Quality Management Systems Training for SMEs Leonardo da Vinci Project
GUIDELINES FOR THE IMPLEMENTATION OF A QUALITY MANAGEMENT SYSTEM SYSTEM (QMS), ACCORDING TO THE ISO ISO 9001:2008 STANDARD, TO SME’S.
This book was produced in the framework of Leonardo da Vinci project “Small Business Quality Management Systems”. This project was carried out with the support of the Commission of the European Community.
The content of this book does not necessarily reflect the position of the Europe European an Commun Community ity or the Natio National nal Ag Agenc ency, y, nor does does it invoke invoke any responsibility on their part.
2
TITLE: ISO 9001:2008 APPLICATION GUIDE
CHAPTER 1.INTRODUCTION......................................................................................................................... 7 1.1. CONTEXT......................................................................................................................................................... 7 CHAPTER 2.GENERAL............................................................................................................................ ........ 9 2.1. THE SENSE OF THE WORD “QUALITY ” ................................................................................................................. 9 2.2.THE DEVELOPMENT PHASES OF QUALITY : CULTURE, PRINCIPLES AND METHODS.......................................................... 10 2.3.QUALITY MANAGEMENT SYSTEM....................................................................................................................... 13 2.4.WHY THE IMPLEMENTATION OF A QUALITY MANAGEMENT SYSTEM? ..................................................................... 14 2.5.THE ISO 9000:2008 STANDARD...................................................................................................................... 14 CHAPTER 3.APPLICATION OF THE STANDARD ISO 9001 IN SMES.................................................... 16 3.1.SME............................................................................................................................................................. 16 3.1.1.EU DEFINITION............................................................................................................................................. 16 3.1.2.THE HIDDEN GIANTS...................................................................................................................................... 17 3.2.IMPLEMENTING THE ISO STANDARD................................................................................................................... 21 3.2.1.WHAT SHOULD ISO ( NOT) BE ABOUT.............................................................................................................. 21 3.2.2.MANAGEMENT PRINCIPLES .............................................................................................................................. 21 3.2.3.ISO IN SMES - SOME CHARACTERISTICS HAVING IMPACT ................................................................................... 25 3.2.4.R EALIZATION OF ISO REQUIREMENTS AND DIFFERENCES BETWEEN SMES AND LARGE E NTERPRISES........................27 CHAPTER 4.THE STANDARD ISO 9001:2008 ............................................................................................ 38 4.1. I NTRODUCTION .............................................................................................................................................. 38 4.2.CHARACTERISTICS AND CONTENTS OF ISO 9001:2008 STANDARD......................................................................... 38 4.3.OTHER RELATED STANDARDS ............................................................................................................................ 40 4.4.QUALITY MANAGEMENT SYSTEM (CLAUSE 4)..................................................................................................... .40 4.4.1.GENERAL R EQUIREMENTS (CLAUSE 4.1)............................................................................................... ........... 41 4.4.2. DOCUMENTATION R EQUIREMENTS (CLAUSE 4.2).............................................................................................. 45 MANAGEMENT R ESPONSIBILITY (CLAUSE 5)............................................................................................................... 49 4.5.1. MANAGEMENT COMMITMENT (CLAUSE 5.1) .................................................................................................... 49 4.5.2. CUSTOMER FOCUS (CLAUSE 5.2).................................................................................................................... 50 4.5.3. QUALITY POLICY (CLAUSE 5.3) .................................................................................................................... . 51 4.5.4. PLANNING (CLAUSE 5.4) .............................................................................................................................. 51 4.5.5. R ESPONSIBILITY, AUTHORITY AND COMMUNICATION (CLAUSE 5.5).................................................................... .51 4.5.6. MANAGEMENT R EVIEW (CLAUSE 5.6)............................................................................................................. 52 4.5.R ESOURCE MANAGEMENT (CLAUSE 6)............................................................................................................... . 53 4.6.PRODUCT R EALISATION (CLAUSE 7).................................................................................................................... 54 4.7.1. PLANNING OF PRODUCT R EALIZATION (CLAUSE 7.1)........................................................................................ .56 4.7.2. CUSTOMER -RELATED PROCESSES (CLAUSE 7.2)............................................................................................ .... 57 4.7.3. DESIGN AND DEVELOPMENT (CLAUSE 7.3).................................................................................................... .. 58 4.7.4. PURCHASING (CLAUSE 7.4).................................................................................................................. ......... 59 4.7.5. PRODUCTION AND SERVICE PROVISION (CLAUSE 7.5) ....................................................................................... .60 4.7.6. CONTROL OF MONITORING AND MEASURING DEVICES (CLAUSE 7.6)....................................................... ...........62 4.7.MEASUREMENT, A NALYSIS AND IMPROVEMENT (CLAUSE 8).............................................................................. ..... 63 4.8.MINIMUM R EQUIREMENTS ACCORDING TO ISO............................................................................................. ...... 67 4.9.PERMISSIBLE EXCLUSIONS ................................................................................................................................ 68 CHAPTER 5.STEPS TO IMPLEMENT A QMS ............................................................................................ 69 5.1.STEPS TO DECIDE ............................................................................................................................................ 69 5.1.1.DECISION TO IMPLEMENT A QMS................................................................................................................. .. 69 5.1.2.FIRST PLANNING OF RESOURCES ...................................................................................................................... 70 5.1.3.EXTERNAL CONSULTANTS .............................................................................................................................. 70 5.2.FIRST SELF ASSESSMENT.................................................................................................................................... 71 5.3.DETAILED IMPLEMENTATION PLAN...................................................................................................................... 73 5.4 DEVELOPMENT OF QM HANDBOOK ................................................................................................................... 75 5.5 DESIGN OR CHECK UP OF PROCESSES .................................................................................................................. 76 5.6 FINAL IMPLEMENTATION – QMS KICK OFF.......................................................................................................... 78 5.6.1.TRAINING.................................................................................................................................................... 78 5.7 I NTERNAL AUDIT ............................................................................................................................................ 79 5.8 EXTERNAL AUDIT ............................................................................................................................................ 81 5.8.1.CERTIFICATION BODY ................................................................................................................................... 81 5.8.2.THE CERTIFICATION PROCESS .......................................................................................................................... 82 5.9 CONTINUAL IMPROVEMENT ............................................................................................................................... 83 CHAPTER 6.ADDITIONAL REQUIREMENTS ........................................................................................... 85 6.1. MANAGEMENT SYSTEM STANDARDS................................................................................................................... 85 6.2.EUROPEAN DIRECTIVES AND TECHNICAL STANDARDS ...........................................................................................88 4
CHAPTER 7.GLOSSARY................................................................................................................................ 89 BIBLIOGRAPHY............................................................................................................................................. 93
INDEX OF TABLES Table 3.1 Recent development in SME perception in EU Table 3.2
16
The ISO-related differences between SMEs and large
enterprises in a nutshell
27
Table 4.1
43
Records required by ISO 9001:2008
Table
4.2 Audit list (abridged and artificial version)
56
INDEX OF FIGURES Figure 3.1 European enterprises by size
16
Figure 3.2 Issued ISO 9000 certificates, world total
17
Figure 3.3 Distribution of issued certificates among world regions (2007) 17 Figure 3.4 Share of certificates of conformity to ISO 9001:2008 on ISO 9000 total
18
Figure 3.5
M
processes according to the eight ISO 9000 principles
21
Figure 4.1 Process map of a construction company (artificial)
37
Figure 4.2
Artificial example of process flow
chart
38
Figure 4.3 Some of the 7 quality tools
39
Figure 4.4 Typical QMS Processes Figure
49 5.1
Example of a first assessment checklist
62
Figure
5.2 Example of a strengths and weaknesses analysis
63 5
Figure
5.3 Force Field Analysis
Figure
63 5.4
Example of an implementation plan with milestones
64
Figure 5.5
QM
Handbook Hierarchies
66
Figure 5.6 SIPOC method
67
Figure 5.7 Example of a process map 68
6
CHAPTER 1. 1.1.
INTRODUCTION
Context
During the last decades enterprises made an effort to achieve quality as a measure to increase their competitiveness. This quality goal was usually achieved by trial and error, costing, to enterprises, a great deal in terms of time and money, not to mention the effect on clients, in the cases of error. To organise the procedure of obtaining and maintaining quality, a series of international standards were created in the form of ISO model. This way the improvement of quality could be obtained through standard procedures already tried and tested in many other enterprises. The whole procedure very often includes reengineering of the company and, in every case, training of the personnel. The revision of the standard in 2008 version imposes more obligations.
The achievement of quality
The power of SMEs in Yet SMEs, which represent an important percentage of the total Europe
enterprises power in Europe, have complained that implementing the ISO 9000 was expensive, as it required additional staff and paperwork. They also complained that its demands were irrelevant to SMEs operational dimensions. Companies are facing new challenges due to the more dynamic economic situation. Markets appear and vanish within short periods of time and customers show growing expectations about the quality of delivered goods and services. Responding to these facts, many industrial sectors, principally the automotive industry, have decided to implement generally accepted quality management tools which lead, finally, to the establishment of quality management systems (QMS) after e.g. ISO, VDA or QS standards. An undoubted advantage of such a procedure is not only a support function for the systematic way of managing quality relevant issues within their own organisation but also the knowledge that a supplier who fulfils the criteria of such an accepted QMS – i.e. the organisation is certified to such a standard - stands for high quality products and services. The supplier selection process was massively supported by the emerging certification activities and in some areas it has even become a minimum criterion for it. Large companies, especially, began to get certified to ISO 9000 standards whereas more and more small and medium sized enterprises have decided to choose this way within the last few years. Therefore a lot of enterprises require from their suppliers and their subcontractors certification at ISO-9001 and application of quality processes, while in certain sectors the certification is imposed by the national legislation. Furthermore clients are becoming active participants in requiring certified products and providers.
The lack of educational material and tools for SMEs
Consideration of branche specific situations / Internal and external reasons for implementing a QMS
7
Criteria, if for implementing a QMS, can be subdivided mainly into two different groups: internal aspects e.g. internal quality improvements like reduction of rework or cost savings and external aspects e.g. lower reclamation rate, better image, differentiation via long term quality strategy. Another reason for implementing a QMS is that it can be required by the customer (but it must not be the only reason!). Educational programs and educational materials are then necessary. The majority of them address large enterprises and there is a lack of educational material and tools specially designed for small enterprises with practical guidelines that can help on the implementation of ISO-9000 without bureaucratic procedures. Moreover, even if the requirements of ISO-9001 are single, their way of application varies between the enterprises with different objectives, sectors and methods of operation. Some professional organizations have already proposed guidelines to explain how to adapt the general requirements of ISO-9001 to their own case; but, in general, those tools do not address the specific needs of small enterprises.
8
CHAPTER 2. 2.1.
GENERAL
The sense of the word “Quality”
The word "Quality", being an abstract concept, can have many The many
different definitions, such as "essential and distinguishable attribute of someone or something " or "feature defining the individual nature of something"; these are just some of the many definitions of the entry "Quality" that one can find in the dictionary.
different definitions of word “quality”
A traditional meaning - but nowadays quite old fashioned - is "conformity to specific requirements". This acceptation matches Quality as the concept of quality directly to the features of the feature product/service itself (Quality as feature), emphasizing its fulfilment. In this sense, the quality implies that the requirements of the production process are clearly specified and entirely respected, without any guarantee that these requirements will respond to customer expectations, who is not necessarily taken into consideration. On the contrary, the current concept of “quality” of any Quality as product/service implies the skills to understand the user’s need, value and through the precise determination of the requirements, its fulfilment. This acceptation –underlining “the adequacy to usage” (Quality as value) focuses on user’s needs. With the acceptation of Quality as “value”, many definitions of the word “quality” have been elaborated, and two of these are particularly important: Quality means “higher costs”
1. “Quality” intended as the features of the products meeting customer needs and determining his satisfaction. In this sense, the meaning of quality is oriented to profit. The goal of a better quality is to enhance customer satisfaction, and finally, to increase the profit. As increasing or improving quality involves money investments, we have also an increase on costs. In this sense, Quality means “higher Quality means “lower costs” costs”. 2. “Quality” intended as absence of flaws and errors which require repairing activities which usually bring to market The ISO shares loss, customer discontent and so on. In this sense 9000:2000 the word “quality” is oriented to costs and better quality definition means “lower costs”. Finally, ISO 9000:2008 defines the word “quality” as: "degree to which a set of inherent characteristics fulfils requirements”. It must be specified that (explanatory notes in the regulations): - "the term quality can be used with adjectives such as poor, good or excellent; while the term “ inherent means existing in something, especially as a permanent characteristic”.
9
2.2.
The development phases of Quality: culture, principles and methods
The origin of the problems related to Quality can be associated to the beginning of “trade” activities . It is a
very old concept, strictly related to the establishment of the market itself with its main characters: the buyer-user and the seller-producer. In time, the meaning of “quality” has undergone different relevant evolutions, which have often changed its common meaning. Let us concentrate on the main acceptations of “quality” developed during the 20th century. After the First
In the years preceding the First World War there was a
World War
strong difference between “quantity” and “quality”, the former considered as belonging to production, the latter to the product final testing. Quantity is the main goal while quality is considered as one of many possible factors for success. Sometimes the buyer himself follows the production process and Between 1935 and 1945 performs the final tests.
Between 1935 and 1945 the so-called Quality Control
activities (QC) are generated. They are the set of actions which permits to point out and measure the product features, comparing them to formerly specified parameters. In these years the perspective changes, but the idea to intervene in the production process in order to guarantee the conformity of the product to the project itself, remains unchanged; actually, the production is deeply analysed and checking phases are included to guarantee the quality of the final product. In the 50s Servicing companies are still not included in this Quality management method, because the “service” is not considered a measurable and valuable result.
In the 50s the approach to Quality is greatly modified and
gradually the idea is spread that no business activity can be totally separated from the other ones. Consequentially, successful results can be obtained only thanks to the integration and coordination of the many different company departments. In In the 60s these years the Total Quality (TQM) approach is born in the USA. The QC is still bound to each single activity and it doesn’t control the entire structure yet: however, the trend extends Quality control concepts to the organization and planning phases.
In the 60s the concept of Quality is newly modified and
systematically operates on both production process and product itself, the so-called Quality Guarantee (QG). QG is a management system which considers the integration of several activities, whose strong connections contribute to determine the quality of the product itself. Activities such as action planning, staff training, records filing and management, 10
adjustment actions, etc. The most relevant innovations of the QG method, compared to the older approaches, are: - integrated approach to Quality management, considered
as part of the system, controlled by the entire organization, and most of all by the management; - immediate applicability to services; - attention to planning and activity recording; - widening
of planning and production to designing.
testing
concepts,
from
The difference between Quality Guarantee and Quality Total Management systems is basically on their different approaches: the former is static, the latter is dynamic. The Total Quality system puts Quality at the very first place among the business values and its goal is to improve its In the 70-80s relationship with its customers. The active orientation to Quality implies the introduction of innovative attitudes and differs from traditional approaches in three points: 1. improvement of quality as a continuing process; 2. improvement through fixed policies and goals; 3. education of the whole organization to Quality as a rule.
In the 70-80s the concept of Quality is also extended to
servicing companies. In “Quality in Services” we can distinguish two different approaches. The traditional approach is based on the identification of customer needs and expectations and the subsequent product design, the activation of Quality process (in terms of mistake reductions), control planning and its improvement. The other approach - the so-called “staff-oriented” approach asserts that a quality program should be based on a change of culture, values, attitudes of the whole personnel; its most important points are basically staff management and customer feedback. The starting point is the identification of the “product” offered by the servicing company and its features -in comparison with any manufactured product - such as: -
the product does not exist before purchasing;
-
the product cannot be stocked;
-
production and consumption happens in the same time;
11
-
the customer is involved in the production phase;
-
the product cannot be touched;
-
mobility of the service supply system.
The attention paid to services helps to change the perspective when facing problems regarding quality: the organization starts considering not only the “product”, but also all management and technical activities implied in the “product”, that is the business process. The process includes all the activities oriented to a final result, performed by different business units. Each of them adds a new value to the product, directly proportional to its integration skills and ability to work for targets. Managing for processes means highly supervising all the connections among different activities, identifying customer needs aiming to his satisfaction, and exploiting business outputs as the common target. Whoever is responsible for Quality starts investing in the “Quality System” concept, i.e. running the business aiming for Quality. The structure of a Quality system can be summarized as: 1. definition of the business and its goals 2. assignment of tasks and responsibilities 3. identification of means and staff 4. implementation and management of operative modalities through monitoring and checking According to Quality policy, the business is more and more oriented towards customer satisfaction and his needs become the organization target, at the lower organizational costs. Creating Quality means providing “internal quality” and “external quality”. “External quality” refers to the customer relationship modalities, and above all, the awareness of his needs, attitudes, expectations, how carefully his request is considered, how much care is given to the communication process (welcome, service and farewell), problem solving skills, and easiness in anticipating – if needed – his needs and wishes, offering services not explicitly requested. “External quality” also means the establishment of good relationships with suppliers, media, etc. as the corporate image contributes, in large measure, to the perception and determination of “external quality”. “Internal quality” refers to all that is related to worker’s 12
satisfaction and parameters such as: shifts, information circulation, time management, accomplished tasks feedback, and so on. Therefore, quality can be defined as conformity of the “service” to internal and external customer satisfaction. The 1990-2009 period is characterized by the increasing The 1990demand of “social quality” aiming to consumers, citizens and 2009 period
user’s satisfaction. The main goal is now the improvement of life quality, and all companies develop more integrated systems to manage quality, environment and safety. In this contest is set the SA 8000 standard (Social Accountability). The origin and development of this first standard on social responsibility is a world-wide recognized reference point. Its main goal is to eliminate unfair and cruel work conditions in all kind of business.
2.3.
Quality Management System
The “quality management system” is a wide concept and it can Definition be defined as a systemic set of management procedures used to monitor, check and improve the organization operative and financial performances, aiming to offer the best product/service at lower costs.
The management procedures constituting the “quality management system” include some activity subsets, respectively indicated as: “Quality assurance”, “Quality control” and “Quality improvement”. Quality assurance
“Quality assurance” (QA) activities aim to guarantee that all changes in the process are clearly identified and valuated. It also guarantees that all product/service specifications - necessary to satisfy both customer and product/service producer’s Quality requirements - are clearly fixed. control
“Quality control” (QC) is a process – also known as “quality statistical control” – which permits to valuate the performance of the current organization processes, individuating and performing the actions necessary to eliminate undesired performances. Thanks to this process QI standards can be fully respected. The activities to correct irregular products can be or not be included Quality improvement in QC environment. “Quality improvement ” is a systematic and continuing activity, which involves all business processes, aiming at high performances. Anyway, a “quality management system” must be based on policies aiming to reach high quality goals. Actually, all business actions reflect the management policy on fields such as finance, product/service typology, social problems, personnel safety and so on. Finally, a “quality management system” must be accompanied by a good “quality technology system”: technologies able to obtain, monitor, control and improve the quality of the product/service itself. 13
2.4.
Why the implementation of a Quality Management System?
The creation of a quality management system can help the organization to enhance customer satisfaction as well as of the other interested parties. Moreover, a well implemented quality management system provides the business with the structure to activate continual improvement actions. Customer
The increasing of customer satisfaction (CS) - as well as of satisfaction the other interested parties involved in production - and the and Continual activation of continual improvement (CI) are strictly linked to improvement
each other. Actually, considering the continuously changing customer needs and expectations, as well as competition and technical progress, the continual improvement of products and processes is an essential condition to remain in the market.
The increasing of people’s satisfaction and the activation of continual improvement can be obtained only if the organization considers some important principles, such as: Principle 1 Principle 2 Principle 3 Principle 4 Principle 5 Principle 6 Principle 7 Principle 8
The principles of CS and CI
Customer focus Leadership Involvement of people Process approach System approach to management Continual improvement Factual approach to decision making Mutually beneficial supplier approach
The ISO 9000:2008 standard
2.5.
ISO 9000 is a set of international standards published for the first The origin of time in 1987 by Geneva International Organization for the ISO 9000 Standardization (ISO). Firms can use these standards to individuate requirements necessary to maintain an efficient quality management system. For example, the standards indicate the requirements needed for the right calibration of measurement and testing equipment (e.g. of scales and weights) or to maintain an adequate registration system. The ISO 9000 standards are the result of an international agreement of “good management practice”, in order to guarantee products/services in line with customer quality expectations, through processes, management and control. ISO 9000 standards is a set of guidelines and requirements to implement and maintain a quality management system, The ISO 9000 applicable to any kind of public or private organization, series regardless of its activity and size. The ISO 9000 includes three main documents:
•
14
ISO
9000:2005,
Quality
management
systems
–
Fundamentals and vocabulary. •
•
ISO 9001:2008, Requirements.
Quality
management
systems
–
ISO 9004:2000- under revision, Quality management systems – Guidelines for performance improvements.
As the set of ISO 9000 - 2000 edition and up- includes only one model for quality management system (ISO 9001), the organization intending to implement a quality management system should determine which items of the standard they want to use for management actions and should develop its own system with those requirements. The organization can get an exclusion from the implementation of some clauses of the 7 th The current paragraph of the standard, if not applicable due to the nature of ISO 9000 the company. Design and development must be controlled and edition (2008) documented if applied by the company. The current ISO 9001:2008 edition being active from February 2009 on and the undergoing revision of ISO 9004 introduce minor only changes to the previous edition. The main ones have to do with: •
Rephrasing to improve consistency between the ISO 9000 series standards and those of ISO 22000 and ISO 14000.
•
Adding the concept of business environment and risk
•
Better definition of the control over outsourced processes
•
Upgrading statutory and regulatory requirements
•
•
•
•
Including the goal of managing the work environment needed to achieve conformity to requirements, this meaning physical, environmental and other factors Definition of personal data as a key example of type of customer property that have to be protected. Information systems as a key example of the type of support services that may impact conformity to product requirements, as an example of calibration (verification and configuration)) Making explicit reference to post delivery activities such as warranty provisions, maintenance services and supplementary services such as recycling of final disposal
A third – independent – part, the certification body certifies the conformity of the quality management system according to ISO 9001 standards. The certification will show the business processes area, which the certification has been requested for, as well as any other management actions foreseen in ISO 9001 regulations not considered by the organization under certification.
15
CHAPTER 3. APPLICATION OF THE STANDARD ISO 9001 IN SMES
Objective of The aim of this chapter is firstly to introduce briefly the SME chapter 3
phenomenon and its specifics and secondly to outline how these specifics affect the implementation of quality management system in a SME
3.1.
SME
Micro, small and medium-sized enterprises (SMEs) are socially and economically important, they represent 99 % of all enterprises in the EU and provide around 651 million jobs. Besides that, they are an essential source for entrepreneurial spirit and innovation. Since SMEs play a key role in the economies, the term SME is a frequently used one. However, there is not one single definition used by all, on the contrary: the criteria for a small and mediumsized enterprise can vary not only between different European countries, but even within one country, depending for example on the field of activity of the enterprise. Selective approach to SMEs (different criteria for being considered a SME depending on field of activity) can for example be applied as one of criteria for obtaining entrepreneurship support in various aid programs.
3.1.1. EU definition
To introduce one definition, we have chosen the SME definition of The EU, used apart from statistical purposes also to handle this EU definition economic phenomenon with respect to support schemes (especially state aid, Structural Funds and the Research and Development Framework Programme). In addition, the European definition gives us the opportunity to demonstrate, that the content of the term SME also undergoes changes in time. Since 1996 the following European description of a SME was used based on Recommendation 96/280/EC: to the group of SMEs count all enterprises with less than 250 employees, with the balance sum lower than 27 mil. EUR/year or the turnover per year max. 40 mil. EUR. At the same time the independency requirement has to be fulfilled (not 25% or more of capital or votes may be owned by one enterprise or a group of enterprises, not matching with the SME definition).
1
Compare (http://europa.eu.int/comm/enterprise/enterprise_policy/sme_definition/index_en.htm)
16
Since the economic development has been considered as relevant for the position of SMEs, the criteria have been revised and a new definition published by Recommendation 2003/361/EC in May 2003. It will be applied as of 1 January 2005. 2 While the headcount requirement remains the same, there are changes regarding the turnover an balance sheet sums:
Table 3.1
Recent development in SME perception in EU
Enterprise category
Mediumsized enterprise
Small enterprise
Micro enterprise
‘96-‘04
’05-
‘96-‘0 4
’05-
‘96-‘0 4
’05-
< 250
< 250
< 50
< 50
< 10
< 10
Turnover max. (mil. EUR)
40
50
7
10
-
2
Balance sheet total (mil. EUR)
27
43
5
10
-
2
Headcount
According to EC, the main aim of the increase of the financial ceilings is to avoid penalizing enterprises that invest. While the increase is significant in percentage terms, it should not affect the number of SMEs on the market. From an economic point of view, it is neutral since it takes account of subsequent price and productivity increases while maintaining the staff ceilings.
3.1.2. The hidden giants
As stated in the introduction to this chapter, SMEs play a key role SMEs – in our economy. Sometimes they are even called the hidden hidden giants or the real giants of the European economy , since large giants enterprises form only 1 % of the total number of enterprises. More than that, 93 % of all enterprises are micro enterprises (0-9 employees)3.
2
On 6 May 2003 the Commission adopted a new Recommendation 2003/361/EC regarding its SME definition (replacing Recommendation 96/280/EC). For more information please see: http://europa.eu.int/comm/enterprise/enterprise_policy/sme_definition/index_en.htm. 3 SMEs in focus. Observatory of European SMEs 2002, European Communities, 2002 17
medium-sized 0,8% small 6,0%
large 0,2%
micro 93,0%
Figure 3.1 European enterprises by size
(Source: SMEs in focus. Observatory of European SMEs 2002; EC, 2002)
Two thirds of all jobs (private non-primary sector) are in SMEs, split up roughly equally between micro enterprises, small and medium sized. The size-class distribution of employment, ISO however, differs, between countries. Very important is also, that certification SMEs create - unlike large enterprises - a net increase of job opportunities. The strong position of SMEs, especially micro enterprises can be considered specific for Europe: an average European enterprise employs 6 people, while a Japanese 10 and an American 19 people. Therefore SMEs account only for 33 % of employment in Japan and 46 % in USA whereas in EU for 66 %.4 Europe’s private sector jobs are in: Employment by firm size
When linking the important market position of SMEs in Europe to the importance of ISO implementation three figures might be interesting: world total of ISO 9000 certificates which shows a constant increase, •
4
idem
18
Figure 3.2 Issued ISO 9000 certificates, world total (Source: http://www.iso.org/iso/survey2007.pdf)
•
distribution of issued certificates among world regions, which proves the strong emphasis laid on ISO
certification in European countries,
19
Figure 3.3 Distribution of issued certificates among world regions (2007) (Source: http://www.iso.org/iso/survey2007.pdf) •
number of certificates issued to the revised standard ISO 9001:2000 (which replaces the 1994 versions of ISO
9001, ISO 9002 and ISO 9003), which more than tripled in 2002 in comparison to 2001 and represented nearly 30 % of the overall ISO 9000 total at the end of 2002
ISO 9001:2000 167 210 29,8%
ISO 9000 (1994 + 2000versions) 561 747 70,2%
Figure 3.4 Share of certificates of conformity to ISO 9001:2000 on ISO 9000 total (2002) (Source: http://www.iso.ch/iso/en/iso900014000/pdf/survey12thcycle.pdf)
Even if the extent of this manual does not allow us to go deeper 20
in on the issue, the high share of Europe in issued ISO certificates together with the overwhelming majority of European enterprises being SMEs and the high acceptance of the new standard let us expect a high potential of QMS implementation according to ISO 9001:2000 in SMEs in Europe.
3.2. Implementing the ISO standard 3.2.1. What should ISO (not) be about
Depending on the size of the enterprise, the implemented quality management system should not draw up something, that would be totally different from how the organization conducted its business until now. Please notice, that all enterprises already have a form of management system and possibly already fulfill some of the standard’s requirements, even if they have not, as yet, necessarily defined and documented how they do it. The aim of the ISO standard is definitely not to impose a totally new management system or to force the owner to change existing management activities.
The “sense” of QMS implementatio n in a SMEs
On the contrary, implementing a quality management system according to ISO 9000+ should be understood as a strategic mean to control the business, monitor what is going on and which areas should be focused on. All requirements of the standard should be applied with insight and commitment. The quality management system should, to a maximal extent, implement modes already existing in the enterprise and in addition proved, known and used by employees. Only then can the enterprise fully benefit from implementation of the quality management system – it can improve internal processes and serve as a tool for excellent market performance. 3.2.2. Management principles
In an SME as well as in a large enterprise the company management consists of several mutually dependant factors, such as management of human resources, supplier - purchaser relationship, financial management, marketing, production/services management, safety management, environmental management etc. The eight The ISO 9001:2008 standard covers in different clauses the whole management management diversity outlined above. Before implementing the principles of ISO 9001:2008 standard even in small and medium-sized enterprises the top management should first of all get acquainted with the eight management principles, the standard builds on, namely: Principle 1 Customer focus Principle 2 Leadership Principle 3 Involvement of people Principle 4 Process approach Principle 5 System approach to management Principle 6 Continual improvement Principle 7 Factual approach to decision making 21
Principle 8
Mutually beneficial supplier approach
Despite the fact, that these eight principles are not explicit mentioned in the ISO 9001:2008 standard, they provide a framework for implementation of good management practice. To make you aware of that we have linked the principles with different fields of management activities, discussed in individual clauses of the standard. It regards e.g.:
ensuring resources for human resources development, development and maintenance of infrastructure and improvement of the work environment, effective involvement of employees in processes (principle 2 and 3), ensuring credible information, so that top management can define the basic long-term orientation of the company – quality policy, setting concrete short-term measurable tasks – annual quality objectives for lower management (coming out of principles 1, 2 and 3), concluding commercially and technically clear contracts for products/services (principles 1 and 4), ensuring economically convenient, high-quality inputs for the main activity (principle 8), controlling own activity – concerning main processes of production or providing services the ISO 9001 methodology ensures an adequate level of documentation of relevant production and control procedures and instructions, compliance with operational practice, proper way to handle controlled documentation, identification and retrospective traceability (principle 4), ensuring outputs of main processes, thus products or services of such a quality, that meet customer’s requirements (principle 1); the level of customer’s satisfaction is proved by gathering and evaluating information and by implementing measures, resulting from the evaluation (principles 4 a 7), development of continual improvement program, being at the same time an effective management tool and a means to activate employees; it includes internal quality controls and transparent, consequent corrective and preventive actions (principle 6). The two main management
The principles of process and system approach (4 and 5) areas illustrate two aspects: firstly the importance of links between single processes and secondly the importance of links between processes, resources (financial, qualified employees, infrastructure, work environment, information) and conditions (framework outlined through requirements of interested parties). At the same time active participation of the organization is required while executing changes and improving the knowledge level of employees, both being pre-requisites for continual improvement (principle 6). Decisions are based on facts – results of tests and analyses (principle 7). Other key factors - attitudes, 22
motivation and competence of employees are more or less included in all eight principles. Summarizing, the eight principles for quality management outlined above can be divided into two main management areas: 1. process management - applying process and system principles, implementing tools and attitudes of company’s management (principle 4 and 5, further 1, 6, 7 and 8), 2. human resources management – implementing tools in order to form attitudes systematically, to increase work ability and to create an environment supporting effective and efficient functioning of human factor (principle 2 and 3, but also 1, 6 and 7).
While providing management in both these fields, the new ISO 9000:2008 standard stresses evidential care for compliance with superior laws and standards, related to the main product.
23
CUSTOMER 1
4
8
S U P P L I E R R E L A T I O N S
E N V S A I R F O E N T M Y E N R T I S K S
M A R K E T I N G
F I N A N C E
H U M A N R E S O U R C E S
4 2 processes-resourcesconditions 2-3 leadership and management 1-8
commitment attitudes ability of managers, employees
1-8
5
CHANGES MANAGEMENT
KNOWLEDGE MANAGEMENT
6
CONTINUAL IMPROVEMENT of system, processes, resources
7
USING FACTS information, data, knowledge
Figure 3.5 QM processes according to the eight ISO 9000 principles: 1 Customer focus, 2 Leadership, 3 Involvement of people, 4 Process approach, 5 System approach to management, 6 Continual improvement, 7 Factual approach to decision making, 8 Mutually beneficial supplier approach
24
3.2.3. ISO in SMEs - some characteristics having impact
Even if there is a single ISO 9001:2008 standard and so is the set of requirements on quality management system, there are some differences in the character of SMEs and large enterprises having influence on the implementation. Some of the differences bring about an easier start for SMEs, generally they ask for special attention. Within the group of SMEs micro and small enterprises have an even more specific position. Therefore the two groups will be dealt with separately. Medium-sized enterprises (50 to 250 employees)
When implementing a QMS each member of the company must be aware of the importance of this step and must be motivated to contribute. Because of their smaller size, it is less difficult for the quality manager of a medium-sized enterprise to involve everyone than it is in large enterprises.
The specifics of medium sized enterprises related to ISO implementatio n
Furthermore, compared to large enterprises medium-sized enterprises may have a more plain organizational structure, run a lower number of processes liable to QMS and can manage with more simple communication tools. This might lead to a significant reduction of system documentation. On the other hand, the number of employees and the level of complexity of the enterprise usually result (different than in micro and small enterprises) in an - at least partly - documented system of conducting business, so that there is a certain base to build on when working out the quality documentation. Another specific resulting from the company’s character is a usually emphasized customer focus. Since market potential of medium sized enterprises is limited compared to the possibilities of large enterprises or chains, they can be considered rather dependent on certain customers (big, important, regionally present), but in some aspects also strong supplier-dependent. The specifics Therefore these enterprises mostly care for good supplier – of micro and purchaser relationship. small enterprises related to ISO implementatio The obvious advantage of micro and small enterprises is that n
Micro and small enterprises (up to 50 employees)
they are quite often family-related businesses with a director at the head, who usually is the owner as well. Consequently, he/she is directly motivated to lead the company towards prosperity, to satisfy old and to attract new customers. The customer focus is in general additionally strengthened since micro and small enterprises operate usually in regional markets and are in contact with an often limited number of customers and suppliers. A consequent care for good supplier – purchaser relationship is thus a precondition to survive. The informality of the management brings a further advantage: the director/owner gives oral indications on who does what and 25
how and thus gives constant guidance, checks and controls the quality of the product/service, the others follow the instructions. The small size and informal management make it easier to motivate everybody within the company for the QMS. In general, all enterprises have an established way or system of conducting business. As explained above, in micro and small enterprises informality is quite effective, however, it is rarely documented. In connection with lack of documented procedures and processes the quality documentation usually has to be worked out from scratch. Micro and small enterprises have a very plain organizational structure and can manage with few, simple communication tools. This results in a significant reduction of system documentation. On the other hand, the unavoidable accumulation of functions requires multi skilled employees together with a well-advised definition of authorities and responsibilities, not forgetting a focus on communication, its content and the way of documenting it. Another difference between micro and small enterprises on one hand and medium sized enterprises and on the other can consist (but not necessarily) in the number of management processes, where all management effectiveness requirements are consequently applied, including stated measurable indicators helping to follow the effectiveness trends.
26
3.2.4. Realization of ISO requirements and differences between SMEs and Large Enterprises
In the previous chapter some characteristic aspects have been appointed, having impact on ISO implementation in SMEs. Please find here an overview of areas which are considered specific, enriched by the findings resulting from the Correspondence table, enclosed further on in this chapter. SMEs vs. large
First of all some specifics of the ISO implementation result enterprises directly from the very nature of SMEs, such as the character of: •
•
informal, directly motivated, plain organizational structure, requires good definition of responsibilities/authorities management
-
personnel - few, multi skilled, cumulated functions, not
responsible exclusively for QMS •
documentation - lack of documented procedures
•
communication - simple form and tools
•
supplier-purchaser relations, customer focus - more
depending on certain subjects, regionally limited •
processes – lower number, structure rather simple
Further, from the correspondence table some additional trends emerge as significant for the implementation of individual clauses and specific requirements in SMEs. To summarize the Group vs. most obvious ones:
individual
Group vs. individual
Where in a large enterprise a management meeting and group decision is needed, in an SME the responsibility often lies with the owner/managing director - clauses 5.1 Management responsibility and 5.6 Management review mirror clearly this aspect. Long-term vs. short-term
Dealing clauses 5.4 Planning, 6.1 Provision of resources, 6.3 Long-term vs. Infrastructure, 7.1 Planning and product realization etc. there short-term has been stated a strong emphasis on short-term planning by SMEs respecting the cash-flow development. This can be partly explained by the dependence on individual orders. Shifting outside Shifting
While in a large enterprise some activities and inputs are outside provided internally, in the case of a SME they are substituted by activities/inputs delivered from outside. Consider e.g. clause 7.4 Purchasing where input control tests are often replaced by output control results and certificates from supplier. Similar by 7.3 Design and development carried out by customer or 7.5
27
Production and service provision often based on customer’s documentation. Last but not least, sometimes 8.2.2 internal audits cannot be provided by trained employees – internal auditors, because of their low number and thus possible conflict of interests. Cumulated responsibilities
Cumulated responsibilitie s
Where in a large enterprise selected employees are appointed and trained to carry responsibility for a certain activity, in SMEs this task has often to be executed by somebody with other cumulated functions – consider e.g. 5.5 Responsibility, authority, communication with no quality manager being a member of top management such as in large enterprises but with the managing director being usually responsible for the implementation or 7.6. Control of monitoring and measuring devices with responsibility for compliance of the devices with laws on metrology automatically lying with the managing director when there is no other management member appointed. (It must be added; that the extent of the accumulation depends on the sector the company is operating in and by production companies even on the type of production and quality controls required.) Flexible extent
Flexible extent
Another new thing about ISO 9001:2008 standard is, that it enables the enterprise to fulfill a requirement “in an adequate way” (to a certain extent), which was not possible by e.g. standards in automotive industry. This approach means that e.g. by 4.2 Documentation requirements the complexity of quality documentation will be lower in SMEs as well as its quantity, that extent and amount of information gathered in the frame 8.2.1 Customers satisfaction will differ in SMEs and large enterprises or that in the frame of 8.5 Improvement there might not be a separate Continual improvement program but concrete tasks resulting from periodic evaluation based on quality objectives. Alternatively, it has to be stressed that the ISO 9001:2008 standard will not „forgive“ the SME anything simply because “it is small“. Exceptions in the sense of letting out are possible only by requirements, discussed in clause 7. Product realization. And even then possible exceptions are available to all kinds of enterprises (not depending on size), the eligibility of every exception has, however, to be justified. Hereby a simple rule can be applied: no requirements affecting quality of the product/service may be excluded. Correspondence table
The requirements of the ISO 9001:2008 standard are defined in clauses 4 till 8. In this chapter and in the previous one (3.2.3 ISO in SMEs - some characteristics having impact ) we have outlined some differences between SMEs and large enterprises, which can affect the implementation of the quality management system. The table below links these differences together with the requirements of the standard (clauses 4-8) and gives you an 28
The differences between SMEs and large enterprises related to the ISO requirements
easy to use overview of those requirements, which may require a particular approach when implementing the standard in a SME. The correspondence table is drawn up according to clauses and requirements of the ISO 9001:2008 standard.
29
Table 3.2 The ISO related differences between SMEs and large enterprises in a nutshell ISO 9001:2008 standard – Correspondence table
Clause
Large enterprise
4.
Quality Management System
4.1
General requirement s
4.2
Comments
Quality management system has to be established, documented, implemented, maintained and continually improved in accordance with requirements of ISO 9001:2000.
If an organization will claim or imply conformity to ISO 9001:2008, then it may not exclude from its QMS requirements that do not meet the criteria stated in clause 1.2 Application of the standard. Documented statements of quality Documented statements of quality Quality policy is the basic unifying Documentati policy and quality objectives. Threepolicy and quality objectives document declaring the needs of the on enterprise and its customers; it should requirement level documentation (quality manual, Two-level documentation (Quality regulations, work instructions). include a long-term vision s manual and work instructions). High number of users = high number Obligatory regulations broadly Quality objectives have to set up of copies, partial documentation discussed in the Quality manual concrete milestones on the way to fulfill centres, voluminous system Low number of users = low number of the vision documentation, usually electronic copies, one documentation centre. Quality manual – by SMEs the most version (intranet), hypertext links, suitable way to describe the interaction Form more simple, e.g. Quality manual links to related documents, forms etc. in form of one file folder with all related between processes of the QMS may be Documents and records have to be the graphical one; in some cases process documents including example forms controlled. cards or hyperlinks in electronic used for records etc. documents may be advised Documents and records have to be controlled. The ISO 9001:2008 edition previews that a single document may include the requirements for one or more procedures.
5.
Management responsibility
5.1
Managemen Management usually consists of t several responsible employees – commitment (managing director, directors
specialists). The company’s owner may stay outside QMS (stock corporation).
30
SME
Owners as managing directors directly control the company. A specific case is a one-owner-company, where the management is executed directly by the owner, who does not need a “management meeting” to make strategic decisions.
By SMEs this field is quite often left out. But even in their case, the management has to specify its vision and long-term intentions related to the business subject, own optimal product and its presentation on the market. The intention of a SME can be e.g. to become partner of a certain client (supplier of an automotive industry or electroengineering subject), in the case of commerce or services e.g. to be
5.2
Customer focus
Usually, information source for the company’s orientation is own marketing. Customer’s needs are to be understood as market potential – having identified it prevents wrong decisions regarding future orientation.
Information for company’s future orientation mostly won due to membership in associations, internet etc. Own marketing limited, possibly due to relative high costs. Basic unifying document declaring the results desired by the enterprise. It should be appropriate to the purpose of the organization and include a longterm vision. It should include the commitment to comply with requirements and continually improve the QMS. The quality policy provides a framework for establishing and reviewing quality objectives. All employees should be aware of the declared quality policy of the organization.
5.3
Quality policy
5.4
Planning
Detailed financial plan and exact calculation of development expenses. Factual production plan Establishing measurable quality objectives consistent with quality policy.
5.5
Responsibili ty, authority, communicat ion
Branched organizational structure, easier defining of authorities and responsibilities, executive and control functions. Management representative is usually a member of top management, can be helped in QMS administrative tasks
authorized partner (dealer or service provider) etc. The management shows personal involvement and activity while improving the QMS and stimulating continual improvement through internal message about the importance of meeting customer’s requirements and requirements imposed by related superior laws and standards. Both managers and employees of SMEs usually are more directly motivated to lead the company towards prosperity and thus to satisfy old and to attract new customers.
Even in the case of SMEs, the management has to specify its vision and long-term intentions related to the business subject, own optimal product and its presentation on the market. The intention of a SME can be e.g. to become partner of a certain client (supplier of an automotive industry or electroengineering subject), in the case of commerce or services e.g. to be authorized partner (dealer or service provider) etc. Annual plan in financial indicators, Planning is an integral part of any cash-flow depending on development enterprise management. In the case of expenses, main activity often SMEs, however, some of the plans (e. g. controlled by operative plan. investment plan, training plan etc.) might be understood only as a Establishing measurable quality framework and may be controlled objectives consistent with quality operatively according to actual cash-flow policy. development. Simple organizational structure, often Appointing a member of management cumulated functions. When distributing responsible for the QMS is essential. It responsibilities and authorities, has to be a strong leader provided with specifics of the SME and characteristics authority to coordinate the whole of individual managers have to be system. While there is usually a new taken into account. position established in large enterprises, in micro enterprises the task is often Management representative for QMS taken over by one of the managing 31
by an employee. Sophisticated means of communication (e.g. intranet)
usually has other cumulated functions. Elementary communication means (e.g. joint management and production meetings) Complex report on given period as Complex report on given period as input for management review. input for management review. Review during a management Documented owner’s standpoint to the meeting, documented in minutes, report (by companies, where the formulated remarks and actions influence of management meeting resulting from the evaluation. members on the owner is only advisory), including specification of New challenges for Quality objectives actions if necessary. or continual improvement program. Review of quality objectives.
5.6
Managemen t review
6.
Resource management
6.1
Provision of resources
6.2
Human resources
32
Detailed financial plan and exact calculation of development expenses.
Planned resources respecting the cashflow oscillation in the course of the year.
directors or by the owner himself.
Management review means a recapitulation of the whole QMS in regular periods (annual, biannual). Unlike other system requirements, applied by SMEs already before the implementation of QMS, it is not common in SMEs to execute management review in an extent requested by the standard. In the context of strategic management such a standstill and recapitulation is very useful. The standard requires decisions to be made based on facts, not opinions. In the context of management review original intentions, objectives and resulting tasks can be modified.
Even an SME should determine resources needed to implement and maintain the QMS and to meet quality objectives and should specify how the resources will be provided. In the case of SME, distribution of resources during the year might be controlled operatively according to cash-flow development. Human resources department/section Cumulated personnel work and training Good personnel work can be done even in an SME. It is necessary to evaluate the with divided personnel and educational management. performance and reserves of every activities. employee and to plan the use of it in a Map of company’s qualification Map of company’s qualification structure, specification of work positions. broader context, in new fields or at least structure, specification of work by conserving the actual state. Employees, positions, personal development plans. however, have to feel that they are followed and evaluated and that the company counts on them. The most Evaluation of employees through interview. Annual training plan. suitable form of applying the requirement Annual training plan. is a simple evaluation of ability and planning personal development of every Evaluation of training quality and Training evaluation. single employee (regular detecting of effectiveness. training needs, training plans, evaluation). Use of experience and ability of e mployees is typical for SMEs-service providers, where the quality of the service often
depends on experience of single employees. 6.3
Infrastructur e
Demanding, large infrastructure. Infrastructure development planning based on long-term strategic plans, making use of different investment studies and scenarios. Annual maintenance plan.
6.4
Work The organization determines and environment manages the work environment
needed to achieve conformity to product requirements. Besides control of compliance to obligatory requirements of related laws and standards (according to sector and field of activity) additional surveys are carried out on the impact of work environment on the quality of the product (especially in production companies).
7.
Product realization
7.1
Planning and Main activity (production) usually product planned in an annual or quarterly detailed factual plan. Planning realization
7.2
Customerrelated processes
Rather simple infrastructure. Infrastructure development realized under conditions of more simple decision making processes (owner makes shortterm decisions based on actual resources). Annual maintenance plan. The organization determines and manages the work environment needed to achieve conformity to product requirements.
The ISO9001:2008 edition pays special attention to the management of the work environment needed in order to achieve conformity to sales requirements.
If the production cannot be long-term factual planned (company satisfies direct demand of individual quality, detecting risks. customers), than a planning in e.g. financial indicators is necessary. Products as well as production Products as well as production have to meet requirements processes have to meet requirements processes defined by laws and superior defined by laws and superior standards. standards. During the decision process regarding order acceptance all managers influencing the order have to make their comments. The standpoint has to be documented (recommended - in information system). Negotiations with customer
SMEs often develop their infrastructure more dynamically than large enterprises. Continual detecting of the means needed to ensure conformity of the products involves technology, measuring devices, information system, car park, communication technologies, work tools for employees. It is to be recommended to improve the infrastructure development plan in relation to quality objectives. As an SME: do not forget to fulfill requirements of related laws and standards, as well as obligatory revision of state authorities!
Even in an SME it is useful to set requirements for the product. Consequently, there should be records providing evidence that the realization process and the product meet set requirements.
Review of order acceptance has always Records on order acceptance review to be documented (at least simplified), make part of controlled documentation. even if the owner decides.
33
7.3
7.4
specifying the contract are documented. Design and The company usually disposes of own Cases appear, that companies ensure development capacity for product/processes development mainly utilizing codevelopment. operating experts. This demands proper documentation reflecting requirements of clause 7.3. of the standard. Purchasing List of suppliers for a limited period Evaluation of suppliers for a limited derives by running companies from period and documenting of the list of repeated evaluation. Members of approved suppliers has to be done production and technical control even if a strong accumulation of department should be involved in the information and responsibilities exists. evaluation. Acquiring output control results and The company has an own test room, certificates from the supplier can where input control of purchased replace the input control tests. material is executed and its release into production approved. It is used to execute customer audits by supplier.
By SMEs the development of the product often happens by the customer, which can be qualified as not fulfilling of the requirement and may be even reason for exclusion. Even by SMEs evaluation of suppliers forms an important input for preventive actions and negotiations with partners. In the organization a permanent drive for evaluation has to be evident.
7.5
Production and service provision
Production or providing services is usually operated according to own documentation and procedures. Processes being verified. All material in production is properly signed, marking enables backward tracing of all relevant information. Procedures for providing service of own products exist, service realization documented.
Production or providing services often carried out according to documentation or procedures delivered by the customer. Documentation verified and released before use. Processes verified. Procedures for providing service of own products doe not always exist.
If there is no service for own products provided and there is a co-operation with a service provider assigned instead. This co-operation has to be exactly specified (especially quality requirements).
7.6
Control of monitoring and measuring devices
In the frame of QMS laws on metrology usually count as superior standard. Member of metrology department participates in management. Calibration of measuring devices often provided internally. If the company uses to do calibration of measuring devices itself, calibration procedures have to be defined.
If there is no management member appointed as responsible for compliance with laws on metrology, than this responsibility lies automatically on the managing director of the company. Calibration of measuring devices is usually provided by an external competent center.
Even if calibration of measuring devices is carried out externally, in the company there has to be kept documentation that meets requirements of clause. 7.6 of the standard.
34
8.
Measurement, analysis and improvement
8.1.
General
The organization shall plan and implement processes needed to demonstrate conformity of the product, ensure conformity of the QMS and its continually improvement. Used methods should be defined, including statistical methods (if applied).
In SMEs the use of analyses and statistical methods is rather restricted. However, also in SMEs there are certain monitoring, measurement and improvement outputs and processes such as management review report (owner’s documented standpoint), records of nonconformity, corrective and preventive actions records etc., which should be analyzed and used for improvement.
8.2 Monitoring and measurement 8.2.1 Customer Besides top management also Relevant information on customer’s satisfaction members of other departments have satisfaction can usually be collected the possibility to obtain information only by top management members or on customer’s satisfaction directly by the owner. Structure of the from customers, e.g. members of the information needed (checklist) and marketing or service department. strategy of its acquisition have to be Collected information is processed, worked out beforehand. Obtained selected, and based on evaluation information is evaluated, necessary necessary actions are defined. actions defined. 8.2.2 Internal Internal audit plan guarantees that all External auditors can be accepted for audit departments and all clauses of the carrying out internal audits only if standard will be checked up in the because of a low number of employees course of current year. - own auditors cannot ensure internal audits without facing conflict of There is a team of own auditors interests. ensuring the realization of internal audits. Members of this team are Audit plan for one year worked out in regularly retrained, their work advance, compliance with evaluated. requirements of the standard as well as extent and content of audits are Summary of through internal audits monitored thoroughly. acquired information forms an essential part of the management Audit findings have to be reflected and review report. if necessary the QMS improved. 8.2.3 Monitoring All management and production activities are, to an adequate extent, and monitored and evaluated. By specific production processes (e.g. welding, measuremen surface treatment) may the data, acquired as a result of control, be further
Even in SMEs the collected information on customer’s satisfaction should be documented in written form even in case of a strong accumulation of information by one person.
Even if the audit is ensured by external auditors, the audit procedure has to be described and documented According to requirements of clause 8.2.2 of the standard.
By SMEs the number of processes liable to monitoring and measurement will be considerably lower than by large 35
t of processes
8.2.4 Monitoring
used in the system of product monitoring and measuring.
Control between individual operations Control between individual operations Thanks to the controls nonconformities and sometimes also output control can be detected. carried out by production workers in form of self-test. In that case, workers control department. All types of are extra trained for control activity controls are specified in controlling and based on training they are and testing procedures. entrusted with control. Control documents archived as Evidence of conformity/authorization of quality records. release should be documented.
and as well as output control is carried measuremen out by professional inspectors, t of product members of independent technical
36
enterprises.
8.3
Control of nonconformi ng product
Nonconforming (half-finished) product must be separated and protected from (even unintended) use, assessed and handled in one of the by the standard accepted ways.
8.4
Analysis of data
Adequate analyses are a non-excludable instrument for decision making and management.
8.5
Improvemen The company usually has a separate t document to deal with improvement,
8.5.2 Corrective action
8.5.3 Preventive action
Annual quality objectives include usually also minor concrete tasks the Continual improvement program. ensuring development of the It expands on declared quality enterprise. Thanks to a frequent objectives specifying minor important actualization and completion in the tasks. course of the year an up-to-date state and effectiveness is guaranteed. The corrective action control system guarantees in both, a large enterprise as well as a SME, that suggestions for preventing insufficiencies will be evaluated, a procedure for a corrective action will be established and executed and result of the action controlled. The preventive action control system guarantees in both, a large enterprise as well as a SME, that suggestions for preventing insufficiencies will be evaluated, a procedure for a preventive action will be established and executed and result of the action controlled.
Even by SMEs, monitoring and analysis of nonconformities is one of the inputs to be considered for decision on a corrective/preventive action. The standard requires decisions to be made based on facts, not opinions. Monitoring of processes/products and analysis of acquired data is thus unavoidable even by SMEs (in appropriate extent). Overview of actions undertaken to improve the QMS forms a part of the complex report on given period (being input for management review).
Every corrective action has to be proportional to consequences of nonconformity stated. Every preventive action has to be proportional to consequences of possible nonconformity.
37
CHAPTER 4. THE STANDARD ISO 9001:2008 4.1.
Introduction
The objective of the chapter 4 of these guidelines is to present the Objective of requirements as stated in ISO 9001:2008 international standard, the chapter in an easy to understand way and to give examples of their 4 fulfilment. A new requirement of the 2000 version standard is the Outsourced documentation of the control methods of potential outsourced processes processes of the company (TC 176, ISO 9000 Introduction and Support Package: Guidance on "Outsourced processes"). This element refers only to outsourced processes that may affect product conformity with specific requirements. For example, if an apparel industry outsources the clothes’ sewing or processing, the control methods over the external supplier must be documented, as well as their results. Structure of the chapter
Chapters 4.2 presents the main characteristics of ISO 9001:2008 4 standard that differentiates it from the version ISO 9001:1994 Chapter 4.3 presents the standards ISO 9000 and ISO 9004 that are related to ISO 9001. Chapters 4.4-4.8 include the respective clauses 4-8 of the standard and their interpretation. In this way it is easy for the beginner as well as for the advanced reader to study this guidelines in relation to the standard, so as to understand it better and fulfil the requirements.
4.2.
Characteristics and contents of ISO 9001:2008 standard
ISO 9001:2008 is a quality management system international Introduction standard, issued by ISO. It was first issued in 1987, based on the to ISO British standard BS 5750. It was first time revised in 1994 (series 9001:2008 ISO 9000:1994), second time in 2000 (series ISO 9000:2000) and the last revision is that of 2008. Main
This new version contains no new requirements. It contains only a characterist few changes and clarifications in “Notes”. The points of ics of the clarification focus on outsourcing, documentation, management current representative, employee competence, design verification and version of validation, process monitoring, control of nonconforming product ISO 9000 and corrective and preventive action. The international standard ISO 9001:2008 maintains the process Process approach of the previous version. As process is defined ‘any approach activity that receives inputs and converts them to outputs’. The processes of the company are linked together and outputs from one process can be input to another. The systematic identification and management of the processes employed within an organization and the interactions between such processes may be referred to as the ‘process approach’. 38
The company has to identify and analyse its processes and their interactions and document them in the extent that it is needed to ensure their good performance. The standard categorises company processes in 4 categories: •
Management
•
Resources management
•
Product realisation
•
Measurement, analysis and improvement
ISO 9001:2008 pays special attention to the fulfilment of customer Customer needs and expectations. One of the main responsibilities of top oriented management is to ‘ensure that customer needs and expectations are determined, converted into requirements and fulfilled with the aim of achieving customer satisfaction’ as stated in paragraph 5.2. Chapter 7.2 of the standard describes in detail the way, with which management shall identify and review customer requirements. According to paragraph 7.2.1 regulatory and legal requirements should also be taken into consideration. In addition paragraph 8.2.1 states that the company shall establish a way to monitor and measure customer satisfaction. Introduction
0.1 0.2 0.3 0.4
General Process approach Relationship with ISO 9004 Compatibility with other management systems
Contents of the standard
Scope
0.5 0.6
General Application
Normative reference Terms and definitions Quality management system
0.7 General requirements 0.8 Documentation requirements Management responsibility
0.9 Management commitment 0.10 Customer focus 0.11 Quality policy 0.12 Planning 0.13 Responsibility, authority and communication 0.14 Management review Resource management
0.15 Provision of resources 0.16 Human resources 0.17 Infrastructure 0.18 Work environment
39
Product realization
0.19 Planning of product realization 0.20 Customer-related processes 0.21 Design and development 0.22 Purchasing 0.23 Production and service provision 0.24 Control of monitoring and measuring devices Measurement, analysis and improvement
0.25 General 0.26 Monitoring and measurement 0.27 Control of nonconforming product 0.28 Analysis of data 0.29 Improvement 4.3.
Other related standards
Directly related to ISO 9001:2008 are the standards ISO 9000:2000 and ISO 9004:2000. These two standards do not have a certification value. ISO 9000:2000 Quality management systems - Fundamentals and ISO vocabulary has double scope. At first it provides the fundamental 9000:2000 concepts for quality management systems in an informative way. Secondly it provides the terminology used in the ISO 9001 international standard. This second part has a normative character. ISO 9004:2000 Quality management system – Guidelines for ISO performance improvement is an independent standard that may be 9004:2000 used in relation to ISO 9001:2000 standard. ISO 9004 has similar structure with ISO 9001, so that the two standards can be easily used together. ISO 9004 is wider in scope than ISO 9001, focusing on company’s overall performance improvement. ISO 9004:2000 are not guidelines for implementing ISO 9001:2000 and is not intended for certification or contractual use. The two International Standards are designed to be used together, but can also be used independently. 4.4.
Quality Management System (clause 4)
This chapter follows the structure and content of ISO 9001:2008 standard in order to facilitate its interpretation. When appropriate, there are citations of the ISO 9000:2000 and ISO 9001:2008 standards and applications of standard requirements in practice. Words or sentences marked with apostrophe and italic (“italic”) are direct citations from ISO 9000:2000 and ISO 9001:2000 standards. •
40
Reference of each chapter to the ISO 9001:2000 standard is presented after titles (e.g. clause 4.1). •
Documented procedures and records required by ISO 9001:2000 are marked with a picture of book. •
4.4.1.General Requirements (clause 4.1)
“The organization shall establish, document, implement and maintain a quality management system and continually improve its effectiveness in accordance with the requirements of this International Standard.”
Managemen ´Establish, document, implement and maintain` should not be t system
interpreted as separate words. Instead, it is expected to see a functioning management system to direct and control an organization with regard to quality, e.g. encouraging organi zations to analyse customer requirements and defining the processes that contribute to the achievement of a product 5. The focus should be on continually improving the system’s ability to produce conforming6 products in an effective and efficient manner. ´Improvement ´ refers to the actions taken to enhance the features and characteristics of products and/or to increase the effectiveness and efficiency of processes. The term ´continual ´recognises that improvements may be made in a step-like manner and not necessarily as a smooth, joined-together flowing process. The only part that ISO 9001:2008 standard requires to be documented concerns here the chapter 4.4.2. Documentation Requirements. Otherwise organizations can by
themselves determine the necessary level of documentation. Also, it is completely within their rights to manipulate order of the standard to suit own needs, e.g. by rearranging the standard’s clauses into a more practical sequences. Although documentation requirement concerns only one chapter, our recommendation is to document also the processes (discussed below), because by 5
Product: result of a process i.e. result of a set of interrelated or interacting activities which transforms inputs into outputs (process: set of interrelated or interacting activities which transforms inputs into outputs) 6 Conformity: fulfilment of a requirement. Requirement: need or expectation that is stated, generally implied or obligatory. Nonconformity: non-fulfilment of a requirement. 41
documenting them many of the standard requirements will be rather easily met, such as control methods, which as a separate matter are otherwise difficult to prove to the auditor. ISO 9001:2008 states that the top management in an organization shall ensure the planning of the Quality Management System, including following six (a–f) clauses: a) Identify the processes and their application: Identification of processes means that all essential activities that are needed to produce the products or supply the services (or both) should be identified, including management activities, provision of resources and measurement. Processes are discussed in detail in chapter 4.7. •
Identification of processes and their application can be documented (e.g. process map), but also an obvious knowledge base shared by all practitioners might suffice. Although documentation is not specifically required, it is recommended since it is an illustrative and useful communication tool about organization’s mission. Process •
map
b) Determine the sequence and interaction of processes: This is a follow-up to a) above. A useful and demonstrative tool showing sequence of processes and linkages between them is a process map. Since it presents all essential activities, it actually clarifies the whole meaning of an organization, a reason for its existence (mission). Usually a process map is a one-page illustration showing the sequence and interaction of top-level processes and including indicators for lower level processes and additional information. •
•
Process map is not a requirement of ISO 9001:2008, and sometimes a text-only description might be more suitable in some organizations. Example of a process map is presented in the figure below. The map is an artificial example of the process map in a construction company: Measurement of processes
Information management
Management S E S S
- Shipment Order entry Production -
E C R E M O T S U C
O R
Technical support an Maintenance
P E R
C U S T O M E R
Design and Development
O C
Finance
ADP
Cleaning andSecurity
Figure 4.1 Process map of a construction company
(artificial) In this process map there are three core processes which serve the external customers and bring money to the company (the outputs of core processes are those that a customer buys •
42
from the company; that is why the customer is presented in the map). At the top there are three boxes including management, information management and measurement of processes. There Process are activities applied to all processes in the company e.g. where flow chart management includes strategic decision, quality policy, management reviews etc. Below the core processes there are supporting activities – finance, ADP and cleaning and securing – to support the performance of core processes. When seeing this one page map, it easily presents the purpose of the company i.e. what products and services it sells to customers and what activities and resources are needed to produce them and to support them. In addition to a process map, many organization use second-level models displaying one box of the process map in a more detailed way. The most popular model is a process flow chart (see figure 6 as an example of a process flow chart). They identify inputs, resources, process owner, control methods, outputs, records and other necessary information concerning the process. The third-level models are usually too detailed to be displayed in a model, and thus they are usually defined in work instructions. •
Name of the process: Order entry-Production-Shipment Owner: G eneral manager/production manager Objectives: To process orders from order entry to a finished product in less than five days
IN
- Customers order - Drawings etc.
Review -Do we have enough or raw material? -Are we able to produce in time?
Order entry to computenzed system -Instructions and drawings to production -Acknowledgement to customer
Packaging
Transport arrangements
Paperwork
Shipment to customer Production or take out from inventory
END
NO Inspection
OK
Figure 4.2 Artificial example of process flow chart •
•
According to Oxebridge Quality Resources, Inc. (2003) 43
graphical process models provide a number of benefits, including: -
providing employees with an understanding of how the processes they perform affect subsequent processes, departments and employees
-
providing a means for employees to understand what their internal customers (the subsequent processes shown on the diagrams) need from them
-
providing a quick and easy “snapshot” of a process that can Statistical link to subsequent, and more detailed, instructions or tools (e.g. 7 documents
-
quality providing a single place to summarize all important aspects of tools)
a process, including its objectives and owners.
c) Determine criteria and methods needed to ensure that both the operation and control of processes are effective: This involves a set of policies, procedures, requirements and methods, that are needed to ensure a smooth operation of processes. Usually they are self-evident matters such as previews if all necessary information is included, procedures completed and parameters met, and other practical things to be checked out about activity in question. This clause addresses the use of statistical tools in the control of processes. The tools and methodology of Statistical Process Control (SPC) and Six Sigma can be too difficult for small enterprises, but some of them e.g. histogram, scatter diagram, fishbone chart and control chart, which all belong to Seven Quality Tools, are rather easy-to-use tools. The use of statistical tools is recommended by ISO 9001:2008, but they are not compulsory.
To summarize data from a process that has been collected over time, and graphically present its frequency distribution in bar form (Brassard & Ritter 1994).
To identify, explore, and graphically display, in increasing detail, all of the possible causes related to a problem or condition to discover its root causes (Brassard & Ritter 1994). 44
To study and identify the possible relationship between the changes observed in two different sets of variables (Brassard & Ritter 1994).
To monitor, control, and improve process performance over time by studying variation and its source (Brassard & Ritter 1994).
Figure 4.3
Some of the 7 quality tools
d) Ensure the availability of resources and information necessary to support the operation and monitoring of processes: Resources include human resources, infrastructure and work environment. They are discussed in chapter 4.6. e) Monitor, measure and analyse processes: Usually monitoring and measuring are done as an integral part of the operation. It means that the performance of processes should be evaluated and rated somehow, in order to analyze whether they perform well and produce expected results. Many times the terms inspection and test are used synonymously with monitoring and measurement. •
Example of a metric in order processing-productionshipment process (a process starting from order entry, then proceeding to production, shipment to the customer and finally ending to the point when customer receives the delivery) is the number of shipments delivered in time. Its sub-processes, e.g. production, might have their own metrics such as raw material consumption and machining time. Some of the metrics equal to quality objectives, which are discussed in chapter 4.4.2. •
f) Implement actions necessary to achieve planned results and continual improvement of processes: This is a claim that the processes must perform as indicated in clauses a)–e) and continually improve their ability to do so. It is up to every organisation whether it chooses to document these clauses or not.
4.4.2. Documentation Requirements (clause 4.2)
ISO 9000:2008 defines document as “information and its Document supporting medium7”. It can be a “record 8, specification9, procedure document, drawing, report or standard”. 45
Documentation shall include: a) Statements objectives:
of
quality
policy
and
quality
Quality Quality policy: “Overall intentions and direction of an policy
organization related to quality as formally expressed by top management.”
There is no specific description of the structure and the contents of quality policy, but there are some principles to follow: Firstly, it is the uppermost document to address the commitment of top management to continually improve system’s ability to comply with requirements (incl. description of what is meant by continual improvement). Furthermore, it has to be aligned with any other policy and aims of the organization, be communicated, understood and found meaningful, and be used as a framework for setting various objectives. It is important to show dedication to improve competence and empower personnel, and to meet statutory and regulatory requirements and interests of stakeholders. Usually quality policy is a one page statement signed by the top manager. It doesn’t need to be contained in the quality manual, nor to be signed. Since quality policy is a formal part of the QMS, it is usually included to the manual and signed by top management to show evidence of its endorsement. Example of quality policy (abridged and artificial version): Our mission is to be a leading supplier of high quality products (name of the products) in Scandinavia and Northern Europe. This vision will be met by: -
Providing goods which consistently exceed the expectations of our external customers.
-
Involving all our employees and partners in an effort to continually improve the value of our products, services and processes.
-
Ensuring that when complaints are received, they will be responded in a timely manner with a view to eliminate the root cause and Quality prevent recurrence. objectives
In order to achieve these objectives, it is important that all our employees understand this quality policy and associated quality objectives. We will continuously make an effort to comply with the requirements of ISO 9001:2008 and improve the effectiveness of our Quality Management System.
7
Medium: paper, magnetic, electronic or optical computer disc, photograph or master sample, or a combination thereof. 8 Record: document stating results achieved or providing evidence of activities performed 9 Specification: document stating requirements, e.g. procedure document, process specification and test specification, product specification, performance specification and drawing 46
Quality objectives: “Something sought, or aimed for, related to quality...Top management shall ensure that quality objectives, including those needed to meet requirements for product, are established at relevant functions and levels within the organization. The quality objectives shall be measurable and consistent with the quality policy.” Quality objectives are realistic objectives converted from the quality policy and focused on all critical activities in the organization. It is advisable to link objectives to quality policy, because it makes the policy more understandable and concrete, and it is easier for personnel to see what is their contribution to achieve objectives and finally, how the objectives support intentions of quality policy. Of course, not all the objectives and associated metrics have a visible link to quality poli cy, but at least they align with the general direction. According to ISO 9001:2008, the objectives shall be measurable, which usually means a comparison with some fixed unit of a known size and capacity. An example of converting objectives and metrics from the quality policy is presented below. Not all objectives are measurable, and for them there should be some other measuring system to suit particular purposes of the organization. Example: See the previous chapter of quality policy: ... Ensuring that when complaints are received, they will be responded in a timely manner..
OBJECTIVE: a quick response time to customer complaints METRIC: database of complaints (If a written form is used for processing of customer complaints, it is easy to see how many complaints have been responded to and at what response time)
Same sentence continues with: ...with a view to eliminate the root cause and prevent recurrence.
OBJECTIVE: Elimination of causes and prevention of recurrence METRIC: Number of corrective and preventive actions
Quality manual
Objectives can even be expanded to each process, because every process has an objective and it exists to accomplish something, whether it is known and written down or not. As presented earlier, a metric of order processing-production-shipment process could be the number of shipments delivered in time to the customer. Management can keep specific numeric goals for objectives (e.g. 90 % of complaints responded within one day; 0 % corrective action rate). Usually it is advisable to keep them separate at management use only, because updating of numeric figures would require too frequent revision of quality policy, and also less than 100 % figures may be offensive to the customer. b) A quality manual 47
Table 4.1
Records required by ISO 9001:2008
Clause
Record required
5.6.1
Records from management reviews Example: Table of minutes, memo or equivalent document presenting the results and actions made in a management review.
6.2.2 (e)
Records of education, training skills and experience Example: An Excel-table including information of employees´ education and work history, training during current employment, specific skills etc. => All in one database; easier to predict future training needs. Alternative records are copies of curriculum vitae, certificates and attendance sheets from training.
7.1 (d)
Evidence that the realization processes and resulting product fulfil requirements Example: Usually these are normal delivery documents, such as work orders or equivalent documents.
7.2.2
Results of the review of requirements related to the product and actions arising from the review Example: The record of the review can be e.g. a signature on a quotation or an order-entry into a computerized system. The idea is to check if all customer requirements can be met by checking e.g. raw material availability and delivery time.
7.3.2
Design and development (inputs for R & D, review and verification of results against the input requirements, validation prior to delivery or implementation) Example: A memo, drawing or equivalent document to present all needed information, including product parameters, possible amendments, accomplished results and authorized validation of the product prior to delivery or implementation. The use of planning tools or organization’s own models of conducting design and development is advisable.
7.4.1
Results of supplier evaluations and any necessary actions arising from the evaluations Example: This can be discussed during internal auditing and be reported in the table of minutes.
7.5.2 (d)
Demonstration of the validation of processes where the resulting output cannot be verified by subsequent monitoring or measurement Example: A document showing acceptance of tolerances and parameters.
7.5.3
Record of the identification of the product, where traceability is a requirement Example: Usually a work order includes information for traceability.
7.5.4
Reports on customer property that is lost, damaged or otherwise found to be unsuitable for use. ISO 9001:2008 previews that customer data are also considered as customer property and have to be protected. Example: The use of internal complaint form.
7.6 a) 48
Records on calibration and verification (basis for calibration or verification of measuring equipment where no international or national
measurement standards exist; results) Example: Memo of calibration. 8.2.2
Internal audit results and follow-up actions Example: Documented audit report.
8.2.4
Indication of the person(s) authorizing release of product Example: Usually stated on a work order.
8.3
Nature of the product nonconformities and any subsequent actions taken, including concessions obtained Example: The use of internal complaint form.
8.5.2
Results of corrective action Example: Nonconformities are documented using an internal complaint form or a written complaint sent by the customer. Nonconformities are discussed and corrective actions composed (useful tools: fishbone, brainstorming). Results are documented on table of minutes and relevant instructions and information distributed to personnel.
8.5.3
Results of preventive action Example: The use of different methods (such as Failure Mode and Effect Analysis, FMEA) to detect root causes i.e. factors that can, at some point in the future, cause conformities such as customer complaints or deficiencies in products.
Management Responsibility (clause 5)
4.5.1. Management Commitment (clause 5.1)
“Top management 10 shall provide evidence of its commitment to the development and implementation of the quality management system and continually improving its effectiveness by a) communicating to the organization the importance of meeting customer as well as statutory and regulatory 10
49
requirements, b) establishing the quality policy, c) ensuring that quality objectives are established, d) conducting management reviews, and e) ensuring the availability of resources.”
All the above mentioned 5 ways (a–e) are mandatory options for the top management to prove its consistent support to the development, implementation and continual improvement of the Quality Management System. Options b–e are discussed as own subsequent chapters. Option a) is discussed in the next chapter and chapter 4.7.2. In addition to customer requirements, the management should also ensure that all statutory and regulatory requirements are identified, communicated in the organization and updated for the latest version. Statutory and regulatory requirements can be in written or electronic form, since many of the requirements are available within public databases on the internet. 4.5.2. Customer Focus (clause 5.2)
“Top management shall ensure that customer requirements are determined and are met with the aim of enhancing customer satisfaction.”
This sentence is quite superfluous, because its requirements are discussed in several references in the standard. For example, during the management reviews customer requirements and priorities and process performance can be discussed and necessary actions taken. The sentence itself emphasizes the obligation that top management takes an active and leading role in ensuring all of the customer requirements. Many times though this is achieved in normal checking and other practical procedures accompanied with good customer and internal communications. It is something that every organization should know: what are those properties in our products and operations (e.g. product properties, maintenance availability, means of delivery, quick response time) that the customer appreciates the most? By writing these down in the quality manual many of the standard requirements will be met. 50
4.5.3. Quality Policy (clause 5.3)
Quality policy is the premier document to address the commitment of top management to continually improve system’s ability to comply with requirements. It is strongly emphasized in the standard that quality policy must be issued by the top management. Quality policy was earlier discussed in detail in chapter 4.4.2. a). 4.5.4. Planning (clause 5.4)
Planning includes the establishment of quality objectives and planning of the Quality Management System, both being responsibilities of top management. The establishment of quality objectives was earlier discussed in chapter 4.4.2 a). Likewise, the planning of QMS was discussed in chapter 4.4.1 a)–f). When there are changes to QMS (e.g. because of corrective and preventive actions or because of adaptations to specific market, customer preferences or to statutory/regulatory requirements), their effect on present procedures and conflicts with the system has to be considered. 4.5.5. Responsibility, Authority and Communication (clause 5.5)
“Top management shall ensure that responsibilities 51
and authorities are defined and communicated within the organization.”
Each person in charge of some critical activity must have a precise conception of their assignments. Typically the responsibilities and authorities appear as part of several documents, such as assignment contracts, organisational charts and process maps. When responsibilities and authorities are not documented, they have to be communicated otherwise, for Management example during classroom training. representativ e
ISO 9001:2008 also requires that top management has to appoint a management representative to look after QMS affairs and to report about them to the top management. Usually the representative organizes internal audits, reports on performance to management, monitors customer complaints and effects of corrective and preventive actions etc. It is intended that the representative is a regular member of the management team. His authority and responsibility has to be defined and communicated as any other assignment. Internal communication within the organization must be effective to ensure, that correct information is transmitted from one function, process or individual to another. 4.5.6. Management Review (clause 5.6)
“Top management shall review the organization’s quality management system, at planned intervals, to ensure its continuing suitability, adequacy and effectiveness. This review shall include assessing opportunities for improvement and the need for changes to the quality management system, including the quality policy and quality objectives.”
The idea of the reviews is that the top management review of the performance of the system at certain intervals laid out beforehand. There is no maximum interval specified in the standard, but a common practice is to have them once per year or more frequently if needed. The idea of the reviews is to analyse the information of audit findings (including corrective and preventive actions), customer complaints, process capabilities, performance indicators, product 52
conformance, improvement activities, needs for a change and any other relevant issues in order to see where we are now and how we have operated, and where we want to go. A common practice is that the management representative collects the information from relevant persons and forwards the report for a management review. Decisions from previous management reviews should also be included, which could be a separate page attached to a minutes of the review. The results of the review can lead to updates of QMS, policies and objectives, actions to increase customer satisfaction or overall effectiveness, allocation of necessary resources and to some other actions needed to improve the performance of QMS. The ISO 9001:2008 standard specifically requires a documented record from management reviews. The format of the record is informal, it can be e.g. a conventional minutes of meeting. The way of conducting reviews is up to an organisation to decide: they can be dedicated reviews or combined with any other relevant management activity.
4.5.
Resource Management (clause 6)
The standard ISO 9001:2008 requires that the organization should identify the resources needed to support and improve the quality systems processes, and to achieve customer satisfaction. Resources include human resources, infrastructure and work environment. Concerning human resources, the standard requires that before organizations assign personnel to an activity they will first have to define a minimum competence requirement for the activity in terms of education, training, skills and experience. This may be handled by e.g. job descriptions, although specific documentation requirement doesn’t exist. Furthermore, the standard requires that if there are competence gaps, the organization has to provide training or take other actions to fill the gap. It is stated in the standard that the personnel has to be aware of the relevance and importance of their activities and how they contribute to the achievement of quality objectives. High priority is given to knowing the customer needs. Training and meetings are some possible ways to ensure this awareness. The effectiveness of actions taken has to be evaluated 53
somehow, e.g. by monitoring the process performance. There is one documentation requirement concerning human resources management: the organization has to maintain appropriate records of the individual’s education, training, skills and experience. Some examples of records are curriculum vitae, copies of certificates and attendance sheets from training. Alternatively, some organizations may choose to fill in a separate form for each employee, including their education, work and training history and extension studies during current employment. Concerning infrastructure , the organization has to identify facility needs, provide needed facilities and maintain them, and perform these actions on two levels: as a part of top management’s consideration and on a individual contract basis. The ISO 9000:2008 standard defines infrastructure as a “system of facilities, equipment and services needed for the operation of an organization” . Infrastructure includes, as applicable, buildings, workspace and associated utilities, process equipment (hardware and software) and supporting services such as transport and communication. Correspondingly, the same standard defines work environment as a “set of conditions under which work is performed” (conditions include physical, social, psychological and environmental factors; physical conditions including factors such as temperature, humidity, vibration, air quality, lighting and cleanliness). The organization has to determine what effect the human and physical factors have on quality and ensure that the right conditions exist. 4.6.
Product Realisation (clause 7)
This chapter of product realisation includes planning of product realization, customer-related processes, design and development, purchasing, production and service provision, and control of monitoring and measuring devices (chapters 4.7.1–4.7.6). Usually all these activities are part of the processes, i.e. jobs and activities within an organization with an effort to produce something for the internal or external customers, and therefore, will be naturally handled when identifying the processes. When the standard presents them Typical QMS separately, they seem a little bit illogical. processes
In order to better understand product realization and the Quality Management Systems as a whole, we present here the typical processes that constitute the QMS. In figure 7 there are four typical process groups: 1) management processes including strategic decisions, determination of quality policy and quality objectives and other management tasks, 2) product realization processes which describe the sector which the organization is in, 54
including the activities that are needed to produce the products and services to internal and external customers, 3) processes of resource management including determination and allocation of human resources, infrastructure and work environment, and 4) measurement, analysis and improvement processes which ensure that the product and QMS meet the requirements and the system is continually improved. Managementprocesses - establishing the quality policy and quality objectives - conducting management reviews - communicating customer, statutory and other requirements within the organization - ensuring the availability of resources, etc
Measurement, analysis and improvementprocesses
Resource management Determination and allocation of - human resources - infrastructure - work environment
QMS processes
- to demonstrate conformity of the product and QMS - to continually improve the effectiveness of QMS
Productrealization processes - planning of product realization - customer-related processes - design and development - purchasing, and production and service provision - control of monitoring and measuring devices
Figure 4.4 Typical QMS Processes
Management processes are specifically required by ISO 9001:2008 standard, all used by the top management and applied to the entire company. Resource management is put in separate in the figure, but it can also be understood to be part of management processes, since ensuring the resources is one of the duties of top management. Product realization processes are different for every company, although some processes generally exist in any company: for production operations they typically involve activities like order entry, purchasing and production, and for service companies service provision e.g. customer greeting and events coordination. Note that this chapter is the only part where exclusions can be made. This refers to ISO 9001:2008 clause: “Where any requirement(s)...cannot be applied due to the nature of an organization and its product, this can be considered for exclusion...unless such exclusions do not affect the organization’s ability, or responsibility, to provide product that meets customer and applicable regulatory requirements”. Sometimes an
organization might decide to exclude design and development activities or outsourced processes, if they are not an integral part of organization’s core business and do not affect product conformity. For example some raw material can be so critical that 55
its purchase from suppliers and delivery at a right time is essential to their own production and delivery processes and thus, it should be controlled and included to the QMS. •
Measurement, analysis and improvement processes include activities such as control and inspection during production, criteria of nonconforming product and metrics to measure process performance (e.g. raw material consumption, amount of customer complaints, in-time deliveries). These activities are typically done as a part of processes, so in this respect they are more like the tools and methods rather than processes. They are used as tools to improve process performance and assure their smooth operations.
4.7.1. Planning of Product Realization (clause 7.1)
•
•
•
56
Planning of product realization means that the organization should plan and develop processes for the realization of the product. To clarify this, it means that the organization should prove that it has the correct operations, documents and resources in order to produce the required product, starting with the enquiry process and leading through to the delivery process. In its simplest form the proof of this is nothing more than the processes of the QMS. When at least the most important and critical processes and procedures (e.g. quality plan, project) are documented in written or graphically (e.g. process flow chart), they easily prove to the auditor both the existence of product realization plans and many control and acceptance criteria required by the standard. The outset for planning product realization are quality objectives, including customer and statutory requirements. They determine what the product should be. Next step is to ensure that all activities (i.e. processes), documents and resources needed for a product realization are available. This is particularly relevant when a new product is to be introduced. Furthermore, the standard requires that there are adequate acceptance methods and criteria on both the product and the processes. There is one documentation requirement here: identification of what records are to be generated by the processes and required to provide evidence of product conformance. Usually these are normal delivery documents, such as work order or an equivalent document (which will be naturally presented when describing the performance of processes).
Right operations, documents, controls, inspections and resources
4.7.2. Customer-related Processes (clause 7.2)
Concerning the requirements related to the product, the ISO 9001:2008 standard states that “the organization shall determine -
requirements specified by the customer, including requirements for delivery and post-delivery activities
the
-
requirements not stated by the customer but necessary for specified or intended use, where known,
-
statutory and regulatory requirements related to the product, and
-
any additional requirements determined by the organization.” Customer
needs – The first clause means that the organization has to know what recognized customer requirements in terms of product characteristics and and silent delivery and post-delivery activities such as after-sales service and needs
technical support, it should comply with. Usually these requirements are mentioned in purchasing document. Equally important is to identify hidden and silent needs of the customer, the needs that even the customer itself is not conscious of. By deeply analyzing customer satisfaction questionnaires some of these needs can be detected, but it requires much more than just summarizing the findings – a deep speculation and retrieving of ground reasons and root causes is needed. Other means to get insight of customer requirements are interviewing them, participating in joint development projects with customers, etc. The second clause includes the requirements that are not known by the customer but are necessary for the intended use of the product. Examples of these might be some regulatory rules and standards. The third clause of statutory and regulatory requirements is quite unambiguous: statutory and regulatory requirements have to be addressed during the design, manufacture, delivery and servicing of the product. The information needed should be available to every relevant person in the organization. The last clause of additional requirements refers to the product properties which are developed as a response to the customer’s unstated expectations. These are the expectations that are hidden and not mentioned by the customer, but based on the idea of the organization of what the customer appreciates. The ISO 9001:2008 further requires that the review of requirements related to the product should be made before committing to supply 57
the product. This review should involve all relevant activities affected by an order, for example before quotation and upon receipt of a contract or order. For example when receiving an order, the raw material availability, delivery time, possible amendments compared to previous quotation and other things have to be checked in order to meet the defined requirements. The standard specifically requires that there should be a documented record of the review, which can be a signature on a quotation or an order-entry into a computerized system. Customer-related processes also include customer communication, which has to provide the customer with correct product information (using e.g. brochures and datasheets), and effective handling of enquiries, orders, customer complaints and other feedback. All the requirements of this clause 4.7.2 are naturally included in the normal order handling process. Again, we recommend here the documentation of the process to prove its existence. 4.7.3. Design and Development (clause 7.3)
The ISO 9001:2008 standard states that “the organization shall A systematic and determine -
identified the design and development stages, process of design and the review, verification and validation that are appropriate to development
each design and development stage, and -
the responsibilities development”.
and
authorities
for
design
and
Following records are imposed by the standard in order to ensure that design and development activities are carried out systematically, including, that all relevant information is available all the time and it is reviewed regularly: -
Records of inputs relating to product requirements; including functional and performance requirements, statutory and regulatory requirements, information on previous similar designs when applicable, and other essential requirements. Example: a technical drawing accompanied with all necessary details.
-
Records of the review of design and development; the idea is to check design outputs (drawings, specifications, calculation etc) against the specified inputs, assess how good the design is, identify any problems and to propose necessary actions.
58
Example. Authorized signature on a drawing after review. -
Records of verification; Verification means that there’s objective evidence that specified requirements have been fulfilled. Example: authorized signature on a drawing.
-
Records of validation; Validation confirms that the actual product performs as it should under specified conditions. Validation should be completed, when applicable, prior to the delivery or implementation of the product. Example: prototypes.
-
Records of changes in design and development; the changes should be reviewed, verified, validated and approved before implementation. Example: authorized signature on a drawing.
When the design and development activities are rather simple, it is convenient to combine for example review and verification into a single activity. In small organizations the responsibility and authority of design and development very often rest with only a few people, perhaps only with the owner. Also, many time the new ideas for design and development come from the customer, either from the final end-user or from a subcontractor. When design and development is a central part of organization’s business, it is advisable to document it as a graphical process. This helps to establish a more logical and systematic way to produce new products or applications. 4.7.4. Purchasing (clause 7.4)
According to ISO 9001:2008, “the organization shall ensure that purchased product conforms to specified purchase requirements. The type and extent of control applied to the supplier and the purchased product shall be dependent upon the effect of the purchased product on subsequent product realization or the final product”. Control of purchased
All the purchased products and services are not critical to the items achievement of quality of the final product and therefore may not require same control as some other more critical item. Sometimes it is enough to check the quantities and possible transit damages of the dispatch, but when the purchased item is more critical, its inspection at supplier’s premises prior to the delivery might be appropriate. Other ways to control the outsourced processes are
59
by carrying out periodic audits of the supplier, by close monitoring customer satisfaction or by providing a full specification of the Evaluation process parameters that have to be met (ISO/TC 176/SC 2: and approval of suppliers Guidance on “Outsourced processes”). The standard requires that the organization should evaluate and select suppliers in order to ensure that suppliers meet the requirements. The criteria for selection and evaluation have to exist. One criterion can be a good historical performance of the supplier in the past or the existence of certified quality management system by the supplier. Evaluation can be done by reviewing the records of historical performance, visiting suppliers´ premises, evaluating product samples or conducting a survey (a written questionnaire with a few critical issues sent to suppliers). The suppliers have to be re-evaluated in order to ensure that they are constantly able to meet the requirements. According to the standard, there should be records of the results of evaluations and any necessary actions, like records of historical performance of the suppliers, a list of approved suppliers, etc. Successful purchasing calls for a clear definition of the purchased item (product characteristics, quantity, required delivery date, possible testing or inspection, etc). If there are any requirements for review, approval or other qualifications, they should be stated clearly. Verification of purchased product means that the products are inspected or otherwise verified in order to ensure that they meet specified purchase requirements. The standard does not say that all incoming goods must be inspected. Instead, the organization can freely decide methods of verification. Sometimes it can be a review of purchase documents against delivery note or at the other end, an extensive inspection of the goods before their dispatch. Person responsible for purchases should possess relevant knowledge and skills to make a complaint to supplier when necessary, since this is the way to improve both their own and the supplier’s operation. 4.7.5. Production and Service Provision (clause 7.5)
•
60
The ISO 9001:2008 standard states that “the organization shall plan and carry out production and service provision under
•
•
•
•
•
controlled conditions” . This is a standard requirement to make sure that production and servicing processes are effective and that the focus is on the prevention of nonconformities rather than on inspection and testing to detect them. Controlled conditions include, when applicable, that there is adequate product information available (specifications, drawings, work orders etc), suitable equipment and preventive maintenance are used, products and processes are monitored and measured with applicable devices, and that there are suitable methods and procedures for a product release and service delivery. These requirements may sound artificial, since in practice many of them are already in use – order processing surely has adequate documentation, suitable production equipment, exact product parameters to meet the qualification, and specific procedures to be done before the dispatch or service delivery. The language of standard sounds artificial, but it refers to practical everyday procedures that have to be effective. Great emphasis is on preventive actions: on preventive maintenance to ensure that machines and equipment are working, on preventive identification of root causes that might emerge in a form of nonconformities, errors, lack of information, customer complaints etc.
Effective processes
Prevention of nonconformities
If there are special processes where the resulting output cannot be verified by monitoring and measuring and where deficiencies become apparent only after the product is in use or service has been delivered, it has to be proved that these processes as themselves are qualified along with the personnel. This is called a validation of processes . Examples of these special processes are food preparation and air traffic control services. Referring to the previous chapter, there should be records verifying that the special processes are qualified and able to produce planned outputs. Example: a document showing acceptance of tolerances and parameters or a memo of calibration. Concerning the product identification and traceability , the ISO 9001:2008 standard states that “where appropriate, the organization shall identify the product by suitable means throughout product realization”. Identification means that when the products cannot be identified inherently, they should be marked, labelled and located in a way that connects the product to a particular batch, work order, raw material and any other source of origin, and shows the status of the product (e.g. tested, inspected or not). If traceability is specifically required for example by the customer, the organization shall control and record the unique identification of the product. Example: Usually this information is recorded on a work order. Sometimes even a work number suffices to track each process step.
61
•
•
•
Furthermore, the ISO 9001:2008 states that “the organization shall identify, verify, protect and safeguard customer property provided for use or incorporation into the product”. Customer property is any material or supplies provided by the customer to the organization, e.g. material and components, tooling, packaging material and drawings. “If any customer property is lost, damaged or otherwise found to be unsuitable for use, this shall be reported to the customer and records maintained.” Example: an internal complaint form. Generally, the organization should preserve the products, materials and components from receipt through processing to delivery in a way that damages and deterioration won’t occur. Preservation includes identification, handling, packaging, storage and protection. Storage and handling are especially important for time and moisture sensitive material (e.g. foodstuffs), components that can deteriorate because of electrostatic discharge and for other equivalent material.
4.7.6. Control of Monitoring and Measuring Devices (clause 7.6)
This clause of monitoring and measuring devices concerns the fact that the organization should, when necessary, measure the product and monitor process performance with applicable devices in order to be convinced that the product will meet all its requirements. In order to understand this better, in practice monitoring and measuring usually means inspection and test during relevant points e.g. during production. Monitoring and measuring device can be a “measuring instrument, software, measurement standard, reference material or auxiliary apparatus or combination thereof necessary to realize a measurement process ” (ISO 9000:2008). When it is necessary to ensure valid results, measuring equipment should be calibrated or otherwise verified, “against measurement standards traceable to international or national measurement standards; where no such standards exist, the basis used for calibration or verification shall be recorded (ISO 9001:2008)” . There should be records of calibration and verification results.
62
Example: The organization may wish to keep a list of devices to be calibrated at certain time intervals. This can be a simp simple le Exce Excel-t l-tab able le.. Resu Result lts s of each each calib calibra rati tion on can can be attached to the list. 4.7. 4.7.
Measu Measurem rement ent,, Analys Analysis is and and Improv Improvem ement ent (clau (clause se 8)
This clause includes four main chapters: monitoring and measurement, control of nonconforming product, analysis of data and continual improvement. Monitoring and measurement A system to The clause of monitoring and measurement requires that the provide organization has to show that it has established a system which information
produc produces es inform informati ation on of 1) custom customer er satisf satisfact action ion,, 2) intern internal al audits, 3) process performance and 4) product conformance, in “to demo demons nstr trat ate e conf confor ormi mity ty of the the prod produc uct, t, to ensu ensure re order “to conformity of the quality management system, and to continually improve the effectiveness of the quality management system” . The idea is to prove that there is systematic way to monitor proces processes ses and produc products ts (e.g. (e.g. by inspec inspectio tion n and test), test), analys analyse e customer-, product- and process-related information, and based on this information take relevant improvement actions. When the standard puts it as a requirement it might sound complicated and difficult, but in practice they are usually normal information flows, inspection and checking against tolerances during the production, and and othe otherr so call called ed self self-e -evi vide dent nt back back-u -up p thing things s in ever everyd yday ay oper operat atio ions ns.. Wh When en proce process sses es are are docu docume ment nted ed,, it prov proves es the the existence of all relevant requirements. The
standard emphasizes the meaning of customer satisfaction . The ISO 9001:2008 standard states: “As one of the measurem measurements ents of the perform performance ance of the quality quality managemen management t system system,, the organ organiza izatio tion n shall shall monit monitor or infor informa matio tion n relat relating ing to custo customer mer percep perceptio tion n as to whethe whetherr the organ organiza izatio tion n has met met customer requirements.” requirements.” It is esse essent ntia iall that that ever everyb ybod ody y in the the organization know what is meant by customer satisfaction and dissatisfaction. Information should be gathered on both. The ways to get feedback from the customers are e.g. visits to customers´ prem premis ises es or vice vice vers versa, a, dire direct ct comm commun unic icat atio ion n with ith them them,, compla complaint int handli handling, ng, custom customer er satisf satisfact action ion questi questionn onnaire aires s and news in the media.
63
The ISO 9001:2008 standard requires that “the organization shall conduct internal audits at planned pl anned intervals...” Internal audit is a systematic evaluation performed within an organization to ensure that that the the orga organi niza zati tion on empl employ oys s the the prin princi cipl ples es of stan standa dard rd requirements and the processes perform according to standard and the organization’s own requirements. Auditing should be done at planned intervals, but at least annually during twelve months and covering all the units of the organization. At first, the management and/or management representative has to plan an audit programme to decide what activities and areas of the system are the most critical ones and therefore to be audited at that that time. time. The activit activities ies and areas areas of qualit quality y manage managemen mentt syste systems ms where where proble problems ms,, noncon nonconfor formit mities ies and change changes s have have been more frequent are subject to be included. Also, the findings of previous audits should be considered if they reveal the areas of nonconform nonconformities ities.. During During the auditing auditing all deficiencie deficiencies s should be identified. In a following page there’s an example of a simple audit list including areas to be audited and their time schedule (Table 1). In this example, the matters that are checked and have no deficiencies are marked with a cross. If deficiencies are noticed they are written down under the list. The idea is to check matters in any month during one year. Table 4.2. Audit list (abridged and artificial version) Area / activity to be audited
Jan
Feb
Marc
April
h
Acc Acceptan ptance ce crit riteria eria for for the most most important suppliers are defined and in use. use. Ther There e is a reco record rd of appr approv oved ed suppliers. The performance of suppliers is moni monito tore red d and and eval evalua uate ted d regul regular arly ly.. Feedback is given to suppliers.
X
Purchasing Purchasing and sales orders include all releva relevant nt informa informatio tion n and there there is no possibility for false interpretation.
X
Methods to check incoming goods are defined and in use. There are predefined areas to be used for the storage of goods. Condition of goods in storage is eval evalua uate ted d at rele releva vant nt inte interv rval als. s. To prevent the damage and deterioration a proper storage is applied. Mean Means s to iden identi tify fy prod produc ucts ts,, part parts, s, components, raw material etc is used (e.g (e.g.. mark markin ing g with with a stam stamp, p, a part part number on a work order).
64
X X X
X
M ay
June
When When tracea traceabil bility ity is requir required, ed, all the material and parts used can be identified from a written document. The criteria for nonconforming products exist and are applied.
X
X
The ISO 9001:2008 9001:2008 standar standard d require requires s a document documented ed responsibi sibilitie lities s and proce procedur dure e for for intern internal al audits audits:: “The respon requirements for planning and conducting audits, and for reporting results and maintaining maintaining records records shall be defined in a documented documented proced procedure” ure”.. Documented procedure can be mentioned in a quality manual, manual, defining defining the scope, scope, frequen frequency, cy, methods methods of auditing auditing and records (such as list presented here) to be generated. The organ organizat ization ion should should have have at least least two two intern internal al audito auditors rs since since the the one performing audit should not audit his own work. Usually auditors are organization’s own employees but when necessary, they can be outside consultants too. In a small organization where there are only few employees, the one auditor usually is the owner and another is some manager or person with required knowledge of an audited matter. The The audit uditor ors s rep report ort the result ults of auditin iting g to the management who is responsible to ensure that corrective actions are taken without undue delay to eliminate detected nonconformities and their causes. There should be some evidence that corrective actions are taken and they are effective. The
ISO
9001:200 9001:2008 8
moni nitor torin ing g and and standar standard d clause clause of mo meas measur urem emen entt of proce process sses es, “the “the orga organi niza zati tion on shal shalll appl apply y suita itable ble methods hods for monit nitoring ing and, nd, where applic licable ble, meas measur urem emen entt of the the qualit quality y mana managem gement ent syst system em proc proces esse ses” s” , means that once the organization has determined determined suitable methods it should implement them. This clause is actually a restatement for what has been mentioned earlier about monitoring and measuring processes.
Simi Simila larl rly, y, the the clau clause se of mo moni nito tori ring ng and and meas measur urem emen entt of “the orga organi niza zati tion on shal shalll moni monito torr and and meas measur ure e the the product, “the characteristics of the product to verify that product requirements have have been been met” met” , is a rest restate ateme ment nt to impl implem ement ent the meth method ods. s. Methods can be e.g. inspection and test by the person performing the the task, task, or takin taking g of test testing ing samp samples les at cert certain ain time time interv intervals als.. Furthermore, “evidence of conformity with the acceptance criteria shall be maintained. Records shall indicate the person(s) authorizing releas release e of product product” ” . In prac practi tice ce this this requ requir irem eme ent is met met as a conseque consequence nce of normal normal checkin checking g and inspect inspection ion procedur procedures es and using relevant documents. For example concerning the production process, if the product has no deficiencies it proceeds to the next stage stage e.g. to packaging packaging and further further to shipmen shipment. t. Example Examples s of the records records that that indicate indicate accepta acceptance nce criteria criteria and authoriz authorized ed persons persons usuall usually y are work work orders orders or record records s in opera operatio tions ns manag managem ement ent programme. They also track the order to the correct raw material, components, machines and employees. 65
Control of nonconforming product
The ISO 9001:2008 standard states: “The organization shall ensure that product which does not conform to product Continual requirements is identified and controlled to prevent its improvement unintended use or delivery...” “...The controls and related responsibilities and authorities for dealing with nonconforming product shall be defined in a documented procedure…Records of the nature of nonconformities and any subsequent actions taken, including concessions obtained, shall be maintained.”
When nonconforming product is corrected, the standard requires that it should be subject to re-verification by a relevant authority or, where applicable, by the customer. Analysis of data
This clause concerns the organization’s requirement to determine, collect and analyse appropriate data relating to customer satisfaction, product conformity, characteristics and trends of processes and products including opportunities for preventive action, and suppliers, “to demonstrate the suitability and effectiveness of the quality management system and to evaluate where continual improvement of the effectiveness of the quality management system can be made” . Improvement
This clause is, by and large, a restatement of the above: “The organization shall continually improve the effectiveness of the quality management system through the use of the quality policy, quality objectives, audit results, analysis of data, corrective and preventive actions and management review” . In order to simplify this circle of continual improvement it can be described as follows: Quality policy and quality objectives (derived from the quality policy) steer the organization towards the targets, as they tell the employees where to aim at and what kind of performance is needed from everyone in order to reach the targets. Audits are conducted to find out whether processes perform according to the principles of standard and targets set by the organization. They also address the possible opportunities for improvements. If any deficiencies are noticed, they are handled during management reviews along with any other relevant information relating to customers, suppliers, own products and processes etc. As a result, corrective and preventive actions are taken for the improvement. Naturally, improvement actions are implemented when there is a need for them, not only as a result of audits and management reviews. It is essential to empower and commit personnel to make improvement actions in relation to 66
everyday operations. The ISO 9001:2008 standard puts a great emphasis on the elimination of root causes. It is not enough to solve the symptom of the problem, but the root cause of it in order to prevent it recurring. Typical root causes are lack of information and training. The ISO 9000:2008 standard explains, that “corrective action is taken to prevent recurrence whereas preventive action is taken to prevent occurrence” . In other words, preventive actions try to eliminate the root cause of the problem in order to prevent its occurrence in the first place. When concerning corrective action, the problem has already happened and actions are taken to prevent its recurrence again in the future. It has to be noted that corrective and preventive actions do not have to be implemented for every nonconforming situations, but a cost-value consideration has to be made to decide whether actions are worth for implementation or not. The standard requires that there should be a documented procedure both to corrective action and preventive action, including -
-
4.8.
reviewing of nonconformities preventive action)
(not
concerning
determining the causes of nonconformities
-
evaluating the need recurrence/occurrence
for
action
to
-
determining and implementing action needed
-
records of the results of action taken
-
reviewing corrective/preventive action taken.
prevent
Minimum Requirements According to ISO
The only part what ISO 9001:2008 standard requires to be Documentation documented concerns chapter 4.4.2 Requirements. Otherwise organizations can by themselves determine the necessary level of documentation. In many parts documentation is advisable, although not specifically required as a mandatory requirement by the standard. At least the product realization processes are recommended, since documentation proves the existence of meeting many standard requirements rather easily. Also, it provides employees with an understanding of how their performance affects other processes and employees and how the process as a whole has to perform smoothly in order to produce required products and services.
67
4.9.
Permissible Exclusions
Permissible exclusions were discussed in chapter 4.7 Product realization. To make a restatement, such exclusions shall not affect the organization’s ability, or responsibility, to provide product that meets customer and applicable regulatory requirements. The fact that a specific process (e.g. manufacturing, design & development) is outsourced is not a justification for the exclusion. Instead, the organization must be able to demonstrate that it has sufficient control to ensure such processes. In chapter 4.4.2 b) there were some examples of possible exclusions.
68
CHAPTER 5. 5.1.
STEPS TO IMPLEMENT A QMS
Steps to decide
Every decision making process in a company is accompanied by a more or less detailed research of data or at least discussion of experience and personal opinion of business leaders. Implementation of a quality management system, which could be quite a challenging task especially for smaller sized companies, also needs a certain amount of preparation and planning.
Some preparation work is necessary
5.1.1. Decision to implement a QMS
If a company wants to decide if it should implement a QMS it has to take a lot of different facts into consideration, which could be worked out in an internal management meeting. Main players in this meeting are the general manager who has to decide from a more strategic viewpoint, and the existing quality representative (quality manager) who should be aware of more QMS details (necessary resources, costs, etc.) and its business impact. The marketing/sales manager or a technical officer may support the decision making process by daily business experience.
Definition of quality manager / First information to the management level
Some companies start their own research but most of the time the decision is made after a deep discussion of the topic with a chances and risk analysis, which is strongly connected with the later first planning of resources (5.1.3). In addition to that, a person who will take the responsibility for the next steps has to be named – of course the quality manager (QM) is the bestqualified person. If there is no quality manager available who has the necessary knowledge about this topic, it might be a worthwhile investment to send the management representative to an external training on QMS. Quality managers should be able to build and improve the management system but also bring in as well an excellent level of social competence. Once the decision is made by the top management as another early step the whole management level should be informed and committed to the QMS because full management support is a crucial factor for a successful implementation process. Lack of information about what a QMS stands for and which changes will occur might create misunderstandings and restrictions against the implementation process. The top management has the task to create a positive awareness for this new quality initiative by providing the necessary information and participative leadership. Another important decision the management has to take is the level of outsourcing during the implementation process, which means the scope of consultant involvement.
69
5.1.2. First planning of resources
Implementing a QMS could be quite a challenge for a company because the elements of a QMS are interdependent with most of the vital parts of the organisation. For this reason a first rough projects plan with the most important milestones and the corresponding resources should be sketched. Many QMS implementations are divided into phases like: •
•
•
•
•
•
Start-up phase: collection of information about QMS, Rough projects plan decision making process, training on QM, support of including consultants, benchmarking main phases assessment phase: identification of actual strengths and and resources for implemenweaknesses tation system building phase: management handbook, creation of documents, identification and description of key processes and quality relevant issues training phase: training of staff in all areas of the organisation improvement phase: first review of the system (internal audit) and improvement activities auditing phase: external certification audit
Each of these phases should be roughly estimated concerning time plus money and in addition to that clear responsibilities should be defined. During the next step – the self assessment – this plan should be reviewed and revised.
5.1.3. External consultants
Organisations choose different ways how to implement a QMS regarding the scope of external involvement. The range runs from a totally “home made” system to a complete outsourcing of all implementation activities. An advantage of the first case is that deep knowledge about the system is built up in the company whereas the danger of creating only a sub optimal QMS is higher because of the fact that a consultant will encompass high implementation experience often in the same branch. The decision which grade of outsourcing has to be taken is depended on certain factors. Some of the most important are: •
•
70
Level of internal knowledge: if there is already an expert in the company, the planning and implementation can easily be done in house. Perhaps external help could be worthwhile during the internal audit phase. Furthermore the role of consultants is to adjust the requirements of the standard to each company, since the standard is quite general and “open”, so an inexperienced person could omit things. Available internal human resources: some companies are so lean in their organisational structures that it is not
Outsourcing factors: internal knowledge, available internal human resources, financial resources
possible to transfer enough staff capacity to a new implementation project and work for this reason intensively with external consultants. Furthermore external consultants can stimulate the staff in the implementation of the quality process. •
Financial resources: of course external consultants cost money but in most cases the payback time of this investment is very short because of an efficient project management system and high knowledge about how to design a QMS could save a lot of money in the longer run. In addition to that many companies hire consultants with high reputation and use this fact as a first marketing instrument for their customers.
Either way the top management of the company has to take care that the QMS is strictly result oriented, which means it has to be aligned with the company’s success factors and its strategy. QMS that are focused only on achieving the certificate are not strictly result oriented and are often perceived as red tape and a topic, which is for the QM department or the quality manager himself only. For the two following phases, it is a great advantage to work with an external consultant because he has a new and neutral look on the enterprise and on its organization. 5.2.
First self assessment
The first self assessment or horizontal assessment (some or all aspects of the ISO standard) has the goal to figure out which actual level of QMS maturity the organisation has and where the fields of highest potentials are as every organisation that is seeking certification is required to: •
•
Check lists / Strenghts and weaknesses analysis / Force field analysis
Formalize the way things are done Demonstrate assurance that things are done in the right way
•
Monitor the effectiveness of what is done and
•
Improve
For this reason using some tools could be very helpful. Beside some software products which are provided by many different companies and are designed to help identifying “unknown land in the ISO world”, check lists, strengths-weaknesses analysis and forced field analysis are often used tools for the first assessment. Normally the first self-assessment is a mixture of analysis and workshops, respectively in small companies one single assessment workshop. The output of all these methods and tools is to measure and assess the actual state of the 71
organisation against the elements of the ISO standard. Checklists are the most frequent tools, which are used in this phase and can easily be found in ISO literature. In long lists there are detailed questions about every single element of the ISO but for smaller sized companies a certain amount of simplification work is often necessary because in this case the organisational structures and documentations are less complex. The best way to conduct checklists is an individual interview with key persons of the company. Chapter 5: Management responsibility
Question:
Yes
quality
policy
No Remarks
5.1.1
Does a exist?
X
5.1.2
Do management reviews exist and do they include all essential aspects?
X
There is no systematic customer satisfaction analysis
5.1.3
…?
X
……
Figure 5.1 Example of a first assessment checklist.
In the workshop itself the concentrated results should be presented and discussed. One of the most common supportive tools is the so called strengths and weaknesses analysis, whereby the areas of high ISO maturity are highlighted against the areas of extraordinary low maturity in a kind of balance sheet. Figure 5.2
Example of a strengths and weaknesses analysis
Input Output Beside this comparison of the organisational state in relation to Level of Lev el of matu rity Level ofmaturity maturity Visualization of Definition of ISO elements ISO elements, human aspects and the organisational change strengths and In columns. Elements of ISO m ents o ISOinto off ISO Weak Average Strong Weak Average Strong Weakconsideration. Average Strong process should beEleElements taken Aweaknesses. very simple Assessment of maturity method to dos. this is the so called force field analysis (FFA). The levels of the element Definition of Processes Processes Processes improvement actions. underlying model of the FFA states that during a change process Identification of critical Continua elements (low level). Continual Continual Improvement Improvement Improvement there will always be enforcing and constraining forces in an Supplier organisation such as Supplier the Development mind set of specific employees (e.g. Supplier Development Supplier Developmen t Development members of works council), experience with former changes, ……. ……. motivational aspects, incentive systems, etc. As well as in the …… …… strength and weaknesses analysis both kinds of forces are listed …… …… and discussed. As the major result enforcing aspects should be supported by actions …… and constraining aspects should be …… weakened or eliminated.
72
Input
Output
Visualization of projec forces
Determination of improvement activitie
The goal has to be defined (e.g. efficient implementation process).
Identification of reinforcing and constraining forces (brainstorming)
Results in form of a balance sheet
Support reinforcing aspects and eliminate constraining aspects
Which Which forces forces are are effecting effecting the the goal? goal?
Reinforcing aspects
Constraining aspects
Figure 5.3 Force Field Analysis
With the collected, discussed and committed knowledge of the actual ISO maturity and change aspects, a more detailed implementation plan can be developed. 5.3.
Detailed implementation plan
The implementation plan is strongly interrelated with all afore mentioned contents and draws a general picture of what should be done and when it should be done until the certification audit has been successfully passed and encompasses the system building phase, the training phase, the improvement phase and the audit phase of the implementation project.
Project organisation / Goal description / Early planning of trainings / Definition of Between each of these phases milestones should be defined which quality policy
are in most cases points for top management reports or workshops. For example the milestone after the system building phase could be a completed QM handbook plus ready designed and described processes. After the training phase all learning and training activities should be completed whereas the milestone for the improvement phase could be a successfully passed internal audit with a timetable for the elimination of minor and major nonconformities. And finally the audit phase could be completed by the certification of the company whereas the last phase (improvement) shouldn’t find an end at all.
73
Phase 1
Self Assessment Start 09/03
Data analysis
Strenghts weaknesses
Force field analysis
…
Phase 3
Phase 2
System Building 10/03 Completed first self assessment
Generation of QM Handbook
Improvement
01/04 Completed system draft
Identification of Processes
Definition of Documentation
Design of records
Management Commitment and responsibilities
….
….
Figure 5.4 Example of an implementation plan with milestones details are shown in this graph)
(no
Besides phases and milestones the project organisation should be clearly defined. Even in small companies it doesn’t make sense that one single person is in charge of every activity during the whole implementation project. For this reason it is common to create a multi layer project organisation. This means that different employees of various departments are responsible for smaller tasks; the quality manger or the external consultant does the coordination and the main decisions and directives are given by a steering group which consists of top management members. As mentioned above, the steering group is only active in milestone workshops or if there are exceptional decisions to make. All subprojects and tasks have to have at least a very short form of goal description: •
•
•
•
What is to be done (if necessary in form of a detailed description)? Until when should it be done (check the correlation with the master plan)? Who should do it? Which resources infrastructure)?
are
available
(staff,
money
and
One of the core elements of systems engineering – a widely used philosophical approach on how to build a QMS – states that it is crucial to establish a model or system from the top perspective and on this basis continue step by step towards more detailed levels. This “low to high detail” dogma is as applicable in the implementation plan: start with the master plan (phases) and develop top down until the most detailed level is reached. Feedback and results are reported bottom up and are collected and condensed until the top level (steering group meeting) is reached. Only under these conditions can a permanent flow of information be guaranteed. 74
Of course many software solutions are available to support these planning issues (e.g. MS Project) but for small enterprises, in particular, where the knowledge of project management tools is often not very well established it sometimes makes more sense to sketch the plan simply on a flip chart and pin it on a wall. The earlier training activities can be done the better for the QMS because the more employees that are aware of the new system and are involved in the implementation process, the easier the information will flow. Especially in the first phases as it may be necessary to train selected groups of employees in the basics of ISO standards and in the tools they will have to use during the following phases (process orientation, documentation of quality relevant issues, etc.). Training and quality education of employees is one of the most important and regarding the duration of the corresponding activities, one of the most underestimated aspects. One of the first steps in the implementation plan is the discussion and definition of the quality policy and quality objectives wherein the top management draws a picture of strategic quality issues. As a rule the quality policy describes how the company is aiming at permanent improvement via the QMS, the importance of quality for every single member of the organisation and the relationship with customers and suppliers. Of course it has to be aligned with the company’s general strategy, it should be known and understood by all employees and should be much more than only a lip-service by the company’s leaders. 5.4 Development of QM Handbook
The Din ISO 9000:ff, also known as process-oriented standard, requires a process-oriented composition within the company but also of the QM system. The standards demand the development and the introduction of a documented quality system, which can consist of different elements. One of these elements is the QM handbook, where the structure of the documentation is set down; usually the content is oriented to the original structure of the DIN ISO 9001:2000 (guidelines on creating the handbook ISO/DIS 100 13 "Guidelines for developing handbooks") using in most cases the following chapters. •
Quality Management System
•
Management Responsibility
•
Resource Management
•
Product Realization Requirements
•
Remedial Requirements-Measurement, Improvement
Analyses
Structure of documentation / Customer benefit
and
75
In addition, it must contain, or refer to, the instructions on procedure that are an integral part of the QM system. By the figure of the process architecture of the company using a systemic process model, varying levels are visualised. These levels correspond with the different documents within the QM system. Typical examples are: in level 1 - statements of the quality policy and quality objectives, in level 2 - process instructions, introduction on procedures (describing responsibilities, purviews, and relationships with the staff and stating how different activities must be performed), in level 3 work instructions (descriptions of activities related to the workplace) and other quality relevant documents. Figure 5.5 QM Handbook Hierarchies Level1
Black B Box ox From the customer's view, the QM handbook offers the possibility Vision to verify the supplier has adhered to the specifications and guidelines of the customer and is making every effort QMHandb ook to fulfil the Leve l 2 Q-PolicyandObject ives quality requirements. So the QM handbook documents the ProcessModel operative installation and further development of the whole ProcessInstructions, Level3 Quality Management System. Work Flows Work procedures, Formularies, Functional descriptions Level 4
5.5 Design or check up of processes
Processes are the core element of the “new” (2008) revision of the ISO 9000 standard (available from the 1st January 2004). In almost every element there can be found one or more statements how processes should be monitored, measured and improved whereas a closer description of the way that processes should be identified is not provided. First of all it is necessary to define what is understood by processes. In general a process is a logical and sequential flow of activities which are repeatable and fulfil the following criteria: •
•
•
Clear starting point and end (process boarders) Well defined input factors (material, information, human resources, etc.) and a clear output (result) Suppliers and customers
A tool, which encompasses theses elements, is the so called SIPOC method. SIPOC stands for Supplier – Input – Process – Output – Customer and helps to identify the main aspects of processes. As the first step the process is sketched as a black box (top down procedure) and the starting point and the end are determined. Then continue to develop on the right side of the process and proceed with the output and the customers. A 76
SIPOC method / Process map / Levels of processes / Performance indicators
critical point is the correct identification of customer’s needs and later the continuous improvement in fulfilling these needs. As a last step the input is specified and the suppliers are named. It is important to understand that suppliers are not only external companies but also internal departments or processes (internal supplier-customer relationships).
Outp
Inpu
Name the proce
Define start and end
Specify the output and the custom of the process.
Identify the necessary input factors
Name the supplier of the proces Supplie Supplie
Start
Input
Consistent understanding o process.
Clear boundary of process.
End
Proces Proces
O utpu
Custome Custome
Figure 5.6 SIPOC method
As mentioned in the preceding chapter, in most companies processes are seen in different levels. The highest level of process visualisation is called a process map and shows the interaction between the main processes of the organisation. In these process maps, there can be found, as a rule, three different types of processes: •
•
•
Core or key processes: these are value adding processes where the start is normally defined by a certain customer need and the end is the delivered good or service – this means core processes are so called customer-to- customer processes. Support processes: core processes are normally not able to work properly without a certain amount of support. For example: a production process needs the support of a maintenance process – customers are not willing to pay for the maintenance, but it is necessary for a continuous performance of the value adding process. Management processes: these processes are mainly planning, steering and development activities, like strategic planning or controlling. Again, customers do not pay for them but they are necessary for the long term survival of the company
Normally, the definition of a specific process map is the first step in this project phase: main processes are identified, interactions are visualised and process owners are named. The latter is one of the most important functions in a process oriented organisation. 77
Process owners (PRO’s) are responsible for the detailed definition and sufficient resource supply of the process. In addition to that, they have to care for the right measurement tools (performance indicators) and continual improvement. Figure 5.7: Example of a process map Management processes M anagement p rocesses
Support processes S upport p rocesses
Once this process map is sketched and approved by top MP 1: Strategic SP2: SP1: RP3: MP1: Strategic SP1: RP3:Human Human SP2: Maintenance Procurement Contolling Resources management every process has to be defined in more detail by process owners until in level two or three a clear structure is achieved which can be displayed in a flow chart. In these flow Key processes charts step after step of the processes are defined and adjusted together with some additional information: KP2: KP1: KP3 KP3: KP1: KP2: Customers Customers Research Research and and Development Development
Production Production
•
Responsibilities
•
Corresponding documents and records
•
Interfaces with other processes
•
Flow of information
Marketing Marketing
A process owner also to find the right performance indicators because the ISO standard demands monitoring and improvement of processes. Most of the time output indicators (customer satisfaction, productivity, yield, etc.) are defined but in many cases input or process indicators could be of great help (e.g. cost, time, quality). Of course this detailed definition of processes needs to be coordinated by the quality manager or/and the external experts. At the end of this phase the company has a well defined process map or model where different levels lead to detailed descriptions of procedures which have to be linked to the QM handbook as described in the preceding chapter. 5.6 Final implementation – QMS kick off
Now, as the formal aspects of the QMS are established the official release of the system should be the next step. Management and the management representative have to ensure that every process and procedure, which is followed together with every document and form, which is used in the organisation has to be part of the QMS from now on. On the one hand the new tools have to be provided by the system and on the other hand the users have to have the capability to work with them. Normally employees are informed about the system in advance but now they have to be trained in procedures and tool handling in quality relevant areas, which could be an extensive task especially in larger companies. 5.6.1. Training
Planning and deploying QMS training is a critical factor in many Customized ways. First: numerous organisations fail in the certification audit training / 78
because employees do not know the relevant quality documents and procedures as individually they do not operate with them. Second: training costs a lot of time and a lot of money – this is why management tries to keep the training efforts low and third: customized training is required for every class of employees.
Training plans
For all of these reasons companies create training plans wherein classes of employees are defined and connected with training contents inclusive dates in form of a matrix. These training plans should be finished before the official start or release of the QMS is done. Of course not only blue collar workers have to be trained, a high percentage of employees of all departments and hierarchies will have to take part in different training initiatives. In general there are four types of trainings used during an QMS implementation: Management training: provides upper and middle management with an overview of the ISO standard, the requirements and what they look like at the own location (changes in processes or responsibilities) are discussed, and maybe it is told about the benefits of certification explained. Start-up training: provides all employees with an introduction to the QMS and how the management intends to implement it. Especially what the next steps will be and how individuals will be affected by the QMS. Point training: provides all or most employees with information regarding specific procedures and working instructions such as design & development, production processes, equipment handling or corrective actions. Work instruction training: trains all employees on the documentation describing their jobs. This training can be minimal if the employee is already doing the job, but helps ensure that everyone is doing the job correctly and in the same way. As mentioned above, an effective and efficient training process is absolutely crucial for the future success of the QMS and must be defined quite soon in the project so that everyone will be ready to use the QMS from the end of its implementation. 5.7 Internal Audit
Internal Audits – also known as First Party Audits - are normally used before the first official certification and in addition during two following independent audits. The organisation should conduct internal audits at planned intervals to determine two different characteristics of the quality system. Firstly it should prove the conformity to the planned arrangements, to the requirements of the international standard and to – their own – quality management system requirements and secondly the
First party audit / Preparation and behaviour / Audit report
79
effective implementation and maintenance. The flow of the internal Audit consists of three major steps and is defined in a documented procedure: Prearrangement, information and scheduling: all involved persons should be informed on time when and how long they should be prepared for the internal audit. •
Controlling QM documents: these documents could be QM handbook, process descriptions, quality reports, procedures, working instructions, etc. An experienced auditor will recognize the critical areas and elements and will focus his interview on these fields. •
Internal audit: (introduction, analysing and testing, variation description, final report, and documentation) most internal auditors use a predefined checklist which is the output of the preceding document controlling phase for interviews and make additional site inspections. Audit checklists ensure that nothing is missed, highlight critical areas and provide a record of the acceptable and unacceptable evidences. All unacceptable evidences must be recorded in detail for future tracing and for non compliance reporting. Every action during the audit should follow the circle: ask – look – check – record. •
An audit program should be planned, taking into consideration the status and importance of the different processes running in the company. The criteria for the audit, scopes, frequencies and methods should be defined. Especially in smaller companies the management representative is also the auditor. This person is responsible for the audit, should be objective and impartial, the only restriction is to audit the own work. To sum up, there are 8 major points which describe the behaviour of an internal auditor during the auditing process: •
Act goal oriented
•
Determinate employee motivation
•
Define your minimum standards of acceptance
•
Consider benefit and work relationship
•
Count only facts and no assumptions
•
•
•
80
If a nonconformity is found do not criticise, look for the reasons, record all details, try to assess if the nonconformity is a single case of if it is “normal” Understand yourself as a partner of the auditees Communicate honestly (explanations, open ended questions, good listening)
As a result an audit report with all nonconformities is generated and presented to the management. Such a report should include: •
Scope and target of the audit
•
Date and signature of auditor
•
Members of the audit team
•
Referring documents (ISO 9000:2008, QM handbook, etc.)
•
Detected Nonconformities
•
Assessment of ISO standard conformance
•
Capability of QMS achieving the defined quality objectives
The management who are responsible for the organisation being audited should ensure that identified problems (corrective and preventive improvement activities) are solved without delay. The objective is to detect and eliminate the reasons for nonconformities and their causes. Following activities should include the verification of these actions and the reporting and documentation of the results. Only when the results of the internal audit shows a high conformance to the ISO 9000 standards should a company apply for an external audit, which is the next logical step. If many major nonconformities are detected during the internal audit, the company should really think about postponing the external audit and work on the elimination of nonconformities. This is particularly so when problems emerge among employees and new/further training is required which often costs more time than fixing documentation or system problems. 5.8 External audit
External audits, certification audits or third party audits are the highlights of all ISO 9000:2008 implementation processes. Many problems and surprises could be avoided with a professional choice and management of the certification process because a l ot of companies underestimate the importance of this part.
5.8.1. Certification Body
When choosing a certification body to carry out ISO 9000:2008 Choosing a certification, there are some aspects an organization needs to certifcation take into account. The first point is that an organization can body implement ISO without seeking certification, but many reasons speak for an independent audit: for example if it is a contractual or regulatory requirement, if it is a market requirement or to meet customer preferences or if the management thinks it will motivate staff by setting a clear goal for the development of the management system. 81
If the decision has been made to apply for a certificate some criteria for the choice of the certification body should be taken into account: •
•
•
It has to be clarified whether or not the certification body has been accredited and, if so, by whom. Accreditation means that a certification body has been officially approved as competent to carry out certification in specified business sectors by a national accreditation body. The cheapest certification body might prove to be the most costly if its auditing is below standard, or if its certificate is not recognized by the company’s customers. It should be evaluated whether the certification body has auditors with experience in the organisation’s business sector.
Maybe most of all “harmony” between auditor and auditee should be taken into consideration because both sides have to cooperate for a long period of time.
5.8.2. The certification process
The certification process is never a one day activity. It takes some preparation and cooperation with the external auditors because they need to be informed about the formal aspects of the company’s QMS, like the handbook and procedures plus some basic data of the company itself (size, branch, etc.). For this reason the cooperation with the certification body will occur in some steps, like a first information meeting, maybe a pre-audit, the certification audit and periodical surveillance audits. An information meeting will be the first opportunity for the company representatives to meet the so called registrar (external auditor) who will perform the ISO 9000 quality audit. In this meeting the timetable of the certification phase is adjusted and the form of cooperation is discussed. Although a pre-audit is not a formal requirement for certification, it could be a highly beneficial step for many organisations because documentation is reviewed according to the requirements of the appropriate standard. A pre-audit will help to educate management and staff on third party auditing. It will also eliminate many possible surprises and it will help assure those people who are implementing the quality system that the process is on track for successful certification. Certification audit: in addition to assessing whether or not the organisation is in compliance with the applicable ISO 9000 standard, the final audit also assesses whether the system is implemented effectively and is capable of achieving the quality 82
Information meeting / Preaudit / Certification audit / Surveillance audit
and objectives of the company’s product or service. The size of the business will determine the number of auditors needed to perform the formal certification audit. Many small businesses or offices may be audited by a single auditor in a day, while very large organizations may be audited by several auditors over several days. The auditor(s) will evaluate the elements of the quality management system according to the requirements of the appropriate ISO 9000 standard. Audits are typically performed by: •
•
•
Touring the facilities and observing ongoing operations Interviewing employees Reviewing documentation and evaluating quality-related records.
In most cases at the conclusion of the audit, a closing meeting is conducted during which any identified problems are reviewed. If all goes well, the organisation will be recommended for certification and will be issued an ISO 9000 certificate. If nonconformities are identified required follow-up actions are defined by the auditor. Certification is generally not considered a “pass / fail” activity but an eventual certainty, unless the company decides not to proceed or is simply unable to correct it’s problems. Once certification is achieved, the auditors will return periodically for routine surveillance visits. These follow-up examinations ensure that the management system continues to operate effectively and continual improvement activities are implemented. Finally for the enterprises: if the organization is certified to ISO 9001:2008, the full designation should be used, not just ISO 9001 because latter one might concern either the 2008, or 2000 or 1994 version. 5.9 Continual improvement
Continual Improvement is one of the cornerstones of the ISO 9000 standard and can be found in almost every single element. Every company selects its own approach on how to achieve this target because “the right way” of improvement actions is determined by several factors like speed of change, knowledge level of employees, application of tools, number of hierarchies and leadership style. Independent from this, the ISO 9000 standard demands that every single individual has to know the quality goals and how he or she may contribute to them. For this reason continual improvement has to be established on every level of processes and in every element of the QM handbook whereby three main levels of improvement can be subdivided:
Management review / Process management / Continuous improvement process
83
•
•
•
Top management improvement: this organisational level has to take care that the framework for a QMS in working order (effectiveness and efficiency) is permanently improved, products fulfil customer requirements and use mainly the instrument of management reviews which is described in the ISO 9000 standard (audit results, customer feedback, Process performance, product conformity, preventive and corrective actions, recommendations for improvement, etc.). Process owner improvement: as already mentioned, process owners have to take care of the optimum performance of their processes and have to monitor, measure and improve them continuously. The main instrument is the use of process oriented performance indicators. Employee improvement: every employee is responsible for producing the best possible quality (zero waste and zero defects) and for this reason continuous improvement process (CIP) activities like proposal systems or quality circles are established.
Many companies face the problem that after a successful certification audit everybody returns to normal business where continual improvement actions are reduced to a minimum. As mentioned above, the ISO standard demands permanent activities for continual improvement, which should animate companies to keep up their efforts for high customer satisfaction and efficient internal processes. It can easily be seen that both elements are definitely success factors of almost every company. Companies which use the QMS as their improvement driver develop success oriented QMS structures; in contrast to that so called “certification QMS” fulfil the minimum requirements but do not boost their company towards a quality leader on the markets. As a lesson learned many companies use internal audits (system audits, process audits, etc.) as a regular tool and discuss the results in the form of corrective and preventive improvement actions standardised in several management meetings. Companies that have achieved such an integrated improvement where the QMS is the main instrument for standardisation, measurement and improvement have reached one of the highest levels in QM.
84
CHAPTER 6.
ADDITIONAL REQUIREMENTS
As stated in chapter 4.2 of the present guidelines, ISO 9001 does not only consider customer requirements but also regulatory and legal requirement. In this framework sometimes a company in order to obtain an ISO 9001 certification must meet other requirements as well. These other requirements can be other management systems standards, European directives, technical standards or national laws, presidential degrees and directives.
6.1.
Management system standards
ISO 14001: Environmental management system belongs to the ISO 14000 series of international standards on environmental management. ISO 14001 is the standard that specifies the requirements for the certification of an organisation that has implemented an environmental management system.
ISO 14001: Environment al managemen t system
ISO 14001 is meant to develop a systematic management approach to the environmental concerns of an organization. The goal of this approach is continual improvement in environmental management. Requirements of ISO 14001 standard described in chapter 4 of the standard are categorised in: •
General requirements
•
Environmental policy
•
Planning
•
Implementation and operation
•
Checking and corrective actions
•
Management review
ISO 9001 gives in Annex 1 the correspondence between the two standards.
EMAS: Eco Management and Audit Scheme is a voluntary standard designed by European Commission and intended to be used by both private and public organisations throughout European Union and European Economic Area. Since 2001 EMAS has integrated ISO 14001 as the environmental standard required by EMAS.
EMAS: Eco Managemen t and Audit Scheme
EMAS aims at organisations that want to evaluate, report and improve their environmental performance. HACCP: Hazardous analysis of Critical Control Points is a standard HACCP: 85
Hazardous
applying in the food industry. It aims at eliminating risks for health analysis of and hygiene related to all stages of the food industry: supplies, Critical Control manufacturing, storage and distribution. Points
HACCP involves seven principles: •
Analyse hazards.
•
Identify critical control points.
•
•
•
•
•
Establ Establish ish preve preventi ntive ve measur measures es with with critic critical al limits limits for each each control point. Establish procedures to monitor the critical control points. Establish corrective actions to be taken when monitoring shows that a critical limit has not been met Esta Establ blis ish h proc proced edure ures s to verif verify y that that the the syst system em is work working ing properly Establ Establish ish effect effective ive record record keepi keeping ng to docume document nt the HACCP HACCP system.
Although an American system, HACCP has been adapted by many Euro Europe pean an orga organi nisa sati tion ons s and and in some some coun countr trie ies s it is lega legall lly y required. HACCP applies to all companies that produce, store and distribute food products.
OHSAS 18001 Health and Safety Management System is intended to help an organisation to control occupational health and safety risks. OHSAS 18001 was created by a number of the worlds leading nationa nationall standa standards rds bodies bodies,, certif certifica icatio tion n bodies bodies,, and specia specialis listt consultancies. OHSAS 18001 has been been developed developed to be compatible compatible with the ISO 9001 and ISO 14001 management systems standards, in order to faci facili littate ate the the int integra egrattion ion of qua quality lity,, envir nviro onme nmental ntal and and occu occupa pattiona ionall heal health th and and safe afety mana manage gem ment system tems by organizations, should they wish to do so. OHSA OHSAS S 1800 18001 1 can can be appl applie ied d to all all type types s of comp compan anie ies s and and organisations The OHSAS specification gives requirements for an occupational health and safety management system, to enable an organisation to control its risks and improve its performance. It does not state specifi ific occupation ional health and safety performance criteria, nor does it give detailed specifications for the design of a management system.
ISO ISO 1779 17799: 9: Info Inform rmat atio ion n Secu Securi rity ty Mana Manage geme ment nt Syst System em is ‘a comp compre rehe hens nsiv ive e set set of cont contro rols ls comp compris rising ing best best prac practi tice ces s in 86
OHSAS 18001: Health and Safety Managemen t System
ISO 17799: Information
inform informati ation on secur security ity’. ’. It was publis published hed in Decem December ber of 2000, 2000, based on the British standard BS7799 and since then it gained worldwide recognition in the information security industry.
Security Managemen t System
The ISO 17799 standard comprises comprises ten prime sections: sections: •
Security Policy
•
System Access Control
•
Computer & Operations Management
•
System Development and Maintenance
•
Physical and Environmental Security
•
Compliance
•
Personnel Security
•
Security Organisation
•
Asset Classification and Control
•
Business Continuity Management (BCM)
Within these sections are the detailed statements and clauses that comprise the standard itself. A company that operates in the construction industry, undertaking Example: publ public ic or priv privat ate e work works s that that want want to be cert certif ifie ied d with ith ISO ISO Construction 9001:2000 standard in the framework of its quality management industry system system should should take take measu measures res for the occupa occupatio tional nal health health and safety of its employees and for the protection of the environment. In this this case ase the the adopt doptio ion n of ISO 1400 14001 1 and and OHSAS HSAS 1800 18001 1 standards are recommended. An enterprise that wants to implement a management system in the the 3 doma domains ins (qua (qualit lity, y, secu securit rity, y, envi enviro ronm nmen ent) t) cann cannot ot do it sepa separa rate tely ly:: the the two two or thre three e mana manage geme ment nt syst system ems s must must be connected and integrated. Frequently in SMEs, the same person is the manager of all the manage manageme ment nt system systems s implem implement ented, ed, for exampl example e quality quality and security. Norms in quality, security and environment are built on the same princi principle ples: s: proces processes ses approa approach, ch, contin continual ual improv improvem ement ent… … this this give gives s rule rules s but but also also faci facilit litat ates es the the build building ing of an inte integr grat ated ed system. ISO 9001 doesn’t explicitly require other standards to be applied, However, the implementation and certification with the globally rec recogni ognis sed int interna ernattiona ionall stand tanda ards rds give ive the compa ompany ny a 87
competitive advantage.
6.2. 6.2.
Europe European an Direct Directive ives s and and Techn Technica icall Standa Standards rds
European European Directives Directives and technical technical standards standards regulate regulate European European companies, products, processes and services. The new approach stan standa dardi rdisa sati tion on in the the Euro Europe pean an inter interna nall mark market et is a rece recent nt initiative that aims at bringing together the expertise of European Standards Organisation with that of the European Commission and EFTA. All directives directives and and standards standards can be found found In a single single web site at www.newapproach.org. This is a first step in promoting awareness of the role that standards can play in developing the single European market.
www.newap proach.org
Europe European an Direct Directive ives s and the associa associated ted stand standard ards s regula regulate te a number of different types of companies. For example we can refer to com compani panie es tha that prod produc uce, e, sell or use use medic edical al devic evice es, construct construction ion materials, materials, personal personal protective protective equipment equipment,, pressure pressure equipment equipment,, toys, toys, etc. Information Information on mandatory mandatory directives directives and standards can be found in the New Approach web site, National Orga Organis nisat ation ions s of Stan Standa dardi rdisa sati tion on,, Cert Certif ific icat atio ion n Au Auth thor orit itie ies, s, Chambers of Commerce and in the relevant Ministries. Production, distribution and use of medical devices are regulated by the European Directive 93/42/EEC. The directive specifies the requ require ireme ment nts s that that medi medica call devi device ces s shou should ld conf confor orm m with with,, the the obligation for CE marking and the obligation for the company to have implemented a quality management system as well as a quality quality contro controll system system.. In additi addition on for specia speciall medica medicall device devices s other standards apply such as: •
EN 1642 1642:1 :199 996: 6: Dent Dentis istr try y - Medi Medica call devi device ces s for for dent dentis istr try y Dental implants
•
EN 50323:1999: General requirements for hearing aids
•
EN 13503-8:2000 Ophtalmic implants - Intraocular lences
88
Example: Medical devices
CHAPTER 7.
GLOSSARY
A ∼
∼
∼
∼
∼
audit: systematic, independent and documented process
for obtaining audit evidence and evaluating it objectively to determine the extent to which audit criteria are fulfilled. audit criteria: set of rules, objectives and/or principles used as a reference for inspection actions (such as policies, procedures, requirements, etc.). audit program: set of audits planned for a specific time frame and directed towards a specific purpose. auditor: person with the competence to conduct an audit. availability: capability to realize a function in a specified time.
C ∼
∼ ∼ ∼
∼ ∼
∼
∼
∼
∼
capability : ability of an organization, process or system to
realize a product that will fulfil the customer and other interested parties’ requirements. characteristic : distinctive feature. competence: ability to apply knowledge and skills. concession : permission to release or use a product that does not conform to specified requirements. conformity: fulfilment of a requirement. continual improvement: recurring activity to obtain better results with harder objectives. control and inspection: set of operations required to evaluate nonconformity through observations and measurements. corrective action: action to correct a detected nonconformity, eliminating the causes which generated it. correction : action to eliminate a detected nonconformity (such as rework or repair). customer: organization or person that receives a product.
D ∼
∼
∼
defect: non-fulfilment of a requirement related to an
intended use (generally “deduced” by the customer according to the information communicated by the supplier), or specified by the customer. The distinction between the concepts nonconformity and defect is important as it has legal connotations particularly those associated with product liability issues. dependability : collective term used to describe the organization availability and its influencing factors. design and development: set of processes that transform requirements into the specifications of a product, 89
∼ ∼
∼
process or system. development : see Design. deviation permit: permission to depart from the originally specified requirements of a product prior to realization. document: supporting medium stating information.
E ∼
effectiveness: extent to which planned activities are
achieved. ∼
efficiency: relationship between the result achieved and
the resources used.
I ∼ ∼
∼ ∼
information: meaningful data. infrastructure: system of facilities
and equipment needed for the operation of an organization. inspection: see Control and inspection. interested party : person or group having an interest in the performance or success of an organization.
M ∼
∼ ∼
∼
∼
∼
∼
∼
management: coordinate activities to direct and control
an organization and/or part of it. measurement: activity to measure a quantity. measurement control system : system necessary to achieve metrological confirmation and control of measurement processes. measurement equipment: tools needed to operate the measurement process. measurement process : set of operations to determine the value of a quantity. metrological characteristic : distinguishing feature of measurement equipment. metrological confirmation : set of operations required to ensure that measurement equipment conforms to the requirements for its intended use. metrological function: function for defining and implementing the measurement control system.
N ∼
nonconformity: non-fulfilment of a requirement.
O ∼
∼
90
objective evidence: date supporting the existence or
verity of something. organization: group of people and facilities with an arrangement of responsibility, authorities and relationships.
∼
arrangement of responsibilities, authorities and relationships between people in an organization. organizational
structure :
P ∼
∼
∼
∼ ∼
action to correct a potential nonconformity, eliminating the causes which generated it. procedures: specified way to carry out an activity or a process. process: set of interrelated activities which transforms inputs into outputs, producing added value. product: the result of a process. project: process consisting of a set of activities with start and finish dates undertaken to achieve an objective conforming to specific requirements, including time, cost and resources. preventive
action:
Q ∼
∼
∼
∼
∼
∼
∼
∼
∼ ∼
∼
∼
quality: degree to which a set of inherent characteristics
fulfils customer requirements and of the other interested parties. quality assurance : set of correlated activities, part of the quality management system, capable to guarantee the observance of the requirements. quality characteristic: inherent characteristic of a product, process or system related to a requirement. quality control : set of related operations part of quality management, required to monitor results to quality and control requirement fulfilment. quality improvement: part of quality management focused on increasing the capability of the organization itself. quality management : coordinated activities to direct and control an organization with regard to quality. quality management system : management system to direct and control an organization with regard to quality. quality manual: complex document describing the whole quality management system of an organization. quality objective: objective related to quality. quality plan: document specifying which procedures and associated resources shall be applied to a specific process, product or project. quality planning: part of quality management focused on setting quality objectives and process definition. quality policy: overall objectives of an organization related to quality, as formally expressed by top management. 91
R ∼
∼
∼
∼
∼
∼
record: document stating results achieved or providing
evidence of activities performed (for example, a control). release: permission to proceed to the next stage of a process. repair: action on a nonconforming product to make it acceptable for the intended use. Unlike reworking, repairing can involve specific parts of a product. requirement: need or expectation that is stated, generally implied or obligatory. review: activity undertaken to determine the suitability, adequacy and effectiveness of the subject matter to achieve established objectives. rework : action on a nonconforming product to make it conform to the requirements.
S ∼
scrap: action on a nonconforming product to preclude its
∼
originally intended use, such as destruction, recycling, etc. specification: document stating requirements. supplier: person or organization that provides a product. system: set of interrelated elements.
∼ ∼
T ∼
∼
top management: leaders - a person or a group of
people - managing an organization who establish objectives and try to achieve them. traceability: ability to trace history, application or location of that which is under consideration.
V ∼
∼
validation:
confirmation, through the provision of objective evidence, that the requirements for a specific intended use or application have been fulfilled. verification: confirmation, through the provision of objective evidence, that the specified requirements have been fulfilled.
W ∼
work environment : set of interacting variables
constitute the contest where people work.
92
which
BIBLIOGRAPHY Standards • •
•
ISO 9001:2008 ISO 9001:2000 ISO 9000:1994
Literature
Joseph M. Juran. Juran’s Quality Handbook – 5th ed. Mac Grew Hill Brassard, Michael & Diane Ritter (1994). The Memory Jogger TM II. A Pocket Guide of Tools for Continuous Improvement & Effective Planning. First Edition. Salem, the United Sates of America: GOAL/QPC. European Committee for Standardization CEN (2000). Quality management systems – Fundamentals and vocabulary (ISO 9000:2000). Management Centre: rue de Stassart, 36 B-1050 Brussels. European Committee for Standardization CEN (2000). Quality management systems – Requirements (ISO 9001:2000). Management Centre: rue de Stassart, 36 B-1050 Brussels. ISO´s Technical Committee ISO/TC 176/SC 2 (2001). ISO 9000 Introduction and Support Package: Guidance on the Documentation Requirements of ISO 9001:2000. Available at: http://www.bsi.org.uk/iso-tc176-sc2. Paris, Christopher (2003). The Complete Guide to Understanding & Implementing ISO 9001´s Process Management Requirements. Part Two: Defining & Mapping Your Company´s Processes. Available at: http://www.oxebridge.com/news.asp?ID=157 Secretariat of ISO/TC 176/SC 2 (2003): (Draft) ISO 9000 Introduction and Support Package: Guidance on “Outsourced processes”. Available at: http://www.bsi.org.uk/iso-tc176-sc2 Web references http://europa.eu.int/comm/enterprise/enterprise_policy/analysis/doc/execsu m_2002_en.pdf
http://europa.eu.int/comm/enterprise/enterprise_policy/sme_definition/i ndex_en.htm http://europa.eu.int/comm/enterprise (SMEs in focus. Observatory of European SMEs 2002, European Communities, 2002) http://www.iso.ch/iso/en/iso9000-14000/pdf/survey12thcycle.pdf http://www.eiso.cz http://www.iso.cz 93
