ISO 9000 Quality Plan: 2009

Thursday, December 31, 2009

Background and Future of ISO 9001:2008

ISO 9001 serves as the basis for benchmarking an organization’s quality management system. Quality management should not be confused with terms such as quality assurance” or quality control. Quality management measures the overall management function in determining the organization’s quality policy, its objectives, and its responsibilities, as well as the quality policy implementation through means such as quality assurance and quality control. Quality assurance measures all planned and systematic activities implemented within the organizations quality system. Quality control is the operational techniques and activities used to fulfil quality requirements (e.g., meeting a customer’s specifications or requirements for a given product or service).

Revision of the ISO 9000 standards has been under discussion for a number of years. Soon after the 1994 revisions, ISO Technical Committee 176 began the task of overcoming the standard’s manufacturing bias while, at the same time, overcoming other persistent criticisms that the standard did not adequately cover all aspects of the QMS.

The development of ISO 9001:2008 has been a particularly interesting process to behold. It is an object lesson in consensus building. ISO Technical Committee 176, with the participation of various national standards bodies, has actually managed to overcome criticisms from apparently opposite directions and written a document that appears to be acceptable to the great majority of ISO’s member bodies.

The manufacturing industry criticized the older versions of ISO 9001 for its failure to include a large range of quality management requirements in the standard. Some manufacturing industries considered ISO 9001 to be so inadequate that they developed their own expanded, industry-specific versions of the ISO 9001 standard. ISO was also criticized by non-manufacturing industries for catering to the manufacturing industries. Everything about the older versions of ISO 9001 seemed overwhelmingly rooted in a manufacturing environment.

The ISO technical committee found itself in a dilemma and then found a way out. ISO 9001:2008 appears to have actually reached a satisfactory compromise in which the language is generic enough to be applicable to industries other than manufacturing yet specific enough to satisfy the particular concerns of the manufacturing industry.

As far as actual implementation of the new standard was concerned, ISO Technical Committee 176 recommended that implementation of ISO 9001:2008 could begin as early as the fourth quarter of 1999 — one full year in advance of the standard’s scheduled publication. The ISO technical committee made this recommendation because ISO works through a lengthy consultative process to achieve a consensus. Once a consensus was obtained (in early 1999), further changes became improbable.

Sunday, December 27, 2009

ISO 9001:2008 FAQ

What Is The ISO 9001: 2008 Standard?

The latest edition of the ISO 9001 standard ISO 9001: 2008, Quality Management Systems – Requirements, was officially published by (ISO) the International Organization for Standardization on November 14, 2008. It is the fourth edition of the ISO 9001 standard since it was first published in 1987.

Who Is Responsible For Revising The standards?

The ISO Technical Committee no.176, Sub-committee no.2 (ISO/TC 176/SC 2) is responsible for the revision process in collaboration with consensus among quality and industry experts nominated by ISO Member bodies, and representing all interested parties.

Does ISO 9001:2008 Have Additional Requirements Beyond ISO 9001:2000 ?

This latest (4th) edition of ISO 9001 contains no new requirements compared to the (3rd) year 2000 edition, which it replaces. What it does is provide clarification to the existing requirements of ISO 9001:2000 based on eight years’ experience of worldwide implementing of the standard and introduces changes intended to improve consistency with the environmental management system standard, ISO 14001:2004.

The clarifications and changes in ISO 9001:2008 represents fine-tuning, rather than a thorough overhaul. It focuses on changes that organizations might make to better comply with the spirit of the standard without adding, deleting, or altering its requirements. The changes are minor in nature and address such issues as the need to clarify, provide greater consistency, resolve perceived ambiguities, and improve compatibility with ISO 14001. The numbering system and the structure of the standard remain unchanged. As a result, the new standard looks much like the old standard.

ISO has grouped the changes incorporated in this ISO 9001:2008 edition into the following categories:
- No changes or minimum changes on user documents, including records
- No changes or minimum changes to existing QMS processes
- No additional training required or minimal training required
- No effects on current certifications

In contrast, the 3rd edition, ISO 9001:2000 published in 2000, represented a major overhaul of the standard, including new requirements and a sharpened customer focus, reflecting developments in quality management and experience gained since the publication of the initial version.

Then Why Was It Necessary To Introduce This Revision?
All ISO standards – currently more than 17 400 – are periodically reviewed. To ensure that ISO standards are maintained at the state of the art, ISO has a rule requiring them to be periodically reviewed and a decision taken to confirm, withdraw or revise the documents. The review process must be initiated within 3 years of publication of a standard. The review considers several factors such as technological evolution, new methods and materials, new quality and safety requirements, or questions of interpretation and application.

The review of ISO 9001 resulting in the 2008 edition was carried out by subcommittee SC 2 of ISO/TC 176. This subcommittee, which is responsible for the ISO 9000 family, unites expertise from 80 participating countries and 19 international or regional organizations, plus other technical committees.

This review has a number of inputs that help it:

A global user questionnaire/survey

A market Justification Study

Suggestions arising from the ISO/TC 176 interpretation process

Opportunities for increased compatibility with ISO 14001

The need for greater clarity, ease of use, and improved translation

Current trends – keeping up with recent developments in management system practices.

How Does The New ISO 9001 Edition Affect Existing ISO 9001 QMS’s?

As organizations start looking at ISO 9001:2008, they will wonder to what extent the changes might affect them. To a large extent, the new standard will not result in significant change to existing quality management systems (QMS).

ISO/TC 176 was careful in not making change for change sake. In the case of editorial changes, this was especially true. This could have lead to a false impression that there was a change in requirements, carrying greater significance than was intended. In those instances, when the committee members couldn’t come to a consensus in determining if a change added or deleted a requirement, they opted to retain the existing text. They decided it was better to err on the side of caution rather than to contribute to any misunderstanding in the marketplace.

The changes that have been incorporated into this edition of the ISO 9001 standard include changes that should lead to a better understanding across a broader range of product types, including service organizations; use of deliberate wording to minimize the potential for incorrect user interpretation; and reflect nuances of similar concepts. Lastly, some of the changes to specific clauses were made based on the 2004 International User Feedback Survey. This survey was conducted after the publication of ISO 9001:2000 and had invited respondents to identify areas they most wanted to see improved.

ISO 9001 Standards – Document Repository

ISO 9001 Standards - Document Repository

All QMS and product realization documents can be stored electronically within the computerize Document Management System like ISO 9001 Document Control Sytem. This provides a set of category and sub-category headings that enable users to drill down into
the different levels of the documentation category tree.
QMS documents are created and maintained within a top level category entitled “ISO 9001 Quality Management System (QMS)“. Documents in this category follow a 4-tier approach:
• Quality Manual – company scope and process interactions within the QMS
• Quality Procedures – responsibilities, controls and activities within the QMS that effect customer service
• Records – objective evidence to demonstrate our goal in achieving customer satisfaction
• Forms & Reports to support the QMS processes
Product realization documents are stored in categories corresponding to Products, Projects and Departments. Each document is unique, but can be accessed from multiple categories.
Documents created within the FablessSemi Inc CogniDox system are assigned a unique identifier using the format “PO-NNNNNN-XX”; where the “PO” prefix identifies them as FablessSemi Inc documents, the “NNNNNN” is an automatically generated and uniquely assigned numerical ID, and the “XX” suffix indicates the document type.
All Fabless Semi Inc personnel are responsible for creating document part numbers and uploading documents to an appropriate category. Selected users with additional system privileges are responsible for creating and maintaining document categories.

History and Evolution of ISO 9000 Standards

Pre ISO 9000
During World War II, there were quality problems in many British industries such as munitions, where bombs were exploding in factories during assembly. The solution adopted to address these quality problems required factories to document their manufacturing procedures and to prove by record-keeping that the procedures were being followed. The standard was BS 5750, and it was known as a management standard because it specified not what to manufacture, but how the manufacturing process was to be managed. In 1987, the British Government persuaded the International Organization for Standardization (ISO) to adopt BS 5750 as an international standard. The international standard was named ISO 9000.

ISO 9000: 1987 Version
ISO 9000:1987 had the same structure as the British Standard BS 5750, with three ‘models’ for quality management systems, the selection of which was based on the scope of activities of the organisation:
• ISO 9001:1987 Model for quality assurance in design, development, production, installation, and servicing was for companies and organisations whose activities included the creation of new products
• ISO 9002:1987 Model for quality assurance in production, installation, and servicing had basically the same material as ISO 9001 but without covering the creation of new products.
• ISO 9003:1987 Model for quality assurance in final inspection and test covered only the final inspection of finished product, with no concern for how the product was produced.
ISO 9000:1987 was also influenced by existing U.S. and other Defense Standards (MIL SPECS), and so was well-suited to manufacturing. The emphasis tended to be placed on conformance with procedures rather than the overall process of management—which was likely the actual intent.

ISO 9000:1994 (Year 1994 Revision)
ISO 9000:1994 emphasised quality assurance via preventive actions, instead of just checking final product, and continued to require evidence of compliance with documented procedures. As with the first edition, the down-side was that companies tended to implement its requirements by creating shelf-loads of procedure manuals, and becoming burdened with an ISO bureaucracy. In some companies, adapting and improving processes could actually be impeded by the quality system.

ISO 9000:2000 (Year 2000 Revision)
ISO 9001:2000 combines the three standards 9001, 9002, and 9003 into one, called 9001. Design and development procedures are required only if a company engages in the creation of new products. The 2000 version sought to make a radical change in thinking by placing the concept of process management front and centre (”Process management” was the monitoring and optimising of a company’s tasks and activities, instead of just inspecting the final product). The Year 2000 version also demands involvement by upper executives, in order to integrate quality into the business system and avoid delegation of quality functions to junior administrators. Another goal is to improve effectiveness via process performance metrics — numerical measurement of the effectiveness of tasks and activities. Expectations of continual process improvement and tracking customer satisfaction were made explicit.

ISO 9000:2008 (Year 2008 Revision)
The new ISO 9001:2008 was published on 15 November 2008. ISO 9001:2008 uses the same numbering system as ISO 9001:2000 to organise the standard. As a result, the new ISO 9001:2008 standard looks very much like the old standard. No new requirements have been added. However, some important clarifications and modifications have been made.

As with the release of previous versions, organisations registered to ISO 9001:2000 will be given a period to transition to the ISO 9001:2008 standard, assuming changes are needed.

ISO 9000 — a way of managing for conformance
Quality assurance, according to the Standard, is a way of managing that prevents non-conformance and thus “assures quality”. This is what makes ISO 9000 different from other standards: it is a management standard, not a product standard. It goes beyond product standardisation: it is standardising not what is made but how it is made. To use standards to dictate and control how organisations work was to extend the role of standards to new territory. To take such a step we might have firstly established that any such requirements worked — that they resulted in ways of working which improved performance.
Yet the plausibility of this Standard, and the fact that those who had an interest in maintaining it were (and still are) leading opinion, prevented such enquiries. In simple terms the Standard asks managers to say what they do, do what they say and prove it to a third party.
ISO 9000 (1994) paragraph 1: “The requirements specified are aimed primarily at achieving customer satisfaction by preventing non-conformity at all stages from design through servicing.”
To put it another way, the Standard asserts that preventing non-conformance achieves customer satisfaction. But does it? Of course it matters to customers that a product works. But there is no guarantee that the Standard will ensure even that. Furthermore, customers take a total view of an organisation — how easy it is to do business with — in respect of all things of importance to each and every customer.
ISO 9000 requires managers to “establish and maintain a documented quality system as a means of ensuring that product conforms to specified requirements”. Loosely translated this is “say what you do”. Management is supposed to “define and document its policy for quality . . . including its commitment to quality”.
What management would not declare its commitment to quality? But would they know what it means? Would they argue (as they should) that quality management is a different and better way to do business, or would they believe that ISO 9000 will take care of quality? The Standard encourages managers to think of “quality” and “business as usual” as separate and distinct. It helps managers avoid the revelation that quality means a wholly different view of management. Instead, the organisation “shall appoint a management representative who, irrespective of other responsibilities, shall have defined authority and responsibility” [for ISO 9000]. At a practical level this means only one executive might decide he or she had better learn a thing or two about quality. However, would being responsible for ISO 9000 lead to learning about quality or simply enforcing the ISO 9000 regime in an organisation?
Key to the regime is auditing. The Standard requires organisations to conduct internal quality audits to “verify whether quality activities comply with planned arrangements”. This can be loosely translated as “do you do as you say?” and the purpose of the audit is to see that you do. It was not until the 1994 review that the words were changed to “quality activities and related results”. It was a Standard which was rooted in the philosophy of inspection: fifteen years after its initial promulgation the promoters sought to extend the focus to results. But results or improvements assessed by what means? Inspection. By the time the Standard was adopted world-wide, quality thinking had moved a long way from the philosophy of inspection. It is now understood, at least by a few, that quality is achieved through managing the organisation as a system and using measures which enable managers to improve flow and reduce variation (which we explore in chapters 5 and 7). The defenders argue that there is nothing stopping a company having ISO 9000 and implementing methods for managing flow and reducing variation, but where are such companies? Few of the companies we researched, formally and informally, knew anything about this thinking. The Standard does not talk about it; moreover, the Standard effectively discourages managers from learning about it by representing quality in a different way.
According to ISO 8402 (quality vocabulary), quality is:
“The totality of features and characteristics of a product or service that bear on its ability to satisfy stated or implied needs.”
Everything we have learned about ISO 9000 suggests that the people who created this definition were thinking about the things which need to be controlled, those things which “bear on its ability . . .”. The builders of the Standard assumed that customer needs would be listed in contractual agreements between the supplier and customer. ISO 9000 has a “make” logic — procedures for “how you do what you do” — and a “control” logic — check to see that it is done. It is a relic of the era when contractual agreements were perceived to be an important device for regulating the behaviour of suppliers. In these ways, ISO 9000 encouraged “planning for quality”.
Planning for quality sounds plausible, but it assumes many things: that the plan is the right plan, that it is feasible, that people will “do it”, that performance will improve. It is an approach which, paradoxically, leads to poor decisions. Planners of quality systems, guided by ISO 9000, start with a view of how the world should be as framed by the Standard. Understanding how an organisation is working, rather than how someone thinks it should, is a far better place from which to start change of any kind.

Quality characteristics in ISO 9000 Standards

Quality characteristics in ISO 9000 Standards

Any feature or characteristic of a product or service that is needed to satisfy customer needs or achieve fitness for use is a quality characteristic. When dealing with products the characteristics are almost always technical characteristics, whereas service quality characteristics have a human dimension. Some typical quality characteristics are given below.

Product characteristics

1. Accessibility Functionality Size

2. Availability Interchangeability Susceptibility

3. Appearance Maintainability Storability

4. Adaptability Odour – Strength

5. Cleanliness Operability -Taste

6. Consumption Portability – Testability

7. Durability Producibility Traceability

8. Disposability Reliability – Toxicity

9. Emittance Reparability Transportability

10. Flammability Safety – Vulnerability

11. Flexibility Security – Weight

Service quality characteristics

1. Accessibility Credibility – Honesty

2. Accuracy Dependability Promptness

3. Courtesy Efficiency - Responsiveness

4. Comfort Effectiveness Reliability

5. Competence Flexibility – Security

These are the characteristics that need to be specified and their achievement controlled, assured, improved, managed and demonstrated. These are the characteristics that form the subject matter of the product requirements referred to in ISO 9000. When the value of these characteristics is quantified or qualified they are termed product requirements. We used to use the term quality requirements but this caused a division in thinking that resulted in people regarding quality requirements as the domain of the quality personnel and technical requirements being the domain of the technical personnel. All requirements are quality requirements – they express needs or expectations that are intended to be fulfilled by a process output that possesses inherent characteristics. We can therefore drop the word quality. If a modifying word is needed in front of the word requirements it should be a word that signifies the subject of the requirements. Transportation system requirements would be requirements for a transportation system, Audio speaker design requirements would be requirements for the design of an audio speaker, component test requirements would be requirements for testing components, and management training requirements would be requirements for training managers. ISO 9000 requirements are often referred to as quality requirements as distinct from other types of requirements but this is misleading. ISO 9000 is no more a quality requirement than is ISO 1000 on SI units, ISO 2365 for Ammonium nitrate or ISO 246 for Rolling Bearings. The requirements of ISO 9000 are quality management system requirements – requirements for a quality management system

Revision Of Documents In ISO 9000 Standards

The ISO 9000 Standard requires that documents be updated as

necessary and re-approved following their review.

Following a document review, action may or may not be necessary. If the

document is found satisfactory, it will remain in use until the next review. If the

document is found unsatisfactory there are two outcomes.

The document is no longer necessary and should be withdrawn from use –

this is addressed by the requirement dealing with obsolescence.

The document is necessary but requires a change – this is addressed by this

requirement.

The standard implies that updating should follow a review. The term update

also implies that documents are reviewed only to establish whether they are

current when in fact document reviews may be performed for many different

reasons. A more appropriate term to update would be revise. Previously the

standard addressed only the review and approval of changes and did not

explicitly require a revision process. However, a revision process is executed

before a document is subject to re-approval.

This requirement responds to the Continual Improvement principle.

It is inevitable that during use a need will arise for changing documents and

therefore provision needs to be made to control not only the original

generation of documents but also their revisions.

The document change process consists of a number of key stages some of

which are not addressed in ISO 9001.

a. Identification of need (addressed by document review)

b. Request for change (not addressed in the standard)

c. Permission to change (not addressed in the standard)

d. Revision of document (addressed by document updates)

e. Recording the change (addressed by identifying the change)

f. Review of the change (addressed under quality planning)

g. Approval of the change (addressed by document re-approval)

h. Issue of change instructions (not addressed in the standard)

i. Issue of revised document (addressed by document availability)

As stated previously, to control documents it is necessary to control their

development, approval, issue, change, distribution, maintenance, use, storage,

security, obsolescence or disposal and we will now address those aspects not

specifically covered by the standard.

In controlling changes it is necessary to define what constitutes a change to a

document. Should you allow any markings on documents, you should specify

those that have to be supported by change notes and those that do not.

Markings that add comment or correct typographical errors are not changes

but annotations. Alterations that modify instructions are changes and need

prior approval. The approval may be in the form of a change note that details

changes that have been approved.

Anyone can review a document but approved documents should only be

changed/revised/amended under controlled conditions. The document

review will conclude that either a change is necessary or unnecessary. If a

change is necessary, a request for change should be made to the issuing

authorities. Even when the person proposing the change is the same as would

approve the change, other parties may be affected and should therefore be

permitted to comment. The most common method is to employ Document

Change Requests. By using a formal change request it allows anyone to request

a change to the appropriate authorities.

Change requests need to specify:

a. The document title, issue and date

b. The originator of the change request (who is proposing the change, his or her

location or department)

c. The reason for change (why the change is necessary)

d. What needs to be changed (which paragraph, section, etc. is affected and

what text should be deleted)

e. The changes in text required where known (the text which is to be inserted

or deleted)

By maintaining a register of such requests you can keep track of who has

proposed what, when and what progress is being made on its approval. You

may of course use a memo or phone call to request a change but this form of

request becomes more difficult to track and prove you have control. You will

need to inform staff where to send their requests.

On receipt of the request you need to provide for its review by the change

authority. The change request may be explicit in what should be changed or

simply report a problem that a change to the document would resolve.

Someone needs to be nominated to draft the new material and present it for

review but before that, the approval authorities need to determine whether

they wish the document to be changed at all. There is merit in reviewing

requests for change before processing in order to avoid abortive effort. You

may also receive several requests for change that conflict and before processing

you will need to decide which change should proceed. While a proposed

change may be valid, the effort involved may warrant postponement of the

change until several proposals have been received – it rather depends on the

urgency

Ensuring the availability of controlled documents

The standard requires that relevant versions of applica-

ble documents are available at points of use.

The relevant version of a document is the version

that should be used for a task. It may not be the latest

version because you may have reason to use a

different version of a document such as when

building or repairing different versions of the same

product. Applicable documents are those that are

needed to carry out work. Availability at points of use

means the users have access to the documents they

need at the location where the work is to be

performed. It does not mean that users should possess copies of the documents

they need, in fact this is undesirable because the copies may become outdated

and not withdrawn from use.

This requirement exists to ensure that access to documents is afforded when

required. Information essential for the performance of work needs to be

accessible to those performing it otherwise they may resort to other means

of obtaining what they need that may result in errors, inefficiencies and

hazards.

In order to make sure that documents are available you should not keep them

under lock and key (or password protected) except for those where restricted

access is necessary for security purposes. You need to establish who wants

which documents and when they need them. The work instructions should

specify the documents that are required for the task so that those documents

not specified are not essential. It should not be left to the individual to

determine which documents are essential and which are not. If there is a need

for access out of normal working hours, access has to be provided. The more

copies there are the greater the chance of documents not being maintained so

minimize the number of copies. A common practice is to issue documents to

managers only and not the users. This is particularly true of management

system documents. One finds that only the managers hold copies of the

Quality Manual. In some firms all the managers reside in the same building,

even along the same corridor and it is in such circumstances that one invariably

finds that these copies have not been maintained. It is therefore impractical to

have all the copies of the Quality Manual in one place. Distribute the

documents by location, not by named individuals. Distribute to libraries, or

document control centres so that access is provided to everyone and so that

someone has responsibility for keeping them up to date. If using an intranet,

the problems of distribution are less difficult but there will always be some

groups of people who need access to hard copy.

The document availability requirement applies to both internal and external

documents alike. Customer documents such as contracts, drawings, specifica-

tions and standards need to be available to those who need them to execute

their responsibilities. Often these documents are only held in paper form and

therefore distribution lists will be needed to control their location. If documents

in the public domain are required, they only need be available when required

for use and need not be available from the moment they are specified in a

specification or procedure. You should only have to produce such documents

when they are needed for the work being undertaken at the time of the audit.

However, you would need to demonstrate that you could obtain timely access

when needed. If you provide a lending service to users of copyrighted

documents, you would need a register indicating to whom they were loaned so

that you can retrieve them when needed by others.

A document that is not ready for use or is not used often may be archived.

But it needs to be accessible otherwise when it is called for it won’t be there. It

is therefore necessary to ensure that storage areas, or storage mediums provide

secure storage from which documents can be retrieved when needed. Storing

documents off-site under the management of another organization may give

rise to problems if they cannot be contacted when you need the documents.

Archiving documents on magnetic tape can also present problems when the

tape cannot be found or read by the new technology that has been installed!

Electronic storage presents very different problems to conventional storage and

gives rise to the retention of ‘insurance copies’ in paper should the retrieval

mechanism fail.

Ensuring documents are legible and identifiable

The standard requires documents to remain legible and

readily identifiable.

Legibility refers to the ease with which the informa-

tion in a document can be read or viewed. A

document is readily identifiable if it carries some

indication that will quickly distinguish it from

similar documents. Any document that requires a reader to browse through it

looking for clues is clearly not readily identifiable.

The means of transmission and use of documents may cause degradation

such that they fail to convey the information originally intended. Confusion

with document identity could result in a document being misplaced, destroyed

or otherwise being unobtainable. It can also result in incorrect documents

being located and used.

This requirement is so obvious it hardly needs to be specified. As a general

rule, any document that is printed or photocopied should be checked for

legibility before distribution. Legibility is not often a problem with electron-

ically controlled documents. However, there are cases where diagrams cannot

be magnified on screen so it would be prudent to verify the capability of the

technology before releasing documents. Not every user will have perfect

eyesight! Documents transmitted by fax present legibility problems due to the

quality of transmission and the medium on which the information is printed.

Heat sensitive paper is being replaced with plain paper but many organiza-

tions still use the old technology. You simply have to decide your approach.

For any communication required for reference, it would be prudent to use

photocopy or scan the fax electronically and dispose of the original.

Documents used in a workshop environment may require protection from oil

and grease. Signatures are not always legible so it is prudent to have a policy

of printing the name under the signature. Documents subject to frequent

photocopying can degrade and result in illegible areas.

Although a new requirement, it is unusual to find documents in use that carry

no identification at all. Three primary means are used for document

identification – classification, titles and identification numbers. Classification

divides documents into groups based on their purpose – policies, procedures,

records, plans, etc are classes of documents. Titles are acceptable providing

there are no two documents with the same title in the same class. If you have

hundreds of documents it may prove difficult to sustain uniqueness.

Identification can be made unique in one organization but outside it may not

be unique. However, the title as well as the number is usually sufficient.

Electronically controlled documents do not require a visible identity other than

the title in its classification. Classifying documents with codes enables their

sorting by class.

Revision Of Documents In ISO 9000 Standards

The ISO 9000 Standard requires that documents be updated as