Version Of ISO 9001 Standard

1987 version

ISO 9000:1987 had the same structure as the UK Standard BS 5750, with three ‘models’ for quality management systems, the selection of which was based on the scope of activities of the organization:

ISO 9001:1987 Model for quality assurance in design, development, production, installation, and servicing was for companies and organizations whose activities included the creation of new products.

ISO 9002:1987 Model for quality assurance in production, installation, and servicing had basically the same material as ISO 9001 but without covering the creation of new products.

ISO 9003:1987 Model for quality assurance in final inspection and test covered only the final inspection of finished product, with no concern for how the product was produced.

ISO 9000:1987

1994 version

was also influenced by existing U.S. and other

emphasized quality assurance via preventive actions, instead of just checking final product, and continued to require evidence of compliance with documented procedures. As with the first edition, the down-side was that companies tended to implement its requirements by creating shelf-loads of procedure manuals, and becoming burdened with an ISO bureaucracy. In some companies, adapting and improving processes could actually be impeded by the quality system.

ISO 9001:2000

The ISO 9000 standard is continually being revised by standing technical committees and advisory groups, who receive feedback from those professionals who are implementing the standard.2008 version

ISO 9001:2008 only introduces clarifications to the existing requirements of ISO 9001:2000 and some changes intended to improve consistency with ISO 14001:2004. There are no new requirements. Explanation of changes in ISO 9001:2008. A Practical Guide to ISO 9001:2008 Implementation A quality management system being upgraded just needs to be checked to see if it is following the clarifications introduced in the amended version.

combines the three standards 9001, 9002, and 9003 into one, called 9001. Design and development procedures are required only if a company does in fact engage in the creation of new products. The 2000 version sought to make a radical change in thinking by actually placing the concept of process management front and center (”Process management” was the monitoring and optimizing of a company’s tasks and activities, instead of just inspecting the final product). The 2000 version also demands involvement by upper executives, in order to integrate quality into the business system and avoid delegation of quality functions to junior administrators. Another goal is to improve effectiveness via process performance metrics — numerical measurement of the effectiveness of tasks and activities. Expectations of continual process improvement and tracking customer satisfaction were made explicit.

ISO 9001 Quality Policy

On customers
We will listen to our customers, understand and balance their needs and
expectations with those of our suppliers, employees, investors and society and
endeavour to give full satisfaction to all parties.
On leadership
We will establish and communicate our vision for the organization and through
our leadership exemplify core values to guide the behaviour of all to achieve our
vision.
On people
We will involve our people in the organization’s development, utilize their
knowledge and experience, recognize their contribution and provide an environ-
ment in which they are motivated to realize their full potential.
On processes and systems
We will take a process approach towards the management of work and manage our
processes as a single system of interconnected processes that delivers all the
organization’s objectives.
On continual improvement
We will provide an environment in which every person is motivated to
continually improve the efficiency and effectiveness of our products, processes and
our management system.
On decisions
We will base our decisions on the logical and intuitive analysis of data collected
where possible from accurate measurements of product, process and system
characteristics.
On supplier relationships
We will develop alliances with our suppliers and work with them to jointly
improve performance.
http://www.iso-consults.com
http://www.iso9001store.com
http://www.iso14000store.com

ISO 9001:2008 General Requirements

4.1 General requirements

The organization shall establish, document, implement and maintain a quality management system and continually improve its effectiveness in accordance with the requirements of this International Standards. The organization

• shall determine the processes needed for the quality management system and their application throughout the organizations,
• determine the sequence and interaction of these processes,
• determine criteria and methods needed to ensure that both the operation and control of these processes are effective,
• ensure the availability of resources and information necessary to support the operation and monitoring of these processes,
• monitor, measure (where applicable) and analyze these processes, and
• implement actions necessary to achieve planned results and continual improvement of these processes.

These processes shall be managed by the organization in accordance with the requirements of this International Standard.

Where an organization chooses to outsource any process that affects product conformity to requirements, the organization shall ensure control over such processes. The type and extent of control to be applied to these outsourced processes shall be defined within the quality management system.

NOTE 1: Processes needed for the quality management system referred to above include processes for management activities, provision of resources, product realization and measurement, analysis and improvement.

NOTE 2: An outsourced process is identified as one being needed for the organization’s quality management system, but chosen to be performed by a party external to the organization.

NOTE 3: Ensuring control over outsourced processes does not absolve the organization of the responsibility of conformity to all customer, statutory, and regulatory requirements. The type and extent of control to be applied to the outsourced process can be influenced by factors such as
a) the potential impact of the outsourced process on the organization’s capability to provide product that conforms to requirements,
b) the degree to which the control for the process is shared;
c) the capability of achieving the necessary control through the application of clause 7.4.

Clause 4.2 Documentation requirements

4.2.1 General

The quality management system documentation shall include
documented statements of a quality policy and quality objectives,

• a quality manual,
• documented procedures and records required by this International Standard,
• documents including records, needed determined by the organization to be necessary to ensure the effective planning, operation and control of its processes

NOTE 1: Where the term “documented procedure” appears within this International Standard, this means that the procedure is established, documented, implemented and maintained. A single document may include the requirements for one or more procedures. A requirement for a documented procedure may be covered by more than one document.

NOTE 2: The extent of the quality management system documentation can differ from one organization to another due to the size of organization and type of activities, the complexity of processes and their interactions, and the competence of personnel.

NOTE 3: The documentation can be in any form or type of medium.

4.2.2 Quality Manual

The organization shall establish and maintain a quality manual that includes the scope of the quality management system, including details of and justification for any exclusions (see 1.2), the documented procedures established for the quality management system, or reference to them, and a description of the interaction between the processes of the quality management.

4.2.3 Control of documents

Documents required by the quality management system shall be controlled. Records are a special type of document and shall be controlled according to the requirements given in 4.2.4.

A documented procedure shall be established to define the controls needed

• to approve documents for adequacy prior to issue,
• to review and update as necessary and re-approve documents,
• to ensure that the changes and the current revision status of documents are identified,
• to ensure that relevant versions of applicable documents are available at points of use,
• to ensure that documents of external origin are identified and their distribution controlled, and
• to prevent the unintended use of obsolete documents, and to apply suitable identification to them if they are retained for any purpose.

4.2.4 Control of records

Records established to provide evidence of conformity to requirements and of the effective operation of the quality management system shall be controlled. The organization shall establish a documented procedure to define the controls needed for the identification, storage, protection, retrieval, retention, and disposition of records. Records shall remain legible, readily identifiable, and retrievable.

Organizations preparing to implement a QMS For ISO 9001

Organizations preparing to implement a QMS For ISO 9001

For organizations that are in the process of implementing a QMS, and wish to meet the requirements of ISO 9001:2008, the following comments may be useful.
For organizations that are in the process of implementing or have yet to implement a QMS, ISO 9001:2008 emphasizes a process approach. This includes:
- Identifying the processes necessary for the effective implementation of the quality management system
- understanding the interactions between these processes.
- documenting the processes to the extent necessary to assure their effective operation and control. (It may be
appropriate to document the processes using process maps. It is emphasized, however, that documented process maps are not a requirement of ISO 9001:2008.)
These processes include the management, resource, product realization and measurement processes that are relevant
to the effective operation of the QMS.
Analysis of the processes should be the driving force for defining the amount of documentation needed for the quality management system, taking into account the requirements of ISO 9001:2008. It should not be the documentation that drives the processes.

ISO 9000 Standards – Design and development

ISO 9000 Standards – Design and development

Planning the design and development of a product means determining the design objectives and the design strategy, the design stages, timescales, costs, resources and responsibilities needed to accomplish
them. Sometimes the activity of design itself is considered to be a planning activity but what is being planned is not the design but the product.

The purpose of planning is to determine the provisions needed to achieve an objective. In most cases, these objectives include not only a requirement for a new or modified product but also requirements governing the costs and product introduction timescales (Quality, Cost and Delivery or QCD). Remove these constraints and planning becomes less important but there are few situations when cost and time is not a constraint. It is therefore necessary to work out in advance whether the objective can be achieved within the budget and timescale. One problem with design is that it is often a journey into the unknown and the cost and time it will take cannot always be predicted. It may
in fact result in disaster and either a complete reassessment of the design objective or the technology of the design solution. This has been proven time and again with major international projects such as Concorde, the Channel Tunnel and the International Space Station. Without a best guess these projects would not get off (or under!) the ground and so planning is vital firstly to get the funding and secondly to define the known and unknown so that risks can be assessed and quantified.

Design and development plans need to identify the activities to be performed, by whom they will be perform and when they should commence and be complete. One good technique is to use a network chart (often called a PERT chart), which links all the activities together. Alternatively a bar chart may be adequate. There does need to be some narrative in addition as charts in isolation rarely conveys everything required.

Design and development is not complete until the design has been proven as meeting the design requirements, so in drawing up a design and development plan you will need to cover the planning of design verification and validation activities. The plans should identify as a minimum:
- The design requirements
- The design and development programme showing activities against time
- The work packages and names of those who will execute them (Work
packages are the parcels of work that are to be handed out either internally or to suppliers)
- The work breakdown structure showing the relationship between all the parcels of work
- The reviews to be held for authorizing work to proceed from stage to
stage
- The resources in terms of finance, manpower and facilities
- The risks to success and the plans to minimize them
- The controls that will be exercised to keep the design on course
Planning for all phases at once can be difficult as information for subsequent phases will not be available until earlier phases have been completed. So, your design and development plans may consist of separate documents, one for each phase and each containing some detail of the plans you have made for subsequent phases.
Your design and development plans may also need to be subdivided into
plans for special aspects of the design such as reliability plans, safety plans, electromagnetic compatibility plans, configuration management plans. With simple designs there may be only one person carrying out the design activities. As the design and development plan needs to identify all design and development activities, even in this situation you will need to identify who carries out the design, who will review the design and who will verify the design. The same person may perform both the design and the design verification activities, however, it is good practice to allocate design verification to another person or organization because it will reveal problems overlooked by the designer. On larger design projects you may need to employ staff of various disciplines such as mechanical engineers, electronic engineers, reliability engineers etc. The responsibilities of all these people or groups need to be identified and a useful way of parcelling up the work is to use work packages that list all the activities to be performed by a particular group. If you subcontract any of the design activities, the supplier’s plans need to be integrated with your plans and your plan should identify which activities are the supplier’s responsibility. While purchasing is dealt with in clause 7.4 of the standard, the requirements also apply to design activities.

Establishing Quality Policy In ISO 9000 Standards

Establishing Quality Policy In ISO 9000 Standards

The standard requires that top management establish

the quality policy.

ISO 9001 defines a quality policy as the overall

intentions and direction of an organization related to

quality as formally expressed by top management. It

also suggests that the policy be consistent with the

overall policy of the organization and provide a

framework for setting quality objectives. Further-

more ISO 9001 advises that the eight quality manage-

ment principles be used as a basis for forming the quality policy. The quality

policy can therefore be considered as the values, beliefs and rules that guide

actions, decisions and behaviours. A value may be ‘integrity’ and expressed as:

We will be open and honest in our dealings with those inside and outside the

organization. A rule may be ‘confidentiality’ and expressed as Company

information shall not be shared with those outside the organization. Both these are

also beliefs because it might be believed that deceiving people only leads to

failure in the long run. It might also be believed that disclosing confidential

information fuels the competition and will drive the organization out of

business. Both values guide actions, decisions and behaviours and hence may

be termed policies. They are not objectives because they are not achieved – they

are demonstrated by the manner in which actions and decisions are taken and

the way your organization behaves towards others.

The detail of quality policy will be addressed later. What is important in this

requirement is an understanding of why a quality policy is needed, what is

required to establish a quality policy and where it fits in relation to other

policies.

Defining the purpose or mission of the business is one thing but without

some guiding policies, the fulfilment of this mission may not happen unless

effort is guided in a common direction. If every manager chooses his or her

direction, and policies, the full potential of the organization would not be

realized. A shared vision is required that incorporates shared values and

shared policies.

The purpose of corporate policies is to influence the short and long-term

actions and decisions and to influence the direction in which the mission will

be fulfilled. If there were policies related to the organization’s customers, they

could be fulfilled at the expense of employees, shareholders and society. If

there were policies related to profit, without other policies being defined, profit

is positioned as a boundary condition to all actions and decisions. Clearly this

may not direct the organization towards its mission.

As stated above, the quality policy is the corporate policy and such policies

exist to channel actions and decisions along a path that will fulfil the

organization’s purpose and mission. A goal of the organization may be the

attainment of ISO 9001 certification and thus a quality policy of meeting the

requirements of ISO 9001 would be consistent with such a goal, but goals are not

the same as purpose as indicated in the box to the right. Clearly no organization

would have ISO 9000 certification as its purpose because certification is not a

reason for existence – an objective maybe but not a purpose.

Policies expressed as short catchy phrases such as “to be the best” really do

not channel actions and decisions. They become the focus of ridicule when the

organization’s fortunes change. There has to be a clear link from mission to

policy.

Policies are not expressed as vague statements or emphatic statements using

the words may, should or shall, but clear intentions by use of the words ‘we will’

– thus expressing a commitment or by the words ‘we are, we do, we don’t, we

have’ expressing shared beliefs. Very short statements tend to become slogans

which people chant but rarely understand the impact on what they do. Their

virtue is that they rarely become outdated. Long statements confuse people

because they contain too much for them to remember. Their virtue is that they

not only define what the company stands for but how it will keep its

promises.

In the ISO 9001 definition of quality policy it is suggested that the eight

quality management principles be used as a basis for establishing the policy.

One of these principles is the Customer Focus principle. By including in the

quality policy the intention to identify and satisfy the needs and expectations

of customers and other interested parties and the associated strategy by which

this will be achieved, this requirement would be fulfilled. The inclusion of the

strategy is important because the policy should guide action and decision.

Omitting the strategy may not ensure uniformity of approach and direction.

The standard requires that top management establish the quality policy.

ISO 9001 defines a quality policy as the overall intentions and direction of an organization related to quality as formally expressed by top management. It also suggests that the policy be consistent with the overall policy of the organization and provide a framework for setting quality objectives. Furthermore ISO 9001 advises that the eight quality management principles be used as a basis for forming the quality policy. The quality policy can therefore be considered as the values, beliefs and rules that guide actions, decisions and behaviours. A value may be ‘integrity’ and expressed as:

We will be open and honest in our dealings with those inside and outside the organization. A rule may be ‘confidentiality’ and expressed as Company information shall not be shared with those outside the organization. Both these are also beliefs because it might be believed that deceiving people only leads to failure in the long run. It might also be believed that disclosing confidential information fuels the competition and will drive the organization out of business. Both values guide actions, decisions and behaviours and hence may be termed policies. They are not objectives because they are not achieved – they are demonstrated by the manner in which actions and decisions are taken and the way your organization behaves towards others.

The detail of quality policy will be addressed later. What is important in this requirement is an understanding of why a quality policy is needed, what is required to establish a quality policy and where it fits in relation to other policies.

Defining the purpose or mission of the business is one thing but without some guiding policies, the fulfilment of this mission may not happen unless effort is guided in a common direction. If every manager chooses his or her direction, and policies, the full potential of the organization would not be realized. A shared vision is required that incorporates shared values and shared policies.

The purpose of corporate policies is to influence the short and long-term actions and decisions and to influence the direction in which the mission will be fulfilled. If there were policies related to the organization’s customers, they could be fulfilled at the expense of employees, shareholders and society. If there were policies related to profit, without other policies being defined, profit is positioned as a boundary condition to all actions and decisions. Clearly this may not direct the organization towards its mission.

As stated above, the quality policy is the corporate policy and such policies exist to channel actions and decisions along a path that will fulfil the organization’s purpose and mission. A goal of the organization may be the attainment of ISO 9001 certification and thus a quality policy of meeting the requirements of ISO 9001 would be consistent with such a goal, but goals are not the same as purpose as indicated in the box to the right. Clearly no organization would have ISO 9000 certification as its purpose because certification is not a reason for existence – an objective maybe but not a purpose.

Policies expressed as short catchy phrases such as “to be the best” really do not channel actions and decisions. They become the focus of ridicule when the organization’s fortunes change. There has to be a clear link from mission to policy.

Policies are not expressed as vague statements or emphatic statements using the words may, should or shall, but clear intentions by use of the words ‘we will’ – thus expressing a commitment or by the words ‘we are, we do, we don’t, we have’ expressing shared beliefs. Very short statements tend to become slogans which people chant but rarely understand the impact on what they do. Their virtue is that they rarely become outdated. Long statements confuse people because they contain too much for them to remember. Their virtue is that they not only define what the company stands for but how it will keep its promises.

In the ISO 9001 definition of quality policy it is suggested that the eight quality management principles be used as a basis for establishing the policy.

One of these principles is the Customer Focus principle. By including in the quality policy the intention to identify and satisfy the needs and expectations of customers and other interested parties and the associated strategy by which this will be achieved, this requirement would be fulfilled. The inclusion of the strategy is important because the policy should guide action and decision.

Omitting the strategy may not ensure uniformity of approach and direction.

ISO 9000 Standards – Quality Management Principles

ISO 9000 Standards – Quality Management Principles
A quality management principle is defined by ISO/TC 176 as a comprehensive and fundamental rule or belief, for leading and operating an organization, aimed at continually improving performance over the long term by focusing on customers while addressing the needs of all other interested parties. Eight principles have emerged as fundamental to the management of quality.

All the requirements of ISO 9001:2008 are related to one or more of these principles. These principles provide the reasons for the requirements and are thus very important. The quality management principles can be listed as below:

1. Customer focus
Organizations depend on their customers and therefore should understand current and future customer needs, meet customer requirements and strive to exceed customer expectations.
The customer focus principle is reflected in ISO 9000 Standards through the requirements addressing:
a. Communication with the customer
b. Care for customer property
c. The determination of customer needs and expectations
d. Appointment of a management representative
e. Management commitment

2. Leadership
Leaders establish unity of purpose and direction for the organization. They should create and maintain the internal environment in which people can become fully involved in achieving the organization’s objectives.
The leadership principle is reflected in ISO 9000 Standards through the requirements addressing:
a. The setting of objectives and policies
b. Planning
c. Internal communication
d. Creating an effective work environment

3. Involvement of people
People at all levels are the essence of an organization and their full involvement enables their abilities to be used for the organization’s benefit.
The involvement of people principle is reflected in ISO 9000 Standards through the requirements addressing:
a. Participation in design reviews
b. Defining objectives, responsibilities and authority
c. Creating an environment in which people are motivated
d. Internal communication
e. Identifying competence needs

4. Process approach
A desired result is achieved more efficiently when related resources and activities are managed as a process.
The process approach principle is reflected in ISO 9000 Standards through the requirements addressing:
a. The identity of processes
b. Defining process inputs and outputs
c. Providing the infrastructure, information and resources for processes to
function

5. System approach to management
This principle is expressed as follows:
Identifying, understanding and managing interrelated processes as a system contributes to the organization’s effectiveness and efficiency in achieving its objectives.
The system approach principle is reflected in ISO 9001 through the requirements addressing:
a. Establishing, implementing and maintaining the management system
b. Interconnection, interrelation and sequence of processes
c. The links between processes
d. Establishing measurement processes

6. Continual improvement
This principle is expressed as follows:
Continual improvement of the organization’s overall performance should be a permanent objective of the organization.
The continual improvement principle is reflected in ISO 9000 Standards through the requirements addressing:
a. Improvement processes
b. Identifying improvements
c. Reviewing documents and processes for opportunities for improvement

7. Factual approach to decision making
This principle is expressed as follows:
Effective decisions are based on the analysis of data and information.
The factual approach principle is reflected in ISO 9000 Standards through the requirements addressing:
a. Reviews, measurements and monitoring to obtain facts
b. Control of measuring devices
c. Analysis to obtain facts from information
d. Records for documenting the facts
e. Approvals based on facts

8. Mutually beneficial supplier relationships
This principle is expressed as follows:
An organization and its suppliers are interdependent and a mutually beneficial relationship enhances the ability of both to create value.
The mutually beneficial supplier relationships principle is reflected in ISO 9000 Standardsthrough the requirements addressing:
a. Control of suppliers
b. Evaluation of suppliers
c. Analysis and review of supplier data

ISO 9000 Standards – Document control procedures

ISO 9000 Standards – Document control procedures
The ISO 9000 Standards requires that a documented procedure be established to define the controls needed.

This requirement means that the methods for performing the various activities required to control different types of documents should be defined and documented.

Although the ISO 9000 standards implies that a single procedure is required, should you choose to produce several different procedures for handling the different types of documents it is doubtful that any auditor would deem this noncompliant. Where this might be questionable is in cases where there is no logical reason for such differences and where merging the procedures and settling on a best practice would improve efficiency and effectiveness.

Documents are recorded information and the purpose of the document
control process is to firstly ensure the appropriate information is available
where needed and secondly to prevent the inadvertent use of invalid
information. At each stage of the process are activities to be performed that
may require documented procedures in order to ensure consistency and
predictability. Procedures may not be necessary for each stage in the process.

Every process is likely to require the use of documents or generate documents and it is in the process descriptions that you define the documents that need to be controlled. Any document not referred to in your process descriptions is therefore, by definition, not essential to the achievement of quality and not required to be under control. It is not necessary to identify uncontrolled documents in such cases. If you had no way of tracing documents to a governing process, a means of separating controlled from uncontrolled may well be necessary.

The procedures that require the use or preparation of documents should also specify or invoke the procedures for their control. If the controls are unique to the document, they should be specified in the procedure that requires the document. You can produce one or more common procedures that deal with the controls that apply to all documents. The stages in the process may differ depending on the type of document and organizations involved in its preparation, approval, publication and use. One procedure may cater for all the processes but several may be needed.
The aspects you should cover in your document control procedures, (some
of which are addressed further in this chapter) are as follows
Planning new documents, funding, prior authorization, establishing need
etc.

- Preparation of documents, who prepares them, how they are drafted,
conventions for text, diagrams, forms etc.
- Standards for the format and content of documents, forms and diagrams.
- Document identification conventions.
- Issue notation, draft issues, post approval issues.
- Dating conventions, date of issue, date of approval or date of distribution.
- Document review, who reviews them and what evidence is retained.
- Document approval, who approves them and how approval is denoted.
- Document proving prior to use.
- Printing and publication, who does it and who checks it.
- Distribution of documents, who decides, who does it, who checks it.
- Use of documents, limitations, unauthorized copying and marking.
- Revision of issued documents, requests for revision, who approves the
request, who implements the change.
- Denoting changes, revision marks, reissues, sidelining, underlining.
Amending copies of issued documents, amendment instructions, and
amendment status.
- Indexing documents, listing documents by issue status.
- Document maintenance, keeping them current, periodic review.
- Document accessibility inside and outside normal working hours.
- Document security, unauthorized changes, copying, disposal, computer
viruses, fire and theft.
- Document filing, masters, copies, drafts, and custom binders.
- Document storage, libraries and archive, who controls location, loan
arrangements.
- Document retention and obsolescence.

With electronically stored documentation, the document database may provide many of the above features and may not need to be separately prescribed in your procedures. Only the tasks carried out by personnel need to be defined in your procedures. A help file associated with a document database is as much a documented procedure as a conventional paper based procedure.

Preparing The ISO 9000 Standards Quality Manual

Preparing The ISO 9000 Standards Quality Manual

The standard requires a quality manual to be established and maintained that includes the scope of the quality management system, the documented procedures or reference to them and a description of the sequence and interaction of processes included in the quality management system. ISO 9000 defines a quality manual as a document specifying the quality management system of an organization. It is therefore not intended that the manual be a response to the requirements of ISO 9001. As the top-level document describing the management system it is a system description describing how the organization is managed. Countless quality manuals produced to satisfy ISO 9000 :2008, were no more than 20 sections that paraphrased the requirements of the standard. Such documentation adds no value. They are of no use to managers, staff or auditors. Often thought to be useful to customers, organizations would gain no more confidence from customers than would be obtained from their registration certificate. This requirement responds to the System Approach Principle. A description of the management system is necessary as a means of showing how all the processes are interconnected and how they collectively deliver the business outputs. It has several uses as : a means to communicate the vision, values, mission, policies and objectives of the organization a means of showing how the system has been designed a means of showing linkages between processes a means of showing who does what an aid to training new people a tool in the analysis of potential improvements a means of demonstrating compliance with external standards and regulations When formulating the policies, objectives and identifying the processes to achieve them, the manual provides a convenient vehicle for containing such information. If left as separate pieces of information, it may be more difficult to see the linkages. The requirement provides the framework for the manual. Its content may therefore include the following: 1 Introduction (a) Purpose (of the manual) (b) Scope (of the manual) (c) Applicability (of the manual) (d) Definitions (of terms used in the manual) 2 Business overview (a) Nature of the business/organization – its scope of activity, its products and services (b) The organization’s interested parties (customers, employees, regulators, shareholders, suppliers, owners etc.) (c) The context diagram showing the organization relative to its external environment (d) Vision, values (e) Mission 3 Organization (a) Function descriptions (b) Organization chart (c) Locations with scope of activity 4 Business processes (a) The system model showing the key business processes and how they are interconnected (b) System performance indicators and method of measurement (c) Business planning process description (d) Resource management process description (e) Marketing process description (f) Product/service generation processes description (g) Sales process description (h) Order fulfilment process description 5 Function matrix (Relationship of functions to processes) 6 Location matrix (Relationship of locations to processes) 7 Requirement deployment matrices (a) ISO 9001 compliance matrix (b) ISO 14001 compliance matrix (c) Regulation compliance matrices (FDA, Environment, Health, Safety, CAA etc.) 8 Approvals (List of current product, process and system approvals)

Document Review In ISO 9000 Standards

Document Review In ISO 9000 Standards

The ISO 9000 Standard requires that documents be reviewed.

Previously the implication was that the review was a

check by potential users that the document was fit

for purpose before it was offered for approval. It

could be construed that for a document to receive

approval it must be checked and therefore ‘review

and approval’ in this context are one and the same

and the requirement is in this instance enhanced

rather than relaxed.

A review is another look at something. Therefore

document review is a task that is carried out at any

time following the issue of a document.

This requirement responds to the Continual Improvement principle.

Reviews may be necessary when:

- Taking remedial action (i.e. Correcting an error)

- Taking corrective action (i.e. Preventing an error recurring)

- Taking preventive action (i.e. Preventing the occurrence of an error)

- Taking maintenance action (i.e. Keeping information current)

- Validating a document for use (i.e. When selecting documents for use in

connection with a project, product, contract or other application)

- Taking improvement action (i.e. Making beneficial change to the

information)

Reviews may be random or periodic. Random reviews are reactive and arise

from an error or a change that is either planned or unplanned. Periodic reviews

are proactive and could be scheduled once each year to review the policies,

processes, products, procedures, specification etc. for continued suitability. In

this way obsolete documents are culled from the system. However, if the

system is being properly maintained there should be no outdated information

available in the user domain. Whenever a new process or a modified process

in installed the redundant elements including documentation and equipment

should be disposed of.

Document Review In ISO 9000 Standards

The ISO 9000 Standard requires that documents be reviewed.

Previously the implication was that the review was a

check by potential users that the document was fit

for purpose before it was offered for approval. It

could be construed that for a document to receive

approval it must be checked and therefore ‘review

and approval’ in this context are one and the same

and the requirement is in this instance enhanced

rather than relaxed.

A review is another look at something. Therefore

document review is a task that is carried out at any

time following the issue of a document.

This requirement responds to the Continual Improvement principle.

Reviews may be necessary when:

- Taking remedial action (i.e. Correcting an error)

- Taking corrective action (i.e. Preventing an error recurring)

- Taking preventive action (i.e. Preventing the occurrence of an error)

- Taking maintenance action (i.e. Keeping information current)

- Validating a document for use (i.e. When selecting documents for use in

connection with a project, product, contract or other application)

- Taking improvement action (i.e. Making beneficial change to the

information)

Reviews may be random or periodic. Random reviews are reactive and arise

from an error or a change that is either planned or unplanned. Periodic reviews

are proactive and could be scheduled once each year to review the policies,

processes, products, procedures, specification etc. for continued suitability. In

this way obsolete documents are culled from the system. However, if the

system is being properly maintained there should be no outdated information

available in the user domain. Whenever a new process or a modified process

in installed the redundant elements including documentation and equipment

should be disposed of.

ISO 9000 Standards – Design and development

ISO 9000 Standards – Design and development

Planning the design and development of a product means determining the design objectives and the design strategy, the design stages, timescales, costs, resources and responsibilities needed to accomplish
them. Sometimes the activity of design itself is considered to be a planning activity but what is being planned is not the design but the product.

The purpose of planning is to determine the provisions needed to achieve an objective. In most cases, these objectives include not only a requirement for a new or modified product but also requirements governing the costs and product introduction timescales (Quality, Cost and Delivery or QCD). Remove these constraints and planning becomes less important but there are few situations when cost and time is not a constraint. It is therefore necessary to work out in advance whether the objective can be achieved within the budget and timescale. One problem with design is that it is often a journey into the unknown and the cost and time it will take cannot always be predicted. It may
in fact result in disaster and either a complete reassessment of the design objective or the technology of the design solution. This has been proven time and again with major international projects such as Concorde, the Channel Tunnel and the International Space Station. Without a best guess these projects would not get off (or under!) the ground and so planning is vital firstly to get the funding and secondly to define the known and unknown so that risks can be assessed and quantified.

Design and development plans need to identify the activities to be performed, by whom they will be perform and when they should commence and be complete. One good technique is to use a network chart (often called a PERT chart), which links all the activities together. Alternatively a bar chart may be adequate. There does need to be some narrative in addition as charts in isolation rarely conveys everything required.

Design and development is not complete until the design has been proven as meeting the design requirements, so in drawing up a design and development plan you will need to cover the planning of design verification and validation activities. The plans should identify as a minimum:
- The design requirements
- The design and development programme showing activities against time
- The work packages and names of those who will execute them (Work
packages are the parcels of work that are to be handed out either internally or to suppliers)
- The work breakdown structure showing the relationship between all the parcels of work
- The reviews to be held for authorizing work to proceed from stage to
stage
- The resources in terms of finance, manpower and facilities
- The risks to success and the plans to minimize them
- The controls that will be exercised to keep the design on course
Planning for all phases at once can be difficult as information for subsequent phases will not be available until earlier phases have been completed. So, your design and development plans may consist of separate documents, one for each phase and each containing some detail of the plans you have made for subsequent phases.
Your design and development plans may also need to be subdivided into
plans for special aspects of the design such as reliability plans, safety plans, electromagnetic compatibility plans, configuration management plans. With simple designs there may be only one person carrying out the design activities. As the design and development plan needs to identify all design and development activities, even in this situation you will need to identify who carries out the design, who will review the design and who will verify the design. The same person may perform both the design and the design verification activities, however, it is good practice to allocate design verification to another person or organization because it will reveal problems overlooked by the designer. On larger design projects you may need to employ staff of various disciplines such as mechanical engineers, electronic engineers, reliability engineers etc. The responsibilities of all these people or groups need to be identified and a useful way of parcelling up the work is to use work packages that list all the activities to be performed by a particular group. If you subcontract any of the design activities, the supplier’s plans need to be integrated with your plans and your plan should identify which activities are the supplier’s responsibility. While purchasing is dealt with in clause 7.4 of the standard, the requirements also apply to design activities.

Environmental Aspects (ISO 14001:2004, §4.3.1)

The requirement of §4.3.1 of ISO 14001 is to establish and maintain procedures 1) for identifying theenvironmental aspects of the organization’s activities, products, and services that it can control and those that it can influence and 2) for determining which of those aspects have or can have a significant impact on the environment. Understanding the requirement of this element of ISO 14001 is central to understanding the concept of an environmental management system.

A single manufacturing facility has potentially hundreds of environmental aspects. How far must it go in identifying its environmental aspects to satisfy the terms of the requirement? ISO 14001 specifies that the organization is to identify those aspects that it can control and those that it can influence and that it must also take into account planned or new developments and new or modified activities, products, and services. These stipulations in the requirements, without actually drawing boundaries on how far the organization must go in identifyingenvironmental aspects, at least establish some categories of aspect that must be considered. Beyond this principle, each organization must identify its aspects comprehensively enough so as to not fail to identify a significant aspect or a legal requirement. An objection to comprehensive identification of aspects is that the organization may become so immersed in aspects identification that it loses sight of the end objective of the procedure, which is to determine significance.

“Significant impact” is not a stand-alone term in §4.3.1. It is accompanied by the phrase “impact on the environment” and “environment” is a defined term. Significant aspects, then, are those environmental aspects that have or can have significant impacts on air, water, land, natural resources, flora, fauna, and humans. The organization determines, using its own criteria, what magnitude of impact on these seven environmental receptors constitutes a significant impact. Whether an aspect is regulated is not intended to be a factor in determining significance.

Proper execution of the environmental aspects procedure is important, in part, because it lifts environmental management out of the regulatory compliance mode and into the mode ofsystematically consequences for the environment, irrespective of regulation. The organization that rigorously applies the environmental aspects procedure discovers many opportunities to improve environmental performance that regulation does not address, including:· Use of energy

· Consumption of materials

· Environmental impacts of employee activities

· Environmental impacts of products and by-products post-manufacture, including distribution, use, reuse, and disposal

· Environmental impacts of services

· Unregulated waste streams such as carbon dioxide

identifying environmental aspects and impacts and considering their

Management Principles Of ISO 9001 Standards

Management Principles Of ISO 9001 Standards

ISO 9000 is based on eight management principles:

• Customer focus, resulting in meeting customer requirements and striving to exceed them;

• Leadership, aiming to create an internal environment in which people are fully involved;

• Involvement of people who are the essence of an organization;

• Process approach, resulting in improved efficiency to obtain desired results;

• System approach to management, leading to improved effectiveness and efficiency through identification, understanding and management of interrelated processes;

• Continual improvement, which becomes a permanent objective of the organization;

• Factual approach to decision-making, based on the analysis of data and information; and

• Mutually beneficial supplier relationships, based on an understanding of their interdependence.

ISO 9000 encourages the adoption of the process approach to manage an organization. There are five main areas considered for the revised process model in ISO 9000:

• Quality management system

• Management responsibility

• Resource management

• Product realization

• Measurement, analysis and improvement.

ISO 9001 Standards – Design and Development

ISO 9001 Standards - Design and Development

Plan and control the product design and development. This planning must determine the:Identify problems and propose any necessary actions

- Stages of design and development

- Appropriate review, verification, and validation activities for each stage

- Responsibility and authority for design and development

The interfaces between the different involved groups must be managed to ensure effective communication and the clear assignment of responsibility. Update, as appropriate, the planning output during design and development.

NOTE: Design and development review, verification, and validation have distinct purposes. They can be conducted and recorded separately or in any combination, as deemed suitable for the product and the organization.

Determine product requirement inputs and maintain records. The inputs must include:

- Functional and performance requirements

- Applicable statutory and regulatory requirements

- Applicable information derived from similar designs

- Requirements essential for design and development

Review these inputs for adequacy. Resolve any incomplete, ambiguous, or conflicting requirements.

Document the outputs of the design and development process in a form suitable for verification against the inputs to the process. The outputs must:

- Meet design and development input requirements

- Provide information for purchasing, production, and service

- Contain or reference product acceptance criteria

- Define essential characteristics for safe and proper use

- Be approved before their release

Perform systematic reviews of design and development at suitable stages in accordance with planned arrangements to:

- Evaluate the ability of the results to meet requirements

- The reviews must include representatives of the functions concerned with the stage being reviewed. Maintain the results of reviews and subsequent follow-up actions.

ISO 9001 Standards – Control of Measuring and Monitoring Equipment

ISO 9001 Standards - Control of Measuring and Monitoring Equipment

Determine the monitoring and measurements to be made, and the required equipment, to provide evidence of product conformity. Use and control the monitoring and measuring devices to ensure that measurement capability is consistent with monitoring and measurement requirements.

Where necessary to ensure valid results:

- Calibrate and/or verify the measuring equipment at specified intervals or prior to use

- Calibrate the equipment to national or international standards (or record other basis)

- Adjust or re-adjust as necessary

- Identify the measuring equipment in order to determine its calibration status

- Safeguard them from improper adjustments

- Protect them from damage and deterioration

Assess and record the validity of prior results if the device is found to not conform to requirements. Maintain records of the calibration and verification results.

Confirm the ability of software used for monitoring and measuring for the intended application before its initial use (and reconfirmed as necessary).

NOTE: Confirming the ability of software to satisfy the intended application would typically include its verification and configuration management to maintain its suitability for use.

For More Information Please Visit http://www.iso9001-standard.us

ISO 14001:2004 Standards Contents

ISO 14001:2004 Standards

ISO 14000 is a series of international standards on environmental management. It provides a framework for the development of an environmental management system and the supporting audit programme.

The main thrust for its development came as a result of the Rio Summit on the Environment held in 1992.

ISO 14000 is an Environmental Management System (EMS), which requires that an organization consider the environmental aspects of its products and services.

Iso14000 approach forces you to take a hard look at all areas of your business that has an environmental impact.

Iso14000 is the world’s first series of Internationally accepted Standards for Environmental Management Systems (EMS).

Iso14000 elevates Environmental Management to a Strategic Level that can be applied to any organization, from any industry, anywhere in the world.

ISO 14000 is a series of voluntary standards and guideline reference documents.

The part of the overall management system that includes organizational structure, planning activities, responsibilities, practices, procedures, processes and resources for developing, implementing, achieving, reviewing and maintaining the environmental policy.

Iso14000 is the world’s first series of Internationally accepted Standards for Environmental Management Systems (EMS).

Iso14000 elevates Environmental Management to a Strategic Level that can be applied to any organization, from any industry, anywhere in the world.

ISO 14000 is a series of voluntary standards and guideline reference documents.

The part of the overall management system that includes organizational structure, planning activities, responsibilities, practices, procedures, processes and resources for developing, implementing, achieving, reviewing and maintaining the environmental policy.

ISO 14000 is an Environmental Management System (EMS) who’s purpose is:

· A management commitment to pollution prevention.

· An understanding of the environmental impacts (reducing) of an organization’s activities.

A commitment (pollution prevention) to employees, neighbors and customers

ISO 14001 is the corner stone standard of the ISO 14000 series. It specifies a framework of control for an Environmental Management System against which an organization can be certified by a third party.

The environment cannot be protected by our convictions or goodwill alone. Efforts to protect the environment must be planned, coordinated and organized into a system, such as ISO 14001.

ISO14001 requires an Environmental Policy to be in existence within the organisation, fully supported by senior management, and outlining the policies of the company, not only to the staff but to the public. The policy needs to clarify compliance with Environmental Legislation that may effect the organization and stress a commitment to continuous improvement. Emphasis has been placed on policy as this provides the direction for the remainder of the Management System.

Those companies who have witnessed ISO9000 Assessments will know that the policy is frequently discussed during the assessment, many staff are asked if they understand or are aware of the policy, and any problems associated with the policy are seldom serious. The Environmental Policy is different, this provides the initial foundation and direction for the Management System and will be more stringently reviewed than a similar ISO9000 policy. The statement must be publicised in non-technical language so that it can be understood by the majority of readers. It should relate to the sites within the organisation encompassed by the Management System, it should provide an overview of the company’s activities on the site and a description of those activities. A clear picture of the company’s operations.

The preparatory review and definition of the organization’s environmental effects is not part of a ISO14001 Assessment, however examination of this data will provide an external audit with a wealth of information on the methods adopted by the company. The preparatory review itself should be comprehensive in consideration of input processes and output at the site. This review should be designed to identify all relevant environmental aspects that may arise from existence on the site. These may relate to current operations, they may relate to future, perhaps even unplanned future activities, and they will certainly relate to the activities performed on site in the past (i.e. contamination of land).

The initial or preparatory review will also include a wide-ranging consideration of the legislation which may effect the site, whether it is currently being complied with, and perhaps even whether copies of the legislation are available. Many of the environmental assessments undertaken already have highlighted that companies are often unaware of ALL of the legislation that affects them, and being unaware, are often not meeting the requirements of that legislation.

The company will declare its primary environmental objectives, those that can have most environmental impact. In order to gain most benefit these will become the primary areas of consideration within the improvement process, and the company’s environmental program. The program will be the plan to achieve specific goals or targets along the route to a specific goal and describe the means to reach those objectives such that they are real and achievable. The Environmental Management System provides further detail on the environmental program. The EMS establishes procedures, work instructions and controls to ensure that implementation of the policy and achievement of the targets can become a reality. Communication is a vital factor, enabling people in the organisation to be aware of their responsibilities, aware of the objectives of the scheme, and able to contribute to its success.

As with ISO9000 the Environmental Management System requires a planned comprehensive periodic audit of the Environmental Management System to ensure that it is effective in operation, is meeting specified goals, and the system continues to perform in accordance with relevant regulations and standards. The audits are designed to provide additional information in order to exercise effective management of the system, providing information on practices which differ to the current procedures or offer an opportunity for improvement.

In addition to audit, there is a requirement for Management Review of the system to ensure that it is suitable (for the organization and the objectives) and effective in operation. The management review is the ideal forum to make decisions on howe to improve for the future.

The newly revised ISO 14001:2004 specifies the requirements for an environmental management system (EMS), which provides a framework for an organization to control the environmental impacts of its activities, products and services, and to continually improve its environmental performance. It applies to those environmental aspects which the organization can control and over which it can be expected to have an influence. It does not itself state specific environmental performance criteria. ISO 14001:2004 is applicable to any organization that wishes to:

· implement, maintain and improve an environmental management system

· assure itself of its conformance with its stated environmental policy

· demonstrate such conformance to others

· seek certification/registration of its environmental management system by an external organization

· make a self-determination and self-declaration of conformance with this international standard.

All the requirements in this standard can be incorporated into any environmental management system. Having been revised, the improved ISO 14001 is now expected to bring the benefits of implementing an EMS to more businesses than ever. The standard is now easier to understand and use and has more detailed checklists for inputs and outputs from the management review and has increased compatibility to ISO 9001. Organizations who are currently registered to ISO 14001:1996 will have an 18-month transition period to register to ISO 14001:2004.

Documents That Ensure Effective Planning, Operation And Control

Documents That Ensure Effective Planning, Operation And Control

The ISO 9000 standard requires management system documentation to include documents required by the organization to ensure the effective planning, operation and control of its processes.
The documents required for effective planning, operation and control of the processes would include several different types of documents. Some will be
product and process specific and others will be common to all processes. Rather than stipulate the documents that are needed, ISO 9000 Standards now provides for the organization to decide what it needs for the effective operation and control of its processes. This phrase is the key to determining the documents that are needed.
There are three types of controlled documents, namely:
- Policies and practices (these include process descriptions, control procedures, guides, operating procedures and internal standards)
- Documents derived from these policies and practices, such as drawings,
specifications, plans, work instructions, technical procedures and reports
- External documents referenced in either of the above
There will always be exceptions to this model but in general the majority of
documents used in a management system can be classified in this way.
Derived documents are those that are derived by executing processes;
for example, audit reports result from using the audit process, drawings result from using the design process, procurement specifications result from using the procurement process. There are, however, two types of derived document:
prescriptive and descriptive documents. Prescriptive documents are those that prescribe requirements, instructions, guidance etc. and may be subject to change. They have issue status and approval status, and are implemented in doing work. Descriptive documents result from doing work and are not
implemented. They may have issue and approval status. Specifications, plans, purchase orders, drawings are all prescriptive whereas audit reports, test reports, inspection records are all descriptive. This distinction is only necessary because the controls required will be different for each class of documents.

Operational Control In ISO 14001 Standards

Operational Control In ISO 14001 Standards

Operational Controls over Significant Environmental Aspect Activities, ?4.4.6.a&b – ISO 14001 requires the organization to identify and plan the operations associated with its identified significant environmental aspects in order to establish documented operational control procedures that preclude deviation from the Environmental Policy or not achieving objectives and targets.

Opportunities to apply operational controls can be found by reviewing operations. As shown in the accompanying text box, once the operations that can produce significant impacts are identified, it is a relatively simple step to establish operational control procedures that are consistent with the aims of the Environmental Policy and the objectives and targets and that stipulate operating criteria.

Significant Environmental Aspects of Goods and Services, §4.4.6.c – This requirement of ISO 14001 requires careful reading. Here is a parsed interpretation of the Operational Control requirement as it relates to goods and services furnished by others:

“The organization shall identify those operations that are associated with [its] identified significant environmental aspects… The organization shall plan these operations in order to ensure that they are carried out under specified conditions by… [1] establishing and maintaining procedures related to the identifiable significant environmental aspects of goods and services used by the organization and [2] communicating relevant procedures and requirements to suppliers and contractors.”

An easy way to conform to this requirement is to:

1. Identify the operations associated with the significant environmental aspects;

2. Identify the environmental aspects of goods and services furnished by others;

3. Determine how these aspects contribute to the organization’s significant aspect operations;

4. Establish appropriate/relevant requirements for the providers of these services; and

5. Communicate the requirements to suppliers and contractors.

Confusion in conforming to this requirement can arise because it is easy to read sub-clause c) independently of the first sentence of §4.4.6.

This first sentence gives context to the rest of the section in that it requires that we first “identify those operations… associated with the identified significant environmental aspects.” Once we have identified these operations, we look to the significant aspects of goods and services supplied by others and assess their contribution to the potential environmental impact. The accompanying example is offered to help clarify the intent of the requirement.

Operational Control In ISO 14001 Standards

Operational Controls over Significant Environmental Aspect Activities, ?4.4.6.a&b – ISO 14001 requires the organization to identify and plan the operations associated with its identified significant environmental aspects in order to establish documented operational control procedures that preclude deviation from the Environmental Policy or not achieving objectives and targets.

Opportunities to apply operational controls can be found by reviewing operations. As shown in the accompanying text box, once the operations that can produce significant impacts are identified, it is a relatively simple step to establish operational control procedures that are consistent with the aims of the Environmental Policy and the objectives and targets and that stipulate operating criteria.

Significant Environmental Aspects of Goods and Services, §4.4.6.c – This requirement of ISO 14001 requires careful reading. Here is a parsed interpretation of the Operational Control requirement as it relates to goods and services furnished by others:

“The organization shall identify those operations that are associated with [its] identified significant environmental aspects… The organization shall plan these operations in order to ensure that they are carried out under specified conditions by… [1] establishing and maintaining procedures related to the identifiable significant environmental aspects of goods and services used by the organization and [2] communicating relevant procedures and requirements to suppliers and contractors.”

An easy way to conform to this requirement is to:

1. Identify the operations associated with the significant environmental aspects;

2. Identify the environmental aspects of goods and services furnished by others;

3. Determine how these aspects contribute to the organization’s significant aspect operations;

4. Establish appropriate/relevant requirements for the providers of these services; and

5. Communicate the requirements to suppliers and contractors.

Confusion in conforming to this requirement can arise because it is easy to read sub-clause c) independently of the first sentence of §4.4.6.

This first sentence gives context to the rest of the section in that it requires that we first “identify those operations… associated with the identified significant environmental aspects.” Once we have identified these operations, we look to the significant aspects of goods and services supplied by others and assess their contribution to the potential environmental impact. The accompanying example is offered to help clarify the intent of the requirement.