Professional Documents
Culture Documents
for SMEs
Leonardo da Vinci Project
The content of this book does not necessarily reflect the position of the
European Community or the National Agency, nor does it invoke any
responsibility on their part.
TITLE:
ISO 9001:2008 APPLICATION GUIDE
CHAPTER 1. INTRODUCTION...............................................................................................................7
1.1. CONTEXT...............................................................................................................................................7
CHAPTER 2. GENERAL............................................................................................................................9
2.1. THE SENSE OF THE WORD QUALITY..........................................................................................9
2.2. THE DEVELOPMENT PHASES OF QUALITY: CULTURE, PRINCIPLES AND METHODS............10
2.3. QUALITY MANAGEMENT SYSTEM..................................................................................................13
2.4. WHY THE IMPLEMENTATION OF A QUALITY MANAGEMENT SYSTEM?.................................14
2.5. THE ISO 9000:2008 STANDARD................................................................................................14
CHAPTER 3. APPLICATION OF THE STANDARD ISO 9001 IN SMES............................16
3.1. SME.....................................................................................................................................................16
3.1.1.EU DEFINITION..................................................................................................................................16
3.1.2.THE HIDDEN GIANTS.........................................................................................................................17
3.2. IMPLEMENTING THE ISO STANDARD............................................................................................20
3.2.1.WHAT SHOULD ISO (NOT) BE ABOUT.........................................................................................20
3.2.2.MANAGEMENT PRINCIPLES..............................................................................................................21
3.2.3.ISO IN SMES - SOME CHARACTERISTICS HAVING IMPACT.....................................................24
3.2.4.REALIZATION OF ISO REQUIREMENTS AND DIFFERENCES BETWEEN SMES AND LARGE
ENTERPRISES...................................................................................................................................................26
CHAPTER 4. THE STANDARD ISO 9001:2008..........................................................................37
4.1. INTRODUCTION...................................................................................................................................37
4.2. CHARACTERISTICS AND CONTENTS OF ISO 9001:2008 STANDARD.................................37
4.3. OTHER RELATED STANDARDS.........................................................................................................39
4.4. QUALITY MANAGEMENT SYSTEM (CLAUSE 4)...........................................................................39
4.4.1.GENERAL REQUIREMENTS (CLAUSE 4.1)....................................................................................40
4.4.2. DOCUMENTATION REQUIREMENTS (CLAUSE 4.2)...................................................................44
4.5. MANAGEMENT RESPONSIBILITY (CLAUSE 5).............................................................................50
4.5.1. MANAGEMENT COMMITMENT (CLAUSE 5.1).............................................................................50
4.5.2. CUSTOMER FOCUS (CLAUSE 5.2)................................................................................................51
4.5.3. QUALITY POLICY (CLAUSE 5.3)...................................................................................................52
4.5.4. PLANNING (CLAUSE 5.4)...............................................................................................................52
4.5.5. RESPONSIBILITY, AUTHORITY AND COMMUNICATION (CLAUSE 5.5).................................52
4.5.6. MANAGEMENT REVIEW (CLAUSE 5.6)........................................................................................53
4.6. RESOURCE MANAGEMENT (CLAUSE 6)........................................................................................54
4.7. PRODUCT REALISATION (CLAUSE 7)............................................................................................55
4.7.1. PLANNING OF PRODUCT REALIZATION (CLAUSE 7.1)............................................................57
4.7.2. CUSTOMER-RELATED PROCESSES (CLAUSE 7.2).....................................................................58
4.7.3. DESIGN AND DEVELOPMENT (CLAUSE 7.3)..............................................................................59
4.7.4. PURCHASING (CLAUSE 7.4)..........................................................................................................60
4.7.5. PRODUCTION AND SERVICE PROVISION (CLAUSE 7.5).........................................................61
4.7.6. CONTROL OF MONITORING AND MEASURING DEVICES (CLAUSE 7.6)..............................63
4.8. MEASUREMENT, ANALYSIS AND IMPROVEMENT (CLAUSE 8).................................................64
4.9. MINIMUM REQUIREMENTS ACCORDING TO ISO.......................................................................68
4.10. PERMISSIBLE EXCLUSIONS..............................................................................................................68
CHAPTER 5. STEPS TO IMPLEMENT A QMS.............................................................................69
5.1. STEPS TO DECIDE..............................................................................................................................69
5.1.1.DECISION TO IMPLEMENT A QMS................................................................................................69
5.1.2.FIRST PLANNING OF RESOURCES..................................................................................................70
5.1.3.EXTERNAL CONSULTANTS................................................................................................................70
5.2. FIRST SELF ASSESSMENT.................................................................................................................71
5.3. DETAILED IMPLEMENTATION PLAN................................................................................................74
5.4 DEVELOPMENT OF QM HANDBOOK..................................................................................................75
5.5 DESIGN OR CHECK UP OF PROCESSES..............................................................................................76
5.6 FINAL IMPLEMENTATION QMS KICK OFF......................................................................................79
5.6.1.TRAINING.............................................................................................................................................79
5.7 INTERNAL AUDIT....................................................................................................................................80
5.8 EXTERNAL AUDIT....................................................................................................................................82
5.8.1.CERTIFICATION BODY.......................................................................................................................82
5.8.2.THE CERTIFICATION PROCESS.........................................................................................................82
5.9 CONTINUAL IMPROVEMENT..................................................................................................................84
CHAPTER 6. ADDITIONAL REQUIREMENTS..............................................................................86
6.1. MANAGEMENT SYSTEM STANDARDS.............................................................................................86
4
INDEX OF TABLES
Table 3.1Recent development in SME perception in EU
Table 3.2
16
enterprises in a nutshell
27
Table 4.1
43
Table
4.2
Audit list (abridged and artificial version)
56
INDEX OF FIGURES
Figure 3.1
European enterprises by size
16
Figure 3.2
Issued ISO 9000 certificates, world total
17
Figure 3.3
Distribution of issued certificates among world regions (2007)
17
Figure 3.4
Share of certificates of conformity to ISO 9001:2008 on
ISO 9000 total
18
Figure 3.5
21
Figure 4.1
Process map of a construction company (artificial)
37
Figure 4.2
chart
38
Figure 4.3
Some of the 7 quality tools
39
Figure 4.4
Typical QMS Processes
Figure
49
5.1
62
Figure
5.2
Example of a strengths and weaknesses analysis
63
Figure
5.3
Force Field Analysis
Figure
63
5.4
64
Figure 5.5
QM
Handbook Hierarchies
66
Figure 5.6
SIPOC method
67
CHAPTER 1.
1.1.
INTRODUCTION
Context
The
achievement
of quality
The power of
SMEs in
Yet SMEs, which represent an important percentage of the total Europe
The lack of
educational
material and
tools for SMEs
Consideration
of branche
specific
situations /
Internal and
external
reasons for
implementing
a QMS
CHAPTER 2.
2.1.
GENERAL
The many
different
definitions of
word
quality
2.2.
10
11
12
2.3.
13
Customer
2.5.
1
2
3
4
5
6
7
8
Customer focus
Leadership
Involvement of people
Process approach
System approach to management
Continual improvement
Factual approach to decision making
Mutually beneficial supplier approach
The principles
of CS and CI
ISO 9000 is a set of international standards published for the first The origin of
time in 1987 by Geneva International Organization for the ISO 9000
Standardization (ISO). Firms can use these standards to
individuate requirements necessary to maintain an efficient
quality management system.
For example, the standards indicate the requirements needed for
14
systems
ISO 9001:2008,
Requirements.
systems
Quality
management
As the set of ISO 9000 - 2000 edition and up- includes only one
model for quality management system (ISO 9001), the
organization intending to implement a quality management
system should determine which items of the standard they want
to use for management actions and should develop its own
system with those requirements. The organization can get an
exclusion from the implementation of some clauses of the 7th The current
paragraph of the standard, if not applicable due to the nature of ISO 9000
the company. Design and development must be controlled and edition (2008)
documented if applied by the company.
The current ISO 9001:2008 edition being active from February
2009 on and the undergoing revision of ISO 9004 introduce minor
only changes to the previous edition. The main ones have to do
with:
15
CHAPTER 3.
APPLICATION OF THE STANDARD ISO
9001 IN SMES
Objective of
The aim of this chapter is firstly to introduce briefly the SME chapter 3
phenomenon and its specifics and secondly to outline how these
specifics affect the implementation of quality management
system in a SME
3.1.
SME
Compare (http://europa.eu.int/comm/enterprise/enterprise_policy/sme_definition/index_en.htm)
16
3.1.1. EU definition
To introduce one definition, we have chosen the SME definition of The
EU, used apart from statistical purposes also to handle this EU definition
economic phenomenon with respect to support schemes
(especially state aid, Structural Funds and the Research and
Development Framework Programme). In addition, the European
definition gives us the opportunity to demonstrate, that the
content of the term SME also undergoes changes in time.
Since 1996 the following European description of a SME was used
based on Recommendation 96/280/EC:
to the group of SMEs count all enterprises with less than 250
employees, with the balance sum lower than 27 mil. EUR/year or
the turnover per year max. 40 mil. EUR. At the same time the
independency requirement has to be fulfilled (not 25% or more of
capital or votes may be owned by one enterprise or a group of
enterprises, not matching with the SME definition).
Since the economic development has been considered as
relevant for the position of SMEs, the criteria have been revised
and a new definition published by Recommendation 2003/361/EC
in May 2003. It will be applied as of 1 January 2005. 2 While the
headcount requirement remains the same, there are changes
regarding the turnover an balance sheet sums:
Table 3.1
Enterprise category
Mediumsized
enterprise
Small
enterprise
Micro
enterprise
96-04
05-
96-0
4
05-
96-0
4
05-
< 250
< 250
< 50
< 50
< 10
< 10
40
50
10
27
43
10
Headcount
On 6 May 2003 the Commission adopted a new Recommendation 2003/361/EC regarding its SME
definition (replacing Recommendation 96/280/EC). For more information please see:
http://europa.eu.int/comm/enterprise/enterprise_policy/sme_definition/index_en.htm.
17
large
0,2%
micro
93,0%
3
4
18
19
ISO 9001:2000
167 210
29,8%
ISO 9000
(1994 +
2000versions)
561 747
70,2%
The sense
of QMS
implementatio
n
in a SMEs
Principle 8
Despite the fact, that these eight principles are not explicit
mentioned in the ISO 9001:2008 standard, they provide a
framework for implementation of good management practice. To
make you aware of that we have linked the principles with
different fields of management activities, discussed in individual
clauses of the standard. It regards e.g.:
23
CUSTOMER
1
S
U
P
P
L
I
E
R
R
E
L
A
T
I
O
N
S
E
N
V
I
R
O
N
M
E
N
T
S
A
F
E
T
Y
R
I
S
K
S
M
A
R
K
E
T
I
N
G
F
I
N
A
N
C
E
H
U
M
A
N
R
E
S
O
U
R
C
E
S
4
2
processes-resourcesconditions
2-3
leadership and
management
1-8
commitment
attitudes
ability of
managers,
employees
1-8
CHANGES
MANAGEMENT
KNOWLEDGE
MANAGEMENT
CONTINUAL IMPROVEMENT
of
system, processes, resources
USING FACTS
information, data, knowledge
Figure 3.5 QM processes according to the eight ISO 9000 principles: 1 Customer focus, 2
Leadership, 3 Involvement of people, 4 Process approach, 5 System approach to
management, 6 Continual improvement, 7 Factual approach to decision making, 8
Mutually beneficial supplier approach
24
The specifics
of medium
sized
enterprises
related to ISO
implementatio
n
how and thus gives constant guidance, checks and controls the
quality of the product/service, the others follow the instructions.
The small size and informal management make it easier to
motivate everybody within the company for the QMS.
In general, all enterprises have an established way or system of
conducting business. As explained above, in micro and small
enterprises informality is quite effective, however, it is rarely
documented. In connection with lack of documented procedures
and processes the quality documentation usually has to be
worked out from scratch.
Micro and small enterprises have a very plain organizational
structure and can manage with few, simple communication tools.
This results in a significant reduction of system documentation.
On the other hand, the unavoidable accumulation of functions
requires multi skilled employees together with a well-advised
definition of authorities and responsibilities, not forgetting a focus
on communication, its content and the way of documenting it.
Another difference between micro and small enterprises on one
hand and medium sized enterprises and on the other can consist
(but not necessarily) in the number of management processes,
where all management effectiveness requirements are
consequently applied, including stated measurable indicators
helping to follow the effectiveness trends.
26
individual
Shifting
27
Cumulated
responsibilitie
s
Flexible extent
Another new thing about ISO 9001:2008 standard is, that it
enables the enterprise to fulfill a requirement in an adequate
way (to a certain extent), which was not possible by e.g.
standards in automotive industry. This approach means that e.g.
by 4.2 Documentation requirements the complexity of quality
documentation will be lower in SMEs as well as its quantity, that
extent and amount of information gathered in the frame 8.2.1
Customers satisfaction will differ in SMEs and large enterprises
or that in the frame of 8.5 Improvement there might not be a
separate Continual improvement program but concrete tasks
resulting from periodic evaluation based on quality objectives.
Alternatively, it has to be stressed that the ISO 9001:2008
standard will not forgive the SME anything simply because it
is small. Exceptions in the sense of letting out are possible only
by requirements, discussed in clause 7. Product realization. And
even then possible exceptions are available to all kinds of
enterprises (not depending on size), the eligibility of every
exception has, however, to be justified. Hereby a simple rule can
be applied: no requirements affecting quality of the
product/service may be excluded.
Correspondence table
The requirements of the ISO 9001:2008 standard are defined in
clauses 4 till 8. In this chapter and in the previous one (3.2.3 ISO
in SMEs - some characteristics having impact) we have outlined
some differences between SMEs and large enterprises, which can
affect the implementation of the quality management system.
The table below links these differences together with the
requirements of the standard (clauses 4-8) and gives you an
28
The
differences
between SMEs
and large
enterprises
related to the
ISO
requirements
29
Table 3.2 The ISO related differences between SMEs and large enterprises in a nutshell
ISO 9001:2008 standard Correspondence table
Clause
Large enterprise
SME
4.
4.1
4.2
Documentati
on
requirement
s
5.
5.1
Management
Managemen
t
commitment
30
Comments
5.2
Customer
focus
5.3
Quality
policy
5.4
Planning
5.5
Responsibili
ty,
authority,
communicat
ion
5.6
Managemen
t review
6.
6.1
6.2
6.3
6.4
7.
7.1
32
Resource management
Provision of Detailed financial plan and exact
resources
calculation of development expenses.
Planned resources respecting the cashflow oscillation in the course of the year.
indicators is necessary.
Products as well as production
Products as well as production
processes have to meet requirements processes have to meet requirements
defined by laws and superior
defined by laws and superior
standards.
standards.
7.2
Customerrelated
processes
7.4
Purchasing
7.5
Production
and service
provision
7.6
Control of
monitoring
and
measuring
devices
7.3
33
34
competent center.
8.
8.1.
8.2
8.2.1
8.2.2
8.2.3
8.2.4
35
quality records.
36
8.3
Control of
nonconformi
ng product
8.4
Analysis of
data
8.5
Improvemen
t
8.5.2
Corrective
action
8.5.3
Preventive
action
37
Introduction
4.2.
Main
characterist
ics of the
current
version of
ISO 9000
Management
Resources management
Product realisation
Contents of
the
standard
1 Scope
1.1 General
1.2 Application
2 Normative reference
3 Terms and definitions
4 Quality management system
4.1 General requirements
4.2 Documentation requirements
5 Management responsibility
5.1 Management commitment
5.2 Customer focus
5.3 Quality policy
5.4 Planning
5.5 Responsibility, authority and communication
5.6 Management review
6 Resource management
6.1 Provision of resources
6.2 Human resources
6.3 Infrastructure
6.4 Work environment
39
7 Product realization
7.1 Planning of product realization
7.2 Customer-related processes
7.3 Design and development
7.4 Purchasing
7.5 Production and service provision
7.6 Control of monitoring and measuring devices
8 Measurement, analysis and improvement
8.1 General
8.2 Monitoring and measurement
8.3 Control of nonconforming product
8.4 Analysis of data
8.5 Improvement
4.3.
40
9001:2000 standards.
Managemen
Establish, document, implement and maintain` should not be t system
Product: result of a process i.e. result of a set of interrelated or interacting activities which
transforms inputs into outputs (process: set of interrelated or interacting activities which
transforms inputs into outputs)
6
Conformity: fulfilment of a requirement. Requirement: need or expectation that is stated,
generally implied or obligatory. Nonconformity: non-fulfilment of a requirement.
41
Measurement
of processes
Information
management
C
O
R
E
P
R
O
C
E
S
S
E
S
Management
Order entry
- Shipment
-Production
CUSTOMER
Finance
ADP
Cleaning
andSecurity
42
CUSTOMER
In this process map there are three core processes which serve
Process
the external customers and bring money to the company (the
flow chart
outputs of core processes are those that a customer buys from
the company; that is why the customer is presented in the map).
At the top there are three boxes including management,
information management and measurement of processes. There
are activities applied to all processes in the company e.g. where
management includes strategic decision, quality policy,
management reviews etc. Below the core processes there are
supporting activities finance, ADP and cleaning and securing
to support the performance of core processes. When seeing this
one page map, it easily presents the purpose of the company i.e.
what products and services it sells to customers and what
activities and resources are needed to produce them and to
support them.
43
IN
- Customers order
- Drawings etc.
Review
-Do we have enough
or raw material?
-Are we able to
produce in
time?
Packaging
Transport
arrangements
Paperwork
Shipment to customer
Production or take out
from inventory
END
NO
Inspection
OK
Statistical
tools (e.g. 7
quality
tools)
Figure 4.3
Example of a metric in order processing-productionshipment process (a process starting from order entry, then
proceeding to production, shipment to the customer and
finally ending to the point when customer receives the
delivery) is the number of shipments delivered in time. Its
sub-processes, e.g. production, might have their own
metrics such as raw material consumption and machining
time. Some of the metrics equal to quality objectives, which
are discussed in chapter 4.4.2.
of
quality
policy
and
quality
Quality
Quality policy: Overall intentions and direction of an policy
Medium: paper, magnetic, electronic or optical computer disc, photograph or master sample, or a
combination thereof.
8
Record: document stating results achieved or providing evidence of activities performed
9
Specification: document stating requirements, e.g. procedure document, process specification
and test specification, product specification, performance specification and drawing
46
in a timely manner with a view to eliminate the root cause and Quality
prevent recurrence.
objectives
Quality
manual
Mandatory
49
records
organization charts
specifications
production schedules
50
Table 4.1
Clause
Record
require
d
5.6.1
6.2.2
(e)
7.1 (d)
7.2.2
7.3.2
7.4.1
7.5.2
(d)
7.5.3
and
7.5.4
51
be protected.
Example: The use of internal complaint form.
7.6 a)
8.2.2
8.2.4
8.3
8.5.2
8.5.3
4.5.
52
54
representativ
e
4.6.
Resource management
Determination and allocation of
- human resources
- infrastructure
- work environment
QMS
processes
- to demonstrate conformity
of the product and QMS
- to continually improve the
effectiveness of QMS
Right
operations,
documents,
controls,
inspections
and
resources
59
the
Customer
needs
The first clause means that the organization has to know what recognized
customer requirements in terms of product characteristics and and silent
delivery and post-delivery activities such as after-sales service and needs
The ISO 9001:2008 standard states that the organization shall A systematic
and
determine
-
identified
process of
design and
the review, verification and validation that are appropriate to development
the responsibilities
development.
and
authorities
for
design
and
purchased
All the purchased products and services are not critical to the items
63
64
Effective
processes
Prevention of
nonconformities
65
Jan
Feb
Marc
April
May
June
X
X
67
4.9.
reviewing of nonconformities
preventive action)
(not
concerning
for
action
to
prevent
71
72
CHAPTER 5.
5.1.
Steps to decide
Some
preparation
work is
necessary
Definition of
quality
manager /
First
information to
the
management
level
Some companies start their own research but most of the time
the decision is made after a deep discussion of the topic with a
chances and risk analysis, which is strongly connected with the
later first planning of resources (5.1.3). In addition to that, a
person who will take the responsibility for the next steps has to
be named of course the quality manager (QM) is the bestqualified person. If there is no quality manager available who has
the necessary knowledge about this topic, it might be a
worthwhile investment to send the management representative
to an external training on QMS. Quality managers should be able
to build and improve the management system but also bring in as
well an excellent level of social competence.
Once the decision is made by the top management as another
early step the whole management level should be informed and
committed to the QMS because full management support is a
crucial factor for a successful implementation process. Lack of
information about what a QMS stands for and which changes will
occur might create misunderstandings and restrictions against
the implementation process. The top management has the task
to create a positive awareness for this new quality initiative by
providing the necessary information and participative leadership.
Another important decision the management has to take is the
level of outsourcing during the implementation process, which
means the scope of consultant involvement.
73
Rough
projects plan
including
main phases
assessment phase: identification of actual strengths and and resources
for implemenweaknesses
tation
74
Outsourcing
factors:
internal
knowledge,
available
internal
human
resources,
financial
resources
Either way the top management of the company has to take care
that the QMS is strictly result oriented, which means it has to be
aligned with the companys success factors and its strategy. QMS
that are focused only on achieving the certificate are not strictly
result oriented and are often perceived as red tape and a topic,
which is for the QM department or the quality manager himself
only.
For the two following phases, it is a great advantage to work with
an external consultant because he has a new and neutral look on
the enterprise and on its organization.
5.2.
Improve
Check lists /
Strenghts and
weaknesses
analysis /
Force field
analysis
For this reason using some tools could be very helpful. Beside
some software products which are provided by many different
companies and are designed to help identifying unknown land
in the ISO world, check lists, strengths-weaknesses analysis
and forced field analysis are often used tools for the first
assessment. Normally the first self-assessment is a mixture of
analysis and workshops, respectively in small companies one
single assessment workshop. The output of all these methods
and tools is to measure and assess the actual state of the
75
Ye
s
Question:
N
o
Remarks
5.1.1
5.1.2
Do management
reviews exist and do
they include all essential
aspects?
There is no
systematic customer
satisfaction analysis
5.1.3
Input
Output
of
LeLevel
v
el of
m
aturity
Level
of maturity
maturity
In columns.
Assessment of maturity
Identification of critical
Elements
of
Elem
ents of
ISO
Elements
of ISO
ISO
Processes
Processes
Processes
Continual
Improvement
Weak
Weak
Weak
Average
Average
Average
Strong
Strong
Strong
Visualization of
strengths and
weaknesses.
Definition of
improvement actions.
Continual
Continual Improvement
Improvement
Supplier
Development
Supplier
Supplier
Development
SupplierDevelopment
Development
..
Figure 5.2
Input
Output
Visualization of project
forces
Which
Which forces
forces are
are effecting
effecting the
the goal?
goal?
Determination of
improvement activities
Identification of
reinforcing and
constraining forces
(brainstorming)
Results in form of a balance
sheet
Reinforcing
aspects
Constraining
aspects
Project
organisation /
Goal
description /
Early planning
of trainings /
Definition of
Between each of these phases milestones should be defined which quality policy
77
Phase 1
Self Assessment
Start
09/03
Data analysis
Strenghts weaknesses
Phase 3
Phase 2
System Building
10/03
Completed
first
self
assessment
Improvement
01/04
Completed
system
draft
Generation of Q M
Handbook
Identification of Processes
Definition of
Documentation
Design of records
Management Commitment
and responsibilities
.
(no
Which resources
infrastructure)?
are
available
(staff,
money
and
information be guaranteed.
Of course many software solutions are available to support these
planning issues (e.g. MS Project) but for small enterprises, in
particular, where the knowledge of project management tools is
often not very well established it sometimes makes more sense
to sketch the plan simply on a flip chart and pin it on a wall.
The earlier training activities can be done the better for the QMS
because the more employees that are aware of the new system
and are involved in the implementation process, the easier the
information will flow. Especially in the first phases as it may be
necessary to train selected groups of employees in the basics of
ISO standards and in the tools they will have to use during the
following phases (process orientation, documentation of quality
relevant issues, etc.). Training and quality education of
employees is one of the most important and regarding the
duration of the corresponding activities, one of the most
underestimated aspects.
One of the first steps in the implementation plan is the
discussion and definition of the quality policy and quality
objectives wherein the top management draws a picture of
strategic quality issues. As a rule the quality policy describes
how the company is aiming at permanent improvement via the
QMS, the importance of quality for every single member of the
organisation and the relationship with customers and suppliers.
Of course it has to be aligned with the companys general
strategy, it should be known and understood by all employees
and should be much more than only a lip-service by the
companys leaders.
5.4 Development of QM Handbook
The Din ISO 9000:ff, also known as process-oriented standard,
requires a process-oriented composition within the company but
also of the QM system. The standards demand the development
and the introduction of a documented quality system, which can
consist of different elements. One of these elements is the QM
handbook, where the structure of the documentation is set down;
usually the content is oriented to the original structure of the DIN
ISO 9001:2000 (guidelines on creating the handbook ISO/DIS 100
13 "Guidelines for developing handbooks") using in most cases
the following chapters.
Management Responsibility
Resource Management
Remedial
Requirements-Measurement,
Analyses
Structure of
documentation /
Customer
benefit
and
79
Improvement
In addition, it must contain, or refer to, the instructions on
procedure that are an integral part of the QM system. By the
figure of the process architecture of the company using a
systemic process model, varying levels are visualised. These
levels correspond with the different documents within the QM
system. Typical examples are: in level 1 - statements of the
quality policy and quality objectives, in level 2 - process
instructions,
introduction
on
procedures
(describing
responsibilities, purviews, and relationships with the staff and
stating how different activities must be performed), in level 3 work instructions (descriptions of activities related to the
workplace) and other quality relevant documents.
Level 1
Black
Box
B
lack B
ox
Vision
QM Handbook
Level 2
Q-Policyand Objectives
Level 3
Process Instructions,
Work Flows
Process Model
80
SIPOC method
/ Process
map / Levels
of processes /
Performance
indicators
Output
Input
Name the process.
Define start and end.
Consistent understanding of
process.
of the process.
Start
End
Input
Process
Process
Output
Customer
Customer
Management
processes
Managem
ent proces
ses
MP
1: S
trategic
MP1:
Strategic
Contolling
Support
processes
S
upport proce
sses
SSP2:
P2:
SPSP1:
1:
RRP3:
P3: Hum
an
Human
Maintenance Procurement Resources
Key processes
Customers
KP
1:
KP1:
R
esearch and
elopment
Research
and Dev
Development
KPKP2:
2:
Product
ion
Production
KP3 KP3:
Mark
ing
: etMarketing
Customers
Responsibilities
Flow of information
Internal audit:
(introduction, analysing and testing,
variation description, final report, and documentation) most
internal auditors use a predefined checklist which is the
output of the preceding document controlling phase for
interviews and make additional site inspections. Audit
checklists ensure that nothing is missed, highlight critical
areas and provide a record of the acceptable and
unacceptable evidences. All unacceptable evidences must
be recorded in detail for future tracing and for non
compliance reporting. Every action during the audit should
follow the circle: ask look check record.
First party
audit /
Preparation
and behaviour
/ Audit report
Detected Nonconformities
Information
meeting / Preaudit /
Certification
audit /
Surveillance
basic data of the company itself (size, branch, etc.). For this audit
reason the cooperation with the certification body will occur in
some steps, like a first information meeting, maybe a pre-audit,
the certification audit and periodical surveillance audits.
An information meeting will be the first opportunity for the
company representatives to meet the so called registrar (external
auditor) who will perform the ISO 9000 quality audit. In this
meeting the timetable of the certification phase is adjusted and
the form of cooperation is discussed.
Although a pre-audit is not a formal requirement for certification,
it could be a highly beneficial step for many organisations
because documentation is reviewed according to the
requirements of the appropriate standard. A pre-audit will help to
educate management and staff on third party auditing. It will also
eliminate many possible surprises and it will help assure those
people who are implementing the quality system that the process
is on track for successful certification.
Certification audit: in addition to assessing whether or not the
organisation is in compliance with the applicable ISO 9000
standard, the final audit also assesses whether the system is
implemented effectively and is capable of achieving the quality
and objectives of the companys product or service. The size of
the business will determine the number of auditors needed to
perform the formal certification audit. Many small businesses or
offices may be audited by a single auditor in a day, while very
large organizations may be audited by several auditors over
several days. The auditor(s) will evaluate the elements of the
quality management system according to the requirements of the
appropriate ISO 9000 standard.
Audits are typically performed by:
Interviewing employees
87
Management
review /
Process
management /
Continuous
improvement
process
89
CHAPTER 6.
ADDITIONAL REQUIREMENTS
6.1.
ISO 14001:
Environment
al
managemen
t system
General requirements
Environmental policy
Planning
Management review
EMAS: Eco
Managemen
t and Audit
Scheme
Hazardous
applying in the food industry. It aims at eliminating risks for health analysis of
and hygiene related to all stages of the food industry: supplies, Critical
Control
manufacturing, storage and distribution.
Points
Analyse hazards.
OHSAS
18001:
Health and
Safety
Managemen
t System
ISO 17799:
91
Information
Security
Managemen
t System
Security Policy
Compliance
Personnel Security
Security Organisation
Within these sections are the detailed statements and clauses that
comprise the standard itself.
A company that operates in the construction industry, undertaking Example:
public or private works that want to be certified with ISO Construction
9001:2000 standard in the framework of its quality management industry
system should take measures for the occupational health and
safety of its employees and for the protection of the environment.
In this case the adoption of ISO 14001 and OHSAS 18001
standards are recommended.
An enterprise that wants to implement a management system in
the 3 domains (quality, security, environment) cannot do it
separately: the two or three management systems must be
connected and integrated.
Frequently in SMEs, the same person is the manager of all the
management systems implemented, for example quality and
security.
Norms in quality, security and environment are built on the same
principles: processes approach, continual improvement this
gives rules but also facilitates the building of an integrated
system.
ISO 9001 doesnt explicitly require other standards to be applied,
92
6.2.
www.newap
proach.org
Example:
Medical
devices
93
CHAPTER 7.
GLOSSARY
A
audit: systematic, independent and documented process
for obtaining audit evidence and evaluating it objectively
to determine the extent to which audit criteria are
fulfilled.
audit criteria: set of rules, objectives and/or principles
used as a reference for inspection actions (such as
policies, procedures, requirements, etc.).
audit program: set of audits planned for a specific time
frame and directed towards a specific purpose.
auditor: person with the competence to conduct an
audit.
availability: capability to realize a function in a specified
time.
C
capability: ability of an organization, process or system to
realize a product that will fulfil the customer and other
interested parties requirements.
characteristic: distinctive feature.
E
effectiveness: extent to which planned activities are
achieved.
efficiency: relationship between the result achieved and
the resources used.
I
information: meaningful data.
infrastructure: system of facilities and equipment
needed for the operation of an organization.
inspection: see Control and inspection.
interested party: person or group having an interest in
the performance or success of an organization.
M
management: coordinate activities to direct and control
an organization and/or part of it.
measurement: activity to measure a quantity.
measurement control system: system necessary to
achieve metrological confirmation and control of
measurement processes.
measurement equipment: tools needed to operate the
measurement process.
measurement process: set of operations to determine
the value of a quantity.
metrological characteristic: distinguishing feature of
measurement equipment.
metrological confirmation: set of operations required
to ensure that measurement equipment conforms to the
requirements for its intended use.
metrological function: function for defining and
implementing the measurement control system.
N
nonconformity: non-fulfilment of a requirement.
O
objective evidence: date supporting the existence or
verity of something.
95
arrangement
of
responsibility,
authorities
and
relationships.
organizational
structure:
arrangement
of
responsibilities, authorities and relationships between
people in an organization.
P
preventive action: action to correct a potential
nonconformity, eliminating the causes which generated
it.
procedures: specified way to carry out an activity or a
process.
process: set of interrelated activities which transforms
inputs into outputs, producing added value.
product: the result of a process.
project: process consisting of a set of activities with start
and finish dates undertaken to achieve an objective
conforming to specific requirements, including time, cost
and resources.
Q
quality: degree to which a set of inherent characteristics
96
R
record: document stating results achieved or providing
evidence of activities performed (for example, a control).
release: permission to proceed to the next stage of a
process.
repair: action on a nonconforming product to make it
acceptable for the intended use. Unlike reworking,
repairing can involve specific parts of a product.
requirement: need or expectation that is stated,
generally implied or obligatory.
review: activity undertaken to determine the suitability,
adequacy and effectiveness of the subject matter to
achieve established objectives.
rework: action on a nonconforming product to make it
conform to the requirements.
V
validation: confirmation, through the provision of
objective evidence, that the requirements for a specific
intended use or application have been fulfilled.
verification: confirmation, through the provision of
objective evidence, that the specified requirements have
been fulfilled.
W
work environment: set of interacting variables
which
97
98
BIBLIOGRAPHY
Standards
ISO 9001:2008
ISO 9001:2000
ISO 9000:1994
Literature
Joseph M. Juran. Jurans Quality Handbook 5th ed. Mac Grew Hill
Brassard, Michael & Diane Ritter (1994). The Memory JoggerTM II. A
Pocket Guide of Tools for Continuous Improvement & Effective
Planning. First Edition. Salem, the United Sates of America:
GOAL/QPC.
European Committee for Standardization CEN (2000). Quality
management systems Fundamentals and vocabulary (ISO
9000:2000). Management Centre: rue de Stassart, 36 B-1050
Brussels.
European Committee for Standardization CEN (2000). Quality
management
systems
Requirements
(ISO
9001:2000).
Management Centre: rue de Stassart, 36 B-1050 Brussels.
ISOs Technical Committee ISO/TC 176/SC 2 (2001). ISO 9000
Introduction and Support Package: Guidance on the Documentation
Requirements
of
ISO
9001:2000.
Available
at:
http://www.bsi.org.uk/iso-tc176-sc2.
Paris, Christopher (2003). The Complete Guide to Understanding &
Implementing ISO 9001s Process Management Requirements. Part
Two: Defining & Mapping Your Companys Processes. Available at:
http://www.oxebridge.com/news.asp?ID=157
Secretariat of ISO/TC 176/SC 2 (2003): (Draft) ISO 9000 Introduction
and Support Package: Guidance on Outsourced processes.
Available at:
http://www.bsi.org.uk/iso-tc176-sc2
Web references
http://europa.eu.int/comm/enterprise/enterprise_policy/analysis/doc/execsu
m_2002_en.pdf
http://europa.eu.int/comm/enterprise/enterprise_policy/sme_definition/i
ndex_en.htm
http://europa.eu.int/comm/enterprise (SMEs in focus. Observatory of
European SMEs 2002, European Communities, 2002)
http://www.iso.ch/iso/en/iso9000-14000/pdf/survey12thcycle.pdf
http://www.eiso.cz
http://www.iso.cz
99
http://www.fmmi.vsb.cz
100