paradygm.co

1. What are ISO 9000 Quality Management Standards?

The ISO 9000 standards are internationally recognized management concepts, principles and practices that have been formalized into a set of standardized requirements for a quality management system (QMS). These standardized requirements define controls that focus on improving an organization’s ability to deliver products or services that:

Consistently meet customer’s quality requirements Meet applicable regulatory requirements Enhance customer satisfaction Achieve continual improvement of its performance in pursuit of these objectives. The ISO 9001 standard focuses on improving an organization’s management sytem and processes. It does not specify any requirements for product or service quality. Customers typically set product and service quality requirements. However, the expectation is that an organization with an effective ISO 9001 based QMS will indeed improve it’s ability to meet customer and regulatory requirements.

ISO 9001requirements are complementary to contractual and applicable regulatory requirements. Those implementing a QMS conforming to ISO 9001 must ensure that the specific requirements of their customers and regulatory agencies are met.

2.0 What are the ISO 9000 family of standards?

The ISO 9000 QMS series comprise the following three documents:

ISO 9000:2005 Quality management systems - Fundamentals and vocabulary. This is a guidance document that defines the concepts, principles, terms, definitions and relationships that form the basis for quality management. ISO 9001:2008 Quality management systems - Requirements. This document is the standard that defines a generic set of requirements for organizations wishing to develop a quality management system.This is the only standard to which an organization may obtain certification. Because requirements are generic and not specific, organizations have flexibility in tailoring their quality management systems to fit their business, culture and risks. To get an in-depth understanding of this key standard, read this free eBookUnderstanding ISO 9001:2000. ISO 9004:2000 Quality management systems - Guidelines for performance improvements. As the title indicates, this is a guidance document for organizations wishing to move beyond the requirements of ISO 9001, in pursuit of continual improvement of overall business performance. Its use is not intended for certification or contractual purposes. 3.0 Who does ISO 9001 apply to? The ISO 9001 standard is generic and meant to be applied to all organizations, without regard to their business, size, profit or no-profit, or whether in the private, or public sector.

In the past few years, industry groups have developed sector specific applications of the ISO 9001 standard. These include the automotive, aerospace, environmental, telecommunications, health and safety, etc. All these sector-specific standards incorporate the full requirements of ISO 9001 as their foundation and then add new requirements or amplify ISO requirements.

4.0 What are the benefits of implementing aneffective QMS based on the ISO 9001 standard?

Benefits include: External Improves customer confidence and satisfaction in an organization’s QMS capability and consistency in meeting requirements. Improves conformity to quality requirements Increases competitive edge and market share Increasingly recognized as a requirement for contractual relationships in the global arena. Internal Improves business efficiency and productivity Reduces organizational waste, inefficiencies, and defects Facilitates continual improvement in business processes and customer satisfaction Improves process consistency and stability Facilitates employee competence and consistency of performance Improves employee motivation and empowerment through improved participation
communication and interaction Generates objective evidence to support the assessment of QMS conformity and effectiveness Improves supplier performance by developing relationships that foster cooperative interaction in understanding and fulfilling customer requirements.

5.0 Why is ISO 9001 Important?

It is a powerful business tool for organizations to significantly improve the effectiveness and efficiency of their operation leading to enhanced customer satisfaction and profitability. However, to reap the benefits listed above, an organizations top management must adapt it as a strategic initiative in achieving its business goals.

This means providing the leadership, commitment, resources, structure, policies, decision-making, culture and environment for QMS deployment and maintenance. Additionally, the standard was designed to be used as a tool for continual improvement in conjunction with technology and other business improvement tools.

6.0 What Are ISO 9001 Requirements?

The standard covers five broad categories or clauses, each of which include several sub-clauses. The five categories are:

Quality Management System - sets requirements to identify, plan, document, operate and control an organization’s QMS processes and to continually improve QMS effectiveness.

Management Responsibility - sets requirements for top management to demonstrate its leadership and commitment to develop, implement and continually improve the QMS.

Resource Management - sets requirements to determine, provide and control the various resources needed to operate and manage QMS processes; to continually improve QMS effectiveness; and to enhance customer satisfaction by meeting customer requirements

Product Realization - sets requirements to plan, operate and control the specific QMS processes that determine, design, produceand deliver an organization’s product and services.

Measurement, Analysis and Improvement - sets requirements to plan, measure, analyze and improve processes that demonstrate product and QMS conformity and continually improve QMS effectiveness.

7.0 How and why is the ISO 9001:2000 standard generic?

“Generic” means that the standard can be applied to any organization without regard to an organization’s business, size, profit or no-profit, or whether it’s in the private or public sector.

“Generic” also signifies that no matter what the organization’s nature and scope of activity, the standard provides the organization flexibility to develop a QMS that meets applicable requirements of the standard.

8.0 What is Quality management?

“Quality management” refers to a management system that focuses on the policies and controls established by an organization to ensure that its products or services satisfy the customer’s quality requirements and comply with any regulations applicable to those products or services.

9.0 How can ISO 9001 help you select and manage a supplier?

When you purchase products or services from a supplier, you have two risks to consider:

The risk in the quality of the product or service you are purchasing The risk in the supplier’s ability to consistently provide the quality desired. For the first risk - as the customer, you must specify criteria and quality objectives for the product. Through the use of your own QMS, you then verify that delivered product conforms to your specifications.

For the second risk - you may want the supplier to have management system controls. How much control? To answer this, you need to consider the following questions:

What specific products (goods or services) do you wish to purchase? What impact do these products have on the products you make? What are the risks to your business if you experience problems with these products? What do you know about the reputation and past performance of your supplier?

ISO 9001 provides requirements for the purchasing process that your organization can implement, to develop and improve relationships with suppliers. These requirements relate to:

Establishing criteria and quality objectives for the specific products or services you wish to purchase And QMS controls that you may want your supplier to develop. The standard allows flexibility in the nature and scope of product and system controls you wish to impose on each supplier.

The above considerations help you in establishing appropriate supplier selection and approval ranging from selective ISO 9001 controls being imposed to full third party certification. This is in addition to initially establishing criteria and quality objectives for the product or services you wish to buy.

There are various ways in which your supplier can claim that its quality management system meets the requirements of ISO 9001:2000. These include:

Supplier’s declaration of conformity: Your supplier makes a declaration affirming that its QMS meets ISO 9001 requirements, usually supported by legally-binding signatures. This declaration can be based on your supplier’s internal audit system, or on second party or third party audits;

Second party assessment: your supplier is audited directly by its customer (e.g., by you, or by another customer, whose reputation you respect) to check if its QMS meets ISO 9001 requirements and your own requirements - sometimes used in contractual “business-to-business” transactions;

Third party certification: your supplier uses an accredited Certification Body (Registrar) to audit and verify it’s conformity to ISO 9001:2000 requirements. This third party then issues a certificate to your supplier describing the scope of its QMS, and confirming that it conforms to ISO 9001:2000.

11.0 Does ISO 9001:2000 certification ensure you get quality product on a consistent basis from your suppliers?

When an organization is certified to ISO 9001:2000,this means that the Certification Body (CB) has verified the organizations QMS’s conformity to ISO 9001 requirements. The objective is to provide the organization’s management and its customers, confidence that it is in control of its operations. While this confidence logically extends to the products and services provided,ISO 9001:2000 does not define product-specific requirements. Therefore, QMS certification does not translate into a product guarantee.

The onus remains on an organization to verify product quality. Work with your suppliers to improve their QMS and consequently leading to improved product quality performance. In the meantime, you may have to perform some verification of purchased product based on past history of the suppliers performance.

12.0 How should you handle a complaint with your supplier?

There are several steps that an organization may take with increasing levels of escalation:

Notify your supplier through your QMS corrective action process of the specific issues underlying your complaint. Work with them in getting a speedy resolution to the complaint. Your supplier is obliged to investigate your complaint, and should take appropriate actions to avoid or reduce the chances of it reoccuring.

If, however, your supplier continues to provide non-conforming products, does not address your complaint, or does not take appropriate corrective actions, then this may be an indication of problems with their quality management system. Work with their quality management representative in resolving the complaint and QMS issues.

If you are still not satisfied with your suppliers response, and if they are certified, notify their Certification Body (CB) of your complaint. You can find the certification body’s name by looking at your supplier’s certificate. The CB will investigate the problems during their surveillance audits of your supplier’s QMS, or, in critical cases, may decide to carry out an additional specific investigation.

If you do not receive a satisfactory response from the CB, and if it is accredited, you should complain to the relevant accreditation body. Details of any such accreditation will appear on your supplier’s ISO 9001:2000 certificate. If you have difficulty in getting this information, you can consult the list of accreditation bodies who are members of the International Accreditation Forum on the IAF website ().

Note that as a purchaser, you can take legal action against your supplier concurrently with the above actions.

Remember that whenever possible, you should consider having alternative suppliers as part of your risk management or contingency planning. Then if all else fails with your specific complaint, the use of an alternative supplier is your safety net.

13.0 What is ISO 9001 Certification?

ISO 9001:2000, “certification” refers to the issuing of written assurance (the certificate) by an independent, external body (the Certification Body) that has audited an organization’s QMS and verified that it conforms to the requirements specified in the standard. “Registration” means that the auditing body then records the certification in its client register.

The organization’s QMS has therefore been both certified and registered. For practical purposes, the difference between the two terms is not significant and both are acceptable for general use. “Certification” is the term most widely used worldwide, although registration (from which “registrar” as an alternative to certification body) is more commonly used in North America, and the two are also used interchangeably.

14.0 What is Accreditation?

Accreditation refers to the formal recognition by a specialized body - an accreditation body (AB)- that a certification body (CB) is competent to perform ISO 9001:2000 certification in specified business sectors. In simple terms, accreditation is certification of the CB. Certificates issued by accredited CB’s, known as “accredited certificates”, may be perceived on the market as having increased credibility. Therefore, it is okay to state that your organization has been “certified” or “registered”, but inaccurate to state that it has been “accredited” (unless your organization is a certification/registration body).

15.0 What is the ISO 9001 certification process for an organization?

Most Certification Bodies (CB’s) use the following process with slight variations:

1. Pre-assessment Before the actual certification audit, a CB auditor makes a preliminary visit of your facilities, briefly reviews your QMS documentation and conduct an informal check of the QMS implementation. In essence, this preliminary audit intended to uncover areas in your QMS that might need special attention. During the initial visit the audit scope and audit program is agreed upon, as well.

A Pre-assessment is an optional activity. It adds value in that it provides an organization with a clear view of the gaps in its state of readiness, a few months prior to the formal certifiction audit. More and more organizations now prefer experienced consultant auditors to do the Pre-assessments as they not just identify the gaps, but also provide solutions to correcting them. CB auditors may only report on the gaps, but are not allowed to provide solutions.

2. Documentation review The CB audit team evaluates your QMS manual to determine the adequacy of its scope and conformity to the requirements of the standard. The documentation review report summarizes any findings from this process. The report indicates if your organization is ready to proceed with the certification audit.

3. Certification audit During the certification audit, the CB audit team conduct interviews, examinations and observations of the system in operation. It provides the team essential information required for the certification process and assesses the degree of conformity of the QMS with the requirements of the standard. When found conforming, the CB issue the certificate of conformity to ISO 9001.

4. Surveillance audits Each issued certificate has a three-year life period. Upon certification, the CB create a periodic audit schedule for surveillance audits over the three-year period. These audits confirm the on-going compliance of the QMS with specified requirements of the standard. At least one periodic audit per year is required.

5. Re-certification audit After the three years are up, your certification will be extended through a re-certification audit.

16.0 Is ISO 9001 Certification compulsory?

ISO 9001 is a voluntary standard. Your organization can implement it solely for the internal benefits it brings in increased effectiveness and efficiency of your operations, without incurring the investment required in a certification programme.

Getting certification is a business decision that may be based on:

A contractual requirement from a customer as a condition for doing business Your organization’s overall risk management strategy Recognition of an organization’s efforts in developing an effective QMS A marketing tool for gaining a competitive edge in the marketplace Also review the benefits of having an effective QMS earlier on in this FAQ.

17.0 Who is authorized to carry out certification of organizations to ISO 9001?

The ISO organization is responsible for developing, maintaining and publishing the ISO 9000 and other families of standards. The ISO organization does not audit or issue certificates for conformity to any ISO standard.

The auditing and certification of QMS’s is carried out (independently of the ISO organization) by hundreds of certification bodies (CB’s) around the world. These CB’s issue ISO 9001:2000 certificates under their own responsibility and ISO does not control the activities of CB’s.

CB’s may in turn be accredited by Accreditation Bodies (AB’s). AB’s may in some countries, be the national standards institutes that make up ISO’s membership. AB’s carry out accreditation assessments, either on behalf of their respective governments, or as a business operation. The ISO organization has no authority to control such accreditation activities.

Note: Not all CB’s are accredited. Read our article on “ How to select a Certification Body”.

However, ISO’s Committee on conformity assessment, ISO/CASCO, develops standards and guidelines covering various aspects of accreditation/certification/conformity assessment activities for AB’s and CB’s. The voluntary criteria contained in these standards and guides represent an international consensus on what constitutes good practice. Their use contributes to the consistency and coherence of conformity assessment worldwide and so facilitates trade across borders.

18.0 What is the process for implementing ISO 9001?

The following is an overview of the key steps:

1. Get a copy of the ISO 9001 and ISO 9004 standards Familiarize yourself with the requirements and determine if certification to this standard makes good business sense for your organization.

2. Educate yourself There is a variety of training courses available to gain deeper insight into the requirements for system development, implementation and auditing. Also read up on the subject matter. The more you read, the more informed you will be in making choices and developing your QMS.

1. Review consultant options Experienced and expert consultants can fast track your QMS program development and implementation with realistic and effective strategies and solutions in a cost effective and timely manner. We have the expertise to assist you. Call us for a no-obligation discussion of your needs.

4. Do a ‘Gap Assessment” A gap assessment is an audit of your current management system practices, controls and documentation, to determine the extent to which it conforms to those required by the ISO 9001 standard. While a trained in-house quality practitioner can do this, it is best done by an consultant (ex CB auditor), with the experience of hundreds of such audits. The audit findings are presented in an audit report along with recommendations to address the gaps. The Gap Assessment is the starting point for planning your management system development.

5. Plan - strategy, resources and project The adoption of an QMS is a strategic decision for the organization. It is vital that your top management provides leadership, resources, involvement and support. In addition, you need to assemble a team to develop and implement your QMS. You also need to plan your implementation steps, time line, responsibilities and resources needed.

6. Determine training needs Training will be needed at various levels of the organization. The nature and scope of training will vary according to each level. There are a wide range of courses, workshops, and seminars available designed to meet these needs. We provide a number of these training courses. Call us for more information.

7. Develop a QMS manual Your QMS manual should describe the QMS policies and processes and their interaction. Through the manual, you will provide an accurate description of the organization and the best practice adopted to consistently satisfy customer expectations.

8. Develop procedures and needed documentation Procedures describe the processes and activities of your organization, and the best practice for effective planning, operation and control of these processes.

9. Implement your QMS Work to your implementation project plan. Communication and training are key to a successful implementation. Monitor progress and get management support to overcome hurdles along the way.

10. Consider a pre-assessment Consider having a preliminary evaluation of the QMS documentation and implementation by a Consultant or certification body. The purpose of this is to identify areas of non-conformity and allow you to correct these areas before you begin the formal certification process.

11. Select a certification body Your business relationship with the certification body will be in place for many years, as your certification has to be maintained. Read our article on “Tips on selecting a Certification Body” before you select your CB.