Integrating your management systems

January 18th, 2010 By The Quality Manager

As organisations adopt more formal management system standards (such as ISO 9001, ISO 14001, ISO/IEC 27001 and ISO/IEC 20000) these are frequently implemented as standalone systems.

However, there are 6 common elements in these management system standards that can be managed as a integrated management system across all these standards (including ISO 22000 and OHSAS 18001 as well) to the benefit of the whole organisation.

These common elements are:

  1. Policy
  2. Planning
  3. Implementation and operation
  4. Performance assessment
  5. Improvement, and
  6. Management review

Although each standard has its own specific requirements that need to be addressed, these six elements are present in all the above management system standards. ISO is working, through its ISO Guide 72, to ensure not only that these elements exist in all management system standards, but that they have the same clause numbers in each standard.

PAS 99:2006 Specification of common management system requirements as a framework for integration has been produced to help organisations benefit from consolidating the common requirements. If your organisation has adopted, or is adopting, more than one of these standards, the use of this integrated approach can reduce duplication and complexity and make internal and external audits more effective and efficient.

Posted in Audits, Certification, ISO 14001, ISO 22000, ISO 9001, ISO 9001:2008, ISO/IEC 20000, ISO/IEC 27001, OHSAS 18001, Standards | No Comments »

ISO 9001:2015

November 4th, 2009 By The Quality Manager

This may be a bit of a surprise when we’re just getting used to ISO 9001:2008 but the next version of ISO 9001 is now being considered and it’s likely to be 2015 before it’s published.

The committee responsible for ISO 9001 is in the early stages of working out what changes need to be made in the next version of the standard. The first version of ISO 9001 (1987 version) took 7 years to develop. The 1994 edition took another seven years and the major revision ISO 9001:2000 took 6 years. The 2008 version, which had only minor changes, took another 8 years (though that was more to allow the 2000 version to settle rather than the scale of changes in ISO 9001:2008).

The next version could therefore be as early as 2013 but 2015 seems more likely.

One of the difficulties to be faced in the next version is the increase in the number of “management system standards”. ISO 9001 was the first but was followed by others such as ISO 14001 for environment management systems. ISO has stated that all management system standards need to be aligned to the extent that they have as far as possible identical clause titles, sequence of clauses, definitions and as much identical text as feasible.

This drive for commonality amongst the management system standards may detract from the need to include new ideas in ISO 9001. One of the criteria for developing ISO 9001:2000 was that no “new” requirements were added – it was more of a structural change. So many of the concepts in ISO 9001:2000 and the 2008 edition are unchanged from the 1994 version and if the next version doesn’t appear until 2015, and no new concepts are introduced it will contain concepts that are over 20 years old!

In the post about David Hoyle’s ISO 9000 Quality Systems Handbook, I mentioned that the book is openly critical of ISO 9001’s inconsistencies. So, despite the fact that ISO 9001 has become a worldwide baseline for quality management, there are lots of improvements that could be made.

For example, the purpose of ISO 9001 is still largely misunderstood. It is not a “model quality management system”. To many organisations and consultants that advise them seem to think that paraphrasing the ISO 9001 standard is the correct way to document a quality management system. ISO 9001 is a list of the requirements that a quality management system shall meet to enable it to be assessed. It is not a documented quality management system (that’s just one of the requirements to be met).

Another improvement would be to deal with the challenge that ISO 9001 stifles innovation by placing a greater emphasis on compliance that on improvement.

How can you influence what goes in the next version of ISO 9001? Get in touch with your national standards body – the British Standards Institution in the UK – or email the UK representative on the ISO committee Charles.Corrie@BSI-global.com

Posted in ISO 9001, ISO 9001:2008, ISO 9001:2015 | No Comments »

ISO 9004:2009

August 24th, 2009 By The Quality Manager

The latest draft of ISO 9004 has received broad approval and the final draft of this International Standard (FDIS) is due to be released at the end of August 2009 with the publication of the revised standard in October or November 2009.

ISO 9004 has a new title “Managing for the sustained success of an organisation – A quality management approach” and is shorter than its predecessor, ISO 9004:2000 at 44 pages compared to 56. This reduction is in part due to the removal of the ISO 9001 text that appeared at the start of each section. Although ISO 9001 and ISO 9004 are still “a consistent pair” of standards, ISO 9004 no longer has the same clause by clause naming as ISO 9001. This helps to emphasise that it is not a guide to ISO 9001.

The contents of ISO 9004 (at the draft stage) are:

1. Scope
2. Normative references
3. Terms and definitions
4. Managing for the sustained success of an organisation
5. Strategy amd policy formulation, planning and deployment
6. Resource management
7. Process management
8. Monitoring, measurement, analysis and review
9. Improvement, innovation and learning
Annex A – Self-assessment tool
Annex B – Quality management principles
Annex C – Correspondence between ISO 9004-2009 and ISO 9001:2008
Bibliography

The aim of ISO 9004 is to help users of ISO 9001 to obtain long-term benefit from a broader, in-depth, quality management system (QMS) based on their existing QMS. It uses the same quality management principles as ISO 9001. It is not to be used for assessment or certification purposes.

ISO 9001 focusses on customers. ISO 9004 extends the focus to include all interested parties including society, suppliers, employees and shareholders.

One of the main areas of comment on the ISO 9004 draft has been the relationship between the main body of the standard and the guidance on self-assessment in the annex. This self-assessment is based around 5 maturity levels (now, where have we come across that before?)

  1. Beginner – focus is on products, processes are ad-hoc, results not predictable, improvement actions forced by customers
  2. Proactive – QMS implemented, corrective and preventive actions well-organised
  3. Flexible – process management implemented, predictable results, strategy focussed on customers and some other stakeholders
  4. Progressive – balanced focus on all stakeholders, consistent positive results, continual improvement based on learning and sharing of knowledge
  5. Successful - capable of maintaining good performance over time and developing further in the long term

From this it would seem that an organisation that has just been certified to ISO 9001 would not be higher than Level 2.

In addition to the ISO 9004 standard, a guide to this self-assessment tool is being produced along with an implementation guide for ISO 9004:2009.

When the final draft International Standard (FDIS) is available further detail will be provided.

Posted in ISO 9001:2008, ISO 9004:2009 | No Comments »

Preventive Action, Corrective Action and Correction

August 17th, 2009 By The Quality Manager

What’s the difference between corrective action and preventive action? Are separate procedures required by ISO 9001?

The corrective action process is a problem-solving process and the preventive action process is a risk-analysis process.

Corrective action

Corrective action is defined in ISO 9000 as “action taken to eliminate the cause of a detected nonconformity or other undesirable potential situation” and notes that corrective action is taken to prevent recurrence. ISO 9000 also points out that corrective action differs from correction which is defined in ISO 9000 as “action to eliminate a detected nonconformity”. Put simply, if something has gone wrong then the action you take to fix that instance is correction. For example, if a part comes off the production line with a screw missing, then putting the missing screw back is correction. The action you take to stop it happening again is corrective action. Using the same example, making sure the correct number of screws are supplied for each part would be corrective action. It gets confusing when that is referred to as preventing a recurrence. In ISO 9000 terminology that action is not preventive.

Correction

There has to be a problem for you to take corrective action. If no problem exists but there is a possibility that a problem might occur, preventing that potential problem is preventive action.

Preventive action

Preventive action is defined in ISO 9000 as “action taken to eliminate the potential causes of a nonconformity or other undesirable potential situation”. ISO 9000 distinguishes preventive action from corrective action by noting that “preventive action is taken to prevent occurrence” as opposed to recurrence which characterises corrective action. In the example used above, planning the production of the part to ensure that all the screws are fitted would be preventive action.

A risk management process is a good example of preventive action. Assessing the impact and likelihood of a risk occurring and taking action to prevent occurrence is preventive action.

Other examples of methods for identifying potential nonconformities are:

  • trend analysis for process and product characteristic (where a worsening trend indicates a potential problem)
  • monitoring of customer feedback
  • evaluation of problems in similar processes or products
  • planning of new processes and products

Procedure RequirementsNote that in the above discussion, reference is made to ISO 9000 and not ISO 9001. ISO 9000 contains the concepts and terminology on which ISO 9001 is based and is essential reading to gain a full understanding of ISO 9001.

On the question of procedures, ISO 9001:2008 makes it clear that a procedure is required for corrective action and also a procedure is required for preventive action. But there is no stipulation that these should be separate documents (see the NOTE 1 under 4.2.1 in the standard). However, the combination of a corrective action procedure and a preventive action procedure into a single document is not recommended as it then becomes more difficult to clearly separate the two distinctly different approaches. You may also find it difficult to demonstrate to an external assessor that the processes are separate and that you actually perform both types of action.

Posted in Corrective Action, ISO 9001, ISO 9001:2008, Preventive Action | No Comments »

ISO 9001:2008

August 3rd, 2009 By The Quality Manager

The fourth edition of the ISO 9001 standard “ISO 9001:2008 Quality Management Systems – Requirements” was published in November 2008.

This was a minor amendment rather than a revision and was meant to clarify the standard to address feedback on the use of the standard over the eight years since the major revision in ISO 9001:2000.

The amendments include:

  • 0.1, 1.1, 1.2 The term “regulatory” in relation to requirements has been changed to “statutory and regulatory”.
  • 0.2 The term “identify” has been changed to “determine” implying that rather than just recognising and establishing something, a degree of reason needs to be applied and a decision reached.
  • 4.1 The requirement to “measure” in subclause e) has been changed to “measure (where applicable)”. Some organisations believed they needed to measure every process.
  • 4.1 The reference to outsourced processes also now requires them to be “defined” and not just “identified”. In the Notes it is now made clear that processes need to include those for analysis and improvement. Also in the Notes it is made clear that an outsourced process is one that is needed for the organisation’s quality management system but the organisation has decided to have it performed by an external party. A new note identifies the factors that influence the control of an outsourced process. All these changes require much more careful thought about outsourcing. 7.4.1 is equally applicable to outsourcing.
  • 4.2 A note has been added to say that more than one procedure requirement may be covered in a single document. For example, the separate requirements for a procedure for corrective action and a procedure for preventive action may be met in a single document. The ISO 9001 requirement for six procedures does not mean six documents.
  • 4.2.3 Subclause f) has been amended to make it clear that only those external documents needed for the planning and operation of the quality management system need to be identidied and controlled – not all external documents.
  • 5.5.2 The management representative must be a member of the organisation’s own management. Some organisation outsourced this role to a different organisation or to a quality consultant. This is now not allowed.
  • 6.2.1 A clarification has been made to the effect that anyone performing work that impinges on product requirements needs to be competent. The implication before was that only quality control and quality assurance staff needed to be competent.
  • 7.1 Measurement has been added as a required activity in the planning of product realisation. A new note aims to ensure that organisations take full account of post-delivery activities in product realisation.
  • 7.3.3 A new note reminds organisations that in considering design and development output, the product packaging needs to be considered.
  • 7.6 A new note explains that confirmation of software used in monitoring and measuring would include verification and configuration management.
  • 8.2.1 A new note has been added to illustrate some of the ways of monitoring customer satisfaction other than carrying out customer satisfaction surveys which were often seen as the only way of meeting this requirement.
  • 8.2.2 The requirement is to keep records throughout the audit and not just the report produced at the end of the audit. The need to apply immediate correction of any nonconformity is made clear in addition to any corrective action to be taken later.
  • 8.2.3 The monitoring and measurement of processes needs to be appropriate to the process, the impact on requirements, and the effectiveness of the quality management system. Again, not just measurement for measurement’s sake.
  • 8.2.4 Evidence of release of product is rquired only when it is released to the customer – not at each stage of the process leading up to delivery.
  • 8.3 It is now made clear that one or more of the four ways of dealing with a nonconformity can be used as applicable. This section is worth re-reading as the text has been reorganised to make its intent clearer. In particular the requirement for dealing with rework is clarified.
  • 8.5.2 and 8.5.3 It is now clear that the effectiveness of corrective and preventive action needs to be verified and not just that actions have been taken.

Annex A has been brought up to date to reference ISO 14001:2004. Annex B now shows the correspondence of ISO 9001:2008 with ISO 9001:2000 rather than with ISO 9001:1994 as this is no longer relevant.

The list of standards in the Bibliography has been brought up to date.

Many sections of the 2000 version remain unchanged in the 2008 amendment including:

  • 4.2.2 Quality manual
  • 5.1 Management commitment
  • 5.2 Customer focus
  • 5.3 Quality policy
  • 5.4 Planning
  • 5.5.1 Responsibility and authority
  • 5.5.3 Internal communication
  • 5.6 Management review
  • 6.1 Provision of resources
  • 7.2.3 Customer communication
  • 7.3.4 Design and development review
  • 7.3.5 Design and development verification
  • 7.3.6 Design and development validation
  • 7.3.7 Control of design and development changes
  • 7.4 Purchasing
  • 8.5.1 Continual improvement

Organisations with ISO 9001:2000 certificates need to be compliant with ISO 9001:2008 by December 31st, 2009. You should contact your certification body to help with this. In most cases they will audit you against the new version of the standard at your next surveillance visit.

If you would like your quality management system assessed against ISO 9001:2008 please leave your a comment below and we will get in touch. Please also get in touch via a comment below if you require further information on any of the changes in ISO 9001:2008.

Posted in ISO 9001, ISO 9001:2000, ISO 9001:2008 | No Comments »