Tag: ISO 9001

ISO 9001 Implementation Guidance

The effect of ISO 9000 certification on financial perfomance

Q: I am directing a ground floor implementation effort to become certified to the ISO 9001:2008 Quality management systems–Requirements. I work for a small manufacturing company (less than 20 employees). Is there a quality management system (QMS) or ISO template product that I could use to help guide this process? Something with generic formats and outlines that I could customize and populate with our information. Or do I need to create from scratch all QMS and ISO supporting documents?  In practice, we currently have no documentation.

A: Please navigate these waters carefully.  There are several “do it yourself” type packages out there. Unfortunately, many of them don’t go far enough to provide a functional system unless the end user already has a thorough working knowledge of quality management systems (QMS). Therefore, as a quality professional, I hesitate to recommend this approach.

In order to establish an ISO 9001:2008 QMS capable of obtaining third-party certification, you will need to prepare a quality manual, a quality policy, define your organizations quality objectives, develop the six required QMS procedures, which as a minimum include:

1.    Control of documents
2.    Control of records
3.    Control of nonconforming product
4.    Internal audits
5.    Corrective actions
6.    Preventive actions

The reference books from ASQ should contain some examples of the documents mentioned.  Once these QMS documents are established, you will need to orient the organization to the requirements of the QMS, explain how each employee contributes to achieving the quality objectives, and ensure that the quality policy is communicated throughout the organization and is understood.  An internal audit will also be required to assess the effectiveness of the QMS once it has been implemented.

A management review will be required to ensure that top management is aware of input items mentioned in ISO 9001:2008, clause 5.6.2 and that they take action as needed to ensure the effectiveness and continual improvement of the QMS. These items should be completed prior to scheduling your registrar’s onsite pre-assessment for certification.  We wish you every success with your QMS project.  Please contact us if you would like to discuss this matter in more detail or require any support.

Bill Aston
ASQ Senior Member
Managing Director of Aston Technical Consulting Services
Kingwood, TX
www.astontechconsult.com

For more on this topic, please visit ASQ’s website.

ISO 9001:2008 Impact on ISO 13485:2003

ISO 13485, medical devices, medical device manufacturing

Q: Why does Annex B of ISO 13485:2003: Medical devices — Quality management systems — Requirements for regulatory purposes address ISO 9001:2000?

Shouldn’t it be ISO 9001:2008 Quality management systems–Requirements?

A: ISO 9001 is “controlled” by Technical Committee (TC) 176 while ISO 13485 is “controlled” by TC 210. They are two separate, independent technical committees that write and revise standards.

ISO 13485:2003 is founded on ISO 9001:2000, with additional requirements added for the medical device industry. In other words, ISO 13485:2003 is ISO 9001:2000 (but with the requirement for “continual improvement” removed) and additional requirements for the medical device industry

When TC 176 revised ISO 9001 in 2008,  TC 210 decided not to make a change to ISO 13485 because ISO 9001 requirements didn’t change substantially.   It is important to note that many governments such as Health Canada have adopted ISO 13485:2003 as their law or have their medical device law based on 13485:2003. Many medical device companies today get ISO 13485:2003 registered and have dropped ISO 9001:2008 altogether as not being necessary.

By the way, TC 210 issued a technical corrigendum to ISO 13485:2003 in August of 2009 correcting its reference to “ISO 9001” to “ISO 9001:2000” to make this clear.

Jim Werner
Voting member to the U.S. TAG to ISO TC 176
Medical Device Quality Compliance (MDQC), LLC.
ASQ Senior Member
ASQ CQE, CQA, RABQSA Lead QMS Assessor

For more on this topic, please visit ASQ’s website.

ISO 9001 Quality Manual

ISO documentation practices, requirements

Q: My small company is forcing me in the direction of using flowcharts to specify ISO standards. With their many branch statements, they are convoluted and confusing. I prefer plain, simple English. But my question is: is it ok to use flowcharts to specify ISO 9001 standards?

A: Actually, as long as you do not intend to become registered (also called certified), you can – and probably should – implement the ISO 9001:2008 Quality management systems–Requirements standard any way you want! I happen to like flowcharts, as long as they are limited to one page and fewer than a dozen boxes.

But if you intend to become registered, the registrar you choose will always require you to explain how you are implementing the concepts contained in ISO 9001.  Most firms choose to call this explanation document a quality manual. You do not repeat the words in the ISO 9001, rather you say how you intend to implement the concepts locally. A manual should be site-specific and about 50-60 pages. Some have written them in 20 pages.

Once you have the framework (manual) in place for the system, then you need to write procedures for the processes. Remember, procedures are job performance aids for an already-trained and qualified person. They should be about five to six pages, since the individual already knows how to perform the tasks.

The powers that be in your company want these procedures to be in the form of flowcharts. That’s OK, as long as you have explained this in your manual. The registration company accepts your manual before they ever send an auditor to your site. If they have accepted your description of flowcharts instead of procedures, then the auditor must accept that approach.

The whole point is to provide information to the person doing the job in a way that is useful. Written standard operating procedures (SOPs), or flowcharts, or pictures. It is the implementation that matters.

Dennis Arter
ASQ Fellow
The Audit Guy
Columbia Audit Resources
Kennewick, WA
http://auditguy.net

For more on this topic, please visit ASQ’s website.

What’s the Difference Between ISO 9001 and ISO 19011?

Reporting, best practices, non-compliance reporting

Q: What is the difference between the ISO 9001:2008 and ISO 19011:2011 literature on your web site? Please provide a detailed explanation and their use.

A: I can see where the confusion might arise, as the numbers are very similar! But the contents are quite different.

ISO 9001 Quality management systems–Requirements is the mother of all quality management systems. It lays out the minimal requirements for an acceptable way of managing your business for quality. In the beginning, it was developed as a requirements document to lay on your suppliers. Then it became the foundation for registration (other countries might call this certification) of your own management approach to quality. About a decade ago, various business sectors – aerospace, automotive, medical devices, laboratories, etc., all used the ISO 9001 document as the base for their specific approaches. They didn’t take anything away, but added additional requirements. By far, the greatest use today is for registration/certification. This is somewhat sad, in that the standard itself is a beautiful way of managing the resources within the enterprise. Registration can get quite bureaucratic and not worth the expense.

ISO 19011:2011 Guidelines for the auditing management systems is the international auditing standard (my specialty). It was first developed as a means to get all the various registration agencies around the world to do their audits in a consistent manner. It also had support from the multinational companies that had factories – and thus registrations – all around the world and often with different cultures. Norms in Canada are not the same as China! Unfortunately, this registration emphasis in the standard made it somewhat hard for internal auditors and supplier auditors to use it. Plus, there is no requirement to use the standard, other than within the registration industry.

For these reasons, the U.S. wrote a supplement for the 2002 version of this standard, giving guidance on how to use the principles for internal audits and small organizations [note: development is underway to offer similar supplements for the ISO 19011:2011 version  — anticipated end of 2012/early 2013.]. ASQ is the only place to get this version, which  includes the supplement, along with the base document. As this auditing standard was revised, it picked up environmental auditing and safety auditing in the scope.

Dennis Arter
ASQ Fellow
The Audit Guy
Columbia Audit Resources
Kennewick, WA
http://auditguy.net

Is ISO 9004:2009 an Implementation Guide?

ISO documentation practices, requirements

Q: I am looking to purchase the latest ISO 9001:2008 Quality management systems–Requirements. However, in the past, ISO 9004:2000 Managing for the sustained success of an organization — A quality management approach,  included the ‘requirements’ of ISO 9001 in boxes as a reference in ISO 9004 (used for implementation assistance). Is that still the case? I would much rather buy the revision, ISO 9004:2009 if the ISO 9001 requirements were in the standard…it’d be one less standard to have around.

A: We have consistently promoted the concept that ISO 9004 is NOT an implementation guide to ISO 9001. It is designed to provide guidance to organizations that desire to go beyond meeting minimum requirements towards achieving higher levels of performance.

There is much that is required of organizations today to sustain themselves and the next edition did try to focus on addressing issues that were essential to sustainability, perhaps at the expense of revisiting the old ground of content related to 9001 compliance which, by now, have become well understood by many organizations.

So, ISO 9004 is about going beyond ISO 9001. ISO 9004 is still consistent with ISO 9001, but it places more intensity on going beyond and less on hard line-by-line congruence.

Charlie Cianfrani
Consulting Engineer
Green Lane Quality Management Services
Green Lane, PA
ASQ Fellow; ASQ CQE, CRE, CQA, RABQSA Certified QMS-Auditor (Q3558)
ASQ Quality Press Author

For more on this topic, please visit ASQ’s website.

Merging With a Non-ISO 9001 Certified Organization

Reporting, best practices, non-compliance reporting

Q: My federal agency is comprised of many different internal organizations. We have a scenario where a recently certified organization to the ISO 9001:2008 Quality management systems–Requirements is planned to be merged with a non-certified organization that has no type of management system. The certified organization’s certification runs for three years but it will be more closely integrated with the non-certified organizations. Will the merger affect the certified organization’s certification? Do you have any insights on how these types of occurrences typically affect the management system itself when an organization that is certified for 100% of its operations now becomes 50% of a larger organization? It’s quite likely that the certified organization’s name will change at least in part.

A: With regard to your question, if company “A” is already ISO 9001:2008 certified and is now being merged with a non-certified company here’s what should be considered.  First, the current ISO certification is only applicable to company “A” as defined in the scope of the quality manual as well as on the ISO 9001 certification issued by the ISO registrar.

Your ISO registrar needs to be immediately informed of changes effecting the company name, top management and/or processes.  The registrar may very likely require the newly merged companies to be reevaluated for ISO certification and listed under one ISO certification.

Most ISO registrars will not issue ISO certification for just a portion of a company.  All processes that comprise the quality system must be identified and included as a part of the QMS unless specific exclusion is stated in the quality manual as permitted by ISO 9001.  The management representative will need to ensure that top management is aware of how this merge may affect the current QMS so effective actions can be taken to bring company “B” in line with the established QMS procedures and other ISO requirements.  I hope this helps.

Bill Aston
ASQ Senior Member
Managing Director of Aston Technical Consulting Services
Kingwood, TX
www.astontechconsult.com

For more on this topic, please visit ASQ’s website.

ISO 9001 Management Representative

About ASQ's Ask the Standards Expert program and blog

Q: ISO 9001:2008 Quality management systems — Requirements defines the responsibilities of the management representative (MR). To carry out these responsibilities, the MR needs certain defined authorities. What principle authorities should a MR posses to meet the responsibilities defined? I am a quality manager and I report to the project director, who reports to the CEO. While auditing other directors in the organization, my boss (the project director), requested from me to discuss with him the audit results of other director’s’ audit findings since I am reporting to him. I pointed out that the MR Role is independent and it is not a part of the function of Quality Manager where I report to him.

How can I make it clearer that I need independent authorities to perform the role of the MR?
 
A: Section 5.5.2 Management Representative: defines the appointment and responsibilities of the management representative. He/she is appointed by top management. The implication is that top management can ask for reports on the MR’s responsibilities. A summary of these are:

  • Ensure QMS process are established, implemented and maintained
  • Reporting to top management on performance of QMS and need for improvement
  • Ensure promotion of customer Requirements in the Org.

It is true that management representative responsibilities are not those of the quality manager. But, ISO 9001 does not define responsibilities of the quality manager.

My suggestion is to go to the person who appointed you management representative and ask him if you should provide the information requested.

Sandford Liebesman, Ph.D.
Voting member of the U.S. TAG to ISO/TC 176
ASQ Fellow
Morristown, NJ

For more on this topic, please visit ASQ’s website.