|
What does ISO9000 mean?
|
|
SABS ISO9000 QUALITY
MANAGEMENT SYSTEM AND WHAT IT MEANS
By definition "A quality system is the organizational
structure, procedures, processes and resources needed to implement quality
management".
What are the advantages of a Documented Quality Management System?
What are the disadvantages of a Documented Quality Management System?
What is ISO? The International Organization
for Standardization (ISO) is a worldwide federation of national standards bodies from
some 100 countries, one from each country. This means it is an international group of
organisations, each one governing standards in their own country. Where does SABS come into it? The South African Bureau of Standards (SABS) is a member body of ISO. A member body of ISO is the national body "most representative of standardization in its country". It follows that only one such body for each country is accepted for membership. The member bodies have four principal tasks:
The SABS adapts various international standards for our local environment. In the case of the ISO9000 family of standards, they have been adopted virtually word for word. Only the words "International Standard(s)" have been replaced with "code(s) of practice", and a cover page, notice, national forward and committee list have been added. What are the ISO9000 series of standards? The ISO 9000 series is a set of five individual, but
related, international standards on quality management and quality assurance. They are
generic i.e. not specific to any particular products or services. They can be used by
manufacturing and service industries alike. These standards were developed to effectively
document the quality system elements to be implemented in order to maintain an efficient
quality system in a company. The ISO 9000 Series standards do not themselves specify the
technology to be used for implementing quality system elements. These external audits, as well as an in-built system for
corrective action, ensure that ISO9000 systems are in a continual state of improvement. ISO 9001, 9002, and 9003 are quality system models for external quality assurance. These three models are actually successive subsets of each other.
These three models were developed for use in contractual
situations such as those between a customer and a supplier. These models are requirements
that must be fulfilled for registration of compliance (a certificate that is issued to
certify that your organisation complies with the requirements of whichever model was
selected above). What does ISO 9001 mean to us? This standard is primarily aimed at achieving customer
satisfaction by preventing non-conformity (failures) at all stages from design through
production to servicing of all services that are rendered. This includes project
management, risk analysis, change control, quality assurance, contract management,
tendering, procurement, software development, training, etc that has an effect on the
quality of service that is delivered. What are the basic steps to implement such a system? 1. MANAGEMENT COMMITMENT As with all quality initiatives - management leadership is
essential. Management with executive responsibility must define and document its policy
for quality, including their objectives for quality and their commitment to quality. They
must also participate in the process. A Management Representative is appointed and will
guide each part of the organisation through the following steps. A quality plan must be formulated outlining the requirements for ISO9000. The plan and the need for quality must be marketed within the organisation. This step involves obtaining support from the organisation to implement the quality system. We formulated a policy for quality and submitted it to our entire middle and senior management for input. Thereafter it was signed by our CEO and marketing actions took place via our internal magazine, our company intranet and via personal presentations. A policy statement was also created in poster format and will be put up in prominant places. 3. ASSESS THE CURRENT SITUATION Determine :-
4. DETERMINE NEEDS
5. PREPARE A PLAN Develop an implementation plan with roles,
responsibilities, deliverables, timelines and budget. Conduct frequent review meetings to determine progress. Did the outcome meet the business expectations? Management
reviews are held at predetermined intervals to evaluate the quality system, the
organisation's conformance to the quality system and the organisation's stated quality
policy and objectives. Quality audits are conducted continuously throughout the
organisation to determine conformance to requirements. Part of the requirements are
corrective action, preventative action, process improvement, record keeping, etc. The
results of these audits and action taken are reviewed by executive management during the
management reviews. These form the basis and input for improvement of the quality system. What are the clauses under ISO9001 that must be complied with? The ISO9001 code of practice is broken up into 20 main clauses which describe in detail what is required for registration. In the code of practice they are numbered from 4.1 through to 4.20. Which clauses must actually be adhered to depends upon which code of practice is being complied with (ISO9001 requires that ALL clauses are adhered to). The clauses are:
What does each clause mean? Consideration must be given to each clause when establishing the quality system and drawing up procedures. 4.1 Management
Responsibility defines management's responsibility in
the quality system. It stipulates that this policy must be understood, implemented and
maintained at all levels of the organisation. It requires that responsibility and
authority is documented, resources are made available, a management representative is
appointed, and that management reviews will be conducted. 4.2 The clause dealing with the Quality System
defines what must be considered concerning the compilation of the quality system and
quality manual. These are a way to ensure that your products and services conform to what
you specify or say they will. The range and detail of the system and manual will depend on
the complexity of work performed, the methods used, and the skills and training needed by
the personnel involved in carrying out the tasks. 4.3 Contract
Review covers the considerations when accepting any
work or tendering for a contract. In other words, before you accept any task or project,
what steps must you go through to ensure that you can actually deliver what you promise to
deliver. This covers review, amendments and record keeping. For example if you receive a
request for the printing of posters, you must ensure that your client has requested
clearly what is required in writing. If not, what procedures will you follow. Can you meet
those requirements and deadlines. If not, how will you resolve them. If a contract is
changed, what procedures will befollowed and how will you inform the people doing the
work. 4.4 Design
Control covers the considerations made during the
design process. This will be applicable for business units carrying out design activities
such as software development, network design, manufacturing, etc. They will look at
unintended uses and misuses, ability to perform under expected conditions, validation of
the design through prototyping, acceptance criteria, benign (mild) failure and fail-safe
characteristics, installability, ease of assembly, storage needs, shelf-life,
disposability, etc. 4.5 Documentation and Data Control controls the keeping of documentation, documentation authorisation, changes to documentation, document distribution and their withdrawal from circulation. It must be determined for each area of work, who may authorise documents, how will they be issued, how will different versions be identified, how will the use of unauthorised documents be prevented or old documents not be mistakenly used. You must also ensure that all documents that are relevant to a particular function are readily available to employees who perform that work. You must also determine the processes to be followed when making changes to documents and who may authorise such changes. This clause covers all documentation that effects the final quality of your products or services. For example, if you have a standard or specification for setting up Windows 95 PC's, you must ensure the following:
4.6 Purchasing covers any subcontracted service, product, software, etc that is
used by the organisation. It includes procedures for evaluating and selecting
subcontractors, the type and extent of control over them, maintaining a list of approved
subcontractors, standards to be achieved, etc. You must have procedures in place to say
how you will evaluate sub-contractors and how you will supervise their work, how you will
inspect what you receive from them when they deliver equipment or software. You must also
clearly describe to them what services and products are required from them. For example,
in the case of new PC's being delivered you would stipulate who will inspect and test
them, and how they must do this. It is up to you to say who and how it will be done, but
then you must carry these procedures out. Remember that during these processes, records
must be generated by means of checklists, signed receipts, etc and these are then checked
during audits to ensure the work was actually done. 4.7 Control
of Customer Supplied Product means where a customer
supplies something as an input for one of your processes, the item must be stored,
preserved, and checked. If any damages or losses are incurred, they must be accounted for.
Take for example where a PC is handed in for repairs. This is a product given to you by
the customer upon which you perform a service (repair). You must have procedures to say
how you will receive that PC, who receives it, how is it inspected for damage upon
receiving, where do you store it, what do you do if it is lost or damaged, etc. The same
goes for software that is provided to you by a customer to load on his/her PC. You cannot
just accept someone's PC to later find that it was damaged before you received it; or
where you lose it and deny that you ever received it. 4.8 Product
Identification and Traceability stipulates that, where
appropriate, a product (by definition this includes employees receiving training as they
are seen as "products" upon which you perform a service - training!) will be
marked and identified throughout its process from design, manufacture, delivery and
installation. Our organisation already requires that all valuable equipment must be
suitably marked and if there is a serial number, it must be recorded. We therefore
identify these items that should be so marked and recorded. If our training unit decides
that all students will wear name tags so that they can be identified and their test
results be verified as belonging to those persons, then they will lay down procedures for
this. If all jobs must have an job card number and the job card attached to all equipment
being repaired until it is returned to its owner, then procedures with responsibilities
must be laid down for this. 4.9 Process
Control says that where a process may directly effect
quality, the process must be carried out under controlled conditions. These may include
documented procedures, using certain tools (software or hardware), monitoring, approval
during process, standards to be achieved, stipulated maintenance, certain qualifications
by the operator, etc. For example if benchmarking tests must be carried out at a certain
temperature and not in a multitasking environment, then procedures are laid down for this.
If a LAN must be tested by our networks unit, a procedure may be specified by them to say
that only a calibrated LAN tester performing to a certain standard may be used. 4.10 Inspection
and Testing is carried out when a "product"
is received, during processing and after it is completed. Procedures are put in place to
control this and they also deal with exceptions and the keeping of records of these tests
and inspections. For example you could require that all new LAN cards that are received
must be tested. Our networks unit could also require that after any LAN installation is
completed, it is tested using a LAN tester and that the LAN must comply with a standard
that they specify. It must also be specified under what conditions a product or service
can be accepted that does not conform to standards, and in these cases, what is done with
them. 4.11 The Control
of Inspection, Measuring and Test Equipment clause
includes procedures to control, maintain, calibrate any equipment that is used to carry
out tests and inspections. This will include any software used for benchmarking, etc to
ensure consistency. Here, our networks unit could require that their LAN testers are
recalibrated at intervals which they specify. They will then also say who must carry these
tests out, and how they must be tested. They will also specify what records (quality
records such as checklists or test reports) are kept to prove the tests were carried out. 4.12 Inspection
and Test Status ensures that any "products"
that are tested are clearly marked so as to indicate their results after testing. This
ensures that only those "products" which passed the tests are released. If, for
example, all new PC's being delivered to us must be tested, how do we mark those that do
not pass the test. This must be done to ensure that we can deliver a service to our
clients with confidence knowing that it has been done properly. Another example would be
for students receiving training. If one of them fails, we must ensure that we know who it
is so that we can retrain them. If we receive a number of PC's for repair, we must know
which have just been brought in and which are ready to go out after having been repaired.
Otherwise we run the danger of telling a customer their PC is ready for collection while
its status is actually that it has not yet been repaired. 4.13 The Control
of Non-Conforming Product clause ensures that those
products or services that do not meet the specified requirements are prevented from
unintended use or installation. These procedures will govern marking of such
"products", separating them from conforming ones, and how they will be disposed.
They can be disposed by reworking, accepting with fault, regrading, or scrapping. This
clause also calls for the record keeping of such non-conformances. These records are
important so that we can develop strategies to prevent these occurrences in the future or
impose penalties on suppliers. For example, we must have a procedure saying that all
faulty LAN cards are put in a marked box so that they are not unintentionally used again.
The procedure will also say what will be done with those faulty cards. 4.14 Corrective
and Preventive Action must be covered in documented
procedures. These actions must be appropriate to the magnitude of the problem. The
procedures must cover what records are kept, who is responsible for reporting, who manages
the action, what steps must be carried out, what controls are in place to ensure the
actions are effective. These actions are initiated by complaints from customers regarding
bad service or products delivered by us, or where our own people identify problems with
processes, products or our quality system. These records are kept to prevent the
"fire-fighting", by ensuring that steps are taken to prevent them happening
again. Information gained here is submitted to regular management reviews. Only processes
are identified for corrective action, not people. People problems are dealt with as normal
management problems. The quality management system is intended to refine, tune and improve
processes only. 4.15 Handling,
storage, packing, preservation and delivery of products
is covered by this clause. Authorisation to put products in and out of stores must be
specified, the manner they are packed and handled must be specified, etc. For example, we
may stipulate that all PC's, after being repaired, will be cleaned and wrapped in plastic
before being delivered to the customer's workplace. The networks unit may specify that all
LAN cards are wrapped in non-static bubble plastic and stacked horizontally in boxes. Our
software development unit may stipulate that backup copies of all software source code
must be stored on stiffy discs in a fire-proof safe. Our user support unit may say that
all PC's being transported must be strapped on to a trolley provided for that purpose. Our
logistical stores unit may say that PC's may not be stacked higher than 7 on top of each
other to prevent damage. 4.16 Control
of quality records is covered by this clause and says
that we must stipulate how we will identify, collect, store, access and dispose of these
records. These records are all those records generated by us as we work, for example,
calibration results of LAN testers, signed receipts for equipment delivered, checklists
for tests conducted, training records, results of internal audits, etc. These records are
required to demonstrate conformance to the specified requirements and to show the
effective operation of the quality system. These records are not only paper copies but
also can include electronic media as well such as program audit trails, etc. In a nutshell
a quality management system means: "Say what you are going to do, Do what you Say,
Prove that you did it". Quality Records are the documented proof that it was done
correctly. 4.17 Internal
quality audits must be properly carried out according
to documented procedures and performed according to a plan. They are inspections carried
out by persons at the organisation who are independent from the functions or processes
being audited. These audits are carried out to verify whether quality activities and their
results comply with the planned arrangements and to determine the effectiveness of the
quality system. Results of these audits must be recorded and brought to the attention of
the personnel performing the work. Follow up audits are carried out to ensure the
effectiveness of corrective action. These results form an integral part of the management
reviews. 4.18 Training is covered by this clause which stipulates that documented
procedures must exist for identifying training needs and the provision of training. It
also stipulates that for specific tasks that we identify, the people performing them must
have a certain level of training, education and/or experience which we must also
determine. Records must also be kept of all training. 4.19 Where servicing is a specified requirement we
must have documented procedures to prove that it has been carried out correctly. For
example, the UPS's (Uniterruptable Power Supplies) that we use must be serviced at certain
intervals, certain of our PABX (Private Telephone Exchanges) equipment must be serviced,
etc. 4.20 The need for statistical techniques must be identified
for establishing, controlling and verifying our process capability and product
characteristics. For example, if we decide that to monitor our capability we need to
determine each month what our average response time was to repair faults then we must
document these procedures along with the acceptable minimum or maximum results. Their must
be procedures to verify and control these statistics. Conclusion As can be seen from the complexity of the above article on this subject, it is no easy task to tackle. It cannot be expected from each person to be an expert on the quality system, nor can it be expected for the Quality Management Function to write procedures for everyone. Each person is considered an expert at their own work and it was expected of each of them to establish and maintain their own procedures for the work they know so well. The crux of a Quality Management System is: "Say what you are going to do, Do what you Say, and Prove that you did it". The purpose is not necessarily to change the way people do things, but to rather provide a structured and risk free manner of seeking and implementing process improvement, and to provide a consistantly good qulaity of service to your customers. None of these opinions in any way reflect those of my employer. These pages are entirely private. |