Q: My company is a small manufacturer that makes one product that I designed and engineered. We have a contract to produce the part for a much larger company. The larger company wants us to become certified to ISO 9001:2008 Quality management systems — Requirements. The company has sent its auditor/Six Sigma black belt to our plant for the third time and stated that our operators (three employees, myself included) are not trained because the training matrix is not filled out.
The auditor also stated that our work instructions are not adequate, that our process flow charts are not good enough, and that our forms (all five forms we use in-house) are not compliant because they lack a form number printed on them. Is there a clear definition of what is required by ISO on any of these items?
We currently have a 2.5 percent nonconformance rate on our parts. These are identified at our 100 percent inspection points – at three, four, or five. Out of the 2.5 percent nonconformance, the 2 percent are able to be reworked and the 0.5 percent is scrapped.
A: Your question has several layers so I will try to offer what answers I think will help.
To begin with, I have to assume that you have a copy of the ISO 9001 standard. If you do not have a copy, you must get one.
At the same time, it would benefit you to acquire the services of a consultant or you can purchase one of the many books that are available which would help you along the way.
(Editor’s note: Browse a list of popular ISO 9001 titles below this Q&A)
Now, in ISO 9001:2008, clause 6.2.2 states that you “shall” do five things with regard to competence, training and awareness.
In ISO documentation, the word “shall” indicates a requirement. Basically, you are required to identify (document) the training requirements of those whose work can affect conformity to product requirements. There is nothing in the standard that says you must have a “matrix.”
You must have a record showing the training has been completed and of its effectiveness. You must also verify each employee’s competence in doing his/her job on their own. Competence is important. Keep that in mind.
You mentioned in your inquiry that your customer states your work instructions are not adequate, that the process flow charts are not good enough, and that your forms are not compliant because they lack a form number printed on them.
To begin, the standard requires just six documented procedures.
- Clause 4.2.3 Control of documents
- Clause 4.2.4 Control of records
- Clause 8.2.2 Internal quality audits
- Clause 8.3 Control of nonconforming product
- Clause 8.5.2 Corrective action
- Clause 8.5.3 Preventive action
Your written procedures need to be compliant with the standard they are for. (By the way, Most companies have more than just six documented procedures, as it helps their Quality Management System to operate more efficiently)
As for process flow charts I am thinking you are referring to work instructions. The 9001:2008 standard says that work instructions should be available “as necessary.” If you have work instructions written and they are readily available, the auditor should have no cause for concern there.
In addressing your mention of “flow charts,” in all fairness, I cannot respond completely without actually seeing the flow charts in question. If you mean the process flow charts which often accompany a documented procedure to show a “map” of the process, then you should read clause 4.1 of the standard. You would find that you are required to show “interactions” of the processes. There are no actual ISO requirements for flow charts, but many companies use that format to show the interactions, often in their quality manual. You would need to determine if flow charts are needed to ensure consistent quality.
Finally, let’s talk about forms. How you control your forms or the format should be mentioned in your document control procedure (4.2.3).
Each type of form would need a title, a revision number or letter, and a revision date. Having a record of these makes it easy to identify which version of a document you are using and if it is the correct revision.
I know that approaching ISO compliance can seem like a bigger than life challenge at first. However, for every step you take, you will realize that standards are beneficial and not nearly as complicated as they might first appear to be. As noted above, you might want to consider a consultant and/or acquire some reference material. Your customer’s auditor can become a friendly associate.
As a senior member of ASQ, I salute you for running a business dedicated to quality.
ASQ Senior Member, CQT, CQI
ASQ Quality Press books to help you implement ISO 9001:
This handbook was developed to help small and medium-sized organizations better understand ISO 9001:2008. It is intended to facilitate implementation and improvement. The establishment, implementation, and maintenance of an ISO 9001–compliant quality management system (QMS) should allow the organization to experience multiple benefits beyond the achievement of certification. Organizations should also see improvements in the quality of products, customer satisfaction, and process effectiveness—all of which ultimately have a positive impact on the bottom line.
The purpose of this field guide is to assist organizations, step by step, in implementing a quality management system (QMS) in conformance with ISO 9001:2008, whether from scratch or by transitioning from ISO 9001:2000. It examines each sub-clause of Sections 4–8 of ISO 9001:2008, which contain the requirements, and gives a list of the documentation/documents required, internal audit questions, a summary of management’s responsibilities, and a flowchart of the steps that need to be undertaken to satisfy the requirements. It also includes a sectional cross-evaluation that shows where the requirements in each sub-clause within ISO 9001:2000 appear in ISO 9001:2008.
This book explains the meaning and intent of the requirements of ISO 9001:2008 and discusses the requirements as they relate to each product category. Where appropriate, it elaborates on why the requirements are important. It includes a list of typical audit-type questions that an organization may use to appraise compliance with the requirements.