Understanding ISO 9001:2000

Requirements for Quality Management Systems

Chapter 1
Foreword
The purpose of this e-Book document is to provide a clear and in-depth understanding of the intent and implication of each clause and sub-clause of the ISO 9001:2000 standard. While not intended to serve as an implementation guide, this document should provide sufficient insight for a quality practitioner to develop and implement an effective ISO 9001 based quality management system (QMS). This document can be used by: Beginners - to understand and apply ISO 9001 requirements. QMS managers - to develop a more effective QMS for their organization. QMS auditors - to conduct more effective QMS audits. Top management - to gain an understanding of ISO 9001 as a business tool. Consultants - to provide value-added service to their clients. The ISO 9001:2000 standard is shown in regular font, whereas the "key points and tips" are provided in blue and in italics. The concepts, principles and requirement of the standard are laid out in paraphrased but precise form, following the exact clause by clause numbering. Where ISO has used the word shall, I have replaced with must. Wherever possible, I have stated the clauses in the active tense instead of the sometimes difficult to understand passive tense used in the standard. Below each section, clause or sub-clause of the standard, I provide "key points and tips" to help you better understand the specific concepts, principles and requirements. You will find important explanatory points and tips being repeated or further elaborated in different parts of the standard. Whenever I make reference to you or your QMS, I mean your organizations or facilitys quality management system. In going through the explanatory points and tips, I request that you read each paragraph carefully and sometimes twice to fully grasp the additional interpretation or insight it may convey. By doing so, you might be able to save much time, effort and money in understanding and implementing these requirements or help make your QMS more effective.

0.0 ISO 9001:2000 Standard - clause headings:

0.Introduction 1.Scope 2.Normative Reference 3.Terms and Definitions 4.Quality Management System 5.Management Responsibility 6.Resource Management 7.Product Realization 8.Measurement, Analysis and Improvement Key Explanation Points and Tips: The first four clauses (clause 0. Introduction to - clause 3. Terms and Definitions) do not provide any requirements for a QMS. They provide background information as to the purpose; concepts and principles used in the standard (e.g. process approach; PDCA); guidance on the QMS scope; reference to related documents; and key terms and definitions used. These clauses will all be explained in more detail as we go through each section. The remaining five clauses numbering 4 through 8 provide the control requirements that a QMS must implement. The following is a summary explanation of these 5 major clauses or elements of the ISO 9001:20000 standard. Each major clause has several sub-clauses. Collectively, these 5 clauses set out the requirements for your QMS. Clause 4- Quality Management System - sets requirements to identify, plan, document, operate and control QMS processes and to continually improve QMS effectiveness. Clause 5- Management Responsibility - sets requirements for top management to demonstrate its leadership and commitment to develop, implement and continually improve the QMS. Clause 6- Resource Management - sets requirements to determine, provide and control the various resources needed to operate and manage QMS processes; to continually improve QMS effectiveness; and to enhance customer satisfaction by meeting customer requirements.

Clause 7- Product Realization - sets requirements to plan, operate and control the specific QMS processes that determine, design, produce and deliver an organizations product and services. Clause 8- Measurement, Analysis and Improvement - sets requirements to plan, measure, analyze and improve processes that demonstrate product and QMS conformity and continually improve QMS effectiveness. The overall objective of your QMS must be to enhance customer satisfaction by meeting their requirements. This objective can be achieved by using the ISO 9001 requirements to control your QMS processes and by continually improving QMS effectiveness. To help you get the most out this e-Book, you might find it useful to follow key themesthat the ISO 9001 standard has emphasized. These include: All QMS processes must be planned, implemented, measured and improved. ISO 9001 requirements focus on controlling QMS processes, not product. QMS controls must emphasize prevention of nonconformities rather than detection. QMS processes must be customer focused. Process personnel must be aware of and strive to meet internal and external customer requirements. You must continually improve the effectiveness of your QMS.

Chapter 2 Understanding ISO 9001:2000

Requirements for Quality Management Systems 0.1 Introduction 0.1 General:
The implementation of a QMS should be a strategic decision for your organization. Various factors influence the design and implementation of your QMS. These include - diverse needs and risks of organizations; particular goals and objectives; complexity of products and services provided; number of and complexity of processes employed; and size and structure of the organization. As a result of these and other underlying factors, the ISO 9001 standard does not require uniformity of QMS structure or documentation. The QMS requirements specified in ISO 9001 are complementary to requirements for product. The standard specifies requirements for your QMS, whereas requirements for your product come from customers and regulatory authorities. Information marked Note is for guidance in understanding or clarifying the requirement. This international standard can be used by internal and external parties, including certification bodies, to assess an organizations ability to meet customer, regulatory and the organizations own requirements. The quality management principles stated in ISO 9000 and ISO 9004 have been taken into consideration in developing this standard. Key Explanation Points and Tips: The purpose of an organization is to identify and meet the needs and expectations of its customers and other stakeholders and gain competitive advantage. One of the strategies it might use to achieve this goal is to continually improving the effectiveness and efficiency of its capabilities. ISO 9001:2000 is a powerful business tool that organizations may use to achieve this. Organizations use ISO 9001 to achieve goals and objectives related to meeting customer and regulatory requirements and enhancing customer satisfaction. While the focus is on quality management, the ISO 9001 business model may be applied just as well to manage the entire organization. The standard embodies business concepts and principles universally recognized and applied for sound business management. As such, ISO 9001 should be used as a strategic business management tool. The ISO 9001 standard defines a generic set of requirements for all organizations, regardless of size, complexity or industry sector. These requirements define controls for your quality management system that focus on continually improving the effectiveness of your QMS in meeting customer requirements and thus enhancing customer satisfaction. It is important to note that the ISO 9001 standard does not specify requirements for product. The focus of all ISO

9001 requirements is on your QMS and its processes. By effectively controlling and continually improving your QMS processes, there will obviously be a positive impact on product quality performance and conformity to customer requirements. You must ensure that the scope of your QMS addresses all customer requirements. Customer requirements may show up in contracts, blueprints, their supplier quality manuals, or referenced to applicable industry and regulatory standards and codes, etc. It is important to state here that ISO 9001 certification must not be the ultimate goal of QMS implementation. Your constant goal must be to continually improve the effectiveness and efficiency of the organization for the benefit of all its stakeholders. Obtaining certification must be considered as just a stepping stone in this journey. Organizations that understand and follow this approach will get the most benefit from QMS development and implementation. Organizations implementing an ISO 9001 based QMS must conform to all applicable requirements that the standard specifies. This provides internal and external parties (customers, registrars and regulatory bodies), the basis (i.e. a benchmark) against which to assess the organizations ability to meet customer, regulatory and internal requirements. It is now a common practice to use ISO 9001 certification as a requirement for making contractual decisions. QMS design and implementation will vary from organization to organization. ISO 9001 allows this flexibility because organizations may have differing - goals and objectives; business risks; range and complexity of products; processes and resources; organizational size and structure; workforce competence and stability; etc. This flexibility may relate to QMS scope; structure; documentation or application of ISO 9001 requirements. Personnel performing QMS assessments must - have adequate training on the requirements of the ISO 9001 standard and auditing practices as defined by ISO 19011; be familiar with your QMS, customer requirements and applicable regulatory requirements.

Chapter 3 Understanding ISO 9001:2000

Requirements for Quality Management Systems 0.1.1 The Eight Quality Management Principles
The guidance documents ISO 9000 and ISO 9004 provide the eight quality management principles on which this standard is based. These are: Principle 1 - Customer-Focus Your organization depends on customers and therefore your organization should understand current and future customer needs, meet customer requirements and strive to exceed customer expectations (see clause 5.2; 7.2; and 8.2.1).

Principle 2 - Leadership Leaders establish unity of purpose and direction of the organization. They should create and maintain the internal environment in which people can become fully involved in achieving the organization's objectives (see clause 5) Principle 3 - Involvement of People People at all levels are the essence of an organization and their full involvement enables their abilities to be used for the organizations benefit (see clause 6.2). Principle 4 - Process Approach A desired result is achieved more efficiently when related resources and activities are managed as a process (see clause 4.1). Principle 5 - System Approach to Management Identifying, understanding and managing interrelated processes as a system contributes to the organizations effectiveness and efficiency in achieving its objective (see clause 4.1).. Principle 6 - Continual Improvement Continual improvement of the organizations overall performance should be a permanent objective of the organization (see clause 8.5.1 and 4.1). Principle 7 - Factual approach to decision making Effective decisions are based on the analysis of data and information (see clause 4.1e and 8.4).

Principle 8 - Mutually beneficial supplier relationships An organization and its suppliers are interdependent, and a mutually beneficial relationship enhances the ability of both to create value (see clause 7.4). These eight management principles form the basis for all QMS standards within the ISO 9000 family. Each of these principles is included as requirements in one or more clauses of the ISO 9001:2000 standard.

0.2 Process Approach

This Standard promotes the adoption of a process approach when developing, implementing and improving the effectiveness of a quality management system, to enhance customer satisfaction by meeting customer requirements. For an organization to function effectively, it has to identify and manage numerous linked activities. Any activity, using resources and managed in order to enable the transformation of inputs into outputs, can be considered a process. Often the output from one process directly forms the input to the next. The application of a system of processes within an organization, together with the identification and interactions of these processes, and their management, can be referred to as the process approach. An advantage of the process approach is the ongoing control that it provides over the linkage between the individual processes within the system of processes, as well as over their combination and interaction. When used within a quality management system, such an approach emphasizes the importance of: a) understanding and meeting requirements b) the need to consider processes in terms of added value c) obtaining results of process performance and effectiveness, and d) continual improvement of processes based on objective measurement. The model of a process-based quality management system shown in figure 1 illustrates the process linkages presented in clauses 4 to 8. This illustration shows that customers play a significant role in defining requirements as inputs. Monitoring of customer satisfaction requires the evaluation of information relating to customer perception as to whether the organization has met the customer requirements. The model shown in Figure 1 covers all the requirements of this Standard, but does not show processes at a detailed level.

Process Approach: Key Explanation Points and Tips:

The process approach is the foundation upon which your QMS must be developed. Lets understand some basics about processes. Figure 1 - All work generally involves a process - things go in (inputs); get worked upon (conversion); and come out differently (output). The value-adding conversion activity within a process transforms inputs into outputs, e.g. takes raw materials (the input) and manufactures (the value-adding conversion activity using various resources) a product (the output). Process inputs and outputs can be tangible (raw materials or finished product) or intangible (information - e.g. computerized drawing or specification). Figure 2 - All processes have a supplier and a customer. These suppliers and customers may be internal processes or external to your organization. Each process must have an accountable owner, i.e., having defined responsibility and authority to operate, control and improve their process. All processes require the use of resources, e.g. - people, equipment, materials, technology etc. These resources can be used as inputs (raw materials or information such as a customer specification) as well as for the value-adding conversion activity (e.g. use of machinery, equipment, computers, technology, people, etc.) to transform raw material (input) into finished product (output). All processes must meet (customer, organizational and applicable regulatory) requirements. The performance of all processes can be monitored and measured. Gather performance data that can be

analyzed to determine process effectiveness and whether any corrective action or improvement is needed.

0.2 Process Approach - Continued

An organizations QMS processes may be grouped or categorized in many ways. One logical way would include the following: Customer Oriented Processes (COPs) - These are product realization processes (see clause 7) that determine customer requirements (inputs), design, make, deliver and service product (outputs) to customers and determine customer satisfaction. These processes generally have the greatest degree of interaction with external customers. COPs include - marketing and sales; design and development; production; shipping; packaging; servicing/ warranty; customer satisfaction; etc., whether performed onsite or off-site. Support Oriented Processes (SOPs) - These processes provide the necessary resources to COPs to facilitate product realization. These processes generally have the greatest degree of interaction at an operational level with COPs and to a lesser degree with other internal QMS processes. SOPs include human resources; information technology; purchasing and receiving; laboratory; maintenance; tooling; facility management; etc, whether performed onsite or off-site. See clause 6 and 7. Management Oriented Processes (MOPs) - These processes provide the commitment, leadership, resources, review and decision-making by top management (see clause 5). These processes generally interact with all QMS processes at the QMS planning and review level. MOPs include - business planning; management review; quality planning; resource planning; communication, etc., whether performed offsite or on-site. Quality Management Processes (QMPs) to document, measure, analyze and improve all processes - These processes provide quality management support to and interact with all QMS processes. QMPs include - document control; records control; monitoring and measurement of processes and product; internal audits; control of nonconforming product; corrective and preventive action; continual improvement; etc whether performed onsite or off-site. See clause 4 & 8. Outsourced Processes (OPs) - an outsourced process is a process that the organization has identified as being needed for its quality management system (QMS), but one which it has chosen to be carried out by an external party outside the managerial control of your facility and not subject to the your QMS. These could include MOPs, COPs or SOPs. They may be performed onsite or off-site. These processes may include - strategic planning done at head office; purchasing or design done at head office or another location; heat treating; painting; welding, calibration; testing; sort; HR; etc., done by an outside organization. Your QMS is made up of a network of these value-adding processes that link, combine and interact with one another to collectively provide product or service (See Figure 2). These processes are interdependent and can be defined by complex interactions. For example, any of the COP processes, could interact with some or all of the MOPs, SOPs;QMPs. Also note that resources (SOPs) and QMPs may also be applied to all other processes. Interactions between QMS processes may occur at any of the three process stages (input, output or conversion activity). The interaction may occur in many different ways - physical, documentary, verbal, electronic, etc. For each process, we must identify these interactions; assess the risks of problems that may occur and implement appropriate controls to prevent them, e.g., if orders are communicated verbally by sales personnel to production, what is the risk that production errors will occur?

0.2 Process Approach

Therefore, in general, in order to plan and implement your QMS using the Process Approach, you must: Identify the processes needed for the QMS (see listing above)

Determine their sequence and interaction (show the sequence and interaction of your COPs). There are many ways to document this, e.g., a high level flowchart or a process map. Determine the application of QMS processes throughout the organization (show how MOPs; SOPs and QMPs are applied to each COP and to each other). There are many ways of documenting this. A popular way is through graphical representation, e.g. process maps. Determine (plan) the criteria, methods, information, controls and resources needed for each QMS process. These include: Identify the internal/external customer-required output. Describe the process activity that produces the output. Identify the resources needed for the process activity. Identify the inputs for the process - information, materials, supplies, etc. Define the process methods, procedures, forms etc., that may be needed to produce the output. Define the controls to prevent or eliminate risk of errors, omissions, or nonconformities in the process activity. These controls may come from the TS 16949 standard; customer; regulatory and your own organizational requirements (more details provided in clause 4.1). Interaction - with sources that provide the inputs (internal process or external supplier); uses the output (internal process or external customer); or provide the resources (internal support process) to perform the process activity. Implement your QMS according to your plan. Monitor, measure and improve each QMS process and its interaction with other processes. Performance indicators to monitor and measure process performance may come from the TS 16949 standard; customer; regulatory and your own organizational requirements. Performance indicators may relate to the process output as well as the process activity. Performance indicators for process output must focus on meeting customer and regulatory requirements. Performance indicators for process activity should focus on measuring process effectiveness and efficiency. See clause 5.4.2 for quality objectives. It is useful to point out that while we do need to identify all QMS processes and describe their interaction, not all identified QMS processes need to be documented or documented in the detail described above. Review notes on clause 4.1 General Requirements in conjunction with the above notes on the process approach, for more insight on process documentation. For those interested in gaining a deeper insight into understanding and implementing the process approach, study the ISO guidance document on the concept and use of the process approach for management systems - Document: ISO/TC 176/SC 2/N544R2(r), issued 13 May 2004 on the ISO website. Keep in mind that the above notes and reference are for guidance and the manner and detail of application and documentation of the process approach will vary from organization to organization, due to a variety of factors such as size and complexity of the organization; products, processes; customers; etc. See clause 4.1 for more details on applying the process approach.
0.2 Process Approach (Continued) NOTE: In addition, the methodology known as Plan-Do-Check-Act (PDCA) can be applied to all processes. PDCA can be briefly described as follows. Plan:Establish the objectives and processes necessary to deliver results in accordance with customer requirements and the organizations policies. Do: Implement the processes

Check:Monitor and check processes and product against policies, objectives and requirements for the product and report the results Act:Take actions to continually improve process performance

PLAN-DO-CHECK-ACT (PDCA) - Key Explanation Points and Tips:

See

Figure 3

PLAN-DO-CHECK-ACT (PDCA) - is a very effective tool for business management and the ISO 9001 standard strongly recommends its use. PDCA is a dynamic cycle that can be applied to each of the organizations processes, and also to the system of processes as a whole. It may be used to plan, implement, control and continually improve both product realization and other QMS processes. Maintenance and continual improvement of QMS processes can be achieved by applying PDCA to processes at all levels within the organization - from the executive high-level strategic processes, such as business planning or management review to operational processes such as product realization or calibration. (PLAN) - For each QMS process you must establish: Process owner and his/her accountability Process inputs, outputs, value adding or conversion activities and sequence/interaction of these activities (sub-processes) within the process. Many of the COPs and SOPs may have sub-processes. Process policies, responsibilities and accountability. Process objectives and performance indicators and methods to monitor and measure process performance to these objectives and indicators. Resources needed (e.g. facility, equipment, labor, materials, time, etc). Preventive and detective controls needed for process activity, input, output and resources used. Process documentation (e.g. procedures, forms, work instructions, specification, etc.) The nature, method, frequency and timing of interaction with other processes and where this interaction will occur - input, output, use of resources, conversion activity, etc. You must pay a lot of attention to this stage of your QMS development. Planning must also consider how you will meet customer, applicable regulatory, and your own organizational requirements, in addition to ISO 9001 requirements. We will look at QMS planning in more detail when we review clause 4.1 requirements. (DO) - Deploy and implement your QMS processes and manage and control them according to your plan as documented above. (CHECK) - Monitor and measure the effectiveness of your QMS processes against policies and objectives that you established under PLAN. Monitoring and measuring activity may focus on any or all of a processs inputs; outputs; use of resources for conversion; and interaction with other processes. (ACT) - Collect and analyze your monitoring and measurement information and use it to determine the effectiveness of each process as well as your overall QMS in meeting requirements. Use the information to correct problems and continually improve individual processes. As mentioned above PDCA is a dynamic cycle and so continual improvement must be an on-going process for improving your QMS and enhancing customer satisfaction.

CONTINUOUS IMPROVEMENT PROCESS MODEL FIGURE 1 Key Explanation Points and Tips: Figure 4 - shows the macro level application of the PDCA model to an entire organization. The organizations QMS (as depicted by the processes within the circle) is used to PLAN the controls over all inputs, resources, value-adding activities and outputs. We DO - implement our plan by using various resources to convert customer inputs (requirements) into outputs (product) that meet customer requirements. We CHECK - by monitoring and measuring QMS performance and through customer feedback. We ACT - by using this information to continually improve QMS effectiveness. At the micro level, this same model can be applied to each QMS process. Controls for your processes come from the ISO 9001 standard, customer requirements, your organization or applicable regulatory requirements.. The five clauses of ISO 9001 provide control requirements for PDCA - planning, implementation; monitoring and measurement; and for improvement of each QMS process. The applicable requirements of these five clauses must be applied to each process (inputs; outputs; resources used; transformation activities; interaction with other processes) for effective control. In clause 4.1 we will discuss this in further detail. 0.3 Relationship with ISO 9004 The present editions of ISO 9001 and ISO 9004 have been developed as a consistent pair of quality management system standards, which have been designed to complement each other, but can also be used independently. Although the two standards have different scopes, they have similar structures in order to assist their application as a consistent pair. ISO 9001 specifies requirements for a quality management system that can be used for internal application by organizations, or for certification, or for contractual purposes. It focuses on the effectiveness of the quality management system in meeting customer requirements. ISO 9004 gives guidance on a wider range of objectives of a quality management system than does ISO 9001, particularly for the continual improvement of an organizations overall efficiency, as well as effectiveness. ISO 9004 is recommended as a guide for organizations whose top management wishes to move beyond the requirements of ISO 9001, in pursuit of continual improvement of performance. However, it is not intended for certification or for contractual purposes. Key Explanation Points and Tips: The difference between ISO 9001 and ISO 9004 are as follows: The ISO 9001 standard provides requirements for your QMS that can be certified by an accredited Registrar; whereas ISO 9004 provides guidance to improve your QMS and is not subject to Registrar certification. ISO 9001 focuses on improving QMS effectiveness alone; whereas ISO 9004 focuses on improving an organizations overall performance and efficiency as well as its effectiveness. ISO 9001 provides the initial stepping stone for quality management; whereas ISO 9004 takes you further down the road towards total quality management. The scope of ISO 9001 focuses on requirements intended for certification and contractual purposes; whereas ISO 9001 provides guidance that addresses a broader range of stakeholders such as owners, community, personnel, suppliers, investors, etc. The layout, structure and numbering sequence of the requirements in the two documents are similar. ISO 9004 includes the requirements of the ISO 9001 standard in boxed tables and further discusses concepts, principles, issues and ideas for QMS development and implementation, for each clause. Keep in mind that ISO 9004 goes far beyond what may be required for initial ISO 9001 certification. Use it to gain knowledge and ideas, but be careful about trying to implement all that it covers, as it may be quite overwhelming if you are developing a QMS for the first time. Use ISO 9004 to continually improve the effectiveness and efficiency of your organization beyond certification. 0.4 Compatibility with other management systems This Standard ha been aligned with ISO 14001:1996 in order to enhance the compatibility of the two standards for the benefit of the user community. This Standard does not include requirements specific to other management systems, such as those particular to environmental management, occupational health and safety management, financial management or risk management. However, this standard enables an organization to align or integrate its own quality management system with related management system requirements. It is possible for an organization to adapt its existing management system(s) in order to establish a quality management system that complies with the requirements of this Standard.

Key Explanation Points and Tips: The ISO 9001 standard has been aligned with ISO 14000 EMS (environmental management systems) requirements for compatibility. The technical requirements are obviously different, but many of the management (MOPs), support (SOPs) and quality management (QMPs) are very similar, (e.g., control of documents; control of records, management responsibility, etc.). There is a longer term objective of integrating the audit of QMS and EMS systems. ISO 9001 does not include requirements for - environmental management; occupational health and safety management; financial management; risk management. There are separate ISO standards for most of these business sectors. You have the flexibility to develop or use your existing QMS in any way that facilitates ease of use and understanding by users and effective application of QMS controls within your organization. This includes integrating other business sector standards such as EMS or health and safety. However, for certification to ISO 9001, you must show evidence that you have addressed all applicable requirements of the ISO 9001 standard in your QMS. 1. SCOPE 1.1 General This Standard specifies requirements for your QMS to: a)demonstrate your ability to consistently provide product that meets customer and regulatory requirements b)enhance customer satisfaction by: effective application of your QMS continual improvement of your QMS providing assurance of conformity to customer and applicable regulatory requirements Note: The term Product applies to product intended for or required by a customer Key Explanation Points and Tips: Your QMS must do two things - 1. Meet requirements consistently and 2. Enhance customer satisfaction in three different ways (see above). Ability refers to the capability of your organization to - determine your customer needs and requirements; design and develop product; know-how and capacity to manufacture product; package product; deliver on time; provide service and support; etc; Consistency is being able to repeat your capability within specified parameters for quality as defined by customers, your own organization or regulatory bodies. Can you consistently make conforming product or service, day in day out? To achieve and demonstrate your capabilities, you must effectively plan, operate and control the processes, within your organization that provide them. These processes collectively form the scope of your quality management system (QMS). The effectiveness application of your QMS can be determined by - how well QMS activities and results measure up to planned performance indicators. Continual improvement of the QMS is achieved by - increasing the ability of the QMS to meet requirements through raising the performance indicators and more efficient use of resources. Assurance of conformity to requirements may be achieved by providing confidence that requirements will be fulfilled. This confidence may be achieved through - implementing prevention based controls; conducting internal/external rd audits; 3 party certification of your QMS; etc. This standard provides specific requirements to effectively plan, operate, control and improve your QMS processes. These requirements focus on prevention based controls and to a lesser extent detection based controls, as well as continual improvement of your QMS. It is important to note that the ISO 9001 standard does not specify requirements for product. The focus of all ISO 9001 requirements is on your QMS and its processes. By effectively controlling and continually improving your QMS processes, there will obviously be a positive impact on product quality performance. Dont overlook regulatory requirements applicable to your organization. These requirements may come from your customer; the industry you are in; from within your own organization; or state or federal organizations. You may need to apply regulatory requirements to your suppliers and outsourced processes (subcontractors). Your ultimate objective is to enhance customer satisfaction. You achieve this by planning, operating and

improving your QMS to effectively meet customer and regulatory requirements. 1.2 Application All requirements of this Standard are generic and are intended to be applied to all organizations, regardless of the type, size and product manufactured or supplied. Certain requirements from this Standard may be excluded from your QMS, if they are not applicable due to the nature of your organization and its product You cannot claim conformity to this Standard unless your exclusions: are limited to sub-clauses within Product Realization (clause 7) do not affect your organizations ability, or responsibility, to provide product that meets your customer and applicable regulatory requirements Key Explanation Points and Tips: The scope of the QMS should be based on the nature of your organization's products and realization processes, the result of risk assessment, commercial considerations, and contractual, statutory and regulatory requirements. You must begin with the premise that all requirements of the ISO 9001 standard are generic and applicable to your QMS. You are then allowed to make specific exclusions depending upon the nature of your business and scope of product or services provided. These exclusions can only be made from sub-clauses within clause 7 - Product Realization. For example, if you do not design product, but only manufacture product from customer provided specifications, then clause 7.3 Product Design and Development may not be applicable to you. However, if you buy a complete design and manufacture a product to that design and sell it under your own brand name, then you must include Product Design and Development in the scope of your QMS. The rationale here is that if a capability is required or responsibility implied, to meet customer requirements, then that capability must be included in your QMS. It is your responsibility to perform the required capability whether you purchase, outsource or do it yourself. If you do make any exclusion and these exclusions affect your ability or responsibility to meet contracted customer requirements or applicable regulatory requirements, then youcannot claim conformity to ISO 9001. All exclusions, with appropriate justification must be specified in your Quality manual (see clause 4.2.2). Other examples of exclusions - If you are in the financial service or knowledge based business, you may not need any monitoring or measuring devices, then clause 7.6 Control of Monitoring and Measurement Devices may be excluded. If in doubt about whether or not to exclude any clause, then get direction from your Registrar. Another example is - where you do not use any customer property (materials, equipment, packaging containers, intellectual property; etc.) to make or deliver your product, then clause.7.5.4 Customer Property may be excluded. You do not have to include all your products or product groups within your QMS. However, you must be careful that you dont give customers the perception that the excluded product is manufactured under a QMS that is ISO 9001certified. Your Quality Manual; ISO 9001 registration certificate; marketing materials; your website; etc. must be clear on the scope of your QMS certification to avoid confusing or misleading customers. Your Quality Manual must clearly specify the scope of your QMS (see clause 4.2.2). Your QMS scope must include - specific products; processes; locations; any exclusions from the ISO 9001 standard with appropriate justification; etc. 2 NORMATIVE REFERENCE DOCUMENTS ISO 9000:2005 - Fundamentals and vocabulary Key Explanation Points and Tips: The ISO 9000:2000 is a reference document that describes quality management system fundamentals and vocabulary. Only the terms and definitions (section 3) of ISO 9000:2000 apply to ISO 9001:2000 3 TERMS AND DEFINITIONS Terms and Definitions New supply chain terms: supplier organization customer Use of product can also mean service Key Explanation Points and Tips: A supplier is an organization that supplies your organization with product or services, e.g., a distributor, retailer or

vendor. A supplier can be internal or external to your organization. In this standard, wherever the term organization is used, it refers to your facility and includes the people and resources with associated responsibilities, authorities and relationships. Customer refers to a person or organization to whom you provide product and services. A customer can be internal or external to your organization. Product is used in a broader context and includes service. 4 QUALITY MANAGEMENT SYSTEM 4.1 General Requirements Establish, document, implement and maintain your QMS and continually improve its effectiveness in accordance with the requirements of this standard. Your organization must: a)Identify the processes needed for your QMS and also identify where they are applied throughout your organization. b)Determine the sequence and interaction of your QMS processes. c)Determine the criteria and methods needed to ensure both the effective operation and control of these processes d)Ensure resources and information are available to support the operation and monitoring of all QMS processes e)Monitor, measure, and analyze your QMS processes f)Implement actions to achieve planned results and continually improve your processes Manage your QMS processes in accordance with the requirements of this Standard Control any outsourced processes that affect product conformity to requirements & identify such processes within your QMS Note: Your QMS processes should include processes for management activities, provision of resources, product realization, and measurement as part of QMS Key Explanation Points and Tips: The primary focus of clause 4.1 requirements is to manage and control all your QMS processes including product realization processes. The note under clause 4.1 requires that your QMS must also include processes for management activities, provision of resources, product realization, and measurement as part of QMS. Clause 4.1 requires the Process Approach to be used in defining your QMS. Review section 0.2 Process Approach of this document for a good understanding of clause 4.1 requirements and how they may be applied. Documentation of QMS processes and the need for and detail of specific process documentation is determined by ISO 9001; customer; regulatory and your own organizational requirements. Other factors to consider may include complexity of products and processes; effect on quality; risk of customer dissatisfaction; economic risk; effectiveness and efficiency; competence of personnel. Clause 4.2.1d requires you to have documents needed to ensure the effective planning, operation and control for QMS processes. Based on these factors, you must determine what processes need to be documented and how you will document it. Not all processes need to be documented; however your quality manual must include a description of the interaction between your QMS processes. A number of different methods can be used to document processes, such as graphical representations, written instructions, checklists, flow charts, visual media, or electronic methods, etc. Process flowcharts or block diagrams can show how policies, objectives, influential factors, job functions, activities, material, equipment, resources, information, people and decision making interact and/or interrelate in a logical order. Procedures may be an acceptable way to document processes provided they describe inputs and outputs, appropriate responsibilities, controls and resources needed to satisfy customer requirements. Regardless of whether or not you document all of your processes, you must provide evidence of effective implementation of all your QMS processes. Such evidence does not necessarily need to be documented. Clause 4.1c requires you to determine criteria for effective process operation and control. You could determine criteria to control inputs, outputs and resources used. For example - raw materials as an input to production would have acceptance criteria that it must meet before it can

be used; finished product as an output of the production process must meet acceptance criteria before it can be shipped to the customer; the equipment used to transform raw materials into finished product may have set-up and capability criteria or parameters that it must meet in order to produce conforming product. These prevention based criteria (controls) must be established for each QMS process. Note that such controls may also come from the customer, regulatory or industry bodies. Equally important are the specific methods (clause 4.1c) required for effective operation and control of each process. These may include job travelers; work instructions; in process inspection sheet; specifications and drawings; SPC charts; set up checklist; machine manuals; etc. Note these control methods may apply to any or all of inputs, outputs or conversion activities.

4.1 Continued
Under 4.1d - resources for QMS processes may include - facility, material; equipment; labor; supplies; utilities; etc. Every QMS process will require a different combination of resources. Resource details may be identified in specifications; production schedules; bill of materials; production travelers or routers, work instructions, etc. The planning of resources will be determined in MOPs (clause 5) and provision and control of resources will be determined by SOPs (clause 6). Clause 4.1d- information for QMS processes will vary from process to process and may include - production schedules; bill of materials; product acceptance and process performance criteria; production traveler or router; work instructions; etc. Use clause 4.2.3 and other relevant clauses to control process information. Clause 4.1e requires you to monitor and measure your QMS processes. Clause 8 provides requirements to plan and implement these controls for monitoring and measuring conformity to process performance criteria determined in 4.1c above. Ways to monitor and measure QMS processes may include - tracking against process parameters, goals and objectives, using tools and records such as process check-sheets; product acceptance criteria; SPC records; production records; maintenance records; labor records, etc. More details on monitoring and measuring controls are covered in clause 8. QMPs typically perform this function. (see section 0.2 Process Approach of this document). Clause 4.1e - Analysis of QMS processes may be done through a review of measurement and monitoring records and performance indicators for each process. These reviews must identify opportunities to improve QMS processes, use of resources and product quality. Under clause 4.1.f, when process nonconformities occur (as shown by process performance indicators), then corrective action is required to bring the QMS process under control. Remember, the corrective action process is not just for product related nonconformities. Processes must be continually improved (see clause 4.1f) through setting of incrementally realistic, measurable (see clause 5.4.1) objectives- Planning for continual improvement requires a review of process data, resources and controls to bring about the desired change. More on this when we look at clause 8.4. Clause 4.1a - 4.1.f must be applied to all QMS processes. Note also that many ISO 9001 clauses (e.g. clause 7.2; 7.4; 7.6; etc.), require specific processes to be established within your QMS, These processes must also be identified and controlled in your QMS. I will highlight all these process as we cover the standard. Make sure you include all outsourced processes affecting product quality, in the scope of your QMS. An outsourced process is any value-adding or conversion activity related to your product or service, that is performed by an external organization such as a subcontractor, sister facility, etc. Note that the external organization may perform the outsourced activity at their facility or yours. A manufacturing company may outsource welding, heat treatment or painting of product. A software company may outsource software development. A bank may outsource check clearing services. You must be able to demonstrate sufficient controls over outsourced processes to ensure that such processes are performed according to the relevant requirements of ISO 9001:2000. The nature and scope of such control will depend on the nature of the outsourced or subcontracted process and the risk involved. Outsourced processes may be controlled in any number of ways, e.g., providing the outsourcer with product specifications; your supplier quality manual that they must meet; asking for inspection and test results or certificates of compliance; validation of outsourced process; conducting product and QMS audits of your outsourcer; etc. The expectation here is that you flow down to your outsourcer, the relevant ISO 9001requirements that you would have to implement, had you performed the process at your own facility. One last thing before we leave this all important clause. In systematically applying clause 4.1 requirements to each QMS process, we are intuitively using the PDCA approach to development of QMS processes. PLAN will call upon sub-clauses 4.1.a - 4.1e as well as other applicable ISO 9001 clauses as shown above;

DO is required by 4.1.f as well as other applicable ISO 9001 clauses CHECK is controlled by 4.1.e as well as other applicable ISO 9001 clauses; ACT is governed by clause 4.1.e-f as well as clause 8. Please review clause 4.1 and section 0.2 Process Approach of this document several times as you go through the rest of this standard. With a bit of process-mapping practice with the different types of processes, you will understand better the above explanation points and tips and will be able to develop and implement an effective QMS. There are also many useful tools available to facilitate this. (4.2 Documentation Requirements) 4.2.1 General QMS documentation must include: a)Statements of a quality policy and quality objectives b)A quality manual c)Documented procedures required by the Standard d)Documents needed by the organization (to ensure effective planning, operation, and control of QMS processes) e)Records required by the Standard (Notes) Note 1 - Documented procedures must be established, documented, implemented, and maintained. Note 2 - The extent of QMS documentation may differ from one organization to another due to: a)size of organization and type of activities b)complexity of processes and their interaction c)competence of personnel Note 3 - Documentation may be in any form or type of medium. Key Explanation Points and Tips: Lets begin with some definitions. A document is information that is written or recordedon some medium such as paper or computer. A document may specify requirements (e.g. a drawing or technical specification); provide direction (e.g. quality plan); or show results or evidence of activities performed (e.g. records). A procedure is a specific way to perform an activity or process (methods or practice used by an organization) and it may or may not be written. If it is written, it is called adocumented procedure. The same reasoning applies to work instructions which may or not be documented. This standard is not heavy on documented (written) procedures as was the case with previous standards. Clause 4.2.1 specifies all the different types of documentation needed for your QMS. The need to have additional documentation beyond those specified in this standard may depend upon - customer; regulatory and your own organizational requirements. Other factors to consider may include - complexity of products and processes; effect on quality; risk of customer dissatisfaction; economic risk; effectiveness and efficiency; competence of personnel. Clause 4.2.1d requires you to have documents needed to ensure the effective planning, operation and control for QMS processes. Each organization must determine what documentation is needed to achieve this based upon the factors listed above. You must have documented statements of your quality policy and objectives. These will be discussed later in clause 5. There are many ways to document your Quality Manualand would be determined by the size, structure and complexity of your organization (se note 2). Clause 4.2.2 specifies more requirements for the contents of the quality manual.

4.2.2 Quality Manual

Establish and maintain a quality manual & include: a)The scope of the QMS including details of and justification for any exclusions

b)The documented procedures (or references to them) c)A description of interaction between QMS processes Key Explanation Points and Tips: The quality manual is a special type of document that describes your QMS. Besides describing your QMS, your quality manual could provide information on organizational background and capabilities. It may be used by customers, regulatory bodies, suppliers and company personnel for a variety of purposes. There are many acceptable ways to document your quality manual. You must define the scope of your QMS in your quality manual. Your QMSscope should include facilities (manufacturing and support locations), products, processes, Quality Management and other standards, etc. Customers will want to know the extent of your capabilities and the Registrar will want to determine the time and effort needed to audit your organization. Provide details of any clause exclusions from your scope, e.g. 7.3 Product Design and Development, and justification for it. You must justify all exclusions and remember, exclusions can only be made from clause 7. You have flexibility in whether or not to include your procedures and lower level documentation with your quality manual or organize them in some other fashion. You may include all or some of your procedures in your Quality Manual orreference them to your Quality Manual. Keep a listing or index at the front or back of your Manual showing the complete list of your procedures whether included or referenced. The practicality of all this would depend, of course, on the size of your organization, complexity of products and processes; competency of personnel, media used for documentation (hard copy versus computerized); ease of use and understanding by personnel; etc. So go ahead and organize your documentation to facilitate ease of use; availability and maintainability. Your quality manual must include a description of the interaction of your QMS processes. This was discussed above under clause 4.1 As a controlled document (see 4.2.1), the quality manual is subject to all of the controls in clause 4.2.3.

4.2.3 Control of Documents

Control all documents required by your QMS Have a documented procedure that defines controls needed to: a)Approve the adequacy of documents prior to issue b)Review, update as necessary, and re-approve documents c)Identify changes to documents as well as identify their current revision status d)Make relevant versions of applicable documents available at points of use e)Maintain documents so that they are legible and readily identifiable f)Identify documents of external origin and control their distribution g)Prevent the unintended use of obsolete documents, and apply suitable identification to these documents if they are kept for any purpose. Records are a special type of document (controlled by requirements in clause 4.2.4)

Key Explanation Points and Tips:

As mentioned in clause 4.2.1 notes, a document is information that is written or recorded on some medium such as paper or computer. A document may specify requirements (e.g. a drawing or technical specification); provide direction (e.g. quality plan); or show results or evidence of activities performed (e.g.

records). Clause 4.2.1 tells you what documents you must include in your QMS. All documents that you determine under clause 4.2.1 to be needed for your QMS processes must be controlled. This clause 4.2.3 provides requirements on howthese documents must be controlled. Documents outside the QMS need not be subject to these controls. This clause requires you to have a documented procedure. Your procedure must - define responsibility for and description of the controls required by 4.2.3 a - 4.2.3g; methods to measure process document control performance; and continual improvement of the document control process. Ensure that your procedure specifically addresses each of the control requirements, in terms of who, what when, where and how as applicable. Your procedure must address new and old as well as internal and external documents used by the QMS. You must approve all new QMS documentation prior to issue. Some degree of checking, examination or assessment is inherent in approval for adequacy. You must periodically determine if any updating or revisions of any QMS documentation is needed, and if they are changed, they must be re-approved for adequacy. The frequency of this review, responsibility and method must be defined in your procedure. This will be determined by events within your organization and how mature or recent your QMS is. Auditors will explore this if they find that your documents have not changed in years, while the nature of your business has changed significantly. Identify changes made to documents so users know exactly what has changed. There are many ways of doing this on printed as well as computerized documents. Your procedure must cover how this is done. Have a method for revision control such as a revision log and master-list of documents which identifies the current revision status. Again, there are other ways of doing this as well. Your procedure must cover how this is done.

4.2.3 Control of Documents - Continued

Not all documents need to be available everywhere within your organization. You must determine what document is applicable (i.e. needed to assure product or process quality) to a specific process or activity and make the relevant version of that document available to that activity, e.g. providing current packaging and shipping work instructions to the shipping department. Your procedure must cover how this is done. Once you determine that certain documents need to be made available at various locations, implement some form of distribution control. There are many ways to do this. One way would be to keep a distribution log. Your procedure must cover your form of distribution control. Documents can take a beating in very harsh environments (covered in oil, dust, acid eaten, weatherbeaten, etc.) to the point of being illegible. You must regularly review the condition of frequently used hardcopy documents to determine whether they need to be replaced. Your procedure must cover how this is done. Documents must also be readily identifiable as to its purpose and scope. A simple heading may suffice, (e.g. In-process Inspection Sheet). Computerized documents are sometimes given file names that dont identify its contents and this might require numerous files to be opened before you find the right one. Identification also implies effective filing for timely retrieval, whether manual or computerized. A frequent nonconformity is not being able to retrieve a document or record because of poor filing procedures. External documents (such as customer drawings or supplier material/part specifications) must be identified. There are many ways to do this. One way would be to keep a manual or computer list of these documents. Determine who needs these documents and have some form of distribution control. Your procedure must cover how this is done. Dont overlook supplier, regulatory or industry documents. Apply applicable controls to these as well

(4.2.3f). Obsolete documents can cause many problems if not controlled. There are many ways to do this. One way would be to provide computerized documents in read-only mode and make only the current version accessible at workstation computer screens. Obsolete hardcopy documents can be removed through distribution control. Your procedure must cover how this or other methods are used. Ensure your procedure also covers methods to disallow unauthorized and unapproved or incorrect documents from being created, used or distributed. If documents are archived, make sure that all such documents are properlyidentified, indexed and filed, and preferably have controlled or restricted access to them. Again your procedure must cover how this is done. Nonconformities against the document control process are one of the most frequent audit findings. Develop appropriate performance indicators to demonstrate effective implementation of your document control process. Examples include - number of obsolete or unauthorized documents found being used; number of unauthorized changes found; number of instances documents were not available at points of use; etc. Track trends in these indicators and use this information to tighten your controls and continually improve
your document control process.

As mentioned in clause 4.1, use the PDCA to plan, implement, measure and improve your document control process. Your procedure should describe this approach.

4.2.4 Control of Records

Establish and maintain records as evidence that your QMS conforms to requirements and that your QMS is being operated effectively. Establish a documented procedure that controls how you identify; store; protect; retrieve; retain and dispose of records. Keep your records legible, readily identifiable, retrievable. Note - disposition includes disposal; and records include customer-specified records

Key Explanation Points and Tips:

A record is a special type of document that provides written evidence of results achieved or activity performed (e.g. an inspection record). Records provide one of the strongest forms of evidence of maintaining and demonstrating the effectiveness of your QMS. Ensure that your documentedprocedure for control of QMS records addresses each of the control requirements specified in this clause, in terms of who, what when, where and how. These controls apply to all QMS records whether they are hardcopy or computerized. ISO 9001 calls for many records. Some records are specified, while others are implied. The onus is on you to demonstrate or provide evidence (records) of conformity to requirements, whether the specific clauses ask for records or not. As we go through the clauses, I will identify specific and implied records. Make a list for yourself as we go along. Requirements for records may originate from the customer, regulatory, industry, or within your organization. Ensure you maintain records to conform to all of these as applicable. Records may also come from suppliers and outsourcers. All these records are subject to the above controls. The comments under document control regarding legibility, being identifiable and retrievable apply equally to QMS records. Readily identifiable - relates to easily determining the purpose and scope of the record, e.g. an inspection record for a product at final inspection. The design of QMS records must prevent confusion or ambiguity in the completion and use of records. Records must be written legibly to be useful. Also make sure that they are not exposed to unauthorized change or alteration. For the duration that they are kept, store records in locations and mediums that will protect against

unauthorized access and environmental damage - (covered in oil, dust, acid eaten, weather-beaten, etc.). Regularly review the condition of records. The indexing and filing of records (hardcopy or computer) must ensure easy retrieval. Keep a listing of all the different categories of records and define the retention times associated with each category (inspection and test; sales and purchasing; management review; calibration; training; etc). Retention times are typically determined by customer, regulatory, industry or organizational requirements and policies. Records must eventually be disposed off once past their defined retention times. Disposition could range from permanent destruction of records to permanent storage in a secure onsite or off-site archive. The intent here is to remove the risk of inadvertent use and availability for current activities and unauthorized access. Depending upon the industry, specific records may be kept indefinitely. There are some who would argue that disposition means the permanent destruction of records. The ISO Guidance on terminology defines disposition as the action of getting rid of or making over, to arrange, a putting in order. This supports the interpretation I have taken. Nonconformities against the process for control of records arise frequently. Develop appropriate performance indicators to demonstrate effective implementation of your record control process. Examples of indicators could include - number of instances of inability to retrieve records; amount of time spent looking for records; number of instances of incomplete records; number of instances of damaged records found; etc. Track trends in these indicators and use this information to tighten your controls and continually improve your record control process. As mentioned in clause 4.1, use the PDCA to plan, implement, measure and improve your process for record control. Your procedure should describe this approach.

5. MANAGEMENT RESPONSIBILITY 5.1 Management Commitment

Top management must provide evidence of its commitment to develop and implement the QMS and continually improve its effectiveness. To achieve this, they must: a)Communicate to the organization the importance of meeting requirements (customer, statutory and regulatory) b)Establish the quality policy c)Ensure that quality objectives are established d)Conduct management reviews e) Ensure the availability of resources

Key Explanation Points and Tips:

Management commitment - relates to the responsibility of top managementto provide leadership and direction for quality management within the organization. They must establish strategic quality management policies, directives and objectives consistent with the purpose and capabilities of the organization. They must establish the organizational structure and internal environment that motivates personnel to achieve the organization's quality management goals and objectives. They must provide adequate resources to develop, implement, maintain and improve the QMS. They must periodically review QMS performance to determine it suitability, adequacy and effectiveness. The above activities are all requirements of clause 5. Each sub-clause of clause 5 starts with the phrase top management. Top management is now clearly accountable and auditable for their role and responsibilities for the activities listed in the paragraph above. The phrase provide evidence is very important here. Auditors are expected to review documents and records showing top managements role in planning and implementing the processes that apply clause 5 requirements. You must begin with identifying the processes within your organization that perform these activities. These processes would typically include - business planning; quality planning; management review;

internal communication; organization structure; etc. Business planning would address 5.1b and 5.1c, and so on for the other sub-clauses. Top management would be the process owner of all these processes. Clause 5.1a - may be viewed in combination with clause 5.2 customer f ocus, and clause 5.5.3 internal communication. Top management must communicate regularly to the organization on the importance of meeting customer and regulatory requirements. The communication process should define what needs to be communicated; to whom; the methods used; the frequency; and the means for determining communication effectiveness. (See clause 4.1a- 4.1f for guidance in developing such a process.). Top management may communicate in any number of ways including meetings; documented policies; memos; directives; email; etc, Note: effectiveness may be measured by asking - how much of the planned activities did we get done? Or to what extent did we achieve planned results? Clause 5.1 does not require a documented procedure. However, you must identify and document (e.g. process map; process flow diagram; etc.) the processes for business planning; quality planning; management review; internal communication; organization structure; etc. as part of your QMS (see clause 4.1). You must also identify what specific documents are needed for effective planning, operation and control of these processes (see clause 4.2.1d). These documents may include - a documented procedure; business plan; statement of policies and objectives; etc. Look at the risks related to your business, products, processes and resources in determining the nature and extent of documented controls you need to have (also see clause 4.2.1 notes) for this clause. Where some of clause 5 activities are performed off-site (e.g. at head-office), your QMS must identify the off-site processes within your QMS and ensure that such processes comply with ISO 9001 requirements. Evidence of compliance may include - a copy of their ISO 9001 certification; ISO 9001 internal audit results (of these processes) for the off-site facility; auditing these processes at the off-site facility. The expectation is to flow down to the off-site facility, the relevant ISO 9001requirements that you would have to implement, had you carried out the process at your own facility. The specific requirements for clause 5.1b through 5.1d will be discussed in the upcoming sub-clauses. 5.2 Customer Focus Top management must ensure that: Customer requirements are determined and met Aim is to enhance customer satisfaction (also see clause 7.2.1 and 8.2.1) Key Explanation Points and Tips: Organizations depend on their customers. So it is important that customer relationships be effectively managed. Accordingly, you must understand current and future needs of customers; you must meet their requirements and strive to exceed their expectations. To ensure this you must understand your customers specific needs and requirements in terms of products, price, delivery communication, service and support. You must have an effective communication process between your customer and your organization, for discussion, review, timing, action and responsibility on the above issues. You must have an effective process for communication and review of the above requirements to relevant personnel or departments within your own organization. It is top management role to provide the leadership and commitment of time and resources to ensure this happens. Auditors will look for evidence of this. Clause 7.2.1 gets further into the details of understanding and processing customer requirements. Clause 8.2.1 sets requirements for monitoring and measuring customer satisfaction.

Clause 5.2 provides the top managements overall responsibility for customer relationship management (CRM), while clause 7.2.1 provides the front end and clause 8.2.1 provides the back end, of the underlying and detailed activities of CRM. You will notice that the requirements of clause 5.2 - customer focus can be included the following processes - business planning; communications; sales and marketing; and customer satisfaction feedback; etc. Clause 5.2 does not require a documented procedure. However, you must identify and document (e.g. process map; process flow diagram; etc.) the processes listed in the paragraph above as part of your QMS (see clause 4.1). You must also identify what specific documents may be needed for effective planning, operation and control of these processes (see clause 4.2.1d). Examples of such documents may include - a documented procedure; business plan; statement of customer related policies and objectives; etc. 5.3 Quality Policy Top management must ensure that the quality policy: a)is appropriate to the purpose of the organization b)includes a commitment to comply with requirements and continually improve the effectiveness of the QMS c)provides a framework to establish and review quality objectives d)is communicated and understood within organization e)is reviewed for continuing suitability Key Explanation Points and Tips: Developing a QMS must be a strategic business decision and therefore top management must provide the necessary direction and leadership, starting with establishing the quality policy and objectives. Your quality policy provides top managements vision on quality management for the organization. It provides the organization with focused direction, i.e. high level goals and objectives for quality management. Your quality policy must be consistent with the scope of your QMS (see clause 1- scope) and other business, management and organizational strategies within the organization. Aggressive sales or marketing strategies must not be at the expense of quality management. Clause 4.1.a - requires that you document your quality policy and clause 5.3.c requires that you specify your commitment to meet requirements andcontinually improve the effectiveness of your QMS. Clause 1 specifies requirements for the scope of your QMS. Shouldnt the wording in clause 1 be a good way to define your quality policy? The wording of the quality policy should preferably specify what requirements are being complied with (customer, regulatory, ISO 9001, etc.). It must also clearly state your commitment to continually improve the effectiveness of the QMS. Beyond that, you may state other complementary and important policies (business growth; product or manufacturing technology; workforce competence; business flexibility, etc.) What you state in your quality policy must lead to establishing quality objectives, e.g. if you state in your quality policy that you will meet customer requirements, then from this, you might derive customer focused objectives for - product defects; customer complaints and returns; on time delivery, etc. Similarly, for the phrase -meet ISO 9001 requirements; from this you might derive process objectives for effectively using ISO 9001 requirements to manage, control and improve al of your QMS processes. Check out the process performance indicators suggested in our coverage of clause 4.2.3 and 4.2.4.

Stating that you will continually improve the effectiveness of your QMS in your quality policy - can lead to a number of objectives, as your QMS is comprised of many processes and you could have one or more objectives for each process. Therefore, each statement in your quality policy may result in one or more quality objectives. These quality objectives do not need to be stated in your quality policy, but top management must clearly be involved in providing direction, establishing and reviewing these objectives. Earlier we had covered processes for internal and external communication. Your internal communication process should cover how the quality policy is communicated throughout the organization. There are many ways of doing this. Personnel must understand the importance and impact of the quality policy on the work they do. If you recall from 4.2.1 your QMS includes the quality policy and quality objectives. Therefore, these are controlled documents and must be controlled according to clause 4.2.3 control of documents. Your quality policy may be documented in your quality manual or as an independent document or both. The quality policy is not written in stone. It must be reviewed periodically by top management, for significant changes in your organization, e.g. management, ownership, relocation, product, shift in customer base, etc. Such changes may result in changes to the quality policy. The establishment of the quality policy should be part of the business planning or QMS planning processes. A review of the quality policy for continuing suitability should be part of your management review process (see clause 5.6). As a quality document, the quality policy is also controlled by 4.2.3 control of documents. In clause 8.5.1, we will examine how the quality policy can be used as a tool for continual improvement. 5.4 Planning 5.4.1 Quality Objectives Top management must: Ensure quality objectives are established (including those needed to meet product requirements (see 7.1a) Set them at relevant functions and levels within the organization Set measurable quality objectives Keep these quality objectives consistent with the quality policy Key Explanation Points and Tips: Clause 4.1e requires you to measure and analyze QMS processes and clause 7.1 requires objectives for product. Clause 4.2.1a requires you to document it. Clause 8.2.3 and 8.2.4 require you to monitor and measure and evaluate results to your planned objectives. This clause 5.4.1 sets out specific requirements for planning of quality objectives. Top management must provide the leadership, organization and resources to deploy and achieve planned quality objectives. From the previous clause 5.3 we learned that the quality policy must provide the framework for establishing quality objectives in order to be consistent with it and provided examples of such consistency. In this clause, top management must ensure that specific quality objectives are established. Use quality objectives to measure the performance of products; processes; customer satisfaction; suppliers; use of resources; and the overall performance and effectiveness of the QMS. Quality objectives may be established for all QMS processes. Examples of quality objectives: Product - reduction in defect rates, PPMs (defective parts per million), scrap rates, rework; improvement in on time delivery (see clause 7.1a).

Process - objectives generally focus on improving process productivity through the elimination or reduction of variation and waste in process - inputs, outputs, conversion activity and related use of resources. Objectives may be used to monitor and improve process - productivity; reduction of cycle time, errors, omissions and failures; etc. Examples could include objectives for - set-up time; run rates; process cycle time; etc. Customers - reduction in # of complaints; improvement in customer satisfaction rating; on time delivery; service; support, etc, (see clause 8.2). Suppliers - material defects; on time delivery; # of complaints with supplier. Resources - (includes facility; equipment; labor; etc.) - objectives could be established based on availability; capability; maintenance; personnel competency, absenteeism; production rates; efficiency; safety; etc. For the QMS - customer satisfaction feedback; internal audit results; # of improvement opportunities; etc. Remember the purpose of quality objectives is to determine conformity to (customer and regulatory) requirements, and effective deployment and improvement of the QMS Quality objectives may be set at various functional levels of the organization - top management; departments; processes; functional groups; work cells; project teams; individuals; etc. It would be useful to cover these levels as they add value and contribute to customer or organizational objectives. Employees at all of these levels must be made aware of the importance of and how they must contribute to the achievement of these objectives. Quality objectives must be measurable. Measurement can be done quantitatively or qualitatively. Quantitative measures are generally more objective in determining whether conformity or effectiveness has been achieved. In some situations, the use of qualitative measurements may be appropriate. Objectives based on yes/no criteria, (e.g. - develop new product by March 2006), are also acceptable. These quality objectives must be deployed and measured (see clause 8) and top management must conduct an effective review of the measurement results. These measurement results must also be used for corrective action and continual improvement. The quality objectives must be achieved within a defined time period to ensure accountability. This could be determined by your customer, your management, your head office, regulatory bodies, etc. Your business or quality planning process must establish these time periods and include the communication of objectives and timelines to those responsible for achieving them. Quality objectives may be documented in any or all of these documents - your quality manual; QMS processes; procedures; quality plans; etc. The establishment of quality objectives should be part of the business planning or QMS planning processes. A review of the quality objectives should be part of your management review process (see clause 5.6). As a quality document, your documented statement of objectives must be controlled by 4.2.3 control of documents. You must be careful not to overwhelm your organization with too many objectives as this may cause more frustration than positive results. Start with objectives that focus on meeting customer requirements and then slowly develop meaningful objectives for key processes and risk prone processes, as initial targets are achieved. 5.4.2 QMS Planning Top management must: a)Ensure QMS planning is carried out in order to meet both, the requirements of clause 4.1 as well as the quality objectives

b)Maintain the integrity of QMS when changes to system are planned and implemented Key Explanation Points and Tips: It is the responsibility of top management to provide direction, authorization and, resources and review for QMS planning. When developing your QMS process controls (for determining customer requirements, design, development, manufacture, delivery and customer support), you must focus on meeting customer and regulatory requirements as well as the planned QMS objectives established in clause 5.4.1. As I had mentioned earlier, clause 4.1 is the backbone of ISO 9001 as well as ISO 9001. It provides direction on how to put together the framework of your QMS, i.e. your QMS plan. Your QMS planning requires you to identify all your QMS processes and describe their sequence and interaction. The criteria and methods for planning, operation and control of these processes come from the rest of the ISO requirements as well as your customer and your own organization. So if you have developed your QMS following the steps explained under clause 4.1, you have addressed clause 5.4.2a. The continuity and effectiveness of your QMS must be substantially maintained in the event of significant changes in your QMS or organization, e.g. management, ownership, relocation, technology, product, shift in customer base, etc. Changes must be carefully planned so as not to disrupt your organizations ongoing capability and responsibility to effectively meet customer and regulatory requirements In such instances, change control would require: careful planning of the nature and timeline for the changes; determining the impact or outcome of such changes; ensuring adequate resources are available to implement the change; top management authorization change deployment and follow-up review of the QMS by top management after changes are effected. QMS planning could be a part of business planning or treated as an independent process depending on organizational structure and responsibilities. The management representative (see clause 5.5.2) typically facilitates QMS planning with the various process owners. The process owners must take responsibility for implementation, maintenance and improvement of their processes. The management representative may provide training and technical assistance as needed. Top management through business planning must provide leadership, resources and review of QMS performance. Performance indicators to demonstrate effective QMS planning could include - achievement of quality objectives; improved customer satisfaction ratings; reduced number and seriousness of internal/external audit nonconformities.