ISO 9001 Clause 7.5.1 Work Instructions

Mr. Pareto Head and standard work

Q: Within my organization there has been much debate on what a work instruction is. The term work instruction is not defined in the ISO 9001-2008 Quality management systems—Requirements standard (appears in clause 7.5.1).

Our question is that if the organization is providing services such as maintenance and repair of the customer’s equipment, and the customer provides maintenance and repair manuals and publications for this equipment to the organization, would this literature satisfy the requirements of ISO 9001:2008 as work instructions? Any assistance provided would be greatly appreciated.

A: You are correct when you state that “work instructions” is not defined in ISO 9001:2008, nor is it in ISO 9000:2005 Quality management systems–Fundamentals and vocabulary.

Terms are not defined by the Technical Advisory Group (the standard developers)  when it is felt that the general accepted usage is clear and unambiguous. Such is the case with this term. A work instruction is simply what the name implies, instructions to do work. Written instructions might not be necessary and so the phrase “as necessary” is in the text of the standard. It depends on your specific situation.

The challenge to comply with the requirements of clause 7.5.1 is not in the definition (or lack of definition) of work instructions. It is planning and carrying out production and service work under controlled conditions.

Are your work processes controlled? This clause identifies six elements that need to be considered. Work instructions are one of the six elements. Do your operators know what to do? Are they trained? Do they need written instructions? In general, you must make this call, not an auditor. If you are challenged by an auditor, you need to be able to defend you position. But there is no hard and fast rule here.

Let me note that telltale signs of lack of control are frequent errors, defects and rejects. This indicates to an auditor that you don’t have a controlled process. You need to tighten things down including addressing those of the six elements that are at the root cause of your process failures. You might need work instructions or improved work instructions based on process performance.

You mention that your organization maintains customer equipment and that the customer provides manuals. These manuals might be adequate. They might not. Let’s say that part of your maintenance is changing the oil on a gasoline engine. The manual, hopefully, states when this needs to occur. It might not. You probably need to establish a maintenance schedule for changing the oil and lubricating the machine, recording when this is done. Do you need a detailed work instruction on how to change the oil? Probably not. However, the machine might be complicated and have many lubrication points, a number of them not at all obvious. In such a case, a simple work instruction might be useful.

The key is to control your process and use whatever is needed to do so.

Joe Tsiakals
Voting member of the U.S. TAG to ISO/TC 176 (ASQ)
Voting member of the U.S. TAG to ISO/TC 210 (AAMI)

Ask A Librarian

ISO 9001 Clause 8.2.3 and 8.4

Checklist, Conformity, Go/No Go, Inspection, ISO 9001

Question

Our quality management department, of which I am the lead internal auditor, has a question that we have been debating for some time:

How do we apply ISO 9001:2008 Quality Management systems-Requirements, clause 8.2.3 Monitoring and measurement of processes and 8.4 Analysis of data, in a non manufacturing organization?

Our organization is primarily software, software modification of COTS that is implemented into our products, and applications modified for our business unit’s use.

My specific questions are:

1. How is the effectiveness of process improvements measured.

2. What methods of measurement do we use to capture the effectiveness?

3. Is there a check sheet or report form available that would guide us on how to apply these two requirements?

Thank you for your assistance in this matter. We want to implement a methodology for capturing measurement and effectiveness of process improvement data, but are at a loss as to how and where to start.

Answer

You posed several questions about ISO 9001 compliance.

1. How is the effectiveness of process improvements measured?

In a service environment there are typically many process characteristics that can be monitored or measured to assess whether the process has been planned and is being carried out under controlled conditions. Without knowing details of your service offering, it is difficult to comment explicitly.

Possible examples of metrics that may be appropriate include on time completion of a project, after-release detected “bugs,” time required to maintain “released” software modules, and etc.

Also, such metrics can be graphed and cost can be tied to each metric so that when process improvements are made, the benefits can be presented to management in management review in terms of the financial benefits of aggressive measuring and monitoring initiatives.

2. What methods of measurement do we use to capture the effectiveness?

See #1 above.

3. Is there a check sheet or report form available that would guide us on how to apply these two requirements?

Any check sheet or form would have to be developed by you to suit your processes.

A few references that would be helpful to you are ISO 9001:2008 Explained, Third Edition and How to Audit the Process-Based QMS.

Charlie Cianfrani
Consulting Engineer
Green Lane Quality Management Services
Green Lane, PA
ASQ Fellow; ASQ CQE, CRE, CQA, RABQSA Certified QMS-Auditor (Q3558)
ASQ Quality Press Author

Here’s more information about ISO 9001.

ISO 9001 Corrective Action Time Window

Schedule, calendar, timeline

Q: We will be audited by a different firm soon to ISO 9001:2008 Quality management systems–Requirements, and I am noticing differences compared to our former auditors.

At the closing of an annual surveillance audit for a three-year certificate if a non-conformance is issued at the closing meeting, what is the expectation of response for:

1. Minor non-conformances

2. Major non-conformances

How many days are expected for the initial response for each?

How many times during the next 12 months should we expect the auditor to come back to the site to verify corrective action for each?

A: Regarding your question about response times for corrective actions, please note the following.

ISO 9001:2008 clause 8.2, Internal audits, does not specify or prescribe any time limits. ISO 9001:2008, clause 8.2.2, only requires the management for the responsible area (process owner) to take corrective action without undue delay. No time limit is identified.

With regard to audit follow up visits — this is strictly dependent upon the registrar or other auditing body. Some auditing bodies will follow up on closed CARs during their next scheduled surveillance audit. This allows enough time to past to evaluate the effectiveness of the corrective action taken.

In most cases, the auditee is required to complete the CAR identifying the root cause and the corrective actions taken to prevent a reoccurrence.

This information is assessed by the auditing body to confirm that a root cause was identified and that action taken match the root cause. This is normally done in the form of a desk review.

Due to the costs involved and other logistics, rarely will any auditing body want to come out to verify each corrective action taken. This is usually something for the internal audit staff to perform as a part of their audit activities.

I hope this helps.

Bill Aston
ASQ Senior Member
Managing Director of Aston Technical Consulting Services
Kingwood, TX
www.astontechconsult.com

ISO Standard Audit and Confidential Information

Reviewing confidential files, training records, human resources files

Q: During an external audit, what records are we allowed to keep confidential – e.g. human resources records? Certain records pertaining to new business leads or accounting matters? Specifically, my question is related to audits to the ISO 9001:2008 Quality management systems–Requirements and ISO 13485:2003: Medical devices — Quality management systems — Requirements for regulatory purposes standards.

 A: The “scope” of any audit is the quality management system (QMS) as found in the ISO standard for quality management. Areas such as finance, marketing plans, sales goals, and other business related topics are not part of a QMS audit.

It should be understood that during the audit, potential areas of conflict between the auditor and auditee might exist. The most common is when the auditor wants to see training records and the auditee claims them to be a confidential part of HR records. The auditor need to be a diplomat here and explain that only the training record is needed and not the entire HR record.

Also, it is not uncommon for the auditee to require the auditor to sign a non-disclosure agreement stating that the auditor(s) will keep everything observed during the audit confidential between the parties.

Again, the scope of the audit, usually agreed to ahead of time, is the QMS — not any business related matters.

Jim Werner
Voting member to the U.S. TAG to ISO TC 176
Medical Device Quality Compliance (MDQC), LLC.
ASQ Senior Member
ASQ CQE, CQA, RABQSA Lead QMS Assessor

What is ANSI/ISO/ASQ Q9001:2008?

ISO documentation practices, requirements

Q: Is there any difference between ANSI/ISO/ASQ Q9001:2008 and ISO 9001:2008? Is it just semantic, or is it ASQ’s take on ISO 9001:2008 Quality management systems–Requirements?

A: They are exactly the same and can be referred to interchangeably. Because of our involvement in developing the standard, we are able to sell it to our ASQ members at a discounted price —

ASQ: $97 members, $121 list

ANSI: $142

ISO: $134 [(or 122 Swiss Franc) e-version]

*prices as of 3/29/2012

ASQ is the only place to get this discounted, identical American national adoption of the international standard.

The ANSI designation shows it has been adopted as an American National Standard (ANS), and that U.S. experts believe the standard is a good one and should be followed by the U.S. Since ASQ is the administrator of the group (known as a Technical Advisory Group/TAG in the standards development world) that develops ISO 9001, we are the only organization allowed to put its name in the designation. ASQ is a member of ANSI and is accredited by them to be a standards-developing organization.

ASQ Standards Development Team

Those interested in purchasing the current standard revision may do so here.

Value and Benefits of ISO 9001

Q: My company is struggling with the decision to spend any more money on the ISO 9001:2008 Quality management systems–Requirements registration.  How many of our peers believe that the continuation of this certification is worth the cost? I have been trying to find statistics on the number of revised certifications that have been accomplished since the release of the 2008 version and am finding that there is little to no information available.  This leads me to think that the whole agenda has been identified as not a worthwhile cost effective exercise and companies are dropping out of the program.

Does ASQ have any relevant information regarding the “added value” of certification?  I have proposed to my management that the money spent on certification and all the wasted effort to make some auditor happy is not in the best interest of the company and would like your feedback on this position.  I watch as we struggle for 1.5 months before the dreaded audit to make it look like we are compliant, watch the auditor fumble around looking for some minor discrepancies that will make it look like he was worth having in for tea and crumpets and then watch the organization sigh a big relief when we get away with the lack of compliance or caring about compliance for the next two years, as the real task is making money and not wasting time meeting perceived compliance to perceived “requirements”.

The Toyota debacle makes it hard for me to even stand in front of my peers and preach this as useful.  It is clear that the bottom line is dollars and the need to support compliance to some document is merely wasteful effort that has been passed over like all the other historical (hysterical) quality programs—zero defects, statistical process control, total quality management. What do you say?

A: I would like to answer your questions in three part harmony. First of all, I’ll mention a brief history of ISO. Much of this you will be familiar with but it helps to reaffirm the legitimacy of ISO as an international organization rather than just an abbreviation for a place to throw your money. Second, I will express a few of the many benefits of ISO certification. Finally, I will share my own perceptions. Things I have personally witnessed resulting from ISO certification.

History-benefits-perceptions are a three-part harmony which can improve organizations and strengthen communities.

I would like to share a bit about ISO – What it is, as well as what it is not.

So what is ISO?

First of all, let’s consider the letters “ISO.” Because the “International Organization for Standardization” would have different abbreviations in different languages (Like IOS in English, or OIN in French for Organisation International de Normalization), it was decided at the beginning to use a word derived from the Greek isos, meaning “equal.” Therefore, whatever the country, whatever the language, the short form of the organization’s name is always ISO.

ISO is a network of the international standards institutes of 162 nations with a Central Secretariat in Geneva, Switzerland that coordinates the system. The ISO organization officially began in February 1947. ISO is not a governmental organization. It is not like the United Nations System with delegations of national governments. So, although many of ISO’s members are part of the government structure of their countries the members have their roots in industry and the private sector.

Also, ISO is not a quality standard. That is, ISO isn’t a tolerance level we must make parts to. It is not a high quality standard we must meet just to stay in business.

ISO 9001 refers to a type of ISO standard. ISO 9001 is concerned with “quality management.” This means what the organization does to enhance customer satisfaction by meeting customer and any regulatory requirements and to continually improve its performance in this regard.

ISO implementation in any organization introduces the many values of team work as well. I realize those bits of history can seem a bit lengthy but it is of extreme importance to recognize the time and combined efforts put in by so many individuals from so many nations. It is that dedication which helps to make the ISO Standards as useful and beneficial as they have become.

With regard to benefits, the positive reports are almost endless. I will share just a few of which come from reliable sources such as Dun and Bradstreet, Dallas Business Journal, manufacturingnews.com and others.

Simply noted, ISO certified companies reap:

The effect of ISO 9000 certification on financial perfomance

-Improved consistency of service and product performance
-Higher customer satisfaction levels
-Improved customer perception
-Improved productivity and efficiency
-Cost reductions
-Improved communications, morale and job satisfaction
-Competitive advantage and increased marketing and sales

D&B notes:

-85% of registered firms report external benefits
-Higher perceived quality
-Greater customer demand
-95% report internal benefits
-Greater employee awareness
-Increased operational efficiency
-Reduced scrap expense

Other reports note:

-30% reduction in customer claims
-95% improvement in delivery time
-Reduced defects from 3% to 0.5%
-40% reduction in product cycle time
-International acceptance and recognition
-Estimated return on Investment for companies with consistent compliance have been reported +30% to +600%

I could go on with statistics but I am sure you can research and find many more such positive reports. Therefore I will turn now to third member of the harmony I mentioned. That is perception.

The various feedbacks noted above show all of the remarkable “exterior” perceptions. Increased business, customer satisfaction, less downtime, etc. So I will take a moment to mention some things about “internal” perceptions.

It is said that changing a culture can take from several years. Introducing ISO into an organization is indeed introducing a new culture. Individuals are encouraged to do some things they did not and to change some of the habits they have formed.

It has been my experience, with several companies, that the culture change associated with ISO implementation is multilayered. The first and most obvious benefit is quality awareness. The most experienced machinists, fabricators, administrators, all employees suddenly take acquire an appreciation for quality which they did not have, no matter how good they may have been. This quality awareness does not fade away easily. Even those who offer strong resistance to change learn to respect and very much appreciate all the practical value in a good quality management system.

ISO certification does not ensure success. It does not ensure profit. Nonetheless, I have seen companies with little to no quality system grow to be world class quality organizations with the guidance of a strong ISO based QMS.

If failure is experienced, it can be due to lack of understanding on the part of management. They may have failed to act or provide preventive actions when needed. People are often interested in quick and simple solutions and are not willing to practice even simple self-dicipline. Most often, the greater portion of their interests are in getting a certificate to hang on the wall of their office and an addition to their letter head.

I firmly believe, and have witnessed with my own eyes, that following the ISO Standards in implementing a quality management system results in satisfied customers, repeat business, increased profits, satisfied employees and continual improvement. That three part harmony, history-benefits-perceptions, when joined with top management commitment can lead to another benefit not yet mentioned. That is pride.

Bud Salsbury
ASQ Senior Member, CQT,CQI

Related Content: 

No Joking Matter, Quality Progress
Research analyzes management systems standards and the implications for managers and auditing bodies.  Read more.

Ask A Librarian

 

ISO Documentation Practices; Difference Between Record and Document

 

ISO documentation practices, requirements

Q: Is there a published ISO standard for good documentation practices (e.g., crossing out an error with a single line and initialing and dating; striking through a blank space)?

Thank you.

A: Your question has two parts:

1) Is there a standard?

2) Does it cover the specific practice you cited?

The answers are “yes” and “no.”   🙂

About a decade ago, the ISO Technical Committee (TC) 176 on Quality Management and Quality Assurance started work on a documentation standard. There was (and still is) much confusion in the world about what kind of documents were expected and what should go into them. Of course, most didn’t want to take the time and energy to understand the purpose of documents, much less describe their practices in a site-specific manual. How sad. The output of the ISO/TC 176 work was a Technical Report: ISO/TR 10013:2001 – Guidelines for quality management system documentation. Frankly, however, I do not think it will address your question.

First of all, documents and records are often confused. Even though the ISO terms and definitions standard (ANSI/ISO/ASQ 9000:2005 Quality management systems — Fundamentals and vocabulary) parks them both under the word document, it is good practice to always think document=before, and record=after.

In other words, a document tells us what to do. A record tells us what was done. Many people, not understanding this principle, have actually tried to place records under configuration control!

The record-keeping practices you cited — crossing out an error and marking in a blank space — have their origin in the early military practices of the 1950s! Back then, there were no computers, internet or even ISO standards. There was also much more falsification of information back then, as we treated the workers with little or no respect.

The practices you cite were attempts to make sure that the data entered on a record wasn’t changed. Those practices just kind of hung on for half a century. In my 40 years in the quality profession, I have never seen these “rules” written down in an external document, like a regulation or standard or policy. Sure, individual organizations have required these practices through their local Standard Operating Procedures, but I am pretty sure they are not published in higher-level documents.

With automation and networking, records are becoming much more virtual. Paper records are becoming a thing of the past. Security and protection of those electronic records is a much bigger problem than when they were all on dead trees.

Follow-up from expert: Doing some further research (for an upcoming class), I discovered that ISO/IEC 17025:2005 General requirements for the competence of testing and calibration laboratories, contains a clause about records correction, 4.13.2.3. In general, the clause says all alterations must be visible (not erased, blacked out, or deleted), and all changes must be signed or initialed by the person making the change. Equivalent measures should be taken in the case of electronic records.

I don’t know why I didn’t think of this standard earlier, however, my earlier remarks about this coming from the 1950s practices B.C. (before computers) still stand.

Dennis Arter
ASQ Fellow
The Audit Guy
Columbia Audit Resources
Kennewick, WA
http://auditguy.net

ISO 9001 Implementation Guidance

The effect of ISO 9000 certification on financial perfomance

Q: I am directing a ground floor implementation effort to become certified to the ISO 9001:2008 Quality management systems–Requirements. I work for a small manufacturing company (less than 20 employees). Is there a quality management system (QMS) or ISO template product that I could use to help guide this process? Something with generic formats and outlines that I could customize and populate with our information. Or do I need to create from scratch all QMS and ISO supporting documents?  In practice, we currently have no documentation. I have ordered some resources from ASQ (see below). Is this a good start or can you recommend some other resources?

A: Please navigate these waters carefully.  There are several “do it yourself” type packages out there. Unfortunately, many of them don’t go far enough to provide a functional system unless the end user already has a thorough working knowledge of quality management systems (QMS). Therefore, as a quality professional, I hesitate to recommend this approach.

In order to establish an ISO 9001:2008 QMS capable of obtaining third-party certification, you will need to prepare a quality manual, a quality policy, define your organizations quality objectives, develop the six required QMS procedures, which as a minimum include:

1.    Control of documents
2.    Control of records
3.    Control of nonconforming product
4.    Internal audits
5.    Corrective actions
6.    Preventive actions

The reference books that you have already ordered from ASQ should contain some examples of the documents mentioned.  Once these QMS documents are established, you will need to orientate the organization to the requirements of the QMS, explain how each employee contributes to achieving the quality objectives, and ensure that the quality policy is communicated throughout the organization and is understood.  An internal audit will also be required to assess the effectiveness of the QMS once it has been implemented.

A management review will be required to ensure that top management is aware of input items mentioned in ISO 9001:2008, clause 5.6.2 and that they take action as needed to ensure the effectiveness and continual improvement of the QMS. These items should be completed prior to scheduling your registrar’s onsite pre-assessment for certification.  We wish you every success with your QMS project.  Please contact us if you would like to discuss this matter in more detail or require any support.

Bill Aston
ASQ Senior Member
Managing Director of Aston Technical Consulting Services
Kingwood, TX
www.astontechconsult.com

ISO 9001 Quality Manual

ISO documentation practices, requirements

Q: My small company is forcing me in the direction of using flowcharts to specify ISO standards. With their many branch statements, they are convoluted and confusing. I prefer plain, simple English. But my question is: is it ok to use flowcharts to specify ISO 9001 standards?

A: Actually, as long as you do not intend to become registered (also called certified), you can – and probably should – implement the ISO 9001:2008 Quality management systems–Requirements standard any way you want! I happen to like flowcharts, as long as they are limited to one page and fewer than a dozen boxes.

But if you intend to become registered, the registrar you choose will always require you to explain how you are implementing the concepts contained in ISO 9001.  Most firms choose to call this explanation document a quality manual. You do not repeat the words in the ISO 9001, rather you say how you intend to implement the concepts locally. A manual should be site-specific and about 50-60 pages. Some have written them in 20 pages.

Once you have the framework (manual) in place for the system, then you need to write procedures for the processes. Remember, procedures are job performance aids for an already-trained and qualified person. They should be about five to six pages, since the individual already knows how to perform the tasks.

The powers that be in your company want these procedures to be in the form of flowcharts. That’s OK, as long as you have explained this in your manual. The registration company accepts your manual before they ever send an auditor to your site. If they have accepted your description of flowcharts instead of procedures, then the auditor must accept that approach.

The whole point is to provide information to the person doing the job in a way that is useful. Written standard operating procedures (SOPs), or flowcharts, or pictures. It is the implementation that matters.

Dennis Arter
ASQ Fellow
The Audit Guy
Columbia Audit Resources
Kennewick, WA
http://auditguy.net

Example Quality Manual

Need to write a quality manual that conforms to ISO 9001:2008? Download an example quality manual from the ASQ Knowledge Center and read about how to create one!

ISO 9001 Procedure Vs. Process

Mr. Pareto Head and procedures

Q: I‘m seeking clarity and advice on a recent incident  I was informed about.

An organization I am very familiar with and is fully certified to ISO 9001:2008 Quality management systems–Requirements (with no exemptions) recently had a new external auditor come in to conduct a certification audit.

While continued certification was recommended, a number of small areas of concern were noted.

I understand that most of the recommendations will improve the system, but one recommendation has caused me some concern.

A bit of history of the QMS of this organization:

This company originally gained certification under ISO 9001:2000 and has transitioned to ISO 9001:2008.  They have a very robust quality management system (QMS), have clearly identified their processes, and have mapped their procedures to these various processes.  They have implemented a rigorous internal audit program which has targeted these procedures and their interrelationship with the various processes.

My problem is that the report for this recent certification audit stated that under 8.2.2 of the standard, in order to ‘gain’ full certification to ISO 9001:2008, they have to conduct process audits rather than procedural audits, or their certification could be at risk.  This has caused some angst with senior management, as their previous certification body was happy with their implementation of the standard.

8.2.2 b: Internal audit

“An audit programme shall be planned, taking into consideration the status and importance of the processes and areas to be audited…”

I can see no mandatory requirement in 8.2.2 to support the statement that process audits have precedent over procedural audits as long as the status and importance of the processes are taken into consideration.

My understanding would be that the requirements of 8.2.2 would be met if the organization’s processes are clearly identified and its procedures and their interrelationships are mapped to the processes and it can be clearly identified during the audit that process requirements are being addressed with the procedures.

Obviously if it can be shown that the processes are not adequately covered, then that must be addressed. But I do not believe this is the case here.

Your advice would be greatly appreciated.

A: I hope to answer your questions about process vs. procedure  in ISO 9001:2008. I will offer several different definitions.  This is not to confuse you, but to help you see how different people deliver the same message while using different words.

We will begin by trying to recognize just what a procedure is. You can have any number of procedures within a process.  That means, a process requires one or more procedures. You take actions to get results.  The actions you take are your procedures.

I once read it this way on the internet: procedures / actions / activities / work instructions all describe the lowest level of decomposition, i.e.: the procedure cannot be broken down further.

A process is “something going on.” It is a continuing natural or biological activity or function.

A process is a series of actions or operations conducing to an end. It is a continuous operation or treatment, especially in manufacturing.

A procedure is a particular way of accomplishing something. This is also defined as a series of steps in a regular definite order; a traditional or established way of doing things.

While the two could sound similar, they are clearly not the same thing.  A process refers to a series of actions, but does not place a particular order on those actions.

Procedures however, are focused on steps, order and instruction. As the author Mark McGregor once wrote, “We can see that while a process may contain order, it does not require order to be a process. If we take away the order from procedure, then we don’t have a procedure, but we may still have a process.”

You are not alone in your questioning of this. It is like the ongoing controversy over continual vs. continuous in the quality arena.  However, the distinction between a process and a procedure should be more clear to you after reading above.

Now, let’s consider why. Why is 8.2.2 worded the way it is?  I think the most simple way to put it is this: in the past, it was not uncommon for internal audit teams to concentrate on element auditing. That is, they audited the verbiage of the documented procedures to see if they complied with that of the standard.

Each individual company has their own processes.  It is through those processes, those actions, that you would comply with the intent of the standard.  The value of controlling and improving on those processes is reflected in your audits.

Input -> Process -> Output

So, it does not matter how you word things. The product audit (or service audit) determines if tangible characteristics and attributes of a thing are being met. A process audit determines whether process requirements are being met. During the process audit, the auditor will examine an activity or sequence of activities to verify that inputs, actions, and outputs are in accordance with an established procedure, plan or method.

By now, you have seen a pattern to all the words above.  My intention was not to muddy the waters further, but to help you recognize why so much light has been shined on process activities. To  “do what you say you do” requires having documented procedures and following what they say.  Doing all of this in an efficient and a profitable manner requires process control.

Finally, if you haven’t already done so, I strongly suggest that you acquire a copy of The Process Auditing & Techniques Guide by J.P. Russell.  This is a good guide you can order through ASQ and it can help with setting aside some of your concerns and answer questions.

I hope this has been helpful.

Bud Salsbury
ASQ Senior Member, CQT,CQI

Ask A Librarian