ISO
9001:2000
The Quality Standard ISO 9001:2000 has been completely revised and restructured. The previous versions ISO 9001:1994/ ISO 9002 and ISO 9003 are now obsolete. ISO 9001:2000 introduces new concepts and requirements but for companies that have not made the transition this can be achieved painlessly.
The new standard is more open to interpretation, less precise and the scope is wider making it more flexible and suitable for a wider range of organisations but more difficult to determine precisely what is necessary to obtain approval. The risk with the old standard was that there was a tendency to produce too much documentation, with the new standard there remains a danger of being over elaborate for the size of the company. Overall we have found the new version of the standard to be an improvement over the previous version and easier to get management to buy into.
Should we adopt the requirements?
Before we begin to talk about the details of the standard, the first question is should we consider it all? There is a cost involved in obtaining and maintaining the quality system and approval, so what are the benefits? The following are some of the areas where there should be benefits, as a minimum it should give you confidence in your current practices and approach.
Market perception
The number one reason for obtaining approval is a customer/market requirement, a "tick in the box "on a tender or market perception as the competitors have approval. If this is the case then obtaining approval/moving to the new standard is probably essential and it is just a case of limiting the costs incurred and gaining as many benefits as possible. The system should be built to suit your organisation and if you are currently successful without major customer or internal problems, the aim should be to reflect current practices. Why make change just for the sake of it? Normally there is room to improve, for example simplifying tasks, removing unnecessary bureaucracy and better defining aims and objectives at different levels of the organisation. The following are areas where there could be benefits.
Increased Efficiency and Profitability
The introduction of the system provides an opportunity to look at how things are done. With this better understanding, visibility and data on the processes any unnecessary or inefficient activities are highlighted and savings can be made. How much depends on how poorly organised the company is.
Improved Communication within the company.
Defining business, process and departmental objectives can give a clearer understanding of what is required and comfort to management and staff that they are doing the right thing.
Better control of resources
All resources including IT, Personnel, working environment, plant and equipment are addressed by the new standard and here again there is the opportunity to review, improve and monitor the subject.
Customer Satisfaction
An overworked phrase but it is still important if your business thrives on repeat business. Adopting the standard provides the opportunity to think what it means to your business and what needs to be done
Problems in the organisation
If a company has real problems with customer complaints, rejects, process problems then there are better approaches than ISO 9001 which get the problems out of the way first. Talk to us.
Do we need approval?
For all or some of these reasons above there is an increase in companies seeking approval just because they feel it is good for their company. In this case the new standard is a better checklist of subjects that businesses should address and permits a better approach to the subject. Adopting the best practices of the standard is useful. Whether approval by an external UKAS assessed body is necessary is debatable, some people just like the certificate on the wall, others find that having external assessors making routine visits to check the system keeps the subject alive. It is rare to find a company that does not have a last minute panic the week before the assessment visit to tidy up loose ends and for this reason it is probably worth the cost.
Scope of Approval
One important issue is that the old ISO 9002 and 9003 are dropped and the new standard has only the one part that applies to all organisations. This places far greater importance on the "Scope of Approval" as a marketing tool and it is important that the scope incorporates all aspects of the companies business.
New format
The standard now has eight sections -
Sections 1, 2 and 3 Scope, Normative References and Terms and Definitions
Section 4 Quality Management Systems
Section 5 Management Responsibilities
Section 6 Resources Management
Section 7 Product Realisation
Section 8 Measurement Analysis and Improvement
QIS has never recommended that quality systems were documented to match the clauses of the ISO 9000:1994 standard nor should the Quality System be designed to meet the new requirements. Design a system to suit the organisation, and then check all the ISO 9001:2000 subjects have been addressed.
Conversion
from ISO 9001/2/3:1994
If you already have an ISO 9001:1994 system then conversion can be achieved by partially restructuring the quality manual defining the main processes and inter-relationship and linking into existing documentation that may not need changing. We have used this revision of the standard as an opportunity to move companies across to an on-line system with the minimum of change to the documentation, see our article "The Intranet as a method of integrating procedures into the methods of working". It is very easy to provide links between the process diagrams and the applicable text. The standard is about “continual improvement”, so although this is not a perfect solution it provides the foundations you need.
Review
of ISO 9001 requirements and approach to be taken
2. Definition of Processes
3. Maintenance and Management
of the QMS
1. Business Aims, Quality Policy, Objectives and
Measurements
Mission and Policy
There are several statements in ISO 9001 about top management’s involvement and providing evidence of commitment. We accept that this is mainly a cultural issue and about how management acts rather than pieces of paper on the wall but the easiest way to address the first part of the requirement is through Mission and Quality Policy Statements and then use of the objectives, measurement and review process. There are other ways if the organisation does not feel comfortable with this approach QIS and the standard are both flexible and what suits the organisation is most important.
The mission/policy statement needs to include a commitment to continually improve and lead to measurable objectives. This mean a little more thought and care needs to be taken than in the past. For a small organisation a simple statement will suffice, for the larger organisation there can be a real benefit from creating a pyramid structure of linked mission and policy statements decomposing the company statements for the different layer/departments of the organisation.
Objectives
Under "general requirements" there is a statement regarding "monitoring, measurement and analysis of processes" and in a number of sections references to "defined objectives". From the analysis of performance against objectives the areas for improvement are identified. No doubt the business will find other areas for improvement that will naturally fall out of the operation of the company, whether it is necessary to, or beneficial to try to collate all the issues is debatable.
Objective Measurement and Targets
So what are "realistic and measurable" objectives? for example “software that is defect free” (excluding safety critical software) is commercially un-realistic but then where do we set the goal? Is it really a company’s intention to issue software with a known number of bugs, where do you compromise? What is acceptable? Do you ask the design team to stop testing when there is one bug, two, one hundred and how do you know? Aiming for "zero defects" still seems the goal although unrealistic. Mission statements "To be the best in the business" we have found are being challenged as in-appropriate. These are grey areas that will settle down with time and the company needs to decide the approach they are taking that suits their business. Business is as much about instinct and what feels right, not all things can be measured. Assessors will talk about SMART objectives (Specific, Measurable, Attainable, Relevant and Time dependant) but some times you can be too smart. see TQM article.
Customer Focused Objectives
The standard places a great emphasis on being customer focused, measurement of customer satisfaction and a requirement to "determine customer needs, expectations and requirements whether specified or not". This requires common sense and can provide some over zealous quality managers and assessors with a field day. For example the number of times a telephone rings before it is answered is very important for Customer Help-Lines or Booking Agencies and probably should be monitored and measured, in other types of business it is a less important issue to monitor. Giving out customer satisfaction forms might work in a hotel but as a general practice is over-used and mainly inappropriate. Questionnaires even when well produced and structured, have a poor response and are only one method of collecting information. Care needs to be taken to select the right approach and the process may need to include several approaches dependent on the size of the customer account, type of product and timing of gathering of information. What needs to be done is what will benefit the organisation.
Continual Improvement
We have mentioned analysis and improvement several times, it has a much more prominent position in the standard, in principle this is not wrong, "If you can’t measure it you can’t control it" but as discussed above this requires thought and care. Continual measurement can be wasteful with staff collecting data that is not used. A few key indicators should be continually measured, in other instances the process should be measured, evaluated, action taken then measured again. There are clauses on measuring and monitoring customer satisfaction, processes and product, analysis of data and improvement, so a general review of the approach to measurement is required.
There are varying approaches to reviewing achievement against objectives, board meetings, departmental reports, progress reports can all contribute. We like to see routine reviews that stand back from the day-to day operation of the business and looks at where we are and what we have achieved with regard to the business objectives we set? How often should the review take place and whether a formal meeting with top management attending is required is up to the company to decide the best way for their organisation
2. Definition of Processes
The definition of processes is the second key requirement. This must be to a level appropriate to the organisation and balanced against the skills and competence of the staff and the systems being used. For example a computerised procurement system does not need a great deal of decomposition. A process diagram would indicate where data needs to be entered, but how it is entered is a matter of training and use of the User Manuals.
The ISO 9001/BS 5750 main requirement was for procedures, this has disappeared and there is now only a small mention of six mandatory subjects. The ISO 9001 requirement for procedures had been around for over thirty years and we still see a place for procedures in the new system, they are a tool for communication which should not be discarded just because they are out of fashion. The new standard is better but not the “Emperors New Clothes”.
In addition to the main business processes subjects such as Human Resources, IT and Quality Management will need to be covered. In our eyes everything a company does should contribute towards quality and therefore in theory should have defined processes.
Legislation and statutory requirements affecting the product or service needs to be covered but theoretically Health and Safety of the working environment does not. We have been asked by several assessors about the Health and Safety Policy etc under the Working Environment requirements and rather than argue whether it is in or out we now address the subject. Disaster recovery is another subject that is gaining prominence
3. Maintenance and Management of the QMS
The final requirement is that the Quality Management System is:-
1. Policed - Through internal quality audits, management reviews of objectives and measurements.
2. Maintained - The QMS documentation will also need maintenance on-going improvements made and training provided.
3. There is evidence of continual improvement – from an ivory tower this may look a smooth curve in practice it will be more of a bumpy ride
See QIS Shared Quality Management Scheme
Summarising
- Look carefully at you scope of approval
- The four key issues that require attention are:-
· Continual improvement through objectives and measurement
· Customer focus
· Processes
The final point is that it is essential that you build your quality system to suit your organisation not to meet the requirement of ISO 9001. Prioritising areas for improvement and changes based upon the advantages to be gained, continual improvement is an acceptance that not everything can be done at once. Be willing and confident to make a case for not fully implementing all of the requirements. It is your company's customers and requirements that must come first.
Quality Improvement Services Ltd
Havelock House, 30 Timbercroft, Ewell, Surrey, KT19 0TD
UK Tel: 020 8786 8828