and have the authority andresource to deal with recurrent problems.




When required by the contract, the proposed useor repair of nonconforming product or service(see 3.3.d.2.b) shall be reported for concession tothe customer or customer’s representative.The description of any nonconformity that hasbeen accepted, and of repairs, shall be recordedto denote the actual condition (see control ofquality records).Repaired and reworked product shall be re-inspected in accordance with the quality planand/or documented procedure requirements.

The effect of non-conformities on processefficiency should be monitored with particularemphasis on the effect of different methods ofdisposition.

3.3.6 Delivery and post delivery services

When the functionality of products may dependon servicing for maintenance or proper use of theproducts and when the supplier provides forsome or all product servicing by warrantee, bycontract or as part of the initial delivery orinstallation process, the supplier's qualitysystem shall include provisions for the types andextent of servicing provided. The followingactivities shall be considered as appropriate:- clarification of servicing responsibilities amongsupplier, distributors and users;- planning of service activities, whether carriedout by the supplier or by a separate agent;- validation of design and function of special-purpose tools or equipment for handling andservicing products after installation;- control of measuring and test equipment used infield servicing and tests;- provision and suitability of documentation,including instructions for use in dealing with thespares or parts lists, and in servicing of theproduct;- provision for adequate back-up, to includetechnical advice and support, customer personneltraining and spares or parts supply;- training of servicing personnel;




- provision of competent servicing personnel;- feedback of information that would be usefulfor improving product or servicing design.- other customer support activities.

4.0 Measurement, Analysis andImprovement

4.0 Measurement, Analysis and Improvement

4.1 Measurement and Analysis 4.1 Measurement and Analysis

4.1.1 General 4.1.1 General

The organisation shall establish and maintain ameasurement and analysis process for verifyingthe results of product, process, system andcustomer satisfaction measures to provide foreffective management and improvement of thequality system. These results, and a summaryof the results of analysis of data (see 4.1.6) shallbe an input to the management review process.

The type, location and frequency ofmeasurements shall be dependent upon theimportance of the characteristics, the level ofdelivered quality as perceived by the customer,the economics of quality, and the ease ofverification during processing.

The organisation shall revise the measurements,their location or frequency as appropriate, basedupon an analysis of the occurrence ofnonconforming product and/or service asperceived by the customer, or as discoveredthrough in-process, final inspection or productaudit. Measurements, including revisions, shallbe approved by authorised personnel, andrecorded on the appropriate quality systemdocumentation.

The organization should provide for the collecting,analysing, summarizing and disseminating ofpertinent information and data needed to monitorthe organization's performance. This informationand data should be used throughout theorganization to support effective and efficientmanagement of key organisational processes.

4.1.2 System Measures 4.1.2 System Measures

4.1.2.1 Internal Audit 4.1.2.1 Internal Audit

The organisation shall carry out audits of itsquality management system in order todetermine if it

1) conforms to the plans requirements of thequality system; and

2) has been effectively implemented andmaintained.

The audit programme and procedures shouldprovide an objective evaluation performed byqualified personnel of the organization's activities,planned and carried out to include the following:

a) organisational structures;b) sales, administrative, operational and quality




NOTE: Suitability and effectiveness of thequality management system is theresponsibility of management, howevereffective implementation of the requirementsof this international standard should beverified on a more frequent basis than"management review" by qualifiedpersonnel.

The organization's internal audit programme,including any schedule, shall be based on thestatus and importance of the activity to beaudited, the results of previous audits and ofother system measures.

The internal audit programme shall include asappropriate:

a) planning and scheduling the specificactivities and areas to be audited, alsobased upon other inputs which includeorganizational changes, market feedback,nonconforming reports, customercomplaints, and surveys.

b) assignment of personnel, independent ofthose having direct responsibility for theactivity being audited, with appropriatequalifications to conduct audits

c) a checklist used to provide a consistentbase for the audit process

d) follow up the results from previousaudits

e) audit reports containing the results of theaudit.

The internal audit reports shall include:

a) activities and areas auditedb) nonconformities or deficiencies foundc) corrective actions taken as a result of

previous quality system auditnonconformities found

d) opportunities for improvement

NOTE: Guidance on quality system audits isgiven in ISO 10011.

system procedures;c) personnel, equipment and material resources;d) work areas, operations and processes;e) products being produced (to establish the

degree of conformance to requirements);f) documentation, reports and record-keeping.

The efficiency of the internal audit process asdefined in the audit programme and proceduresshould be evaluated, and results provided to theorganisation's management for planning andimplementing improvement activities.




4.1.3 Process Measures 4.1.3 Process Measures

The process measurement process shall include:1. criteria for selecting the quality

characteristics of process performancerequiring measurement,

2. the scope, type and frequency ofmeasurement, and

3. methods for ensuring consistency,validity, standardisation, security,review, update and timely access ofquality measurement data throughout theorganisation, and to customers andsuppliers as appropriate.

The organisation shall establish and maintain aprogramme and procedures for periodic processaudits to be carried out to verify theeffectiveness of implemented process controls toensure that processes are performingconsistently and in accordance with plannedprocess design, and result in outputs that meetthe specified requirements.

The organisation's process audit programme shallbe based on the status and importance of theprocess to be audited, the results of previousaudits and of other quality measures.

The process audit programme shall define thescope and frequency of the process audits.

The process audits shall be conducted bypersonnel independent of the processes beingaudited.

Where process deficiencies may becomeapparent only after the product is in use, andthe results of processes cannot be directlyverified by subsequent inspection or test of theproduct itself, such processes requirequalification to ensure process capability andcontrol of all critical variables during processoperation.

The audit results shall be recorded and providedto the management of the audited area andsummarised for the management review process.

NOTE: Process audits supplement the systemand product measurement results, and can beintegrated into the internal quality system auditwhere appropriate.

An organisation should not rely on verificationactivities to cause quality to happen. Processactivity should be directed toward defectprevention methods, such as statistical processcontrol, mistake proofing, visual controls, ratherthan defect detection.

The organisation shall evaluate the efficiency ofkey process controls to ensure that the controlsare appropriate for the application they are beingused for.

The measures used to control process performanceshould be audited at appropriate intervals toassure the continuing acceptability of

a) the accuracy and variability of equipmentused;

b) the skill, capability and knowledge ofoperators;

c) the accuracy of measurements results anddata used to control the process;

d) process environment and other factorsaffecting quality, such as time andtemperature;

e) appropriate documentation of processvariables, equipment and personnel;

f) process compliance with environmentalpolicies, procedures, regulations andstandards; and

g) life-cycle-time performance.

Also, processes should be periodically verified asbeing capable of producing product and/or servicesin accordance with specifications and/or customerrequirements.




4.1.4 Product Measures 4.1.4 Product Measures

The organisation shall establish and maintaindocumented procedures to monitor and measureits product and/or services in order to verify thatthe specified requirements for the product and/orservice are met, with special attention on crucialcharacteristics, which are those where non-compliance could affect product safety,compliance with regulations, fit, function,appearance, or quality of subsequentmanufacturing operations. The requiredinspection and testing activities to beestablished, and the records to be maintained,shall be detailed in the quality plan or qualitysystem documentation.

The organisation shall determine the scope andfrequency of the product measures used basedupon the results of the system and processmeasures.

Acceptance criteria shall be defined by theorganisation and approved by the customerwhen specified by contract.

NOTE: Acceptance criteria for any attributedata sampling plans used should be zerodefects. The use of statistical samplingand evaluation procedures is importantwith processed materials (e.g. "bulk").The use of control charts and statisticalsampling procedures and plans areexamples of techniques employed tofacilitate production/process control.

With regard to product measures, the quality planshould indicate:

a) any relevant inspection and test plan (theitems below may all be part of aninspection and test plan)

b) how the organisation will verify supplierproduct conformance to specifiedrequirements

c) where each inspection and test point islocated in the process sequence

d) what characteristics are to be inspected andtested at each point, the procedures andacceptance criteria to be used, and anyspecial tools, techniques or personnelqualification required

e) where the customer has established pointsfor witness or verification of selectedcharacteristics of a product or itsproduction and installation processes

f) where inspections or tests are required tobe witnessed or performed by regulatoryauthorities

g) where, when and how the organisationintends, or is required by the customer orregulatory authorities, to use qualified thirdparties to perform:

1) type tests2) witness testing (including on-site

acceptance)3) product verification4) product validation5) material, product, process, quality

system or personnel certification

Prior to initial delivery of a service, the followingshould be reviewed to confirm:

1. the service is consistent with customerrequirements

2. the service delivery process is complete




3. resources are available to meet the serviceobligations, particularly materials andpersonnel

4. that applicable codes of practice,standards, drawings and specifications aresatisfied

5. information to customers in the use of theservice is available.

4.1.4.1 Receiving Inspection and Testing 4.1.4.1 Receiving Inspection and Testing

The organisation shall ensure that incomingproduct and/or service is not used or processeduntil it has been inspected or otherwise verifiedas conforming to specified requirements.Verification of conformance to the specifiedrequirements shall be in accordance with thequality plan and/or documented procedures.

Where incoming product is released for urgentproduction purposes prior to verification, it shallbe positively identified and recorded in order topermit immediate recall and replacement in theevent of nonconformity to specifiedrequirements.

In determining the amount and nature ofreceiving inspection, consideration shall be givento the amount of control exercised at thesupplier's premises and the recorded evidence ofconformance provided.

The organisation's incoming quality system shoulduse one or more of the following methods:1. Receipt and evaluation of statistical data2. Receiving inspection and/or testing (e.g.,

sampling based on performance)3. Second or third party assessments or

audits of subcontractor sites, when coupledwith records of acceptable qualityperformance

4. Part evaluation by accredited contractorsor test laboratory

Procedures for control of purchased materialshould include quarantine areas or otherappropriate methods to prevent unintended use orinstallation of non conforming materials.

4.1.4.2 In-process Inspection and Testing 4.1.4.2 In-process Inspection and Testing

The organisation shall inspect and test theproduct as required by the quality plan and/ordocumented procedures. The organisation shallhold product until the required inspection andtests have been completed or necessary reportshave been received and verified, except whenproduct is released under positive-recallprocedures. Release under positive-recallprocedures shall not preclude the activitiesoutlined above.

NOTE: Verification should be made as close aspossible to the point of realisation of thecharacteristic. If verification ofcharacteristics of the process itself is notphysically or economically practical orfeasible, then verification of the productshould be utilised. In all cases,relationships between in-processcontrols, their specifications and finalproduct specifications should bedeveloped, communicated to production

Verification for hardware products may includethe following:a) set-up and first-piece inspectionb) inspections or tests by machine operatorc) automatic inspection or testd) fixed inspection stations at intervals throughout

the processe) monitoring specified operations by patrolling

inspectors

Verifications at each stage should relate directly tofinished product specifications or to an internalrequirement, as appropriate.




and inspection personnel, anddocumented.

4.1.4.3 Final Inspection and Testing 4.1.4.3 Final Inspection and Testing

The organisation shall carry out all finalinspection and testing in accordance with thequality plan and/or documented procedures tocomplete the evidence of conformance of thefinished product to the specified requirements.

The quality plan and/or documented proceduresfor final inspection and testing shall require thatall specified inspection and tests, including thosespecified either on receipt of product or in-process, have been carried out and that theresults meet specified requirements.

No product and/or service shall be dispatcheduntil all the activities specified in the qualityplan and/or documented procedures have beensatisfactorily completed and the associated dataand documentation are available and authorised.

NOTE: While remedial action is sometimespossible during service delivery, it is usuallynot possible to rely on final inspection toinfluence service quality at the customerinterface where customer assessment of anynonconformity is often immediate.

The supplier should document the customerrequirements, if any, for layout inspection andfunctional testing. A layout inspection shouldidentify the actual dimensions of the productcharacteristics for comparison to the requirements.This is one method for monitoring tool wear.

4.1.4.4 Product Audit 4.1.4.4 Product Audit

The organization shall establish and maintain aprogramme and procedures for periodic productand/or service audits conducted after finalinspection to verify the effectiveness of theverification activities implemented to ensure thatproducts meet specified requirements, includingproduct and/or service, packaging and labelling.

The organization's product audit programmeshall be based on specified requirements,customer complaints, and the results of previousaudits or other measures (see Section 4).

The product audit programme shall define thescope and frequency of the product audits.

NOTE: Where the customer qualityperformance requirements are met, thefrequency of product audits may be reduced.Where nonconforming product is found, thefrequency should be increased, and additionalverification activities should be implemented




in the process.

The product audits shall be conducted bypersonnel independent of the persons conductingthe work.

The product audit results shall be recorded andprovided to the management of the audited areaand summarised for the management reviewprocess.

NOTE: Product audits supplement thesystem and process measurement results.

4.1.4.5 Inspection and Test Records 4.1.4.5 Inspection and Test Records

The organisation shall maintain records whichprovide evidence that the product and/or servicehas been inspected and/or tested in compliancewith the quality plan, or documentedprocedures. These records shall show clearlywhether the product and/or service has passed orfailed the inspection and/or tests according todefined acceptance criteria. Where the productand/or service fails to pass any inspection and/ortest, the procedures for control ofnonconforming product and/or service shallapply.

Records shall identify the inspection authorityresponsible for the release of product and/orservice.

4.1.4.6 Control of Measuring, Inspection andTest Equipment

4.1.4.6 Control of Measuring, Inspection andTest Equipment

The organisation shall establish and maintaindocumented procedures to control, calibrate andmaintain inspection, measuring and testequipment (including test software) used by theorgainisation to demonstrate the conformance ofproduct to the specified requirements.Inspection, measuring and test equipment shallbe used in a manner which ensures that themeasurement uncertainty is known and isconsistent with the required measurementcapability.

NOTE: Additional guidance onmeasurement uncertainty may be foundin ISO 10012-1: 1992 (E). The choiceof the specific method to be usedshould be based upon sound technicalknowledge of the completemeasurement system, the conditions

Evidence should be available to document thatappropriate statistical studies have beenconducted to analyze the variation present in theresults of each type of measuring and testequipment system prior to their use. Thisrequirement should apply to all measurementsystems referenced in the quality systemdocumentation.




under which it will operate and the usesfor which the data are being produced.

Where test software or comparative referencessuch as test hardware are used as suitable formsof inspection, they shall be checked to provethat they are capable of verifying theacceptability of product, prior to release for useduring production, installation or servicing, andshall be rechecked at prescribed intervals. Theorganisation shall establish the extent andfrequency of such checks and shall maintainrecords as evidence of control (see 4.1.6).

Where the availability of technical datapertaining to the inspection, measuring and testequipment is a specified requirement, such datashall be made available, when required by thecustomer or customer's representative, forverification that the inspection, measuring andtest equipment is functionally adequate.

The organisation shall:

1. determine the measurements to be madeand the accuracy required, and select theappropriate inspection, measuring and testequipment that is capable of the necessaryaccuracy and precision;

2. identify all inspection, measuring and testequipment that can affect product quality,and calibrate and adjust them at prescribedintervals, or prior to use, against certifiedequipment having a known valid relationshipto internationally or nationally recognizedstandards. Where no such standards exist, thebasis used for calibration shall be documented;

3. define the process employed for thecalibration of inspection, measuring and testequipment, including details of equipmenttype, unique identification, location,frequency of checks, check method,acceptance criteria;

4. develop a reaction plan to be initiatedwhen calibration verification results areunsatisfactory;

5. verify the validity of previous inspectionand test results when equipment is found tobe out of calibration;

6. identify inspection, measuring and testequipment with a suitable indicator orapproved identification record to show thecalibration status;




7. maintain calibration records forinspection, measuring and test equipment (see4.1.6);

8. assess and document the validity ofprevious inspection and test results wheninspection, measuring or test equipment isfound to be out of calibration;

9. ensure that the environmental conditionsare suitable for the calibrations, inspections,measurements and tests being carried out;

10. ensure that the handling, preservation andstorage of inspection, measuring and testequipment is such that the accuracy andfitness for use are maintained;

11. safeguard inspection, measuring and testfacilities, including both test hardware andtest software, from adjustments which wouldinvalidate the calibration setting.

Calibration of inspection, measuring or testequipment services shall be conducted by aqualified laboratory. Commercial, independentcalibration facilities shall be accredited toISO/IEC Guide 25 with a scope which includescalibration of such equipment, or have evidence,e.g. second party assessment that they meet theintent of ISO/IEC Guide 25, e.g. traceability andprofessional competency.

Records (see 4.1.6) of the calibration activity forall gages, measuring and test equipment, includingemployee-owned gages, shall include:· Revisions following changes as appropriate· Gage conditions and actual readings as

received for calibration· Notification to the customer if

nonconforming material has been shipped.

4.1.4.7 Supplier Laboratory Requirements 4.1.4.7 Supplier Laboratory RequirementsWhere inspection, testing and calibration servicesare conducted by a laboratory facility, thelaboratory shall comply with ISO/IEC Guide 25.

NOTE: Not all inspection and testing willneed to be conducted in a laboratory facility.

4.1.4.8 Revalidation 4.1.4.8 Revalidation

Periodic revalidation shall be performed to ensurethat the product and/or service continues to meetthe customer needs and conforms to the productand/or service specification.




Revalidation shall be planned and documented, andshould include considerations of actual fieldexperience, impact of personnel changes, adequacyof procedures, instructions, guides and proposedmodifications.

4.1.5 Customer Satisfaction Measures 4.1.5 Customer Satisfaction Measures

To ensure that the product and/or service is fitfor customer use, the organisation shall have adocumented procedure for the determination,continual monitoring and feedback of customersatisfaction and dissatisfaction at appropriatestages of product/service realisation. Theorganisation shall specify the measures to beused, the frequency of review, customersatisfaction improvement goals, and howobjectivity and validity are assured. Theeffectiveness of measures implemented shall beperiodically re-evaluated. These measures,including revisions, shall be approved byauthorised personnel.

The organisation shall establish and documentcustomer satisfaction goals to meet current andfuture customer expectations. These goals, andplans to achieve the goals, should be based on

1. analysis of competitive products and/orservices

2. on benchmarking inside and outside theorganisation's commodity and industry.

The organisation shall analyse the results of thecustomer satisfaction measures on a continualbasis to take appropriate action. A summary ofthese results shall be provided for themanagement review process. Trends in customersatisfaction and customer dissatisfaction shall bedocumented and compared to relevant marketdata.

NOTE: Organisations should comparecustomer satisfaction results to those ofcompetitors, or appropriate benchmarks.

NOTE: Consideration should be given tointernal, external and final customers.

The organisation's system for determination,monitoring and feedback of customer satisfaction,and dissatisfaction, should address quality, serviceand price for value provided on a continual basis.

The organisation should establish procedures forplanning and implementing appropriate marketactivities to more efficiently obtain the "voice ofthe customer". Elements associated with qualityin marketing should include:

1. complementary services2. competitor activities and performances3. review of legislation (e.g. health, safety and

environmental) and relevant national andinternational standards and codes

4. analysis and review of customerrequirements, service data and contractinformation that has been collected(relevant summaries of the analysed datashould be communicated to the appropriatepersonnel, such as manufacturing,purchasing, design or delivery)

5. consultation with all affected organisationfunctions to confirm their commitment andability to meet specified requirements

6. ongoing research to examine changingmarket needs, new technology and theimpact of competition

7. new products and new process technology

In order to define customer satisfaction anddissatisfaction levels, the organisation shouldconsider the various data collection methods. Theorganisation should define the best data collectionmethods in accordance with the nature of thestudy, deadlines, current technology and availablefunds.

4.1.6 Analysis of Data (including records) 4.1.6 Analysis of Data (including records)

The organisation shall effectively analyse data,including quality records, to provide informationto ensure effectiveness of the qualitymanagement system and demonstration of

The organisation should have a documentedprocedure to analyse the effective and efficient useof information and data in order to assess progressrelative to plans, goals, and organisational




conformance to specified requirements.

The collection of data shall be planned andgathered from various sources including reportsand records from internal audits, correctiveaction, nonconforming product, customercomplaints, surveys, benchmarking, operations,sales, field service, suppliers and other relevantsources.

The organisation shall identify the need forstatistical techniques required for analysing andverifying process capability and productcharacteristics, and implement appropriatetechniques for the analysis of data. Analysisshall be based on the system, process andproduct measures, including quality records.

Information based upon the analysis of data shallbe communicated to the organisation'smanagement for prompt action as appropriate.

The organisation shall establish and maintaindocumented procedures for the identification,collection, indexing, access, filing, storage,maintenance and disposition of quality recordsto demonstrate conformance to specifiedrequirements.

Quality records shall be legible, and shall bestored and retained in such a way that they arereadily retrievable in facilities that provide asuitable environment to prevent damage ordeterioration and to prevent loss. Retentiontimes of quality records shall be established andrecorded. Where agreed contractually, qualityrecords shall be made available for evaluation bythe customer, or the customer's representativefor an agreed period.

performance, and to identify areas forimprovement. In analysis the overall performanceshould be divided into its parts to find out theirnature and relationships to produce informationfor management decisions.

The organisation should document howperformance information and data from all parts ofthe organisation are integrated and analyzed toassess overall organisational performance in keyareas. Information and data should be used todetermine1. customer-related performance,2. operational performance, including human

resource and product/service performance,3. competitive performance4. economics of quality, financial and market-

related performance.

Information and data from all parts of theorganisation should integrated analysed to assessoverall organisational performance in major areas.Analysis should have a strategic viewpointcovering the whole management system consistingof the major organisational processes, as well as anoperational viewpoint, particularly consideringsignificant processes.

Organisational performance should be analysedsystematically for strategic planning and goalsetting. Analysis should draw upon all types offacts providing data and information on customer-related performance, operational performanceincluding product performance, and financial andmarket-related performance. Also competitiveaspects to own targets, competitors` performanceand relevant benchmarks should be considered inanalysis. This information should be incorporatedinto the organisation's business or strategic plans,as appropriate.

Where technical analysis is performed bylaboratories, the laboratories should comply withISO/IEC Guide 25.

4.2 Improvement 4.2 Improvement

4.2.1 Corrective Action 4.2.1 Corrective Action

The organisation shall establish and maintaindocumented procedures for eliminating thecauses of nonconformity, defect or otherundesirable situation in quality characteristicsand quality system to prevent recurrence.

The organisation shall review the

To implement corrective action evaluations,management should establish and maintain aninformation system for the collection anddissemination of data (see 4.1.6) from all relevantsources. Management should assignresponsibilities for the information system and forservice quality improvement.




nonconformance reports, customer complaintsand other relevant quality system records andtake prompt corrective action, as appropriate.

Responsibilities for corrective action steps shallbe defined and the procedures for correctiveaction shall require use of a disciplined problemsolving process to include:

a) the effective handling of customercomplaints and product nonconformityreports,

b) immediate containment of nonconformingproduct, including disposition ofnonconforming material (see 3.3.5), whileinvestigating the cause of nonconformity,

c) investigation of the root cause ofnonconformity's relating to productand/or service, process and qualitysystem, and recording the results of theinvestigation,

d) identification of the corrective actionneeded to eliminate the cause ofnonconformities (see 4.1.6),

e) evaluation (see 4.1.6) to determine theeffects on the in-process or final productsor services, and other product and/orservice offerings, as appropriate, and towhat extent reprocessing, retesting,recalibration or other actions that may benecessary.

f) application of remedies to ensure thatcorrective action is taken and that it iseffective

g) implemention of corrective action forproduct and/or service already delivered,but subsequently discovered to benonconforming, including notification tocustomers where possible.

NOTE: Application of corrective actions canresult in changes to production, packing,service, transit or storage processes, aproduct or service specification and/orrevision of the quality system.

The significance of a problem affecting qualityshould be evaluated in terms of its potentialimpact on such aspects as processing costs,quality-related costs, performance, dependability,safety and customer satisfaction. Appropriateorganisational functions, e.g. marketing,purchasing, human resources, should berepresented in the corrective action process.




The organisation shall record the results of theevaluation, and revise quality systemdocumentation (see 1.5 and 3.1.4) and records(see 4.1.6) to reflect corrective actions taken asappropriate. . Corrective action informationshall be submitted to management review.

4.2.2 Preventive Action 4.2.2 Preventive Action

The organisation shall establish and maintaindocumented procedures for implementingpreventive action to detect, analyse and eliminatethe causes of potential nonconformities in thequality system, products, or processes toprevent their occurence.

Measures necessary for the early warning of out-of-control operating conditions of the(production) process shall be identified andimplemented. The organisation shall review thecustomer satisfaction results, audit results,records from processes, e.g. failure mode andeffects analysis (FMEA) and work operations(see 4.1.6), and other relevant quality systemrecords and take prompt preventive action, asappropriate.

Responsibilities for preventive action steps shallbe defined and the procedures for preventiveaction shall require use of a disciplined problemsolving process to include:1. identification and selection of system,

product or process risks to be addressed2. identification of the preventive action

needed to eliminate the occurence ofnonconformities (see 4.1.6), using appropriateproduct or process improvement tools, e.g.mistake-proofing,

3. evaluation (see 4.1.6) to determine theeffects on the in-process or final products orservices, and other product and/or serviceofferings, as appropriate, and to what extentother actions may be necessary.

4. application of remedies to ensure thatpreventive action is taken is effective.

The organisation shall record the results of theevaluation, and revise quality systemdocumentation (see 1.5 and 3.1.4) and records(see 4.1.6) to reflect preventive actions taken asappropriate. Preventive action information shallbe submitted to management review.

The organisation should use disciplined problemsolving methods to identify the causes of potentialnonconformities.

The significance of a potential problem affectingquality should be evaluated in terms of itspotential impact on such aspects as processingcosts, quality-related costs, performance,dependability, safety and customer satisfaction.Appropriate organisational functions, e.g.marketing, purchasing, human resources, should berepresented in the corrective action process.

Preventive action to eliminate a potentialnonconformity is not necessarily required forevery potential nonconformity identified, butshould be considered for improvement.

Management should ensure the implementationand application within a reasonable and definedperiod of time of preventive action.

Controls should be applied to ensure preventiveaction is effective and efficient.

4.2.3 Improvement Processes 4.2.3 Improvement Processes

The organisation shall demonstrate continual The organisation shall continually improve in




quality system improvement. A comprehensivecontinual improvement philosophy shall be fullydeployed throughout the organisation andaddressed in the Quality Policy (see 1.3).

The organisation shall have knowledge ofappropriate measures and methodologies forcontinuous improvement, and use those that areappropriate for their products or services.

The organisation shall allocate appropriateresources for innovative quality improvements,based upon industry benchmarking and marketdata.

quality, service and value provided to customers.Suppliers should develop specific action plans forcontinuous improvement in processes that aremost important to the customer once thoseprocesses have demonstrated stability andacceptable capability.

Based upon industry benchmarking and marketdata, the organisation shall allocate appropriateresources to innovative organisationalimprovements.

Documents

ISO/TC176/SC2/WG18/N32t -Working Draft 2 18 February 1998 ... · ISO/TC176/SC2/WG18/N32t -Working Draft 2 18 February 1998 ISO/TC 176/SC 2/N 399 ISO 9001 Quality Assurance ISO 9004