A common framework for Management System Standards

July 14th, 2011 By The Quality Manager

ISO has produced a draft guide (ISO DGUIDE 83) setting out how it thinks the Management System Standards such as ISO 9001, ISO 14001, ISO 27001, etc. should be structured.

They set out the standard clause numbers under which the specific requirements of all management standards should be detailed.

These are (XXX is the appropriate Management System, such as “quality management”):

  • Introduction
  • 1. Scope
  • 2. Normative references
  • 3. Terms and definitions
  • 4. Context of the organisation (with sub clauses covering 4.1 Understanding the organisation and its context, 4.2 Understaning the needs and expectations of interested parties, 4.3 Determining the scope of the management system, and 4.4 XXX management system)
  • 5. Leadership (with sub clauses covering 5.1 General, 5.2 Management commitment, 5.3 Policy, 5.4 Organisational roles, responsibilities and authorities)
  • 6. Planning (with sub clauses covering 6.1 Actions to address risks and opportunities, 6.2 XXX objectives and plans to achieve them)
  • 7. Support (with sub clauses covering 7.1 Resources, 7.2 Competence, 7.3 Awareness, 7.4 Communication, 7.5 Documented information)
  • 8. Operation
  • 9. Performance evaluation (with sub clauses covering 9.1 Monitoring, measurement, analysis and evalaution, 9.2 Internal audit, 9.3 Management review)
  • 10. Improvement (with sub clauses covering 10.1 Nonconformity and corrective action, 10.2 Continual improvement)

At first glance, preventive action seems to have disappeared. In fact it is still there but in Annex E where the use of common terms is management system standards is discussed.  It points out that the term “preventive action” deal with under dealing with nonconformities in some management system standards (ISO 9001:2008 is a good example) but in other standards (ISO 27001:2005 is an example) it is dealt with under risk management.

My own experience is that the close proximity of the terms ”corrective action”, “preventive action”, “occurrence” and especially “prevent recurrence” in the clause dealing with “corrective action” in ISO 9001:2008 has most people confused about the difference between “preventive” and “corrective” action. See here.

In ISO 9001:2008, preventive action is risk management – a preventive action is one take before something occurs – corrective action is taken after the event.

Following the standard clauses set out above, the guide has five annexes.

  • Annex A gives further guidance on the standard clauses.
  • Annex B provides general guidance on the use of common terms and definitions, concentrating on how they should be arranged.
  • Annex C will provide a concept diagram of the common terms and definitions (and is blank in this draft of the guide).
  • Annex D gives guidance on drafting and representing terms and definitions.
  • Annex E defines the common terms used in management system standards.

It will be interesting to see how this guide is applied as the management system standards are revised. It should make the integration of management systems easier and the auditing and assessment of organisations where more than one management system standard is being operated easier, and less time consuming, to be carried out. 

 

Posted in Corrective Action, Management Systems | No Comments »

Integrating your management systems

January 18th, 2010 By The Quality Manager

As organisations adopt more formal management system standards (such as ISO 9001, ISO 14001, ISO/IEC 27001 and ISO/IEC 20000) these are frequently implemented as standalone systems.

However, there are 6 common elements in these management system standards that can be managed as a integrated management system across all these standards (including ISO 22000 and OHSAS 18001 as well) to the benefit of the whole organisation.

These common elements are:

  1. Policy
  2. Planning
  3. Implementation and operation
  4. Performance assessment
  5. Improvement, and
  6. Management review

Although each standard has its own specific requirements that need to be addressed, these six elements are present in all the above management system standards. ISO is working, through its ISO Guide 72, to ensure not only that these elements exist in all management system standards, but that they have the same clause numbers in each standard.

PAS 99:2006 Specification of common management system requirements as a framework for integration has been produced to help organisations benefit from consolidating the common requirements. If your organisation has adopted, or is adopting, more than one of these standards, the use of this integrated approach can reduce duplication and complexity and make internal and external audits more effective and efficient.

Posted in Audits, Certification, ISO 14001, ISO 22000, ISO 9001, ISO 9001:2008, ISO/IEC 20000, ISO/IEC 27001, OHSAS 18001, Standards | No Comments »

ISO 9000 Quality Systems Handbook

September 28th, 2009 By The Quality Manager

The latest edition of the ISO 9000 Quality Systems Handbook is the sixth revision of this excellent book by David Hoyle.

It has been updated to cover the changes in ISO 9001:2008 that I have already covered in this blog.

In my view, this is all you need to understand and apply ISO 9000 to your business whether it’s in pursuit of ISO 9001:2008 certification or just business improvement in general. Of course, if you’re a quality consultant and auditor like me you’ll find this weighty tome invaluable.

David’s style, and approach in general to the ISO 9000 series, has always been constructive but direct. If he thinks the standard is unclear or ambiguous, as it is in many places, he says so, why he thinks so, and how best to deal with these failings. In this edition he has even considered the views of John Seddon, a long time critic of ISO 9001 (see his book The Case Against ISO 9000).

The ISO 9000 Quality Systems Handbook now has a new structure.

Part 1 Before You Start puts the ISO 9000 family of standards into context, defines quality and why it is important to organisations. It introduces the management principles on which the standards are based. There is a whole chapter on stakeholders, the importance of whom will become much more apparent when the new version of ISO 9004 is available. This part ends with a practical guide to the use of the ISO 9000 family of standards.

Part 2 Approaches to Achieving, Sustaining and Improving Quality covers six different approaches to getting to the level of quality that will lead to sustained success, the benefits and drawbacks of each approach.

Part 3, 4, 5, 6 and 7 deal with Complying with ISO 9001 Sections Requirements. These are the sections most people will turn to who are trying to achieve ISO 9001 certification. It’s a little bit odd that David couldn’t have put another Part in front of these so that they were numbered the same as the ISO 9001 sections! Each requirement is explained in terms of What Does This Mean? Why Is This Necessary?, How Is This Demonstrated?, so that you not only get to know what the standard says but why it says it and what you need to do to comply with it.

Part 8 System Assessment Certification and Continuing Development provides tools to help you prepare for assessment, how assessments are conducted and how to progress beyond ISO 9001 certification.

It remains to be seen what the effect of the new version of ISO 9004 will be (called ISO 9004:2009 though it’s struggling not to become ISO 9004:2010!). In the meantime, beyond obtaining a copies of ISO 9000:2005 and ISO 9001:2008, this is the only other publication you might need.

Posted in Certification, David Hoyle, ISO 9000, ISO 9004, John Seddon | No Comments »

Preventive Action, Corrective Action and Correction

August 17th, 2009 By The Quality Manager

What’s the difference between corrective action and preventive action? Are separate procedures required by ISO 9001?

The corrective action process is a problem-solving process and the preventive action process is a risk-analysis process.

Corrective action

Corrective action is defined in ISO 9000 as “action taken to eliminate the cause of a detected nonconformity or other undesirable potential situation” and notes that corrective action is taken to prevent recurrence. ISO 9000 also points out that corrective action differs from correction which is defined in ISO 9000 as “action to eliminate a detected nonconformity”. Put simply, if something has gone wrong then the action you take to fix that instance is correction. For example, if a part comes off the production line with a screw missing, then putting the missing screw back is correction. The action you take to stop it happening again is corrective action. Using the same example, making sure the correct number of screws are supplied for each part would be corrective action. It gets confusing when that is referred to as preventing a recurrence. In ISO 9000 terminology that action is not preventive.

Correction

There has to be a problem for you to take corrective action. If no problem exists but there is a possibility that a problem might occur, preventing that potential problem is preventive action.

Preventive action

Preventive action is defined in ISO 9000 as “action taken to eliminate the potential causes of a nonconformity or other undesirable potential situation”. ISO 9000 distinguishes preventive action from corrective action by noting that “preventive action is taken to prevent occurrence” as opposed to recurrence which characterises corrective action. In the example used above, planning the production of the part to ensure that all the screws are fitted would be preventive action.

A risk management process is a good example of preventive action. Assessing the impact and likelihood of a risk occurring and taking action to prevent occurrence is preventive action.

Other examples of methods for identifying potential nonconformities are:

  • trend analysis for process and product characteristic (where a worsening trend indicates a potential problem)
  • monitoring of customer feedback
  • evaluation of problems in similar processes or products
  • planning of new processes and products

Procedure RequirementsNote that in the above discussion, reference is made to ISO 9000 and not ISO 9001. ISO 9000 contains the concepts and terminology on which ISO 9001 is based and is essential reading to gain a full understanding of ISO 9001.

On the question of procedures, ISO 9001:2008 makes it clear that a procedure is required for corrective action and also a procedure is required for preventive action. But there is no stipulation that these should be separate documents (see the NOTE 1 under 4.2.1 in the standard). However, the combination of a corrective action procedure and a preventive action procedure into a single document is not recommended as it then becomes more difficult to clearly separate the two distinctly different approaches. You may also find it difficult to demonstrate to an external assessor that the processes are separate and that you actually perform both types of action.

Posted in Corrective Action, ISO 9001, ISO 9001:2008, Preventive Action | No Comments »

BS 10012:2009 Data Protection – Specification for a Personal Information Management System

August 10th, 2009 By The Quality Manager


The Data Protection Act applies to any organisation in the UK that holds personal information about living individuals. Compliance with the Data Protection Act is required by law and this standard will help you demonstrate compliance.

The BS 10012 standard:

  • provides a framework for developing an infrastructure to maintain and improve compliance
  • allows you to assess your current level of compliance, recognise weaknesses and provide opportunties for improvement
  • enables effective assessment of compliance by internal auditors and external assessors

This is provides in a straightforward format following the management system style of “plan-do-check-act”, also known as the Deming cycle, used in ISO 9001, ISO 14001, ISO 27001, etc.

The standard is available in hardcopy and PDF download for £100 (or £50 for BSI members) from BSI.

BSI also publish a simple guide to the Data Protection Act – Data Protection Pocket Guide – Essential Facts at Your Fingertips.

Posted in BS 10012, BSI, Data Protection, Deming, Deming Cycle, ISO 14001, ISO 9001, ISO/IEC 27001, Plan-Do-Check-Act | No Comments »

Showing ISO 9001 Compliance

July 20th, 2009 By The Quality Manager


This spreadsheet was created in Excel 2007 to illustrate a simple way of showing how compliant an organisation is with the clauses of ISO 9001.

It uses the icon sets in Microsoft Excel and the MIN function to map compliance across each clause and subclause of ISO 9001.

Each subclause is scored 1 for non-compliant resulting in a red button, 2 for partially compliant resulting in yellow button and 3 for fully compliant resulting in a green button.

For each grouping of subclauses, the minimum score for each subclause determines the overall score. For example, subclauses 5.5.1 and 5.5.3 are fully compliant but 5.5.2 is only partially complaint so 5.5 is partially compliant.

This works up all the way to the main clauses – 4, 5, 6, 7 and 8.

Clause 5 is non-compliant because 5.3 is non-compliant even though all the other subclauses are either fully compliant or partially compliant. For example, subclause 5.5.1 is partially compliant but 5.5.3 is fully compliant.

The Microsoft Excel 2007 file used to create the above diagram will be sent to you if you provide your email address in a comment below. The spreadsheet does not work with earlier versions of Excel as they do not have the icon set that is used in this example.

Posted in Compliance, ISO 9001 | No Comments »

Welcome!

June 29th, 2009 By The Quality Manager


Since 1989, when I established Parker Quality Consultants to help organisations to maintain and improve their quality management systems and to achieve ISO 9001 Certification, I have worked in a wide variety of markets with companies from the very smallest to some of the largest.

With the launch of a new website planned, this seems a good time to start to bring quality matters, as I see them, to a wider audience.

I plan to bring you the latest news in the quality world. I’ll try to dispel some of the myths surrounding ISO 9001 and explain how you can improve your quality auditing. I’ll let you know what’s happening in the world of quality standards – including the already launched 2008 version of ISO 9001 and the soon to be published revised ISO 9004. I’ll also be recommending some books and websites to help you along the way.

Stay tuned and thanks for reading!
David R Parker
Quality Consultant

Posted in Certification, ISO 9001, ISO 9004 | No Comments »