What is ISO 9000 Standards?

What is ISO 9000 Standards?

Outsourced Processes In ISO 9001 Standards

Outsourced Processes In ISO 9001 Standards

One of the changes in ISO 9001:2008 is clarification of the role of outsourced processes in aquality management system. Guidance on ‘Outsourced processes’ helps clarify the intent and shows the linkage between Clause 4.2, where outsourced processes appear, and the purchasing controls in clause 7.4.
An outsourced process is a process that the organization needs for its quality management system and is performed by an external party. This party could be another company, a corporate service, another division, etc.
The organization needs to ensure the outsourced process is conducted in accordance with ISO 9001:2008 and other requirements of the quality management system. This brings in the purchasing controls of 7.4. The service may not be purchased in the traditional sense of a monetary transaction. The guidance document explains that the controls in clause 4.2 and 7.4 apply. For example, a “no charge” service from a corporate head office requires documentation of supplier selection and, most importantly, control.
The guidance document addresses two important cases and gives guidance on the appropriate level of control. The cases are:
• The organization has the competence and ability to carry out a process, but chooses to outsource it (for commercial or other reasons).
• The organization does not have the competence to carry out the process itself, and chooses to outsource it.

Transition from ISO 9001:2000 to ISO 9001:2008

Transition from ISO 9001:2000 to ISO 9001:2008

This reference guide was developed to help you understand the nature of the changes to theISO 9001 standard.

Clause Change/Emphasis Not Auditable

0.1 General – Added language emphasizing statutory and regulatory requirements are a concern as it relates to products for this international standard.

0.4 Compatibility with Other Management Systems Standards - Emphasis was added on the consideration given to ISO 14001:2004 to ensure that the standards are compatible.

1.1 General

1.2 Application – “Statutory” was added in certain paragraphs to ensure the user is aware that these requirements must be taken into consideration. Additional notes were added to explain that where the word “product” appears, it refers to every stage of its existence, from raw material received to the final product being shipped to the customer.

2. Normative Reference – Reference to ISO 9000 (vocabulary and concepts) was updated to refer to the current revision (i.e. ISO 9000:2005).

3. Terms and Definitions – The supplier/organization/customer model was removed. These relationships, in reality, are not always linears.

The Auditable Requirements
Clause Change/Emphasis
4.1
In 4.1 a, “identify” was replaced with “determine” to emphasize that an organization must give careful consideration to what processes are needed in order to fulfill requirements.
A link is drawn to 7.4 in the additional note. This was done to show that the supplier approval, evaluation, and re-evaluation process is where evidence of controlled outsourced processes should be demonstrated.
4.2.1
References to records and documents were consolidated.
Also, the organization can require records not specified in this international standard that are created and maintained.
4.2.3
Clarification is given to the requirement for outsourced documents. Only those needed for the planning and operation of the QMS need to be controlled. This could exclude documents related to occupational health and safety since ISO 9001 contains requirements only concerned with product (see 0.1).
4.2.4
Rephrased, but no additional clarifications or emphasis added. Editorial change only.
5.5.2
The management representative must be from the organization’s management. This would exclude consultants and other individuals external to the organization (e.g. a management representative from the corporate entity). The purpose of this is to ensure that this individual, entrusted with the responsibilities of championing the quality management system, is not “out of touch” with the organization.
6.2.1
The boundaries of competence only extend to individuals who impact product conformity. However, this does not just include those who are directly involved in production. The decisions made by management affect product conformity; therefore, they must be competent as well.

6.2.2
If said personnel have not yet attained the competence needed to perform the assigned job, then the organization must provide training or some other remedy to ensure that competence is achieved. The organization must also have a mechanism to ensure that personnel have been evaluated based on how well they demonstrate their knowledge and skill (i.e. competence). It is not enough to merely provide training or consider an individual’s experience. The organization must prove to itself that this person can, in fact, perform.
6.3
Infrastructure also includes databases and information technology.
6.4
Emphasis is added in a note to highlight that the concept of “work environment” only extends to product quality.
7.1 c
“Measurement” is added.
7.2.1
“Post-delivery activity” is clarified in a note with examples.
7.3.1
A note emphasizes that design verification, validation, and review are different from one another and serve different purposes. Design review is where the organization evaluates if the design can meet requirements and if any changes need to be made. Design verification is where the organization has ensured that requirements have been met (e.g. is the widget blue and is it hexagonal?). Design validation is where the organization proves that the design can perform as required.
However, the records of design verification, validation, and review do not have to be separate.
7.3.3
Production and service provisions also extend to how product is preserved, handled, etc., to ensure product conformity. See 7.5.1
Design outputs must include requirements related to preservation. See 7.5.5.

7.5.2
Notes were added to give examples of the types of processes where this requirement would apply along with a statement that service organizations should have additional considerations in the planning stages when deficiencies and conformity are not likely to be identified prior to delivery.
7.5.3
Product status must be identified throughout product realization, not just the final product. See 1.2.
7.5.4
Wording was modified to add clarity, but the intent of the requirement has not changed.
7.5.5
Again, emphasis is added that care must be given to preserving the product regardless of where it falls in the realization process.
7.6
An obsolete reference to another ISO document was replaced.
The definition of “monitoring and measuring devices” has been clarified to include equipment and devices that are purposed for monitoring and measuring, regardless of their original or intended purpose.
An additional note regarding software was added.
8.2.2
Document and record requirements were reworded and their placement modified to improve clarity.
The reference to the auditing guidance document was updated (i.e. ISO 19011).

8.2.3
Wording was modified to emphasize that correction and corrective actions are not only to be taken to preserve the conformity of the product, but also to preserve the quality management system. For example, internal rejection/scrap rates could show evidence that the organization is preserving product conformity and is taking intermediate action to prevent bad product from being shipped to their customers; however, it could also be a sign that the organization is not efficient since the higher rejection/scrap rates are undesirable.
A note was added to clarify the meaning of “suitable methods” related to planning, monitoring and measurement processes. Suitability should be determined based on risk and the impact that nonconformity would have on the product or process.
8.2.4
Product can be released to other internal processes despite planned arrangements not being satisfactorily completed as long as it conforms prior to release to the customer. This relaxes requirements on intermediate inspection results and records.
8.3
Actions taken against nonconforming product must be proportional to its impact or potential impact. See 8.2.3 related to impact considerations for monitoring and measurement.
This would mean that in the planning stages of a product, the organization needs to customize responses to nonconforming products based on the risk or potential risk to the organization.
This requirement existed in ISO 9001:2000; however, its location has changed.

8.5.2
Nonconformity can have multiple causes (“cause”; i.e. a singular reason, was used in the 2000 version); therefore, the organization must consider this when conducting root cause analysis.
Also, it is not enough to simply review corrective action and ensure that procedures were changed, personnel have been re-trained, and that processes were amended. The organization must review whether or not the action(s) taken were effective; i.e. did they successfully eliminate the nonconforming condition?
8.5.3
Similar to the new emphasis on the effectiveness of corrective action, the organization must also document whether or not the preventive action(s) taken were effective in eliminating the risk of nonconformity.

Hidden Businees Opportunities

The ISO 9001:2000 Standard has been revised after eight years. And the buzz is rapidly reaching a crescendo. We continue to receive numerous emails and phone calls regarding the impact of the new release. First, let me dispel any anxiety about the November 15, 2008 official “2008” release. There are no new requirements. The changes are largely interpretive, and focus on terminology clarifications. The changes to the ISO 9001 amendment, however, will have considerable benefit.
As a back drop, keep in mind that ISO 9001 is not just an International Standard for a Quality Management System. It is the world’s most recognized business management standard. And it makes a strong business case. It focuses attention on leadership, business planning, organizational business processes, your customers (internal and external), measurement and reporting, and continual improvement. That translates to improved business results and a sustainable competitive advantage.

Overview of the Changes

The points of clarification focus on outsourcing, documentation, management representative, employee competence, design verification and validation, process monitoring, control of nonconforming product and corrective and preventive action. But bear in mind, no “shalls” (requirements) were added or removed.
Examples of select changes include: In an attempt to clarify the term “outsourcing,” notes were added that require the organization to identify processes (and the control of these) to be completed by an external party. With respect to documentation, the changes focus on improving the compatibility between ISO 9001 and ISO 14001.
The only significant addition to the management representative sub clause was to require that the MR be a member of the organization’s management team. This means a contracted person could serve in this role as long as he or she is also considered part of management. The management representative does not have to be full-time.
With regard to competence of employees, a note was added to make training more pervasive throughout the organization. Training applies to all employees directly or indirectly responsible for delivering a service or producing a product (everyone that is part of the quality chain). A complete listing of changes can be found in Annex B (Table B.1) of the Standard. Also, note that there is better alignment with ISO 14001:2004.

Guidance on Clause 4.2 of ISO 9001:2008

Guidance on Clause 4.2 of ISO 9001:2008

The following comments are intended to assist users of ISO 9001:2008 in understanding the intent of the general documentation requirements of the International Standard.

a) Documented statements of a quality policy and objectives:

Requirements for the quality policy are defined in clause 5.3 of ISO 9001:2008. The documented quality policy has to be controlled according to the requirements of clause 4.2.3.

Note: Organizations that are revising their quality policy for the first time, or in order to meet the amended requirements in ISO 9001:2008, should pay particular attention to clause 4.2.3 (c), (d) and (g).

Requirements for quality objectives are defined in clause 5.4.1 of ISO 9001:2008. These documented quality objectives are also subject to the document control requirements of clause 4.2.3.

b) Quality Manual:

Clause 4.2.2 of ISO 9001:2008 specifies the minimum content for a quality manual. The format and structure of the manual is a decision for each organization, and will depend on the organization’s size, culture and complexity. Some organizations may choose to use the quality manual for other purposes besides that of simply documenting the QMS

A small organization may find it appropriate to include the description of its entire QMS within a single manual, including all the documented procedures required by the standard.

Large, multi-national organizations may need several manuals at the global, national or regional level, and a more complex hierarchy of documentation.

The quality manual is a document that has to be controlled in accordance with the requirements of clause 4.2.3.

c) Documented procedures:

ISO 9001:2008 specifically requires the organization to have “documented procedures” for the following six activities:

4.2.3 Control of documents

4.2.4 Control of records

8.2.2 Internal audit

8.3 Control of nonconforming product

8.5.2 Corrective action

8.5.3 Preventive action

These documented procedures have to be controlled in accordance with the requirements of clause 4.2.3 Some organizations may find it convenient to combine the procedure for several activities into a single documented procedure (for example, corrective action and preventive action). Others may choose to document a given activity by using more than one documented procedure (for example, internal audits). Both are acceptable.

Some organizations (particularly larger organizations, or those with more complex processes) may require additional documented procedures (particularly those relating to product realization processes) to implement an effective QMS.

Other organizations may require additional procedures, but the size and/or culture of the organization could enable these to be effectively implemented without necessarily being documented. However, in order to demonstrate compliance with ISO 9001:2008, the organization has to be able to provide objective evidence (not necessarily documented) that its QMS has been effectively implemented.

d) Documents needed by the organization to ensure the effective planning, operation and control of its processes:

In order for an organization to demonstrate the effective implementation of its QMS, it may be necessary to develop documents other than documented procedures. However, the only documents specifically mentioned in ISO 9001:2008 are:

- Quality policy (clause 4.2.1.a)

- Quality objectives (clause 4.2.1.a)

- Quality manual (clause 4.2.1.b)

There are several requirements of ISO 9001:2008 where an organization could add value to its QMS and demonstrate conformity by the preparation of other documents, even though the standard does not specifically require them. Examples

may include:

- Process maps, process flow charts and/or process descriptions

- Organization charts

- Specifications

- Work and/or test instructions

- Documents containing internal communications

- Production schedules

- Approved supplier lists

- Test and inspection plans

- Quality plans

All such documents have to be controlled in accordance with the requirements of clause 4.2.3 and/or 4.2.4, as applicable

e) Records:

Examples of records specifically required by ISO 9001:2008 are presented in Annex B.

Organizations are free to develop other records that may be needed to demonstrate conformity of their processes, products and quality management system.

Requirements for the control of records are different from those for other documents, and all records have to be controlled according to those of clause 4.2.4 of ISO 9001:2008.

Quality Planning

Whenever the term “product” is used within the ISO 9001 standard, it refers to both tangible goods and intangible services. The ISO 9001 standard is meant to be generic which means that it is suitable for all kinds of organization, whether commercial or otherwise. The purpose of the quality management system model that is being propagated by the standard is the fulfillment of customer requeirements and expectations in order to induce high levels of customer satisfaction. An unsatisfied customer is essentially a customer whose requirements or needs, and expectations of the level of services being granted upon him/her have not been met. We are all customers because we buy products all the time. So we know what it means to be a dissatisfied customer. The common reaction is to never to go back to that seller and look for other alternatives. A successful organization is one which understands what it takes to meet customer requirements in order to satisfy their needs and expectations. A specific process is thus necessary to resolve any customer complaint or dispute. This process should be geared towards satisfying the customer’s needs and expectations. The parameters of this process should be referenced from the terms of the sale and purchase. This is why it is necessary to review the customer’s requirements before committing to the sales contract. It is necessary that the customer understands what he/she is paying for and it is equally necessary for the organization to understand what it is supposed to deliver. When your organization has these processes in place, then the only thing to do next is to continually measure the effectiveness and subsequently take actions to continually improve the whole process.

Validity of certifications to ISO 9001:2000

One year after the publication of ISO 9001:2008 all accredited certifications issued (new certifications or re-certifications) shall be to ISO 9001:2008.
Twenty four months after publication by ISO of ISO 9001:2008, any existing
certification issued to ISO 9001:2000 shall not be valid.

Organisations that are already certified to ISO 9001:2000 should contact
their certification/registration bodies (CB/RB) to agree a programme for analysing the clarifications in ISO 9001:2008 in relation to their individual quality management systems and for upgrading their certificates.
Certified organizations should bear in mind that ISO 9001:2000 certificates
have the same status as new ISO 9001:2008 certificates during the co-existence period. (i.e. Your current ISO 9001:2000 certificate will be valid up to 13th November 2010).
Organizations in the process of certification to ISO 9001:2000 should change to using ISO 9001:2008 and apply for certification to it.
New users should start by using ISO 9001:2008.

ISO 9001:2008 Requirements – Management Responsibility

ISO 9001:2008 Requirements - Management Responsibility

All requirements in clause 5 are the responsibility of top management.
5.1 Management Commitment
Provide evidence of management commitment to develop and implement the quality management system, as well as, continually improve its effectiveness by:
? Expressing the importance of meeting requirements
? Establishing the quality policy and quality objectives
? Conducting management reviews
? Ensuring the availability of necessary resources

5.2 Customer Focus
Ensure customer requirements are determined and met in order to improve customer satisfaction.
5.3 Quality Policy
Ensure the quality policy is:
? Appropriate to the purpose of the organization
? Focused on meeting requirements and continual improvement
? Used as a framework for quality objectives
? Communicated and understood at appropriate levels
? Reviewed for continuing suitability
5.4 Planning
5.4.1 Quality Objectives
Ensure quality objectives, including those needed to meet product requirements, are established at the relevant functions and levels within the organization. Ensure quality objectives are measurable and consistent with the quality policy.
5.4.2 Quality Management System Planning
Ensure that planning for the quality management system:
? Meets the general requirements (4.1), as well as, quality objectives (5.4.1)
? Maintains the system integrity when changes are planned and implemented
5.5 Responsibility, Authority, and Communication
5.5.1 Responsibility and Authority
Ensure responsibilities and authorities are defined and communicated within the organization.

5.5.2 Management Representative
Appoint a member of your management who, irrespective of other duties, has the responsibility and authority to:
? Ensure the needed processes are established, implemented, and maintained
? Report to top management on quality management system performance
? Report to top management on any need for improvement
? Ensuring the promotion of awareness of customer requirements
NOTE: The responsibility of a management representative can include being the liaison with external parties on matters relating to the quality management system.
5.5.3 Internal Communication
Ensure the appropriate communication processes are established and carried out within the organization regarding the effectiveness of the system.
5.6 Management Review
5.6.1 General
Review the quality management system at planned intervals to:
? Ensure a suitable, adequate, and effective system
? Assess possible opportunities for improvement
? Evaluate the need for any changes to the system
? Consider the need for changes to the quality policy and objectives
Maintain records of the management reviews.
5.6.2 Review Input
Inputs for management review must include information on:
? Results of audits
? Customer feedback
? Process performance and product conformity
? Status of preventive and corrective actions
? Follow-up actions from earlier reviews
? Changes that could affect the quality system
? Recommendations for improvement

5.6.3 Review Output
Outputs from the management review must include any decisions and actions related to:
? Improvement of the effectiveness of the quality management system and its processes
? Improvement of product related to customer requirements
? Resource needs

What does ISO 9000 offer?

What does ISO 9000 offer? For one thing, it offers you continued
business with customers who may be requiring you to register. That is
a pretty strong benefit right there.
These customers may never question your quality, but these customers
depend heavily on their main suppliers. They know they can
improve their quality and through-put, if you improve yours.
 Just because you are great does not mean you are as great as you could
be. ISO 9000 mandates a continuous improvement system. You
can wriggle and fudge, but if you implement that system and work
it conscientiously, you cannot help but improve. Continuous improvement
is not just a buzz term. It is an imperative.
 Just because you are great today does not mean you will be great tomorrow.
Has your industry changed? Has your organization
changed? A well-implemented ISO 9000 helps your organization
adapt to change. It brings independence of individuals and consistency
of practices—two features that tend to resist declines in
performance.

What else does ISO 9000 bring you? When well implemented, an
ISO 9000 quality system improves organization performance. That is,
after all, the whole point. In cases where it does not, the fault tends
not to be in the ISO 9000 process (its inherent deficiencies notwithstanding).
When an ISO 9000 system does not provide substantial benefits and
improvement in performance, it is usually because management
has consciously chosen to cut corners, blowsmoke,
stay uninvolved, and starve the system of all but the most essential
resources. “We’ll do this stupid thing, but we’re sure not going
to change the way we operate.”
ISO 9000 registration brings you one more thing that your organization
may not have today: International credibility. ISO 9000 is deployed
and practiced in nearly 100 countries around the world. In
today’s ever-growing international economic climate, this is not a bad
emblem to have, however narrow the scope of your market today.