Thursday, October 8, 2009

ISO 14001 ENVIRONMENTAL MANAGEMENT SYSTEM AUDIT

In order to be in conformance with this provision of ISO 14001 an organization must be able to answer the overall question: “How does the organization conduct environmental audits of the EMS?”. In order to answer that question four specific tasks must be addressed under the Management System Audit section of the standard.
First, the organization must develop a program and related procedures that define an audit plan of the environmental management system. In addition the program must define frequency of the audit process. Second, the procedures must specify the methodology of the audit process, including the qualifications of the auditors. Third, the audit reports must be submitted to top management. Fourth, the audit reports must provide recommendations directed at correcting any reported nonconformance that was discovered in the audit process.
The audit process discussed in this section of the standard is directed at internal audits. The standard is silent on the frequency issue. Generally accepted practice with a mature ISO 14001 system is a total audit of the system once a year. In the implementation phase of an environmental management system a more frequent audit process might be appropriate. In addition any part of the environmental management system that has been previously determined to be in nonconformance should be audited with an increased frequency. The methodology of the audit process required by the standard requires two distinct steps:
A. determine whether the environmental management system conforms to the requirements of ISO 14001, andB. that the system has been managed as described in the Environmental Policy statement, the Environmental Objectives and Targets, and the related work descriptions and procedures.
It is critical that an audit report that relates a nonconformance be forwarded to top management promptly. The internal audit staff must be competent with respect to the requirements of ISO 14001.

Reasons a Company Becomes Certified in ISO 9001 Standards

ISO 9000 certification or registration can be an expensive process. A company must consider the reasons and promised benefits for going through this process. If a company decides to seek certification, they should consider making sure their suppliers are certified or at least compliant to the ISO 9000 standards.
Major reasonsIn the early 1990s, companies seemed to be jumping on the certification bandwagon without seriously considering the rationale for doing so. Often they did so because competitors or “everybody else” is getting registered. Today companies seriously look at the reasons and benefits for becoming registered.
The major reasons that company leadership or management decides to seek ISO 9000 certification are to gain continued or increased business and to maintain effective operations.
Improved businessA company can maintain a relationship with customers, as well as get increased business through complying to the ISO 900 standards or becoming certified. This comes from satisfying customer demands, the desire for European business, and to advertise.
Finally, some companies want to become certified, so they can advertise that fact and give the impression of being better than their competitors.
You have seen ads with a logo stating the company is certified at some ISO 9000 level. It apparently gives those companies a leg up on competitors not registered.
Again, this seemed more important in the 1990s, but you don’t see that many companies using ISO 9000 certification as an advertising tool.
ISO 9000 is supposed to make sure your business is run in an orderly manner that will assure continued success.
One would think that a goal such as being run effectively and able to deliver goods consistently and reliably would also be desirable for a company’s own operation. Surprisingly, many companies do not consider that as a goal.

Friday, October 2, 2009

ISO 9000 Standard Books & Magazines

Here are some of the ISO 9000 & ISO 14001 related books & magazines available for online order.
1. ISO Management Systems – English Edition (Magazine Subscription) by Amazon
Format: Magazine
Shipping: Currently, item can be shipped only within the U.S.
Publisher: Iso Central Secretariat
ASIN: B00006KJFO
Iso Focus C-W Iso Management Systems – English ed
2. ISO Focus (Magazine Subscription) by Amazon
Magazine of the International Organization for Standardization providing a panoramic view of what is being done in international standardization, why it has been done and what will be done.
Format: Magazine
Shipping: Currently, item can be shipped only within the U.S.
Publisher: Iso Central Secretariat
ASIN: B0001MS4E6
Iso Focus
3. ISO 9000 Quarterly Report (Magazine Subscription) by Amazon
Format: Magazine
Shipping: Currently, item can be shipped only within the U.S.
Publisher: Rfp Report
ASIN: B00007J7K4
Iso 9000 Quarterly Report
4. A Basic Guide To ISO 14000 – Environment Management System (EMS) provides you with all of the basic information you need in ISO 14000 and ISO 14001:2004.
What is ISO14000
Benefits of ISO 14000
History of ISO 14000
ISO 14000 Certification
ISO 14000 Process Check List
Contents Of ISO 14001:2004
Key Elements Of ISO 14001:2004
Environment Management System Manual
AND MUCH, MUCH MORE!

ISO 9001 Standards – Documented Procedures

ISO 9001 Standards – Documented Procedures

The standard requires the management system documentation to include documented procedures required by ISO 9001 Standards.
ISO 9000 defines a procedure as a specified way to carry out an activity or a process. This definition is ambiguous because an activity is on a different scale than a process. Process outputs are dependent upon many factors of which activities are but one. An activity is the smallest unit of work. Several activities accomplish a task and several tasks reflect the stages in a process but there is more to a process than a series of tasks. This definition also esults in a belief that procedures are documented processes but this too is inaccurate. Procedures tell us how to proceed don‘t need to produce any others. The specific procedures required are:

(a) A documented procedure for document control
(b) A documented procedure for the control of records
(c) A documented procedure for conducting audits
(d) A documented procedure for nonconformity control
(e) A documented procedure for corrective action
(f) A documented procedure for preventive action
These areas all have something in common. They are what the authors of the early drafts of ISO 9000 :2008 referred to as system procedures ? they apply to the whole system and are not product, process or customer specific although it is not uncommon for customers to specify requirements that would impact these areas. Why procedures for these aspects are required and not for other aspects of the management system is unclear but it seems that the authors of ISO 9000 felt these were not processes ? a conclusion I find difficult to justify.
They are certainly not business processes but could be work processes. However, there is another message that this requirement conveys. It is that procedures are not required for each clause of the standard. Previously, countless organizations produced a manual of 20 procedures to match the 20 elements of ISO 9001. Some limited their procedures to the 26 procedures cited by the standard and others produced as many as were necessary to respond to the requirements.
Document control is a work process or a number of work processes because the inputs pass through a number of stages each adding value to result in the achievement of defined objectives. These are the acquisition, approval, publication, distribution, storage, maintenance, improvement, and disposal stages. These are not tasks but processes that achieve defined objectives and involve both physical, financial and human resources. Within these processes are tasks, each of which may require documented procedures as they are initiated.
Control of records is also a work process similar to document control. There are the preparation, storage, access, maintenance and disposal stages. This is not one uninterrupted flow but a life cycle. There is not one task but several performed at different times for different reasons.
Auditing is certainly a process with a defined objective. Without the provision of competent personnel and a suitable environment, audits will not achieve their objectives no matter how many times the procedure is implemented.
Nonconformity control like records control is a work process for the same reasons. The sequence of tasks is not in the form of an uninterrupted sequence. The sequence of stages may be identification, documentation, segregation, review, remedial action and disposal but this is not a continuous sequence. There are breaks and different procedures may apply at each stage depending on what it is that is nonconforming.
There is little merit in having one corrective action procedure when the source of problems that require corrective action is so varied. One Corrective Action Form might be appropriate but its application will be so varied that it is questionable whether one size fits all. Presenting top management with a nonconformity report because it has been detected that the organization charts are not promptly updated following a change, will not motivate them into action. Corrective action forms part of every process rather than being a separate process. It is unreasonable to force all actions aimed at preventing the recurrence of problems through one process. Many problems are prevented from recurring not by following a procedure, but by the designer, the producer, supplier, manager remembering they had a problem last time and doing it differently the next ? i.e. they learn from their mistakes. No forms filled in, no procedures followed ? just people using their initiative ? this is why corrective action is part of every process operation.
Preventive action remains one of the most misunderstood requirements of ISO 9001 because it is mistaken for corrective action but more on this. There is even less justification for one preventive action procedure because the source of potential problems is so varied. Preventive actions are taken in design, in planning, in training and in maintenance under the name of FMEA, Reliability Prediction, Quality Planning, Production Planning, Logistic Planning, Staff Development, Equipment Maintenance ? preventive actions are built into these processes and similar to corrective action are part of every process design.

Preparing ISO 9001 Quality Manual

Preparing ISO 9001 Quality Manual
The standard requires a quality manual to be established and maintained that includes the scope of the quality management system, the documented procedures or reference to them and a description of the sequence and interaction of processes included in the quality management system.
ISO 9001 defines a quality manual as a document specifying the quality management system of an organization. It is therefore not intended that the quality manual be a response to the requirements of ISO 9001. As the top-level document describing the management system it is a system description describing how the organization is managed.
Countless quality manuals produced to satisfy ISO 9001:2008, were no more than 20 sections that paraphrased the requirements of the standard. Such documentation adds no value. They are of no use to managers, staff or auditors. Often thought to be useful to customers, organizations would gain no more confidence from customers than would be obtained from their registration certificate.
A description of the management system is necessary as a means of showing how all the processes are interconnected and how they collectively deliver the business outputs. It has several uses as :
1. a means to communicate the vision, values, mission, policies and objectives of the organization
2. a means of showing how the system has been designed
3. a means of showing linkages between processes
4. a means of showing who does what an aid to training new people
5. a tool in the analysis of potential improvements
6. a means of demonstrating compliance with external standards and regulations
When formulating the policies, objectives and identifying the processes to achieve them, the manual provides a convenient vehicle for containing such information. If left as separate pieces of information, it may be more difficult to see the linkages.
The requirement provides the framework for the quality manual. Its content may therefore include the following:
1 Introduction
(a) Purpose (of the manual)
(b) Scope (of the manual)
(c) Applicability (of the manual)
(d) Definitions (of terms used in the manual)
2 Business overview
(a) Nature of the business/organization – its scope of activity, its products and services
(b) The organization’s interested parties (customers, employees, regulators, shareholders, suppliers, owners etc.)
(c) The context diagram showing the organization relative to its external environment
(d) Vision, values
(e) Mission
3 Organization
(a) Function descriptions
(b) Organization chart
(c) Locations with scope of activity
4 Business processes
(a) The system model showing the key business processes and how they are interconnected
(b) System performance indicators and method of measurement
(c) Business planning process description
(d) Resource management process description
(e) Marketing process description
(f) Product/service generation processes description
(g) Sales process description
(h) Order fulfilment process description
5 Function matrix (Relationship of functions to processes)
6 Location matrix (Relationship of locations to processes)
7 Requirement deployment matrices
(a) ISO 9001 compliance matrix
(b) ISO 14001 compliance matrix
(c) Regulation compliance matrices (FDA, Environment, Health, Safety, CAA etc.)
8 Approvals (List of current product, process and system approvals)
The process descriptions can be contained in separate documents and should cover the topics identified previously (see Documents that ensure effective planning, operation and control of processes ).
As the quality manual contains a description of the management system a more apt title would be a Management System Manual (MSM) or maybe a title reflecting its purpose might be Management System Description (MSD).
In addition a much smaller document could be produced that does respond to the requirements of ISO 9001, ISO 14001, and the regulations of regulatory authorities. Each document would be an exposition produced purely to map your management system onto these external requirements to demonstrate how your system meets these requirements. When a new requirement comes along, you can produce a new exposition rather than attempt to change your system to suit all parties. A model of such relationships is illustrated in Figure 4.10. The process descriptions that emerge from the Management System Manual describe the core business processes and are addressed in Chapter 4 under the heading of Documents that ensure effective operation and control of processes.

Scope Of The Quality Management System

Scope Of The Quality Management System
The ISO 9001 standard requires the quality manual to include the scope of the quality management system including details of justification for any exclusion. The standard addresses activities that may not be relevant or applicable to an organization. The permissible exclusions are explained in section 1.2 of ISO 9001. Here it states that the organization may only exclude requirements that neither affect the organization’s ability, nor its responsibility to provide product that meets customer and applicable regulatory requirements. The requirements for which exclusion is permitted are limited to those in section 7 of the standard.
Under ISO 9001:2008, it was possible for organizations to exclude functions and processes of their organization that may have been difficult to control or were not part of the order fulfilment cycle. Organizations that designed their own products but not for specific customers could escape bringing these operations into the management system. Marketing was omitted because it operated before placement of order. Accounting, Administration, Maintenance, Publicity, Public Relations and After Sales Support functions were often omitted because there were no requirements in the standard that specifically dealt with such activities. As there is no function in an organization that does not directly or indirectly serve the satisfaction of interested parties, it is unlikely that any function or process will now be excluded from the quality management system.
It is sensible to describe the scope of the quality management system so as to ensure effective communication. The scope of the quality management system is one area that generates a lot of misunderstanding particularly when dealing with auditors, consultants and customers. When you claim you have a management system that meets ISO 9001 it could imply that you design, develop, install and service the products you supply, when in fact you may only be a distributor. Why you need to justify specific exclusions is uncertain because it is more practical to justify inclusions.
The scope of the quality management system is the scope of the organization. There is no longer any reason to exclude locations, activities, functions or processes for which there is no requirement in the standard. The reason is because the ISO 9000 family now serves customer satisfaction and is not limited to quality assurance as were the 1994 versions of ISO 9001, ISO 9002 and ISO 9003.
It is not appropriate to address exclusions by inserting pages in the manual corresponding to the sections of the standard and adding justification if not within the scope of the management system – such as ‘We don’t do this!’.
It is much more appropriate to use an appendix as indicated previously in the manual contents list. By describing the nature of the business, you are establishing boundary conditions. If in doing so you do not mention that you design products, it will be interpreted that design is not applicable.
For exclusions relative to detail requirements, the Compliance Matrix may suffice but for an unambiguous solution, it is preferable to produce an exposition that addresses each requirement of the standard.

ISO 9001 Quality Policy

ISO 9001 Quality Policy
The standard requires the quality policy to be appropriate to the purpose of the organization.
The purpose of an organization is quite simply the reason for its existence and as Peter Drucker so eloquently put it there is only one valid definition of business purpose: to create a customer”(Drucker, Peter F., 1977)2 . In ensuring that the quality policy is appropriate to the purpose of the organization, it must be appropriate to the customers the organization desires to create. It is therefore necessary to establish who the customers are, where the customers are, what they buy or wish to receive and what these customers regard as value. As stated above, the quality policy is the corporate policy and such policies exist to channel actions and decisions along a path that will fulfil the organization’s purpose and mission. A goal of the organization may be the attainment of ISO 9001 certification and thus a quality policy of meeting the requirements of ISO 9001 would be consistent with such a goal, but goals are not the same as purpose as indicated in the box to the right. Clearly no organization would have ISO 9001 certification as its purpose because certification is not a reason for existence – an objective maybe but not a purpose.
Policies expressed as short catchy phrases such as “to be the best” really do not channel actions and decisions. They become the focus of ridicule when the organization’s fortunes change. There has to be a clear link from mission to quality policy.
Policies are not expressed as vague statements or emphatic statements using the words may, should or shall, but clear intentions by use of the words ‘we will’
– thus expressing a commitment or by the words ‘we are, we do, we don’t, we have’ expressing shared beliefs. Very short statements tend to become slogans which people chant but rarely understand the impact on what they do. Their virtue is that they rarely become outdated. Long statements confuse people because they contain too much for them to remember. Their virtue is that they not only define what the company stands for but how it will keep its promises.
In the ISO 9001 definition of quality policy it is suggested that the eight quality management principles be used as a basis for establishing the quality policy.
One of these principles is the Customer Focus principle. By including in the quality policy the intention to identify and satisfy the needs and expectations of customers and other interested parties and the associated strategy by which this will be achieved, this requirement would be fulfilled. The inclusion of the strategy is important because the policy should guide action and decision. Omitting the strategy may not ensure uniformity of approach and direction.
The standard requires that the quality policy include a commitment to comply with requirements and continually improve the effectiveness of the quality management system.
A commitment to comply with requirements means that the organization should undertake to meet the requirements of all interested parties. This means meeting the requirements of customer, suppliers, employees, investors, owners and society. Customer requirements are those either specified or implied by customers or determined by the organization and these are dealt with in more detail under clauses 5.2 and 7.2.1. The requirements of employees are those covered by legislation such as access, space, environmental conditions, equal opportunities and maternity leave but also the legislation appropriate to minority groups such as the disabled and any agreements made with unions or other representative bodies. Investors have rights also and these will be addressed in the investment agreements. The requirements of society are those obligations resulting from laws, statutes, regulations etc.
An organization accepts such obligations when it is incorporated as a legal entity, when it accepts orders from customers, when it recruits employees, when it chooses to trade in regulated markets and when it chooses to use or process materials that impact the environment.
The effectiveness of the management system is judged by the extent to which it fulfils its purpose. Therefore improving effectiveness means improving the capability of the management system. Changes to the management system that improve its capability i.e its ability to deliver outputs that satisfy all the interested parties, are a certain types of change and not all management system changes will accomplish this. This requirement therefore requires top management to pursue changes that bring about an improvement in performance.

ESTABLISHING THE INITIAL STATE OF THE QMS For SME

Establishing The Initial State of The ISO 9001 QMS For SME
The implementation of an ISO 9001 conformant system must recognize that it is but a step in a long-term development of a continually improving QMS. Unfortunately, it is often the case that ISO 9001 is taken as a means to an end, where the implementation of a QMS is not the primary objective, rather certification is. As a result, SMEs may end up with stacks of documentation waiting to be processed that adds no value, but cost.
According to the requirements of ISO 9001, an organization must develop only six documented procedures: (1) control of documents, (2) control of quality records, (3) internal audits, (4) control of non-conformities, (5) corrective action, and (6) preventative action. A quality manual and several records are also required. The development of other procedures, work instructions, and
other documents is largely at the discretion of the organization. From the very beginning of the process, it is therefore essential that SMEs establish a balanced view between a short-term focus (marketing/sales) and a long-term focus (achieving company-wide quality awareness through TQM). ISO documentation should be considered as an enabler along that way and SMEs must guard against the creation of unnecessary documentation.
However, even when such a view is adopted, many SMEs struggle to move from their initial state to a fully functional ISO 9001 QMS. Over the last several years, we have been involved in ISO 9001 implementation projects in seven different SMEs. The SMEs have ranged in size from approximately 20 employees to 500 employees. The SMEs have been drawn from a variety of sectors in Virginia, including manufacturing, distribution, and services. Based on our experience, we developed a schematic of initial states of an organization in terms of the existence and functionality of the ISO 9001 QMS . Throughout this paper, existence is equated with the documentation required by the standard while functionality is equated with an effectively operated QMS that leads to increased customer satisfaction and continuous improvement of business results.
A successful QMS must be fully functional and appropriately documented. With that in mind, there are four main states in which SMEs can be located in the beginning of the implementation process:
1. Complete Death: No documentation, no functioning.
This is the state in which there is no indication of the existence and functionality of the QMS. No documentation exists and no processes are in place to help ensure the quality of the product.
Relatively few companies will find themselves in this situation.
2. Informally Alive: No documentation, some level of functioning.
Many SMEs exhibit an organic structure characterized by an absence of standardization and the prevalence of loose and informal working relationships. SMEs operating in this state are more likely to rely on people rather than a system. In such situations, key personnel may resist documentation for two key reasons “(1) documentation is considered a waste of time and (2) documentation of processes and procedures makes the individual less dependable” [2]. SMEs in this state perform some or all of the processes required by ISO 9001 and the QMS may function fairly well. However, they are not willing and ready to document those processes unless there is a cultural change lead by top management.
3. Formally Death: Some level of documentation, no functioning.
SMEs categorized in this state have documented processes and procedures at some degree, however, the documents are generally not followed and do not necessarily reflect the actual manner in which the organization undertakes its operations and management. This situation highlights the fact that the mere existence of documentation does not necessarily lead to a functional QMS. Moreover, such a situation may help perpetuate the view that ISO 9001 is a way for SMEs to market their products and services but that implementation of the standard requires stacks of documents that offer no value.
4. Formally Alive: Some level of documentation, some level of functioning.
Each SME considered in this state, achieves a unique combination of the existence and functionality of processes and procedures that may or may not be required by ISO 9001. This situation is closest to the desired state of full functionality (100%) of the ISO 9001 QMS and full documentation (100%) of this functionality.