5 Minute Guide to ISO9001

First of all, let me explain a little about the requirements of ISO 9001:2000.

It requires that you:

• Plan the work to be conducted. 
  This involves knowing what you can supply, what your Customers want and then making sure that you have the resources needed to provide it

• Control the production/supply of your goods and/or services
  This involves the control/provision of the environment and equipment needed, control of the work practices, testing the products/services, etc

• Monitor the way the way in which your products and/or services are produced and supplied
  This involves checking the effectiveness of the processes involved. This will require that you analyse a range of data in order to monitor the processes.  (e.g. efficiency of the processes, failure rates, etc)

• Take actions to control any defective or incorrect goods or services produced, and to correct the problems.
  This would include the actions to be taken when a Customer complaint is received, or when your inspection/test processes find faulty or incorrect goods or services, as well as descriptions of how you record these events and the actions that you take to correct the problem.

• Plan actions needed to prevent problems
  This could involve the initial planning of your system to minimise problems, reviews of Customer requirements to ensure that potential problems are minimised, as well as general considerations for operational activities (e.g. "Health & Safety Risk Assessments", etc)

There are also some general system requirements, under which you must:

• Keep records of certain events defined by ISO 9000
  (e.g. problems, Customer complaints, review of customer orders, etc)

• Have a number of procedures which describe how you conduct specific activities
  (see below)

• Define certain aspects of your operations
  (see below)

I'm sure that you will have questions about the specifics, so I'll explain in a little more detail:

ISO 9001:2000 requires that you have a system which includes a number of documents, including:

• six procedures, covering:

  • control of documents

  • control of records

  • control of nonconforming product

  • corrective actions

  • preventive actions

  • internal quality audits

• a quality policy, which must contain:

  • a commitment to meet Customer and other requirements

  • a "framework" for establishing and reviewing quality objectives

• quality objectives, which must be relevant and measurable

• a quality manual, which must include:

  • a description of the scope of the system, including any exclusions from the requirements of ISO 9001:200 with justifications

  • the six procedures described above (or references to those procedures)

  • a description of the interaction between the processes involved

• the various records required by the standard, and also any other records that your organisation decides that it may require. The records defined by ISO 9001:2000 are:

  • records of Management Review of the system

  • records of training and education, etc or staff whose work affects the quality of the product (e.g. this does not include the office cleaner or the receptionist, etc)

  • the records needed to prove that the product met the requirements

  • records of review of requirements for the product

  • records of design inputs, reviews, verifications, etc

  • records of the results of assessments of suppliers

  • records relating to any required traceability of product (e.g. suppliers used for various components, people involved, etc - but only as far as needed within your business)

  • records of any problems with Customer property (if applicable)

  • records of the calibration of any measuring equipment used

  • records of internal audits

  • records showing the person responsible for releasing product (e.g. from one process to another or to the Customer, etc)

  • records of any nonconforming product

  • records of any corrective actions, including responses to Customer complaints

  • records of any preventive actions taken

• In addition, the standard also requires that certain things are "defined", which is usually taken to mean "documented", although this is not strictly the case (an action can be defined verbally, so that if everyone is trained in the requirement, there is strictly no need to write it anywhere. However, this can be difficult to achieve). The required definitions are:

  • the authorities and responsibilities within the organization

  • requirements for the product (e.g. the Customer's requirements, any legal requirements, any other relevant requirements, etc)

• Also, the standard says that you must "determine" various things. These include:

  • The sequence and interaction of your processes

  • The methods needed to ensure that your processes and the control of the processes is effective

  • Your Customer's requirements (it mentions this in many places. It gets repetitive after a while...), and any applicable legal requirements plus any requirements of your own organization

  • The resources needed for the Quality Management System (to ensure it works and is continually improved)

  • The skills required by staff in order to conduct their work

  • The infrastructure and work environment, etc required in order to properly conduct the work

  • The requirements for the product

  • The need (if any) to establish processes, etc which are specific to a product (e.g. which are different to those that you normally follow)

  • The required tests, monitoring and so on, which are necessary to ensure that your product/service is correctly produced and supplied (again, this is described in a number of places).

  • The various design stages and controls (if you perform design activities)

  • The devices needed to measure and check your goods or services

  • Your methods of finding out how satisfied your Customers are with your goods/services

  • The types of data you need to collect and analyze in order to prove that they system is working correctly, and where improvements can be made

There are many other actions that the standard requires, but there is no requirement for these to controlled by procedures (unless you decide that it would be useful to have an instruction that describes the activities), nor that any records need be kept of the actions being conducted. So long as the actions are conducted and you can explain how you conduct them, the requirements of ISO 9001:2000 are being achieved.

Having said that, you may find that your Assessor or Internal Auditor has problems with actions that have no records to prove that they have been conducted. However, that is their problem! They need to consider ways that actions can be deduced. It shouldn't be your problem!

For example, the standard requires that the organization must "determine, provide and maintain the infrastructure needed" so that you can provide product which meets Customer requirements. You can explain how you do this and the Assessor or Auditor can and look for themselves. They can also talk to the people who perform the work to see if the infrastructure is truly sufficient (the new standard requires that Auditors talk to people in more detail than previously, and also that they understand the processes involved at a far greater level).

As an overview, the standard requires that you plan how you control your processes, and that you provide the resources required to supply the correct product to your Customer.

It requires that you monitor the processes and that you check your products.

It requires that you analyse the results and use them to continually improve the way in which you operate and to improve your product where appropriate.

OK! The five minutes are up.

Thank you for your time, and I hope that this document has been of some use to you.

Email click here

( 01243-607014