One of the most commonly cited reasons for implementing an ISO 14001 environmental management system is that it helps an organization comply with environmental laws and regulations.
ISO 14001 registration will provide additional assurance to City Council, senior management, regulators and key stakeholders that appropriate procedures have been implemented to identify, track, and communicate environmental laws and regulations. ISO 14001 registration will also provide assurance that our Administration is controlling, monitoring, and improving performance, relative to these laws/regulations.
A strong environmental management system, aimed at legal/regulatory compliance, will serve the City of Edmonton by increasing the likelihood of avoiding convictions, fines and judgments; avoiding internal legal costs; and promoting positive relations with regulators.
Wednesday, October 21, 2009
Saturday, October 3, 2009
Emergency Preparedness and Response In ISO 14001
Emergency Preparedness and Response In ISO 14001
Under the Emergency Preparedness and Response requirement of ISO 14001:2004 (§4.4.7), the organization is required to establish procedures for identifying the potential for and responding to emergency situations and accidents that can have an impact on the environment.
Identification of Potential Emergency and Accident Situations – Experience indicates that organizations infrequently have a preexisting procedure for identifying potential emergency and accident situations.The norm is to establish emergency and accident responses for a variety of emergency and accident situations irrespective of the potential for their occurrence. But ISO 14001 is specific about requiring a procedure to identify the potential for emergency situations and accidents. Adhering to the requirement of the procedure is a valuable exercise that helps organizations identify weaknesses in their own emergency planning and to plan for that which is most likely to occur.Because many environmental impacts of an emergency or accident situation are secondary in nature, it appears that all potential emergency or accident situations need to be identified before a determination of environmental impacts can be made. An organization that attempts to identify potential emergency or accident situations based on a review of its environmental aspects would likely miss the environmental impact potential of, say, an automobile accident.
There are five steps implied by the emergency preparedness and response requirement:
1) Identify the potential for emergency situations and accidents of all kinds;2) Paying particular attention to the potential environmental impacts of accidents and emergency situations, identify how the organization can prevent and mitigate associated adverse environmental impacts;3) Determine how the organization and its employees should respond to emergency situations and accidents;4) Periodically simulate emergency situations to test response capabilities; and,5) Review and revise procedures based on experience derived from actual and simulated emergency situations and accidents.
Accident and Emergency Situation Identification – In order to identify potential for and responding to emergency situations and accidents, the organization should develop a procedure for systematically identifying accident and emergency situations, evaluating their probability of occurrence, their likely consequences, and their severity.Organizations often engage risk management specialists to assist in the identification of potential emergency or accident situations that could lead to human injury, environmental damage, or economic loss. While many checklists are available to facilitate this kind of evaluation, there is virtually no substitute for physical evaluation of facilities by knowledgeable personnel, whether employees or outside professionals.
Emergency Response Procedures – The organization is required to develop procedures for responding to emergency situations and accidents when they occur. Typically, response procedures include identifying public emergency response agencies and their capabilities, identifying individuals within the organization who are trained and able to provide assistance in emergencies, establishing an emergency communications network, and providing emergency lighting, signage, and equipment. Because Emergency Response Procedures are based on identified potential emergency situations and accidents specific to the organization, the emergency response plan will be unique for each organization.
Periodic Testing – The value of conducting emergency response exercises lies not only with simulating situations that could occur but also in identifying flaws in the response plan. Practice drills can be the most effective test of the system to give employees, emergency response personnel, and management the opportunity to walk through the plan and gain familiarity with its procedures. While a full-dress response exercise is valuable, testing of procedures can be effectively done on much smaller scales and still provide the benefits of testing. Above all, the organization should not let the impracticality of a full-dress exercise keep it from testing sub elements of the emergency response plan.
Review and Revise – ISO 14001 calls for continual improvement of the EMS. Periodically reviewing and revising emergency response plans based on the experience gained from the occurrence of emergency situations or accidents or in testing response plans is an example of continual improvement.
Written Response Plans – Many written emergency response plans are too cumbersome to be of value in an emergency situation – their value depends entirely upon previous training of persons who will be called upon to execute them. Yet, many organizations fail to provide the emergency response training necessary to make the plans functional.Keeping in mind that even the simplest, most direct emergency response plan requires training for effective implementation, an alternative for organizations to consider is establishment of abbreviated, readily available Immediate Response Directions established for each kind of potential emergency situation or accident. Such an emergency response plan might consist of a laminated card prepared for each potential emergency situation or accident and providing specific responsibilities and associated actions for employees and visitors, supervisors, emergency coordinators, and emergency directors.
Under the Emergency Preparedness and Response requirement of ISO 14001:2004 (§4.4.7), the organization is required to establish procedures for identifying the potential for and responding to emergency situations and accidents that can have an impact on the environment.
Identification of Potential Emergency and Accident Situations – Experience indicates that organizations infrequently have a preexisting procedure for identifying potential emergency and accident situations.The norm is to establish emergency and accident responses for a variety of emergency and accident situations irrespective of the potential for their occurrence. But ISO 14001 is specific about requiring a procedure to identify the potential for emergency situations and accidents. Adhering to the requirement of the procedure is a valuable exercise that helps organizations identify weaknesses in their own emergency planning and to plan for that which is most likely to occur.Because many environmental impacts of an emergency or accident situation are secondary in nature, it appears that all potential emergency or accident situations need to be identified before a determination of environmental impacts can be made. An organization that attempts to identify potential emergency or accident situations based on a review of its environmental aspects would likely miss the environmental impact potential of, say, an automobile accident.
There are five steps implied by the emergency preparedness and response requirement:
1) Identify the potential for emergency situations and accidents of all kinds;2) Paying particular attention to the potential environmental impacts of accidents and emergency situations, identify how the organization can prevent and mitigate associated adverse environmental impacts;3) Determine how the organization and its employees should respond to emergency situations and accidents;4) Periodically simulate emergency situations to test response capabilities; and,5) Review and revise procedures based on experience derived from actual and simulated emergency situations and accidents.
Accident and Emergency Situation Identification – In order to identify potential for and responding to emergency situations and accidents, the organization should develop a procedure for systematically identifying accident and emergency situations, evaluating their probability of occurrence, their likely consequences, and their severity.Organizations often engage risk management specialists to assist in the identification of potential emergency or accident situations that could lead to human injury, environmental damage, or economic loss. While many checklists are available to facilitate this kind of evaluation, there is virtually no substitute for physical evaluation of facilities by knowledgeable personnel, whether employees or outside professionals.
Emergency Response Procedures – The organization is required to develop procedures for responding to emergency situations and accidents when they occur. Typically, response procedures include identifying public emergency response agencies and their capabilities, identifying individuals within the organization who are trained and able to provide assistance in emergencies, establishing an emergency communications network, and providing emergency lighting, signage, and equipment. Because Emergency Response Procedures are based on identified potential emergency situations and accidents specific to the organization, the emergency response plan will be unique for each organization.
Periodic Testing – The value of conducting emergency response exercises lies not only with simulating situations that could occur but also in identifying flaws in the response plan. Practice drills can be the most effective test of the system to give employees, emergency response personnel, and management the opportunity to walk through the plan and gain familiarity with its procedures. While a full-dress response exercise is valuable, testing of procedures can be effectively done on much smaller scales and still provide the benefits of testing. Above all, the organization should not let the impracticality of a full-dress exercise keep it from testing sub elements of the emergency response plan.
Review and Revise – ISO 14001 calls for continual improvement of the EMS. Periodically reviewing and revising emergency response plans based on the experience gained from the occurrence of emergency situations or accidents or in testing response plans is an example of continual improvement.
Written Response Plans – Many written emergency response plans are too cumbersome to be of value in an emergency situation – their value depends entirely upon previous training of persons who will be called upon to execute them. Yet, many organizations fail to provide the emergency response training necessary to make the plans functional.Keeping in mind that even the simplest, most direct emergency response plan requires training for effective implementation, an alternative for organizations to consider is establishment of abbreviated, readily available Immediate Response Directions established for each kind of potential emergency situation or accident. Such an emergency response plan might consist of a laminated card prepared for each potential emergency situation or accident and providing specific responsibilities and associated actions for employees and visitors, supervisors, emergency coordinators, and emergency directors.
Migration to ISO 9001:2008
Migration To ISO 9001:2008
The International Accreditation Forum (IAF) and the International Organization forStandardization (ISO) have agreed on an implementation plan to ensure a smooth transition ofaccredited certification to ISO 9001:2008, the latest version of the world’s most widely usedstandard for quality management systems (QMS). The details of the plan are given in the jointcommuniqué by the two organizations which appears below.Like all of ISO’s more than 17 000 standards, ISO 9001 is periodically reviewed to ensure that itis maintained at the state of the art and a decision taken to confirm, withdraw or revise thedocument.ISO 9001:2008, which is due to be published before the end of the year, will replace the year2000 version of the standard which is implemented by both business and public sectororganizations in 170 countries. Although certification is not a requirement of the standard, theQMS of about one million organizations have been audited and certified by independentcertification bodies (also known in some countries as registration bodies) to ISO 9001:2000.ISO 9001 certification is frequently used in both private and public sectors to increaseconfidence in the products and services provided by certified organizations, between partnersin business-to-business relations, in the selection of suppliers in supply chains and in the rightto tender for procurement contracts.ISO is the developer and publisher of ISO 9001, but does not itself carry out auditing andcertification. These services are performed independently of ISO by certification bodies. ISOdoes not control such bodies, but does develop voluntary International Standards toencourage good practice in their activities on a worldwide basis. For example, ISO/IEC17021:2006 specifies the requirements for bodies providing auditing and certification ofmanagement systems.Certification bodies that wish to provide further confidence in their services may apply to be“accredited” as competent by an IAF recognized national accreditation body. ISO/IEC17011:2004 specifies the requirements for carrying out such accreditation. IAF is aninternational association whose membership includes the national accreditation bodies of 49economies.ISO technical committee ISO/TC 176, Quality management and quality assurance, which isresponsible for the ISO 9000 family of standards, is preparing a number of support documentsexplaining what the differences are between ISO 9001:2008 and the year 2000 version, whyand what they mean for users. Once approved, these documents will be posted on the ISOWeb site – probably in October 2008.
ISO (International Organization for Standardization) and the IAF (International AccreditationForum) have agreed an implementation plan to ensure a smooth migration of accreditedcertification to ISO 9001:2008, after consultation with international groupings representingquality system or auditor certification bodies, and industry users of ISO 9001 certificationservices.ISO 9001:2008 does not contain any new requirementsThey have recognized that ISO 9001:2008 introduces no new requirements. ISO 9001:2008only introduces clarifications to the existing requirements of ISO 9001:2000 based on eightyears of experience of implementing the standard world wide with about one millioncertificates issued in 170 countries to date. It also introduces changes intended to improveconsistency with ISO14001:2004The agreed implementation plan in relation to accredited certification is therefore thefollowing:Accredited certification to the ISO 9001:2008 shall not be granted until the publication of ISO9001:2008 as an International Standard.Certification of conformity to ISO 9001:2008 and/or national equivalents shall only be issuedafter official publication of ISO 9001:2008 (which should take place before the end of 2008)and after a routine surveillance or recertification audit against ISO 9001:2008.Validity of certifications to ISO 9001:2000One year after publication of ISO 9001:2008 all accredited certifications issued (newcertifications or recertifications) shall be to ISO 9001:2008.Twenty four months after publication by ISO of ISO 9001:2008, any existing certification issuedto ISO 9001:2000 shall not be valid.
The International Accreditation Forum (IAF) and the International Organization forStandardization (ISO) have agreed on an implementation plan to ensure a smooth transition ofaccredited certification to ISO 9001:2008, the latest version of the world’s most widely usedstandard for quality management systems (QMS). The details of the plan are given in the jointcommuniqué by the two organizations which appears below.Like all of ISO’s more than 17 000 standards, ISO 9001 is periodically reviewed to ensure that itis maintained at the state of the art and a decision taken to confirm, withdraw or revise thedocument.ISO 9001:2008, which is due to be published before the end of the year, will replace the year2000 version of the standard which is implemented by both business and public sectororganizations in 170 countries. Although certification is not a requirement of the standard, theQMS of about one million organizations have been audited and certified by independentcertification bodies (also known in some countries as registration bodies) to ISO 9001:2000.ISO 9001 certification is frequently used in both private and public sectors to increaseconfidence in the products and services provided by certified organizations, between partnersin business-to-business relations, in the selection of suppliers in supply chains and in the rightto tender for procurement contracts.ISO is the developer and publisher of ISO 9001, but does not itself carry out auditing andcertification. These services are performed independently of ISO by certification bodies. ISOdoes not control such bodies, but does develop voluntary International Standards toencourage good practice in their activities on a worldwide basis. For example, ISO/IEC17021:2006 specifies the requirements for bodies providing auditing and certification ofmanagement systems.Certification bodies that wish to provide further confidence in their services may apply to be“accredited” as competent by an IAF recognized national accreditation body. ISO/IEC17011:2004 specifies the requirements for carrying out such accreditation. IAF is aninternational association whose membership includes the national accreditation bodies of 49economies.ISO technical committee ISO/TC 176, Quality management and quality assurance, which isresponsible for the ISO 9000 family of standards, is preparing a number of support documentsexplaining what the differences are between ISO 9001:2008 and the year 2000 version, whyand what they mean for users. Once approved, these documents will be posted on the ISOWeb site – probably in October 2008.
ISO (International Organization for Standardization) and the IAF (International AccreditationForum) have agreed an implementation plan to ensure a smooth migration of accreditedcertification to ISO 9001:2008, after consultation with international groupings representingquality system or auditor certification bodies, and industry users of ISO 9001 certificationservices.ISO 9001:2008 does not contain any new requirementsThey have recognized that ISO 9001:2008 introduces no new requirements. ISO 9001:2008only introduces clarifications to the existing requirements of ISO 9001:2000 based on eightyears of experience of implementing the standard world wide with about one millioncertificates issued in 170 countries to date. It also introduces changes intended to improveconsistency with ISO14001:2004The agreed implementation plan in relation to accredited certification is therefore thefollowing:Accredited certification to the ISO 9001:2008 shall not be granted until the publication of ISO9001:2008 as an International Standard.Certification of conformity to ISO 9001:2008 and/or national equivalents shall only be issuedafter official publication of ISO 9001:2008 (which should take place before the end of 2008)and after a routine surveillance or recertification audit against ISO 9001:2008.Validity of certifications to ISO 9001:2000One year after publication of ISO 9001:2008 all accredited certifications issued (newcertifications or recertifications) shall be to ISO 9001:2008.Twenty four months after publication by ISO of ISO 9001:2008, any existing certification issuedto ISO 9001:2000 shall not be valid.
Nonconformity, Corrective Action and Preventive Action in ISO 14001 EMS
The intent of §4.5.3 is that the organization put in place procedures for 1) identifying actual and potential nonconformities to EMS requirements, 2) taking appropriate corrective or preventive action, and 3) reviewing the effectiveness of corrective or preventive actions taken.The nonconformity requirement of ISO 14001:1996 was a passive requirement in that it was only triggered when a nonconformity came to the attention of the organization through one of the other EMS procedures, such as the EMS audit or management review. ISO 14001:2004, however, requires that the organization establish and maintain procedures to identify actual or potential nonconformities, determine their causes, take action to avoid recurrence or occurrence, record results, and review effectiveness of corrective or preventive actions.
How the organization goes about identifying actual or potential nonconformities is up to it to determine. From the standpoint of registration auditors, it would seem that they would want to see a specific procedure requiring members of the organization to conduct some kind of periodic checklist driven, walk-through inspection for nonconformities. In addition, the procedure should allow for submission of nonconformities by any member of the organization. Actual nonconformities are usually fairly evident and relatively easy to investigate because there is a tangible occurrence with which to deal. The organization should also want to evaluate minor instances of nonconformity that, while not significant in and of themselves, if they occurred under different circumstances, could lead to a significant deviation from the EMS. Such “near misses” could be identified by the occurrence of a sudden, unexpected event, a failure to achieve an objective or target, or a deviation from the Environmental Policy.Potential nonconformities are more difficult to identify and correct. Here, application of Failure Mode and Effects Analysis would be appropriate for organizations having that capability.
When investigating nonconformities, organizations should focus on identifying underlying root causes, not just the immediate manifestation of the problem. If a chemical storage drum leaks, the organization should take action, first, to mitigate the damage and, then, to determine why the leak occurred; e.g., improper or negligent handling, mechanical failure, or lack of a leak detection system. Corrective or preventive actions should then focus on eliminating the cause through training, communication of procedures, use of leak-resistant drums, or installation of a leak detection system.
Other ISO 14001 sections, principally Emergency Preparedness and Response, Internal Audit, and Management Review, are tools that the organization implements in order to help identify instances of actual or potential nonconformity. The underlying principle of these sections is that the identification of nonconformities should be made by the organization through diligent application of these tools, not from the occurrence of an environmental event, a customer or community complaint, or investigation by a regulatory authority. While §4.5.3 does not specifically mention disciplinary action, in many cases disciplinary action or the threat of disciplinary action is appropriate to prevention of future nonconformities. Many organizations have written codes of conduct that give employees notice that deviations from the codes will not be tolerated and that prescribed penalties can result for infractions. These codes can be expanded to include penalties for deviations from the EMS. If so, penalties should be commensurate with the violation itself and should acknowledge the nature of the environmental damage, the degree of negligence, prior conduct, and the forthrightness of the employee being disciplined. Any such code and its remedies should be administered fairly and consistently and should have as its objective correction and prevention of EMS nonconformities, not punishment of employees.Finally, identification, investigation, and correction of nonconformities leads to the need to revise documented procedures.
How the organization goes about identifying actual or potential nonconformities is up to it to determine. From the standpoint of registration auditors, it would seem that they would want to see a specific procedure requiring members of the organization to conduct some kind of periodic checklist driven, walk-through inspection for nonconformities. In addition, the procedure should allow for submission of nonconformities by any member of the organization. Actual nonconformities are usually fairly evident and relatively easy to investigate because there is a tangible occurrence with which to deal. The organization should also want to evaluate minor instances of nonconformity that, while not significant in and of themselves, if they occurred under different circumstances, could lead to a significant deviation from the EMS. Such “near misses” could be identified by the occurrence of a sudden, unexpected event, a failure to achieve an objective or target, or a deviation from the Environmental Policy.Potential nonconformities are more difficult to identify and correct. Here, application of Failure Mode and Effects Analysis would be appropriate for organizations having that capability.
When investigating nonconformities, organizations should focus on identifying underlying root causes, not just the immediate manifestation of the problem. If a chemical storage drum leaks, the organization should take action, first, to mitigate the damage and, then, to determine why the leak occurred; e.g., improper or negligent handling, mechanical failure, or lack of a leak detection system. Corrective or preventive actions should then focus on eliminating the cause through training, communication of procedures, use of leak-resistant drums, or installation of a leak detection system.
Other ISO 14001 sections, principally Emergency Preparedness and Response, Internal Audit, and Management Review, are tools that the organization implements in order to help identify instances of actual or potential nonconformity. The underlying principle of these sections is that the identification of nonconformities should be made by the organization through diligent application of these tools, not from the occurrence of an environmental event, a customer or community complaint, or investigation by a regulatory authority. While §4.5.3 does not specifically mention disciplinary action, in many cases disciplinary action or the threat of disciplinary action is appropriate to prevention of future nonconformities. Many organizations have written codes of conduct that give employees notice that deviations from the codes will not be tolerated and that prescribed penalties can result for infractions. These codes can be expanded to include penalties for deviations from the EMS. If so, penalties should be commensurate with the violation itself and should acknowledge the nature of the environmental damage, the degree of negligence, prior conduct, and the forthrightness of the employee being disciplined. Any such code and its remedies should be administered fairly and consistently and should have as its objective correction and prevention of EMS nonconformities, not punishment of employees.Finally, identification, investigation, and correction of nonconformities leads to the need to revise documented procedures.
Evaluation Of Compliance Of ISO 14001 EMS
The requirement to establish a procedure for periodically evaluating compliance with applicable legal and other requirements falls short of specifically requiring regulatory compliance audits but, in fact, a system of regular regulatory compliance audits may be the most practical means for meeting this requirement of the standard. In the U.S., determination of whether to conduct a compliance audit will be governed in part by the particular jurisdiction’s approach to allowing a legal privilege for the self-assessment audit.
Evaluation vs. Audit – The difference between an evaluation and audit can only be determined by looking outside of ISO 14001. Consulting a dictionary reveals that an evaluation involves a determination of value or worth and that an audit is an examination of accounts done by persons appointed for the purpose. A better definition `is the more specific ISO 19011:2002, Guidelines for Quality and/or Environmental Management Systems Auditing, which defines an audit as a “systematic, independent, and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled.” Many organizations do not have a system for evaluating regulatory compliance other than their own records and the inspections of regulatory officials. This lack of a verification system can be a risky way to operate. Reports of enforcement actions and consent agreements show that many organizations are blindsided by rogue employees who violate rules and falsify documents to cover up environmental misdeeds. Although ISO 14001 does not prescribe a specific approach to evaluation of regulatory compliance, organizations should consider methods for going beyond verification of records by collecting and evaluating physical evidence.
Evaluation vs. Audit – The difference between an evaluation and audit can only be determined by looking outside of ISO 14001. Consulting a dictionary reveals that an evaluation involves a determination of value or worth and that an audit is an examination of accounts done by persons appointed for the purpose. A better definition `is the more specific ISO 19011:2002, Guidelines for Quality and/or Environmental Management Systems Auditing, which defines an audit as a “systematic, independent, and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled.” Many organizations do not have a system for evaluating regulatory compliance other than their own records and the inspections of regulatory officials. This lack of a verification system can be a risky way to operate. Reports of enforcement actions and consent agreements show that many organizations are blindsided by rogue employees who violate rules and falsify documents to cover up environmental misdeeds. Although ISO 14001 does not prescribe a specific approach to evaluation of regulatory compliance, organizations should consider methods for going beyond verification of records by collecting and evaluating physical evidence.
Continual improvement in the quality management In ISO 9001
Continual improvement in the quality management system and its processes In ISO 9001
The standard requires the organization to continually improve the effectiveness of the quality management system in accordance with the requirements of ISO 9001 and to implement action necessary to achieve planned results andcontinual improvement of the identified processes.
ISO 9000 defines continual improvement as a recurring activity to increase the ability to fulfil requirements. As the organization’s objectives are its requirements, continually improving the effectiveness of the management system means continually increasing the ability of the organization to fulfil its objectives.
This requirement responds to the Continual Improvement principle. If the management system is enabling the organization to accomplish its objectives when that is its purpose, why improve? The need for improvement arises out of a need to become more effective at what you do, more efficient in the utilization of resources so that the organization becomes best in its class. The purpose of measuring process performance is to establish whether or not the objectives are being achieved and if not to take action on the difference. If the performance targets are being achieved, opportunities may well exist to raise standards and increase efficiency and effectiveness.
If the performance of a process parameter is currently meeting the standard that has been established, there are several improvement actions you can take:Raise the standard e.g. if the norm for the sales ratio of orders won to all orders bid is 60%, an improvement programme could be developed for raising the standard to 75% or higherIncrease efficiency e.g. if the time to process an order is within limits, identify and eliminate wasted resources Increase effectiveness e.g. if you bid against all customer requests, by only bidding for those you know you can win you improve your hit rate
You can call all these actions improvement actions because they clearly improve performance. However, we need to distinguish between being better at what we do now and doing new things. Some may argue that improving efficiency is being better at what we do now, and so it is – but if in order to improve efficiency we have to be innovative we are truly reaching new standards. Forty years ago, supervisors in industry would cut an eraser in half in the name of efficiency rather than hand out two erasers. Clearly this was a lack of trust disguised as efficiency improvement and it had quite the opposite effect. In fact they were not only increasing waste but also creating a hostile environment.
Each of the improvement actions is dealt with later in the book and the subject of continual improvement addressed again under Quality planning in Chapter 5. There are several steps to undertaking continual improvement (Juran, J. M., 1995)12 .1 Determine current performance2 Establish the need for change3 Obtain commitment and define the improvement objectives4 Organize diagnostic resources5 Carry out research and analysis to discover the cause of currentperformance6 Define and test solutions that will accomplish the improvementobjectives7 Product improvement plans which specify how and by whom the changeswill be implemented8 Identify and overcome any resistance to change9 Implement the change10 Put in place controls to hold new levels of performance and repeat step one.
The standard requires the organization to continually improve the effectiveness of the quality management system in accordance with the requirements of ISO 9001 and to implement action necessary to achieve planned results andcontinual improvement of the identified processes.
ISO 9000 defines continual improvement as a recurring activity to increase the ability to fulfil requirements. As the organization’s objectives are its requirements, continually improving the effectiveness of the management system means continually increasing the ability of the organization to fulfil its objectives.
This requirement responds to the Continual Improvement principle. If the management system is enabling the organization to accomplish its objectives when that is its purpose, why improve? The need for improvement arises out of a need to become more effective at what you do, more efficient in the utilization of resources so that the organization becomes best in its class. The purpose of measuring process performance is to establish whether or not the objectives are being achieved and if not to take action on the difference. If the performance targets are being achieved, opportunities may well exist to raise standards and increase efficiency and effectiveness.
If the performance of a process parameter is currently meeting the standard that has been established, there are several improvement actions you can take:Raise the standard e.g. if the norm for the sales ratio of orders won to all orders bid is 60%, an improvement programme could be developed for raising the standard to 75% or higherIncrease efficiency e.g. if the time to process an order is within limits, identify and eliminate wasted resources Increase effectiveness e.g. if you bid against all customer requests, by only bidding for those you know you can win you improve your hit rate
You can call all these actions improvement actions because they clearly improve performance. However, we need to distinguish between being better at what we do now and doing new things. Some may argue that improving efficiency is being better at what we do now, and so it is – but if in order to improve efficiency we have to be innovative we are truly reaching new standards. Forty years ago, supervisors in industry would cut an eraser in half in the name of efficiency rather than hand out two erasers. Clearly this was a lack of trust disguised as efficiency improvement and it had quite the opposite effect. In fact they were not only increasing waste but also creating a hostile environment.
Each of the improvement actions is dealt with later in the book and the subject of continual improvement addressed again under Quality planning in Chapter 5. There are several steps to undertaking continual improvement (Juran, J. M., 1995)12 .1 Determine current performance2 Establish the need for change3 Obtain commitment and define the improvement objectives4 Organize diagnostic resources5 Carry out research and analysis to discover the cause of currentperformance6 Define and test solutions that will accomplish the improvementobjectives7 Product improvement plans which specify how and by whom the changeswill be implemented8 Identify and overcome any resistance to change9 Implement the change10 Put in place controls to hold new levels of performance and repeat step one.
Preparing the ISO 9001 quality manual
The standard requires a quality manual to be establishedand maintained that includes the scope of the qualitymanagement system, the documented procedures or refer-ence to them and a description of the sequence andinteraction of processes included in the quality manage-ment system.
ISO 9000 defines a quality manual as a documentspecifying the quality management system of an organi-zation. It is therefore not intended that themanual be a response to the requirements ofISO 9001. As the top-level document describingthe management system it is a system descriptiondescribing how the organization is managed.Countless quality manuals produced to satisfy ISO 9000 :2008, were nomore than 20 sections that paraphrased the requirements of the standard.Such documentation adds no value. They are of no use to managers, staff orauditors. Often thought to be useful to customers, organizations would gainno more confidence from customers than would be obtained from theirregistration certificate.
This requirement responds to the System Approach Principle.A description of the management system is necessary as a means of showinghow all the processes are interconnected and how they collectively deliver thebusiness outputs. It has several uses as :a means to communicate the vision, values, mission, policies and objectivesof the organizationa means of showing how the system has been designeda means of showing linkages between processesa means of showing who does whatan aid to training new peoplea tool in the analysis of potential improvementsa means of demonstrating compliance with external standards and regulations
When formulating the policies, objectives and identifying the processes toachieve them, the manual provides a convenient vehicle for containing suchinformation. If left as separate pieces of information, it may be more difficult tosee the linkages.The requirement provides the framework for the manual. Its content maytherefore include the following:1 Introduction(a) Purpose (of the manual)(b) Scope (of the manual)(c) Applicability (of the manual)(d) Definitions (of terms used in the manual)2 Business overview(a) Nature of the business/organization – its scope of activity, its productsand services(b) The organization’s interested parties (customers, employees, regulators,shareholders, suppliers, owners etc.)(c) The context diagram showing the organization relative to its externalenvironment(d) Vision, values(e) Mission3 Organization(a) Function descriptions(b) Organization chart(c) Locations with scope of activity4 Business processes(a) The system model showing the key business processes and how they areinterconnected(b) System performance indicators and method of measurement(c) Business planning process description(d) Resource management process description(e) Marketing process description(f) Product/service generation processes description(g) Sales process description(h) Order fulfilment process description5 Function matrix (Relationship of functions to processes)6 Location matrix (Relationship of locations to processes)7 Requirement deployment matrices(a) ISO 9001 compliance matrix(b) ISO 14001 compliance matrix(c) Regulation compliance matrices (FDA, Environment, Health, Safety,CAA etc.)8 Approvals (List of current product, process and system approvals)
ISO 9000 defines a quality manual as a documentspecifying the quality management system of an organi-zation. It is therefore not intended that themanual be a response to the requirements ofISO 9001. As the top-level document describingthe management system it is a system descriptiondescribing how the organization is managed.Countless quality manuals produced to satisfy ISO 9000 :2008, were nomore than 20 sections that paraphrased the requirements of the standard.Such documentation adds no value. They are of no use to managers, staff orauditors. Often thought to be useful to customers, organizations would gainno more confidence from customers than would be obtained from theirregistration certificate.
This requirement responds to the System Approach Principle.A description of the management system is necessary as a means of showinghow all the processes are interconnected and how they collectively deliver thebusiness outputs. It has several uses as :a means to communicate the vision, values, mission, policies and objectivesof the organizationa means of showing how the system has been designeda means of showing linkages between processesa means of showing who does whatan aid to training new peoplea tool in the analysis of potential improvementsa means of demonstrating compliance with external standards and regulations
When formulating the policies, objectives and identifying the processes toachieve them, the manual provides a convenient vehicle for containing suchinformation. If left as separate pieces of information, it may be more difficult tosee the linkages.The requirement provides the framework for the manual. Its content maytherefore include the following:1 Introduction(a) Purpose (of the manual)(b) Scope (of the manual)(c) Applicability (of the manual)(d) Definitions (of terms used in the manual)2 Business overview(a) Nature of the business/organization – its scope of activity, its productsand services(b) The organization’s interested parties (customers, employees, regulators,shareholders, suppliers, owners etc.)(c) The context diagram showing the organization relative to its externalenvironment(d) Vision, values(e) Mission3 Organization(a) Function descriptions(b) Organization chart(c) Locations with scope of activity4 Business processes(a) The system model showing the key business processes and how they areinterconnected(b) System performance indicators and method of measurement(c) Business planning process description(d) Resource management process description(e) Marketing process description(f) Product/service generation processes description(g) Sales process description(h) Order fulfilment process description5 Function matrix (Relationship of functions to processes)6 Location matrix (Relationship of locations to processes)7 Requirement deployment matrices(a) ISO 9001 compliance matrix(b) ISO 14001 compliance matrix(c) Regulation compliance matrices (FDA, Environment, Health, Safety,CAA etc.)8 Approvals (List of current product, process and system approvals)
Scope of the ISO 9001 quality management system
The standard requires the quality manual to include the scope of the quality management system including details of justification for any exclusion.
The standard addresses activities that may not be relevant or applicable to an organization. The permissible exclusions are explained in section 1.2 of ISO 9001. Here it states that the organization may only exclude requirements that neither affect the organization’s ability, nor its responsibility to provide product that meets customer and applicable regulatory requirements. The requirements for which exclusion is permitted are limited to those in section 7 of the standard.
Under ISO 9000 :2008, it was possible for organizations to exclude functions and processes of their organization that may have been difficult to control or were not part of the order fulfilment cycle. Organizations that designed their own products but not for specific customers could escape bringing these operations into the management system. Marketing was omitted because itoperated before placement of order. Accounting, Administration, Maintenance, Publicity, Public Relations and After Sales Support functions were often omitted because there were no requirements in the standard that specifically dealt with such activities. As there is no function in an organization that does not directly or indirectly serve the satisfaction of interested parties, it is unlikely that any function or process will now be excluded from the management system.
This requirement responds to the System Approach Principle.It is sensible to describe the scope of the management system so as to ensure effective communication. The scope of the management system is one area that generates a lot of misunderstanding particularly when dealing with auditors, consultants and customers. When you claim you have a management system that meets ISO 9001 it could imply that you design, develop, install and service the products you supply, when in fact you may only be a distributor.
Why you need to justify specific exclusions is uncertain because it is more practical tojustify inclusions.
The scope of the management system is the scope of the organization. There is no longer any reason to exclude locations, activities, functions or processes for which there is no requirement in the standard. The reason is because the ISO 9000 family now serves customer satisfaction and is not limited to quality assurance as were the 1994 versions of ISO 9001, ISO 9002 and ISO 9003.
It is not appropriate to address exclusions by inserting pages in the manual corresponding to the sections of the standard and adding justification if not within the scope of the management system – such as ‘We don’t do this!’. It is much more appropriate to use an appendix as indicated previously in the manual contents list. By describing the nature of the business, you are establishing boundary conditions. If in doing so you do not mention that you design products, it will be interpreted that design is not applicable. For exclusions relative to detail requirements, the Compliance Matrix may suffice but for an unambiguous solution, it is preferable to produce an exposition that addresses each requirement of the standard.
The standard addresses activities that may not be relevant or applicable to an organization. The permissible exclusions are explained in section 1.2 of ISO 9001. Here it states that the organization may only exclude requirements that neither affect the organization’s ability, nor its responsibility to provide product that meets customer and applicable regulatory requirements. The requirements for which exclusion is permitted are limited to those in section 7 of the standard.
Under ISO 9000 :2008, it was possible for organizations to exclude functions and processes of their organization that may have been difficult to control or were not part of the order fulfilment cycle. Organizations that designed their own products but not for specific customers could escape bringing these operations into the management system. Marketing was omitted because itoperated before placement of order. Accounting, Administration, Maintenance, Publicity, Public Relations and After Sales Support functions were often omitted because there were no requirements in the standard that specifically dealt with such activities. As there is no function in an organization that does not directly or indirectly serve the satisfaction of interested parties, it is unlikely that any function or process will now be excluded from the management system.
This requirement responds to the System Approach Principle.It is sensible to describe the scope of the management system so as to ensure effective communication. The scope of the management system is one area that generates a lot of misunderstanding particularly when dealing with auditors, consultants and customers. When you claim you have a management system that meets ISO 9001 it could imply that you design, develop, install and service the products you supply, when in fact you may only be a distributor.
Why you need to justify specific exclusions is uncertain because it is more practical tojustify inclusions.
The scope of the management system is the scope of the organization. There is no longer any reason to exclude locations, activities, functions or processes for which there is no requirement in the standard. The reason is because the ISO 9000 family now serves customer satisfaction and is not limited to quality assurance as were the 1994 versions of ISO 9001, ISO 9002 and ISO 9003.
It is not appropriate to address exclusions by inserting pages in the manual corresponding to the sections of the standard and adding justification if not within the scope of the management system – such as ‘We don’t do this!’. It is much more appropriate to use an appendix as indicated previously in the manual contents list. By describing the nature of the business, you are establishing boundary conditions. If in doing so you do not mention that you design products, it will be interpreted that design is not applicable. For exclusions relative to detail requirements, the Compliance Matrix may suffice but for an unambiguous solution, it is preferable to produce an exposition that addresses each requirement of the standard.
Managing processes In ISO 9001 Standard
The standard requires the organization to manage the identified processes in accordance with the requirements of ISO 9001. The first stage in managing a process is to establish what it is you are trying to achieve, what requirements you need to satisfy, what goals you are aiming at; then establish how you will measure your achievements. The next stage is to define the process you will employ to deliver the results. Managing the process then involves managing all the inherentcharacteristics of the process in such a manner that the requirements of customers and interested parties are fulfilled by the process outcomes. This means:Managing the process inputsManaging the workManaging the physical resourcesManaging the financial resourcesManaging the human resourcesManaging the constraintsManaging the outputs
Process management is therefore much more than managing activities and therefore when describing processes, one needs more than a flow chart of activities. The chart is a diagrammatical representation of a process but only one aspect. One can also add numerical data to the charts to indicate resources, cycle times, delays, costs etc. but the intangible factors of the human environment cannot be reduced to numerical data to add to the charts.
The notes to clause 4.1 of ISO 9001 need some explanation. It is stated that the processes needed for the management system include management activities, provision of resources, product realization and measurement. This note could cause confusion because it suggests that these are the processes that are needed for the management system. It would be unwise to use this as the model and far better to identify the processes from observing how the business operates. The term provision of resources should be Resource Management, which is thecollection of processes covering financial, human and physical resources.
Product realization is also a collection of processes such as design, production, service delivery, etc. Measurement is not a single process but a sub-process within each process. Grouping all the measurement processes together serves no useful purpose except it matches the standard – a purpose of little value in managing the organization.
The second note refers to outsourcing processes although it is difficult to imagine that management activities, product realization or measurement would be outsourced in its entirety. It is likely that market research; design, product verification, equipment calibration and other specialized services may be outsourced. While outsourcing comes under purchasing, it is correct to point out that the organization should control any outsourced processes. The supplier of the process is usually referred to as a subcontractor because they provide services to the organization’s requirements not their own. Control of subcontractors is covered by clause 7.4 but in meeting clause 7.4.3, you need to treat suppliers and subcontractors differently.
Process management is therefore much more than managing activities and therefore when describing processes, one needs more than a flow chart of activities. The chart is a diagrammatical representation of a process but only one aspect. One can also add numerical data to the charts to indicate resources, cycle times, delays, costs etc. but the intangible factors of the human environment cannot be reduced to numerical data to add to the charts.
The notes to clause 4.1 of ISO 9001 need some explanation. It is stated that the processes needed for the management system include management activities, provision of resources, product realization and measurement. This note could cause confusion because it suggests that these are the processes that are needed for the management system. It would be unwise to use this as the model and far better to identify the processes from observing how the business operates. The term provision of resources should be Resource Management, which is thecollection of processes covering financial, human and physical resources.
Product realization is also a collection of processes such as design, production, service delivery, etc. Measurement is not a single process but a sub-process within each process. Grouping all the measurement processes together serves no useful purpose except it matches the standard – a purpose of little value in managing the organization.
The second note refers to outsourcing processes although it is difficult to imagine that management activities, product realization or measurement would be outsourced in its entirety. It is likely that market research; design, product verification, equipment calibration and other specialized services may be outsourced. While outsourcing comes under purchasing, it is correct to point out that the organization should control any outsourced processes. The supplier of the process is usually referred to as a subcontractor because they provide services to the organization’s requirements not their own. Control of subcontractors is covered by clause 7.4 but in meeting clause 7.4.3, you need to treat suppliers and subcontractors differently.
ISO 9001 Quality Policy
On customersWe will listen to our customers, understand and balance their needs andexpectations with those of our suppliers, employees, investors and society andendeavour to give full satisfaction to all parties.On leadershipWe will establish and communicate our vision for the organization and throughour leadership exemplify core values to guide the behaviour of all to achieve ourvision.On peopleWe will involve our people in the organization’s development, utilize theirknowledge and experience, recognize their contribution and provide an environ-ment in which they are motivated to realize their full potential.On processes and systemsWe will take a process approach towards the management of work and manage ourprocesses as a single system of interconnected processes that delivers all theorganization’s objectives.On continual improvementWe will provide an environment in which every person is motivated tocontinually improve the efficiency and effectiveness of our products, processes andour management system.On decisionsWe will base our decisions on the logical and intuitive analysis of data collectedwhere possible from accurate measurements of product, process and systemcharacteristics.On supplier relationshipsWe will develop alliances with our suppliers and work with them to jointlyimprove performance.
http://www.iso-consults.com
http://www.iso9001store.com
http://www.iso14000store.com
http://www.iso-consults.com
http://www.iso9001store.com
http://www.iso14000store.com
ISO 9001:2008 Quality Management System Standard
ISO 9001:2008 is the world most successful standard addressing best practice in the application of quality management systems.
The standard is based around the principles of customer satisfaction, continual improvement and the development of a process based quality management system. Although not referenced in the standard itself the ISO 9001:2008 document is underpinned by eight key quality management principles;
a customer focused organisation
leadership
the involvement of people
ensuring a process approach
a systematic approach to management
a factual approach to decision making
mutually beneficial supplier relations
continuous improvement
ISO 9001:2008 has been written to ensure that its guiding principles are equally relevant to all sectors of industry and to all types of organisation. Although containing requirements to control the key processes within an organisation, it only requires six documented procedures. The standard emphasises the need for an organisation to continually monitor their own processes and systems, with many clauses making reference to self monitoring or measurement or both. This emphasis aims for an integrated approach to business processes. Instead of operating to a business plan on one hand and a quality management system on the other, the standard aims to integrate both of these functions into one system.
What is a quality management system?ISO 9001:2008 is a standard that specifies criteria for a quality management system (QMS). A QMS incorporates those elements of an organisations management system that direct and control it with regard to quality. Such a system will need to be supported by top management who will need to be able to demonstrate management commitment.
How do you demonstrate management commitment?Management commitment is one of the cornerstones of ISO 9001:2008, requiring top management to develop and improve the QMS throughout the organisation. This commitment can be demonstrated by a number of methods including creating a quality policy, conducting management reviews and establishing quality objectives.
What is a quality policy?ISO 9001:2008 specifies that an organisation must have a quality policy that documents the organisations overall intentions and direction related to quality as formally expressed by top management. Such a policy will include a commitment to comply with ISO 9001:2008, to continuously improve the QMS and to set and monitor measurable quality objectives.
What are quality objectives?The quality objectives are those targets sought or aimed for by the organisation that are related to quality. These quality objectives must be SMART (suitable, measurable, achievable, reviewed and timely). Examples of quality objectives might be; to reduce machine down time by 20% or to reduce rework costs by ?00 p/m. Whatever quality objectives are chosen they must be meaningful and adequately resourced by the organisation.
What is a management review?A management review is a key element of how the top management of an organisation can assess its performance in terms of the objectives it sets itself, the requirements set by the standard and how its systems are operating. Normally, a management review is a regular meeting of the top management team and uses the information that the organisation? systems have derived. It is a useful forum to review and revise quality objectives.
What are internal audits and why do I need to carry them out?Internal audit is one of the key monitoring processes required by the standard and functions as a check on the organisation? systems. It is the opportunity for an organisation to determine compliance to the systems it has established and maintained to meet the needs of its customers and identify opportunities for improvement. Internal audit can be seen as a ealth check?for an organisation.
The ore?of ISO 9001:2008, Product realisationClause 7 of ISO 9001:2008 contains the core processes that most organisations carry out. Any clause or sub-clause in section 7 can be excluded from an organisations quality management system if it can be justifiably excluded. Examples of common exclusions are clause 7.3 design and development, clause 7.5.3 traceability and clause 7.6 the control of monitoring and measuring devices. Clauses can only be excluded if their exclusion does not affect the company? ability to provide a product or service that meets customer requirements.
These core processes should be managed and controlled via the quality management system, and are evaluated for effectiveness and suitability by the internal audits with feed back into the management review.
This is a clear demonstration of one of the key principles of ISO 9001:2008, continuous improvement by critical self-evaluation. The output from the self-evaluation is fed into a planning stage to determine actions needed to improve the system. Following the planning and consultation comes the action phase where the proposed changes are implemented. Then the cycle starts again by checking that the changes are effective and meaningful by self-evaluation.
Other requirements of section 7 are;Product planning to ascertain and then implement the necessary controls and resources to ensure product realisation.
Purchasing control to verify purchased product against comprehensive purchasing information and the selection and evaluation of suppliers.
Production and service provision to ensure that this activity is carried out in controlled conditions and that any processes that cannot be verified during production are validated to ensure capability. Where appropriate the product must be identified, and if required, traceable at all stages of production. Any customer property must be identified and protected from harm and all products must be stored and handled in such a way to preserve product conformity.
Any monitoring and measuring devices needed to provide evidence of product conformity must be identified and if necessary calibrated.
But what about the customer? All of the clauses in ISO 9001:2008 are in some way focused towards meeting and exceeding the customer? expectations. For example the requirement of management to determine and communicate the importance of customer requirements throughout the organisation, and the review of customer orders to ensure that they can be met. Companies are required to implement methods for effective communication with the client at all stages of the business including ascertaining customer satisfaction after the product or service has been delivered as well as resolving customer complaints.
Finally?ISO 9001:2008 is widely acclaimed as being the pre-eminent specification for quality management systems, it requires a company to look at itself and ask the question, ‘how can we improve?’ An ISO 9001:2008 management system should be an essential part of any business process, requiring continual improvement by self-evaluation with a goal of ensuring that current and future customer expectation can be met and exceeded.
If you have any queries concerning ISO 9001:2008 please visit http://www.iso-consults.com/
The standard is based around the principles of customer satisfaction, continual improvement and the development of a process based quality management system. Although not referenced in the standard itself the ISO 9001:2008 document is underpinned by eight key quality management principles;
a customer focused organisation
leadership
the involvement of people
ensuring a process approach
a systematic approach to management
a factual approach to decision making
mutually beneficial supplier relations
continuous improvement
ISO 9001:2008 has been written to ensure that its guiding principles are equally relevant to all sectors of industry and to all types of organisation. Although containing requirements to control the key processes within an organisation, it only requires six documented procedures. The standard emphasises the need for an organisation to continually monitor their own processes and systems, with many clauses making reference to self monitoring or measurement or both. This emphasis aims for an integrated approach to business processes. Instead of operating to a business plan on one hand and a quality management system on the other, the standard aims to integrate both of these functions into one system.
What is a quality management system?ISO 9001:2008 is a standard that specifies criteria for a quality management system (QMS). A QMS incorporates those elements of an organisations management system that direct and control it with regard to quality. Such a system will need to be supported by top management who will need to be able to demonstrate management commitment.
How do you demonstrate management commitment?Management commitment is one of the cornerstones of ISO 9001:2008, requiring top management to develop and improve the QMS throughout the organisation. This commitment can be demonstrated by a number of methods including creating a quality policy, conducting management reviews and establishing quality objectives.
What is a quality policy?ISO 9001:2008 specifies that an organisation must have a quality policy that documents the organisations overall intentions and direction related to quality as formally expressed by top management. Such a policy will include a commitment to comply with ISO 9001:2008, to continuously improve the QMS and to set and monitor measurable quality objectives.
What are quality objectives?The quality objectives are those targets sought or aimed for by the organisation that are related to quality. These quality objectives must be SMART (suitable, measurable, achievable, reviewed and timely). Examples of quality objectives might be; to reduce machine down time by 20% or to reduce rework costs by ?00 p/m. Whatever quality objectives are chosen they must be meaningful and adequately resourced by the organisation.
What is a management review?A management review is a key element of how the top management of an organisation can assess its performance in terms of the objectives it sets itself, the requirements set by the standard and how its systems are operating. Normally, a management review is a regular meeting of the top management team and uses the information that the organisation? systems have derived. It is a useful forum to review and revise quality objectives.
What are internal audits and why do I need to carry them out?Internal audit is one of the key monitoring processes required by the standard and functions as a check on the organisation? systems. It is the opportunity for an organisation to determine compliance to the systems it has established and maintained to meet the needs of its customers and identify opportunities for improvement. Internal audit can be seen as a ealth check?for an organisation.
The ore?of ISO 9001:2008, Product realisationClause 7 of ISO 9001:2008 contains the core processes that most organisations carry out. Any clause or sub-clause in section 7 can be excluded from an organisations quality management system if it can be justifiably excluded. Examples of common exclusions are clause 7.3 design and development, clause 7.5.3 traceability and clause 7.6 the control of monitoring and measuring devices. Clauses can only be excluded if their exclusion does not affect the company? ability to provide a product or service that meets customer requirements.
These core processes should be managed and controlled via the quality management system, and are evaluated for effectiveness and suitability by the internal audits with feed back into the management review.
This is a clear demonstration of one of the key principles of ISO 9001:2008, continuous improvement by critical self-evaluation. The output from the self-evaluation is fed into a planning stage to determine actions needed to improve the system. Following the planning and consultation comes the action phase where the proposed changes are implemented. Then the cycle starts again by checking that the changes are effective and meaningful by self-evaluation.
Other requirements of section 7 are;Product planning to ascertain and then implement the necessary controls and resources to ensure product realisation.
Purchasing control to verify purchased product against comprehensive purchasing information and the selection and evaluation of suppliers.
Production and service provision to ensure that this activity is carried out in controlled conditions and that any processes that cannot be verified during production are validated to ensure capability. Where appropriate the product must be identified, and if required, traceable at all stages of production. Any customer property must be identified and protected from harm and all products must be stored and handled in such a way to preserve product conformity.
Any monitoring and measuring devices needed to provide evidence of product conformity must be identified and if necessary calibrated.
But what about the customer? All of the clauses in ISO 9001:2008 are in some way focused towards meeting and exceeding the customer? expectations. For example the requirement of management to determine and communicate the importance of customer requirements throughout the organisation, and the review of customer orders to ensure that they can be met. Companies are required to implement methods for effective communication with the client at all stages of the business including ascertaining customer satisfaction after the product or service has been delivered as well as resolving customer complaints.
Finally?ISO 9001:2008 is widely acclaimed as being the pre-eminent specification for quality management systems, it requires a company to look at itself and ask the question, ‘how can we improve?’ An ISO 9001:2008 management system should be an essential part of any business process, requiring continual improvement by self-evaluation with a goal of ensuring that current and future customer expectation can be met and exceeded.
If you have any queries concerning ISO 9001:2008 please visit http://www.iso-consults.com/
Structure Of ISO 9001
ISO 9001 was first published in 1987. Later, it went through three revisions in 1994, 2000 and 2008. The latest version version of the ISO 9001 standard was published on 14th November 2008. This is the structure of the standard:
Clause 1 Scope
Clause 2 Normative reference
Clause 3 Terms and definitions
Clause 4 Quality management system
Clause 5 Management responsibility
Clause 6 Resource management
Clause 7 Product realization
Clause 8 Measurement, analysis and improvement
http://www.e-wia.com
Clause 1 Scope
Clause 2 Normative reference
Clause 3 Terms and definitions
Clause 4 Quality management system
Clause 5 Management responsibility
Clause 6 Resource management
Clause 7 Product realization
Clause 8 Measurement, analysis and improvement
http://www.e-wia.com
ISO 9001:2008 General Requirements
4.1 General requirements
The organization shall establish, document, implement and maintain a quality management system and continually improve its effectiveness in accordance with the requirements of this International Standards. The organization
shall determine the processes needed for the quality management system and their application throughout the organizations,
determine the sequence and interaction of these processes,
determine criteria and methods needed to ensure that both the operation and control of these processes are effective,
ensure the availability of resources and information necessary to support the operation and monitoring of these processes,
monitor, measure (where applicable) and analyze these processes, and
implement actions necessary to achieve planned results and continual improvement of these processes.
These processes shall be managed by the organization in accordance with the requirements of this International Standard.
Where an organization chooses to outsource any process that affects product conformity to requirements, the organization shall ensure control over such processes. The type and extent of control to be applied to these outsourced processes shall be defined within the quality management system.
NOTE 1: Processes needed for the quality management system referred to above include processes for management activities, provision of resources, product realization and measurement, analysis and improvement.
NOTE 2: An outsourced process is identified as one being needed for the organization’s quality management system, but chosen to be performed by a party external to the organization.
NOTE 3: Ensuring control over outsourced processes does not absolve the organization of the responsibility of conformity to all customer, statutory, and regulatory requirements. The type and extent of control to be applied to the outsourced process can be influenced by factors such asa) the potential impact of the outsourced process on the organization’s capability to provide product that conforms to requirements,b) the degree to which the control for the process is shared;c) the capability of achieving the necessary control through the application of clause 7.4.
Clause 4.2 Documentation requirements
4.2.1 General
The quality management system documentation shall includedocumented statements of a quality policy and quality objectives,
a quality manual,
documented procedures and records required by this International Standard,
documents including records, needed determined by the organization to be necessary to ensure the effective planning, operation and control of its processes
NOTE 1: Where the term “documented procedure” appears within this International Standard, this means that the procedure is established, documented, implemented and maintained. A single document may include the requirements for one or more procedures. A requirement for a documented procedure may be covered by more than one document.
NOTE 2: The extent of the quality management system documentation can differ from one organization to another due to the size of organization and type of activities, the complexity of processes and their interactions, and the competence of personnel.
NOTE 3: The documentation can be in any form or type of medium.
4.2.2 Quality Manual
The organization shall establish and maintain a quality manual that includes the scope of the quality management system, including details of and justification for any exclusions (see 1.2), the documented procedures established for the quality management system, or reference to them, and a description of the interaction between the processes of the quality management.
4.2.3 Control of documents
Documents required by the quality management system shall be controlled. Records are a special type of document and shall be controlled according to the requirements given in 4.2.4.
A documented procedure shall be established to define the controls needed
to approve documents for adequacy prior to issue,
to review and update as necessary and re-approve documents,
to ensure that the changes and the current revision status of documents are identified,
to ensure that relevant versions of applicable documents are available at points of use,
to ensure that documents of external origin are identified and their distribution controlled, and
to prevent the unintended use of obsolete documents, and to apply suitable identification to them if they are retained for any purpose.
4.2.4 Control of records
Records established to provide evidence of conformity to requirements and of the effective operation of the quality management system shall be controlled. The organization shall establish a documented procedure to define the controls needed for the identification, storage, protection, retrieval, retention, and disposition of records. Records shall remain legible, readily identifiable, and retrievable.
The organization shall establish, document, implement and maintain a quality management system and continually improve its effectiveness in accordance with the requirements of this International Standards. The organization
shall determine the processes needed for the quality management system and their application throughout the organizations,
determine the sequence and interaction of these processes,
determine criteria and methods needed to ensure that both the operation and control of these processes are effective,
ensure the availability of resources and information necessary to support the operation and monitoring of these processes,
monitor, measure (where applicable) and analyze these processes, and
implement actions necessary to achieve planned results and continual improvement of these processes.
These processes shall be managed by the organization in accordance with the requirements of this International Standard.
Where an organization chooses to outsource any process that affects product conformity to requirements, the organization shall ensure control over such processes. The type and extent of control to be applied to these outsourced processes shall be defined within the quality management system.
NOTE 1: Processes needed for the quality management system referred to above include processes for management activities, provision of resources, product realization and measurement, analysis and improvement.
NOTE 2: An outsourced process is identified as one being needed for the organization’s quality management system, but chosen to be performed by a party external to the organization.
NOTE 3: Ensuring control over outsourced processes does not absolve the organization of the responsibility of conformity to all customer, statutory, and regulatory requirements. The type and extent of control to be applied to the outsourced process can be influenced by factors such asa) the potential impact of the outsourced process on the organization’s capability to provide product that conforms to requirements,b) the degree to which the control for the process is shared;c) the capability of achieving the necessary control through the application of clause 7.4.
Clause 4.2 Documentation requirements
4.2.1 General
The quality management system documentation shall includedocumented statements of a quality policy and quality objectives,
a quality manual,
documented procedures and records required by this International Standard,
documents including records, needed determined by the organization to be necessary to ensure the effective planning, operation and control of its processes
NOTE 1: Where the term “documented procedure” appears within this International Standard, this means that the procedure is established, documented, implemented and maintained. A single document may include the requirements for one or more procedures. A requirement for a documented procedure may be covered by more than one document.
NOTE 2: The extent of the quality management system documentation can differ from one organization to another due to the size of organization and type of activities, the complexity of processes and their interactions, and the competence of personnel.
NOTE 3: The documentation can be in any form or type of medium.
4.2.2 Quality Manual
The organization shall establish and maintain a quality manual that includes the scope of the quality management system, including details of and justification for any exclusions (see 1.2), the documented procedures established for the quality management system, or reference to them, and a description of the interaction between the processes of the quality management.
4.2.3 Control of documents
Documents required by the quality management system shall be controlled. Records are a special type of document and shall be controlled according to the requirements given in 4.2.4.
A documented procedure shall be established to define the controls needed
to approve documents for adequacy prior to issue,
to review and update as necessary and re-approve documents,
to ensure that the changes and the current revision status of documents are identified,
to ensure that relevant versions of applicable documents are available at points of use,
to ensure that documents of external origin are identified and their distribution controlled, and
to prevent the unintended use of obsolete documents, and to apply suitable identification to them if they are retained for any purpose.
4.2.4 Control of records
Records established to provide evidence of conformity to requirements and of the effective operation of the quality management system shall be controlled. The organization shall establish a documented procedure to define the controls needed for the identification, storage, protection, retrieval, retention, and disposition of records. Records shall remain legible, readily identifiable, and retrievable.
ISO 9001 Management Representative
The ISO 9001 Management Representative is appointed by the top management of an organization. Irrespective of other responsibilities, he/she is responsible and has the authority in
ensuring that processes needed for the quality management system are established, implemented and maintained,
reporting to top management on the performance of the quality management system and any need for improvement, and
ensuring the promotion of awareness of customer requirements throughout the organization.
The responsibility of the Management Representative also includes liaison with external parties on matters relating to the quality management system.
The Management Representative is usually assisted at the departmental level by Quality Representatives. This position is assumed by the respective Department Managers. The Quality Representatives are responsible for the quality processes which are applicable to their respective departments.
The Quality Representatives head their respective Quality Improvement Teams which are established for the purpose of monitoring processes and identifying opportunities for improvements. Members of the Quality Improvement Teams comprise of key personnel within the departments/process areas who are appointed by the Quality Representative to assist him/her at the process-level.
The Management Representative is also assisted by an appointed Document Controller whose responsibility is to implement the Control of Documents and Control of records procedures.
Collectively, the Management Representative, Quality Representatives and the Document Controller make up the Quality Management System Committee. This committee meets regularly to provide relevant inputs and resolutions for the quality management system. The structure of the Quality Management System Committee is as follows:
Management Representative – Chairman
Document Controller – Secretary
Quality Representatives – Members
[Note: The above is just an example. If you are a small organization, a QMS Committee and Quality Improvement Teams may not be necessary]
To facilitate effecetive communications, the Quality Management System Committee and the Quality Improvement Teams, respectively, meet regularly in order to ensure that communication regarding the effectiveness of the quality management system takes place. Pertinent information regarding the quality management system is then posted by the Management Representative on the Bulletin Board for the benefit of all employees. Employees are generally encouraged to provide their inputs towards the quality management system through suggestion boxes which are located at strategic locations within the organization’s premises.
Note: Some organizations employ this method but results may vary among other organizations. The key is to continually improve on these methods/processes.
ensuring that processes needed for the quality management system are established, implemented and maintained,
reporting to top management on the performance of the quality management system and any need for improvement, and
ensuring the promotion of awareness of customer requirements throughout the organization.
The responsibility of the Management Representative also includes liaison with external parties on matters relating to the quality management system.
The Management Representative is usually assisted at the departmental level by Quality Representatives. This position is assumed by the respective Department Managers. The Quality Representatives are responsible for the quality processes which are applicable to their respective departments.
The Quality Representatives head their respective Quality Improvement Teams which are established for the purpose of monitoring processes and identifying opportunities for improvements. Members of the Quality Improvement Teams comprise of key personnel within the departments/process areas who are appointed by the Quality Representative to assist him/her at the process-level.
The Management Representative is also assisted by an appointed Document Controller whose responsibility is to implement the Control of Documents and Control of records procedures.
Collectively, the Management Representative, Quality Representatives and the Document Controller make up the Quality Management System Committee. This committee meets regularly to provide relevant inputs and resolutions for the quality management system. The structure of the Quality Management System Committee is as follows:
Management Representative – Chairman
Document Controller – Secretary
Quality Representatives – Members
[Note: The above is just an example. If you are a small organization, a QMS Committee and Quality Improvement Teams may not be necessary]
To facilitate effecetive communications, the Quality Management System Committee and the Quality Improvement Teams, respectively, meet regularly in order to ensure that communication regarding the effectiveness of the quality management system takes place. Pertinent information regarding the quality management system is then posted by the Management Representative on the Bulletin Board for the benefit of all employees. Employees are generally encouraged to provide their inputs towards the quality management system through suggestion boxes which are located at strategic locations within the organization’s premises.
Note: Some organizations employ this method but results may vary among other organizations. The key is to continually improve on these methods/processes.
Introduction to ISO Certification
Certification is a way to attest, by the intermediary of a third-party certifier, to a company’s ability to provide a service, product or system in accordance with client requirements and regulation requirements. ISO and IEC give the following definition:
Procedure by which a third party gives written assurancethat a product, process or service complies with the requirementsspecified in a benchmark.The ISO 9000 family of standards corresponds to all the management best practices benchmarks as regards quality, which are defined by ISO (the International Organisation for Standardization).
ISO 9000 standards were originally written in 1987, with revisions taking place in 1994 and 2000. Thus, the 2000 version of the ISO 9001 standard, which is part of the ISO 9000 family, is written “ISO 9001:2000″. The ISO 9001:2000 standard mainly focuses on the processes used to produce a service or product, whereas the ISO 9001:1994 standard was mainly focused on the product itself. Here is an overview of all the different standards in the ISO 9000 family:
ISO 9000: “Quality Management Systems – Basic Principles and Vocabulary”. The ISO 9000 standard describes the principles of a quality management system and defines the terminologyISO 9001: “Quality Management Systems – Requirements”. The ISO 9001 standard describes the requirements relative to a quality management system either for internal use or for contractual or certification purposes. Therefore, this standard is a group of requirements that companies must followISO 9004: “Quality Management Systems – Guidelines for Improving Performance”. This standard, which is intended for internal use and not for contractual purposes, focuses particularly on continually improving performanceISO 10011: “Guidelines for auditing quality management and/or environmental management systems”.
Procedure by which a third party gives written assurancethat a product, process or service complies with the requirementsspecified in a benchmark.The ISO 9000 family of standards corresponds to all the management best practices benchmarks as regards quality, which are defined by ISO (the International Organisation for Standardization).
ISO 9000 standards were originally written in 1987, with revisions taking place in 1994 and 2000. Thus, the 2000 version of the ISO 9001 standard, which is part of the ISO 9000 family, is written “ISO 9001:2000″. The ISO 9001:2000 standard mainly focuses on the processes used to produce a service or product, whereas the ISO 9001:1994 standard was mainly focused on the product itself. Here is an overview of all the different standards in the ISO 9000 family:
ISO 9000: “Quality Management Systems – Basic Principles and Vocabulary”. The ISO 9000 standard describes the principles of a quality management system and defines the terminologyISO 9001: “Quality Management Systems – Requirements”. The ISO 9001 standard describes the requirements relative to a quality management system either for internal use or for contractual or certification purposes. Therefore, this standard is a group of requirements that companies must followISO 9004: “Quality Management Systems – Guidelines for Improving Performance”. This standard, which is intended for internal use and not for contractual purposes, focuses particularly on continually improving performanceISO 10011: “Guidelines for auditing quality management and/or environmental management systems”.
Business benefits of ISO 14000
Business Benefits Of ISO 14001
Any manager will try to avoid pollution that could cost the company a fine for infringing environmental legislation. But better managers will agree that doing only just enough to keep the company out of trouble with government inspectors is a rather weak and reactive approach to business in today’s increasingly environment-conscious world.
There is a better way. The ISO 14000 way. The ISO 14000 standards are practical tools for the manager who is not satisfied with mere compliance with legislation – which may be perceived as a cost of doing business. They’re for the proactive manager with the breadth of vision to understand that implementing a strategic approach can bring return on investment in environmentrelated measures. Implementing an ISO 14000-basedenvironmental management system, and using other tools from the ISO 14000 family, will give you far more than just confidence that you are complying with legislation.
The ISO 14000 approach forces you to take a hard look at all areas where your business has an environmental impact. And this systematic approach can lead to benefits like the following:
a. Reduced cost of waste managementb. Savings in consumption of energy and materialsc. Lower distribution costsd. Improved corporate image among regulators, customers and the publice. Framework for continuous improvement of your environmental performance.
The manager who is “too busy managing the business” to listen to good senseabout environmental management could actually be costing the business plenty. Just think, for example, of the lost opportunities for achieving benefits like those above.
The ISO 14000 standards are management tools that will help your businessachieve environmental goals that go way beyond acquiring a mere “green sheen”.
Any manager will try to avoid pollution that could cost the company a fine for infringing environmental legislation. But better managers will agree that doing only just enough to keep the company out of trouble with government inspectors is a rather weak and reactive approach to business in today’s increasingly environment-conscious world.
There is a better way. The ISO 14000 way. The ISO 14000 standards are practical tools for the manager who is not satisfied with mere compliance with legislation – which may be perceived as a cost of doing business. They’re for the proactive manager with the breadth of vision to understand that implementing a strategic approach can bring return on investment in environmentrelated measures. Implementing an ISO 14000-basedenvironmental management system, and using other tools from the ISO 14000 family, will give you far more than just confidence that you are complying with legislation.
The ISO 14000 approach forces you to take a hard look at all areas where your business has an environmental impact. And this systematic approach can lead to benefits like the following:
a. Reduced cost of waste managementb. Savings in consumption of energy and materialsc. Lower distribution costsd. Improved corporate image among regulators, customers and the publice. Framework for continuous improvement of your environmental performance.
The manager who is “too busy managing the business” to listen to good senseabout environmental management could actually be costing the business plenty. Just think, for example, of the lost opportunities for achieving benefits like those above.
The ISO 14000 standards are management tools that will help your businessachieve environmental goals that go way beyond acquiring a mere “green sheen”.
Subscribe to:
Posts (Atom)