LOYDS QMS Pre-course Work

8/11/2019 LOYDS QMS Pre-course Work

1/48

Improving performance,reducing risk

QMS Auditor/Lead Auditor

Pre-Course Notes


2/48


3/48

Introduction

QMS Auditor/Lead Auditor Page 1 of 45Version 3 - Revision 5.0Precourse Notes.docx

LRQA Training 2014

Welcome to the Quality Management Systems Auditor/Lead Auditor training course.Thank you for choosing LRQA.

We have designed the course to give you the knowledge and skills to perform audits ofmanagement systems against ISO 9001 effectively and with confidence.It meets the requirements of the International Register of Certificated Auditors (IRCA)www.irca.org

Complete the course successfully and you will satisfy the formal training requirementsfor IRCA certification to all grades of Quality Management System auditor.

Course hours The course duration is 40 hours over 4 days.

100% attendance is required. You will be asked to complete evening work each day, which will take approximately

1 hour.

Delegate assessment We will fully explain at the start of the course the assessment criteria and

performance standards you need to achieve. We will give you written feedback each day, and guidance on any improvements

needed. You will complete a 2 hour written examination at the end of the course.

What is this pre-course work for? You must have some understanding of quality management principles and concepts

and knowledge of ISO 9001 requirements before starting the course. Completingthis pre-course work and you enable you to consolidate and develop yourknowledge, which you will use and build on during the course.

We are giving you this information in advance so we can make the course practicaland activity-based. This will help you to learn and make the course enjoyable.

This pack is part of your course notes.

How long will it take? Plan on taking approximately two hours in total to complete it.

What happens if I do not complete this? You will have missed a valuable opportunity to start building your knowledge. You will almost certainly find it difficult to participate in some of the course exercises

and you will need to complete it in your own time in addition to your evening work. You may well reduce your chance of successfully completing the course.
http://www.irca.org/http://www.irca.org/http://www.irca.org/


4/48

Introduction


LRQA Training 2014

Am I expected to remember all of the information in this pack? No, the course is not a test of memory but it will test your understanding. To be

successful you will need to apply this information during the course and showduring the exam that you understand the concepts covered in this pack. The examquestions could relate to any aspect of this pre course information, any aspectscovered on the course, and any requirements of ISO 9001.

During the exam you will be able to refer to a clean copy of ISO 9001 (i.e., one thathas not been annotated in any way). If appropriate you can use a paper basedbilingual dictionary. These are the only items permitted for reference.

Important Please complete Section G Verification of pre-course work. This is very important.

It will help you prepare for the course. Please be sure you bring the completed pack and your personal copy of ISO 9001

with you when you attend the course. Please complete your personal course objectives at the end of the pack. We will ask

you to present these at the start of the course.


5/48

Section A ISO 9000 Series of Documents


LRQA Training 2014

Contents

Page

Introduction 1

SECTION A The ISO 9000 Series of Documents 4

SECTION B ISO Terms and Definitions 5

SECTION C

ISO 9000 Quality Management Principles The Eight Quality Management Principles Matching ISO 9001 Requirements to the Quality

Management Principles

7

SECTION D Understanding Processes The Process-improvement model The process model Process conformance and effectiveness

9

SECTION E ISO 9001 Structure and Contents ISO 9001 - Model of a process-based quality

management system ISO 9001 Contents and layout Pre course preparation

13

SECTION F Introduction to Auditing Audit terms and definitions Audit types and purpose Certification and accreditation

19

SECTION G Verification of pre-course work 23

SECTION H Defining Personal Course Objectives 26

Appendix Guide to ISO 9001 Requirements 28

Note: The following spellings are used throughout for consistency with theISO 9000 series of documents: - Organization. Realization. Realized


6/48

Section A ISO 9000 Series of Documents


LRQA Training 2014

PurposeThis section contains information on the ISO 9000 series of documents.

The ISO 9000 Series of DocumentsThe ISO 9000 series of documents comprise:

ISO 9000 - Quality management systems Fundamentals and vocabularyISO 9000 explains the fundamentals of quality management. It defines terms used inISO 9001 and ISO 9004.

ISO 9001 - Quality management systems RequirementsISO 9001 specifies requirements for a quality management system that aims toenhance customer satisfaction by meeting customer and applicable statutory andregulatory requirements. It can be used for internal application by organizations, forcertification and for contractual purposes.

ISO 9001 is an auditable standard. The others are not.

ISO 9004 Managing for the sustained success of an organization A qualitymanagement approachISO 9004 is a guide for organizations that wish to achieve sustained success using aquality management approach. ISO 9004 provides a wider focus on qualitymanagement than ISO 9001, addressing the needs of a wide range of stakeholdersand giving guidance for the systematic and continual improvement of the

organizations overall performance. As a guidance document, ISO 9004 is notauditable for certification, but it does promote self assessment by organizations toidentify opportunities for improvements and/ or innovations.

ISO 9001 and ISO 9004 are designed to complement each other, but can also be usedindependently.

Most standards require periodic revision. Several factors combine to render a standardout of date: technological evolution, new methods and materials, new quality and safetyrequirements. To take account of these factors, ISO has established the general rule that

all ISO standards should be reviewed at intervals of not more than five years.


7/48

Section B ISO Terms and Definitions


LRQA Training 2014

PurposeThis section introduces some essential quality terms and definitions. These will help youinterpret and audit ISO 9001 requirements. You may want to refer back to thesedefinitions as you read through the other sections of this pack.

DefinitionsThe following terms and definitions are quoted from ISO9000 Quality managementsystems - Fundamentals and vocabulary.

To help your understanding, we have grouped related terms together and separatedgroups using this bullet symbol.

QualityDegree to which a set of inherent characteristics fulfils requirements

SystemSet of interrelated or interacting elements

Management systemSystem to establish policy and objectives and to achieve those objectives

Quality management systemManagement System to direct and control an organization with regard to quality

ProcessSet of interrelated or interacting activities which transforms inputs into outputs

ProductResult of a process

The term Product is used as a generic term for:- services (for example transport)- software (for example computer programme or information,)- hardware (for example engine mechanical part)- processed materials (for example lubricant)

ProcedureSpecified way to carry out an activity or a process

Where the procedure is documented the term written procedure or documentedprocedure is frequently used. For clarity, auditors should not use the term procedurewhen in fact they are referring to a written or documented procedure.


8/48


9/48

Section C - ISO 9000 Quality Management Principles


LRQA Training 2014

PurposeISO 9000 introduces eight Quality Management Principles that can be used to lead anorganization towards improvement. ISO 9001 includes requirements that can be tracedback to these principles.

By reading this section and working through an example of how requirements of ISO9001 can be linked back to the principles you will help to develop your understanding ofISO 9001 and the underlying purpose of specific requirements.

The Eight Quality Management PrinciplesThe eight quality management principles given in ISO 9000 are:

1. Customer focusOrganizations depend on their customers and therefore should understand currentand future needs, should meet customer requirements and strive to exceed customerexpectations.

2. LeadershipLeaders establish unity of purpose and direction of the organization. They shouldcreate and maintain the internal environment in which people can become fullyinvolved in achieving the organization's objectives.

3. Involvement of peoplePeople at all levels are the essence of an organization and their full involvementenables their abilities to be used for the organizations benefit.

4. Process approachA desired result is achieved more efficiently when activities and related resources aremanaged as a process.

5. Systems approach to managementIdentifying, understanding and managing interrelated processes as a systemcontributes to the organization's effectiveness and efficiency in achieving itsobjectives.

6. Continual improvementContinual improvement of the organization's overall performance should be apermanent objective of the organization .

7. Factual approach to decision makingEffective decisions are based on the analysis of data and information.

8. Mutually beneficial supplier relationshipsAn organization and its suppliers are interdependent and a mutually beneficialrelationship enhances the ability of both to create value.

(Reproduced from ISO 9000)


10/48

Section C - ISO 9000 Quality Management Principles


LRQA Training 2014

Please note - Suppliers are stakeholders not customers. Stakeholder needs areconsidered in ISO 9004 but are outside the scope of ISO 9001. Consequently thereis no direct traceability from ISO 9001 to the quality management principle ofmutually beneficial supplier relationships.

Matching ISO 9001 requirements to the quality managementprinciplesWith the exception of mutually beneficial supplier relationships requirements thatsupport each of the principles can be found in ISO 9001. An example of this is shownbelow.

Use this example to start to familiarise yourself with ISO 9001.

Principle ISO 9001 requirements that support the principle

Process approach 4.1a) identify the processes needed for the quality management system.

4.1b) determine the sequence and interaction of these processes

4.1c) determine criteria and methods needed to ensure that both theoperation and control of these processes are effective

Now refer to ISO 9001. Read what it says in the sections listed below andsee how these requirements support the process approach principle.

4.1 e) 4.1 f)

7.1 refer to the first paragraph

8.2.3

Complete the Quality Management Principle and ISO 9001 cross referencesection that is part of the Verification of pre-course work section.


11/48

Section D Understanding Processes


LRQA Training 2014

PurposeISO 9001 promotes a process approach to quality management. We introduce in thissection the Process Improvement Model, the Process Model and process conformanceand effectiveness.

The Process-improvement model

ACT PLAN

CHECK DO

This is the Plan-Do-Check-Act improvement cycle. You may hear it called the PDCAcycle or the Deming cycle. You can apply it to all processes and you can use it to planand implement process change.

Plan Plan the improvement and plan how you will know if it has worked.

Do - Do what you planned to do and measure it as planned.

Check - Check the results against expectations.

Act Act to maintain the improvement, address any shortfall and learn fromexperience.

ISO 9001 aims to bring about continual improvement through the Plan-Do-Check-Actcycle, which is embedded into ISO 9001 requirements.


12/48



LRQA Training 2014

The Process modelThe ISO 9000 series of documents make frequent reference to processes and process-base quality management systems. It will be useful if you understand the relevant ISOterms, what is meant by a process and how any process can be represented by a simplemodel. We will use this process model during the course.

Process - set of interrelated or interacting activities which transforms inputs intooutputs.

Product -result of a process.

Procedure - specified way to carry out an activity or process.

You can describe a business or organization as a collection of processes. Processes useresources to transform the inputs into the outputs. People and equipment are examplesof resources.

The purpose of a quality management system based on ISO 9001 is to ensure theproduct of the organization meets customer, statutory and regulatory requirements, andthe organizations own requirements. Using the PDCA approach, ISO 9001 requiresprocesses to be designed, monitored and improved so they consistently deliver productthat meets these requirements.

When the way in which an activity or process is carried out can affect the productsability to meet requirements a procedure (a specified way to carry out the process) isneeded. The procedure may be implemented by training the process operator or byautomating the process.

It is useful to be able to represent a process by a simple diagram. The Process modelshown below is one recognised way of doing this and it will be used in the course.

Ac tivi ties

u Controls

u Outputu Input

u Resources


13/48



LRQA Training 2014

For example, consider the enquiry handling part of a sales process.

Process Interaction

Individual processes rarely operate in isolation and processes can often be broken downinto sub-processes. Outputs from one process are often inputs into later processes.Some times the output from one process will become a control to another process. Forexample, consider two parts of a purchasing process.

Supplier Approval

u SupplierPerformancestandards

u ApprovedSuppliers

u PotentialSuppliers

u CompetentPersonnel

Purchasing

u ApprovedSuppliers

u PurchaseOrder

u PurchaseRequirements

u CompetentPersonnel

Controls - controls or constraints applied to theprocess or output

E.g. Company pricing and discount policy

Output - the result oftransforming the input.

E.g. A quotation to thecustomer

Input materials orinformation that is changedin some way to become theoutput.

E.g. Customer enquiry

Resources - resources to enable the processto be carried out.

E.g. Sales person and database

ProcessActivities


14/48



LRQA Training 2014

Process conformance and effectiveness

Conformance fulfillment of a requirement.

The term conformance is used when discussing ISO management system standards inpreference to the term compliant, which is used when discussing statutory andregulatory standards.

Effectiveness extent to which planned activities are realized and planned resultsachieved.

A process is conforming when carried out in accordance with planned arrangements.The planned inputs, resources and controls have been used to produce the plannedoutput. But a conforming process is not automatically an effective process. For

example, the planned output may not meet requirements of the customer.Checking a process has been carried out in accordance with planned arrangements is aconformance audit. Checking the results of a process meet requirements is aneffectiveness audit. Auditors must consider the purpose of a process to determine itseffectiveness.

For example, consider a purchasing process. The purpose of a purchasing process is tohave the right product, in the right quantities, at the right time, in the right place, to theright specification and at the right price. An effective purchasing process will achievethese results. So for example, the procedure for purchasing should take account of how

much lead time suppliers need. If specified lead times are too short it is possible to havea conforming, but ineffective purchasing process. This could result in late delivery.


15/48


16/48

Section E - ISO 9001 Structure and Contents


LRQA Training 2014

ISO 9001 Model of a process-based quality management systemISO 9001 includes the diagram below. It illustrates in simple terms how a businessworks following the principles of ISO 9001 and it provides a framework around which

ISO 9001 is structured.

Quality Management Process Model

Continual improvement ofthe quality management system

Requirements

Satisfaction

Customers Customers

Resourcemanagement

Measurement,analysis and

improvement

ProductRealisation

ManagementResponsibility

Input OutputProduct

The diagram illustrates the relationship between customers and the supplyingorganization. On the left-hand we have customer requirements. In the middle we havethe organization supplying the customer. On the right-hand we have the customersperception as to whether the organization has met their requirements.

Customers Requirements - consider customers at two levels, as shown on the left-hand side. Firstly there is the collective customer, or market place that the organizationoperates within. And there is the individual customer and individual order. Theenclosed requirements box in the diagram represents the individual customer. Thesame principle applies in the illustration of customers satisfaction on the right-handside. There is the perception of whether the organization has met the needs of anindividual customer for an individual order, and there is the overall perception of thecollection of customers.


17/48



LRQA Training 2014

Management Responsibility - Businesses generally operate within a market sector.For example one airline may choose to concentrate on the business traveller whilstanother targets the low cost part of the market. The organization needs to fullyunderstand the market it is operating in and what customers want now and in thefuture. This is the role of Top management, who direct and control the organization.Top management need to establish effective two-way communication between theorganization and customers and understand their requirements. This is shown in thediagram by the two-way dotted line from management responsibility to thecustomer. Of course some businesses have only a low number of customers, possiblyonly one. Never the less the same principle applies.

Through this communication with customers top management will be in a position tomake informed decisions and give direction and leadership to the business. Of coursethere are many other factors that top management need to take account of, such aswhat competitors are offering, new technology, new legislation, stakeholderexpectations and new business opportunities. For top management qualitymanagement is just another part of business management. Top management rarelyuses quality terminology. Auditors need to recognise this and use appropriate businesslanguage when interviewing top management.

Quality policy overall intentions of an organization with regard to quality.

The organizations quality policy should reflect what is important to the organizationand its customers. Top management may formulate and review the quality policy as part

of other business planning activities. In practice an organizations policies tend toremain fairly constant from one year to the next whilst objectives change to meetemerging needs.

Quality objectives something sought, or aimed for, relating to quality.

Having set policy and established objectives for quality as well as other businessrequirements such as profitability, the role of top management is to communicate theseand establish a unity of purpose throughout the organization.

Resource Management - All businesses need resources. Within the context of ISO9001 these comprise: Human resources - including competence, training and awareness. Infrastructure - including buildings, workspace and associated utilities, process

equipment (hardware and software) and supporting services (such as transport,communication or information systems).

Work environment - including physical, environmental and other factors under whichwork is performed.

Resources need to be planned, implemented and checked for adequacy andeffectiveness in meeting customer, statutory and regulatory requirements applicable tothe product, and the organizations own requirements as set out in the quality policyand quality objectives.


18/48



LRQA Training 2014

In addition to the three resource types given, organizations will need also to plan andmanage other resources such as financial resources and supplier partnerships. These areoutside of the scope of ISO 9001 but are referred to in ISO 9004.

Product Realization - is a term used to refer to the collection of processes that go toidentify and deliver customer requirements at an individual customer order level.Typically these are the every-day operational processes of an organization. An examplewould be all of the individual processes undertaken by an airline; from selling a ticket toa customer through to delivery of the passenger and their baggage to their destination.

Examples of realization processes that apply to most companies are sales, purchasing,delivery and invoicing. For a manufacturing company, realization processes could alsoinclude production processes, inspection and test, calibration and installation. For aservice company such as a hotel, examples of realization processes would be guestreception, restaurant and room services.

ISO 9001 applies the PDCA cycle to these realization processes.

Measurement, Analysis and Improvement - is the fourth set of processes in themodel of a process-based quality management system. There is a requirement to planand implement monitoring, measurement, analysis and improvement processes. Theseare the check and act parts the PDCA cycle.

The aim is to: Make sure customer requirements are being met. Make sure product conforms to requirements. Make sure processes are capable and effective. Make sure the quality management system is being followed. Analyse data to determine the effectiveness of the management system and enable

fact based decision making. Continually improve the effectiveness of the management system.

That is, continually improve the probability that customer, statutory and regulatoryrequirements applicable to the product, and the organizations own requirements

will be met.

Continual improvement is the last part of the model of a process-based qualitymanagement system. The aim of the measurement processes is to gather factual datathat can be used to correct any deficiencies in the planned arrangements and identifyimprovement opportunities.

Continual improvement acts at two levels.

1. At product realization level - through monitoring and measurement of product andprocesses.


19/48



LRQA Training 2014

The aim is to: Correct anything that is wrong and then take corrective action to eliminate cause

and stop it recurring in the future. Improve process capability so the probability that customer, statutory and regulatory

requirements applicable to the product, and the organizations own requirementswill be met is increased.

Make sure the quality management system is being followed.

And:

2. At organization level through use of the quality policy, quality objectives, auditresults, analysis of data, corrective and preventive actions and management review.

The aim is to: Review what has been achieved against the quality policy and quality objectives and

act to address any shortfalls. Plan for the future, taking account of changes in requirements and other changes

that could affect the quality management system such as development oftechnology.

This activity is part of what ISO 9001 calls management review and is the processby which new quality objectives and targets are established.

ISO 9001 Contents and layout

Look now at your copy of ISO 9001. Clause 1 Scope. This section defines the scope and purpose of ISO 9001. Clause 2 Normative references. This section identifies reference documents that

should be used with ISO 9001. Clause 3 - Terms and definitions. This clause refers to ISO 9000. Clause 4 Quality management system. This section describes general requirements

for developing and implementing a quality management system using ISO 9001. Itspecifies documentation requirements and requirements for a Quality manual,Control of documents and Control of records.

Look now at clauses 5 through to 8. The main body of the Standard is organised in thesame way as the model of a process-based quality management system. That is: Clause 5 Management responsibility. Clause 6 Resource management. Clause 7 Product realization. Clause 8 Measurement, analysis and improvement.

Exclusions Clause 7 onlyWhere any requirement(s) of ISO 9001 cannot be applied due to the nature of anorganization and its product, this can be considered for exclusion. Exclusions are limited

to requirements within clause 7. For example, where an organization does not use


20/48



LRQA Training 2014

monitoring and measuring equipment the requirements of clause 7.6 can be excluded.The quality manual shall include details of, and justification for, any exclusion.

Pre-course preparation

Before attending the course you are required to have knowledge of the requirements ofISO 9001.Depending on your previous knowledge and experience, you may find it useful tocomplete the following activities before the course, to consolidate your existingknowledge and understanding:

1. Read through the guide to ISO 9001 requirements that is in the appendix to thisdocument.

2. Select some of the sections from the guide, maybe those that you are less familiarwith and find out what processes and procedures your own organization uses toaddress these requirements. Now compare these with the requirements as they aredetailed in ISO 9001.

3. Review some of the internal and external audit reports for your organization, andcompare their findings with the relevant sections of ISO 9001.

4. Look at you organizations quality policy, quality objectives and quality manual, andcompare their contents with the relevant ISO 9001 requirements.

5. If available, look at the inputs and outputs form your organizations managementreview. How do they meet the requirements of 5.6.2 and 5.6.3? What is yourorganization seeking to improve?


21/48

Section F Introduction to Auditing


LRQA Training 2014

PurposeThis section introduces some basic concepts of auditing. It contains essentialinformation, which you should know and understand before attending the course.Read this section carefully. You will have an opportunity during the course to clarify anypoints with the trainer.

Audit terms and definitionsThe following terms and definitions are quoted from ISO 19011 Guidelines for qualityand/or environmental management systems auditing, which is referred to in ISO 9001 ISO 19011 is a guidance document, not a set of requirements.

AuditSystematic, independent and documented process for obtaining audit evidence andevaluating it objectively to determine the extent to which audit criteria are fulfilled.

Audit evidenceRecords, statements of fact or other information, which are relevant to the audit criteriaand verifiable .

Audit criteria Set of policies, procedures or requirements used as a reference against which auditevidence is compared.

AuditorPerson who conducts an audit.

Audit teamOne or more auditors conducting an audit, supported if needed by technical experts.

Note one auditor of the audit team is appointed as the audit team leader.

Technical expertPerson who provides specific knowledge or expertise to the audit team.

Audit clientOrganization or person requesting an audit.

AuditeeOrganization being audited.


22/48



LRQA Training 2014

Audit programmeArrangements for a set of one or more audits planned for a specific time frame anddirected towards a specific purpose.

Audit planDescription of the activities and arrangements for an audit.

Audit scopeExtent and boundaries of an audit.

Audit types and purposeAudits are done for a variety of reasons. For example to check a process is carried out inaccordance with the planned arrangements.

Quality management system audits may be used to: Verify conformance to planned arrangements. Identify opportunities for improvement. Assess the effectiveness of quality management systems. Assist with selection and monitoring of suppliers. Verify compliance with contractual requirements. Determine conformity with ISO 9001 requirements.

1 st , 2 nd and 3 rd Party audits.These terms describe the relationship the auditor has with the organization beingaudited. 1st party or internal audit is the term used when the auditor works for the

organization being audited. 1 st party audits are used for internal purposes. Theperson managing the audit programme will decide the scope of the audit.

2nd party or supplier audit is the term used when the auditor works for the clientbuying from the auditee. 2 nd party audits are used to help select and monitor

suppliers. The audit client will decide the scope of the audit. 3 rd party or independent audit is the term used when the auditor works for an

independent auditing organization. For example those carrying out certificationaudits. The auditee organization may include all of its products within the audit, orit may want to limit the audit to a selected range. The independent audit body willaudit all applicable parts of the organizations quality management system andevaluate conformance with all applicable requirements of ISO 9001.

Note determining conformity with ISO 9001 or other recognised standard is theprimary purpose of a 3 rd party audit.


23/48



LRQA Training 2014

Certification and accreditationAt some stage you will almost certainly need to explain the terms certification andaccreditation to people who do not understand them.

In overview the system works like this.

Accreditation bodies, for example the United Kingdom Accreditation Service (UKAS):

Audit and award accreditation to:

Certification bodies, for example LRQA

Who audit and award certification to:

Organizations

Accreditation bodies audit certification bodies against the requirements of ISO 17021Conformity assessment Requirements for bodies providing audit and certification ofmanagement systems.

Accredited certification bodies will generally follow the guidelines contained in ISO19011 Guidelines for auditing management systems.

ISO 19011 is a guidance document whereas ISO 17021 is an auditable document. Andwhere ISO 17021 only applies to certification bodies, ISO 19011 is also referenced bymany organizations operating 1st party (internal) or 2 nd party (supplier) audit systems.

There is no statutory requirement for certification bodies to be accredited, but thecredibility of certification can be greatly undermined if they are not. Using an accreditedcertification body gives stakeholders the assurance that:

Certification auditors are competent and have relevant industry experience; They conduct rigorous, evidence based audits and their recommendations are

validated; Certified organizations have systems and processes that enable them to consistently

meet the requirements of their customers, and of ISO 9001; Certified organizations are audited regularly to ensure that they continue to conformto requirements, and certification will be withdrawn if they do not.


24/48

Section G Verification of Pre-course Work


LRQA Training 2014

The purpose of this section is to check your understanding of the information given inthis pre-course work.

1.

Match the definition to the term and write the letter of the correct definition againstthe term. There are two definitions for which there is no term listed.

No TERM Def. DEFINITION

1 Managementsystem

A Set of interrelated or interacting activities whichtransform inputs into outputs

2 Procedure B Action taken on a nonconforming product tomake it conform to requirements

3 Corrective action C Specified way to carry out an activity or a

process

4 Nonconformity D System to establish policy and objectives and toachieve those objectives

5 Process E Co-ordinated activities to direct and control anorganization with regard to quality

F Action to eliminate the cause of a detectednonconformity or other undesirable situation

G Non-fulfilment of a requirement

2. In the space below, describe the difference between corrective action and preventiveaction and give an example of each.

3. Which of the following are guidance documents?a) ISO 9000b) ISO 19011c) ISO 9004d) None of the above

e) All of the above


25/48



LRQA Training 2014

4. Complete this cross-reference guide by identifying 5 specific requirements in ISO9001 that support each of the quality management principles listed below.

Quality ManagementPrinciple

ISO 9001 requirements that support the principle

Customer focus

Leadership

Involvement of people

Continualimprovement

Factual approach todecision making


26/48



LRQA Training 2014

5. With reference to this pre-course work and ISO 9001, who has overall responsibilityfor the organizations quality policy and quality objectives?

6. With reference to this pre-course work and ISO 9001 describe in the space belowthe purpose of Management review


27/48

Section H Personal Course Objectives


LRQA Training 2014

PurposeEach delegate will have their own reason for coming on the course. For example you

may be an internal auditor (1st

party audits) who wants now to audit against ISO 9001.Or you may be coming on the course as part of your personal development. It will helpyou and the trainer if before you arrive you think about and plan what you want to getfrom the course. We have designed this section to help you with this. It forms a bridgebetween the pre-course pack and the course itself.

In thinking about your objectives for the course you also want to consider:

What you need to do to meet the IRCA requirements for Auditors. You may find itbeneficial to visit the IRCA web site for more details of the requirements forbecoming an IRCA certificated auditor. www.irca.org

Your familiarity with ISO 9001 and quality management systems.

Any other expectations which you or your employer have from the course.

Please now write your personal objectives using the form on the next page and bring itwith you to the course.
http://www.irca.org/http://www.irca.org/http://www.irca.org/


28/48

Section H Personal Course Objectives


LRQA Training 2014

Personal Course Objectives

Name: Company:

Course Name: QMS Auditor/ Lead Auditor

My current auditing experience is: (please give a brief description of your auditingexperience including the type of audits you have completed or been involved in)

My future auditing role will be: (please give a brief description of how you see your role asan auditor developing in the future and include also the type of audits you expect to beinvolved in)

My objectives for the course are: (please list between three and five specific things that youwant to be able to do as a result of completing the course)

Do you intend to apply to become an IRCA certificated auditor or lead auditor?

Yes No Dont know

Please take a copy of this page and bring it with you to the course. You will be asked todiscuss and present your course objectives to your group and LRQA trainer.


29/48

Appendix: Guide to ISO 9001 requirements


LRQA Training 2014

Guide to ISO 9001 requirements

This section provides you with a laypersons guide to the purpose and key requirements

of ISO 9001. It describes all the main requirements you need to know to complete thecourse.

To keep the document brief, only an overview of the requirements is included. Youshould refer to your personal copy of the standard for definitive information.

Caution!

ISO 9001 specifies requirements for a quality management system. It does not prescribehow these requirements are to be met.

If your organizations quality management system has been certified as conforming tothe requirements of ISO 9001 then it has found a way of meeting the requirements thatsuit its business needs. But what suits one organization may not suit another. Forexample, where it suits one organization to have many documented procedures,another may choose to rely on other means to ensure the effective planning, operationand control of its processes. Also your organization may have requirements other thanISO 9001 that is has to comply with. For example, customers may demand certain waysof working or the keeping of certain records. It will be essential during the course thatyou are open-minded about how conformance with the requirements of ISO 9001 canbe achieved, dont mistake your organizations way of conforming with ISO 9001

requirements as being an absolute requirement of the standard itself.

Using this guide

The title of the ISO 9001 clause is given in blue text. Refer to your copy of ISO 9001 forthe full text. Then the main purpose of the requirement is shown in red. It is phrased asa question, the answer to which follows in black text.


30/48



LRQA Training 2014

4 Quality management system

4.1 General requirementsThe organization shall:

4.1a) determine the processes needed for the quality management system and theirapplication throughout the organization

What do we need to manage to ensure achievement of our business objectives andtargets?

If the management system is to work, a starting point must be to identify all thosethings that need to be managed. The purpose of this clause is to ensure that allprocesses that can have a direct or indirect impact upon customer satisfaction andcompliance with applicable statutory and regulatory requirements are identified as partof the management system. What are the processes involved in producing products andservices? What support processes are needed?

Requirements : Identify all of the processes that contribute to meeting requirements,including those of customers, legal requirements and the quality policy and objectives ofthe organization. All processes should be identified, including management activities,resourcing activities, activities needed directly to produce the product or service, andmeasurement and improvement activities.

4.1b) determine the sequence and interaction of these processes

How should it fit together?

Businesses are made up of processes that feed other processes. For example, in avehicle repair operation the parts ordered in the parts ordering process would feedinto the repair process. Organizations need to understand how their processes feedinto each other in order to actively manage the business, making sure that processes areeffective and efficient.

Requirements: A description of how processes identified feed each other is requiredand can be illustrated, for example as a process map. (See also 4.2.2c).

4.1c) determine criteria and methods needed to ensure that both the operation andcontrol of these processes are effective

How will we know that the process is delivering the desired outcome?

Requirements: Firstly determine what the process needs to achieve and set someacceptance criteria. For example in a paint shop this might be the specification for thepaint finish. Then you need to determine what process controls are needed to ensurethis result, for example you might specify paint consistency and dryingtime/temperature. You then need to plan how you will monitor the operation ofprocesses; that is to see if they are being performed as you planned. You will need toplan how you will assess the effectiveness of controls, for example is the paint


31/48



LRQA Training 2014

consistency producing the result we want? Such methods might include inspection andaudit activities.

4.1d) ensure the availability of resources and information necessary to support theoperation and monitoring of these processes

What resources do we need to make it happen?

The business needs to ensure that there are sufficient resources to allow processes towork as intended. Resources include appropriately competent people, equipment,hardware and software, materials, environment and so on and so on. Resources shouldalso be available to monitor processes this would include activities such as internalaudit.

Requirements:

Make sure the necessary resources and information is available at theright time and in the right place.

4.1e) monitor measure where applicable, and analyse these processes and

How do we know if its working?

Organizations need to understand what happens in practice, and be able to comparethis with what should have happened as a basis for making informed decisions. Thisrequirement is about implementing the plans identified in 4.1c.

Processes can be monitored through means such as internal audit, customer feedback,mystery shoppers; process measures may include quantitative data such as processtimes, conversion ratios, turnaround times, volume, costs, revenue etc. Analysis shouldhelp the organization answer the so what? question - what is the data telling usabout how we are performing?

Requirements: Implement the planned arrangements for monitoring and measuringprocess performance and analyse the information generated.

4.1f) implement actions necessary to achieve planned results and continualimprovement of these processes

What can we do to make it work and work better?

Management is all about taking decisions and acting to ensure that objectives can beattained. Implementing this requirement will help to ensure that results are achieved,and that the effectiveness of processes in delivering results is enhanced.

Requirements: Act in response to the results of process measurement and monitoringactivities. Action taken should correct any deficiency between planned and actualperformance. Act also to improve the probability of achieving planned results, whichover time should show sustainable positive trends.


32/48



LRQA Training 2014

Summary Section 4.1 introduces the general requirements for the quality management system. Itprovides an overview of the requirements. It applies the PDCA cycle, described earlier.


33/48



LRQA Training 2014

4.2 Documentation requirements(Look at your copy of ISO 9001 for the full text)

4.2.1 General

How can we ensure that the documentation supporting our management system isadequately but not overly detailed?

A certain amount of documentation is essential to provide direction and clarity in amanagement system, and to ensure that processes, departments and teams interact andoperate as intended. This clause outlines what documentation and records are requiredto operate the business effectively and meet the basic requirements of the Standard. Itaims to help organizations develop a level of documentation that is appropriate for theirbusiness.

Requirements: Organizations must document their quality policy and objectives. Theremust be a quality manual, and records required by the Standard to demonstrateeffective operation of the management system.

Only 6 mandatory documented procedures are needed: Control of documents. Control of records. Internal audit. Control of non conforming product. Corrective action. Preventive action.

The organization should decide what further documentation including records isrequired in order to effectively plan, operate and control its processes.

4.2.2 : Quality manual

What does the management system cover?

The quality manual acts as a guide to how the business is organised and what processesthere are. It should provide a documented overview of the quality management system.Readers should gain a good understanding in overview of the organization. Whatprocesses it operates and how they interact. The quality manual should help readers tonavigate their way through the management system and its documentation.

Requirements : As a minimum the quality manual must include: The scope of the management system, that is what activities and processes are

covered; (refer back to 4.1a in the previous section). The documented procedures (or reference to them if they are contained in other

separate documentation, i.e. work instruction, handbook, manual, job description orpolicy).

A description of how processes interact.


34/48



LRQA Training 2014

4.2.3 Control of documents

How can we keep things up to date and communicate changes?

This requirement is intended to ensure that people have the right information at theright time. It applies to both hard copy and electronic documents. It applies todocumented procedures and some everyday working documents, for example drawingsand specifications. A hotel for example would probably want to control in some way itsroom rate list. Customers documents that are copied and circulated in the organizationshould be controlled. For example, customers' order setting out requirements.Organizations must decide which every day documents need to be controlled and whatis an appropriate method.

Requirements: Approve documents and procedures before issue and amendment. Make it clear which is the most up to date version of the document. For example,

use a revision status or date. Circulate documents to the right people, and make sure that old versions are

removed or destroyed. Set out in a documented procedure how documents will be controlled.

4.2.4 Control of records

How do we know and how can we demonstrate what we have done?

Records may be needed for traceability, and for comparing what happened with whatwas planned a clear understanding of this will be essential for any improvementactivity.

Requirements: What records do we need to keep, to demonstrate the effective operation of the

management system? How long for? Where/how shall we keep them? What happens to records that are no longer needed? Set out in a documented procedure how records will be controlled.

SummarySection 4.2 sets out requirements for quality management system documentationcomprising the policy, objectives, manual, procedures and records.


35/48



LRQA Training 2014

5 Management responsibility(Look at your copy of ISO 9001 for the full text).

5.1 Management commitment

How does management provide appropriate leadership for the management system?And, how is this demonstrated?

People do what their managers pay attention to and the management system willonly deliver results if people within the organization know that using and improving themanagement system to satisfy customers and comply with legal requirements isimportant to top management.

Requirements: Communicate clearly and consistently how important achieving customer satisfaction

and conforming to regulations is. Set direction through the quality policy and objectives. Be personally involved in reviewing the effectiveness of the system. Demonstrate commitment by allocating resources where they are needed.

5.2 Customer focus

What do customers want?

Find out what the market wants and deliver it.

Requirements : Establish the requirements of individual customers and, whereappropriate, the market place in general and listen to customer feedback.

5.3 Quality policy

How can we tell our people what we want the business to achieve and how important itis that everyone follows and improves the way we work?

The quality policy provides focus and direction for the organization and what it shouldachieve.

Requirements: Top management should establish and document a quality policy thatreflects the business strategy and provides long term direction. They should review theirquality policy periodically. The quality policy should reflect the need for continualimprovement, and facilitate setting of quality objectives. The quality policy should becommunicated and understood by all staff.

5.4 Planning

How are we going to achieve our goals? How are we going to direct and control the

organization?


36/48



LRQA Training 2014

How the quality policy will be achieved needs to be planned. The management system,the way the organization will operate to achieve the policy needs to be planned. Topmanagement is responsible for making this happen.

Requirements : Measurable quality objectives should be set that support the qualitypolicy. These should be cascaded throughout the organization, so that departmentsand individuals that are required to contribute to the achievement of objectives have aclear understanding of what is required of them. Planning also applies to the generaloperation of the management system, and includes the management of change.

5.5 Responsibility, authority and communication

How do we know who is supposed to do what?

For organizations to run smoothly, people need to know what they are supposed to doand what authority they have, and what others are supposed to do, and to know whatsgoing on.

The management system and its effectiveness are fundamental to the success of theorganization. Someone has to have overall responsibility for it.

Requirements : People throughout the organization should be clear about their own job roles, the decisions they can make, and those of their colleagues. A member ofmanagement must be appointed to take overall responsibility for the managementsystem and promoting awareness of customer requirements.

5.6 Management Review

How are we doing, are we meeting customers needs and achieving our objectives?

The system needs to be actively managed and continually adjusted and improved andmanagement review enables this to happen. Management review is the key to ensuringthe system adds value to the business.

Requirements : All of the data gathered about the performance of the system shouldbe analysed and submitted in an appropriate form to the management review. Thereview examines this to see if the system is achieving what it set out to achieve. Otherchanges and developments affecting the business are also considered and any changesneeded to the quality policy, objectives and to the management system to improve itsperformance are decided.

SummarySection 5 sets out requirements for top management involvement in leading anddirecting the organization through the development and implementation of the qualitymanagement system and continually improving its effectiveness.


37/48



LRQA Training 2014

6 Resource management(Look at your copy of ISO 9001 for the full text).

6.1 Provision of resources

What resources do we need to achieve our goals, policy objectives and targets?

Need to ensure adequate resources to deliver customer satisfaction.

Requirements: Determine what resources are needed and provide them, including forcontinual improvement.

6.2 Human resources

How can we ensure people can do the job?People performing work affecting conformity to product requirements should becompetent to perform their roles, and remain competent as their roles develop andchange. Competence is the application of knowledge, skills and behaviour to achieve aperformance standard.

Requirements: Determine what knowledge, skills, experience, training andqualifications are needed for specific job roles, and what performance standards peopleare required to work to. Monitor staff performance to make sure they can do the jobproperly. Take appropriate action such as training and coaching to address any

shortfalls and new requirements. Re-assess performance after training and otherinterventions and make sure the action has worked. Keep records of education,training, skills and experience. Make sure that staff should understand the impact theyand their role have on customer satisfaction.

6.3 Infrastructure

What equipment, facilities and supporting services do we need to achieve our goals?

People need tools and systems to achieve results and these need to be planned andprovided. Infrastructure requirements include buildings, equipment, tools, machinery,

computers, desks, software systems, telephone, Internet and other communication andinformation systems, vehicles and so on and so on.

Requirements: The organization needs to plan its requirements, provide and maintainthem, so that they are available and in working order when needed.

6.4 Work environment

What environmental conditions are needed to produce our product and meet customerrequirements?

Need to ensure that the work environment is suitable. Certain processes may need acontrolled environment. Examples are cleanliness and hygiene requirements in food


38/48



LRQA Training 2014

processing areas and protecting components from static electricity in the electronicsindustry. Where the work environment could affect peoples performance and meetingcustomer requirements the environment people work in must be suitable. For examplein a telephone sales office data-entry should not hampered by excessive noise,

temperature or display screens that are difficult to read.

Requirements: Identify what work environment is needed to ensure product meetscustomer and regulatory requirements. Provide it.

SummarySection 6 sets out requirements for planning, providing and maintaining humanresources, infrastructure and the work environment needed by the organization toachieve its objectives and continually improve the effectiveness of the qualitymanagement system.


39/48



LRQA Training 2014

7 Product realization(Look at your copy of ISO 9001 for the full text).

7.1 Planning of product Realization

How are we going to make our product and make sure it meets the customers needs?

Product Realization is all those processes needed to produce the desired product. Thisrequirement of ISO 9001 sets out the generic requirements for the planning anddevelopment of these processes, documents and resources needed to ensure theeffective operation and control of these processes. Referring back to the PDCA cycleand the model of a process-based quality system, its about planning the everydayactivities.

The organization should design and plan product realization processes that can meetcustomer and applicable statutory and regulatory requirements in the most effectiveway, that is with the greatest probability of meeting requirements, striving towardsmeeting them on every occasion.

Where the product is routine the processes can be designed and then applied to allcustomers until the product changes or an improvement opportunity is identified. Forexample a training organization may develop a standard process for dealing with off-the-shelf courses. Where the product is very different for each customer, as would bethe case for major construction projects such as a new sports stadium a customerspecific plan probably will be developed. Planning should include inspection activity to

ensure that progress can be checked and verified against the original agreement withthe customer.

Requirements: Identify relevant inputs prior to planning the realization processes. For example

customer and statutory and regulatory requirements for the product, documentationrequired, quality objectives, resources, responsibilities and so on and so on.

Identify the processes and resources required. Plan how the process is to be carriedout including documents and data to support their operation, controls, acceptancecriteria, records to demonstrate product meets requirements and so on and so on refer back to the IDEF Process Model.

Produce tangible outputs that show how product Realization processes will becarried out. For example process plans, resource plans, work instructions, processdocumentation, control plans, verification or inspection and test plans.

7.2 Customer related processes

What does the customer want, and can we meet their needs?

If organizations are to achieve customer satisfaction, they need to properly understandwhat it is the customer wants, including delivery date and support after delivery. Thissection of ISO 9001 typically applies to enquiry, quotation, contract and sales activities.


40/48



LRQA Training 2014

The organization has a duty to ensure the product meets both the customers stated(verbalised) and implied (expected) needs including statutory and regulatoryrequirements applicable to the product. For example, a customer buying a new car mayspecify the model, colour and accessories (stated needs). As the customer collecting my

new car, I would assume that the car meets safety and emissions standards, as requiredby law and as outlined in product literature, and that I would not specifically need to askfor these (implied needs).

Requirements: Organizations need to develop communication processes to informcustomers about their products. And to obtain enough information from customers tofully and clearly understand what they need. The organization then needs to check thatit can meet those needs. If the needs cannot be met they should re-negotiate or theorder should be declined.

Communication processes need to be established that enable customers to givefeedback, including complaints .

7.3 Design and development

Organizations design products to meet customer specific needs or the needs of themarket. Design is fundamental to achieving customer satisfaction. Design must includecustomer and applicable statutory and regulatory requirements for the product from thestart. ISO 9001 mandates requirements to ensure design is carried out as a series oflogical steps, including periodic reviews of the design to ensure requirements areidentified and carried forward into the final product. The ISO 9001 requirements for

design incorporate the PDCA cycle.

7.3.1 Design and development planning

How can we be systematic in the way we design our products?

Design should be carried out in a planned and systematic way. This applies to any formof product design and development irrespective of whether the product is tangible, forexample hardware and software or intangible for example a service.

Frequently a number of people and departments will be involved at various stages in the

design. For example it is likely that manufacturing would be involved at some time inthe design of new hardware. There needs to be effective communication betweenthose involved in the design. And opportunity for the various functions to participate inreviews of the design to ensure it is feasible to produce and deliver and meets customerneeds.

The output of the planning process should be in a format that meets the needs of theorganization.

Requirements : Plan the design process and: Determine the stages in the design process, including when periodic reviews will be

done.


41/48



LRQA Training 2014

Identify who will be responsible for what and when. Identify key areas of communication. Update the plan as the design progresses.

7.3.2 Design and development inputs

What does our product need to do and what else must we take into account when wedesign it?

At the outset features, characteristics, functional and performance requirements of theproduct need to be identified. These may have been provided directly by the customeror determined by the organization. Customers needs including legal and regulatoryrequirements need to be identified.

Other inputs relating to the design process may include design proformas, checklists,design protocols and procedural documents.

Requirement : Determine inputs relating to the product and keep records of them.

7.3.3 Design and development outputs

What outputs from the design process do we need and format and media will we use torecord them?

The normal output of design and development is the specification for the product and

information to enable it to be made. This may include information for purchasing,production, inspection and test, operation and maintenance of the product. If theprocess is engineering design, the output may be drawings and specifications. If theprocess is software design the output may be a programming functional specification.And if it is service design the output may be a service specification.

The design should be approved as meeting requirements before being released look at7.3.5 design verification and validation below.

Other outputs of the design process will include a design plan that is the output ofdesign planning activity. Also records of reviews, verification and validation results and

records of design changes.Requirement : The specification and related information should be in a format thatmeets the needs of the organization. The product should meet the input requirementsand include information to enable the product to be made. The outputs from the designprocess should be approved before being released.

7.3.4 Design and development review

When and how should we review progress to make sure the design is on the righttrack?


42/48



LRQA Training 2014

The product designed should meet the requirements specified at the start of theprocess. Reviews are done as the design progresses to check that requirements arebeing met. The organization decides when and how often reviews are done. The more

complex the design the more likely a number of reviews will be done. A simple designor development project may have only one review, which would be of the completeddesign see 7.3.5 below .

Design reviews should be included in the design plan.

Requirements : Plan and conduct reviews. Identify any problems and action needed.Keep records. Update the design plan as necessary.

7.3.5 Design and development verification

Will our design work when we make it?

The completed design should be formally reviewed before the product is made. Thereview should check that the product designed meets requirements specified. Thereview should also check that all requirements and activities set out in the design planhave been completed.

Like earlier design reviews this is a review of the outputs from the design process, not areview of the product itself. Typically it will be a review of drawings and specifications.

Requirements : Plan and conduct a review of the design outputs against requirements.

Record the results of the review and any necessary actions.

7.3.6 Design and development validation

Did our design work?

This is a check that the product designed really does meet requirements. Wherepractical this check should be done before delivery of the product or implementation ofthe service. Methods may include prototype testing hardware and software productsand service trials.

It is not always possible to prove the design meets requirements before the product ismade. For example, design of a building. Where this is the case validation may only bepossible over a period, after the product has been made. In such cases a plan forvalidating the design should be produced and ideally agreed with the customer. In thistype of design lessons learned from previous designs are an essential input to thedesign. And lessons learned from this design should feed into later ones. See ISO 9001- 7.3.2c.

Requirements: Plan and conduct activities to demonstrate the product meetrequirements. Record the results and any necessary actions.


43/48



LRQA Training 2014

7.3.7 Control of design and development changes

What should we do when we want to change the design?

Changes to an established design should follow the same process as an original design.That is they should be reviewed, verified, approved and validated as appropriate andrecords kept.

Changing an established design can have an impact on customers. The effect of thedesign change on other parts of the product and on product already delivered needs tobe considered during the design review. For example will a new version of software becompatible with earlier versions already in use? Or, will a new hardware component beinterchangeable with earlier versions? Depending upon the outcome of the reviewthere may be a need to communicate the nature of the changes and their impacts tothose potentially affected.

Requirements: Identify and record design changes. Review, verify and validate design changes. Evaluate the effect of the changes. Record results of reviews and actions necessary.

7.4 Purchasing

How can we make sure we have the materials and services we need to meet our

customers needs?Need to have the right materials/services in the right place at the right time.

Requirements: Select suppliers who are capable of meeting the organizations needs, and monitor

their performance to ensure that they continue to meet these needs. Specify clearly to suppliers what is wanted and when it is needed and check that the

purchased goods/services meet requirements.

7.5 Production and service provision

7.5.1 Control of production and service provision

How can we implement our production / service delivery processes effectively?(Look back at 7.1).

Sections 7.2, 7.3, and 7.4 gave requirements for three specific Realization processes.This section covers all other Realization processes. Section 7.1 of ISO 9001 dealt withplanning the operation of Realization processes. This section requires the planningactivities referred to in section 7.1 to be put into practice. Referring back to the PDCA


44/48



LRQA Training 2014

cycle and the model of a process based quality this requirement is about doing theeveryday activities in the way they were planned.

Requirements : Implement production/service delivery processes under controlled

conditions so the organization is confident that it produces what it said it wouldproduce.

7.5.2 Validation of processes for production and service provision

Did our planned way of working give us what we want when we put it into practice?

In the same way that it is necessary to validate the design of a product, the design ofthe processes that will produce the product needs to be validated. In many caseschecking the product can do this. In others it cannot readily or economically be donethis way. In which case, the process must be proven in its own right. For example, asterilisation process.

Requirements : Make sure that processes are capable of delivering what is needed.Identify processes where the output cannot be verified by monitoring or measurement.Prove these processes are capable of delivering what is needed and monitor the processnot their product.

7.5.3 Identification and traceability

How will we identify different products and different stages of completeness?

Requirements: Identification of product in an appropriate way, making it clearthroughout product realization what checks have been made and what the results were.And where traceability is required, have a method for uniquely identifying product andkeep records.

7.5.4 Customer property

Will we be using customers property in our product and if so how will we look after it?

Customer supplied product is often incorporated into product being supplied. For

example an organization that manufactures and installs signs may be attaching the signto their customers building. Similarly a financial institution or legal service may useconfidential information and personal data supplied by the customer. And a cleaningcompany will take in items belonging to their customers. Other examples include theuse of intellectual property, tools and equipment provided by the customer and the useof packaging or labels provided by the customer, for example brand labels. In all ofthese cases the organization needs to exercise a duty of care with respect to thecustomers property.

Requirements: Identify all instances where the customer provides items for use in the product or

customer property is used to provide the desired product.


45/48



LRQA Training 2014

Exercise appropriate care and control over customers property. Communicate any problems arising to the customer and take action to rectify the

situation. Keep records.

7.5.5 Preservation of product

How will we look after the product and making sure it is not damaged or harmed?

Product needs to be looked after during production and delivery. This applies to alltypes of product. It includes customer-supplied items and information. It includedcomponent parts of the finished product. Examples include protecting integratedcircuits from static electricity, food packaging requirements and security of confidentialinformation.

Requirements: Plan and implement appropriate arrangements for identification,handling, packaging, storage and protection of product.

7.6 Control of monitoring and measuring equipment

How can we be sure monitoring and measuring results are accurate?

Need to make sure that monitoring activities and inspection of product and processes isaccurate.

Requirements: Determine what monitoring and measurement is needed and determine whatequipment is needed for this, including what degree of accuracy is needed.

Monitoring and measurement equipment needs to be identified and checked toensure that it is sufficiently accurate to do the job its required to do. And re-calibrated if it is not.

SummarySection 7 sets out requirements for planning, validating and operating the day-to-dayprocesses needed for product realization.


46/48



LRQA Training 2014

8 Measurement, analysis and improvement(Look at your copy of ISO 9001 for the full text)

8.1 General

How can we ensure we meet requirements and continually improve?

Need to monitor measure and understand what happens in the business in order tomanage it effectively. Why guess when you can base your decisions on sound data andfacts? This part of ISO 9001 is the Check stage of PDCA.

Requirements: need to plan how to monitor, measure, analyse and improve processes,and implement the plan.

8.2 Monitoring and measurementWhere are we now?

Having a direction and objectives for the management system and a plan for itsimplementation is of little use without information to tell the organization where it isagainst its plan. Management and measurement activities will enable the organizationto work out what it needs to do to get from where it is to where it needs to be.

Requirements: Monitor information relating to customer perceptions, to find out what customers

think about the organization's products and services. Perform internal audits to check whether processes are being carried out as

intended, in accordance with ISO 9001 requirements and whether they are effectivein achieving desired results.

Monitor and measure processes to see whether they achieve the results needed. Monitor and measure the product against the specification and acceptance criteria

to make sure it meets requirements.

8.3 Control of nonconforming product

How do we make sure we dont deliver substandard products or services to customers?

Need to ensure that where a problem is detected the organization ensures that theproblem is rectified before it affects the customer.

Requirements: When problems are identified the organization needs to act to ensure that the

product cannot be used or delivered to the customer, unless the problem iscorrected or the customer is told of the nature of the problem and agree to aconcession. If problems are identified after delivery the organization must evaluatethe effect or potential effect of the problem and act appropriately.

A documented procedure is required that describes the controls, responsibilities andauthorities for dealing with non-conforming product.


47/48



LRQA Training 2014

Keep records.

8.4 Analysis of data

What is the data telling us?

Having gathered measurement and monitoring data the organization needs to makesense of it in order to learn and improve the management system. Remember thatmanagement system refers to how the business operates to achieve customer andstatutory and regulatory requirements for the product and quality objectives and policy.Not the collection of paperwork called the quality manual and procedures.

Requirements: Decide what data needs to be collected to assess whether the management system

is doing its job, and to identify where there are opportunities to improve. Include data on customer satisfaction, product conformity, process performance,

opportunities for preventive action, and suppliers. Collect this data, and analyse it to establish patterns, trends, common areas of

strengths and weaknesses.

8.5 Improvement

How can we get better?

If the management system is to add value to the business it must generate improvement

and enhance customer satisfaction.

Requirements Continual improvement through a process of setting measurable objectives,

monitoring progress, reviewing results and identifying and acting upon opportunitiesto improve further.

Identify the root cause of problems and act to make sure they cannot be repeated. Documented procedure for corrective action. Plan to prevent problems by learning from previous problems and near misses. Use

appropriate planning and risk analysis techniques to identify potential problems andact to prevent them occurring.

documented procedure for preventive action.

SummarySection 8 sets out requirements for planning and implementing monitoring andmeasurement, analysis and improvement of processes that comprise the qualitymanagement system. The monitoring and measurement activities generate data thatcan be used for fact based decision making in continual improvement processes andfeed through to management review for top management to act on, so completing thePDCA improvement cycle.


48/48