ISO 9001 The Standard Interpretation - A Peek Between the Covers

Published by Simply Quality

Preface

ISO 9000 is a series of documented standards prescribing quality assurance management. Written by the International Organization for Standardization, the series has been adopted by 80 countries, including the United States, Canada, the European Union and Japan. ISO 9001 has the broadest scope of these standards and is intended to be used for four purposes:

• As guidance for quality management-it contains useful advice for managing a business;
• In contractual situations, between first and second parties-it can be part of a legal contract between customers and suppliers providing the customer assurances that the supplier will carry out work in a controlled manner and that the product will consistently meet established requirements;
• As part of a second-party approval or registration system-a customer gives formal recognition to a supplier of conformance with the Standard;
• In a third-party certification or registration situation-recognized assessment firms, called registration agencies, register companies that are compliant with the Standard. This reduces the need for customers to perform assessments of their suppliers' Quality Systems. The Standard Interpretation concentrates on third-party registration because it is the primary use of the Standard.

The 9001 Standard presents a basic model for Quality Assurance. When requirements of the Standard are met, customers can be confident of the quality of products and services they purchase.

The ISO 9001 Standard is used in legally binding contracts, so its language must be precise. However, it must also be general enough to apply to all industries. The result is that although the Standard is fewer than ten pages long, it is difficult to read and understand. The purpose of this book is to present each paragraph of the Standard, then increase the reader's understanding with a discussion and checklist.

In its most basic form, the Standard requires that you:

• Say what you do-Have documented procedures for performing the work that affects product or service quality.
• Do what you say-Carry out the work in accordance with the written procedures.
• Record what is done-Retain records of activities, providing objective evidence of compliance to auditors.
• Improve, based on results-Compare what has actually happened to what was planned. Use this information to identify and correct shortcomings in the Quality System.

The bulk of the book is made up of units, each consisting of the following four sections:

ISO 9001 Heading                     Simple Heading                        
The exact text of the ISO 9001       A simplified rephrasing of the        
Standard.                            Standard heading followed by a        
                                     simplified introduction to the text   
                                     of the Standard. This is intended to  
                                     provide the reader with an overview   
                                     of the text of the Standard. Because  
                                     simplifications and interpretations   
                                     are made here, the actual text of     
                                     the Standard should be referred to    
                                     for critical decision-making.         

Discussion:

Notes on, or examples of, the best or most common practices to use in carrying out the Standard.

Checklist:

A list of questions, based on this section of the Standard, that is representative of those asked by an auditor. These may be used as a checklist to assess your organization's readiness during compliance efforts or may be used as the basis for internal audits. To be in compliance, you must be able to provide objective evidence supporting a "yes" answer to any checklist question. Note that although these are valid questions and the list is intended to be comprehensive, currently no checklists are sanctioned by the International Organization for Standardization (ISO). The actual questions asked by any auditor will differ from those on this list.

Changing each question into a positive statement for action will provide a list of practical directives on how to implement each paragraph of the Standard.

Special Use Terms:

Several terms throughout the Standard have a more precise meaning than they do in common usage. They can be defined as follows:

• Customer-Your paying customer. The person with whom you signed the contract.
• Supplier-Your company. The company that employs you.
• Sub-contractor-A supplier, vendor or consultant to your company.
• Shall-You must follow this requirement to comply with the Standard.

These definitions are used throughout this book instead of the original terms. Other terms used in the Standard may be unfamiliar, and are defined in a glossary at the end of the book.

It is helpful to know that the scope of the Standard is work affecting the quality of a product or service. And the test for a sufficient Quality System is its "effectiveness." Therefore, in assessing compliance, the auditor, who is trained to evaluate compliance with the Standard, will determine whether a person's work affects product and service quality and if the Quality System is effective in preventing errors. In an effective Quality System, if errors do happen, they are quickly detected and corrected .

Interpretation of the Standard will vary from one auditor or consultant to the next and from one registration agency to the next. This book describes an interpretation based on the practices of several auditors. The exact interpretation used by any individual auditor can only be made by that auditor.

Summary and Afterword

The twenty paragraphs, 4.1 through 4.20, of the Standard are interrelated and form a Quality Assurance System. The table on the last page of this book is an overview of those paragraphs, showing how they support each other. The figures on pages 97 and 98 illustrate the interrelationships between several elements.

It is vital that top management actively support the achievement of product and service quality by creating and deploying a written quality policy; defining the organization and structure of staff responsible for product and service quality; providing for inspectors, independent auditors and reviewers; assigning an ISO 9001 Management Representative with the authority to carry out the requirements of the Standard, and personally reviewing the results of the internal audits.

A Quality System is created and maintained by keeping a comprehensive set of controlled procedures documents, and having the resources needed to achieve quality.

All phases of product design, development, manufacture, installation and service, from review of the sales agreement with the customer, through all intermediate stages of product design, selection and control of suppliers, identifying, testing and controlling the product during its creation, handling, storage, packaging and delivery and providing customer service, are carried out with care for product and service quality.

Work that affects product and service quality is conducted through controlled processes. This requires that the processes are effectively managed by establishing defined procedures, controlling documentation, maintaining records of results and authorizations, auditing the Quality System to keep it current, taking corrective and preventive action, calibrating measuring and test equipment and using only valid statistical techniques.

To allow all of this to happen, people are qualified to carry out their work based on their education, training or experience.

ISO 9001 presents a basic model for quality assurance. I hope this book helps you to understand and appreciate the Standard. Deciding to obtain registration is an excellent next step, or first step, in your quality journey. I hope you will take that step, it is well within your reach.

When you do obtain registration, please tell me your experiences. Let me know how this book was most helpful and where it can be improved.

Changes Made in the 1994 Version of ISO 9001

Directives of the International Organization for Standardization require that all standards be reviewed every five years. The purpose of this review is to ensure that:

• The standards reflect experience gained from its practical application.
• The standards remain stable to facilitate ongoing training and use.
• The standards are usable by companies regardless of size, industry or product offering.

As a result, the ISO 9000 series of standards has been revised and officially adopted in July 1994. The most significant changes from the 1987 version of ISO 9001 are as follows:

• The importance of using third-party registration agencies is now recognized by the language of the Standard.
• The term "customer" replaces the term "purchaser".
• The introduction mentions the assessment of quality capabilities by external parties (i.e., third party registration agencies).
• Subclause 4.1.1, Quality policy, includes reference to customers' expectations and needs, and the supplier's internal organizational goals. The quality policy must be defined by "management with executive responsibility".
• Subclause 4.1.2.2, Resources, is now broader than"verification resources and personnel" was. It now includes reference to management, trained personnel, work performance, and verification activities. The requirement for independent personnel carrying out design reviews has been removed. The requirement for independence of audit personnel has been moved to 4.17.
• Subclause 4.1.2.3, Management representative, must now be appointed by "management with executive responsibility." The Management Representative is now explicitly required to report on the Quality System for the purpose of management review and improvement.
• Subclause 4.2.1, Quality system-General, now includes an explicit requirement for a quality manual that defines the documentation structure of the Quality System, including "reference to the quality system procedures and outline [of] the structure of the documentation used in the quality system."
• Subclause 4.2.2, Quality system procedures, now clarifies the degree of documentation required for the Quality System. It states that the extent of documented procedures required for work activities shall depend upon "the complexity of the work, the methods used, and the skills and training needed by personnel involved in carrying out the activity."
• Subclause 4.2.3, Quality planning is entirely new. It covers Quality System planning and product quality plans. It states that the quality plan for a product, project, or contract may be in the form of a detailed reference to those documented procedures of the Quality System that are appropriate to providing complete assurance of product quality. Most of the information to be considered was in the "Note" in the 1987 version of the Standard.
• Subclause 4.3, Contract review, now includes pre-contract tender arrangements as well as contracts and ordering requirements within its scope. It also includes provisions for orders received by verbal means and requires identifying how amendments to a contract will be handled.
• Subclause 4.4, Design control, has been expanded to include design validation, and separate requirements for design review and design verification.
• Subclause 4.4.4, Design input, must include applicable statutory and regulatory requirements.
• Subclause 4.4.5, Design output, specifically states that documents shall be reviewed before release.
• Subclause 4.4.6, Design Reviews, is a new section stating that design reviews are mandatory and must be planned, conducted and documented.
• Subclause 4.4.7, Design Verification, states that design verification must be carried out at appropriate stages of design and must ensure that "design stage output meets the design stage input requirements."
• Subclause 4.4.8, Design Validation, is new and is in addition to "design verification." Design validation must ensure that the product conforms to defined user needs or requirements. This is in addition to design verification which must ensure that design stage output meets design stage input requirements. Design validation follows successful design verification and is normally performed on the final product.
• Subclause 4.4.9, Design changes, still requires controls, but no longer requires design control "procedures", since this control naturally falls within the requirement for document and data control.
• Subclause 4.5, Document and data control, is expanded to include "data" and "documents of external origin such as standards and customer drawings." The use of electronic media is recognized in a note. Fortunately, "obsolete documents" may be "retained for legal or knowledge-preservation purposes" if they are "suitably identified."
• Subclause 4.6.1, Purchasing, General, now requires documented procedures to "ensure that purchased product (see 3.1) conforms to specified requirements."
• Subclause 4.6.4.1, Supplier verification at subcontractor's premises, is new. It requires that if source inspection is to be used, it must be specified in the purchasing documents.
• Subclause 4.8, Product identification and traceability, requires traceability, where applicable, to begin at receipt rather than during production.
• Subclause 4.9, Process control, now includes servicing and has added requirements for maintaining process equipment to ensure continuing process capability. The previous section 4.9.2 on "special processes" has been incorporated into the text of section 4.9. The requirements for qualification of equipment and personnel to carry out process operations shall be specified.
• Subclause 4.10.1, Inspection and testing, General, requires the quality plan or documented procedures to specify the required inspection, testing, and quality records.
• Subclause 4.12, Inspection and test status, specifies that status "shall be maintained , as defined in the quality plan and/or documented procedures, throughout production, installation and servicing of the product."
• Subclause 4.14, Corrective and preventive action, now includes separate requirements for corrective and preventive action. Corrective action refers to eliminating the causes of actual nonconformities, and preventive action refers to eliminating the causes of potential nonconformities. Requirements to implement and record changes in documented procedures and the use of formal procedures for handling customer complaints have been clarified and strengthened.
• Subclause 4.14.3, Preventive action, now requires that "relevant information on actions taken is submitted for management review."
• Subclause 4.16, Control of quality records, allows for storage on electronic or other media. Procedures must address access to quality records. Records no longer have to be "identifiable to the product involved."
• Subclause 4.18, Training, now requires documented procedures.
• Subclause 4.20 Statistical techniques, requires statistical techniques to be identified.