IS09001 Quality Management Standards
In the UK there are some 6.6 million companies trading and of these over a million are certificated to ISO9001:2000. These companies have procedures and processes in place which are tested by independent certification bodies accredited by UKAS (The United Kingdom Accredited Service).
Companies certificated to ISO9001 have to provide evidence of their compliance to the standard.
This testing is repeated on a regular basis to ensure continued compliance.
Essentially, 9001 is a management system process to turn customer enquiries into customer satisfaction and provide information to the management of the company. The measure of customer satisfaction is an important one and must be measured in a proactive way. The absence of complaints is not a sure fire way of monitoring customer satisfaction; often dissatisfied customers will simply go elsewhere. The sad thing is that the company may never realise why customers do not return. The only way to find out how your customers perceive the quality of service they receive is to ASK them.
The other measures in 9001 are monitoring and measuring of processes and products which ensure that the resulting product (or service) really does meet requirements.
Nowadays 9001 is expected as an entry point for tenders; Government contracts often specify 9001 as a mandatory requirement. If companies do not have this, any submitted tender does not get past the starting gate.
One other point about 9001 certificated companies relates to survivability during tough times; 9001 are more likely to weather difficult times as they have documented and tested procedures in place to cope with problems.
Companies certificated to ISO9001 have to provide evidence of their compliance to the standard.
This testing is repeated on a regular basis to ensure continued compliance.
Essentially, 9001 is a management system process to turn customer enquiries into customer satisfaction and provide information to the management of the company. The measure of customer satisfaction is an important one and must be measured in a proactive way. The absence of complaints is not a sure fire way of monitoring customer satisfaction; often dissatisfied customers will simply go elsewhere. The sad thing is that the company may never realise why customers do not return. The only way to find out how your customers perceive the quality of service they receive is to ASK them.
The other measures in 9001 are monitoring and measuring of processes and products which ensure that the resulting product (or service) really does meet requirements.
Nowadays 9001 is expected as an entry point for tenders; Government contracts often specify 9001 as a mandatory requirement. If companies do not have this, any submitted tender does not get past the starting gate.
One other point about 9001 certificated companies relates to survivability during tough times; 9001 are more likely to weather difficult times as they have documented and tested procedures in place to cope with problems.
Labels: iso9001, Quality Management in Companies
Posted: Thursday, 10 January 2008
ISO9001 Quality Management Standard Upgrade - 2008
ISO9001 has been around now since 2000 and it is normal practise for Standards to be reviewed and updated every five years or so. This update is now overdue.
The PDCA model has been retained and one member of then committee said it should stand for 'Please don't change anything' rather than PLAN-DO-CHECK-ACT.
The ISO Committee has proposed that only minor changes should be incorporated into the 2008 update:
Clause 0.2 (Process approach)
Clause 4.2.3 (Document control)
Clause 4.2.4 (Records control)
Clause 5.5.2 (Management rep)
Clause 6.2.1 (Human resources)
Clause 6.3 (Infrastructure
Clause 6.4 (Work environment)
Clause 7.2.1 (Customer related processes)
Clause 7.3.1 (Design & development planning)
Clause 7.3.3(Design & development outputs)
Clause 7.5.4 (Customer property)
Clause 7.6 (Now retitled Control of Monitoring and Measuring equipment)
Clause 8.2.1 (Customer satisfaction)
Clause 8.2.3 (Monitoring / Measurement of process)
I must emphasise that these are proposed changes and not 'set in stone'.
The 2008 Standard is expected to be published in November 2008.
The PDCA model has been retained and one member of then committee said it should stand for 'Please don't change anything' rather than PLAN-DO-CHECK-ACT.
The ISO Committee has proposed that only minor changes should be incorporated into the 2008 update:
Clause 0.2 (Process approach)
- Text added to emphasize the importance of processes being capable of achieving desired outputs
Clause 4.2.3 (Document control)
- Clarification that only external documents relevant to the QMS need to be
controlled
Clause 4.2.4 (Records control)
- Editorial changes only (better alignment with ISO 14001)
Clause 5.5.2 (Management rep)
- Clarifies that this must be a member of the organization's own management
Clause 6.2.1 (Human resources)
- Clarification that competence requirements are relevant for any personnel who are involved in the operation of the quality management system
Clause 6.3 (Infrastructure
- Includes information systems as example
Clause 6.4 (Work environment)
- Clarifies that this includes conditions under which work is performed and includes, for example physical, environmental and other factors such as noise, temperature, humidity, lighting, or weather
Clause 7.2.1 (Customer related processes)
- Clarifies that post-delivery activities may include:
- Actions under warranty provisions
- Contractual obligations such as maintenance services
- Supplementary services such as recycling or final disposal
Clause 7.3.1 (Design & development planning)
- Clarifies that design and development review, verification and validation have distinct purposes
- These may be conducted and recorded separately or in any combination as suitable for the product and the organization
Clause 7.3.3(Design & development outputs)
- Clarifies that information needed for production and service provision includes preservation of the product
Clause 7.5.4 (Customer property)
- Explains that both intellectual property and personal data should be considered as customer property
Clause 7.6 (Now retitled Control of Monitoring and Measuring equipment)
- Explanatory notes added regarding the use of computer software:
"Confirmation of the ability of computer software to satisfy the intended application would typically include its verification and configuration management to maintain its suitability for use."
Clause 8.2.1 (Customer satisfaction)
- Note added to explain that monitoring of customer perception may include input from sources such as customer satisfaction surveys, customer data on delivered product quality, user opinion surveys, lost business analysis, compliments, and dealer reports
Clause 8.2.3 (Monitoring / Measurement of process)
- Note added to clarify that when deciding on appropriate methods, the organization should consider impact on the conformity to product requirements and on the effectiveness of the quality management system.
I must emphasise that these are proposed changes and not 'set in stone'.
The 2008 Standard is expected to be published in November 2008.
Labels: iso9001, quality management standard, Upgrade. 2008
Posted: Saturday, 29 December 2007
Auditing Top Management
Internal auditors are required to audit top management as part of both ISO9001 and ISO14001 Management systems and most auditors find this task difficult.
The questions that I am asked include:
The way to audit top management is to apply a code of conduct that cannot be misunderstood:
If you do all these thinks you will find that auditing top management is as easy as normal auditing.
The questions that I am asked include:
- If I criticise my boss, will it affect my future with the company;
- If I do not audit strictly enough will my boss think I am weak;
- If I audit too hard will my boss think me too pushy?
The way to audit top management is to apply a code of conduct that cannot be misunderstood:
- Make an appointment to audit your boss, giving ample time;
- Always arrive at the appointed time;
- Determine what you need to know;
- Prepare your questions in advance;
- Always be polite and do not raise your voice;
- Treat any non-conformity as a matter of fact and not a triumph over your boss;
- Remember that your boss may feel the necessity to justify any non-conformity and you should allow him/her time to state the reasons for this;
- Always agree where a non-conformity is present and do not get into a discussion if this cannot be substantiated;
- Do not allow your boss to take over the process; you are in control;
- And finally do not carry on the audit beyond the agreed time;
If you do all these thinks you will find that auditing top management is as easy as normal auditing.
Labels: Internal auditing, iso14001, iso9001
Posted: Wednesday, 19 December 2007
ISO9001 Quality Management System Myths
There are loads of myths concerning ISO9001 and most are perpetrated by those who are ignorant of the true facts, nevertheless I hear these repeated as though they were absolute gospel.
Here are just some of these:
ISO9001 is a bureaucratic system which requires a piece of paper for everything.
False. The system should work for the organisation and not the other way round. If set up correctly ISO9001 will prove highly beneficial. Paper heavy systems are really out of date.
Dictates how any business must be run.
False. The standard states that all businesses are different and that the standard should be adapted to fit the business and not be prescriptive so that the business has to fit the standard. However the main elements are parts of any good practice system and there is no 'Rocket Science' involved.
Inflexible system.
False. If correctly set up the system will allow for unexpected events and can be as flexible as you need it to be.
Directors only must sign off all released work.
False. It is usual for identified job functions to release work but these do not have to be Directors. Most good systems will allow deputies to release work if the primary release person is unavailable.
Costs a fortune to set up and run.
False. The actual assessment and certification fees vary between certification bodies and of course the size of your company but these can be very reasonable.
As far as setting up your system, you could do it yourself. It could be more effective in the longer term to employ the services of a qualified consultant who will utilise best practice.
Requires huge quality manuals.
False. The days when manuals filled a bookcase and were almost too heavy to lift are long gone
Requires procedures for everything.
False. The standard specifies only six mandatory procedures;
Documents control, control of records, internal audit, Control of Non-conforming product/service, Corrective action & preventive action. Most businesses will have other process orientated elements documented but these are decided by the management of the business
You can produce faulty products and still meet ISO9001 provided you do it all the time.
False. Customer satisfaction is a primary measure. Poor quality products would mean dissatisfied customers and not meet ISO9001
Does not allow for quick turnaround of urgent work.
False. ISO9001 does not hinder fast turnaround of orders, in fact it ensures that records are kept to show what has been done and when
Must answer a phone by the third ring.
False. There is no mention of this in ISO9001. Some call centres have this as a requirement but it is certainly not specified in the standard.
The standard says "Say what you do - do what you say and prove it".
True. The standard uses the PDCA model - Plan, Do, Check, Act.
Most good businesses are already doing most of the requirements of ISO9001.
True. Enough said?
Here are just some of these:
ISO9001 is a bureaucratic system which requires a piece of paper for everything.
False. The system should work for the organisation and not the other way round. If set up correctly ISO9001 will prove highly beneficial. Paper heavy systems are really out of date.
Dictates how any business must be run.
False. The standard states that all businesses are different and that the standard should be adapted to fit the business and not be prescriptive so that the business has to fit the standard. However the main elements are parts of any good practice system and there is no 'Rocket Science' involved.
Inflexible system.
False. If correctly set up the system will allow for unexpected events and can be as flexible as you need it to be.
Directors only must sign off all released work.
False. It is usual for identified job functions to release work but these do not have to be Directors. Most good systems will allow deputies to release work if the primary release person is unavailable.
Costs a fortune to set up and run.
False. The actual assessment and certification fees vary between certification bodies and of course the size of your company but these can be very reasonable.
As far as setting up your system, you could do it yourself. It could be more effective in the longer term to employ the services of a qualified consultant who will utilise best practice.
Requires huge quality manuals.
False. The days when manuals filled a bookcase and were almost too heavy to lift are long gone
Requires procedures for everything.
False. The standard specifies only six mandatory procedures;
Documents control, control of records, internal audit, Control of Non-conforming product/service, Corrective action & preventive action. Most businesses will have other process orientated elements documented but these are decided by the management of the business
You can produce faulty products and still meet ISO9001 provided you do it all the time.
False. Customer satisfaction is a primary measure. Poor quality products would mean dissatisfied customers and not meet ISO9001
Does not allow for quick turnaround of urgent work.
False. ISO9001 does not hinder fast turnaround of orders, in fact it ensures that records are kept to show what has been done and when
Must answer a phone by the third ring.
False. There is no mention of this in ISO9001. Some call centres have this as a requirement but it is certainly not specified in the standard.
The standard says "Say what you do - do what you say and prove it".
True. The standard uses the PDCA model - Plan, Do, Check, Act.
Most good businesses are already doing most of the requirements of ISO9001.
True. Enough said?
Labels: information security, information security system, iso9001, Myths management, Quality
Posted: Sunday, 21 October 2007
ISO9001 Certification or Not
Many organisations put a quality management system into place but don't go forward to formal certification. This is usually due to the fear of failure and of course cost.
The advantages of formal certification are many:
Systems that are not formally certified tend to drift over time. It is often the case that the system will deteriorate and the people involved with the quality management system are so close to it that they don't actually see the downward trend.
Where formal certification is used there is always a degree of uncertainty about the regular surveillance visits: "What will the assessor find?", "Will he/she still recommend continuing certification?"
It is this regular routine that ensures that the system retains that edge and still meets the needs of the organisation.
When all is said and done, the organisation wants to see some benefits from a quality management system and this can only really be achieved by third party certification.
The advantages of formal certification are many:
- An independent verification of the organisation's quality arrangements;
- Formal recognition, that is accepted world-wide;
- Continuing checks that the system is still valid;
- Requires evidence of continual improvement.
Systems that are not formally certified tend to drift over time. It is often the case that the system will deteriorate and the people involved with the quality management system are so close to it that they don't actually see the downward trend.
Where formal certification is used there is always a degree of uncertainty about the regular surveillance visits: "What will the assessor find?", "Will he/she still recommend continuing certification?"
It is this regular routine that ensures that the system retains that edge and still meets the needs of the organisation.
When all is said and done, the organisation wants to see some benefits from a quality management system and this can only really be achieved by third party certification.
Labels: iso9001, Management, Quality, System
Posted: Friday, 21 September 2007
ISO09001 vs ISO027001
ISO9001
What is ISO9001?
- A Quality Management system for turning customer requirements into customer satisfaction.
- Provides the mechanism for continual improvement.
- A set of common sense guidelines for running a successful business.
What are the benefits of ISO9001 Registration?
- Internationally recognised quality mark
- Certificates awarded by independent accredited organisations.
- Customers do not have to do their own checks on a supplier.
How many ISO9001 Certificates have been issued?
Over 1 million worldwide.
The Model for ISO9001
What is covered by ISO9001?
BS EN ISO 9001:2000 requires 5 main sections to be addressed, these are:
- Quality Management System;
- Management Responsibility;
- Resource Management;
- Product Realisation;
- Measurement, Analysis and Improvement
Each section is subdivided as required and covers all elements of the business having an impact on quality.
ISO27001
What is ISO27001?
- An Information Security Management System for protecting customer information and data from unauthorised disclosure.
- Confidentiality, Integrity and Availability
- Risk assessment and management
- Access controls and computer security
- Protection of hardware and software assets
- Business continuity management and disaster recovery
What are the benefits of ISO7001 Registration?
- Internationally recognised Information Security Mark.
- Certificates awarded by independent, accredited organisations.
- 3rd Party assurance of information security credentials.
How many ISO27001 Certificates have been issued?
Under 4000 worldwide (includes BS7799 certificates)
The Model for ISO27001
What is covered by ISO 27001?
ISO27001 requires 5 main sections to be addressed, these are:
- Management Responsibility;
- Internal ISMS Audits;
- Management Review;
- ISMS Improvement
Correlation between ISO9001 and ISO27001
How long does it take to obtain certification?
This obviously varies from organisation to organisation, but the prime requirement is that the organisation must have three months of 'track record' from completion of the document set.
As a rough guide, ISO9001 can be achieved in about 6 months while ISO27001 takes about 12-18.
What documentation is needed?
A Quality & ISMS manual and procedures/processes for operating the systems.
Once certificates are issued what happens next?
The certification authority will carry out surveillance visits each year to ensure continued compliance.
Posted: Sunday, 9 September 2007
Why is ISO 9001 so Successful?
The Quality Management Standard ISO9001 is the worlds most recognisable standard, with approaching 1,000,000 certificates issued in 130 countries this is a truly global standard.
The standard requires an organisation to turn customer requirements into customer satisfaction; something we all aim to do, but those achieving the required level are awarded a certificate of conformance, declaring this fact to the world.
Most organisations claim to be the best, the quickest, the most cost effective, etc, but an endorsement by a third party often carries more weight. This is where ISO9001 scores highly.
ISO, The International Organisation for Standardisation is a non governmental body whose country members are permitted to issue certificates. In this country there are some 268 bodies permitted to issue certificates and are accredited by UKAS, The United Kingdom Accreditation Service. Certificates issued by an accredited body have the distinctive CROWN and TICK logo next to that of the certification body.
There are a number of non-accredited bodies issuing certificates, unfortunately these certificates are recognised only by the issuing authority and are often worthless as a reference. The certificate is usually issued after a very short time frame and is essentially a receipt for monies paid rather than proof of conformance.
Achieve recognition from a UKAS approved body.
The standard requires an organisation to turn customer requirements into customer satisfaction; something we all aim to do, but those achieving the required level are awarded a certificate of conformance, declaring this fact to the world.
Most organisations claim to be the best, the quickest, the most cost effective, etc, but an endorsement by a third party often carries more weight. This is where ISO9001 scores highly.
ISO, The International Organisation for Standardisation is a non governmental body whose country members are permitted to issue certificates. In this country there are some 268 bodies permitted to issue certificates and are accredited by UKAS, The United Kingdom Accreditation Service. Certificates issued by an accredited body have the distinctive CROWN and TICK logo next to that of the certification body.
There are a number of non-accredited bodies issuing certificates, unfortunately these certificates are recognised only by the issuing authority and are often worthless as a reference. The certificate is usually issued after a very short time frame and is essentially a receipt for monies paid rather than proof of conformance.
Achieve recognition from a UKAS approved body.
Labels: iso, iso9001, quality management standard, ukas
Posted: Wednesday, 7 March 2007
0 Comments:
Post a Comment