Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
ISO 9001:2008
WHITE PAPER
October 29, 2014
Table of contents
0. INTRODUCTION .................................................................................................. 4
1. PROCESS AND PROCESS APPROACH................................................................... 4
1.1.
1.2.
0. Introduction
Management systems are often seen as difficult administrative burdens that have marginal contribution to
business. Many organizations with integrated management systems havent effectively defined processes and
havent taken necessary actions. This could be because they think that ISO 9001 separates them from the way
they do their business, and limits their management system to simple checklists and work instructions. By
sticking to these beliefs, organizations are missing significant opportunities to improve their business.
This handbook is meant for management representatives in organizations that decided to implement ISO
900. For easier understanding of standards requirements and how to implement them, the main chapters
(from 4 to 8) are ordered the same way as in the standard.
Process is usually defined as a group of repeatable, interactive activities that consume resources and are
managed in such a way as to allow transformation of input into output elements.
Process approach adding business value and minimizing risk, is an application of the process system
within an organization, together with identification and interaction of processes and process management in
order to achieve desired results.
When activities and related resources are managed as a process, then the process approach is an overview of
sequences and interactions of processes, their inputs and outputs. It refers to the management system not
only as a document, but as an active process system that refers to business risks and customer requirements.
A process-based audit will bring questions such as: Who is the process owner? and What are your
customer requirements? rather than Show me your procedures.
Input is something that starts a process, like employees, resources, and machines. There are usually
multiple inputs to a process.
Output is the result of a process; it can be desired (product and/or service) or undesired (pollution, noise,
gas emissions, etc.). The output of one process can be an input into the next one.
1.2.
Besides using a process approach, every organization that wants to certify its management system must
comply with the requirements of the standard, but the standard alone doesnt add value to an organization,
or benefits to upper management.
A process-based management system is a useful tool that provides continuity through operations, creating a
link between policies, requirements, performances, objectives, and actions.
Input elements
(Specified requirements and resourcesI)
Monitoring and
measurement
Control
- Documents
- Work instructions
- Diagrams...
Output elements
EMS
Undesired output
- Waste
- Write offs
- Noise and vibrations Emissions
Desired output
- Product/Service
- Input to another process
OHSAS
Process effectivenes =
Process efficiency =
A process approach is a good way to organize and manage activities in order to create value for users and
other interested parties.
End users or other interested parties are not known to everyone in the organization. That is the reason why
the higher priority often is given to accomplishing short-term objectives of organization units rather than
dealing with problems emerging in interactions between organization units. This leads to small or negligible
improvement for interested parties, since the focus is on functions rather than the intended result.
The process approach introduces horizontal management by removing obstacles between different operation
units and unifying their objectives into main objectives of the organization.
Organizational performance can be improved by using a process approach. The process should be managed
as a system, by creating and understanding related processes and their links.
2. Process planning
2.1.
Process establishment
The following methodology can be used for every type of process, though this series of steps represents just
one method, which isnt the only prescribed method. Some of the steps can be performed simultaneously.
Process planning may include the following steps in the process approach:
1)
Determine activities inside of process determine all activities necessary for accomplishing the
intended output elements of the process.
Tip: Define all required input and output elements of the process. Determine all activities needed for
transforming input elements into desired output elements; define their order and interaction and method of
performing each activity.
Note: In some cases, user can specify the method of process realization.
2) Determine requirements for monitoring and measurement determine where and how the
measurement should be applied. This refers to management and improvement of the process and its
intended output elements.
Tip: Identify measurements and monitoring criteria for process performance in order to determine process
effectiveness and efficiency, considering elements such as:
Compliance with requirements
Customer satisfaction
Suppliers performance
Timeliness of delivery, the best time, the number of failures per time unit
Waste
Process expenses
Incident frequency
3) Determine needed resources determine consumption of resources for effective realization of each
process.
Tip: Examples of resources:
Human resources
Infrastructure
Work environment
Information
Natural resources
Materials
Financial resources
4) Verify process and its activities related to planned objectives confirm that the characteristics
of the process are consistent with the purpose of the organization.
Copyright 2014 9001Academy. All rights reserved.
Tip: Verify that all requirements are identified and fulfilled; if not, consider what additional activities are
needed to improve the process.
2.2.
Process analysis
Information acquired during measurement and monitoring of processes is analyzed and evaluated in order to
quantify process performances. When appropriate, statistical methods should be used.
Information about process performance is compared with defined process requirements in order to confirm
process effectiveness and determine the need for corrective actions.
Opportunities for process improvement are identified based on results of process information analysis.
The conclusion of the process analysis is reported to top-level management and to other relevant staff in the
organization, if appropriate.
3. Customer-focused organization
Customer focus imbues the standard and represents the base on which the standard is created; ISO
9001:2008 emphasizes customer satisfaction through fulfillment of its requirements. This can be realized
through the following steps:
1) Defining customer/client requirements for (product/service) availability, delivery, supporting
services, specifications, and performance.
2) Determining customer requirements emerging from contractual, legal, or regulatory requirements.
3) Conducting customer requirements review before organization obliges itself to deliver
product/service. The review should ensure that requirements are defined, documented, or confirmed
in another way, that all differences are resolved, and that the organization is capable of delivering.
4) Maintaining records that emerged from the review and the steps that follow.
5) When customer requirements for products/service are changed, the organization must change the
appropriate documents and notify people involved.
6) Determining communication channels with customer/client for information regarding product
information, requirements, contracts, orders, and feedback from customer/client.
7) Reviewing and evaluating all implemented elements.
General
Defining the purpose of the organization The organization should identify its users and other
interested parties; as well as their requirements, needs, and expectations in order to determine its
intended output elements.
Defining policy and objectives of the organization The organizations policy should be based on
analysis of requirements, needs, and expectations. The policy should provide the framework for
establishing the organizations objectives.
Document. The organization must determine process documentation, i.e., determine which processes need
to be documented. The main purpose of documentation is to enable consistent and stable process execution.
Determining which processes should be documented should be based on:
Process documenting can be done using several different methods: graphical, written instructions, control
charts, flowcharts, etc.
Apply and maintain quality management system. Once you have documented your QMS, you must
behave in the way you defined within your QMS documentation.
Continually improve QMS effectiveness. Continual improvement is ongoing activity to increase
capability to fulfill planned requirements set by the QMS.
Further, this clause requires the organization to:
Determine processes necessary for the quality management system and apply them
throughout the organization. These processes include management, resources, realization and
measurement, analyzing, and improvement. The organization must manage these processes and appoint a
process owner for each process. Top-level management must determine individual roles and responsibilities
to ensure application, maintenance, and improvement of each process and its interaction with other
processes.
Determine order and interaction between processes. While determining order and interactions
between processes, the following should be considered:
-
Determine criteria and methods needed to ensure process execution and effectiveness of
process management. (see chapters 7 and 8)
Ensure availability of resources and information needed for support of processes and their
monitoring. (see chapter 6)
Monitor, measure and, when appropriate, analyze the processes. (see chapter 8)
Apply actions needed for accomplishing planned results and continuous process
improvement.
4.2.
Document requirements
4.2.1. General
The QMS must be documented and the volume of documentation suited to the organizations needs, size and
type of activities, processes, and employees competence.
QMS documentation contains:
a) Documents explicitly required by ISO 9001:2008 Quality Policy, Quality Objectives, Quality Manual
and 6 mandatory procedures and 21 mandatory records.
b) Documents and records defined by the organization as necessary procedures describing processes,
instructions for some activities, flowcharts, quality plans, records of monitoring and measurement,
etc.
Purpose and scope defines the organization and its organizational structure, responsibilities and
authorities, location, and its business
Details about exclusions and their justification (exclusions can be made only in clause 7)
Procedures or reference to them the Quality Manual can contain all procedures or refer to procedures
Description of interactions between processes this is usually given through a process model or
process map, which can be part of the Quality Manual or given as a separate document
5. Management responsibility
5.1.
Management commitment
QMS implementation is your strategic decision that demonstrates your commitment to development and
application of the QMS and continual improvement of its effectiveness. This commitment must be
demonstrated through informing the organization about the importance of fulfilling customer requirements,
Copyright 2014 9001Academy. All rights reserved.
compliance with legal and other requirements, establishing a quality policy and objectives, conducting
management reviews, and providing needed resources.
5.2.
Customer focus
In the QMS process model, the users make requirements for a product on one side, and demonstrate their
reaction by expressing their satisfaction with the product on the other side. Those requirements must be
identified and fulfilled in a way that increases customer satisfaction.
5.3.
Quality policy
The quality policy is a high-level document containing statements about the general direction of the
organization, and its commitment to quality and customer satisfaction. It provides a framework for quality
objectives and must be communicated to employees in a way they understand.
5.4.
Planning
5.5.
10
The top-level management must appoint one of its members to be the management representative who will,
besides his regular duties, perform activities related to the QMS. The management representative cant be
someone outside the organization, and if the organization has multiple locations, it can appoint management
representatives for each location who are subordinate to one head management representative.
5.6.
Management review
5.6.1. General
At least once a year, the top-level management must review the QMS in order to determine its:
Appropriateness does it serve its purpose and satisfy the needs of the organization?
Adequacy does the QMS conform to standard requirements?
Applicability are activities performed according to procedures?
Effective does it accomplish planned results?
This review must evaluate possibilities for improvement and needs for changing the QMS, quality policy, and
objectives.
The difference between the management review and an audit is that results from an audit represent input
elements for the management review, just like data analysis (clause 8.4 of ISO 9001:2008).
11
Changes that can influence the QMS. Management review can be undertaken several times if changes
in a process or product are planned or implemented. This review must ensure that your QMS is adequate and
applied before and after the change.
Recommendations for improvement. Recommendations for improvement can come as the result of an
audit, or can be stated by a process owner and/or employees. The top-level management should consider
those recommendations, taking into account the time and financial aspects.
6. Resource management
6.1.
Provision of resources
You must provide resources (people, finance, infrastructure, etc.) in order to apply and maintain the QMS
and continually improve its effectiveness, and increase the level of customer satisfaction through fulfillment
of their requirements. Resources need to be reviewed periodically (especially if you increase business
volume) to determine whether the available resources are enough or if you need to provide more.
6.2.
Human resources
6.2.1. General
It is necessary to have a list of all jobs and their descriptions with necessary competence and defined
responsibilities for the entire organization.
12
In order to reach necessary competence, the standard allows you to, besides training, take other actions.
Such action can be, for example, to hire already trained and competent employees or to outsource some
activities and processes.
Also, you must evaluate the effectiveness of undertaken actions. Criteria for effectiveness can be the number
of employees who successfully completed training, whether the training is performed according to plan, etc.
Each training must be backed with appropriate records (record of attendance, certificates, etc.) and entered
into the employees personnel file.
6.3.
Infrastructure
The infrastructure includes buildings, workspace, equipment, process equipment (hardware and software),
and support services. Many requirements for infrastructure could be included in legislation.
6.4.
Work environment
Working conditions (humidity, noise, light, temperature, vibration, etc.) are also, in most cases, defined by
legislation.
7. Product realization
7.1.
All activities regarding product realization must be planned, as well as the method of realization, for example
defining quality objectives, product requirements, customer requirements, and product acceptance criteria.
Outputs of product realization planning can be quality plans, project plan, etc.
7.2.
Customer-related processes
Requirements specified by user, including requirements for delivery and after delivery activities. The
customer usually defines its requirements in the order, contract, or agreement. Delivery activities
include defining means of transport and deadlines, and post-delivery activities are related to
installation, maintenance, or some other contractual obligation.
Requirements that the customer hasnt stated, but are necessary for specific or intended use. Those
are requirements that the organization recognized and implemented into the product (for example
instruction manuals, safety requirements, etc.).
13
Legal and regulatory requirements regarding product. Many products must fulfill certain legal
requirements, such as maximum concentration of substances or functional and safety characteristics.
Fulfillment of such requirements is mandatory and it is usually proven by reports from (accredited)
laboratories.
All additional requirements that the organization find necessary. Besides the above mentioned, the
organization can define some additional product requirements.
7.3.
This clause refers to design and development management, from initial idea to final acceptance of product.
ISO 9000 explains that the terms design and development are often used as synonyms, and sometimes
define different phases of overall design and development. This means that design cant be used apart from
development, and that they represent one single process.
14
7.4.
Purchasing
These requirements are usually directed at suppliers that need to deliver you key products/services, and
verifying compliance with requirements is conducted on the premises of the suppliers.
15
The organization must ensure that purchased product suits its requirements; in some cases, the organization
can conduct the monitoring and measurements at the premises of the suppliers. Such verification must be
part of the contract with the supplier.
7.5.
16
Materials, equipment, personal data, or intellectual property given by the customer for product realization,
represents customer property. If this property is lost, damaged, or unfit for use, the customer must be
notified and communication must be recorded.
7.6.
Monitoring is the activity of observation and supervision (audit) for some time period. That can, but does not
necessarily, result in measurement data. Monitoring gives a status indication or status change. It can be done
by person or device.
Measuring is defined as a set of operations aiming to determine the value of a quantity. Equipment for
measuring may (or must) be calibrated, while equipment for monitoring may be validated, but not calibrated.
If measuring equipment is invalid, it must be determined at what stage the malfunction occurred to
determine eventual consequences.
The organization must maintain records about calibration and verification of measuring equipment.
General
This requirement should not be equated with the requirement for managing equipment for monitoring and
measuring from clause 7.6 of the standard. This is about a wider aspect of monitoring and measuring.
Information derived from monitoring, measurement, and analysis represents input in the process of
improvement and management review.
8.2.
17
The goal of an internal audit is not to determine nonconformity; its goal is to check whether your QMS:
a) Complies with the requirements of ISO 9001 and requirements of your organization
b) Is effectively implemented and maintained
At the end of the audit you will get audit results by evaluating data you collected during the audit. Audit
results can be manifested as: praise, recommendations for improvements, and nonconformities (major and
minor). Verification of taken actions can be needed, and in that case the next step is a follow-up audit.
A documented procedure for internal audit must be established and records about internal audits must be
kept.
8.3.
Product that does not conform to product requirements can be detected during the realization process (while
is still at the supplier) delivery must be stopped, or after delivery (when it is at the customer or on the
market) undesirable use must be prevented. For managing products that have a nonconformity, an
appropriate procedure must be established that suits the needs of the organization, and appropriate records
should be kept.
Non-conforming product must be treated by one or more of the following ways:
1)
18
Subsequent approval is approval for use or acceptance of product that does not conform to the specified
requirements. If it is determined that requirements for product safety, microbiological and chemical
parameters are above determined values, product use cant be subsequently approved.
2) Taking actions to stop its original planned use or application.
By applying this action, the product is given write-off status and a decision for its recycling or destruction is
made.
If there is the assessment that nonconforming product will result in serious consequences for the user (for
example: injury, disease, death) or can affect a wider geographical area, a decision about informing the public
and product withdrawal must be made.
8.4.
Analysis of data
During planning and maintaining your QMS, you will create a variety of different data; you must group and
analyze them in such a way that you can discover some trends that may indicate problems in your QMS, and
show you space to improve. Results can be input in a management review.
8.5.
Improvement
19
Defining and application of necessary actions. When defining corrective action or priorities for
implementing more corrective actions, you should apply it, define the person responsible for its
implementation, and ensure the objectives prove that the action is implemented (bill, report, photo, etc.).
Recording results of actions taken. Appropriate records about the results of actions taken must be kept.
Based on these results you can define the status of a corrective action (for example: implemented partially, in
whole, etc.); also, you should take into account the results and status of previous corrective and preventive
actions.
Reviewing effectiveness of actions taken. Actions taken will be effective if there is no reoccurrence of
nonconformity.
20
Email: info@9001academy.com
Phone: +385 1 48 34 120
Phone (for U.S. customers): +1 (646) 797 2744
Fax: +385 1 556 0711
21