ISO9001 Quality Management Standard Upgrade - 2008
ISO9001 has been around now since 2000 and it is normal practise for Standards to be reviewed and updated every five years or so. This update is now overdue.
The PDCA model has been retained and one member of then committee said it should stand for 'Please don't change anything' rather than PLAN-DO-CHECK-ACT.
The ISO Committee has proposed that only minor changes should be incorporated into the 2008 update:
Clause 0.2 (Process approach)
Clause 4.2.3 (Document control)
Clause 4.2.4 (Records control)
Clause 5.5.2 (Management rep)
Clause 6.2.1 (Human resources)
Clause 6.3 (Infrastructure
Clause 6.4 (Work environment)
Clause 7.2.1 (Customer related processes)
Clause 7.3.1 (Design & development planning)
Clause 7.3.3(Design & development outputs)
Clause 7.5.4 (Customer property)
Clause 7.6 (Now retitled Control of Monitoring and Measuring equipment)
Clause 8.2.1 (Customer satisfaction)
Clause 8.2.3 (Monitoring / Measurement of process)
I must emphasise that these are proposed changes and not 'set in stone'.
The 2008 Standard is expected to be published in November 2008.
The PDCA model has been retained and one member of then committee said it should stand for 'Please don't change anything' rather than PLAN-DO-CHECK-ACT.
The ISO Committee has proposed that only minor changes should be incorporated into the 2008 update:
Clause 0.2 (Process approach)
- Text added to emphasize the importance of processes being capable of achieving desired outputs
Clause 4.2.3 (Document control)
- Clarification that only external documents relevant to the QMS need to be
controlled
Clause 4.2.4 (Records control)
- Editorial changes only (better alignment with ISO 14001)
Clause 5.5.2 (Management rep)
- Clarifies that this must be a member of the organization's own management
Clause 6.2.1 (Human resources)
- Clarification that competence requirements are relevant for any personnel who are involved in the operation of the quality management system
Clause 6.3 (Infrastructure
- Includes information systems as example
Clause 6.4 (Work environment)
- Clarifies that this includes conditions under which work is performed and includes, for example physical, environmental and other factors such as noise, temperature, humidity, lighting, or weather
Clause 7.2.1 (Customer related processes)
- Clarifies that post-delivery activities may include:
- Actions under warranty provisions
- Contractual obligations such as maintenance services
- Supplementary services such as recycling or final disposal
Clause 7.3.1 (Design & development planning)
- Clarifies that design and development review, verification and validation have distinct purposes
- These may be conducted and recorded separately or in any combination as suitable for the product and the organization
Clause 7.3.3(Design & development outputs)
- Clarifies that information needed for production and service provision includes preservation of the product
Clause 7.5.4 (Customer property)
- Explains that both intellectual property and personal data should be considered as customer property
Clause 7.6 (Now retitled Control of Monitoring and Measuring equipment)
- Explanatory notes added regarding the use of computer software:
"Confirmation of the ability of computer software to satisfy the intended application would typically include its verification and configuration management to maintain its suitability for use."
Clause 8.2.1 (Customer satisfaction)
- Note added to explain that monitoring of customer perception may include input from sources such as customer satisfaction surveys, customer data on delivered product quality, user opinion surveys, lost business analysis, compliments, and dealer reports
Clause 8.2.3 (Monitoring / Measurement of process)
- Note added to clarify that when deciding on appropriate methods, the organization should consider impact on the conformity to product requirements and on the effectiveness of the quality management system.
I must emphasise that these are proposed changes and not 'set in stone'.
The 2008 Standard is expected to be published in November 2008.
Labels: iso9001, quality management standard, Upgrade. 2008
Posted: Saturday, 29 December 2007
Auditing Top Management
Internal auditors are required to audit top management as part of both ISO9001 and ISO14001 Management systems and most auditors find this task difficult.
The questions that I am asked include:
The way to audit top management is to apply a code of conduct that cannot be misunderstood:
If you do all these thinks you will find that auditing top management is as easy as normal auditing.
The questions that I am asked include:
- If I criticise my boss, will it affect my future with the company;
- If I do not audit strictly enough will my boss think I am weak;
- If I audit too hard will my boss think me too pushy?
The way to audit top management is to apply a code of conduct that cannot be misunderstood:
- Make an appointment to audit your boss, giving ample time;
- Always arrive at the appointed time;
- Determine what you need to know;
- Prepare your questions in advance;
- Always be polite and do not raise your voice;
- Treat any non-conformity as a matter of fact and not a triumph over your boss;
- Remember that your boss may feel the necessity to justify any non-conformity and you should allow him/her time to state the reasons for this;
- Always agree where a non-conformity is present and do not get into a discussion if this cannot be substantiated;
- Do not allow your boss to take over the process; you are in control;
- And finally do not carry on the audit beyond the agreed time;
If you do all these thinks you will find that auditing top management is as easy as normal auditing.
Labels: Internal auditing, iso14001, iso9001
Posted: Wednesday, 19 December 2007
Information Security - AGAIN
The latest security lapse where the HMRC ( Her Majesty's Revenue and Customs Service) has 'lost' a CD containing names, addresses , NI numbers, dates of birth etc of up to 15,000 Standard Life customers has provided a new round of concerns about security of data. Apparently the disk, containing very useful information to identity thieves went missing while being transported from HMRC TO Standard Life Offices in Newcastle. Standard Life Customers have been warned to look out for any unusual activity in their financial accounts.
As we approach the season of goodwill it makes even more sense to guard against identity fraud and unauthorised transactions in credit cards and other banking areas. Copied or cloned credit cards, people watching as you enter pin numbers into 'Hole in the Wall cash machines' or just simple pickpockets taking a wallet or purse are just some of the ways that we can be relieved of our hard earned cash.
Make the run up to the festive season a poor one for thieves.
As we approach the season of goodwill it makes even more sense to guard against identity fraud and unauthorised transactions in credit cards and other banking areas. Copied or cloned credit cards, people watching as you enter pin numbers into 'Hole in the Wall cash machines' or just simple pickpockets taking a wallet or purse are just some of the ways that we can be relieved of our hard earned cash.
- Don't discard paper that has any personal or company details in the rubbish - shred all identifiable paper.
- Destroy all expired or replaced credit and debit cards. Cut into many pieces or put into a shredder (if it had the ability to shred credit cards)
- Don't respond to emails asking for user names and passwords - Banks never ask for this type of information in email.
Make the run up to the festive season a poor one for thieves.
Labels: company details, information security, personal
Posted: Sunday, 2 December 2007
0 Comments:
Post a Comment