Thursday, 29 July 2010

Why write a Quality Manual?

The quality manual is the essential cornerstone for any organization venturing on the ISO 9001:2008 accreditation route since it manifests top management’s commitment to operating an effective quality management system.

Like any document, the quality manual must be written in such a way that it provides employees, customers, auditors and other interested parties with a sound overview of how your organization satisfies customer requirements. People throughout your organization will refer to it when they want to see the big picture of the system, or what policies have been established.

One of best ways to understand and implement ISO 9001:2008 is the actual task of compiling the quality manual. By reading through the requirements one-by-one and assigning each requirement a relevant document, process or procedure that exists within your organization, you will find that more than half of the requirements have already been addressed. The quality manual just needs formalise the relationship between the processes and the documents.

Format and content
Write your quality manual so that it works for you, for your company and the way you work, it is entirely your choice but always ensure that it supports your organisation’s objectives. The quality manual should not contain any confidential or proprietary information as it should be readily available to third party auditors and customers.

You should also ensure that a clear distinction is made between the contents of the quality manual and the procedures. The quality manual defines the intention of top management for the operation of the quality management system, while the procedures define how these intentions are implemented.

Three things that must be included in the quality manual:
1. The scope of the quality management system including details of the justification of any exclusions

2. The documented procedures established for the quality management system, or reference to them

3. A description of the interaction between the processes of the quality management system

Who will use your Quality Manual and Why?
Customers and Clients want to see how your system takes care of their requirements. If your quality manual comprises two pages, it may not inspire confidence that your system is robust enough to be an effective quality management system. Customers and Clients want see assurance that you know how to plan, implement, and control the processes that affect their products or service delivery.

Auditors will want to know how you've met the requirements of the standard and if the quality management system is effective in achieving your organization’s objectives. Auditors will use the quality manual as a guide to help identify and source the objective evidence which they need to see in demonstration of your company’s compliance with the standard. Internal auditors can audit the organization against their own requirements instead of a generic external document.

Management should be able to determine, from the manual, how the various processes and systems interact, and at a high level what policies and methods have been established to maintain and control the processes and systems.

The quality manual is often given to new recruits to familiarise themselves with the organization’s quality management system and the manuals are often used as an in-house training resource.

Most importantly, your quality manual should not sit on a dusty shelf or be hidden in an obscure location on the computer network; it is an active and dynamic document that demands exposure in order for it to develop and improve.

To learn more about our Quality Manual template please visit ISO 9001 Checklist.

Wednesday, 28 July 2010

How to Audit Preventive Action

There is often a discussion between the auditor and the organization about where corrective action ends and where preventive action begins. For example, a non-conformance is detected in process 'A', are the actions taken to avoid possible non-conformances in processes 'B' and 'C' preventive actions, or simply within the scope of the corrective actions taken for process 'A'?

The auditor should avoid being side-tracked by such discussions and concentrate on whether or not the actions were effective. One of the difficulties in auditing a preventive action program is that some organizations don't understand the differences between corrective actions and preventive actions.

What is Corrective Action?
A corrective action should be considered as a reactive response since it is taken upon detection of a non-conformity. An organization will first correct or contain the problem and then determine its root cause so they can take corrective action to prevent its recurrence.

What is Preventive Action?
Preventive action should be considered as a proactive undertaking, e.g., when we anticipate a potential problem and take action to eliminate the possible causes and prevent the occurrence of the non-conformance. The best time to take preventive actions is early in the product cycle, e.g., performing Failure Mode Effects Analysis and conducting Design Reviews.

What is FMEA?
FMEA (Failure Mode and Effects Analysis) is a management activity intended to assess actual and potential problems, assign a risk factor and decide a course of action. This method is used in many industries such as automotive, medical device manufacturing, aerospace, and chemical processing.

FMEA is not a specific ISO 9001 requirement, however this approach satisfies ISO 9001 Para 8.5.3 Preventive Action.

Auditing Preventive Action
Auditing any preventive action program begins with a review of the preventive action procedure required by standard. The organization may choose to have corrective actions and preventive actions covered in the same documented procedure. This is acceptable as long as the requirements in both clause 8.5.2 and 8.5.3 are addressed.

The auditor must look for evidence that the organization has analyzed the causes of potential non-conformances, that the required actions are deployed in all relevant parts of the organization and that there are clear definitions of the responsibilities for the identification, evaluation, implementation and review of preventive actions.

When a potential problem is identified, organizations must determine the action needed to eliminate the causes of the potential non-conformance and thereby prevent its occurrence. However, the action taken must be proportionate to the effects of the problem.

In other words, it would be acceptable to not take a preventive action if the anticipated problem is unlikely to happen, would have little impact, and would be easily detected. If a potential problem is low risk, the business decision may be to not attempt to prevent it.

However, if there is a need, the organization must determine and implement the appropriate preventive action. Records must be kept of the results. The action taken must be reviewed to assess its effectiveness in preventing the potential problem.

The focus should be on correcting and preventing problems, preventing problems is generally cheaper than fixing them after they occur, start thinking about problems as opportunities to improve!

When auditing any preventive action program, find out how potential non-conformities are identified. If they aren't analyzing trends and looking for warning signs, they may be ignoring possible problems that could be avoided if only they were considered.

Examine the preventive action records to see if the organization is following their procedure. Find out how they identify causes and determine the appropriate actions. Review the results to see if their actions were effective in preventing the problems.

Problem correction and avoidance is relatively simple: define the problem, identify the cause and take action to remove it. Preventive action is specifically required by ISO 9001:2008 (Para. 8.5.3), and it provides one of the most valuable links to continual improvement.

Looking for preventive action advice and interpretation?

More ISO 9001 information at ISO 9001 Checklist.

Monday, 26 July 2010

13 Step ISO 9001 Checklist

Implementing ISO 9001 can appear to be a very daunting task for companies where it's often the case that personnel don't have experience of implementing a quality management system. With this 13 step ISO 9001 Checklist, we hope to guide you through.

ISO 9001 isn't difficult to implement but rather that the quality related concepts themselves can be difficult to interpret and therefore difficult to apply in the real world. Concepts such as non-conformances and corrective action systems might seem burdensome at first but the outputs of these concepts are an invaluable source of information that should always be used to drive your corporate objectives.

Some of you might be implementing ISO 9001 in small companies and some might be implementing it in much larger companies, but, in all cases, the principal mode of implementation is identical. In other words, the application of ISO 9001 is scalable and generic; regardless of the size of the organization. The primary goal is to achieve a set of consistent processes that provide a route for enhancing customer satisfaction and to provide the necessary data for meaningful continuous improvement activities.

Begin with the assumption that you are already doing most of what ISO 9001 requires, you probably are! Many people talk about the high cost of implementing ISO 9001 but this is a false assumption. If you do it right and understand the Standard then implementation shouldn't be a problem since 75% of your quality system is already in place.

If you have the expertise in-house, and you have the time and necessary resources, you probably don't need a consultant to implement ISO 9001 - start by constructing your own ISO 9001 Checklist. If you have less resources or expertise, a good consultant can save you time and money and help you avoid any pitfalls whilst providing direction to your implementation project.

Step 1: Find out about ISO 9001:2008
Understand what ISO 9001 means for your organisation, not all requirements of the Standard will necessarily be relevant to all organisations. Under certain circumstances, an organisation may exclude themselves from some specific requirements.

Top management must provide evidence of its commitment to developing and implementing the quality management system, as well as continually improving its effectiveness.
Perform a gap analysis on your existing systems and develop your project plan based on the results of the gap analysis.

Step 2: Top Management to Define the Quality Policy
The only definition of quality that counts is the one which Top Management are in agreement. Clearly if you have a definition that clashes with what your customers, your suppliers, your partners believe, that would be a problem. So you will no doubt listen carefully to these stakeholders before you decide, but the decision is yours.

Step 3: Define your Processes
The process approach promoted by ISO 9001 systematically identifies and manages the processes and their interaction within a quality management system.

Step 4: Select internal auditors
Internal auditors should be chosen from within your organization, they must be impartial, inquisitive and open-minded. It is helpful to provide them with an ISO 9001 Checklist.

Step 5: Train Internal Auditors
They need to understand how the new clause structure and requirements will affect their audit plans. Instead of auditing by clause, your organisation may decide to audit by functional area, either way, you should develop an internal audit schedule and review the progress against your plan.

Step 6: Implement Management Systems
Monitor and measure process performance and start internal auditing. Typically, the auditors should undertake at least one internal audit covering all elements of the quality system which must be followed up by a management review. This enables you to identify non-conformances and to implement corrective actions prior to formal assessment.

Step 7: Select Certification Body
Agree the scope of registration and pay fees and continue the implementation plan and ISO 9001 Checklist.

Step 8: Continue the Implementation Plan
Make any necessary changes, from 7, above. Most certification bodies wish to see at least 3 months of records.

Step 9: Management Review
This review generates decisions on key matters such as process improvement, corrective actions and non-conformances that are discovered during the internal audit process from step 6.

Step 10: Implement any System Changes
Implement any changes to the quality management system that might have arisen from the outputs of previous steps.

Step 11: Certification Body Preliminaries
This a desk-based exercise, carried out by the Certification Auditors. The audit is restricted to the quality manual and related systems and its aim is to ensure that the documentation addresses the requirements of ISO 9001.

Step 12: Certification Day
The emphasis here is placed on finding objective evidence that demonstrates your quality management system has been implemented effectively and that it complies with the Standard.

The first areas generally scrutinised are management commitment (e.g. quality policy, objectives and communication), management reviews, corrective actions taken, continual improvement and changes made as the result of the pre-assessment audit.

Make sure you understand and agree any non-conformances or observations. If not, ask for a second opinion.

Step 13: Maintain and Improve Your Quality Management System
The aim of your continual improvement program is to proactively increase the odds of satisfying your customers.

We're here to help
We hope that with this 13 step ISO 9001 Checklist you can avoid complicating an otherwise simple tool. Only by ensuring a minimal amount of time is spent on administrative tasks, can the true power of your quality system deliver real business benefits. For a more complete ISO 9001 Project Plan, please see:

To learn more please visit ISO 9001 Checklist.

Saturday, 24 July 2010

Quality Policy or Quality Objectives – what comes first?

The ISO 9000 standard is absolutely clear on this question; the policy comes first and the objectives are then developed in support of the quality policy.

Quality Policy
The quality policy is the only true definition of quality that counts in your organization. Provided that you take into account the few important items the standard asks for, you can define and measure quality any way you choose.

Make sure the policy builds on current corporate objectives and values - it must be fully integrated with those concepts.

The quality policy is considered to be the driving force of the QMS as it commits your organization to meeting its objectives. It is also one of the key documents against which the performance of your QMS is measured.

Once you have a set of measurable quality objectives which suit you and your customers, you can drop the vague word 'quality' and focus your energies and your quality system on achieving those objectives.

Your Quality Policy should drive continual improvement
You will be required to ensure that you continually improve the degree to which your products and services meet customer requirements and to measure effectiveness of your processes. To this end the continual improvement principle implies that you should adopt the attitude that improvement is always possible and that organizations should develop the skills and tools necessary to drive improvement.

Quality Objectives
The translation of the quality policy into practice is made by defining the supporting quality objectives but ISO 9001 does not specify how quality objectives are documented; they may be documented in business plans, management review output, annual budgets, etc.

Quality objectives are now a clear requirement in their own right as opposed to being just a part of quality policy. They must be established in support of the policy and must focus on meeting product requirements and achieving continual improvement.

Incorporate your Quality Objectives into reporting
When your quality objectives are defined they must reflect the quality policy, be coherent, and align with the overall corporate objectives and customer expectations. Clearly defined quality objectives should also be closely linked to your key performance indicators or other pre-existing indicators; otherwise they become meaningless. They must be set by Top Management and be incorporated into reporting.

Keep your objectives up-to-date
Objectives are not static and need to be updated in view of the prevailing business climate, customer expectations and continual improvement activities. Don’t be afraid to revise your quality objectives (either up or down) but ensure that personnel are made aware that they have changed!

It’s worth remembering that even partial achievement of you quality objectives demonstrates continual improvement.

Once you have a set of measurable quality objectives which suit you and your customers, you can drop the vague word 'quality' and focus your energies and QMS on achieving those objectives.

There are many formal definitions of quality but for all practical purposes you can ignore all of them since the only definition that counts is the one on which Top Management agree and communicate via the quality policy.

Remember that there is a clear link between the dynamic aspect of revising the quality policy and the quality objectives and the commitment of the organization to continual improvement.

To learn more about developing your quality policy please visit ISO 9001 Checklist.

Wednesday, 21 July 2010

What is ISO 9001?

ISO 9001 contains all of the requirements which an organisation must address within their Quality Management System (QMS) if they wish to be certified against the Standard. The majority of these requirements would be identified by many organisations as 'common sense' topics which they would want to address in order to run their business well e.g. sales, design, purchasing, training, calibration of test equipment, control of records.

ISO 9001 is written by a committee (TC 176) and is designed for use in any type of organisation. This inevitably means that there are compromises in the wording of the Standard and some interpretation is often needed.

There are 8 sections in ISO 9001
1. Scope
2. References
3. Terms and definitions
4. Quality management system
5. Management responsibility
6. Resource management
7. Product realisation
8. Measurement, analysis and improvement

ISO 9001 Keys to Success
It is sections 4, 5, 6, 7 & 8 which contain the Requirements themselves and organisations wishing to be certified against ISO 9001 will need to demonstrate that they have addressed all of these requirements.

There are over 250 individual requirements in ISO 9001 that can be condensed into five key statements.

The organisation shall:
1. Determine the needs and expectations of customers
2. Establish policies, objectives and a work environment necessary to motivate people to satisfy these needs
3. Design, resource and manage a system of inter-related processes to implement the policy and attain the objectives
4. Measure and analyse the effectiveness of each process in fulfilling its objectives
5. Pursue the continual improvement of the system from an objective evaluation of its performance.

ISO 9001:2008 Approval
ISO 9001:2008 registration gives the organisation the benefit of an objectively evaluated and enforced quality management system. It is a tangible expression of a firm's commitment to quality that is internationally understood and accepted.

ISO 9001:2008 registration is carried out by certification bodies (registrars), accredited organisations that review the organisation's quality manual and working practices to ensure that they meet the Standard.

Using ISO 9001:2008
It is important that when an organisation is certified to ISO 9001, it is clear which aspects of the organisation are covered by the certificate. This is addressed through the Scope of Registration, and this must clearly identify what is included so as not to mislead.

It is a requirement that all elements of ISO 9001 must be addressed by the organisation. However, there are specific circumstances under which certain requirements of the Standard can be excluded, yet compliance with ISO 9001 still be claimed:

- Any excluded requirements do not affect the ability of the organisation to meet customer and regulatory requirements
- Any excluded requirements do not affect the ability of the organisation to provide conforming products or services
- Any excluded requirements must only come from section 7 (Product realisation) of ISO 9001. An example may be customer property. Clearly if a company never deals with such property then the requirement would not be applicable
The company's quality manual must also clearly identify why specific requirements of ISO 9001 have been excluded and the justification for that exclusion.

What 9001 is not
ISO 9001 is NOT a product Standard - it contains no product requirements. It is a series of generic requirements for quality management systems. Approval to ISO 9001 does not guarantee product or service quality. Customer focused leadership, not standards produce satisfied customers.

Approval to ISO 9001 demonstrates that you meet the minimum requirements of quality management.

How can we help?
Looking for ISO 9001 advice and interpretation?

Check out our Quality Manual: