Implementing the Process Approach

Leveraging ISO 9001 for Real Business Value
"Having an effective process management process may be a "missing link" in your current QMS and this gap may be a key reason ISO has lost some of its luster in recent years." Ensuring that ISO 9001:2008 remains a vital, relevant tool for your top management to improve business performance is often of concern by those responsible to oversee the "ISO program" within your organization. It is too common for ISO to become "yesterday's news" if you've been certified for several years and today's "big event" is the annual return of the Registrar's auditors. If your organization has struggled to show measurable and sustainable improvements in performance for your customers or toward top-priority management goals, then ISO may be thought to be in "maintenance mode" within your organization, rather than a vital tool to address today's critical business needs. The observable symptoms of this situation might include: 1. 2. 3. 4. 5. The same corrective actions come up again and again. Audit reports identifying seemingly "petty" issues. Management review meetings "going through the motions" and often poorly attended. Improvements made in the past don't show sustained results today. There is a "burn out" factor within your internal auditor team.

These indications point to a quality management system (QMS) that has generally lost its focus. But, why does this occur? Why are we off track? In many organizations, a careful "root cause" investigation may point to a lack of understanding about how processes drive performance or a lack of effective implementation of what ISO 9001 calls the "process approach". In previous editions of ISO 9001, the standard was organized for auditors, not managers. The requirements were structured around 20 "elements" (whatever that means!) and read like an auditor's checklist. The central theme of these earlier ISO versions was to "document what you do, and do what you document". In other words, procedures! In many of today's certified companies, this legacy mentality still reigns and numerous documents that were written to "get ready for ISO" now gather dust unless an auditor stumbles across them. Many managers ask (rightly) "what's the point of that!" A change in focus in the current standard To cure us of our fixation on documents (as if that was the point of ISO anyway) the year 2000 version of the standard introduced the process approach to turn our attention toward a means to drive real business value with our QMS. In the words of the introduction of ISO 9001:2008: This International Standard promotes the adoption of a process approach when developing, implementing and improving the effectiveness of a quality management system, to enhance customer satisfaction by meeting customer requirements. For an organization to function effectively, it has to identify and manage numerous linked activities. An activity using resources, and managed in order to enable the transformation of inputs into outputs, can be considered as a process. ... the application of a system of processes within an organization, together with the identification and interactions of these processes, and their management. can be referred to as the "process approach"(ref. 0.2). More simply, in order to improve business results, both for the customer and the company, your approach to your QMS should be built around processes ... namely, those processes that have the biggest impact on your business performance. In a related article, we discussed the importance of identifying the most critical cross-functional processes that most impact the customer and business performance and formally managing them as the central theme of your QMS. Once in place, these key processes serve as the focal point for management planning, resource allocation, performance monitoring and continual improvement efforts. Your documentation, training and corrective actions should also stem from these processes. In some respects, your key processes and their improvement become the chief targets of your QMS.

So, the selection of your key processes and their day-to-day management by assigned "process owners" is among the most important responsibilities of the management representative (see 5.5.2 a) and top management (see 5.4.2). The problem of white space in the organization A question might come to mind, then, "Why do processes need to be managed?". Or, "why don't they manage themselves?". This uncertainty often springs from an assumption that if we put procedures in place, and manage them (including auditing the @%#& out of them) doesn't that make our processes work right? The answer can be found by looking more closely at our procedures. Most company procedures are written by a specific department within our organization. Each department looks at how they do things and documents the general steps in a written procedure. They might also check the ISO standard to see if there are any changes they need to make to stay out of audit trouble. A procedure, then, is focused on the activities within the department who develops it. Some examples The limitation of that approach is that key processes are bigger than individual departments. Consider the following examples:

What's clear about these processes is that they span several departments within an organization. It takes the efforts and good performance from each department to get good results from the process. And it takes more.

What is "white space"? In most businesses, the most common areas where obstacles to processes arise are in the hand-offs between departments, groups or individuals, or what is called the "white space" of an organization(*). The term white space comes from looking at a typical organization chart or diagram showing the reporting relationships of the various departments. The common chart shows job titles and how people fit in the overall organization. The intention of such a diagram is to show where people are focused in their jobs. Managers, then, place their attention on making sure each person fulfills their responsibilities within their defined job duties. Where there is NO focus is on the spaces between the boxes on the organizational chart – or the "white space" on the chart. This tends to be "no mans land" in the organization where no one claims to have full responsibility or accountability. As work flows through the organization within larger processes, problems crop up when "balls get dropped" or "things fall into a black hole" in the white space. The process approach looks at the business differently. Instead of the top-down (vertical) view through the organization chart, a process view sees how work flows horizontally through the business. In reality, the most important work flows across the company without regard to the reporting structure of the organization. Yet, that same organization structure often impedes the performance of the process.

This occurs because of how goals are set departmentally and how problems get addressed by having to go "up in the chain of command" for resolution, especially when there are particularly sticky issues to resolve. This only creates delays in decision making and typically removes those closest to the work and the problem being discussed, from the final decision made. These management decisions can be subject to compromise between conflicting priorities of the process and department goals. In process terms this is called suboptimization. The importance of managing white space To balance the top-down view, processes need to be managed horizontally within their own structure. The ISO 9001:2008 process approach provides such a structure. The horizontal view does not conflict with the company reporting structure but complements it. By identifying the few key processes that are essential to business performance and assigning responsibility for management and improvement of these processes, this can pull everyone involved together in understanding how to better arrange the process for best results. The key then is to define how to manage cross-functional processes within a functional organization. The remainder of this article will focus on some proven suggestions to how to structure your QMS to maximize process performance across your company. A cross-functional approach to managing key processes

Monitor. what's the difference in approach between them? There are certainly more questions to consider. 4. Determine and implement formal measures of effectiveness for each process that are reported as part of top management meetings and management review. Who "owns" each process? That is. Establish formal criteria for process management teams and their effectiveness. Getting your process management process started Here are some general suggestions for getting started:            Assign "ownership" of each process to a member of the top management team. but these should serve as a starting place for setting up a "process management process" in your organization. Provide training to your process management teams on process improvement techniques and their role within the organization. 5. We should say it is more than simply putting a list of your processes in your quality manual. Review your current procedures to see which processes they support and if they are aligned with the purpose of the processes. You'll have to tailor some of the suggested steps above to your organization depending upon its size and organizational complexity.The ISO 9001:2008 does not specify the structure to use to manage your processes (see section 4. 3. Questions to consider An effective approach to process management would address these questions: 1. 2.1 in the ISO standard). 6. 4. even if it disrupts the current organizational structure and job responsibilities. Write a QMS procedure on your process for managing processes and ensure it is audited as part of your internal audit schedule. Rate them against the criteria to measure progress. analyze and improve the processes. It simply states that you must: 1. But how to set all this up within your QMS is up to you. Set process goals based on top-level company and quality objectives. Establish methods to measure the performance of the processes. is there an individual assigned to be responsible and accountable for the performance of the process? What departments and job positions are involved in the execution of the process? What does each one need to successfully support the process? Where are the most common "white space" breakdowns in the process? How can they be more carefully managed? How do we keep everyone involved informed as to how the process is performing and what problems need to be addressed? What day-to-day obstacles do people run into in performing the process? Do we have an official way for these type of problems to be easily reported and addressed? How to we measure the progress of our ability to manage processes? If one process is "better managed" than another. Consider eliminating procedures that don't support a key process. Be sure to work closely with your top management in setting up your "process . Authorize your process management teams to make changes to their processes for improvement. 2. Recruit a cross-functional team to work with the process owner to oversee the process on an ongoing basis. Make sure resources and information needed are available. Also provide training to your teams on how to analyze data. how to investigate root causes to process issues and how to take effective corrective and preventive action. 3. This will ensure there is enough clout and visibility to process management. Identify your key processes. In some companies. how they flow though the organization and their relationships to one another. Have the process management team formally document the process in a process flowchart showing all of the hand-offs and white spaces. that's about all the thought that is put into their processes.

you can turn your ISO QMS into a lever for addressing nagging problems with customers. . for the original discussion about "White Spaces" in an organization and how to manage processes to overcome them. You may be weathering your audits just fine with only a handful of minor findings each time. Driving sustainable improvement Having an effective process management process may be a "missing link" in your current QMS and this gap may be a key reason ISO has lost some of its luster in recent years. But passing the audit may be all the benefit you're getting from your investment in ISO 9001:2008 certification.approach" so that you have their support and involvement. A practical approach is found in the ISO 9001 process approach and you'll find your efforts to re-tool your QMS will pay back benefits for years to come. By managing processes with a more structured approach. It's an ideal situation when the top management team integrates process management into their normal business management activities and regularly identifies processes requiring change or improvement when business issues or opportunities arise. Rummler & Brache. Jossey-Bass Publishers. recurring wastes internally and for taking advantage of new business opportunities that require your business to "move up a notch" in its capabilities. (*) See the book "Improving Performance".

it is common to ask. This is the minimum benefit you should receive from your efforts. The process approach means that you improve your business by managing and improving certain key business processes that directly impact your ability to serve your customer. 2. other than the reduction of the number of "required" (i." While a necessary part of ISO.2)." Since the year 2000 release of ISO 9001. can be considered as a process (ref. passing the audit will only maintain your certification. a process is basically how you are operating a certain activity within your business to convert something such as an unfinished product. 0. "What exactly is a process?". This struggle has been expressed by a number of common questions: 1. A simple explanation From the language of the ISO 9001 standard itself. and their management" (ref.e. Using the text from the ISO 9001 standard: An activity using resources. all ISO certified companies have wrestled with the practical application of the "Process Approach" that was introduced in the current version of the standard. The steps you've followed to accomplish the intended results is the process. and managed in order to enable the transformation of inputs into outputs. or other "input" into an "output" such as a finished product. The real opportunity for measurable business benefit from ISO 9001 is for better efficiency. cutting across boundaries within you organizational structure. The continued confusion about this aspect of ISO 9001 stems from the generic language of the standard and the various ways companies have attempted to comply. Often.2). Gains made by improving your key processes pay dividends today and in the future as your QMS drives meaningful improvement in your business. The most effective ISO "lever" to achieve these results is the management and improvement of key business processes. when correctly applied to your QMS. prescribed) documents. the most critical processes in your business are cross-functional. Let's see if we can take some of the mystery out of this for those of us trying to make ISO add value to our businesses on a day-to-day basis. It hasn't helped that Registrars seem to have different approaches to interpreting and auditing these requirements. by improving these processes you improve your company's ability to meet customer requirements. what is a process? For those who may not have a strong background in studying processes and quality improvement. an untrained employee. is the way this gets done. reduced failures and higher levels of performance for your customers. together with the identification and interaction of these processes. the "process approach" is described as: "The application of a system of processes within an organization. The process approach. decisions based on data or information or a fully skilled employee. 5. section 0. So. Improvements in these processes have an ongoing payback if such improvements are sustainable and sustained. Let's put that into simpler terms. So. . the shift to the Process Approach was the most significant change from older editions of ISO 9001. some data or information. In other words. In fact. 3. that takes the focus of your ISO efforts off of "getting ready for the next audit.Understanding the Process Approach Demystifying the ISO 9001 Requirements What Exactly Is the Process Approach? "The process approach means that you improve your business by managing and improving certain key business processes that directly impact your ability to serve your customer. then understand that you're not alone. 4. Since your business processes are basically "how you get things done". What exactly is a "process" as required by ISO? How do we document our processes? How does the rest of the Quality Management System (QMS) support our processes? How do we audit using the Process Approach? What are the Registrar's auditors really looking for? If you've found yourself asking these or similar questions. or you've had other people in your organization ask them and you've struggled with a response.

Keep in mind that your business processes exist whether or not you understand them or are trying to improve them. training. because of their importance to meeting customer requirements and management objectives. 5. involving several department heads. 2. 3. etc. Identifying the processes that most directly impact your customer and overall business performance. Proper procedural documentation to control each process. . producing and releasing a new product or service. 6. tends to work against efficiency because of the "hand-offs" between departments and conflicting goals between organizational groups. such as developing. such as entering data into a computer. In addition. Establishing reliable measures of performance for those processes. work instructions. A process can be as "small" as a task someone has to do. in this case. Yet. A process can also span several departments who all have to work together for a common goal. Integrating the process with the requirements of other business processes. such as putting together and implementing a new marketing campaign. Processes are simply "the way we get things done". despite their greater importance. 4. Effective action to root out obstacles in the process and to resolve root causes to performance gaps. These different process scopes illustrate how smaller processes "fit" into larger processes and support them. The organizational structure. Generally you should consider bigger processes to be more important to your business performance overall than the smaller ones. Some are more informal than formal. This is because cross-functional processes cut across organizational boundaries. Assigning responsibility for monitoring and improving each process. Processes come in different shapes and sizes. it should provide the overall purpose and structure to your procedures. Others are less effective than you assume. A somewhat larger process would involve several people within a certain department to complete something. There are those that are surprisingly effective though you're not sure why. What's involved in managing processes? The management of key business processes basically involves the following: 1. the selection of processes and establishment of process measures should be derived from your overall business and quality objectives. The management of your key processes should serve as the "top level" of your QMS – that is. they should be considered among your most critical "key processes" to be managed within your ISO system. But it is often the case that the broader cross-functional processes are not well managed.

What does ISO require? When reading the ISO 9001:2008 standard. Four parts of managing key processes are listed: 1. 2. data-driven continual improvement Monitoring these results and analyzing the data will clarify specific improvements needed in the process to drive performance up. Using root-cause analysis to determine needed corrective action (and preventive action) will ensure that improvement efforts pay off with better overall results. If those requirements are not clearly defined and communicated. it's easy to miss this central emphasis on managing key processes. 3. Piecing together a complete understanding involves pulling a number of requirements together. monitor process performance and effectiveness through actual results Once you've identified and defined your key processes. . 4.2 Process approach It is helpful to start with the Introduction to the standard that introduces the concepts of managing your business through the identification and management of a "system of processes". 0. The measures should be selected based on the most important objectives for each process and its overall purpose. each should be monitored using a few performance measures. That means that you should start with the most "key" (critical) processes to your business. consider the added value of the process Processes to be managed should be selected based on the "value" they add to the ability to meet customer requirements or to meet business objectives. those involved in the process won't know if they are achieving what is needed. This is in part because the requirements for managing processes are sprinkled throughout the standard under various headings. understand and meet requirements This indicates that the purpose of each key process is to meet specified requirements.

1 (e).3.2.1 (a) & NOTE. Essentially.3. your management representative oversees the process owners to ensure the processes are effectively managed.6. determine an "owner" for each process. Specified requirements for processes The practical requirements for managing key processes are found in several passages within the standard.5. be sure to include processes related to management activities. 5.5.1 (b).0) to help you understand how the requirements fit together.1 Key Process Management Requirement Identify your key processes This is typically done with a simple flowchart for each process.3. 7.2 (c). 5.0 – 8.4.0. Monitor and evaluate the performance of your processes to determine if objectives 8. relate them to your key process maps nly implement formal documented procedures where they help the process run more smoothly . ISO 9001:2008 Reference 4. .4 Establish formal measures of performance for each process based on the process purpose and objectives Ensure these process measures are linked to your overall objectives for the business and quality. 4.2 (c) Determine how these processes fit together and impact each other This can be done by showing one process as an input to another process on your process maps.2 to ensure needed resources are provided Establish effective information-flows with your customers. 6.2. 8. provision of resources and measurement. 4.2. trends can indicate opportunities for preventive action. 7.4. Determine the resources needed for each process and establish a planning process 7.4 (c) are being met One of the venues for this evaluation is your management review.1 (d). evaluate what information is needed at each hand-off and determine how that information will be managed and maintained. 7. 5.1.3 Establish a communication plan to ensure everyone working in or affected by your key processes understands how the processes are performing. 4. 8.2. internal processes and suppliers.3 (b).2 (a) Assign responsibility for managing these processes on an ongoing basis That is. 5. the model depicts how your organization translates customer requirements into customer satisfaction through your internal QMS processes. 7.1 (c).1. 4. 8. the diagram is helpful.1 (d) Develop formal procedures needed to control these processes.3 (a). The model aligns with the 5 major sections of the standard (4.don't document for the sake of documenting.6. the process maps should be referenced or included in your quality manual 5. 4.2. From a conceptual perspective. 7. 4.The model shown in Figure 1 within the ISO 9001:2008 standard helps to give a "big picture" of how the overall QMS works to ensure that customer satisfaction is achieved (see page 7 of the ISO 9001:2008 standard).5 Determine actions needed to improve the performance of your processes as determined by your process measures In addition to corrective actions.

the ISO standard does not really say how you need to organize your audits. So. to the requirements of this International Standard [i. If this is your current procedure for auditing. see the article Implementing the Process Approach. manage and improve the most critical business processes that impact your customers and internal management objectives. This would include assigning responsibility to certain individuals or teams to take charge of your key processes. Many ISO internal audits are structured around a requirement-by-requirement review of the quality management system following the sections of ISO 9001:2008. an effective implementation of the "Process Approach" would start by laying out how you will select. Then. Perhaps. ISO 9001:2008] and to the quality management system requirements established by the organization (ref. you need to determine the scope and frequency of your audits based on. among other factors.1). these process owners will monitor and improve these processes on an ongoing basis taking full responsibility for their performance..e. bottom line is that you are not required to rearrange your audit program to "audit processes" per se. The scheduling in such an audit program is often by departments within the company. But you do need to be sure your auditors are aware of your processes and how they are organized. how well your key processes are performing. managed and currently performing.2. how do I do that?" Well. The Need for a Process to Manage Processes So.2). conforms to the planned arrangements (see 7. They can then provide useful feedback to your key process owners as to how well they are implemented and areas needing improvement. just that you need to consider in your audit plan: The status and importance of the processes and areas to be audited. 8. As a minimum. .2). 8. For additional help on getting started with managing your processes.Do we have to Audit using a Process Approach? One final question is commonly asked relating to whether or not your internal audit program must be reorganized to audit "processes" rather than "ISO requirements". as well as the results of previous audits (ref. Teams work well when processes cut across your organizational structure. then. one of your first processes to establish is the process for how you will manage your key business processes within your organization. It is common for an audit checklist to itemize questions to confirm whether the QMS: . the question that comes to mind is "do I have to change to auditing processes? If so..2.

These decisions are left to the company to determine how to structure the document to best support its objectives. as a minimum. The policies must cover all areas of the ISO standard and be traceable (reference) to them. To communicate management's expectations for quality to the organization.2 Quality manual The organization shall establish and maintain a quality manual that includes: 1. It includes policies for all areas of the business affecting or affected by the quality system. These policies authorize department managers to implement procedures within the boundaries specified in the quality manual. NOTE 2: A clear distinction should be made between the contents of the quality manual and operating procedures. the documented procedures established for the quality management system. 2. including details of. processes and results. To demonstrate the company's compliance with ISO 9001 requirements. the scope of the quality management system. the quality manual must include the following: 1. 3. In terms of contents. Policy statements demonstrating management's intention to comply with ISO 9001 requirements (less any appropriate exclusions). any exclusions (see 1. 2. o Who is responsible to implement these expectations (by function or job title). 4. One thing to note about this requirement is that no guidelines are given regarding the format or organization of the manual. REQUIREMENTS The quality manual is a stated requirement of the ISO 9001 standard. 5. A description of the company's organization (usually in the form of an organization chart. The quality manual defines what management's intentions for operation of the quality system while the operating procedures define how these intentions are implemented within the organization.2. Assignment of one or more "management representatives" for quality in the organization.2).4. To serve as a measure for compliance to management's expectations for: o Internal audits o ISO Registrar audits o Customer audits DEVELOPMENT . Here is the relevant section: 4. and a description of the interaction between the processes of the quality management system. The company's quality policy (showing the company's commitment to quality). USES The primary uses of the quality manual are: 1. 3. 6.2 The Quality Manual Establishing rules for the quality management system DEFINITION A quality manual is a document stating the company management's intentions for operating the quality system. NOTE 1: The quality manual would normally contain no proprietary/confidential information and is usually made available to customers and third party auditors. and justification for. or reference to them. o What interdependencies exist between functions and processes. 2.2. Reference to the "second tier" operating procedures of the company. top level of the company only). They also serve to provide a measure for procedures. An explanation of the company's documentation structure. These policies must include: o How management expects company operations to function. o Where and when the policies are applicable within the organization. 3.

approval and release.4). and reviews g) recommendations for improvement.6. to include at least: a) improvement of the effectiveness of the quality management system and its processes. c) process and product quality results f) changes that could affect the quality management d) follow-up actions from previous management system. This review shall include assessing opportunities for improvement and the need for changes to the quality management system.1 General The management of XXX company reviews the company's quality system to ensure its continuing suitability.6.X Management review X. a) results of internal and external audits e) follow-up actions from previous management b) customer feedback reviews.2 Agenda and Minutes a) results of audits. 2. Records from management reviews shall be maintained (see 4. at planned intervals. 3. The management review convenes on at least an annual basis. 5.The development of the quality manual follows several steps: 1. including the quality policy and quality objectives. Records of the management reviews are maintained in accordance with the company's quality records policy (ref. Note quality system inadequacies identified. including the quality policy and quality objectives. The agenda of the management review is as b) customer feedback. EXAMPLE As an example of how the quality manual policies should reflect the requirements of ISO 9001 see the following: ISO 9001 Requirement 5. 4. The management review includes determining opportunities for improvement and the need for changes to the quality system.2. 8. d) status of preventive and corrective actions. adequacy and effectiveness. a) action items to improve the effectiveness of b) improvement of product related to customer the quality system and processes requirements. 7. xxx). Determine format and structure of the manual. 6.3 Review output f) action items for improvement g) other business The output from the management review shall include any decisions and actions related to Minutes are kept as a record of the management reviews.1 General Top management shall review the organization's quality management system.6. follows: c) process performance and product conformity. Draft policies based on ISO 9001 requirements.2 Review input The input to management review shall include information on Sample quality manual policy X. Circulate for input from all departments. X.X. to ensure its continuing suitability. c) resources needed to successfully implement above action items *** . and b) action items to improve product quality c) resource needs.X. 5. cross-referenced to policies. Publish first draft of manual. e) organizational or business changes that could affect the quality system 5. List policies to be written (note any ISO 9001 requirements that do not apply).6 Management review 5. Formal review. List second tier operating procedures. adequacy and effectiveness.

Navigation. Alternatives to intra-document referencing might include:    Carefully designed document numbering systems A document master list showing parent-child relationships between documents The use of an electronic document management system that helps manage document interrelationships and provides for easy searching of document contents Reviews & approvals As a document is written. it is often helpful to solicit input from others before it is finalized. "It behooves those responsible for managing their organization’s QMS to design a document control process that is simple to use.the company’s position or intention for its operation Procedure . current documentation is used throughout the organization.3 Document Control Keeping your QMS Current THE IMPORTANCE OF DOCUMENT CONTROL A cornerstone of the quality management system (QMS) is the control of documents. let's briefly discuss essential design criteria for an effective document control process. Auditors (internal and external) also pay particular attention to document control disciplines resulting in frequent audit nonconformances (it is commonly reported that document control generates the most nonconformances in and ISO 9001 QMS). Higher-level documents generally reference lower-level documents for easy navigation. easy to monitor and effective to prevent the use of incorrect documentation. While not a particularly glamorous activity.responsibilities and processes for how the company operates to comply with its policies Work Instruction . An annual documentation review to spot redundancies. The mixed blessing of cross-referencing It is common for companies to add multiple references to related documents within the body of their documents. costs and customer satisfaction. It behooves those responsible for managing their organization's QMS to design a document control process that is simple to use. Less is often better than more. hierarchy & structure Developing a layered structure for your documents helps users find what they are looking for. Inadvertent use of out-of-date documents can have significant negative consequences on quality. Lower-level documents must agree with requirements of related higher-level documents. Encourage your document authors to be concise and make their documents multi-purpose when possible. companies often invest heavily in dedicated staff. Circulating the . document control is an essential preventive measure ensuring that only approved. While this can help a reader quickly find additional information on a topic. easy to monitor and effective to prevent the use of incorrect documentation. it's easier to control a smaller number of documents than a larger number of documents. documents no longer needed.4. While it may see obvious.2. be sure you have a way to comprehensively search for all instances of a specific document reference so they can be reviewed and updated if needed when a document is revised.step-by-step instructions for a specific job or task Forms and Records ." Because of its importance. scope and interrelationships of each document. DESIGNING YOUR DOCUMENT CONTROL PROCESS Before reviewing the specific ISO 9001 document control requirements. and opportunities to consolidate will help keep your QMS document set lean. If you choose to use cross-references. Document control starts with document design. An ISO 9001 structure typically organizes itself into 4 levels:     Policy . the ability to maintain (update) all references to a document can be difficult.recorded information demonstrating compliance with documented requirements This logical arrangement clarifies the authority. detailed procedures and specialized software programs to keep control of their QMS and other business documents.

4. signed and dated. "what value does each signature add to the document?" and limit approvals to those with direct knowledge or responsibility for the document. The storage and access of documents must easily allow individuals to find the appropriate version of a document to use where needed. A documented procedure Records often (though not exclusively) result from a form that is completed and filed.2. While not explicitly stated. and other company documents affecting quality or customer satisfaction. Note that older versions of a document that are still needed (e. This includes the current development stage (draft. Records are a special type of document and shall be controlled according to the requirements given in 4. a record must be kept of the change (the reasons for and nature of the change). managers responsible for the activity. Ensuring timely and convenient access to documents is frequently the source of high costs and repeated discrepancies. c) to ensure that changes and the current revision status of documents are identified. Planning a "review cycle" into your document development procedure can help document authors improve the quality of the resulting documentation. Approvals may be in the form of a written signature or a password-protected electronic approval record. In addition. Typically.document for review can include future users of the document. This includes all policies. the longer the approval process will take. specifications for an older product) may remain active if necessary. approval. etc.g. the fewer times they will feel the need to use an uncontrolled copy of a document. Often it is helpful to ask. Approval signatures must be recorded prior to the release and use of the document. REQUIREMENTS FOR DOCUMENT CONTROL The ISO 9001 standard includes specific document control requirements that will be subject to all internal and external audits (ref. Generally. management review or scheduled on some periodic (annual?) basis. work instructions. review. current revision status must be maintained. An alternative to a long approval list would be to include more individuals in the review process. this requirement also applies to temporary memos or postings that are used to communicate QMS or product-related requirements. When determining who should approve a particular document you must balance the desire for gaining buy-in and accountability by affected departments with the need for efficiency of the document control process. A separate ISO Explained article will cover the requirements of records in detail. Documents required by the quality management system shall be controlled. Any temporary documents must be clearly identified. specifications. d) to ensure that relevant versions of applicable documents are available at points of use. b) to review and update as necessary and re-approve documents.4. You should consider where designated controlled locations of your documents will be established and whether short-term reference copies of controlled documents will be permitted. workers in areas affected by the activity and other interested individuals. This review can be tied to a company's internal audit process. but the revision level must be made clear.3). procedures. A record of such reviews must be kept. the easier it is for employees to access controlled copies when needed. giving everyone a chance to comment on the document before it is released. forms. A documented procedure shall be established to define the controls needed A document control procedure is one of six mandated procedures in the ISO 9001 standard and it must include the company's processes for the following requirements: a) to approve documents for adequacy prior to issue. All documents must be reviewed periodically and updated and re-approved if needed.2.) and the date or revision level (number or letter) identifying the current version of the document. It is advisable to include an expiration date on temporary documents to ensure they are removed from use when intended. Document approvals are mandatory and must be kept as a record as well. the more signatures you require. When a document is updated. . The date of all approvals must precede the document's release date.

Up-to-date – Count the number of document revisions or audit discrepancies stemming from a document that is out-of-date. The format and storage of your documents must protect a document from being rendered unreadable due to wear or damage and that every document can be clearly identified through a title. . filing. Use the results to improve the format of your documents and training of your authors. Cycle time – Measure the time it takes a document to be developed or revised from initial draft to release. User satisfaction – Periodically survey your employees regarding the usability of your documentation. etc. reviewing. the extent of control is limited to clear identification and controlled distribution. These can include customer. but are necessary for ensuring quality and meeting customer requirements must also be controlled. g) to prevent the unintended use of obsolete documents. supplier or industry documents (including your copy of the ISO 9001 standard). Document errors – Track the number of document revisions due to information mistakes in your documentation. or other means. A log or other record would suffice to track external documents. and Documents that do not originate within your organization. This usually requires segregation or disposal of obsolete documents. This will tell you whether your periodic document reviews or obsolete document provisions are effective. 3. Any obsolete documents that are kept for reference or other purposes must be clearly identified through markings. document number or other suitable identification. approving.e) to ensure that documents remain legible and readily identifiable. auditing. document retrieval is often an expensive hidden cost generated when individuals must search endlessly for a document because of inadequate indexing. 5. 4. Results will often reveal weaknesses in your review and proofreading processes. Results of the performance measures of your document control process can help you determine how to drive continual improvements into your entire QMS. storing. 2. However. revising. Out-of-date documents or older versions of revised documents must be protected from unintentional use. Cost – Consider tracking the costs associated with your documentation including developing. retrieving. Work to improve the efficiency of your document control process as you would any other business process. Of these potential costs. MEASURING SUCCESS How can you measure the performance of your document control process? Here are some suggested metrics: 1. and to apply suitable identification to them if they are retained for any purpose. organization. distributing. f) to ensure that documents of external origin determined by the organization to be necessary for the planning and operation of the quality management system are identified and their distribution controlled. storage or training. separate storage areas.

4) 15.6. Important.3) 19. protected and controlled throughout their lifecycle.2. Calibration (7. Skills and Experience (6.2) 6.4.4) 18.1) 3. effort and expense of keeping up your quality records are ongoing investments in building a reference-base for analysis.2.2. Management Review (5. Preventive Action (8. Training.2) 13.1) 12.3) 2. your records should be treated as invaluable.5.2. keep in mind that an auditor may want to retrieve it in order to evaluate the effectiveness of the QMS. With this historical evidence you can:      Understand how well your QMS is performing Trace back to the source of problems Demonstrate compliance to requirements Evaluate trends in QMS performance Monitor improvements " The energy.2) 7. and any additional records you decide are important to maintain.4) 8.2.2) 4. Design and Development Review (7. Product Realization (7. effort and expense of keeping up your quality records are ongoing investments in building a reference-base for analysis.3) and customer satisfaction (8.3. compliance and improvement. Supplier Evaluations (7. Additionally. and important requirements in the ISO 9001 standard. because records must be identified.4 is the paragraph dealing with Control of Records). Internal Audit (8. Nonconforming Product (8. " With your quality records you can answer questions such as "why did this happen?". Customer Requirements Review (7. filed.5.5. Corrective Action (8. your quality records are a primary reference for your internal and external auditors to assess your compliance to requirements.3. The organization shall establish a documented procedure to .2. You may want to include records for maintenance (6.2) 17.5. Identification and Traceability (7.3) 14. Education.4. must be kept according to the "Control of Records" requirements in the ISO 9001 standard: Records established to provide evidence of conformity to requirements and of the effective operation of the quality management system shall be controlled.7) 11.4" is found (4. As each record is filed.6) 10. Product Conformity (8. because they contain the history of how your quality management system (QMS) is functioning.2. Damaged/Lost Customer Property (7.2) 20.1).3. Production/Service Processes (7.1) 5. Design and Development Inputs (7.3. Design and Development Verification (7. WHAT RECORDS SHOULD BE KEPT? The ISO 9001 standard has a built-in reference to all required records wherever the phrase "see 4. WHY KEEP RECORDS? The discipline of maintaining your QMS records ensures that you will have an objective means of assessing QMS effectiveness.2.6) 16. for example. The 20 mandated ISO 9001 records are: 1.3. Painstaking. WHAT ARE THE ISO 9001 REQUIREMENTS? All 20 required quality records that are applicable to your organization's processes.4 Control of Records Maintaining objective evidence of compliance Record keeping is one of the most painstaking. you might give careful consideration to other records you might need to include in your QMS that would give you an important historical reference for critical areas. With such valuable information at your fingertips.5. Document Control (4. Design and Development Validation (7.2. Design and Development Changes (7.3) In addition. The energy.5) 9. compliance and improvement. "when did this problem first appear?" and "is the problem gone?".

in what types of storage containers and any environmental concerns (moisture. storage. retention and disposition of records. then dispose of them. you must have a documented procedure for controlling records. *** . date. Provide adequate storage capacity so filing can be maintained. In the procedure you must address how your organization handles the following: Identification – What minimum information must be added to every record for identification (see "Readily Identifiable" above). Keep your records only as long as necessary. HOW CAN WE KEEP IT SIMPLE? With at least 20 types of quality records to maintain according to the ISO 9001 requirements. (ref. Here are some suggestions:      Assign clear responsibility for filing. Retention Time – Specify minimum and/or maximum retention requirements for each type of record.4) Let’s briefly clarify each requirement: Legible – You must ensure handwritten records can be easily read and that you protect paper records from deterioration that might affect their readability. protections. For confidential records. Anyone looking at the records should be able to easily tell what they are looking at. readily identifiable and retrievable. storage locations. Protection – What methods must be used to preserve records from loss or deterioration. code. title. protection. storage location or other appropriate method.). Move as many records as possible to a searchable. retrieval. 4. security. By keeping your record keeping as simple as possible. you may want to include where files are kept. Be sure to establish a schedule to review your records according to your requirements. you'll keep your costs down. For electronic records. In addition. etc. For hardcopy records. Retrievable – Every record should be filed and stored in such as way as to be easy to find and access when needed. prepare for seamless audits and keep your ISO-life somewhat manageable. Storage – How hardcopy and electronic records are stored to protect them. electronic format to keep storage costs down and make them easy to retrieve when needed. Records shall remain legible.2. temperature. be sure to include how the data is backed-up regularly. evelop a records retention matrix that shows who is responsible. Disposition – Determine how you will dispose of records when scheduled. maintaining and disposing of each record. retention requirements and disposal methods. Readily Identifiable – Each record should be uniquely identified through a number. be sure you are explicit about how you intend to destroy the records.define the controls needed for the identification. Retrieval – Describe how records are indexed or otherwise organized to facilitate easy access (see "Retrievable" above). organizations are often seeking to simplify their approach to record keeping.

4). Defining and communicating responsibility and authority for everyone affecting the quality management system. 5. In fact. President. This extra focus on the role of management is explained in the opening text of the Management Responsibility requirements section: "Top management shall provide evidence of its commitment to the development and implementation of the quality management system and continually improve its effectiveness. adequate and effective to satisfy the company's quality policy and accomplish the organization's quality objectives (ref. Conducting a regular management review of the quality management system to ensure that it remains suitable. and records of such activities will be carefully reviewed. 2. 5. 5.) and will continually strive to improve the overall quality management system's effectiveness (ref. Depending upon the size and structure of the organization." (ref. A management team responsible for preparing their organization for ISO 9001 registration will need to give focus and attention to the planning and implementation of the specific requirements for top management and the oversight of the development of the organization's overall quality management system. Chairman) and his/her direct reports. management reviews and resource provision (ref. nearly 15% of the standard's text is devoted to the subject of top management responsibility. even when changes to the quality management system are made (ref. it can be expected that ISO registrars will approach the auditing of the standard with a heightened focus on the function of management in the system. 5. Establishment and communication of a quality policy that articulates management's intention that the company complies with all requirements (customer. In summary. 4. 5. 6. 3. etc. 5.6).1.0 Management Responsibility The Leadership Challenge THE RESPONSIBILITY OF TOP MANAGEMENT: The ISO 9001 standard contains high expectations for top management leadership and involvement to provide guidance to the overall quality management system.3)..2). the designers of the standard have realized the imperative for the perspective and authority that top management must bring to ensure effective operation of the system. 5. Ensuring customer focus throughout the organization as demonstrated by clearly determining and consistently meeting customer requirements resulting in improved customer satisfaction (ref. . 5.g. Consistent commitment to making the quality management system effective as demonstrated by regular communications. Because of this. establishment of a quality policy and quality objectives. The auditors will be looking for objective evidence that management has a regular discipline of involvement and leadership as prescribed by the standard. including a designated management representative who has the authority to ensure the system is established and maintained and is responsible to report the system's performance to top management (ref. Ongoing planning of measurable product quality and process quality objectives to be sure they are established and met throughout the organization.5). the requirements for this leadership group are: 1.5. REQUIREMENTS FOR TOP MANAGEMENT: The ISO 9001 standard lists six distinct requirements for top management. one or two layers of management below this top group may be included in this scope. Clearly. This evidence must be more than merely words of support for quality.1). By "top management" the standard refers to the individual at the top of the organization (e. regulatory. ISO 9001). CEO. This requirement also includes the need to establish effective communication processes within the organization regarding the effectiveness of the quality management system. The activities outlined in the requirements are all demonstrable..

are established at relevant functions and levels within the organization.1. But what about other drivers of a quality organization such as:    Delivery performance Percent of total market share Sales generated from new products    Through-put time from sale to delivery Time to order fulfillment Cost of rework and scrap We could name a dozen additional measures of a quality company. but the determination of "quality objectives" may not be much different from setting "business performance targets" as part of strategic planning.1 a)]. (ref.4) starts with a mandate for senior management: Top management shall ensure that quality objectives.1) The quality system must be planned and implemented by top management: in order to meet … the quality objectives. product mix. Surely the quality of products and services should be included. The expanded top management responsibilities make clear who must lead the charge toward measurable results. For it is in the setting and achieving of business-essential objectives that a real return-on-investment (ROI) can be found. So. teams or individuals. 7. it is left to the organization's management to set objectives most useful to the organization and its customers. To others. The framers of new standard also saw performance improvement as the central point of the standard.2) "The point of IS0 9001 is measured performance improvement for the organization. the objectives must include required product quality goals as specified in section 7. a certificate can be a very expensive piece of paper if that is the only benefit realized by the organization. etc. While important to convince customers that certain procedures are in place. including those needed to meet requirements for product [see 7. as appropriate: a) quality objectives and requirements for the product (ref. DEFINING MEASURABLE OBJECTIVES The objectives must also be measured: . the point of IS0 9001 is measured performance improvement for the organization. (ref. though involving the rest of the organization can help ensure the objectives are realistic with a high degree of buy-in.4 Management Planning Setting a direction WHAT'S THE POINT? To some. As is stated. departments. Top management shall ensure that quality objectives … are established … within the organization. and then break them down into smaller sub-objectives that can be assigned to divisions. 5. Certainly measures of customer satisfaction would be on the list of key objectives.1) The primary responsibility for the establishment of quality objectives cannot be delegated.1) The additional objectives set are left to the judgment of management based on the organization's size. market. the point of ISO 9001 registration is a certificate. the organization shall determine the following. Top management must determine performance targets for the organization as a whole. It is typical that the organization limit the number of objectives to those most vital to the organization's success. Planning of Product Realization: In planning product realization.4. measurable quality objectives toward which the entire QMS is directed is a very important part of the ISO 9001 standard. as appropriate. as top management sits down to discuss quality objectives. 5. While a (surprisingly) few measures are mandated in the ISO standard. complexity. This results-focused view of ISO 9001 is confirmed by the growing number of companies pursuing "compliance through self-certification" instead of a formal registrar-certification of their QMS." Many ISO 9001 professionals believe the establishment of meaningful.5. and the certificate is merely a confirmation of an effective quality management system (QMS). they must define quality for their organization and its customers. 5. (ref.4.4. BREAKING DOWN THE STANDARD The section entitled "Planning" (5.

Criteria and methods of control must be established to be sure the QMS processes are effective (NOTE: The company's quality objectives can meet this requirement). as well as the quality objectives. reported and analyzed should be able to clearly indicate whether or not specific objectives have been reached. establishes the starting point. The QMS must be established and continually improved. Actions must be taken to meet planned results (quality objectives) and continually improve QMS processes. 3. Top management shall ensure that a) the planning of the quality management system is carried out in order to meet the requirements given in 4. Reporting Frequency – Schedule for reporting. report and analyze the measurement data. 5. 4.4.1) This would eliminate "motherhood-and-apple-pie" statements that are mere slogans espousing a general desire for quality. Target Date – Date by which the target is to be achieved.4. Owner – Person/group responsible to gather. Baseline – Historical level of performance.The quality objectives shall be measurable and consistent with the quality policy. the QMS must be planned (and implemented) to be sure the requirements listed in the "General Requirements" for the QMS (ref. an organization might want to consider including many of these elements in their quality objectives planning.2) First. So. an objective set of data gathered. GENERAL QMS PLANNING In addition to setting quality objectives. While this format is not specified by the ISO 9001 requirements. 5. management is responsible for planning the overall QMS. . Target – Specific performance goal for the objective.3). (ref. In establishing measurable objectives. That means there must be logical relationship between the performance targets of the organization and top management's statement of intention that it intends to achieve quality as a result of the company's operation (see the ISO Explained article on "The Quality Policy" available from www. 4. The consistency between the quality policy and quality objectives must be clear to third-party auditors as well as those more familiar with the company. and b) the integrity of the quality management system is maintained when changes to the quality management system are planned and implemented. analyzing and responding to the measurement data. QMS processes must be identified (including processes outsourced by the company) and their sequence and interactions determined. The QMS processes must meet the requirements of the ISO 9001 standard. 2. measured and analyzed.1.9000world. Measurement – Data to be collected to monitor actual performance. Needed resources and information must be available to operate and monitor the QMS processes. (ref. 7. many companies define the following for each: Objective – Statement of the performance area to be for more information on how to establish a quality policy). It is also required that all quality objectives are "consistent with the quality policy" (see 5. Review Frequency – Schedule for reviewing the objective and corresponding target for possible modification to ensure ongoing relevancy for the organization. 5.1) are met. and compliance with these requirements must be maintained.1. 6. These requirements are summarized below: 1. By stating that objectives must be "measurable". the QMS planning must incorporate all of the requirements found in section 4. QMS processes must be monitored.

. Third. quality objectives. etc. consistently measured and carefully analyzed quality objectives. ensuring improving results that deliver real. demonstrable quality throughout the company. Changes that could require QMS modifications might include new product lines. customers with new requirements. acquisition or divestiture of company facilities. THE POINT OF IT ALL This brief set of management "planning" requirements has huge implications for any organization seeking ISO 9001 compliance or registration. management reorganizations. It is through the use of quality objectives that top management can keep the organization focused on what is most important to the company and its customers. Senior management must "direct the ship" by steering the organization toward clearly stated. the QMS must deliver results. the QMS planning process must respond to significant organizational changes by making necessary adjustments to policies. It is expected that top management monitor the company's performance against its stated quality objectives and take necessary actions to be sure these objectives are met.Second. etc. marked organizational growth or downsizing. Third-party auditors will certainly be looking to see a strong pattern of meeting stated objectives. procedures.

But. The ISO 9001 standard clearly places the latter responsibilities with "top management" (see ISO 9001 – 5.2) Let's look at each of these individually. the MR is an enabler of the quality system. Communication. As processes are defined (and documented). These duties. the MR generally takes the role of project manager for the design and implementation of the QMS. the MR may also oversee the document control function as it pertains to the control of QMS documentation. "irrespective of other responsibilities" include: a) ensuring that processes needed for the quality management system are established. (ref. Coaching. This will ensure that the processes are effectively described in terms that will satisfy all requirements. effectively deployed. The result of this separates the real authority in the organization from the responsibility (i. The MR may also coordinate or provide training to those developing the QMS processes and related documentation to ensure an adequate understanding of what is required. the MR is often the coordinator of the internal auditors who monitor the compliance and effectiveness of the QMS. accountability) for quality. Direction." The MR might want to be careful not to insolate top management from their responsibilities. Just as the point guard on a basketball team is responsible for setting up plays for his teammates. Finally.2 Management Representative What it takes to make a difference Leadership. implemented and maintained. "The Management Representative primarily provides feedback to top management on the effectiveness of the quality management system. The MR primarily provides feedback to top management on the effectiveness of the quality management system. b) reporting to top management on the performance of the quality management system and any need for improvement. and continually kept up. and c) ensuring the promotion of awareness of customer requirements throughout the organization. the effective MR will accept the responsibility and exercise the authority of enabling the proper functioning of the QMS to meet its objectives.5. The writers of the ISO 9001 standard perhaps saw the possibility of top management taking a "backseat" role in the operation of the quality system by delegating implementation responsibility to the "quality guy" (or gal).5. This can include:   Establishing the management review schedule Developing the management review agenda . The effectiveness of the audit program is essential to the MR's ability to ensure proper implementation and maintenance of the required processes. This is often coordinated through one or more project teams who define processes relating to their areas of responsibility and involving appropriate functional managers.e. Coordination. To accomplish this. REPORTING RESULTS Beyond overseeing the implementation of the QMS. don't confuse responsibility for enabling the quality management system with developing and implementing the quality management system. The other primary means of MR reporting is by taking the role of facilitator for the management review.1 and Core Business Solutions' ISO Explained article on "Management Responsibility"). including conformance of the QMS leading to lower effectiveness and efficiency overall. That said.5. All terms that could describe the critical role of the Management Representative (MR) in an ISO 9001 quality management system. The standard requires that the MR must be "a member of management" serving primarily as the "eyes" and "ears" of top management to monitor how well the quality system is developed and implemented. One means of reporting is the distribution of internal audit reports to the appropriate functional managers and tracking open issues through successful resolution. ENSURING IMPLEMENTATION The first responsibility of the MR is to ensure that all necessary QMS processes are adequately defined. the MR is also responsible to report on the effectiveness and needed improvements of the QMS to top management for review and action. 5.

What specific "customer requirements" must employees be "aware" of? Must all employees be aware of all customer requirements? What criteria is used to assess whether this communication has been effective? As with many areas of the new standard. "How does this employee become aware of this requirement?" By asking "how?" the MR will be able to evaluate the communication processes that are in place (or not in place as the case may be) to ensure that the awareness of requirements is maintained. Then the question must be asked. the use of general (aka "open-ended") language leaves the interpretation open for the company to define for their own unique needs.Reliable packaging Once a list of customer requirements is made they can be associated with the employees (by position. Some examples of the types of communication processes that might be used are:           Standard meeting agendas Routing sheets for specifications Approvals Standard distribution lists Employee bulletins Procedure reviews Controlled wall postings Data charts showing the company's performance against requirements Employment handbooks Electronic workflows . workgroup or department) that affect the company's ability to meet the requirements. Since the MR is responsible to ensure this awareness of requirements. This duty of ensuring employee awareness has been frequently criticized as being too open-ended to be practical. This does not necessarily mean that all communications must come directly from the MR. he/she might do well to start by defining which customer requirements need to be addressed to which employees. the MR must monitor how effectively this communication takes place and identify breakdowns that need to be addressed. accurate communications . Instead.    Coordinating the reporting of results Guiding the discussions through the agenda Suggesting needed improvements to the QMS Publishing minutes of the management review Effective and clear reporting will give top management the information needed to manage and improve the QMS effectiveness.Prompt.Delivering on time . ENSURING AWARENESS The third primary responsibility of the MR is to ensure that customer requirements are communicated throughout the organization so all employees are aware of requirements that pertain to their job responsibilities. Here are some leading questions that might help you get started: QUESTIONS: What requirements are explicitly stated by our customers? How? In what format? EXAMPLES: Specifications Purchase orders Quality criteria Other documented criteria Proposal details Quotations Catalog specifications Warrantees and return policies Marketing materials What might be considered a customer requirement because of our advertised promises? What requirements might be implied by our customers as just doing good business? .

and the more clearly the rest of the organization understands your role. the more effective you can be. the MR can ensure effectiveness and repeatability throughout the organization.5. and ensuring these processes are defined and implemented (including.This list could obviously be expanded based on a company's unique circumstances. 5. ARE YOU UP FOR THE JOB? What characteristics and skills might you need to be effective in the role of Management Representative? Here are some thoughts:      Strong knowledge of ISO 9001 requirements Broad knowledge of your company's operation and its QMS Ability to listen and influence Ability to summarize information and communicate effectively Project management and organizational skills The Management Representative plays a critical role in your company's QMS. being subject to auditing). though. perhaps. . that the MR's direct responsibility is to "ensure" that the communication takes place and that it is effective. By focusing on communication processes. (Ref.2) This can include coordinating audits with customers or your ISO registrar or other quality related communications that may be needed. The more clearly you understand the responsibilities being asked of you. not necessarily to provide all the communication directly. Keep in mind. QUALITY LIAISON A final (suggested) duty for the MR is that he/she serves as: liaison with external parties on matters relating to the quality management system.

skills and abilities" (KSAs) to describe the competencies required for a job. you'll need to document them in some appropriate manner (job descriptions. the bar has been sufficiently raised in recent revisions. To break this down a bit. "Within the quality management system. mental or interpersonal skills must an employee have to do this job well?" "What natural abilities or talents must someone possess to be effective in this job?" What results from an exercise like this would be a list of competencies for the job that can be used for hiring purposes and subsequent training and development plans. deliver the training and keep records. To define requirements for each job position you might ask:    "What job-specific knowledge area(s) must be well understood by someone in this job?" "What manual. b. training matrix. As with much of the ISO language.2 a) All work done as part of the QMS directly or indirectly affects the company's ability to satisfy its customers and meet requirements. While an earlier version of the standard said we needed to identify training needs.e. The centerpiece of the requirement is competence. 6. knowledge.2. WHAT'S REQUIRED? Let's look through the requirement to understand what should be in place and how we can ensure our people-processes are effective. The state or quality of being adequately or well qualified. ability.both procedural (process) requirements and customer requirements. it is left to the organization to define what "competence" means in their specific context. Training and Awareness Dealing with "people issues" You may have heard the old saying. the most recent revision (ref. the point is certainly the employee's ability to do the job in such a way that conformity to requirements is achiveved – both procedural (process) requirements and customer (product) requirements.2) includes phrases such as "achieving the necessary competence" and "evaluate the effectiveness". . A specific range of skill. As you consider how best to organize your training and other people-related processes to meet the ISO 9001 requirements. Therefore. So. the job functions responsible for each activity defined in the QMS must be staffed by qualified people. Define the essential abilities The first requirement says the organization must: Determine the necessary competence for personnel performing work affecting conformity to product requirements (ref. not just to go through the motions.2 Competence. The somewhat obvious implication in the new requirement is that we have to deal with the people issues in a way that actually works. effectiveness). "Management would be easy if it weren't for all these people issues!" Let's try it again. or other means). Now that you've identified the required competency areas for each job. the point is certainly the employee’s ability to do the job in such a way that requirements are met . this is done by evaluating or assessing your employees' current knowledge. the quality process(es) put in place to deal with the "people issues" must result in conformity to requirements (i. you need to translate it into a training and development plan for your employees. The dictionary definition of competence is: a." Qualified to do what? Ability to do what? The job. "Quality would be easy if it weren't for all these people issues!" It seems that dealing with people issues must have been a hot topic of discussion during the development and revision process of the ISO 9001 standard. or ability. 6. By shifting the focus beyond a method (training) to a result (competence). Within the quality management system (QMS). Generally.2. skills and abilities against the requirements for the job. of course.6. we might borrow from the human resources profession which developed the categories of "knowledge. keep your eye firmly on the main point – competence. Once the list is prioritized to include only the most critical competencies (10 – 15 maximum?).

it is left to the organization to determine the appropriate method. Verification of effectiveness could be as simple as repeating the competency rating process mentioned above to ensure the gap has been closed. memos or postings Standard departmental meeting agendas when quality objectives are reviewed To confirm that this awareness has been achieved. To accomplish this the organization might use techniques such as:      Announcements at employee meetings Review of the employee’s job description when hired. consider what quality records you might keep as objective evidence that this has been achieved. 6. Specifically.2 c) Once more. provide training or take other actions to achieve the necessary competence (ref.2 b) Again. The standard requires the organization to: Evaluate the effectiveness of the actions taken (ref. then reviewing the rating with their immediate supervisor.2 d) This communication can take any appropriate form as long as the result is the same – employee understanding of how they impact quality. Ensure quality awareness The fourth requirement requires that the organization: Ensure that its personnel are aware of the relevance and importance of their activities and how they contribute to the achievement of the quality objectives (ref. the company must: . In the words of the standard. Regardless of the method chosen. A more in-depth approach would be to develop a formal certification to evaluate employee competencies. the supervisor could do the employee ratings on their own. and perhaps annually thereafter Review of procedures and work instructions pertaining to the employee’s job Regular bulletins. This can be in the form of on-thejob or off-the-job training. For new employees. Since it is required that the company "ensure" that employees are aware of quality issues. public seminars. Keep records As with most required quality processes in the ISO 9001 standard. records must be kept. Other approaches could include:      Special inspection of the employee's work until the needed quality level is reached Written test following the training Formal certification process Supervisor follow-up 60 days (or so) following the training or intervention Formal performance review Some companies have also indicated that their internal-audit program and/or corrective action process is a secondary evaluation of training effectiveness as these would indicate "people issues" that affect conformance to requirements.This can be a simple process of having each employee rate themselves in each competency area. Follow-up to ensure the competency was learned Following the training or other intervention. 6. the organization might consider asking employees questions relating to their impact on quality during the internal audit process or employee performance reviews. identifying strengths and weaknesses. 6. albeit after the problem has negatively impacted the QMS.2. the organization must: Where applicable. Or. job shadowing. educational courses or any other suitable method.2. Provide a process for competency development Once the competency needs are identified this should be followed by an appropriate intervention to close the "learning gap".2. the same process would be followed when hired resulting in a similar list of needs for competency development. each employee must know how their job affects the QMS as a whole and how their work helps the company reach its quality objectives. an appropriate evaluation of the employee's competency level should be completed. More specifically. the organization can determine a method that works in their specific context. mentoring. any competencies that fall below the required performance level become the development needs for the employee.

the requirements dealing with employee competency. a record may be made during the hiring process that the employee qualifications were reviewed and found satisfactory. whenever practical. a statement that specifies employee application documents as confidential and that they will not be made available for audits should be made in the company's policy. 6. Occasionally. Other than the special circumstances mentioned here. However.4 in the standard. If this approach is used. *** . training. as many experienced managers have learned. exceptions need to be made in the requirements with the expectation that follow-up support. Another issue relating to pre-employment requirements is that many companies consider employment applications and employee résumés or CVs confidential and are reluctant to make these available during internal or external audits. KEEPING IT SIMPLE As we have discussed. By keeping your procedures and record-keeping as straightforward as possible. Many job positions have prerequisite requirements that must be met in order to be considered for employment with the company. If that is the case. the company would do well to make provision for these instances in their policies and procedures.2. the quality processes designed to address the "people issues" that affect quality are vital to the effectiveness of your QMS and your ability to satisfy your customers. the challenge can be manageable. In these cases. skills and experience (ref. In any case. training. It will also help to provide the tools and then assign implementation responsibility to employees and their immediate supervisors. prerequisite hiring requirements cannot always be fully met given the available applicants when a position is filled. complete records of education. training or other competency development technique will be used to close the gap.Maintain appropriate records of education.2 e) These records relate to both pre-hiring requirements and competency development that occurs once the employee is on board. This record could then be made available to the auditor.2. These records are considered quality records and must be kept according to the requirements of section 4. You might consider a strategy that emphasizes simplicity and broad involvement. training and other development activities are varied and can be somewhat intimating. Perhaps an approach that allows for supplemental training after hiring would suffice. competency evaluations and skill-development job experience and assignments that were completed after hiring must be maintained.

COMMUNICATION IS KEY How you communicate with your suppliers has a direct impact on their ability to meet your requirements.2) . and c) quality management system requirements. CONTROLLING WHAT IS NOT UNDER YOUR DIRECT CONTROL "It is surprising how many times a 'supplier problem' actually has its root cause in your own organization stemming from internal miscommunication. This control begins with the selection of suppliers that you'll depend on to meet your own customers' requirements. (ref. inaccurate information or other mishaps that lead to 'mistakes' made by a vendor. Then.4. Section 8. having processes in place that prevent problems and provide consistency within your supply chain is a key focus of your ISO quality management system (QMS).4 of the standard itemizes these requirements. quality and delivery requirements. procedures. controls are put in place to monitor supplier performance and to take corrective action. These needs then must be translated into criteria for choosing suppliers and requirements for them to meet. inaccurate information or other mishaps that lead to "mistakes" made by a vendor.4) itemize basic processes that will put you and your suppliers on the same page. (ref. clarity and level of detail provided in your purchasing documents must be ensured though good internal administrative processes. MAKING THE RIGHT CHOICE The purchasing requirements begin with a recognition that your company is responsible to: … ensure that purchased product conforms to specified requirements. If a supplied part is critical. suppliers must be reassessed to reconfirm their continuing ability to meet your requirements. satisfy your customers.4. Your ISO QMS then begins with you firming up your own purchasing processes to improve the information suppliers will rely on to meet your requirements.1) To do this you'll establish controls for your suppliers and your purchased product that are appropriate based on how the supplied product might impact your products and/or services delivered to your customer. The ISO 9001 requirements for Purchasing (section 7. Your purchasing information should clearly specify what is required. if needed. in turn. processes and equipment b) requirements for qualification of personnel. So. Without this clarity. This influence starts with you having a clear understanding of what your needs are regarding purchased materials and services. Your documented purchasing requirements define the target they must hit when delivering their products or services. You'll implement processes for initially qualifying suppliers based on appropriate criteria such as cost.4 Purchasing Developing a supply-chain that satisfies your customers The Purchasing requirements in the ISO 9001 standard help to ensure that products and services you purchase from various suppliers fully meet your needs so that you can. you'll exert more control than if a part is less important to the quality of your company's output. Records for the selection. including as appropriate: a) requirements for approval of product.7. neither you nor your suppliers will know what is to be expected and will inevitably lead to problems down the road. By establishing strong internal procedures for purchasing. 7." While your suppliers' operations are not under your direct control. Once qualified. 7. you'll more easily exert the influence needed to assure quality coming into the loading dock. The accuracy. The criteria you establish should make sense for your business. It is surprising how many times a "supplier problem" actually has its root cause in your own organization stemming from internal miscommunication. The disruption and cost to your organization stemming from supplier problems can impact your customers and your own bottom-line. evaluation and reevaluation of your suppliers must be maintained. This re-qualification will be based on data analysis relating to your suppliers' performance. your purchasing power can give you significant influence over which suppliers you do business with and how they meet your needs.

or allow your customer to do so. it can also be off set by fewer interruptions and unnecessary costs resulting from poor supplier performance.On purchase orders or other documentation be sure that the details adequately describe the product or service you require including technical specifications. you'll need to specify this in your purchasing documentation when the order is placed or the contract is signed. you might want to follow these steps: Step 1: Define Criteria for Suppliers On what basis will you choose your suppliers? What minimum requirements must they meet? Step 2: Evaluate Current Suppliers Which of your current suppliers meet your minimum requirements? Which might need to improve to remain qualified or face being replaced? Step 3: Establish Qualification Process for New Suppliers How will you identify. If this is required. evaluate and qualify new suppliers? How will these qualifications be recorded? Step 4: Set up Supplier Performance Monitoring Process What is the best way to track supplier performance? Who will review the data? When will action be taken? Step 5: Review Purchasing Communication Process How are your requirements documented for your suppliers? How do you ensure it is accurate. bringing your purchasing processes up to ISO 9001 standards is an investment of time and effort that must fit into an already busy schedule. . clear and detailed enough to communicate what is ordered? Step 6: Review Purchased Product Verification Process What procedures are needed to confirm that you receive what you ordered? When might a visit to a supplier's facility be needed to verify a shipment? For many organizations. A STEP BY STEP APPROACH As you prepare to implement an ISO 9001 compliant purchasing processes. This verification may be through a simple confirmation when the product is received or may involve formal inspections or testing. But this effort will not only support your ISO initiative. Again. Your internal procedure should ensure that all purchasing information is reviewed before being sent to your supplier. MAKING SURE IT'S RIGHT The third purchasing process to address is how you verify that received material and services are what you ordered and that they fully meets your requirements. you may even want to verify the product before it is shipped. If necessary. by visiting your supplier's facility for an inspection. packaging and delivery requirements and special requirements for your supplier's internal processes. the information will include more or less details. depending upon the type of product or service purchased.

Understand the role of individual units within the overall organization. etc. This means the auditor is not:       An inquisitor A fault finder or rock thrower Biased (for or against) Dishonest A policeman An inspector of products AUDITOR QUALIFICATIONS: Selection of candidates for the role of internal auditor should be made based on several factors: Personal interest  Desire to take on extra responsibility. experience. Experience   Three to four years full-time workplace experience. Personal Qualities  Communication skills . professional perspective to the job. ISO 9001. The purpose of the internal audit is to confirm that the company’s documentation meets requirements (e.2. abilities. Qualifications  Knowledge.g.8. Specific minimum qualifications that should guide the selection of auditors include: Education  Demonstrated competence in clear and fluent oral communications and in written concepts and ideas. he/she must be careful to bring an objective. OSHA.) and that day-to-day operations follow the documentation. the internal auditor must serve as:     A catalyst An interface between different groups An advisor A reporter of fact As the auditor serves in this role. So. skills.2 The Internal Auditor Selecting the right people for the job ROLE OF THE INTERNAL AUDITOR: The internal auditor role is normally staffed by a number of experienced employees from throughout the organization. Work ethic  Ability to high quality and efficiency without direct supervision.

Treat concerned personnel in a way that will best achieve the audit purpose." (ref.2. Assessment techniques of questioning. Perform the audit process without deviating due to distraction. Auditors shall not audit their own work. Remain true to the purpose of the audit without fear or favor. *** . organizing. AUDITOR RESPONSIBILITIES: The tasks of the internal auditor include:          Obtain and assess objective evidence fairly. Remain true to a conclusion despite pressure to change that is not based on evidence. AUDITOR SELECTION: The selection of appropriate individuals to invest the training and time commitment should consider matching personal qualifications with an understanding of the role and responsibilities of the auditor. This supports the requirement that auditors must not audit their own function or department in order to maintain objectivity: ". communicating and directing. 8.2. Commit full attention and support to the audit process. ISO 9001). React effectively in stressful situations. Arrive at generally acceptable conclusions based on audit observations. Another important factor to consider is that the audit team must consist of individuals from a variety of functions. Evaluate constantly the effects of audit observations and personal interactions during an audit..selection of auditors and conduct of audits shall ensure objectivity and impartiality of the audit process. evaluating and reporting..     Tactfulness Flexibility Persistence Objectivity Integrity Personal Attributes      Open-minded and mature Sound judgment Analytical skills and tenacity Ability to perceive situations in a realistic way Understand complex operations from a broad perspective AUDITOR TRAINING: Specific skills for internal auditing are supported by training in:    Knowledge and understanding of the standards used. Audit management and auditing skills such as planning.

with the inordinate focus on writing endless documentation and scrambling to show auditors what they want to see. measureable improvement in results is a promise sought by nearly every company who implements an ISO-compliant quality management system. many other organizations learn how to use corrective action to its fullest advantage.8. found little payback from the huge effort put into preparing for and maintaining an ISO 9001:2008 certification. ISO is seen as an ancillary routine to the real business. Too often. Unfortunately.. long term solutions and better overall results are achievable. and all of this happening with an ISO certificate proudly hanging in the lobby of the building. This article presents a practical approach to root cause and corrective action you can use to transform your corrective action process into an effective tool for improved results for your organization and. the familiar adage "document what you do. either once or on a recurring basis. Is this the best we can expect? . Processes that work well are those that follow four basic rules. not merely satisfy customer requirements for a certification.. When a process fails.5. This hardened perspective is reinforced by:     Issues recurring that were supposedly "fixed" in the past Problems escaping to impact the customer that should have been caught Company performance suffering due to mistakes that were "obvious" Hard lessons learned being too often "forgotten" by the organization . better results are not always realized..2. and do what you document" represents the sum total of what they expect from an ISO effort." The centerpiece for driving improvement in an ISO 9001:2008 quality management system is your corrective action process. it becomes obvious what makes things go wrong. To these realists. The ISO 9001:2008 standard itself promotes a "Process Approach" intended to improve "results of process performance and effectiveness" and "continual improvement of processes based on objective measurement" (see 0. ultimately. Once you gain an understanding of what makes things work right.. then one (or more) of the rules have been broken and this broken rule is called the "root cause" of the problem. your customers. through experience. By addressing corrective action from the perspective of the process approach underlying the entire ISO 9001:2008 standard. Improved Results are None-Too-Common In addition to the marketing benefits of an ISO 9001:2008 certification. While some companies appear to miss this critical point and seem to "go through the motions" of root cause and corrective action. When problems occur. Many managers who have "been through ISO" in the past have. ISO 9001:2008).2 Corrective Action Correcting a problem means correcting the process Executive Summary: ISO 9001:2008 Corrective Action "The secret to an effective approach to correcting and preventing problems through a corrective action process is surprisingly more simple than expected. The expectation is that ISO 9001:2008 will have a measurable return-on-investment (ROI) in terms of better efficiency and effectiveness. An effective root cause and corrective action process for ISO 9001:2008 is then the investigation into the process that failed to determine the process rule that was broken and then determining the correct actions for corrective action. the root cause investigation starts with an understanding that nonconformities originate in a process that has failed.

All businesses and all parts of an organization have processes designed to produce results. and often individual processes are connected together in bigger processes to produce bigger results. You would find business owners and managers who genuinely care about the company and its customers. It is in the follow-up actions they take to ensure problems are permanently resolved. You would observe them taking actions intended to stop problems from happening again in the future. in what was expected. 2. but systematic and rational. it must follow a few basic rules: 1. It is in the way they investigate to find the reasons problems occur. 4. effort and money to address problems have the same ISO certification The difference is not in the problems they face. Measurable progress in improvement is seen in results that matter to the business and its customers. While every company faces problems and challenges. Once you gain an understanding of what makes things work right. they have a way of digging into the "root" of the problem and changing things so that it is permanently fixed. It is in the corrections they make to their processes to alleviate the source of the problems. a good percentage of ISO 9001:2008 certified companies that have a very different experience. Overall. you would see the aggravation on their faces when the same problems recur despite the cost and effort expended to "solve" them in the past. but in HOW they respond to problems. it becomes obvious what makes things go wrong. When they face an issue. however. You would find them in endless meetings trying to understand what went wrong. some find ways to quickly learn from their errors and put lasting solutions in place. Their investigations into problems are not haphazard. Purchasing has processes that result in quality products and services received. The interesting thing about companies at both extremes of the ISO spectrum is what they have in common:      Both Both Both Both Both have talented and experienced management have committed and skilled employees experience problems that have to be addressed expend time. if followed consistently. It doesn't often involve complex statistics and analysis. Service companies have their own unique series of processes. Engineering has processes that result in designs. Making a Process Work Right A process is basically the way in which work gets done. even predict. The secret is found in gaining a simple understanding of what makes a process work well when it does – how things run smoothly when they do. And. 3. It is in the conclusions they draw from those investigations.Those that Do vs. such disappointing results. I personally know this to be true because I have had the privilege of working with many of these successful companies. There are. The The The The process process process process must must must must be be be be defined by those who plan the work understood by those who do the work easy to carry out on the job measured to understand its results . too often. Manufacturing has processes that result in products. You would see leaders who react quickly to problems to minimize the impact on the customer. It doesn't normally require big expenditures. it is in their perspective and understanding of the nature of recurring problems and how to effectively address them. Those that Don't If you were to visit several companies with similar frustrating experiences as an objective outsider (as I have the privilege to do as an ISO consultant) you would begin to see a general pattern emerge that begins to explain. they not only resolve the immediate concern and its impact. Sales has processes that result in new orders or contracts. what's their secret? The secret to an effective approach to correcting and preventing problems through a corrective action process is surprisingly more simple than expected. It doesn't usually need complicated engineering solutions. So. It is a series of steps that have been planned to result. In order for any process to produce its intended results. nor the effort they expend.

Break any of the rules and the process will fail. For example. schedules. it will be up to the individual worker how to get the job done. A "one time" problem results from a single breakdown of a process. 3. every process must follow these four rules to be effective.) workers will be forced to work "around the system" to get the job done. Any reliable process first must be defined which means that it is documented. 3. In quality assurance lingo.No matter what type of process in whatever kind of business. If a process isn't fully understood by each individual worker. First. There are. instructions. Asking "why?" several times will help guide you to the original process that failed. 4. Inadequate understanding of the process. Incapable process as shown by measurable data. Where is the process formally defined? Can those doing the work demonstrate complete understanding of the defined process? Are there obstacles in the process that prevent consistent adherence to the defined process? Do the measured results show the process capable of consistently meeting requirements? These four simple questions are remarkably powerful in diagnosing the root cause of a problem. Be aware that because processes are linked. a few basic questions will guide you to an understanding of what's wrong with the process that created the problem and. there is a single process that has failed and has led to the problem. etc. when trying to solve a problem so that it is permanently resolved. rather than the individual experiences and opinions of various workers. Finding the "Root Cause" of a Problem Problems occur when a process goes wrong. When using the questions. it will result in individuals to develop their own understanding of the process based on "educated guesses" and "trial and error". If a process is not measured with reliable data. checking understanding is based on specific requirements for the process. In most problem-solving situations. Obstacles in the process leading to "mistakes" or "shortcuts". a problem seen "downstream" at the end of a series of processes may have resulted from a breakdown "upstream" at a previous process. the four questions must be asked in order. 4. at least at a basic level. therefore. four possible "root causes" to any problem: 1. . this step in an ISO 9001:2008 corrective action process is called investigating the "root cause". A "recurring" problem comes from a process that consistently breaks one or more of the four rules. keep two general guidelines in mind. materials.     If a process isn't defined clearly. Likewise. In either case. it is meaningless to ask workers to demonstrate their understanding (question 2) of a process that is not defined (question 1). looking for obstacles in the process that cause people to "work around" the official process (question 3) is futile if they first cannot demonstrate understanding of the process (question 2). this will produce differing results. what to do to correct it. no one will really know how well results are being achieved and whether or not changes to the process should be made. This methodology for investigating the real reason behind a problem brings us to a definition of the "root cause": The root cause of a problem is the weakness in the process that originates the problem. Here are some investigative questions you can use to find the root cause of any process-related problem: 1. predictable results. this means that the process will be done differently by different people. the four rules are being followed. Secondly. 2. When a process is working well with good. more importantly. If then the process is defined and documented. Take a look at several well-running processes your organization and see if you can observe the four rules in action. 2. If a process is difficult to follow because of various obstacles (problems with equipment. Inadequate definition of the process. For example. asking the four questions presupposes that you know which process originates the problem.

it is useless if action is not taken to correct the process. Corrective Action is as Easy as 1. . 3 . after addressing 1-3 above. identify and remove them. 2.Accurately identifying the weakness (using the four questions) in the failed process is fundamental to determining the right corrective action to take to prevent the problem from recurring. provide training. Care and diligence in the process corrective action drives the improvement in business processes that impact their customers and their own bottom line. the four questions not only guide the investigation of the cause. 2. the process measures show the process incapable of meeting requirements. Fortunately. they also direct us to the right corrective action. If the process is not fully understood. create or update necessary documentation. 3.. 4 As critical it is to find the root cause of a problem. much like running a 1-mile race and stopping 100 yards from the finish line. re-design the process (then ask questions 1-3 again). Corrective actions become clear based on which of the four questions reveal the root cause: 1. If. The result is that companies that learn how to effectively resolve problems find the investment in ISO 9001 certification provides a foundation for future success.. 4. If the process is not defined adequately. What a waste it is when a problem is well understood and the root cause is identified yet the effectual action is not taken. If the process has obstacles.

Sign up to vote on this title
UsefulNot useful