Saturday, March 17, 2012

ISO 9001 Standard - ISO 9001 Standards



Friday, June 3, 2011

ISO 9001 Standards – Risks and opportunities

The first things to consider when we want to change a people intensive process are:
• What do the people involved fear? These are the risks – things that we must prevent.
• What do people hope for? These are the opportunities – things that we must strive to obtain.
In order to better understand risks and opportunities, we used a two-step approach. We started by interviewing two developers and one manager. The interviews were semi-structured in that we had a set of questions that we needed answers to but in
addition, we used follow-up questions to gain a better understanding of the answers to the predefined questions. The focus of the interview was on what they expected would happen if the company implemented an ISO 9001 certified process. Two typical examples of what came out of the interviews are shown below – one from a developer and one from a manger.
Manager: Implementing ISO 9001 will cost quite a lot. At the same time, the company will get a better overview of its competence, its experience and its document templates. ISO certification is an investment. We are, however, unsure of how long we have to wait before we can reap the benefits.
Developer: Some of the developers may have a negative attitude towards ISO certification because they are afraid it will hurt creativity. This is not only true for ISO 9001 standards but holds also for coding standards and other rules and regulations. Rules
and standards can take away all the fun from the job. In many ways this is the same attitude as we saw when we started to reuse components – many developers were afraid that they would not be allowed to develop things but just had to use “toy bricks”.
After the interviews we found that:
A. Everybody in the company – both mangers and developers – filled in the questionnaire.
The items in the questionnaire that got an average score of 5.0 or more were considered for risk and opportunity analysis. This gave us the following items:
• When we get ISO certified, we will have to generate more documents for each development project.
• It is important that all employees participate actively in the introduction of new processes, standards and procedures. This is consistent with e.g. Trittmann et al’s observation
• Active management participation is important in order to make the introduction of an ISO certified process a success.
• Active management support is important in order to make the introduction of ISO certification a success.
• An ISO certified process will lead to better working practices in the company in general.
Based on our findings, we identified the following risks that needed to be controlled throughout the implementation of the ISO 9001 certified process:
Risk 1: The introduction of new documents or additions to existing documents.
We decided that we should not make new documents except if absolutely needed.
Risk 2: Developer participation. The developers must be included at all steps in
the process. Their experiences and advices are important input to the new processes and procedures.
Risk 3: Management participation and support. Management must show their commitment by allocating money and time to the ISO implementation activities.
Opportunity 1: Better working practices. The changes in the development process must be considered to be improvements by the developers.
Management and developers are in agreement in the sense that everything the developers found important also was ranked high by management. There were, however, some cases where the two groups disagreed strongly – average score difference greater than 2.0. In all cases, management ranked these items higher than the developers.
The points are:
• Introducing an ISO certified process will cost a lot but will be a good investment – developers 3.3 vs. mangers 6.0
• Introducing an ISO certified process will give the company a better control over the order situation – developers 3.0 vs. mangers 6.0
• Introducing an ISO certified process will give us more satisfied customers already after one year – developers 3.2 vs. mangers 6.0
Management is more optimistic than the developers when it comes to business related issues such as order situation and customer satisfaction.

Read more on ISO 9001 Standards at http://www.iso9001store.com

Extreme Programming For ICT In ISO 9001 Standards

Extreme Programming represents a new wave in software development known as the approach. Tom de Marco, the father of structural analysis, calls Extreme Programming the most important movement in software engineering. The strong points of Extreme Programming in the ICT context are as follows:
– Risk minimization. ICT is developing very fast. To catch up with current developments it is necessary to make investments in new technologies and try new tools out. On the other hand, new tools and technologies are immature and one cannot depend on them. The best approach is to make some (preferably small) investment now and after some time invest more or give up, depending on the developments (it is like buying an option on the stock exchange). Extreme Programming is based on incremental software development and its suites the strategy very well.
– Customer orientation. In Extreme Programming all the business decisions are made by the customer and he has the full control over the development process.
– Lack of excessive paperwork. In Extreme Programming programmers concentrate on programming, not on writing documentation. The only artifacts they have to produce are test cases and code.
– Quality assurance through intensive testing. In XP programmers first create test cases then they write code. Automated tests and integration are performed several times a day and they drive the development process.
– Lack of overtime. Short releases and increments allow to gain experience very fast. This makes planning easier and more dependable. As a result programmer do not have to (always) work overtime.
Extreme Programming has also weak points. The most important are problems with software maintenance.
Since the only artifacts are test cases and code, after some time it can be very difficult to maintain the software. It would be also the problem from the ISO 9001 point of view. In the remaining part of the paper we propose how to solve that problem.

Read more on ISO 9001 Standards at http://www.iso9001store.com

Tuesday, June 29, 2010

Quality Management System Preliminary Gap Analysis


Quality Management System Preliminary Gap Analysis
Decide on a number from 0 to 5 for each item below. The scoring criteria are given in a table at the end. 1 to 5 Make notes to explain your score for future reference.
1. Have you established, documented, implemented and now maintain a Quality Management System (QMS) to any system including ISO 9001?
2. Have you identified the processes needed for your QMS and
a. the sequence of your production and service delivery processes,

b. the criteria and methods needed to ensure the processes are effective, and3. Do you have

c. have the resources and the information you need to support the processes?

d. a Quality Manual including your Quality Policy and quality objectives, and

e. written procedures and work instructions?

4. Do your records provide evidence that your business processes are effective?6. Has your Top Management communicated the importance of meeting customer and other business requirements to all the employees?9. Are your quality objectives measurable?

5. Is your Top Management committed to the development and implementation of a new QMS (i.e. based on the 2008 version of ISO 9001)?

7. Has your Top Management made a commitment to ensure your customers’ requirements are top priority?

8. Do your quality objectives include requirements for production and delivery?

10. Have the responsibilities and authorities of managers and employees been defined and communicated to them?

11. Does your management have the drive and resources needed

a. to implement, and maintain a QMS and continually improve its effectiveness, and

b. to enhance customer satisfaction by meeting customer requirements?

12. Does your organization have procedures to select competent personnel for work activities?

13. Does your organization provide training or take other action to help develop your people?

14. Does your organization provide adequate:

a. buildings, workspace and utilities,

b. process equipment, and

c. supporting services such as transport or communication?

15. When you receive a customer order do you review it for

a. requirements specified by the customer, including the delivery and post-delivery activities,

b. requirements not stated by the customer but necessary for specified use or known and intended use, and

c. statutory and regulatory requirements related to the product?

16. Do you inform your customers concerning

a. product information,

b. enquiries, contracts or order handling, including changes, and

c. channels for customer feedback and complaints?

17. Does your organization plan and control product design and development activities?

18. Does your organization maintain records of design or development review, verification and validation activities and resulting action?

19. Does your organization inspect or otherwise confirm that purchased products, materials, components and services conform to your specified purchase requirements?

20. Does your organization select suppliers depending on how important the purchased product is for production?

21. Does your organization evaluate suppliers (subcontractors or vendors) based on their ability to satisfy your requirements?

22. Do you ensure production has

a. the information that describes the characteristics of the product,

b. the necessary work instructions,

c. suitable equipment, and

d. the monitoring and measuring devices needed?

23. Does your organization regularly confirm that your production and service processes are capable of consistently meeting your requirements?

24. Are parts, components, subassemblies and products identified throughout production or service delivery?

25. Are monitoring and measurement requirements clearly shown with the status of the product?

26. Where traceability is a requirement, does production keep records of unique product identification?

27. Do you care for and protect customers’ property under your control or being used by your people?

28. Do you look after your product (including the parts or components) during both production and delivery to the customer, by providing suitable identification, packaging, storage, preservation and handling?

29. Do you have instructions needed to identify inspection or monitoring activities to be done during production or service delivery and the devices to be used?

30. Is your measuring equipment:

a. Calibrated or verified at specified intervals, or prior to use?

b. Adjusted or re-adjusted as necessary?

c. Identified to enable the calibration status to be determined?

d. Safeguarded from adjustments that would invalidate the measurement result?

e. Protected from damage and deterioration during handling, maintenance and storage?

31. Does your organization monitor customer information that shows you have satisfied customer requirements?

32. Does your organization conduct internal quality audits at planned intervals?

33. Does your organization use suitable methods to monitor and, where practical, measure the performance of your processes?

34. Does your organization inspect or measure the characteristics of finished products and record the results?

35. Does your organization identify nonconforming products and review them for disposition?

36. Does your organization collect and analyze data to assess the suitability and effectiveness of the QMS?

37. Does your organization use data to evaluate or identify where continual improvement of the QMS can be made?

38. Does your organization continually improve the effectiveness of the QMS?

39. Does your organization take corrective action to eliminate the causes of problems and to prevent their recurrence?

40. Does your organization determine and eliminate potential nonconformities in order to prevent their occurrence?

To score this table:

0 – You do not understand what is required or believe it is necessary

1 – Your organization does not perform this activity

2.- You understand this activity is a good thing to do but do not do it

3 – You do this sometimes

4 – You do this but not very well

5 – You do this quite well.

Add all the points together.

150 – 200

You are almost ready to complete your ISO 9001 QMS and apply for certification/

registration.

100 – 149

You are ready to implement the QMS. This will likely improve your business results.

0 – 99

You have a lot to do but should begin. You could consider seeking help from a

consultant or specialist.

Improve your performance management with new version of ISO 9001

A quality management system enables you to manage your business processes effectively:

it is much more than a set of rules and procedures. When properly implemented and maintained, a QMS addresses the needs of your organisation and delivers tangible business benefits.

The new version of ISO 9001 has recently been published. One of the main aims of ISO 9001:2008 is to facilitate integration with other standards. Although there are no new requirements as such, there are some key clarifications to be taken into account.

There are three main objectives to the new standard:

Detail, clarify, improve the understanding of ISO 9001:2000 (previous version)

Improve compatibility with ISO 14001:2004 Simplify the way in which ISO 9001 can be integrated with other management system standards (such as OHSAS 18001)

There are no new requirements in the new standard:

The title, scope, and structure of the standard are unchanged

The process approach is confirmed

Compatibility with the latest revision of ISO 14001:2004 is maintained and improved upon

Preservation of the quality management principles included in ISO 9000:2000

There are five main areas to note. The relevant sections of the standard are noted in brackets.

1. A reinforcement of the notion of product conformity

2. Compatibility with other standards is evolving

3. A better understanding of outsourced processes

4. An editorial clarification of some requirements – for instance;

A reinforcement of the notion of product conformity2.3.4.

An editorial clarification of some requirements – for instance;A better understanding of outsourced processesCompatibility with other standards is evolving

• (6.4) work environment, including an explanatory note on work environment giving examples,

to help meet product conformity requirements

• (8.2.1) measurement of customer satisfaction, including a note broadening the scope beyond

satisfaction surveys to include other channels such as customer feedback5.

• (Introduction) the notion of risk

• (5.5.2) appointment of a management représentative

• (6.2.2) assessing the effectiveness of achieving compétence

• (8.5.2 et 3) assessing the effectiveness of corrective and preventive actions?

Some additional explanations regarding the requirements of the standard;An editorial clarification of some requirements – for instance;A better understanding of outsourced processesCompatibility with other standards is evolvingA reinforcement of the notion of product conformity.

Saturday, October 10, 2009

Preparing ISO 9001 Quality Manual

Preparing ISO 9001 Quality Manual

The standard requires a quality manual to be established and maintained that includes the scope of the quality management system, the documented procedures or reference to them and a description of the sequence and interaction of processes included in the quality management system.

ISO 9001 defines a quality manual as a document specifying the quality management system of an organization. It is therefore not intended that the quality manual be a response to the requirements of ISO 9001. As the top-level document describing the management system it is a system description describing how the organization is managed.

Countless quality manuals produced to satisfy ISO 9001:2008, were no more than 20 sections that paraphrased the requirements of the standard. Such documentation adds no value. They are of no use to managers, staff or auditors. Often thought to be useful to customers, organizations would gain no more confidence from customers than would be obtained from their registration certificate.

A description of the management system is necessary as a means of showing how all the processes are interconnected and how they collectively deliver the business outputs. It has several uses as :

1. a means to communicate the vision, values, mission, policies and objectives of the organization

2. a means of showing how the system has been designed

3. a means of showing linkages between processes

4. a means of showing who does what an aid to training new people

5. a tool in the analysis of potential improvements

6. a means of demonstrating compliance with external standards and regulations

When formulating the policies, objectives and identifying the processes to achieve them, the manual provides a convenient vehicle for containing such information. If left as separate pieces of information, it may be more difficult to see the linkages.

The requirement provides the framework for the quality manual. Its content may therefore include the following:

1 Introduction

(a) Purpose (of the manual)

(b) Scope (of the manual)

(c) Applicability (of the manual)

(d) Definitions (of terms used in the manual)

2 Business overview

(a) Nature of the business/organization – its scope of activity, its products and services

(b) The organization’s interested parties (customers, employees, regulators, shareholders, suppliers, owners etc.)

(c) The context diagram showing the organization relative to its external environment

(d) Vision, values

(e) Mission

3 Organization

(a) Function descriptions

(b) Organization chart

(c) Locations with scope of activity

4 Business processes

(a) The system model showing the key business processes and how they are interconnected

(b) System performance indicators and method of measurement

(c) Business planning process description

(d) Resource management process description

(e) Marketing process description

(f) Product/service generation processes description

(g) Sales process description

(h) Order fulfilment process description

5 Function matrix (Relationship of functions to processes)

6 Location matrix (Relationship of locations to processes)

7 Requirement deployment matrices

(a) ISO 9001 compliance matrix

(b) ISO 14001 compliance matrix

(c) Regulation compliance matrices (FDA, Environment, Health, Safety, CAA etc.)

8 Approvals (List of current product, process and system approvals)

The process descriptions can be contained in separate documents and should cover the topics identified previously (see Documents that ensure effective planning, operation and control of processes ).

As the quality manual contains a description of the management system a more apt title would be a Management System Manual (MSM) or maybe a title reflecting its purpose might be Management System Description (MSD).

In addition a much smaller document could be produced that does respond to the requirements of ISO 9001, ISO 14001, and the regulations of regulatory authorities. Each document would be an exposition produced purely to map your management system onto these external requirements to demonstrate how your system meets these requirements. When a new requirement comes along, you can produce a new exposition rather than attempt to change your system to suit all parties. A model of such relationships is illustrated in Figure 4.10. The process descriptions that emerge from the Management System Manual describe the core business processes and are addressed in Chapter 4 under the heading of Documents that ensure effective operation and control of processes.

Scope Of The Quality Management System

Scope Of The Quality Management System

The ISO 9001 standard requires the quality manual to include the scope of the quality management system including details of justification for any exclusion. The standard addresses activities that may not be relevant or applicable to an organization. The permissible exclusions are explained in section 1.2 of ISO 9001. Here it states that the organization may only exclude requirements that neither affect the organization’s ability, nor its responsibility to provide product that meets customer and applicable regulatory requirements. The requirements for which exclusion is permitted are limited to those in section 7 of the standard.

Under ISO 9001:2008, it was possible for organizations to exclude functions and processes of their organization that may have been difficult to control or were not part of the order fulfilment cycle. Organizations that designed their own products but not for specific customers could escape bringing these operations into the management system. Marketing was omitted because it operated before placement of order. Accounting, Administration, Maintenance, Publicity, Public Relations and After Sales Support functions were often omitted because there were no requirements in the standard that specifically dealt with such activities. As there is no function in an organization that does not directly or indirectly serve the satisfaction of interested parties, it is unlikely that any function or process will now be excluded from the quality management system.

It is sensible to describe the scope of the quality management system so as to ensure effective communication. The scope of the quality management system is one area that generates a lot of misunderstanding particularly when dealing with auditors, consultants and customers. When you claim you have a management system that meets ISO 9001 it could imply that you design, develop, install and service the products you supply, when in fact you may only be a distributor. Why you need to justify specific exclusions is uncertain because it is more practical to justify inclusions.

The scope of the quality management system is the scope of the organization. There is no longer any reason to exclude locations, activities, functions or processes for which there is no requirement in the standard. The reason is because the ISO 9000 family now serves customer satisfaction and is not limited to quality assurance as were the 1994 versions of ISO 9001, ISO 9002 and ISO 9003.

It is not appropriate to address exclusions by inserting pages in the manual corresponding to the sections of the standard and adding justification if not within the scope of the management system – such as ‘We don’t do this!’.

It is much more appropriate to use an appendix as indicated previously in the manual contents list. By describing the nature of the business, you are establishing boundary conditions. If in doing so you do not mention that you design products, it will be interpreted that design is not applicable.

For exclusions relative to detail requirements, the Compliance Matrix may suffice but for an unambiguous solution, it is preferable to produce an exposition that addresses each requirement of the standard.