A Guide to Auditing Top Management and the Internal Audit

A Guide to Auditing Top Management and the Internal Audit

Organizations must audit the processes associated with top management as part of an effective internal audit program. These processes include those relating to strategic planning, the establishment of policies and objectives, ensuring effective communication and ensuring the availability of resources.

Auditing top management is often seen as a sensitive issue but by considering each top management activity as a normal organizational process, it becomes much easier to focus on determining whether the outputs of their activities are effective.

How to Audit Top Management

By using a formal risk-based approach to internal audit planning, as required by ISO 9001, auditors have a great opportunity to engage top management in the audit process. By making top management part of the planning process and by giving them ownership of the areas to be audited, the internal audit becomes a valuable mechanism for development.

A good starting point is to copy, into the audit checklist, all requirements from the standard that say ‘top management shall’, almost every clause of section 5 starts with ‘top management shall’ and it’s the auditors job to find if top management ‘did’. The audit checklist must cover the requirements from the following sections:

5.1 Management Commitment
5.2 Customer Focus
5.3 Quality Policy
5.4.1 Quality Objectives
5.4.2 Quality Management System Planning
5.5.1 Responsibility and Authority
5.5.2 Management Representative
5.5.3 Internal Communication
5.6 Management Review
5.6.1 General

During the Internal Audit

When undertaking the internal audit of top management, the auditor should collect and corroborate evidence of top management’s commitment from within the quality management system itself. The auditor should ask how the quality manual addresses management commitment issues and ask how they are accomplished; then, the auditor must find objective evidence that proves it’s actually being done. This method applies to top management as well as the production machinist, and everyone else in the organization for that matter!

If the standard, documented procedures, policies and objectives are audit inputs, then the evidence sampled and the interview statements made by top management auditees are the audit outputs. If the input does not align with the expected output, the auditor simply states this misalignment as a non-conformance whilst providing an audit trail to the supporting evidence.

Final Reporting

Auditors should prepare the internal audit report in a manner appropriate for presentation to top management. It might be necessary to present the executive summary of the audit report directly to the top management and other interested parties within the organization. The executive summary must highlight both positive and negative findings and suggest opportunities for improvement.

Summary

The ISO 9001 internal audit checklist and gap analysis tool is ideal for organizations that require a quick and affordable approach to developing a reliable framework for their own internal audit process.

Download a free internal audit checklist example courtesy of ISO 9001 Checklist:
http://www.iso-9001-checklist.co.uk/internal-audit-examples.htm

Richard Keen ACQI, 18th November 2010

Getting the most out of the Document Control Procedure

Getting the most out of the Document Control Procedure

The ISO 9001:2008 quality management standard requires the implementation of six mandatory procedures. One of these mandatory procedures is the document control procedure (4.2.3) and the other is the record control procedure (4.2.4). The first step in implementing these procedures requires an understanding of the difference between the words `document’ and `record’, as well as the standard’s intent behind their application.

Defining Documents

ISO 9000:2005 Fundamentals and Vocabulary defines a document as being information, such as specifications or procedures and its supporting medium e.g. paper or electronic. The implication is that documents change and naturally evolve as new data replenishes existing data and it is this evolution and distribution that the document control procedure must effectively manage. Remember; information is an organizational asset.

The document control procedure must state how the following requirements are to be realised:

- How documents are approved for suitability prior to use
- How documents are reviewed and updated
- How to identify the correct versions of documents
- How the correct versions of documents will be accessed
- How legibility is ensured
- How external documents are controlled and distributed
- How to prevent unintended use

Defining Records

A record, on the other hand is static as its primary purpose is to capture historical information which does not undergo change. Records capture the results of activities performed in support of the quality management system; including, among others, the outputs from the product realisation process, measurement analysis and improvement processes. They should be considered as a primary source of evidence that proves whether an activity was undertaken in accordance the necessary requirements.

The record control procedure must define the controls needed to:

- Identify and access records
- How records are stored and for how long
- How records are protected in order remain legible
- How records are retrieved for use
- How records should be disposed of

The Document Control Procedure and the Certification Process

Having understood the difference between records and documents, the next important point to keep in mind is the importance of the document control procedure and its relationship to the ISO 9001 certification process. To understand the relationship and the need for a document control procedure, it is important to remember that the last step in the ISO 9001 certification process is the certification body audit. So, what is audited? Obviously, it is the records and documents themselves that are audited. Hence organizations which have made the effort to preserve records and to manage documents will have already taken some vital steps in their certification journey.

Summary

When going for ISO 9001 certification, it is important that the document control procedure ensures that all documents are compliant with Clause 4.2. This function should be an integral part of the quality management system.

Download a free document control procedure example here: http://www.iso-9001-checklist.co.uk/documentation-management-examples.htm

Richard Keen ACQI, 12th November 2010

ISO 9001 Training

ISO 9001 Training

ISO 9001 is a quality management standard which is often implemented by organizations as a means to differentiate themselves from the competition and to carve a larger niche for themselves as quality discerning companies. As a standard which immediately elevates organizational positioning, most organizations seek ISO 9001 certification. But what is revealing, is the fact that while in 2010, certifications hit the one million mark, the percentage increase in ISO 9001 registrations annually is still in single digit numbers, i.e., 8% increase in new registrations compared with 3% increase in 2008 indicates the fact that many organizations are not ready to seek certification (Source: www.iso.org).

Barriers to Certification

What stops these organizations from seeking certification is debatable, but one good guess is the `fear of the unknown’. Anything to do with quality certification, immediately spells processes. Organisations fear non-compliance and the effort required to become compliant. Those organisations which decide to go for certification generally entrust the job to external consultants.
Reliable ISO 9001 Training

Having been in this business for more than eight years, ISO 9001 Checklist believes that any organisation can go for certification and all that is required is the belief that this can be achieved without resorting to costly consultants. Once the organization is convinced that it would like to go for certification, then a simple ISO 9001 training program is all that is required to understand the nuances behind the certification process.

About ISO 9001 Checklist’s ISO 9001 Training Program

The ISO 9001 training program is based on the simple PDCA cycle principle, P- Plan, D- Do, C- Check and A- Act. Planning the quality requirements to produce outputs which will align to ISO 9001 certification is the first stage of the training. With a plan in place, performing day-to-day activities becomes really simple and the training helps to draw up the processes and checkpoints required for certification. The training’s third step involves checking the results and this is the fun part as you actually get to see the results of your work. The last stage is to improve, and act upon those areas which require work.

Therefore, the ISO 9001 training program instead of being a `stand-alone’ set of dictatorial rules is created to align itself to individual organizations. This makes it easy for organizations to identify the necessary steps and processes. More importantly the ISO 9001 training program helps organizations to realise the value of implementing these quality processes, as day-to-day activities become well defined, meaningful and well thought out.

The Effectiveness of Training

It is certain that every element of standard has its own inherent training requirements. The ISO 9001 training requirements should be designed to meet continual improvement in the quality of the end product. The standard emphasizes that employee training and should make them skillful and knowledgeable in performing their roles. Thus, the training modules should be targeted such that all processes meet product specifications and be in accordance with ISO 9001 requirements.

Summary

ISO 9001 Checklist has grown from a project started in 2002 by ISO Auditors and Quality Manager Trainers to freely share their knowledge and experience with the ISO community online. The free ISO 9001 training section is an essential resource for any organization aiming to achieve ISO 9001:2008 accreditation through PDCA.
To learn more about free online ISO 9001 training please visit ISO 9001 Checklist:
http://www.iso-9001-checklist.co.uk/iso-9001-training.htm.

Richard Keen ACQI, 10th November 2010

ISO 9001 and the Quality Manual Template

ISO 9001 and the Quality Manual Template

Clause 4.2.2 of ISO 9001:2008 specifies the minimum content of the quality manual but it does not specify the format and structure. This is a decision that must be made by each organization during the planning and implementation phase and will often depend on the organization’s size, culture and industry. A quality manual template can help by providing a fundamental framework for documenting how an organization meets the requirements of ISO 9001. Without a template, the development of the quality manual can easily lose focus and direction.

Advantages of Using a Quality Manual Template

Many organizations find the task of implementing ISO 9001:2008 difficult as they simply don’t understand where to begin. A quality manual template can make it easy for any organization to prepare a compliant quality manual whilst offering the following advantages:

- Fully editable and customisable
- Viable alternative to using consultants
- Cost effective solution to implementation
- Saves manpower and resources
- Reduce overall development time

Components of the Quality Manual

ISO 9001:2008 provides guidelines of how organizations should endeavour to meet customer requirements and achieve satisfaction by maintaining a consistent quality practice. ISO 9001 has many requirements that, when taken together, provide assurance that a system's output will meet customer requirements. Based on these fundamental requirements, the quality manual template must address, among others, the following:

- How the quality system interacts with business processes
- What the documentation requirements are
- How management responsibility is manifested and communicated
- What the organization’s quality policy is and how it is deployed
- What the organization’s quality objectives are and how they reflect the quality policy
- How resources are managed
- How management reviews are undertaken
- How product realization leads to customer satisfaction
- How product and service provision is planned
- How the organization collects and analyses data
- How non-conformances are addressed
- How corrective and preventive actions are instigated
- How continual improvement is implemented

There is no requirement that changes to the quality manual be reviewed during management reviews but they do need to be reviewed and approved by the relevant personnel specified in your document control procedure.

Summary

Overall, ensure the quality manual template is able to describe how your organization delivers a conforming product or service to your customers. The standard requires it, and the credibility of your ISO 9001 registration demands it. Remember, the output of your quality management system is what matters to your customers!

Please download a free quality manual template example here:
http://www.iso-9001-checklist.co.uk/quality-manual-examples.htm.

Richard Keen ACQI, 8th November 2010

Using your ISO 9001 Audit Checklist

Using your ISO 9001 Audit Checklist

Whether an organization is implementing ISO 9001:2008 or just improving their quality management system, they will undoubtedly need to review and analyse their current systems and processes in order to identify gaps in compliance. Gap analysis requires that organizations review their existing processes, procedures and documentation, etc. The framework for this review technique is often provided in the format of an ISO 9001 audit checklist which many organizations and auditors consider to be an indispensable tool that actively supports the audit process.

The Advantages of the ISO 9001 Audit Checklist

Regular internal audits are carried out to ensure compliance is maintained and the ISO 9001 audit checklist comes in handy for this purpose. This is just one of many tools that are available from the auditors’ toolbox that help ensure the audit addresses the necessary requirements. It stands as a reference point before, during and after the audit process and if developed for a specific audit and used correctly will provide the following benefits:

- Ensures the audit is conducted systematically
- Promotes audit planning
- Ensures a consistent audit approach
- Actively supports the organization’s audit process
- Serves as an aide memoire
- Provides a repository for notes collected during the audit process
- Ensures uniformity in the performance of different auditors
- Provides objective evidence

Structuring the Audit Checklist

One of the simplest methods of structuring the ISO 9001 audit checklist is by taking the applicable requirements from an organization’s policies, procedures and of course, from the standard itself, and turning each requirement into a question. Be sure to include the ‘organization shall’ requirements as well.

Add a section for comments, add check boxes for compliant or non-compliant and you can even add a column to note objective evidence and to provide an audit trial. Each element of the audit process should have customized checklists to serve as documentation outputs from the audit process itself.

This type of approach is primarily utilised by external auditors, including registration and certification body auditors, but the technique can equally be applied by any organization actively seeking to enhance their audit process.

Adding Value to the Checklist

Organizations should assess the potential value that the ISO 9001 audit checklist can bring in helping their audit process to develop. It’s worth remembering that a good checklist is no substitute for an enquiring mind and a good questioning technique.

If an internal auditor uses the checklist to ask narrowly focused questions then little benefit will be derived from the audit. If, on the other hand, the auditors conduct detailed preparation of the requirements of the process they intend to cover during the audit; the checklist then becomes an invaluable output for recording and communicating that preparation work.

Using the ISO 9001 audit checklist should not restrict the scope of audit activities, since that scope may change as a result of information actually collected during the audit. The key to unlocking the checklist’s value is the willingness of the organization to use it as a guide rather than being a slave to it.

Summary

The ISO 9001 audit checklist and gap analysis tool is ideal for organizations that require a quick and affordable approach to developing a reliable framework for their internal audit process.

Download a free internal audit checklist example courtesy of ISO 9001 Checklist:
http://www.iso-9001-checklist.co.uk/internal-audit.htm.

Understanding the ISO 9001 Quality Manual

Understanding the ISO 9001 Quality Manual

The ISO 9001 Quality Manual is a top-level document describing how an organization intends to manage, maintain and improve its quality management system (QMS). At the core of the ISO 9001 quality manual is the quality policy statement. This statement acts as a narrative describing an organization’s approach to achieving customer satisfaction whilst also providing focus and direction to the procedures which must be implemented in order to meet the requirements of ISO 9001:2008.

Structuring the ISO 9001 Quality Manual

Often, it is common to align the structure of the ISO 9001 quality manual with that of the ISO 9001 standard itself, but this ‘belt and braces’ approach is not always necessary. Conversely, a four page quality manual may do little to inspire confidence that your quality management system has the necessary elements to be truly effective.

As long as the quality manual clearly shows how the quality management system processes interact, and at the highest level, what policies and methods are established to maintain and control those processes, an auditor is less worried about the structure of the manual.

Don’t try to structure the ISO 9001 quality manual to suit an external auditor’s expectations, this is the wrong approach. It is not for external auditors to ‘agree’ with the structure of the quality manual, instead, they must simply determine whether the manual’s content complies with the requirements of the standard.

The ISO 9001 quality manual undertakes the essential role of formalising and communicating the relationship between the organization’s processes. Everyone expects something different from their quality manual but as long as it meets the stated requirements of ISO 9001 as well as organizational needs, the question of structure becomes irrelevant.

Who uses the Quality Manual?

Customers want to understand how your organization and more importantly, how your quality management system will take care of their needs. They want to know that you know how to plan, implement, and control the processes that will deliver satisfaction.

Auditors want to know how the organization meets the requirements of the standard, and if the system is effective in achieving the objectives. If the requirements of the standard are addressed in the manual, along with some details of the method, then auditors can use the manual as a guide to help them find the evidence they need.

Management and other users should be able to see from the manual how the organization’s quality management system is designed to work. It should show how the processes of the system interact.

Amending the Quality Manual

Amendment of the quality manual or procedures should be initiated by the departmental heads as and when the need for amendment becomes apparent. The amendment should be approved by an authorised signatory before the actual changes are implemented.

It is not a requirement to wait for a formal management review prior to amending the documentation. If major changes must be made to key documents, such as the quality policy or quality objectives, it is prudent to include these for inclusion during the management review process.

Summary

The Quality Management Representative is responsible for developing the ISO 9001 quality manual with a clear understanding of the organization’s vision, mission, goals, key objectives, policies and procedures needed to achieve certification.
Download free quality manual examples here:
http://www.iso-9001-checklist.co.uk/quality-manual-examples.htm

Understanding the Document Control Procedure

Understanding the Document Control Procedure

ISO 9001:2008 Clause 4.2.3 outlines the requirements for an effective document control procedure to manage the flow of information that might impact an organization’s ability to deliver a compliant product or service. Documents are considered by ISO 9000:2005 as ‘information and its supporting medium’. It implies that documents evolve as information is superseded and that this natural transition must be managed to ensure personnel have access to the latest versions of drawings and specifications, etc.

The Value of Controlling Documents

An organization’s ability to store, index, access and retrieve the right information efficiently and effectively is paramount if the organization is to continually improve its products or services. The ability to deliver reliable and relevant information underpins the delivery of high-quality products or services when information is accurate, up to date and accessible for use where needed.

The majority of non-conformances arising from both quality management system audits and registration audits continues to be the ineffective application of Clause 4.2.3. Discontinuity is often discovered in the documentation because auditors will focus on the continuity and flow of information through the system. Inconsistencies will hinder the prospects of a successful registration audit since the success of the audit is determined by the availability of documented information.

Getting the most out of your Document Control Procedure

In order to comply with the document control clause, it is essential that all personnel understand what type of documents should be controlled and more importantly, how this control is exercised. To get the most out of your document control procedure, it must communicate the steps necessary to ensure that staff and other users of the organization’s documentation understand what they must do in order to manage that information effectively and efficiently.

Your document control procedure should specify how the following controls will be achieved:

- How documents are approved for suitability prior to use,
- How documents are reviewed and updated,
- How to identify the correct versions of documents
- How the correct versions of documents will be accessed,
- How legibility is ensured,
- How external documents are controlled and distributed,
- How to prevent unintended use

Document Control Responsibilities

Departmental managers should always be responsible for promoting good document and record management practices in their area whilst supporting overall compliance to the document control procedure.

Individuals and their line managers should be responsible for the documents and records that they create, as well as being responsible for their retention and disposal in line with legislative requirements and organizational procedures and practices.

Summary

The Quality Management Representative should be responsible for providing advice and guidance on the application of the document control procedure. They should also instigate training in relation to document and record management and take the lead role in the co-ordination and monitoring of compliance throughout the organization.

Download a free document control procedure example here: http://www.iso-9001-checklist.co.uk/documentation-management-examples.htm

The Power of the ISO 9001 Checklist

The Power of the ISO 9001 Checklist

When making any purchase decision, a major concern is the quality of the product. It is vital to know whether a supplier or contractor is capable of delivering a product that will meet customer expectations. It is not always possible to opt for pre-dispatch inspection; also, the pre-assessment of a supplier’s quality capabilities may incur extra cost. This is especially true in the case of overseas suppliers. To overcome this uncertainty; many organizations operate universally accepted quality assurance system such as ISO 9001 where inspection checklists are commonly used to demonstrate and communicate evidence of conformity.

Why use a Checklist?

In general, a simple checklist is an ideal tool that helps to identify missed activities while performing a task and often, the success of a task relies on a task-oriented checklist. In fact, for any process to operate smoothly and to yield benefits to product quality; the process requires a comprehensive checklist covering a pre-determined set of requirements.

A common fallacy exists that becoming ISO 9001 certified is a complex task and that the implementation of a quality management system distracts from the every day running of a business. An ISO 9001 checklist makes implementing a quality management system a much more simple process since the ISO 9001 checklist doubles as a gap analysis tool.

Preparing the ISO 9001 Checklist

It is always preferable to prepare the ISO 9001 checklist yourself since you will get better understanding of how the requirements apply your business processes. Some requirements of ISO 9001 may not be applicable to your organization, such as clauses from section 7 – Product Realisation, can therefore be excluded from the ISO 9001 checklist. Ensure that all applicable requirements are covered by the ISO 9001 checklist by:

- Identifying the relevant requirements from ISO 9001:2008.

- Converting each requirement into question, e.g. ‘does the organization have a documented quality policy?’ (Clause 4.2.1a)

- Gathering evidence to validate ‘yes’ answers.

- Taking action to remedy ‘no’ answers in order to fill a compliance gap.

This method of preparing the ISO 9001 checklist and subsequent interrogation of the quality management system is very similar to the method undertaken by certification body auditors when assessing an organization’s compliance to the standard.

What Records are Required?

According to ISO 9001:2008; there are 21 different records that are required to be maintained for various clauses throughout the standard. The checklist of these records should be included in the main ISO 9001 checklist for ease of reference during audits. Include any other records necessary to demonstrate process conformance. When referring to records within the ISO 9001 checklist, it is essential to note document title or document number of each record to avoid confusion later.

Summary

Download a free internal audit checklist example courtesy of ISO 9001 Checklist:
http://www.iso-9001-checklist.co.uk/internal-audit.htm

The ISO 9001 checklist and gap analysis tool is ideal for organizations that require a quick and affordable approach to assessing compliance with the requirements of ISO 9001. It provides an invaluable framework for internal auditors.

Adding Quality to your ISO 9001 Quality Manual

Adding Quality to your ISO 9001 Quality Manual

Every customer expects value for money when purchasing any product, and in accordance with this; organizations understand that operating an efficient quality management system will help to ensure these expectations are realised. It is therefore no surprise that your ISO 9001 quality manual is at the heart of any effective quality management system.

By acting as a centralised resource for information such as policies, objectives and procedures, the ISO 9001 quality manual demonstrates an organization’s approach to delivering customer satisfaction.

Who uses your ISO 9001 Quality Manual?

The ISO 9001 quality manual contents will be directly relevant to employees, whilst other sections will be more relevant to corporate customers, business partners or internal and external auditors.

The quality manual reveals how the requirements of ISO 9001:2008 are implemented by acting as a central resource that demonstrates how an organization’s processes interact and how those processes are controlled in order to deliver customer satisfaction.

The quality manual is also useful in helping to communicate management's approach to the application and incorporation of quality management principles into the organization’s daily activities.

What must be Included in your Manual?

ISO 9001 requires an organization to compile an ISO 9001 quality manual in order to define how each requirement of the standard will be applied. The latest version of ISO 9001:2008 provides a generalised framework that outlines how an organization should set about the task of meeting customer requirements and achieving satisfaction. Based on this standard, the ISO 9001 quality manual should address the following:

- the scope of the QMS
- details of and justification for any exclusion or non-application
- references to the documented procedures
- a description of interaction between the processes of the QMS
- an outline of the structure of the documentation used in the quality management system

What can be Excluded from your Manual?

It is essential to look into the permissible exclusions allowed by the standard when preparing your ISO 9001 quality manual. All the exclusions must be properly documented within the manual by giving appropriate justification. Exclusions from section 7 - Product Realisation, are permitted as long as the exclusion does not adversely impact an organization's ability to meet the requirements of its customers.

Only activities that an organization does not do itself can be considered as permissible exclusions. For example, if an organization does not design; this is a permissible exclusion. If an organization does not use equipment requiring calibration, then paragraph 7.6 is a permissible exclusion. In order to exempt one’s self from a requirement, a statement such as the following would suffice:

‘Company XYZ does not engage in designing, developing or changing the design of the products we manufacture. Therefore, our QMS does not encompass product design and development processes and paragraph 7.3 of ISO 9001 is not applicable to our business.

Summary

Download a free ISO 9001 quality manual template example courtesy of ISO 9001 Checklist.

The quality manual is ideal for organizations that require an affordable, basic manual that will satisfy the requirements of ISO 9001 whilst providing a framework for a formal in-house quality system. To learn more please visit ISO 9001 Checklist:
http://www.iso-9001-checklist.co.uk.htm.

The Value of ISO Implementation

The Value of ISO Implementation

During these uncertain economic times, organizations realise they must improve their performance in order to position themselves more effectively to take advantage of the inevitable recovery. Organizations understand the potential for new opportunities to gain a better market share as the recovery phase adds momentum, and that ISO implementation could provide the edge needed to gain that market share.

Beginning the ISO Implementation Journey

A consultant will often provide a quicker start to your ISO implementation project, in the long run; you will save time but at the expense of cost. Or, you could do it yourself; many organizations have, and succeeded. If you study the standard and you have more time than budget, the DIY approach could be a foregone conclusion!

Begin by reading through each requirement of ISO 9001:2008 and ask yourself ‘what evidence do I have that shows we are actually doing this?’ List the organization’s processes using post-it notes and arrange each one in sequence and then link each process to a set of documentable outputs. Align the quality policy, objectives and the quality manual to achieve those outputs.

Begin auditing the outputs of these processes as soon as you have sufficient documentary evidence to demonstrate conformance. This can take several months to generate or it can be as soon as a month after the initial implementation phase.

Should I do a Gap Analysis?

Yes. By performing and documenting an initial Gap Analysis between the organization’s existing systems and the requirements of ISO 9001:2008, the true scope of effort needed to achieve certification will be revealed.

The Gap Analysis will help to highlight:

- the required processes that are not currently in place
- non-compliant processes that must be redesigned
- processes that comply but need to be documented
- documented processes that comply

Experience of performing an initial Gap Analysis for ISO implementation has revealed a common stumbling block to compliance; companies mostly lack a provable and effective corrective and preventive action process or program. This is a key tenet of the quality management system and promotes much of system’s future improvements.

A common key problem is that personnel, which includes management, have not received adequate training - thus making implementation much more difficult. ISO implementation can be a struggle if people do not fully understand the principles.

Pre-assessment audit

If you choose to use ISO consultants we recommend you take advantage of your chosen registration company’s pre-assessment audit (this is often free). Have their auditor come in for a day and assess various aspects of your system. He will appreciate the depth of evidence at this early stage and allow for it when making an assessment. Ask him to have them look at two, three or more processes - his feedback is often useful in streamlining top management’s overall approach to ISO implementation.

Summary

Learn more about ISO implementation with their free project plan.

Devise a system that benefits your company by mapping the processes to give an overview of how each process interacts; from there, you can now produce detailed procedures to control the inputs and outputs of each process. Try not to make every organizational nuance fit the standard; keep it simple!

To learn more about ISO implementation please visit ISO 9001 Checklist:
http://www.iso-9001-checklist.co.uk/iso-9001-project-plan.htm

ISO 9001 Audit Checklist

Understanding the ISO 9001 Audit Checklist

If an organization has recently embarked on the journey of implementing ISO 9001:2008, a generic ISO 9001 audit checklist can be very helpful in determining gaps in compliance. As the system matures however, generic audit checklists lose their effectiveness and it becomes critical for the organization to delve deeper in terms of conformance when assessing the effectiveness of operational controls and specific processes.

Why use an ISO 9001 Audit Checklist?

Internal auditors often use an ISO 9001 audit checklist to determine compliance since the ISO 9001 audit checklist covers each requirement of the standard as a question. This type of questionnaire is very useful for internal auditors, because it helps them to discover how a specific requirement is implemented. The auditor has only to check that the defined procedure meets the requirements and if the procedure is preformed correctly.

The shortcoming of this approach is that the audit often fails to evaluate the effectiveness and efficiency of the process being audited. What happens if the process does not meet procedure? Should you change the process to be compliant with the procedure, or should you verify whether the process is effective and change the procedure? These are questions to consider in any procedure-based audit.

Instead, use the ISO 9001 audit checklist only as a guide and allow the auditor to delve freely into whatever process is deemed critical. This model will produce more meaningful findings, but, there is a risk that auditors focus on auditing processes that are familiar to their particular specialty. Furthermore, as time goes by, completing the audit checklist could become mandatory and overburdened with detail resulting in less time for in-depth auditing.

Process Auditing and Checklists

Process audits are undertaken to verify whether a process meets the planned goals and objectives and to identify opportunities for improvement. The main thing to understand when auditing a process is the actual process concept. One does not need to know or understand the details of a specific process to be able to audit it, although it does help. A good auditor should be able to audit any process without knowing anything about it by monitoring the process inputs to determine whether the desired process outputs have been achieved.

As with other ISO standards which require internal auditing, audit checklists based on the standard have minimal benefit when it comes to auditing a process. It is best to develop a specific audit questionnaire based on actual management system policies, processes and procedures. This allows a more in-depth approach that identifies not only failures in the processes but also potential failures, while also ensuring the internal auditors are much more rigorous during their enquiries.

Controlling the Audit Checklist

The basic ISO 9001 audit checklist template should be controlled but the actual audit checklist for each process is subject to change and should not be controlled.

Summary

Download a free ISO 9001 audit checklist example courtesy of ISO 9001 Checklist.

Sometimes the ISO 9001 audit checklist and auditing in general are treated as a separate agenda items which are often put back in the closet until the next internal audit or registration audit. An effective internal audit process can prevent that from happening by maintaining visibility throughout the organization. To learn more please visit ISO 9001 Checklist:

http://www.iso-9001-checklist.co.uk/internal-audit.htm.

ISO 9001 Quality Manual

Top 5 questions about your ISO 9001 Quality Manual

An ISO 9001 quality manual details how an organization will actively ensure customer satisfaction through the application of established quality management principles. For this reason, the ISO 9001 quality manual is one of the most scrutinised high-level documents present in an organization. This article discusses a number of issues surrounding the format and content of the quality manual.

Format & Content

There are no requirements defining the format of the ISO 9001 quality manual, most organizations often use a pre-formatted template which is easily modified as the quality system develops. Using a quality manual template will afford an organization more time to focus on documenting systems and processes with greater accuracy during the implementation phase.

There is often considerable debate about the format and content of the quality manual. The balance of opinion is divided between those who believe the manual’s format does not matter, as long as, what occurs out in the field complies with the requirements and those who believe the quality manual should say something 'personal' about the organization’s approach to quality management.

It would be true to say that every company has their own style of operation which will inevitably be reflected in the quality manual and procedures. This variance is fine; all that matters is that the quality manual and procedures are able to respond positively to these questions:

1. Does it define the scope of the organization’s approach to quality management?
2. Does it define how the scope is applied?
3. Does it give suitable reason for permissible exclusions from that scope?
4. Does it contain, or make reference to, documented procedures?
5. Does it ensure a cycle of feedback exists to allow improvement?

It is important to maintain a clear distinction between the contents of the ISO 9001 quality manual and the purpose and scope of the procedures. The quality manual should define top management’s intent to operate an effective quality management system, while the procedures define how those intentions will be implemented at an operational level.

The quality manual should not be over burdened with excessive detail which requires frequent change to ensure relevance is maintained. The approach taken many companies to avoid over-burdening their manual is by allowing lower-level documents, such as procedures and work instructions to contain operational detail. Then, simple reference is made to the procedures and work instructions from within the quality manual itself. In other words, let the procedures take the strain of controlling day-to-day activities; after all, they are ‘working’ documents the organization uses to achieve the goal of customer satisfaction.

Summary

Compilation of the ISO 9001 quality manual can be challenging task as it tends to be a key information resource to multiple audiences. By using a consistent approach to content input and formatting, it becomes much easier to communicate to those audiences about your organization’s approach to quality.

To learn more about our Quality Manual Solution, please visit ISO 9001 Checklist:
http://www.iso-9001-checklist.co.uk/iso-9001-quality-manual.htm.

Do I need an ISO Consultant?

Organizations often engage the services of an independent ISO consultant to help plan and implement their quality management system. However, it is entirely possible to learn and implement the requirements of the standard yourself using the browser based training resource provided free by www.iso-9001-checklist.co.uk.

This resource will provide your organization with immediate access to a body of knowledge that could help your organization ensure the effectiveness of its quality management system; in short, it has the potential to save you thousands in unnecessary consultancy fees.

Four Reasons to Hire an ISO Consultant

1. To plan the implementation project.

The efficient implementation of the standard starts with a robust plan, taking into account all variables that you might encounter, omitting the areas that are already in place and by developing an estimate of the duration of each phase.

2. To interpret the standard.

An ISO consultant who understands the requirements of the standard will help your organization avoid wasting time undertaking things the standard does not require, or undertaking things that do not meet the requirements of the standard.

3. To benefit from previous experience.

Employing an ISO consultant to guide your organization towards efficient implementation from the start, without having to learn the ropes on your own which thereby reduces the need to ‘learn as you go’.

4. To manage the implementation programme.

An ISO consultant will liaise with your ISO 9001 implementation team and ensure that work is completed in accordance with the implementation programme.

Why not go it alone?

In order to ensure that your organization has got what it takes to build a compliant quality management system and then to achieve certification might appear to be a very daunting challenge. Seeking the help of an ISO consultant is the most common response to this challenge, yet it is an unnecessary option to take.

Once you have read through our body of knowledge you will begin to understand the requirements more thoroughly. This guidance helps you go through the entire implementation process effortlessly because the training resource divides ISO 9000 into four sections, Plan, Do, Check and Act. The page menu then sub divides each section into Principles, Base Clauses and Requirements for easy comparison.

Summary

Rather than paying an ISO Consultant high consultancy fees, it is possible to purchase quality system templates which are ready to use and which could save you thousands of pounds. We provide easy to edit and fully customizable quality system templates along with free training resources to help your organization achieve a competitive edge.

To learn more about implementation without an ISO consultant, visit ISO 9001 Checklist:
http://www.iso-9001-checklist.co.uk/iso-9001-training.htm.

ISO 9001 Training

ISO 9001 Training

Implementing ISO 9001 in any organization first requires the development of the necessary knowledge, skills and understanding to enable the practical application of the standard. At this stage organizations often seek the help of a consultant but this is often unnecessary since the required understanding can easily be sought for free.

The ISO 9001 training section provided by www.iso-9001-checklist.co.uk is intended to give any business a knowledgeable foundation that ensures their quality management system is highly robust. It could save you £0000's in consultancy fees.

The Concept behind ISO 9001 Training

ISO 9001 training is a unique internet browser based tutorial solution that provides expert practical guidance for businesses wishing to interpret ISO 9000 fundamentals to help better understand and implement the requirements of ISO 9001:2008. It could help your business to get the most out of your quality management system, and it’s free to use!

The ISO 9001 training section represents a body of knowledge which explains the requirements of the standard in plain English coupled with practical guidance and interpretation. The online ISO 9001 training section divides the standard into four sections that follow the Plan, Do, Check and Act cycle. The page menu then subdivides each section into Principles, Base Clauses and Requirements for easy comparison. Each stage of the cycle then relates each clause of ISO 9001:2008 to the key concepts that lie at the heart of quality management.

How does it Work?

Simple, it encourages the use of the PDCA cycle as a means to implement your quality management system by prompting the user to:

PLAN your quality system’s high level processes, define your quality policy and establish your quality objectives in accordance with the expected output. Consider; how will the quality management system be documented, what resources will be needed, who will have responsibility for what and how will the effectiveness of the system be evaluated and communicated.

DO carry out day-to-day activities by performing the necessary processes in accordance with any planned arrangements. Gather performance information by undertaking audits and other measurements as planned.

CHECK the results and analyse the information gathered through various measurements and monitoring activities to determine whether the quality management system has achieved what it set out to do.

ACT by using the results from internal audits, preventive actions and management reviews to ensure the continual improvement of your quality management system; continual improvement should be the organization’s permanent objective.

What Happens after Implementation?

You need to choose a registrar. The registrar is a third party certification auditor who will assess your quality management system and issue a certificate if it meets the requirements of ISO 9001:2008. In choosing a registrar you should consider their industry experience, geographic coverage, price and service level offered. The key is to find a registrar who can meet your requirements. For further information regarding national accredited certification bodies, please visit www.ukas.com.

Pre-assessment by your registrar normally takes place about 6 weeks before registration. The purpose of the pre-assessment audit is to identify areas where you may not be operating in accordance with the standard. This allows you to correct any deficiencies before registration.

Prior to registration, you should arrange an initial assessment with your registrar. At this point the registrar will review your quality management system (by interviewing staff, observing activities and checking records) to decide whether you should be recommended for registration.

Summary

Once you have achieved certification, you can begin to communicate your success and promote your business. To maintain registration, you need must be able to demonstrate that your quality management system continually improves.

To learn more about free online ISO 9001 training please visit ISO 9001 Checklist:
http://www.iso-9001-checklist.co.uk/iso-9001-training.htm

Advice for the First Time Internal Auditor

Internal auditing is one of the most vital tools for continual improvement, and as such, this tool is intended to provide Top Management with objective, fact-based information upon which strategic decisions may be based.

One of the most important requirements of an internal audit is that it is fully focused on assessing the effectiveness of the processes that are inherent to the quality management system. Where such processes are found to be deficient, the audit will ultimately lead to improvement in those processes, since a non-conformance in a process is, more often than not, to do with a failure to comply with the relevant standard or procedures.

Why do Internal Audits?
Clearly, the purpose of internal auditing is to measure the effectiveness of the quality management system and its associated processes and the auditor’s role is to gauge how well this system is functioning through the gathering of objective evidence. The auditee will often be a processes owner; they are the experts of that process and as such will provide an invaluable insight into the mechanics of that process.

The auditor is there to verify that the processes are documented, implemented and understood. He will also seek confirmation that the processes complies with the necessary requirements, that the process is effective and that it continually improves.

The Human Aspect of Auditing
Good auditors realise very early on that they are dealing with personalities as much as processes and systems. Whilst the intent of the audit a serious one, often light humour, politeness and diplomacy are the best ways to build rapport. It is vital that every effort is made to reassure those being audited that its primary function serves as a tool for improvement and not to name and shame.

If you new are new to auditing, acknowledge this fact, be open and honest. It is also important that you explain to those being audited that they are free to openly express their views during the audit. Remember that you, the auditor, are also there to learn.

Always discuss the issues you have identified with the people being audited and always provide guidance as to what is expected in terms rectifying any non-conformances or observations that you have raised. Let those being audited know that they are welcome to read your notes and findings; the audit is not a secret. Be careful not to be drawn into arguments concerning your observations and it is never appropriate to name people directly in the audit report, if you do, people automatically become defensive.

Preparing for the Audit
Preparation is the key to a meaningful audit, and as such, you should have an audit schedule and a well defined audit plan for each process. Be sure to communicate the audit plan to all parties involved as well as Top Management so that they are aware of the audit, this helps to reinforce your mandate.

The audit schedule should be a living document and should not be cast in stone but instead, it should be allowed to evolve organically with the needs of the business.

Always review previous audit reports and non-conformance reports and check that any previous corrective actions are still operating.

Six Elementary Audit Questions
Often these basic audit questions will help guide the audit in the right direction since they will often unlock the doors to information the auditor requires in order to accurately assess the particulars of a process.

- What are your responsibilities? (5.5.1)
- How do you know how to carry them out? (6.2)
- What are the objectives of your processes? (5.4.1 & 7.1.a)
- What is the quality policy and where is it found? (5.3.d)
- How do you know which documents to use and whether they are correct? (4.2.3)
- What outputs does your process create and how are your records maintained? (4.2.4)

Summary
Define what you want to measure; decide how are you going to measure it and decide what objective evidence should be provided to convince you that an activity is performed in accordance with the process. An audit of your key quality management activities will always be more relevant and produce more meaningful results than a simple procedural audit.

Download a free internal audit checklist example courtesy of ISO 9001 Checklist.

ISO 9001 templates for sale from £27.50 here:
http://www.iso-9001-checklist.co.uk/products.htm

ISO 9001 Document Control Procedures - Advice for Auditors

The document control procedure (4.2.3) and record control procedure (4.2.4) are usually the first of the six mandatory procedures to be initiated when implementing an ISO 9001:2008 quality management system.

A robust document control process invariably lies at the heart of any compliant quality management system because almost every aspect of auditing and compliance verification is determined through the scrutiny of documented evidence. With this in mind, it becomes apparent that the ongoing maintenance of an efficient document management system must not be overlooked.

Difference between Documents and Records
What does ISO 9000:2005 tell us about the difference between documents and records and furthermore; why it should matter?

The standard tells us that documents are considered as being information (e.g. specifications or procedures) and its supporting medium (e.g. paper or electronic). The standard implies that over time these documents will evolve as new information supersedes old and that change must be managed. Documents are active and dynamic.

Records, on the other hand, are more static since they are historical in nature. They are the documents that state the results of activities undertaken in accordance with the product realization, measurement, analysis and improvement processes (e.g. calibration logs and non-conformance or corrective action reports). They also provide evidence that an activity was performed in the manner specified (e.g. inspection records).

Requirements for Controlling Documents and Records
What does ISO 9001:2008 tell us about ensuring compliance with the principal requirements of document control procedures?

Clause 4.2.3 tells us that an organization must control the documentation required by the quality management system and that a suitable document control procedure must be implemented to define the controls needed to; approve, review, update, identify changes, identify revision status and provide access. The document control procedure must clearly define the scope, purpose, method and responsibilities required to implement these parameters.

ISO 9001:2008 does not define how an organization should format its documentation, since most organizations maintain a consistent corporate image, it is expected that any corporate format will suffice.

Similarly; Clause 4.2.4 demands that an organisation must implement a documented procedure to define the controls needed for the identification, storage, protection, retrieval, retention and disposition of records and that these records must remain legible and identifiable throughout their retention period.

It is acceptable to combine the control of records procedure with the document control procedure but care should be taken not to obscure the differences between records and documents.

What’s so important about Records?
Records are an important organizational asset; they provide the primary route for evidence based verification and traceability, and are able to demonstrate compliance with customer requirements. Records also prove the efficacy of the quality management system.

Delivery of such records to a client is often a contractual and legal requirement. In certain industries, such as civil engineering, assurance records become a fundamental point of reference when determining compliance with the intended design as well as helping to satisfy the requirements prescribed by building control authorities and the health and safety executive. These records are demonstrative of a contractor’s duty of care and that the end product is fit for purpose.

The Document Control Function
The document control function is an administrative management activity and operates on the frontline by ensuring compliance with Clause 4.2 and the associated document control procedures and record control procedures. Generally, the document control function should have a direct report to the Quality Representative.

Summary
Remember; keep it simple and allow the process owners to write or revise the documents they need. Use the document control function to apply formatting and revision changes as well as distribution and retention. It is best to interpret the requirements as they apply to your company; there is no hard and fast method.

Looking for document control procedure advice and interpretation?

Please check out our documentation management solution.

Why write a Quality Manual?

The quality manual is the essential cornerstone for any organization venturing on the ISO 9001:2008 accreditation route since it manifests top management’s commitment to operating an effective quality management system.

Like any document, the quality manual must be written in such a way that it provides employees, customers, auditors and other interested parties with a sound overview of how your organization satisfies customer requirements. People throughout your organization will refer to it when they want to see the big picture of the system, or what policies have been established.

One of best ways to understand and implement ISO 9001:2008 is the actual task of compiling the quality manual. By reading through the requirements one-by-one and assigning each requirement a relevant document, process or procedure that exists within your organization, you will find that more than half of the requirements have already been addressed. The quality manual just needs formalise the relationship between the processes and the documents.

Format and content
Write your quality manual so that it works for you, for your company and the way you work, it is entirely your choice but always ensure that it supports your organisation’s objectives. The quality manual should not contain any confidential or proprietary information as it should be readily available to third party auditors and customers.

You should also ensure that a clear distinction is made between the contents of the quality manual and the procedures. The quality manual defines the intention of top management for the operation of the quality management system, while the procedures define how these intentions are implemented.

Three things that must be included in the quality manual:
1. The scope of the quality management system including details of the justification of any exclusions

2. The documented procedures established for the quality management system, or reference to them

3. A description of the interaction between the processes of the quality management system

Who will use your Quality Manual and Why?
Customers and Clients want to see how your system takes care of their requirements. If your quality manual comprises two pages, it may not inspire confidence that your system is robust enough to be an effective quality management system. Customers and Clients want see assurance that you know how to plan, implement, and control the processes that affect their products or service delivery.

Auditors will want to know how you've met the requirements of the standard and if the quality management system is effective in achieving your organization’s objectives. Auditors will use the quality manual as a guide to help identify and source the objective evidence which they need to see in demonstration of your company’s compliance with the standard. Internal auditors can audit the organization against their own requirements instead of a generic external document.

Management should be able to determine, from the manual, how the various processes and systems interact, and at a high level what policies and methods have been established to maintain and control the processes and systems.

Staff
The quality manual is often given to new recruits to familiarise themselves with the organization’s quality management system and the manuals are often used as an in-house training resource.

Summary
Most importantly, your quality manual should not sit on a dusty shelf or be hidden in an obscure location on the computer network; it is an active and dynamic document that demands exposure in order for it to develop and improve.

To learn more about our Quality Manual template please visit ISO 9001 Checklist.

How to Audit Preventive Action

There is often a discussion between the auditor and the organization about where corrective action ends and where preventive action begins. For example, a non-conformance is detected in process 'A', are the actions taken to avoid possible non-conformances in processes 'B' and 'C' preventive actions, or simply within the scope of the corrective actions taken for process 'A'?

The auditor should avoid being side-tracked by such discussions and concentrate on whether or not the actions were effective. One of the difficulties in auditing a preventive action program is that some organizations don't understand the differences between corrective actions and preventive actions.

What is Corrective Action?
A corrective action should be considered as a reactive response since it is taken upon detection of a non-conformity. An organization will first correct or contain the problem and then determine its root cause so they can take corrective action to prevent its recurrence.

What is Preventive Action?
Preventive action should be considered as a proactive undertaking, e.g., when we anticipate a potential problem and take action to eliminate the possible causes and prevent the occurrence of the non-conformance. The best time to take preventive actions is early in the product cycle, e.g., performing Failure Mode Effects Analysis and conducting Design Reviews.

What is FMEA?
FMEA (Failure Mode and Effects Analysis) is a management activity intended to assess actual and potential problems, assign a risk factor and decide a course of action. This method is used in many industries such as automotive, medical device manufacturing, aerospace, and chemical processing.

FMEA is not a specific ISO 9001 requirement, however this approach satisfies ISO 9001 Para 8.5.3 Preventive Action.

Auditing Preventive Action
Auditing any preventive action program begins with a review of the preventive action procedure required by standard. The organization may choose to have corrective actions and preventive actions covered in the same documented procedure. This is acceptable as long as the requirements in both clause 8.5.2 and 8.5.3 are addressed.

The auditor must look for evidence that the organization has analyzed the causes of potential non-conformances, that the required actions are deployed in all relevant parts of the organization and that there are clear definitions of the responsibilities for the identification, evaluation, implementation and review of preventive actions.

When a potential problem is identified, organizations must determine the action needed to eliminate the causes of the potential non-conformance and thereby prevent its occurrence. However, the action taken must be proportionate to the effects of the problem.

In other words, it would be acceptable to not take a preventive action if the anticipated problem is unlikely to happen, would have little impact, and would be easily detected. If a potential problem is low risk, the business decision may be to not attempt to prevent it.

However, if there is a need, the organization must determine and implement the appropriate preventive action. Records must be kept of the results. The action taken must be reviewed to assess its effectiveness in preventing the potential problem.

The focus should be on correcting and preventing problems, preventing problems is generally cheaper than fixing them after they occur, start thinking about problems as opportunities to improve!

When auditing any preventive action program, find out how potential non-conformities are identified. If they aren't analyzing trends and looking for warning signs, they may be ignoring possible problems that could be avoided if only they were considered.

Examine the preventive action records to see if the organization is following their procedure. Find out how they identify causes and determine the appropriate actions. Review the results to see if their actions were effective in preventing the problems.

Summary
Problem correction and avoidance is relatively simple: define the problem, identify the cause and take action to remove it. Preventive action is specifically required by ISO 9001:2008 (Para. 8.5.3), and it provides one of the most valuable links to continual improvement.

Looking for preventive action advice and interpretation?

More ISO 9001 information at ISO 9001 Checklist.

ISO 9001 Document Control Procedure

13 Step ISO 9001 Checklist

Implementing ISO 9001 can appear to be a very daunting task for companies where it's often the case that personnel don't have experience of implementing a quality management system. With this 13 step ISO 9001 Checklist, we hope to guide you through.

ISO 9001 isn't difficult to implement but rather that the quality related concepts themselves can be difficult to interpret and therefore difficult to apply in the real world. Concepts such as non-conformances and corrective action systems might seem burdensome at first but the outputs of these concepts are an invaluable source of information that should always be used to drive your corporate objectives.

Some of you might be implementing ISO 9001 in small companies and some might be implementing it in much larger companies, but, in all cases, the principal mode of implementation is identical. In other words, the application of ISO 9001 is scalable and generic; regardless of the size of the organization. The primary goal is to achieve a set of consistent processes that provide a route for enhancing customer satisfaction and to provide the necessary data for meaningful continuous improvement activities.

Begin with the assumption that you are already doing most of what ISO 9001 requires, you probably are! Many people talk about the high cost of implementing ISO 9001 but this is a false assumption. If you do it right and understand the Standard then implementation shouldn't be a problem since 75% of your quality system is already in place.

If you have the expertise in-house, and you have the time and necessary resources, you probably don't need a consultant to implement ISO 9001 - start by constructing your own ISO 9001 Checklist. If you have less resources or expertise, a good consultant can save you time and money and help you avoid any pitfalls whilst providing direction to your implementation project.

Step 1: Find out about ISO 9001:2008
Understand what ISO 9001 means for your organisation, not all requirements of the Standard will necessarily be relevant to all organisations. Under certain circumstances, an organisation may exclude themselves from some specific requirements.

Top management must provide evidence of its commitment to developing and implementing the quality management system, as well as continually improving its effectiveness.
Perform a gap analysis on your existing systems and develop your project plan based on the results of the gap analysis.

Step 2: Top Management to Define the Quality Policy
The only definition of quality that counts is the one which Top Management are in agreement. Clearly if you have a definition that clashes with what your customers, your suppliers, your partners believe, that would be a problem. So you will no doubt listen carefully to these stakeholders before you decide, but the decision is yours.

Step 3: Define your Processes
The process approach promoted by ISO 9001 systematically identifies and manages the processes and their interaction within a quality management system.

Step 4: Select internal auditors
Internal auditors should be chosen from within your organization, they must be impartial, inquisitive and open-minded. It is helpful to provide them with an ISO 9001 Checklist.

Step 5: Train Internal Auditors
They need to understand how the new clause structure and requirements will affect their audit plans. Instead of auditing by clause, your organisation may decide to audit by functional area, either way, you should develop an internal audit schedule and review the progress against your plan.

Step 6: Implement Management Systems
Monitor and measure process performance and start internal auditing. Typically, the auditors should undertake at least one internal audit covering all elements of the quality system which must be followed up by a management review. This enables you to identify non-conformances and to implement corrective actions prior to formal assessment.

Step 7: Select Certification Body
Agree the scope of registration and pay fees and continue the implementation plan and ISO 9001 Checklist.

Step 8: Continue the Implementation Plan
Make any necessary changes, from 7, above. Most certification bodies wish to see at least 3 months of records.

Step 9: Management Review
This review generates decisions on key matters such as process improvement, corrective actions and non-conformances that are discovered during the internal audit process from step 6.

Step 10: Implement any System Changes
Implement any changes to the quality management system that might have arisen from the outputs of previous steps.

Step 11: Certification Body Preliminaries
This a desk-based exercise, carried out by the Certification Auditors. The audit is restricted to the quality manual and related systems and its aim is to ensure that the documentation addresses the requirements of ISO 9001.

Step 12: Certification Day
The emphasis here is placed on finding objective evidence that demonstrates your quality management system has been implemented effectively and that it complies with the Standard.

The first areas generally scrutinised are management commitment (e.g. quality policy, objectives and communication), management reviews, corrective actions taken, continual improvement and changes made as the result of the pre-assessment audit.

Make sure you understand and agree any non-conformances or observations. If not, ask for a second opinion.

Step 13: Maintain and Improve Your Quality Management System
The aim of your continual improvement program is to proactively increase the odds of satisfying your customers.

We're here to help
We hope that with this 13 step ISO 9001 Checklist you can avoid complicating an otherwise simple tool. Only by ensuring a minimal amount of time is spent on administrative tasks, can the true power of your quality system deliver real business benefits. For a more complete ISO 9001 Project Plan, please see: http://www.iso-9001-checklist.co.uk/iso-9001-project-plan.htm

To learn more please visit ISO 9001 Checklist.

Quality Policy or Quality Objectives – what comes first?

The ISO 9000 standard is absolutely clear on this question; the policy comes first and the objectives are then developed in support of the quality policy.

Quality Policy
The quality policy is the only true definition of quality that counts in your organization. Provided that you take into account the few important items the standard asks for, you can define and measure quality any way you choose.

Make sure the policy builds on current corporate objectives and values - it must be fully integrated with those concepts.

The quality policy is considered to be the driving force of the QMS as it commits your organization to meeting its objectives. It is also one of the key documents against which the performance of your QMS is measured.

Once you have a set of measurable quality objectives which suit you and your customers, you can drop the vague word 'quality' and focus your energies and your quality system on achieving those objectives.

Your Quality Policy should drive continual improvement
You will be required to ensure that you continually improve the degree to which your products and services meet customer requirements and to measure effectiveness of your processes. To this end the continual improvement principle implies that you should adopt the attitude that improvement is always possible and that organizations should develop the skills and tools necessary to drive improvement.

Quality Objectives
The translation of the quality policy into practice is made by defining the supporting quality objectives but ISO 9001 does not specify how quality objectives are documented; they may be documented in business plans, management review output, annual budgets, etc.

Quality objectives are now a clear requirement in their own right as opposed to being just a part of quality policy. They must be established in support of the policy and must focus on meeting product requirements and achieving continual improvement.

Incorporate your Quality Objectives into reporting
When your quality objectives are defined they must reflect the quality policy, be coherent, and align with the overall corporate objectives and customer expectations. Clearly defined quality objectives should also be closely linked to your key performance indicators or other pre-existing indicators; otherwise they become meaningless. They must be set by Top Management and be incorporated into reporting.

Keep your objectives up-to-date
Objectives are not static and need to be updated in view of the prevailing business climate, customer expectations and continual improvement activities. Don’t be afraid to revise your quality objectives (either up or down) but ensure that personnel are made aware that they have changed!

It’s worth remembering that even partial achievement of you quality objectives demonstrates continual improvement.

Once you have a set of measurable quality objectives which suit you and your customers, you can drop the vague word 'quality' and focus your energies and QMS on achieving those objectives.

Summary
There are many formal definitions of quality but for all practical purposes you can ignore all of them since the only definition that counts is the one on which Top Management agree and communicate via the quality policy.

Remember that there is a clear link between the dynamic aspect of revising the quality policy and the quality objectives and the commitment of the organization to continual improvement.

To learn more about developing your quality policy please visit ISO 9001 Checklist.

What is ISO 9001?

ISO 9001 contains all of the requirements which an organisation must address within their Quality Management System (QMS) if they wish to be certified against the Standard. The majority of these requirements would be identified by many organisations as 'common sense' topics which they would want to address in order to run their business well e.g. sales, design, purchasing, training, calibration of test equipment, control of records.





ISO 9001 is written by a committee (TC 176) and is designed for use in any type of organisation. This inevitably means that there are compromises in the wording of the Standard and some interpretation is often needed.

There are 8 sections in ISO 9001
1. Scope
2. References
3. Terms and definitions
4. Quality management system
5. Management responsibility
6. Resource management
7. Product realisation
8. Measurement, analysis and improvement

ISO 9001 Keys to Success
It is sections 4, 5, 6, 7 & 8 which contain the Requirements themselves and organisations wishing to be certified against ISO 9001 will need to demonstrate that they have addressed all of these requirements.

There are over 250 individual requirements in ISO 9001 that can be condensed into five key statements.

The organisation shall:
1. Determine the needs and expectations of customers
2. Establish policies, objectives and a work environment necessary to motivate people to satisfy these needs
3. Design, resource and manage a system of inter-related processes to implement the policy and attain the objectives
4. Measure and analyse the effectiveness of each process in fulfilling its objectives
5. Pursue the continual improvement of the system from an objective evaluation of its performance.

ISO 9001:2008 Approval
ISO 9001:2008 registration gives the organisation the benefit of an objectively evaluated and enforced quality management system. It is a tangible expression of a firm's commitment to quality that is internationally understood and accepted.

ISO 9001:2008 registration is carried out by certification bodies (registrars), accredited organisations that review the organisation's quality manual and working practices to ensure that they meet the Standard.

Using ISO 9001:2008
It is important that when an organisation is certified to ISO 9001, it is clear which aspects of the organisation are covered by the certificate. This is addressed through the Scope of Registration, and this must clearly identify what is included so as not to mislead.

It is a requirement that all elements of ISO 9001 must be addressed by the organisation. However, there are specific circumstances under which certain requirements of the Standard can be excluded, yet compliance with ISO 9001 still be claimed:

- Any excluded requirements do not affect the ability of the organisation to meet customer and regulatory requirements
- Any excluded requirements do not affect the ability of the organisation to provide conforming products or services
- Any excluded requirements must only come from section 7 (Product realisation) of ISO 9001. An example may be customer property. Clearly if a company never deals with such property then the requirement would not be applicable
The company's quality manual must also clearly identify why specific requirements of ISO 9001 have been excluded and the justification for that exclusion.

What 9001 is not
ISO 9001 is NOT a product Standard - it contains no product requirements. It is a series of generic requirements for quality management systems. Approval to ISO 9001 does not guarantee product or service quality. Customer focused leadership, not standards produce satisfied customers.

Approval to ISO 9001 demonstrates that you meet the minimum requirements of quality management.

How can we help?
Looking for ISO 9001 advice and interpretation?

Check out our Quality Manual: http://www.iso-9001-checklist.co.uk/iso-9001-quality-manual.htm