Demonstrating conformity with ISO 9001:2008

Demonstrating conformity with ISO 9001:2008
For organizations wishing to demonstrate conformity with the requirements of ISO 9001:2008, for the purposes of certification/registration, contractual, or other reasons, it is important to remember the need to provide evidence of the effective implementation of the QMS.
Organizations may be able to demonstrate conformity without the need for extensive documentation.
To claim conformity with ISO 9001:2008, the organization has to be able to provide objective evidence of the effectiveness of its processes and its quality management system. Clause 3.8.1 of ISO 9000:2005 defines “objective
evidence” as “data supporting the existence or variety of something” and notes that “objective evidence may be obtained through observation, measurement, test, or other means.”
Objective evidence does not necessarily depend on the existence of documented procedures, records or other documents, except where specifically mentioned in ISO 9001:2008. In some cases, (for example, in clause 7.1(d)
Planning of product realization, and clause 8.2.4 Monitoring and measurement of product), it is up to the organization to determine what records are necessary in order to provide this objective evidence.
Where the organization has no specific internal procedure for a particular activity, and this is not required by the standard, (for example, clause 5.6 Management Review), it is acceptable for this activity to be conducted using as a basis the relevant clause of ISO 9001:2008. In these situations, both internal and external audits may use the text of ISO 9001:2008 for conformity assessment purposes.

Guidance on Clause 4.2 of ISO 9001:2008

Guidance on Clause 4.2 of ISO 9001:2008
The following comments are intended to assist users of ISO 9001:2008 in understanding the intent of the general documentation requirements of the International Standard.
a) Documented statements of a quality policy and objectives:
Requirements for the quality policy are defined in clause 5.3 of ISO 9001:2008. The documented quality policy has to be controlled according to the requirements of clause 4.2.3.
Note: Organizations that are revising their quality policy for the first time, or in order to meet the amended requirements in ISO 9001:2008, should pay particular attention to clause 4.2.3 (c), (d) and (g).
Requirements for quality objectives are defined in clause 5.4.1 of ISO 9001:2008. These documented quality objectives are also subject to the document control requirements of clause 4.2.3.
b) Quality Manual:
Clause 4.2.2 of ISO 9001:2008 specifies the minimum content for a quality manual. The format and structure of the manual is a decision for each organization, and will depend on the organization’s size, culture and complexity. Some organizations may choose to use the quality manual for other purposes besides that of simply documenting the QMS
A small organization may find it appropriate to include the description of its entire QMS within a single manual, including all the documented procedures required by the standard.
Large, multi-national organizations may need several manuals at the global, national or regional level, and a more complex hierarchy of documentation.
The quality manual is a document that has to be controlled in accordance with the requirements of clause 4.2.3.
c) Documented procedures:
ISO 9001:2008 specifically requires the organization to have “documented procedures” for the following six activities:
4.2.3 Control of documents
4.2.4 Control of records
8.2.2 Internal audit
8.3 Control of nonconforming product
8.5.2 Corrective action
8.5.3 Preventive action
These documented procedures have to be controlled in accordance with the requirements of clause 4.2.3 Some organizations may find it convenient to combine the procedure for several activities into a single documented procedure (for example, corrective action and preventive action). Others may choose to document a given activity by using more than one documented procedure (for example, internal audits). Both are acceptable.
Some organizations (particularly larger organizations, or those with more complex processes) may require additional documented procedures (particularly those relating to product realization processes) to implement an effective QMS.
Other organizations may require additional procedures, but the size and/or culture of the organization could enable these to be effectively implemented without necessarily being documented. However, in order to demonstrate compliance with ISO 9001:2008, the organization has to be able to provide objective evidence (not necessarily documented) that its QMS has been effectively implemented.
d) Documents needed by the organization to ensure the effective planning, operation and control of its processes:
In order for an organization to demonstrate the effective implementation of its QMS, it may be necessary to develop documents other than documented procedures. However, the only documents specifically mentioned in ISO 9001:2008 are:
- Quality policy (clause 4.2.1.a)
- Quality objectives (clause 4.2.1.a)
- Quality manual (clause 4.2.1.b)
There are several requirements of ISO 9001:2008 where an organization could add value to its QMS and demonstrate conformity by the preparation of other documents, even though the standard does not specifically require them. Examples
may include:
- Process maps, process flow charts and/or process descriptions
- Organization charts
- Specifications
- Work and/or test instructions
- Documents containing internal communications
- Production schedules
- Approved supplier lists
- Test and inspection plans
- Quality plans
All such documents have to be controlled in accordance with the requirements of clause 4.2.3 and/or 4.2.4, as applicable
e) Records:
Examples of records specifically required by ISO 9001:2008 are presented in Annex B.
Organizations are free to develop other records that may be needed to demonstrate conformity of their processes, products and quality management system.
Requirements for the control of records are different from those for other documents, and all records have to be controlled according to those of clause 4.2.4 of ISO 9001:2008.

Quality Planning

Whenever the term “product” is used within the ISO 9001 standard, it refers to both tangible goods and intangible services. The ISO 9001 standard is meant to be generic which means that it is suitable for all kinds of organization, whether commercial or otherwise. The purpose of the quality management system model that is being propagated by the standard is the fulfillment of customer requeirements and expectations in order to induce high levels of customer satisfaction. An unsatisfied customer is essentially a customer whose requirements or needs, and expectations of the level of services being granted upon him/her have not been met. We are all customers because we buy products all the time. So we know what it means to be a dissatisfied customer. The common reaction is to never to go back to that seller and look for other alternatives. A successful organization is one which understands what it takes to meet customer requirements in order to satisfy their needs and expectations. A specific process is thus necessary to resolve any customer complaint or dispute. This process should be geared towards satisfying the customer’s needs and expectations. The parameters of this process should be referenced from the terms of the sale and purchase. This is why it is necessary to review the customer’s requirements before committing to the sales contract. It is necessary that the customer understands what he/she is paying for and it is equally necessary for the organization to understand what it is supposed to deliver. When your organization has these processes in place, then the only thing to do next is to continually measure the effectiveness and subsequently take actions to continually improve the whole process.

ISO 9001 Standards Software

ISO 9001 Standards Software
Companies that need quality management systems realize that products like ISO 9001 software are important tools to insure their product safety, consistency and profitability. Using ISO 9001 software can help guarantee that any company can monitor productivity, customer satisfaction and product quality with reports that contain solid information.
This information is now vital to management in order for maximum efficiency in any industry. This is why ISO 9001 software is vital to any sized company. Continuous improvement means continuous profitability. Here are just a few reasons why:
o Companies increase sales because of better performance, quality, and delivery. This propels you ahead of your competition.
o ISO 9001 software helps retain employees and attract more highly qualified employees because they are assured of a controlled and consistent work environment.
o The experience of a more professional workplace boosts employee morale.
o Reduced operating costs dramatically increase your company’s productivity, leading to higher profitability.
o Customer satisfaction and higher profitability expand your market share and demand for your consistently higher product quality.
o When you’re compliant or certified to the appropriate standard, the businesses that work with you know that quality objectives, continuous improvement, and customer satisfaction are your goals.
Many companies require that their suppliers are ISO 9001 compliant; therefore, once you’re certified, your opportunities increase. ISO 9001 software has be utilized and has developed experience of helping manufacturing, service, and distribution organizations to be more efficient and more profitable through continuous improvement programs. We help you to implement the time-tested methods of continuous improvement to measure performance, analyze data, and apply the appropriate process changes. This includes using ISO 9001 software.
ISO 9001 software also offers a suite of modules to enable you to manage the document management and ISO 9001 Compliance Management process. These modules enable complete transparent system measurement with targeted action items ensuring all persons are notified of tasks and carry them out in a prompt and efficient manner. ISO 9001 software provides training in there software and also bring extensive experience in implementing the ISO 9001 software in various environments.

ISO 14001 And The Environment

The ISO 14000 family of International Standards on environmental management is a relative newcomer to ISO’s portfolio – but enviroment-related standardization is far from being a new departure for ISO.
In fact, ISO has two-pronged approach to meeting the needs of business, industry, governments, non-governmental organizations and consumers in the field of the environment.
On the one hand, it offers a wideranging portfolio of standardized sampling, testing and analytical methods to deal with specific environmental challenges. It has developed more than 350 International Standards (out of a total morethan 12000) for the monitoring of such aspects as the quality of air, water and soil. These standards are means of providing business and government with scientifically valid data on the environmental effects of economic activity.
They also serve in a number of countries as the technical basis for environmental regulations.
ISO is leading a strategic approach by developing environmental management system standards that can be implemented in any type of organization in either public or private sectors (companies, administration, public utilities). To spearhead this strategic approach, ISO establish a new technical commitee, ISO /TC 207, Environmental management, in
1993. This followed ISO’s successful pioneering experience in management system standardization with the ISO 9000 series for quality management.
ISO’s direct involvement in environmental management stemmed from an intensive consultation process, carried out within the framework of a Strategic Advisory Group on Environment (SAGE),set up in 1991, in which 20 countrie, 11 international organizations and more than 100 environmental experts participated in defining the basic requirements of a new approach to environment-related standards.
This pioneering work was consolidated with ISO’s commitment to support the objective of “sustainable development” dicussed at the United Nations Conference on Environment and Development in Rio de Janeiro in 1992.
Today, delegations of business and government experts from 55 countries have participate actively within TC 207,
and another 16 countries have observer status. These delegations are chosen by the national standars institute concerned and they are required to bring to TC 207 a national consensus on issue being addressed by the commitee.
This national consensus is derived from a process of consultation with interested parties.
From its beginning, it was recognized that ISO/TC 207 should have close cooperation with ISO/TC 176, Quality management and quality assurance, in the areas of management systems, auditing and related terminology. Active efforts are under way to ensure compatibility of ISO environmental management and quality management standards, for the benefit of all organizations wishing to implement them.

ISO 9000 and ISO 14000 in plain language

Both “ISO 9000” and “ISO 14000” are actually families of standards which are referred to under these generic titles for convenience. Both families consist of standards and guidelines relating to management systems, and related supporting standards on terminology and specific tools, such as auditing (the process of checking that the management systemconforms to the standard).
ISO 9000 is primarily concerned with “quality management“. In the everyday context, like “beauty”, everyone may have his or her idea of what “quality” is. But, in the ISO 9000 context, the standardized definition of quality refers to all those features of a product (or service) which are required by the customer. “Quality management” means what the organization does to ensure that its products or services satisfy the customer’s quality requirements and comply with any regulationsapplicable to those products or services.
ISO 14000 is primarily concerned with “environmental management”. In plain language, this means what the organization does to minimize harmful effects on the environment caused by its activities.
In addition, both ISO 9000 and ISO 14000 require organizations that implement them to improve their performance continually in, respectively, quality and environmental management.
Both ISO 9000 and ISO 14000 concern the way an organization goes about its work, and not directly the result of this work. In other words, they both concern processes, and not products – at least, not directly. Nevertheless, the way in which the organization manages its processes is obviously going to affect its final product.
In the case of ISO 9000, the efficient and effective management of processes is, for example, going to affect whether or not everything has been done to ensure that the product satisfies the customer’s quality requirements. In the case of ISO 14000, the efficient and effective management of processes is going to affect whether or not everything has been done to ensure a product will have the least harmful impact on the environment, at any stage in its life cycle, either by pollution, or by depleting natural resources.
However, neither ISO 9000 nor ISO 14000 are product standards. The management system standards in these families state requirements for what the organization must do to manage processes influencing quality (ISO 9000) or the processes influencing the impact of the organization’s activities on the environment (ISO 14000). In both cases, the philosophy is that management system requirements are generic. No matter what the organization is or does, if it wants to establish a quality management system or an environmental management system, then such a system has a number of essential features which are spelled out in the relevant ISO 9000 or ISO 14000 standards.

ISO 9001:2008 Requirements – QMS

ISO 9001:2008 Requirements – Quality Management System
Establish, document, implement, and maintain a quality management system. Continually improve its effectiveness in accordance with ISO 9001 requirements. Implement the system to:? Determine processes needed for the quality management system (and their application throughout the organization)? Determine process sequence and interaction? Determine criteria and methods for process operation and control? Ensure resources and supporting information are available? Monitor, measure where applicable, and analyze these processes? Implement actions to achieve planned results and continual process improvementManage these processes in accordance with ISO 9001 requirements. Define the type and extent of control applied to any outsourced processes that affect product conformity to requirements.NOTE 1: Processes needed for the quality management system include the processes for management activities (see 5), provision of resources (see 6), product realization (see 7), and measurement, analysis, and improvement (see 8).NOTE 2: An outsourced process is a process the organization needs for its quality management system, and which the organization chooses to have performed by an external party.NOTE 3: Ensuring control over outsourced processes does not absolve your organization of the responsibility to conform to all customer, statutory, and regulatory requirements. The type and extent of control applied to an outsourced process can be influenced by factors such as:? Potential impact of the outsourced process on your organization’s capability to provide product that conforms to requirements? Degree to which the control for the process is shared? Capability of achieving the necessary control through the application of 7.4

ISO 9001:2008 Requirements – Documentation Requirements

ISO 9001:2008 Requirements – Documentation Requirements
Include in the quality management system documentation:? Documented statements of a quality policy and quality objectives? A quality manual? Documented procedures and records required by ISO 9001? Documents and records determined by the organization to be necessary for the effective planning, operation, and control of its processesNOTE 1: Where “documented procedure” appears within the Standard, this means that the procedure is established, documented, implemented, and maintained. A single document may address the requirements for one or more procedures. A requirement for a documented procedure may be covered by more than one document.NOTE 2: The extent of the quality management system documentation can differ from one organization to another due to:? Size of the organization and type of activities? Complexity of processes and their interactions? Competence of personnelNOTE 3: The documentation can be in any form or type of medium.4.2.2 Quality ManualEstablish and maintain a quality manual with:? Scope of the quality management system? Details and justification for any exclusions? Procedures or references to the procedures? Description of interaction between processes4.2.3 Control of DocumentsControl the documents required by the quality management system. Records are a special type of document and must be controlled as required by clause 4.2.4.
Establish a documented procedure to:? Approve documents for adequacy prior to issue? Review, update as necessary, and re-approve documents? Identify the changes and current document revision status? Make relevant documents available at points of use? Ensure the documents remain legible and readily identifiable? Identify external documents and control their distribution? Prevent obsolete documents from unintended use? Apply suitable identification if obsolete documents are retained4.2.4 Control of RecordsEstablish and control records as evidence of conformity to requirements and to demonstrate the effective operation of the quality management system.Establish a documented procedure to define the controls needed for record:? Identification? Storage? Protection? Retrieval? Retention? DispositionKeep records legible, readily identifiable, and retrievable.

ISO 9001 registration or certification

ISO 9001 registration or certification

Registration is documented and objective evidence that an organization’s quality system meets the requirements of ISO 9000.
Certification is a term often used interchangeably with registration.
In the context of ISO 9001, they mean the same thing. Registration isthe technically correct term for verification of compliance to standards of quality systems. Certification usually applies to verification of the quality of products (as opposed to quality systems).
Registration is carried out by independent companies called registrars.These companies are:- Wholly independent.- Accredited by a recognized international accreditation body.- Selected, and paid, by you.
Registration can cover:- The sole location of a single-location organization.- Multiple locations of a multi location organization.- Only certain parts of a multi location organization (under certain conditions).- Separate locations under separate certificates. (This is a more costly approach.)The registration body audits your quality system against the requirements of ISO 9001. It reports its findings in writing. These findings may (and usually do) include noncompliances . Major noncompliances must be closed out prior to official registration.
When this has been done, the registration body:- Lists the organization’s name in its book of registered companies—in effect, registers the organization in its book.- Issues a certificate to the registered organization. This registration includes:— Identity of the organization.— Location(s) covered by the registration.— A list of products/services supplied by the registered locations.— Revision date of the Standard.— Registration effective dates.— Name and location of registrar.
Most registrars limit registrations to three years. After that, youmust renew your registration by undergoing another complete systems audit. Some registrars do not use the renewal approach. They simply keep checking the system via surveillance audits.
Whichever the scheme, the organization, to keep registration, must undergo a surveillance assessment every so often. Six months is the typical interval. Some registrars offer annual surveillance schemes (notrecommended except for firms with exceptionally well-implemented quality management systems). Surveillance assessments are scheduled events (there is no such thing as a “surprise” surveillance audit). Only part of the quality system is checked at each surveillance. Usually, theregistrar does not disclose what part will be assessed until the day of theassessment, although some registrars will tell you everything up front.The entire quality system is usually checked via surveillance audits overthe course of three years.
There is no way to “fail” a surveillance assessment, just as there is no way to “fail” a registration audit—except by refusing to implement corrective action required by the registrar. Normally,registrars allow adequate time, but corrective actions must be done in a timely and agreed upon manner to keep registration.One final note: As mentioned, each registrar publishes a list ofthe firms it has registered to ISO 9000.

Goal and Scope of an ISO 9001 quality system

Goal and Scope of an ISO 9001 quality system
The ISO 9001 Standards states its goal in two blunt words: customer satisfaction.How do we achieve customer satisfaction? By meeting customer requirements.The quality management system (QMS) helps us to do this by:
a. Applying the system. Actually using it. Putting it at the heart of our organization.
b. Continually improving the system. The QMS is never done. After all, customer requirements do not stand still—they evolve and grow tougher.So we have to improve continually in order to survive.
(The guidance document, ISO 9004: 2000, sets a compatible and in some respects more ambitious goal: “improving the processes of an organization to enhance performance.”) Prevention of nonconformity. Prevention is the key term here: prevention,rather than detection. Quality management has long since evolved away from the old “inspect quality in” approach.Prevention is cheaper, more effective, and more protective of the customer. Detection is also a different mindset. It requires a very high degree of process orientation, upstream thinking, and relentless analysis.To what types of organizations does the Standard apply? All types. The requirements “are generic and applicable to all organizations,regardless of type and size.” A compliant QMS can be implementedby any organization, producing any product or service,anywhere in the world.Within the organization, the impact of the requirements and the QMS are similarly broad. The Standard “applies to the activities of organizations from the identification of customer requirements, through all quality management system processes, to the achievement of customer satisfaction.” Every activity within the organization that impacts the process of creating customer satisfaction is affected by the requirements of the ISO 9001 Standards.

ISO 9001 Standards

ISO 9001 Standards
ISO 9001 is a written set of rules (a “Standard”) published by an internationalstandards writing body (International Organization for Standardization. The rules define practices that are universally recognized and accepted for assuring that organizations consistently understand and meet the needs of their customers.ISO 9001 is also highly generic. Its principles can be applied to any organization providing any product or service anywhere in the world.Since meeting customer needs is one of the (many) definitions of quality, ISO 9001 is often called a quality system or a quality management system. But the rules, referred to as requirements, go beyond quality matters as they are traditionally understood. The requirements fall roughly into the following types:
a. Requirements that help assure that the organization’s output (whether product, service, or both) meets customer specifications. (Making, and keeping, them happy.)
b. Requirements that assure that the quality system is consistently implemented and verifiable. (We must actually do what we say we are supposed to do. This must be verifiable via independent, objectiveaudit.)
c. Requirements for practices that measure the effectiveness of variousaspects of the system. (In God we trust; all others bring data.)
d. Requirements that support continuous improvement of the company’sability to meet customer needs. (We cannot sit still. We must strive to get better all the time, because customers change, and competitors gain strength.)
Nothing in ISO 9001 is new. The first edition, published by ISO in 1987, was drawn almost word for word from a British quality system standard. It in turn evolved from a long succession of written quality system specifications that had their ultimate origin in the defense and arms industries. Most of the practices required by ISO 9001 have been in use in industries of various kinds for decades. One intent of ISO 9001 is to simplify things for organizations. ISO 9001 strives to harmonize the sometimes conflicting, sometimes redundant quality programs that have traditionally been imposed by major corporations on their suppliers. (Note, however, that ISO 9001 is not meant to supersede customer, legal, or regulatory requirements.)
Very often, major customers require or strongly “suggest” that their suppliers implement ISO 9001 systems. Equally often, such customers require independent verification that suppliers are meeting the equirements.
So third-party registration bodies audit suppliers, confirm compliance to the ISO 9001 standard, and register the suppliers. It does not stop there. To stay registered, suppliers must undergo periodic (often semi-annual) surveillance audits, also carried out by their registration body.
Implementing an ISO 9001 quality system is neither cheap, nor easy. How costly and difficult it can be depends on:
a. The level of commitment of senior management. (The single most important factor.)
b. Where you are when you start. If you have already implemented a disciplined, documented quality system, you will have a less difficult time migrating to ISO 9001. (But that does not mean you will waltz to registration, either.)
c. Whether your company (or any part of it) is “design responsible” or not.
d. How much time you have. If you are under the customer’s gun and have merely months to get the job done, the process will be highly stressful.
e. The physical size and configuration of your company.
The bottom line is this. ISO 9001 is a comprehensive set of rules—a business system, really—that can cause the way your organization runs to profoundly change, almost always for the better. Yet, because it is often customer-mandated, many suppliers regard ISO 9001 as “just another hoop to jump through to keep our customers happy.”
They see their choice as swallow hard, pony up, and jump through the hoops; or walk away from the customer. What many do not fully appreciate is that implementing ISO 9001—expensive, exhausting, and annoying as it can be—can also have the salutary effect of improving the performance of your organization. Not just at first, but on an ongoing basis.