ds315 quality management systems feb 03 - … · 2004-07-01 · iso standards on quality management...
TRANSCRIPT
DISTRIBUTION RESTRICTED
WORKING MATERIAL
QUALITY MANAGEMENT SYSTEMS
FOR TECHNICAL SERVICES IN RADIATION SAFETY
Prepared by the Division of Radiation and Waste Safety Radiation Monitoring and Protection Services Section
International Atomic Energy Agency
Reproduced by the IAEA Vienna, Austria, 2003
NOTE
The material in this document has been supplied by the authors and has not been edited by the IAEA. The views expressed remain the responsibility of the named authors and do not necessarily reflect those of the government(s) of the designating Member State(s). In particular, neither the IAEA nor any other organization or body can be held responsible for any material reproduced in this document.
CONTENTS
1. INTRODUCTION 1 Background 1 Objective 2 Scope 2 Definitions 3 Structure 4 2. IAEA PUBLICATIONS SUPPORTING TECHNICAL SERVICES IN RADIATION SAFETY 5 3. ISO STANDARDS ON QUALITY MANAGEMENT SYSTEMS 7 4. GENERAL GUIDANCE ON ESTABLISHING A QUALITY MANAGEMENT SYSTEM 9 Recommended Approach for the Establishment of a Quality Management System 9 Introduction 9 Requirements of applicable standards 11 Implementation process 11 Decision taking 11 Management commitment 12 Appointing an implementation team 12 Planning the implementation 13 Identifying existing processes 14 Defining document structure 14 Writing procedures 15 Initial training 15 Implementation, first internal audit and management review 15 5. REQUIREMENTS FOR SERVICES NEEDING CERTIFICATION BY ISO9001 18 Management Responsibility 18 Management Commitment 18 Customer Focus 18 Quality Policy 19 Planning 19 Quality objectives 20 Quality planning 20 Documentation requirements 21 General 21 Quality manual 21
Control of documents 22 Control of records 22 Responsibility, Authority and Communication 23 Responsibility and authority 23 Management representative 24 Internal communication 24 Management Review 25 Purpose 25 Frequency 25 Management review input 25 Output and documentation of the management review 26 Follow up 26 6. RESOURCE MANAGEMENT 27 Provision of Resources 27 Human Resources 27 Infrastructure 29 Requirements of the process 29 Requirements of the relevant nuclear or radiation safety regulatory body 29 Requirements established by other regulatory authorities 29 Work Environment 30 7. PRODUCT REALIZATION 31 Planning of Product Realization 31 Customer Related Processes 32 Design and Development 32 Purchasing 33 Production and Service Provision 34 Control of Monitoring and Measuring Devices 35 8. MEASUREMENT, ANALYSIS, AND IMPROVEMENT 36 General 36 Monitoring and Measurement 36 Customer satisfaction 36 Internal audit 37 Purpose 37 Selection and training of internal auditors 37 Audit frequency 38 Audit scope 38
Audit reporting and follow-up 39 Monitoring and Measurement of Processes 39 Monitoring and Measurement of Product 40 Control of Nonconforming Product 40 Analysis of Data 40 Improvement 41 Corrective action 41 Selection and implementation of corrective actions 42 Monitoring of corrective actions 42 Preventive action 43 9. ADDITIONAL REQUIREMENTS FOR SERVICES NEEDING ACCREDITATION BY ISO17025 45 Additional Management Requirements 45 Organization 45 Review of requests, tenders and contracts 46 Subcontracting of tests and calibrations 46 Purchasing services and supplies 46 Service to client 47 Complaints 47 Control of non-conforming testing and/or calibration work 47 Control of records 47 Internal audit 48 Additional Technical Requirements 48 Personnel (human resource planning) 48 Laboratory facilities (accommodation and environmental conditions) 49 Test and calibration methods and method validation 50 Equipment (equipment used for calibration or testing ) 50 Measurement traceability (calibration and testing) 51 Sampling 52 Handling of test and calibration items 53 Assuring quality of test and calibration results 53 Reporting results 54 REFERENCES 55 BIBLIOGRAPHY 58 Annex I Grouped Processes List 61 Annex II Quality Policy 65 Annex III Quality Objectives 66 Annex IV Duties of Quality Manager 67 Annex V Checklist to Evaluate Requests for Contracts 70
1
1. INTRODUCTION
BACKGROUND
1.1. Quality assurance (QA) was identified as one of the five areas of the Nuclear Safety
Standards Programme (GOPV/1687 and GC (XVIII)/526/Mod.1, 16 September 1974) for the
development of safety standards.
1.2. The Nuclear Safety Convention and the Joint Convention on the Safety of Spent Fuel
Management and on the Safety of Radioactive Waste Management reflect the importance of
quality assurance by including Articles 13 and 23 respectively, emphasizing that ‘Each
Contracting Party shall take the necessary steps to ensure that appropriate quality assurance
programmes are established and implemented’.
1.3. In all three Safety Fundamentals publications issued by the IAEA, there are clear
references to quality assurance as an essential component of radiation safety. The Safety
Fundamentals publication on Radiation Protection and the Safety of Radiation Sources [1]
issued in 1996 states that:
“The source and associated facilities and equipment shall be regularly inspected, tested
and maintained in accordance with approved procedures and quality assurance
programmes to ensure that components, structures and systems continue to be available
and to operate as intended.” (Para. 6.9.)
“In the organization of a registrant or licensee, it is the management’s responsibility to
recognize the significance for protection and safety of its activities, and to promote a
radiation safety culture aimed at developing and maintaining an attitude of rigour and
thoroughness towards safety that permeates the entire organization. …. An important
aspect of this effort is the establishment of programmes of verification and quality
assurance.” (Para. 7.7.)
1.4. The Safety Fundamentals publication on The Safety of Nuclear Installations [2] issued
in 1993 states (para. 406) that:
“Quality assurance practices are an essential part of good management and are to be
applied to all activities affecting the quality of items, processes and services important
to safety.”
2
1.5. The Safety Fundamentals publication on The Principles of Radioactive Waste
Management [3] issued in 1995 states in para. 330 that:
“An appropriate level of quality assurance and of adequate personnel training and
qualification shall be maintained throughout the life of radioactive waste management
facilities.”
1.6. The International Basic Safety Standards for Protection against Ionizing Radiation and
for the Safety of Radiation Sources (BSS) [4] issued in 1996 established in § 2.29 as a
management requirement:
“Quality assurance programmes shall be established to provide, as appropriate:
adequate assurance that the specified requirements relating to protection and safety are
satisfied; and quality control mechanisms and procedures for reviewing and assessing
overall effectiveness of protection and safety measures.”
1.7. Since the publication of the International Basic Safety Standards for Protection against
Ionizing Radiation and for the Safety of Radiation Sources (BSS), the IAEA and its Member
States have engaged in an extensive effort to establish and strengthen national radiation
protection infrastructure.
OBJECTIVE
1.8. The purpose of this publication is to provide guidance to individuals and organizations
providing technical services in radiation safety on developing and implementing a quality
management system consistent with the requirements provided in applicable ISO-standards
(ISO9001, ISO9004 and ISO17025) and other relevant IAEA safety standards.
1.9. This document matches the needs of the technical services with the requirements of
applicable ISO-standards and explains how the requirements may be applied in practice. The
document will help technical services to demonstrate competence, to produce technically valid
data and results, to facilitate co-operation, and to assist in the exchange of information and
experience and in the harmonization of procedures.
SCOPE
1.10. The document focuses on technical services in radiation safety that require certification
and/or accreditation.
3
1.11. Services requiring certification could include:
a) radiation protection consultancy;
b) shielding calculations;
c) modelling for dose assessment, containment and ventilation;
d) maintenance services covering both in-house operations; and services contracted with an
outside organization.
1.12. Services requiring accreditation could include:
a) laboratories providing monitoring services including individual -, workplace -, and
environmental monitoring;
b) laboratories dealing with calibration and verification services for monitoring devices
and radiation sources.
1.13. Issues relating to quality management systems for transport, waste management,
education, and training are outside the scope of this document.
DEFINITIONS1
1.14.
Accreditation: Procedure by which an authoritative body gives formal recognition that a body
or person is competent to carry out specific tasks.
Body (responsible for standards and regulations): Legal or administrative entity that has
specific tasks and composition, (e.g. organizations, authorities, companies and foundations).
Certification: Procedure by which a third party gives written assurance that a product, process
or service conforms to specified requirements.[cf. ‘authorization’]
Quality: Degree to which a set of inherent characteristics fulfils requirements.
Third party: Person or body that is recognized as being independent of the parties involved,
as concerns the issue in question.
1 According to ISO/IEC Guide 2 [5]
4
STRUCTURE
1.15. This publication is intended to cover recommendations that apply to parties providing
technical services in radiation safety. It might also be used by competent regulatory authorities
to ‘confirm/recognize/approve’ the competence of technical services.
1.16. The ‘Licensee/user/customers’ are encouraged to use the document as a means of
identifying and selecting appropriate services.
1.17. Section 2 discusses IAEA publications supporting technical services in radiation safety.
Section 3 covers ISO Standards on quality management systems. Section 4 gives general
guidance on establishing a quality management system and describes in a chronological
manner the necessary steps for introducing a quality management system when no such
system was in place previously. Section 5 on requirements for services needing certification
details and comments on the requirements of the two main standards in quality management:
ISO9001 [6] and ISO17025 [7]. Section 6 covers additional requirements for services needing
accreditation’ and explains the different and additional requirements that have to be fulfilled
by organizations needing accreditation by ISO17025. Section 7 covers product realization.
Section 8 covers measurement, analysis and improvement. Section 9 is on additional
requirements for services needing accreditation by ISO17025. The annexes give some
examples of key issues in a quality management system.
1.18. This document is advisory in nature. As used in this document, the term ‘shall’ refers to
a specific criterion for accreditation or an action specified as mandatory by one or more
accepted international standards such as ISO-9000:2000, ISO-9004:2000, ISO-17020 and/or
ISO-17025. The term ‘should’ refers to an action or practice that is recommended for
implementation by general practice or by applicable international standards such as ISO-
9000:2000, ISO-9004:2000, ISO-17020 and/or ISO-17025.
1.19. As used in this document, the term ‘customer’ refers to the client or other recipient of
services from a technical services provider. As examples, companies receiving personnel
dosimetry services, clients submitting instruments for calibration are all considered to be
‘customers’.
5
2. IAEA PUBLICATIONS SUPPORTING TECHNICAL SERVICES IN RADIATION SAFETY
2.1. To assist Member States in occupational radiation protection, the IAEA has published
three Safety Guides, which are jointly sponsored by the IAEA and the International Labour
Office. These are Occupational Radiation Protection [8], Assessment of Occupational
Exposure Due to Intakes of Radionuclides [9] and Assessment of Occupational Exposure Due
to External Sources of Radiation [10]. The IAEA has also published additional technical
information on particular techniques, some of which are described below.
2.2. The Safety Guide on Occupational Radiation Protection deals with the overall
implementation of the requirements in the Basic Safety Standards (BSS), giving general
advice on the exposure conditions for which monitoring programmes shall be set up to assess
radiation doses arising from external radiation and from intakes of radionuclides by workers.
This Safety Guide addresses the technical and organizational aspects of the control of
occupational exposures, in situations of both normal and potential exposure. The intention is
to provide an integrated approach to the control of normal and potential exposures due to
external and internal irradiation from both artificial and natural sources of radiation.
2.3. The supplementary Safety Guide on Assessment of Occupational Exposure Due to
Intakes of Radionuclides addresses in detail the methods of assessing exposure due to intakes
of radionuclides in the workplace (direct and indirect activity measurements and interpretation
of the results) without going into details on QA methods. The second supplementary Safety
Guide on the Assessment of Occupational Exposure Due to External Sources of Radiation is
of primary interest for this report. This Safety Guide contains guidance on establishing
monitoring programmes for external exposure, the appropriate dosimetry to be used for
individual and workplace monitoring and the interpretation of results. Particular attention is
being paid to the quantities to be measured and the necessary precision and accuracy.
Guidance on the type testing and performance testing of dosimeters is given, together with the
necessary dosimetric data to carry out this work.
2.4. Complementary advice on specific topics in occupational radiation protection is
published in Safety Reports (and previously in Safety Practices). These publications provide
either topic specific or practice specific guidance. The Safety Guide on Occupational
Radiation Protection is supported by two Safety Reports: Health Surveillance of Persons
6
Occupationally Exposed to Ionizing Radiation: Guidance for Occupational Physicians [11]
and Optimization of Radiation Protection in the Control of Occupational Exposure [12].
2.5. The Safety Guide on Assessment of Occupational Exposure Due to Intakes of
Radionuclides is to be supported by three Safety Reports: Direct Methods for Measuring
Radionuclides in the Human Body [13] was published in 1996 and the Safety Report on
Indirect Methods for Assessing Intakes of Radionuclides Causing Occupational Exposure [14]
was published in 2000. While these two publications provide advice on measurements of levels
of radionuclides in the whole body or in organs and tissues, a third safety report on Assessment
of Radiation Doses from Intakes of Radionuclides by Workers [15], which is still under
development, presents the main considerations for dose assessment, in both routine and
accidental situations.
2.6. The Safety Guide on Assessment of Occupational Exposure due to External Sources of
Radiation will be supported by at least two Safety Reports. Calibration of Radiation Protection
Monitoring Instruments [16], is provided for those who are establishing or operating
calibration facilities for radiation monitoring instruments
2.7. Among the practice specific Safety Reports, published or under development are [17-19].
1. Radiation and Waste Safety in the Oil and Gas Industry.
2. Radiation Protection against Radon in Workplaces other than Mines.
3. Methods for Reducing Occupational Exposure during Decommissioning of Nuclear
Facilities.
2.8. Safety related material is also published in the IAEA Technical Reports Series. A
selection is presented in [20–22].
1. Neutron Monitoring in Radiation Protection [20].
4. Compendium of Neutron Spectra and Detector Responses for Radiation Protection
Purposes [21,22].
2.9. Practical Radiation Technical Manuals (PRTMs) are designed to provide guidance on
radiological protection for persons who have the responsibility of ensuring the safety of
employees working with ionizing radiation. Two of these deal with personal monitoring [24]
and workplace monitoring for radiation and contamination [25]. One PRTM on personal
protective equipment [26] is under development.
7
3. ISO STANDARDS ON QUALITY MANAGEMENT SYSTEMS
3.1. The International Standards Organization (ISO) is a worldwide federation of national
standards bodies, which develops reference standards that are recognized and implemented in
many managerial and technical fields. Before the 1970s, quality was rapidly emerging as a
new concept in commerce and industry. Several national or multinational standards had been
developed for commercial and industrial use, and for the needs of the nuclear power industry.
The first publication of the ISO9000 series in 1987 brought harmonization on an international
scale and supported the growing impact of quality as a factor of international trade. The
ISO9000 series ISO9001:2000 [6] and ISO9004:2000 [27] embodies comprehensive quality
management concepts and guidance, together with several models for external quality
assurance requirements.
3.2. The current ISO Standards Series ISO9000-ISO9004 on the topic of ‘Quality
Management and Quality Assurance Standards’ are used worldwide. ISO17025 ‘General
requirements for the competence of testing and calibration laboratories’ was published in
1999. It contains all of the requirements that testing and calibration laboratories have to meet
if they wish to demonstrate that they operate a quality system, are technically competent, and
are capable of generating technically valid results. It has been produced as the result of
extensive experience in the implementation of ISO/IEC Guide 25.
3.3. The increasing use of quality systems has generally emphasized the need to ensure that
laboratories, which are part of larger organizations or offer other services, can operate a
quality system that complies with applicable international standards. Care has been taken to
incorporate all those requirements of ISO9001 that are relevant to testing and calibration
services covered by a laboratory’s quality management system (QMS). Testing and calibration
laboratories that comply with these standards will therefore also operate in accordance with
ISO9001.
3.4. ISO17025 specifies the general requirements necessary for competence to carry out tests
and/or calibrations, including sampling. It covers testing and calibration using standard
methods, non-standard methods, and laboratory-developed methods.
3.5. The acceptance of testing and calibration results between countries would be facilitated
if laboratories complied with this international standard, and if they obtain accreditation from
bodies which have entered into mutual recognition agreements with similar bodies in other
8
countries. The use of this standard will facilitate co-operation between laboratories and other
bodies, and assist in the exchange of information and experience, and in the harmonization of
standards, standard methods and procedures. There is nothing to preclude a country from
establishing a unilateral accreditation system and electing not to participate in mutual
recognition agreements.
3.6. Implementation of a quality management system based on the ISO9000 series,
ISO17025 and other generally accepted standards brings several benefits to organizations
using them, enabling them:
a) to convert skills and experiences into recorded knowledge;
b) to force staff to think it through;
c) to make responsibilities clear and to create conditions of self-control;
d) to provide legitimacy and authority for the staff needed to execute plans;
e) to improve communication and to provide consistency in carrying out tasks;
f) to provide training and reference material to newcomers;
g) to identify training needs for the staff involved in the tasks;
h) to provide a respected reference in the event of conflicts or nonconformity;
i) to provide criteria for audit and reviews;
j) to establish means for clear goals for improvements.
9
4. GENERAL GUIDANCE ON ESTABLISHING A QUALITY MANAGEMENT SYSTEM
RECOMMENDED APPROACH FOR THE ESTABLISHMENT OF A QUALITY MANAGEMENT SYSTEM
Introduction
4.1. A quality management system consists of a set of interrelated or interacting elements. It
is designed to establish the overall intentions and direction of an organization as related to the
ability of a product, system, or to fulfil the requirements of customers and other interested
parties.
4.2. The ISO Standards series encourages the adoption of a process approach to quality
management. In this context, any activity that receives inputs and converts them to outputs
can be considered a process. For organizations to function effectively, organizations have to
identify and manage numerous linked processes. Often the output from one process will be the
direct input into the next process. The systematic identification and management of the
processes applied within an organization and the interactions between such processes may be
referred to as the process approach.
4.3. Figure 1 is a conceptual illustration of one model of the process approach described in
the ISO Standards. The model recognizes that customers play a significant role in defining
requirements as inputs. Monitoring customer satisfaction is necessary to evaluate and validate
whether customer requirements have been met. This model does not reflect processes at a
detailed level, but covers all the requirements of the international standards.
4.4. More detailed information on the applicability of this approach will be presented later in
the text.
11
Requirements of applicable standards
4.5. International standards specify requirements for a QMS which urge an organization
a) to demonstrate its ability to deliver a product that consistently meets customer and
applicable regulatory requirements; and
b) to address customer satisfaction through the effective application of the system,
including processes for continual improvement and the prevention of non-conformity.
4.6. The organization shall establish, document, implement, maintain and continually
improve a QMS in accordance with the requirements of applicable international standards and
this document.
4.7. The steps that shall be taken by an organization in order to implement a quality
management system include:
a) identifying the processes needed for the QMS;
b) determining the sequence and interaction of these processes;
c) determining criteria and methods required to ensure the effective operation and control
of these processes;
d) ensuring the availability of information necessary to support the operation and
monitoring of these processes; and
e) measuring, monitoring and analysing these processes, and implementing action
necessary to achieve planned results and continual improvement.
Implementation process
Decision taking
4.8. The implementation of a QMS into an operating organization starts with the decision to
do so by the top management. There may be different external and internal factors that could
convince the top management of the need for such a system.
4.9. Examples are:
12
External factors like demand by customers or State or regulatory authorities, or new
information during a peer meeting or conference.
Internal factors like demand by internal customers, cost-effectiveness analysis, need to
restructure the organization due to mayor changes in work focus or workforce.
Management commitment
4.10. After arriving at the decision to implement a QMS, top management has to demonstrate
its commitment to implementation of the project by:
a) appointing one of its members as the responsible person for the task;
b) supplying adequate funds; and
c) establishing an information policy to make the implementation decisions and actions
transparent to both the top management and the staff.
4.11. This commitment shall be communicated to the entire organization (by issuing a quality
policy statement and preliminary quality objectives/goals) and demonstrated throughout the
whole process of implementing the QMS (by active participation in review meetings).
Appointing an implementation team
4.12. The next step is to appoint a task force (implementation team) under the supervision of
the above appointed member of the top management to do the job. Here, the assistance of
external experts might be requested either as leaders of the task force or as advisory members.
The members of the task force will need good knowledge and experience or receive training,
as appropriate, in at least one of the following fields:
a) Structure and workload of the organization;
b) Applicable standards, laws and regulations;
c) Internal processes and procedures of the organization;
d) Installed methods to communicate effectively within the company;
e) Team organization and teamwork.
13
4.13. The team shall have an appointed leader, who in the course of the implementation of the
QMS may become the quality manager of the organization.
Planning the implementation
4.14. The first task of the implementation team is to evaluate the workload that will be
necessary to reach the goal of an implemented QMS. This information may already be easily
available within organization or may be gathered by a newly organized initiative of the
implementation team.
4.15. Some ways of gathering this information may include:
a) conducting a survey of laws, regulations and standards (besides the Quality
Management standards) applicable to the product portfolio of the organization;
b) collecting customer needs expressed to representatives of the organization;
c) reviewing the day-to-day work schedule of the organization by going out to the staff;
and
d) doing a survey and count of all processes already in operation within the organization.
4.16. This may be the first opportunity to motivate all the personnel of an organization to
participate actively in the implementation of the system.
4.17. A preliminary timetable shall be established for tracking progress in developing the
QMS. Depending on the size of the organization and the complexity of the task, this timetable
could be relatively short or extend over a period that could range from several months to a
year or more.
4.18. Using the information gathered by the above mentioned or otherwise organized
methods, the implementation team will need to devise a quality plan2 for the implementation
of the system. This plan shall include:
a) a representation of the workload, divided into work packages;
b) a timetable for completion of the different work packages;
2 A Quality Plan sets up a Quality Objective (here to implement a Quality Management System) and
specifies necessary operational procedures and resources to fulfil this objective (see ISO-9000 2.2.9).
14
c) a responsible person for each of the different work packages;
d) a reporting schedule for providing information to the responsible manager;
e) a system of quality reviews to ensure the smooth performance of the plan.
Identifying existing processes
4.19. In order to have a complete overview of all existing processes it will be helpful to group
them, according to the action they are describing into four categories:
a) Management processes;
b) Resource management processes;
c) Product realization processes;
d) Measurement, analysis and improvement processes.
4.20. During identification of the processes, it would be helpful to also identify their
interconnections in order to arrive at a process correlation diagram. This diagram will show in
graphical form how a change of one process may influence others and where there may be
some gaps in the flow. These gaps will have to be filled by designing new processes.
4.21. The proper design of a QMS requires knowledge of all existing processes and the
development of a number of new ones. The best way to organize the system depends on the
organization of the laboratory providing the services.
Defining document structure
4.22. The implementation team has to define the structure of the ensuing documents to help
the authors develop their documentation. The quality manual, which contains the total
documentation of the quality management system, may be organized in different ways.
4.23. It may be one large manual containing all necessary statements, procedures and working
instructions.
4.24. Another possibility is to create a centralized quality management document, which
contains the basic information about the organization and the principal commitment
statements by top management, and to supplement this with annexes containing the technical
15
information to perform the described tasks, which may be tailored to different branches of the
organization.
Writing procedures
4.25. A protocol shall be written defining the process to be followed for writing, reviewing,
approving, and revising procedures and establishing their general format.
4.26. With this procedure in place, the search for authors shall begin. It is of great importance
to the later acceptance of the QMS by all members of the staff that as many of them as
possible are included into the authoring process. It will be the task of the implementation team
to devise the procedures about such central themes as the QMS itself, document control and
the assessment process. The assistance and authorship of the people currently doing specific
jobs shall be solicited throughout the process of developing the QMS, particularly for the
technical procedures. Wherever it is needed, the members of the implementation team, due to
their better training in the contents of standards and regulations, shall provide assistance in
editing the process descriptions (procedures).
4.27. All drafted procedures will have to be reviewed and compared by the implementation
team, i.e. checked against each other, against the management directives and against the
applicable international standards in order to ensure conformity and integrity of the quality
documentation. This process shall include all necessary new procedures, changes to existing
procedures, their authorization and their inclusion in the quality manual.
Initial training
4.28. In this way, the organization will arrive at a first version of the quality manual which
does not need to contain all the planned procedures, but may be used to train the personnel in
the application of the newly developed or changed procedures.
4.29. Members of the implementation team, in conjunction with members of the management
of the organization, shall supervise this training in the application of the QMS to show the
permanent commitment of management to the ideas of quality management.
Implementation, first internal audit and management review
4.30. After the training period, which in itself may show additional need to correct the
documentation, the QMS may be implemented for an initial testing period, typically a pilot
16
project lasting three to six months. At the end of this period, the first assessment of the QMS,
the first internal audit3 followed by the first management review shall be scheduled.
4.31. The outcome of these two evaluation processes will show whether additional adaptation
of the documentation is still necessary. When these changes have been made, the QMS will be
ready for final implementation and may start its life cycle of improvement.
4.32. Top management, with the assistance of the implementation team, shall revise the
quality policy and the quality objectives, which shall be based on this policy and be
quantitative at least at operational levels. These quality objectives may change over time
reflecting changes in the needs and priorities of the organization.
4.33. Finally, top management shall establish ways of assessing the performance of the
organization by defining performance indicators (and the way these indicators shall be derived
from existing data) for quality related processes and the way of conducting the overall
assessment of the QMS through a management review.
3 Systematic and documented process for obtaining evidence and evaluating it objectively to determine the
extent to which the policies, procedures and requirements are fulfilled.
17
Fig. 2. Establishment of a Quality Management System
Qualitymanagement
system needed
Managementcommits to
QMS
Collect Input
Customer needs,regulations, laws &
standardsDay-to-day workplace
experiance
Implementationteam for QMS
installed
Design quality
TimetableResponsibilities
Objectives
Process Identification
Managerial processesworkforce
Product realizationResource management
Measurement andimprovement
Designing the QualityManagement System
Quality manual (Handbook)Managerial procedures
Administrative proceduresTechnical procedures
Document control
Develop System forDocumentation
Prepare draftsTraining & evaluation
ImplementQMS
Feedback to Management
Measurement,analysis andimprovement
Implementsystem
improvement
18
5. REQUIREMENTS FOR SERVICES NEEDING CERTIFICATION BY ISO9001
MANAGEMENT RESPONSIBILITY
5.1. This Section describes the various detailed tasks involved in developing and
implementing a Quality Management System (QMS) that are collectively referred to as
‘Management Processes’. Accomplishing these tasks is a responsibility of top management of
the organization.
MANAGEMENT COMMITMENT
5.2. ‘Management commitment’ is a declaration signed by the top management committing
the organization to quality. This commitment acknowledges management’s responsibility to
establish a QMS, to provide the necessary resources, guarantee review and revision of the
system as needed and define a quality policy and quality objectives that will govern the
system. After it is issued, the document is included in the quality manual and brought to the
awareness of the staff. In this context, ‘necessary resources’ might include the people,
infrastructure, work environment, information, supplies and partnerships, natural resources,
and financial resources needed to accomplish the quality objectives.
CUSTOMER FOCUS
5.3. Customer focus means that there is a responsibility to ensure that customer needs and
expectations are determined, converted into processes and fulfilled with the aim of achieving
customer satisfaction consistent with regulatory and legal obligations. Top management shall
ensure that customers’ requirements are well known and that the organization is structured in
a manner appropriate to meet their needs so that customer satisfaction is maximized.
5.4. In order to accomplish this, customers’ requirements shall be determined. This can be
done by asking customers about their needs, by providing information about available
services, or other means such as market surveys or polls. The organization then applies its
technical, legal, regulatory, and other relevant knowledge to develop a recommendation as to
the most appropriate service to be provided in order to meet the requirements.
5.5. The organization shall ensure that customer reactions are considered. Both positive and
negative customer feedback shall be collected and evaluated. Therefore the QMS shall
establish a monitoring process designed to assess and analyze all customer reactions so as to
19
ensure that the organization takes action designed to result in continuous improvement of
quality.
QUALITY POLICY
5.6. The quality policy shall be issued by top management and shall be appropriate to the
purpose of the organization. It shall be simple (concise) and easily understandable for all
members of the organization (staff).
5.7. It shall include brief descriptions of actions designed to address issues such as:
a) defining and maintaining the expected level of customer satisfaction;
b) needs of other interested parties (regulatory agencies, other parts of the organization,
public, etc.);
c) opportunities and needs for continual improvement;
d) commitment to provide resources needed to accomplish the task;
e) contributions of suppliers and partners (ensuring that suppliers and partners are capable
of providing support goods and services that meet the established quality standards);
f) commitment to follow good professional practices when providing services;
g) commitment to the competence (qualification) of the personnel involved in the
execution of the services;
h) commitment to adhere to the requirements of the applicable standards.
5.8. Once established, the quality policy shall be translated into measurable quality
objectives that are continually evaluated through performance indicators to ensure their
adequacy.
PLANNING
5.9. In order for a QMS to be effective, it is important that a plan be developed to provide
management and the implementation team with a series of clearly defined objectives. These
objectives apply both before and after the QMS has been implemented.
20
Quality objectives
5.10. This means a series of goals or targets established at different levels of the organization,
which describe the desired outcome of the QMS. These objectives shall be established during
the planning process and shall be consistent with the stated Quality Policy. Particularly at the
technical level, quality objectives shall be quantifiable.
5.11. Information sources such as internal audit reports, process reviews, and feedback from
customers can all help in identifying appropriate quality objectives. As an example, an initial
quality objective for a testing laboratory might be to provide a result to the customer that
meets certain performance testing criteria. Over time, if the organization consistently
demonstrates its ability to meet those criteria, other factors such as improving customer
satisfaction through shorter turn-around time for tests might become additional quality
objectives. In other words, quality objectives are established after considering many factors,
including the current and future needs of the organization, the needs of the market served, and
regulatory requirements. It is very important that quality objectives be continually reviewed
and revised in order that the QMS continues to meet the needs of the organization.
Quality planning
5.12. In order to ensure that the planning process remains focused on the defined objectives, it
is important that planning activities be systematic and documented. Top management has a
responsibility to make sure adequate resources are provided to make it possible to meet the
defined quality objectives.
5.13. The quality planning process results in a description of the processes of the QMS, an
indication of the resources needed to meet stated objectives, and the continual improvement of
the QMS. It is very important that changes identified through the planning and evaluation
process be implemented in a controlled manner to maintain the integrity of the system.
5.14. To summarize, the quality planning process is a formal, dynamic activity conducted
during all phases of the development and implementation of a QMS. It is a management tool
designed to help keep all involved in the system focused on defined objectives so that, in a
measurable way, the overall quality of the product or service is maintained and continuously
improved.
21
Documentation requirements
General
5.15. A formal system shall be developed to establish, maintain and control the quality
documentation. Quality documentation includes the quality manual, documents, and records
associated with the QMS.
Quality manual
5.16. The quality manual describes the structure of the QMS and the interaction of all the
elements of the system. It incorporates the policies and objectives of the quality system,
together with supporting procedures. Topics covered in the quality manual include:
a) organization structure;
b) roles and responsibilities of key personnel (job descriptions);
c) quality policy;
d) quality objectives;
e) quality plans;
f) structure of documentation used in the quality system;
g) structure and interaction of the processes that collectively form the system;
h) reference to applicable external standards and regulations;
i) instrument certifications, data tables, forms.
5.17. The quality manual may be used to demonstrate compliance with applicable standards,
as an aid to in-service education and training, and as a concise description of the QMS for
interested individuals outside the organization.
5.18. It may make a clear reference to where more details may be found regarding specific
topics rather than including extensive details within the manual itself and may be organized
on any relevant media used as a means of communication within the organization.
22
Control of documents
5.19. A document is defined as ‘information and its support media’. Documents may be
organized on any relevant media used within the organization so long as an appropriate
system of control is implemented.
5.20. There has to be a procedure in place that describes how documents are to be controlled
within the organization. This control includes:
a) creating a new document (who may do it, according to which procedure);
b) approving a new document before it is implemented;
c) implementing a new document;
d) distributing of documents and marking or removing of obsolete documents ;
e) reviewing implemented documents to determine whether an update (revision) may be
necessary;
f) discerning the current revision status of a document and identifying who is responsible
for tracking the status of all documents ;
g) archiving documents to maintain a history of their development and revision;
h) incorporating external documents into the quality management system;
i) tracking and incorporating revisions of external documents (laws, regulations,
standards).
Control of records
5.21. A record is defined as a ‘document that states results achieved or provides evidence of
activities performed’. A record is a special kind of document that, while not undergoing all the
periodic review and update activities described above, is subject to additional special
requirements to ensure correctness. Normally records may not be changed. If a record is found
to be inaccurate, a clearly identified corrected record is issued, while retaining the old one
marked as incorrect.
23
5.22. There has to be a procedure in place that defines how records are identified, collected,
and stored, while being kept retrievable and readable; how long records have to be kept, and
what has to be done with records after this time period expires.
5.23. In this context, records may typically be:
a) results of measurements, calculations, calibrations and the data used to derive those
results;
b) reports of client feedback;
c) descriptions of identified nonconformities and preventive/corrective actions;
d) reports of internal or external audits and management reviews;
e) minutes of quality related meetings, etc.
5.24. Records may be in any media, such as hard copy or electronic media.
5.25. All records shall be held secure and in confidence. The laboratory shall have procedures
to protect and backup records stored electronically and to prevent unauthorized access to or
amendment of these records.
RESPONSIBILITY, AUTHORITY AND COMMUNICATION
5.26. This subsection describes how the top management has to organize and communicate
the interrelationships and communication within the QMS so as to guarantee its ongoing
functionality.
Responsibility and authority
5.27. To have a clear understanding of all staff members about their position within the
organization, there shall be a function based job description for each staff member. This
description shall mention:
a) the name of the job/working place/function;
b) job responsibilities;
c) the authority which can be executed;
24
d) the necessary technical and managerial skills;
e) additional training needed;
f) identification of supervisor (to whom does this staff member report) and
g) who has to be supervised.
Management representative
5.28. Besides all the other functions, there has to be one person appointed as quality manager
(regardless of other duties). Top management delegates to the quality manager the authority
to:
a) manage the QMS, which includes activities designed to ensure compliance with
applicable standards, harmonize procedures and documents, review operations, identify
and report any nonconformity to the management and or perform quality awareness
training for the staff;
b) communicate with authorities on issues related to quality as may be required by
regulatory and/or accreditation bodies;
c) communicate directly with top management at all times on issues related to the QMS;
d) be the focal point for problem reports regarding quality and suggestions for
improvement;
e) stop all work that is not performed according to established procedures.
Internal communication
5.29. To assist the quality manager, top management has to encourage open communication
within the QMS. This can be done by organizing regular meetings of key quality management
personnel, creating a QMS related communication system (electronic billboard, intranet, QMS
databases, etc.) and similar methods of internal communication. When deemed appropriate by
the quality manager, records of internal communication shall be retained and controlled in the
same manner as other QMS documentation.
25
MANAGEMENT REVIEW
Purpose
5.30. Management reviews of the QMS are conducted to ensure its continuing suitability and
effectiveness and to introduce any necessary changes or improvements. ISO17025 and
ISO9001 require that these reviews be performed by ‘top management’.
5.31. One important objective of this process is to verify that the quality policy and objectives
are appropriate to the goals of the organization. In addition, the management review process
identifies opportunities for improvement.
Frequency
5.32. A specific procedure shall be established for the conduct of these reviews on a planned
schedule (usually at least annually), to require that documentation of findings is completed
and to ensure that the corrective action decided upon as part of the review is subject to
appropriate follow-up.
5.33. Management review is an activity that is separate from an internal audit.
Management review input
5.34. Management reviews shall take account of:
a) changes in the policies and goals of the organization;
b) customer feedback or complaints;
c) recommendations of recent internal or external audits;
d) current status of any corrective and preventive actions (possible results of previous
management reviews);
e) results of interlaboratory comparisons or proficiency tests;
f) changes in the volume and type of the work;
g) other relevant factors, such as quality control activities, resources and staff training.
26
Output and documentation of the management review
5.35. Decisions made during the management review and any actions arising from them shall
be recorded.
5.36. The output report shall consider:
a) who was involved in the review;
b) what factors were considered;
c) what decisions were reached;
d) what action was planned, the persons responsible for the action and the developed time
schedule
e) provision for review and approval of report.
Follow up
5.37. Results shall be fed into the laboratory planning system and shall include the goals,
objectives and action plans for the coming year. Management shall ensure that planned actions
are carried out within the agreed time scale and that completion is documented.
27
6. RESOURCE MANAGEMENT
PROVISION OF RESOURCES
6.1. Resources are essential items needed for conducting the process. They include staff,
equipment and supplies, information, physical facilities, infrastructure services, workplace
conditions and monetary funds.
HUMAN RESOURCES
6.2. Human resources are an essential component of a successful QMS. They include all the
people in the organization who are involved in achieving the quality objectives. Issues such as
staffing levels, education, training, experience, qualifications, and periodic performance
reviews are important when considering human resources.
6.3. First, the implementation team has to define the number of people and the necessary
skills and competences that will be required to achieve the defined quality objectives taking
into account all activities, including the necessary infrastructure and support services. It may
be helpful to create a table including all processes, which identifies the process, and lists the
activity required to complete the process, necessary participants, required qualifications and
individuals responsible for accomplishing the process.
TABLE I. EXAMPLE OF PROCESS LIST
Process Activity Who does this task now?
Number of people required
Required qualifications
Make measurement
Operate equipment
Technologist 3 Know how to operate equipment
Approve measurement
Review measurement log
Supervisor 1 Understand process and recognize variation
Sign report to client
Review report Manager 1 Train, observe and trust Supervisor
6.4. Upon completion of this table, a second table shall be prepared using the same data, but
sorted by individual rather than by process. This is to assist in identifying training needs and
to enable an evaluation of workload distribution.
28
6.5. For each individual, a training plan is developed based on consideration of factors such
as:
a) requirements of the processes as revealed by the two tables described above;
b) existing documented skills and qualifications of the individual;
c) internal and external legislation, regulation, standards and directives affecting the
organization, its activities, and its resources. Many of these may be defined by the
regulatory body.
6.6. For each individual, a record shall be maintained including data relevant to the tasks the
individual performs. This might include items such as:
a) skills qualification records;
b) evidence of qualifications, such as Certificates of course completion;
c) records of training;
d) functional job description developed as described in ‘Responsibility, Authority and
Communication’ (above);
e) workload description detailing the processes the individual is expected to accomplish
together with the source and type of direction received.
6.7. This type of information needs to be readily available within the QMS.
6.8. For the whole organization, it is necessary to develop and document a comprehensive
programme for continuous training for all staff members. This programme is frequently
prepared yearly in advance and considers as a minimum:
a) social skills, (language skills, communication skills, time management, coaching and
counselling, interview skills, management development, and similar individual
development topics);
b) technical skills as derived from the description of required processes;
c) computer skills;
d) knowledge of markets and of customer needs and expectations ;
29
e) future demands related to strategic and operational plans and objectives of the
organization.
6.9. The organization needs to establish a method for evaluating the effectiveness of the
training programme and its impact on achieving the organizations goals and objectives.
6.10. The continued competence of individuals to perform assigned tasks shall be periodically
reviewed and documented. This may be accomplished through a variety of methods, including
performance reviews, training records, examinations and observation of task performance,
depending on the nature of the process. This process is also useful for identifying the need for
additional training of individuals.
INFRASTRUCTURE
6.11. Infrastructure includes work place, associated facilities, equipment, hardware, software,
and supporting services. The implementation team shall review the following requirements.
Requirements of the processes
6.12. It is necessary to review the infrastructure requirements of each process in order to
identify the resources that will be required for successful accomplishment of stated quality
objectives. Development of a table similar to that described above for human resources may
be very helpful in accomplishing this review.
Requirements of the relevant nuclear or radiation safety regulatory body
6.13. For services of radiation protection such as consultancy or performance of shielding
calculations, requirements are commonly focused on confirming validation of software used
to provide these services. For services that use equipment, such as evaluating containment and
ventilation, the regulatory body may impose additional requirements such as special
calibration service authorities to be used to ensure the correct certification and calibration of
equipment.
Requirements established by other regulatory authorities
6.14 These requirements may be focused on issues such as safety in the workplace and
associated facilities, protection of personal privacy and confidentiality of data, and backup of
electronic media.
30
6.15 Once infrastructure requirements have been identified, the implementation team needs
to evaluate how the existing facilities fulfil these requirements. Actions need to be planned
and implemented to resolve any identified deficiencies.
WORK ENVIRONMENT
6.16. Attention to work environment means consideration of how best to combine human and
physical factors with the goal of enhancing the performance of the organization. Attention to
workload, stress factors, social structure within the organization, internal communication,
workplace safety, ergonomics, lighting, ventilation, and many other factors can all be
combined to enhance the overall effectiveness of the organization in achieving its quality
objectives. The organization shall develop descriptions of minimum criteria for workplace
conditions needed to achieve the various objectives.
31
7. PRODUCT REALIZATION
7.1. Within the context of this document, the term ‘product’ refers to a consultative service,
a certificate of calibration or a report of measurements.
7.2. In general, provision of services involving calibration, measurement or testing may
require that the provider be accredited using the requirements of ISO17025. Providing
consultative services generally does not require ISO17025 accreditation, but will likely require
certification of the associated QMS according to ISO9001.
PLANNING OF PRODUCT REALIZATION
7.3. Customer service has to be rendered under controlled conditions. The individual
responsible for accomplishing these actions shall have enough authority to solicit all the
necessary human, technical and financial resources to ensure that the service meets the desired
quality objectives.
7.4. Before starting the service this person shall ascertain that:
a) documented, verified and authorized procedure, including necessary working
instructions, covering the service is in place;
b) information (external and internal to the organization) needed to render the service is
available;
c) all equipment mentioned in the procedure is available, operational and calibrated
according to applicable procedures;
d) the necessary controls to the working environment, as mentioned in the procedure, are
applied;
e) the need for and the way of documenting the completion of different steps of the service
process into applicable records is known and understood by the operators within the
process;
f) person designated to approve the final product for delivery to the customer will be
available.
32
CUSTOMER RELATED PROCESSES
7.5. There is a need to establish a process to identify and document the requirements for
fulfilling a contract for service. This includes identification of:
a) customer requirements;
b) related statutory and regulatory requirements;
c) organizational resources needed;
d) communication requirements to customer.
7.6. Establish a process to identify and document changes in previously specified activities,
including:
a) statutory and regulatory requirements changed before and during contract fulfilment;
b) resolution of requirement changes from previously expressed customer wishes;
c) ability to fulfil changed objectives.
DESIGN AND DEVELOPMENT
7.7. Introducing a new service requires careful planning. This includes the definition of the
requirements that the planned new service needs to fulfil; developing a way in which the
activities of the process are carried out and naming the resources that have to be available.
7.8. The management of the organization shall nominate a technical project leader to be in
charge of the planning. It will be the task of the project leader, by applying his/her knowledge
and experience together with the knowledge of the quality requirements that apply to the
service, to develop a planning schedule.
7.8. This definition of the flow of activities during the planning process shall identify:
a) the best conceivable way to arrive at the planning goal;
b) required human and material resources for the planning process;
c) layout of the different planning stages together with their time schedule;
33
d) times or trigger actions for reviews of the planning status (preferably also mentioning
who shall attend the review meetings);
e) ways and means of verifying of the planned new service to show that the quality
requirements have been reached;
f) ways and means of validating the planning outcome to show that the new service will be
reaching the stated quality requirements at the customer’s application situation;
g) all records necessary to for the correct documentation of the planning process.
7.9. During development of the service, this plan should be adapted, especially after review
meetings, to the findings and agreements of the meeting. All adaptations will have to be
recorded and the new plan and schedule should be transmitted to all participants of the
planning process.
7.10. The final approved, verified and validated service shall be documented.
PURCHASING
7.11. The organization shall have a procedure in place that governs the whole purchasing
process from the definition of goods that may influence the quality of the service to the
customer, selection of a capable supplier, and verification that the purchased product meets
specified quality standards.
7.12. The procedure shall state:
a) who is authorized to start a purchasing process
b) how the specifications of the purchased goods or services have to be described
c) who checks the adequacy of the description before it is presented to the supplier
d) how to select a capable supplier based on:
— ability to deliver the good or service;
— ability to deliver within required time schedule;
— ability to demonstrate that goods and services meet specified quality standards;
34
— ability to deliver at an acceptable price;
— how the delivered good or service is checked against the specification of quality
standards before acceptance of the purchased item.
7.13. This procedure shall also provide a method to inform the purchasing office and the
vendor if the delivered goods do not meet agreed specifications.
PRODUCTION AND SERVICE PROVISION
7.14. The production and provision of a service shall be planned and carried out through
controlled and validated processes. This implies the need to establish a procedure covering all
the processes, which has to be followed to provide the service, or more commonly a procedure
for each process to be followed during processing, storage and delivery of the product. For
each process, the inputs and outputs shall be clearly defined and interconnection among all
processes established. Flowcharts are usually the advisable tool for this purpose. For each
process, detailed work instructions shall be issued and available at the workplace in order to
assure reproducibility of the process.
7.15. The conformity of the product, or of parts of it, shall be assured by defining the
identification, storage, handling, protection and delivery conditions.
7.16. Moreover, when a product can only be fully verified after delivery, each process that
contributes to its production has to be verified according to a procedure specifying acceptable
and suitable criteria for the equipment/methods used and the qualification of the personnel
involved. Therefore, a list of parameters linked to the proper completion of each step is
generally useful to keep the process exact and consistent. The verification procedure usually
requires the production of records, such as checklists, to be filled in and evaluated in order to
assign the final value. In practice, the checklist can have the form of a record in a database file
and the verification process can be established with a software routine.
7.17. A product shall be clearly identified and, if creation of the product requires several
steps, tracking of the product status shall be possible, if required by regulation, identifying
each step’s output. Generating a record such as a checklist confirming the completion of all
necessary steps can be helpful.
7.18. Customer property, including intellectual property, shall be safeguarded throughout all
the production processes. Therefore, the identification of customer property and methods to
35
protect it shall be established in advance. For example, access to data provided by the
customer shall only be allowed to a limited number of persons. In the case of a consultancy for
radiation protection, the customer property could be detailed information of the customer’s
facilities, exposure or source data or any method developed by the customer related to the
requested service. Moreover, the service provided in relation to radiation protection becomes
the property of the customer and shall be treated as confidential information (i.e. dose or
calibration reports).
CONTROL OF MONITORING AND MEASURING DEVICES
7.19. The objective of the control of monitoring and measuring devices is to establish an
effective means for ensuring, with a high degree of confidence, that data generated by these
devices used as the basis for reported results, conclusions and interpretations is of suitable
quality. Devices include instruments, custom software and computer simulations used to
perform measurements and surveys.
7.20. To accomplish this, the organization needs to establish processes to confirm that these
devices are suitable for the intended use, tested, calibrated, and verified to be functioning
within specified performance limits. Physical protection to the devices also needs to be
established with the goal of eliminating potential process errors.
7.21. Finally, software used to collect data and to perform calculations on collected data needs
to be validated before being put into use. It shall be protected against unauthorized
modification. Its functionality shall be re-verified following any change to the computer’s
basic operating system, network control parameters, or other activity that could have an
impact on the functionality of the application software. Furthermore the different software
versions might need to be kept (archived) to be able to access older records generated by
specific versions.
36
8. MEASUREMENT, ANALYSIS, AND IMPROVEMENT
GENERAL
8.1. At all phases in the development and operation, the technical service provider shall
define, plan and implement measurement and monitoring activities related to the QMS needed
to assure conformity with applicable standards, laws, and regulations and to achieve
improvement. These activities shall include determining the need for, and use of, applicable
methodologies including statistical techniques.
8.2. The general process of measurement, analysis, and improvement includes:
a) actions taken on an ongoing basis to monitor the overall quality of the system,
identifying areas, through appropriate metrics, where improvement may be appropriate;
b) application of basic statistic methods (histogram, distribution analysis, mean value, etc.)
to monitored data of customer satisfaction, equipment performance data, measurement
throughput and similar indicators of the quality of service provided to the customer;
c) actions taken on a proactive basis to ensure system quality by preventing non-
conformance, improving the system, and optimizing service to the client. The internal
audit process, together with quality improvement programmes and similar activities, is
part of these actions;
d) actions taken on a reactive basis to re-achieve system quality by correcting non-
conformances identified by any means – self-identification, client complaints or
recommendations of an internal or external audit.
MONITORING AND MEASUREMENT
Customer satisfaction
8.3. Monitoring customer satisfaction provides a valuable source of information to assess
product quality. The monitoring can be done continuously or on special occasions. It may be
helpful to use any personal contact with the customer (acquiring new contracts, customer
visits at the location of the laboratory, congresses or other general meetings, etc.) for inquiries
into customer satisfaction with the rendered services.
37
8.4. Additionally, it may be necessary to organize customer polls at least once every two
years, where the customers are asked to express their opinions about the service in writing.
Internal audit
8.5. The procedures for internal audit shall be documented and shall be included in the
quality manual or related documentation.
8.6. The figure at the end of this section summarizes the general process that shall be
followed for planning an internal audit.
Purpose
8.7. The purpose of internal audit is to verify that the organizations activities comply with
the requirements of its QMS as detailed in the applicable documentation, based on standards
such as ISO9001 and/or ISO17025.
8.8. Initially, an appropriate audit strategy shall be developed by the organization
(ISO17025— §4.13.1 states that it is the responsibility of the laboratory quality manager to
plan and organize audits) considering:
a) who will conduct audits;
b) how auditors will be trained;
c) how frequent and extensive audits will be;
d) what the cost-benefit of the audit will be.
8.9. It is acceptable to contract outside experts to evaluate a QMS in an internal audit.
Selection and training of internal auditors
8.10. Audits shall be carried out by trained and qualified personnel who are, whenever
possible, independent of the activity to be audited.
8.11. Training can be done in house or through external agencies. It shall include:
a) use and interpretation of checklists for audit questions (if used);
b) interview techniques and partner analysis;
38
c) assessment and evaluation of non-conformities;
d) documentation and recording of audit findings;
e) teamwork and personality improvement.
8.12. Rotation of internal auditors through different aspects of technical applications within
an organization can promote increased job satisfaction by allowing employees to play an
important role in maintaining the organization’s management system.
Audit frequency
8.13. Audit frequency shall be determined according to the stability of the Quality
Management System and the frequency of changes within an organization. Generally, once a
year, as with other mayor assessments of an organization, is regarded as adequate.
8.14. Audits may be spread over the year or done all at once. Conducting internal audits on a
progressive schedule has several advantages:
a) It helps emphasize that the internal audit/self-assessment process is a continuous activity
designed to improve the overall quality of the system.
b) It helps to reduce the additional workload for individuals selected to conduct the audit.
c) It is very useful in promptly identifying items of potential non-conformance and areas
where improvement may be appropriate.
d) It helps to monitor progress in accomplishing corrective actions that may have been
recommended by previous audits.
Audit scope
8.15. The scope of audits shall include both general criteria and compliance with specific
technical standards or regulations. Checklists can be valuable tools, particularly for internal
audits because they define the ‘ground rules’, i.e. the standard against which the programme is
to be evaluated.
8.16. An audit is a sampling investigation into the QMS of an organization and, therefore
need not encompass all elements of the system in all parts of the organization. The extent of
the probe and the parts of an organization to be audited shall be planned with regard to
39
changes in staff or methods, customer complaints, previous audit findings and ongoing
correction or prevention programmes.
Audit reporting and follow-up
8.17. All audit findings and any planned corrective actions arising from them shall be
documented. Customers whose work may have been affected by problems identified during
the audit process shall be notified in writing. Some findings may require the use of a formal
corrective action system; others may have simpler remedies.
8.18. An audit report comprising:
a) date
b) location
c) names of audit partners
d) scope
e) listing of audit findings (possibly non-conformances) and
f) a statement describing the status of the QMS and regarding the possibility of achieving
the quality objectives shall be prepared and distributed within the organization
according to the requirements in the corresponding procedure (audit partners, quality
manager, management, etc.).
8.19. If it is necessary to quickly check the efficiency of corrective actions, it may be adequate
to schedule an additional follow-up audit out of the usual schedule. Results of internal audits
and any necessary follow-up actions shall be included in management reviews.
MONITORING AND MEASUREMENT OF PROCESSES
8.20. The organization shall have a procedure in place describing a routine of ongoing process
control for quality management processes. The aim is to derive possibilities for further
improvement of the processes. Interesting aspects described in such a procedure could be
monitoring time for reaction to the customer as influenced by the process structure,
throughput volume of the process routine, and resources allocated to the process and their
reduction possibilities, for example.
40
MONITORING AND MEASUREMENT OF PRODUCT
8.21. The organization shall have procedures in place that describe necessary measurements
during the production process that will make certain that the delivered product fulfils the
expectations of the customer. For consultancy services, these measurements could be
additional calculations using other algorithms, checks on data entry, on comparison of the
result with previous experience. For measurement and calibration services these checks could
be repeated tests (eventually using different analysis instruments), checks on introduced blank
or test samples, plausibility tests on the results applying expert knowledge, etc.
8.22. Results of these measurements shall be recorded as proof of production in compliance
with the QMS.
CONTROL OF NONCONFORMING PRODUCT
8.23. Non-conformities are mainly deviations from the actions as they are described in
applicable procedures. The organization shall have a procedure in place that encourages all
staff members to report non-conformities as soon as they are observed. The procedure shall
mention some staff members that are trained and authorized to act on non-conformities.
8.24. The procedure shall state methods of segregating, possible ways of improving the non-
conforming products and test methods for acceptance of reworked and improved products.
8.25. For radiation protection services this could include marking and segregating incorrectly
entered raw data; data results arrived at by applying wrong algorithms; incorrect calibration
data or factors; measurement results produced by using instruments out of their application
range; calibration data arrived at by using wrong irradiation conditions; etc.
ANALYSIS OF DATA
8.26. Each organization has many data at hand that are derived from different types of
monitoring during the operation of all ongoing processes. There shall be a procedure in place
describing how these data, through adequate analysis, can be put to use as a basis for decisions
within the organization.
8.27. One of the most common data reduction methods will be the application of statistical
methods to these raw data. This may be especially useful for finding out trends in performance
41
of persons and instruments, describing improvement or deterioration. This may give chance
for early action to prevent non-conformities.
8.28. Equally useful may be the application of similar statistical techniques inter alia to the
monitoring of customer satisfaction, resource economics and supplier performance.
IMPROVEMENT
8.29. The organization shall always try to improve the services to the customer and the
internal processes needed to arrive at the product. Error correction and loss prevention are two
ways to improve the quality within an organization.
Corrective action
8.30. A corrective action procedure is started after a complaint or feedback by a customer, or
upon discovery of non-conformity by staff or during a quality audit. Corrective actions need to
be appropriate to the magnitude and the risk of the problem. Any changes resulting from
corrective action investigations shall be documented.
8.31. A preventive action may have to follow a corrective action, or may be processed alone
during the development of new testing or managerial procedures, or because of a decision
taken during a management review. Both follow the same routes, with the one looking back,
the other forward.
8.32. The organization shall have procedures in place that define:
a) who will act during these procedures and to which extend
b) how the action will be structured
c) how decisions are to be arrived at and taken
d) who will be responsible for follow-up action on these decisions
e) how the effectiveness of the action will be measured
f) what is to be done if the actions taken prove ineffective
g) who will keep and archive the documentation of all action.
42
8.33. Corrective action begins with an investigation to determine the root cause(s) of the
problem. Depending on the nature of the problem, this investigation may be informal or
formal and very extensive. In any case, the results of the root cause analysis need to be
documented. Root cause analysis is the key to developing effective corrective action (see
Flowchart of Improvement by Internal Audit Process, Fig. 3).
8.34. Some questions that may be considered when determining the root cause of a problem
include:
a) Has the issue been validated as a problem?
b) Have client requirements changed?
c) Have the characteristics of the sample changed?
d) Are the methods and procedures for performing the task adequate?
e) Is there a need for additional staff training or skills development?
f) Does the equipment function properly?
g) Has equipment calibration been verified?
h) Have the specifications of consumable supplies used in support of the operation in
question been changed?
Selection and implementation of corrective actions
8.35. Once an issue has been validated as a problem in need of correction and the root cause
of the problem has been determined, the search for appropriate corrective actions begins. The
individual responsible for approving corrective action selects and directs implementation of
the action(s) most likely to eliminate the problem and to prevent recurrence. As soon as
practical an estimate shall be made of the time and resources that will be needed to implement
the corrective action.
Monitoring of corrective actions
8.36. The QMS needs to monitor the results of corrective actions to ensure that their
implementation has been successful.
43
Preventive action
8.37. Preventive action is a proactive process to identify opportunities for improvement rather
than a reaction to the identification of problems or complaints. Apart from the review of the
operational procedures, the preventive action might involve analysis of data, including trend
and risk analyses and proficiency testing results. Planning, development, implementation, and
monitoring of preventive action will likely involve a similar pattern of activities as is followed
for corrective action except that they are proactive in nature.
44
Fig. 3. Flowchart of Improvement by Internal Audit Process
Measurement, Analysis and Improvement of the
Quality Management System
CustomerComplaint
NonconformityReport
QualityManager
plansInternal Audit
SelectAuditors
Auditorstrained ?
TrainAuditors
DetermineAudit Partners,
Scope andTime-Schedule
ConductInternalAudit
Problemsidentified,
recognized andaccepted
Audit Report
Management Review
RootCause
Analysis
RecommendCorrective
Action
System Improvement
No
Yes
45
9. ADDITIONAL REQUIREMENTS FOR SERVICES NEEDING ACCREDITATION BY ISO17025
9.1. All elements of the quality management system (QMS) discussed so far are applicable;
nevertheless, certification against ISO9001 does not of itself demonstrate the competence of a
laboratory to produce technically valid data and results. ISO17025 establishes additional
requirements, which, on fulfilment are intended to enable a laboratory to demonstrate that it
operates a QMS, is technically competent and able to generate technically valid results.
Testing and calibration laboratories that are accredited as complying with ISO17025 will also
operate in accordance with ISO9001. Section 9 applies only to activities requiring
accreditation – typically calibration and testing laboratories.
ADDITIONAL MANAGEMENT REQUIREMENTS (Chapter 4, ISO17025)
Organization (§4.1, ISO17025)
9.2. Special organizational requirements of ISO17025 for calibration and testing laboratories
emphasize the importance that the laboratory can be held legally responsible for the services
provided and that integrity of services is maintained throughout the calibration and testing
operations.
9.3. The organization needs to have a formal declaration as part of its QMS affirming that
management and personnel are free from any undue internal and external commercial,
financial and other pressures and influences that may adversely affect the quality of their
work. In addition to being stated in the quality manual, this might also be included in
documents such as a separate policy statement, a clause in a labour contract, or an employee
handbook.
9.4. In order to be sure that tests and calibrations are performed according to established
quality standards, laboratories need to provide adequate supervision of testing and calibration
staff, including trainees, by persons familiar with methods and procedures, with the purpose of
each test or calibration, and with the assessment of the test or calibration results.
9.5. Laboratories to be accredited under ISO17025 shall appoint deputies for key personnel
including technical director and quality manager in order to provide continuity of qualified
management even when primary individuals may be absent.
46
Review of requests, tenders and contracts (§4.4, ISO17025)
9.6. When reviewing requests, tenders and contracts, in addition to the requirements of
ISO9001 the laboratory shall make sure that the appropriate test or calibration method is
selected and capable of meeting the clients’ requirements. Contract review also extends to any
work that is to be subcontracted by the laboratory.
Subcontracting of tests and calibrations (§4.5, ISO17025)
9.7. For calibration and testing laboratories, subcontracting means placing work covered by
the scope of accreditation with a third party outside the immediate control of the primary
contracting laboratory. It does not include, for example, contracting with a reference
laboratory to provide intercomparison samples, contracting with an employment agency to
provide supplemental support workers, or similar activities. Subcontractors shall be required
to demonstrate the same level of competence as that of the accredited laboratory that is
serving as prime contractor. This can be accomplished either by the subcontractor holding an
equivalent accreditation in its own right or by the prime contractor completing a quality
system audit of the subcontractor’s operation.
9.8. ISO17025 requires that accredited laboratories proposing to subcontract tests and
calibrations inform affected clients of the arrangement in writing and, when appropriate, gain
the approval of the client; preferably in writing.
9.9. The laboratory is responsible to the client for the subcontractor’s work except in the
case where the client or a regulatory body specifies which subcontractor is to be used. In the
case of a deficiency or non-conformance attributable to a subcontractor, the laboratory has the
same responsibility to notify its clients and issue corrected reports as if the deficiency or non-
conformance had occurred within its own facility.
9.10. The laboratory shall maintain a register of all subcontractors that it uses for tests or
calibrations and a record of the evidence of compliance with this international standard for the
work in question.
Purchasing services and supplies (§4.6, ISO17025)
9.11. The general requirements of ISO9001 apply to laboratories accredited under ISO17025.
In addition, the laboratory shall evaluate suppliers of critical consumables, supplies and
47
services that affect the quality of testing and calibration, and maintain records of these
evaluations.
Service to the client (§4.7, ISO17025)
9.12. In addition to maintaining good communication with clients, accredited laboratories are
required by ISO17025 to allow clients to monitor their performance. This can be
accomplished by allowing the client reasonable access to the laboratory for purpose of
witnessing tests or calibrations, providing the client an opportunity to submit items for
verification purposes, using client feedback surveys, or other activities. All activities
involving monitoring by clients shall be conducted in a manner that preserves the
confidentiality of the laboratory’s relationship with other clients. Feedback from client
monitoring should be documented and used to improve the quality system.
Complaints (§4.8, ISO17025)
9.13. The laboratory shall have a policy and procedure for the resolution of complaints
received from clients or other parties. Records shall be maintained of all complaints and of the
investigations and corrective actions taken by the laboratory (see also §4.10).
Control of non-conforming testing and/or calibration work (§4.9, ISO17025)
9.14. Calibration and testing laboratories shall, as a matter of policy, have procedures that are
invoked when any aspect of their testing or calibration work, or the results of this work, do not
conform to their own procedures or the agreed requirements of the client. §4.9, ISO17025
establishes explicit requirements for actions that shall be taken under such circumstances.
Control of records (§4.12, ISO17025)
9.15. Differences to the requirements for certification relate to technical records.
9.16. The laboratory shall retain records of original observations, derived data and sufficient
information to establish an audit trail, calibration records and a copy of each test report or
calibration certificate issued for a defined period. The records for each test or calibration shall
contain sufficient information to facilitate, if necessary, identification of factors affecting
uncertainty and to enable the test or calibration to be repeated under conditions as close as
possible to the original. The records shall include the identity of personnel responsible for
sampling, performing each test or calibration and checking results.
48
9.17. In certain fields, it may be impossible or impractical to retain records of all original
observations.
9.18. Technical records are accumulations of data and information that result from carrying
out tests or calibrations and which indicate whether specified quality or process parameters
were achieved. They may include forms, contracts, worksheets, workbooks, checklists, work
notes, control graphs, external and internal test reports and calibration certificates, clients’
notes, papers and feedback. Observations, data and calculations shall be recorded at the time
they are made and shall be linkable to the specific task.
9.19. When mistakes occur in records, each mistake shall be crossed out, not erased, made
illegible or deleted, and the correct value entered alongside. All such alterations to records
shall be signed or initialled by the person making the correction. In the case of records stored
electronically, equivalent measures shall be taken to avoid loss or change of original data.
Internal audit (§4.13, ISO17025)
9.20. The internal audit programme, contrary to the requirements for certification, shall
address all elements of the quality system, including testing or calibration activities.
9.21. It is the responsibility of the quality manager to plan and organize audits as required by
the schedule and requested by management. Whenever resources permit, audits shall be
carried out by personnel who are independent of the activity to be audited. Individuals
conducting audits shall receive training appropriate to the task.
9.22. When audit findings cast doubt on the effectiveness of the operations or on the
correctness or validity of the laboratory’s test or calibration results, the laboratory shall take
timely corrective action, and shall notify clients in writing if investigations show that the
laboratory results may have been affected.
ADDITIONAL TECHNICAL REQUIREMENTS (Chapter 5, ISO17025)
Personnel (human resource planning) (§5.2, ISO17025)
9.23. The laboratory shall ensure that only competent personnel:
a) use the equipment (responsible for measurement results)
b) perform tests and calibrations
49
c) evaluate and interpret measurement results
d) sign the measurement results
e) supervise staff training
9.24. To ensure the above requirements, staff shall have appropriate education, training and
demonstrated skills (experience). Additional qualification requirements shall be evaluated, the
training planned, carried out and validated. Valuable help for these tasks can be provided by
establishing:
a) a table for all tasks (processes, job description / responsibility)
b) a table for possible (task-relevant) training courses (internal/external)
c) a table on attended training courses (including course validation)
d) a timetable for the training programme.
9.25. Finally, there is a need for a method to recognize the effect of the training for each staff.
Management has to ensure that enough personnel is employed to do the work under good
conditions (number of personnel shall correspond to the number of contracts). A useful help
can be to supervise the planning using a database.
Laboratory facilities (accommodation and environmental conditions) (§5.3, ISO17025)
9.26. Management has to provide adequate laboratory facilities to perform all processes under
consistent and familiar conditions. The management has to ensure that:
a) technical standards and requirements are fulfilled, (facilities, computers, programs);
b) adequate technical documentation is available (handbooks, tables, manuals);
c) necessary environmental conditions (influencing results) are well known, correctly
upheld, documented, monitored and recorded (thresholds and responsibility for stopping
a task shall be defined);
d) access to the facilities is restricted and monitored (who goes in an out?);
e) procedures for a good housekeeping have been defined and documented;
50
f) work in one room shall not disturb the process in the adjoining room.
Test and calibration methods and method validation (§5.4, ISO17025)
9.27. Each measurement method needs to be well documented in a procedure, describing the
task, if deemed necessary, step by step. The management shall ensure that staff is using an up-
to-date method and carries out the daily work guided by these documented methods. The
selected method shall be well known (accuracy, correctness, repeatability, reproducibility,
robustness, etc.) and the range of measurement uncertainty known and shown on the
measurement report.
9.28. Considering the following points may help in fulfilling the above requirements:
a) Methods shall be planned methodically, documented in a form suitable to the working
style of the laboratory.
b) This documentation could describe the measurement method on a step-by-step basis and
shall include guidance on how to keep necessary records.
c) As a first method of validation, the newly developed measurement method shall be
tested with different parameters (results shall be documented and interpreted).
d) An additional step of validation providing a go/no go decision could be incorporated
into the method.
e) Determine the actions to be taken when a deviation (error) occurs (who has to do what
and when?).
f) Organize the dataflow of measurement results (who needs which information when, in
which form and how can data backup be ensured?).
Equipment (equipment used for calibration or testing) (§5.5, ISO17025)
9.29. The laboratory shall possess adequate equipment to perform the services to the
customer, including sampling, sample preparation, measurement or calibration, calculations
and reporting. The equipment to produce the measurement results shall be functional and able
to be used for day-to-day measurements.
9.30. The following activities may help to ascertain that the requirements are fulfilled:
51
a) Periodic and documented calibrations shall be performed to guarantee correct
measurement results.
b) Periodic and documented function tests shall be performed between the calibration
times to test the correct functioning of the equipment.
c) All maintenance work provided for by the equipment manufacturer shall be done and
documented it in an equipment file.
d) Training and periodic retraining of every equipment user shall be completed to keep the
staff familiar with the equipment.
e) All equipment and self-designed software shall be clearly identified. This may be
accomplished through documentation sufficient to ensure software validation and proper
equipment set-up.
f) Outgoing and incoming equipment checks are required if a piece of equipment is used
outside the laboratory.
g) All calculations, including those performed by common off the shelf software (e.g.
spreadsheets) in respect to the equipment shall be documented and validated.
Measurement traceability (calibration and testing) (§5.6, ISO17025)
9.31. To be sure that the measurement results will comply with international standards, each
measurement device (which has an influence on the result) shall be calibrated before being put
into service and in defined intervals afterwards. The standards used for these calibrations shall
be traceable to the International System of Units (SI).
9.32. In some cases — e.g. in connection with 222Rn — the only means of providing
confidence in measurements is through participation in suitable international intercomparison
exercises.
9.33. Calibration services have to trace their standards and measuring instruments to the SI by
means of an unbroken chain of calibrations or comparisons linking them to relevant primary
standards of the SI units of measurement. For measurement services this traceability can be
gained by using a calibration service.
9.34. To keep a calibration or measurement service operational it may be helpful to:
52
a) organize information on all calibration standards used into a database file, giving
— calibration data,
— serial number of units calibrated,
— date of last/next calibration,
— location and name of tester;
b) store all calibration procedures and their outcome, the calibration certificates in the
laboratory;
c) support the periodical calibration with a time-schedule program;
d) keep calibrated spare parts available for important devices to shorten downtime in case
of a malfunction.
Sampling (§5.7, ISO17025)
9.35. If a testing laboratory is also sampling, it shall do so according to accepted standards or
documented procedures. If a sub contractor or customer is sampling, it shall be ensured that
the same restrictions and conditions apply as for the laboratory.
9.36. Considering the following points may help in implementing a procedure for sampling:
a) Requirements of applicable standards and of customers (sampling location, sampling
time, name of sampling person, technical conditions…) shall be addressed.
b) Any possible negative influence on the samples during sampling, sample transport,
handling, storage and analyzing shall be avoided.
c) Procedures shall be well documented and may use statistical methods as a basis for
providing well identified samples and sample data for the measurement process.
d) Information shall be given to the customer if the sampling process reveals some
problems or errors or in the case that the sampling was performed incorrectly.
53
Handling of test and calibration items (§5.8, ISO17025)
9.37. Test and calibration items have to be handled with extreme care to maintain their
identity and never to lose the connection between the item and its description.
9.38. The laboratory, therefore, shall have a procedure in place, that provides:
a) identification and labelling of incoming test and calibration items;
b) reporting of any abnormalities found on the items handled;
c) instructions for handling, storage, transport and necessary environmental conditions to
maintain for the testing or calibration items;
d) instructions on the returning of the items to the customer or any kind of approved
disposal routine.
Assuring quality of test and calibration results (§5.9, ISO17025)
9.39. The laboratory needs to have a procedure in place to ensure continuous control of
quality of the services rendered to the customer.
9.40. When designing such a procedure, consider:
a) using only certified (reference) materials for calibration and internal quality control;
b) carrying out all measurements and calibrations according to the applicable
documentation;
c) participating in interlaboratory comparison or proficiency-testing programme;
d) replicating tests or calibrations using the same or different methods;
e) retesting or recalibration of retained items;
f) correlation of results for different characteristics of an item;
g) using statistical methods, like control charts, to determine the quality of calibration
results over a longer time period to find trends of possible instrument degradation.
54
Reporting results (§5.10, ISO17025)
9.41. Results shall be reported to the customer in an understandable and accurate way so that
the requirements of the regulation bodies and customers needs are fulfilled.
9.42. The laboratory shall devise a layout of its reports recognizing:
a) requirements of regulating bodies
b) requirements of standards
c) internal rules of reporting within the organization
(For more detailed information about the necessary contents of test and calibration reports see
ISO17025 §5.10)
9.43. Care shall be taken to clearly designate data coming from subcontractor.
9.44. The laboratory shall have a procedure in place describing the routine for changing
reports in the case that there are errors detected in the original version.
9.45. All reports issued shall be regarded as records and treated according to procedures
specified according to §5.6.4.
55
REFERENCES
[1] FOOD AND AGRICULTURE ORGANIZATION OF THE UNITED NATIONS, INTERNATIONAL ATOMIC ENERGY AGENCY, INTERNATIONAL LABOUR ORGANISATION, NUCLEAR ENERGY AGENCY OF THE ORGANISATION FOR ECONOMIC CO-OPERATION AND DEVELOPMENT, PAN AMERICAN HEALTH ORGANISATION, WORLD HEALTH ORGANISATION, Radiation Protection and the Safety of Radiation Sources, Safety Series No. 120, IAEA, Vienna (1996).
[2] INTERNATIONAL ATOMIC ENERGY AGENCY, The Safety of Nuclear Installations, Safety Series No 110, IAEA, Vienna (1993).
[3] INTERNATIONAL ATOMIC ENERGY AGENCY, The Principles of Radioactive Waste Management, Safety Series No 111-F, IAEA, Vienna (1995).
[4] FOOD AND AGRICULTURE ORGANISATION OF THE UNITED NATIONS, INTERNATIONAL ATOMIC ENERGY AGENCY, INTERNATIONAL LABOUR ORGANISATION, NUCLEAR ENERGY AGENCY OF THE ORGANISATION FOR ECONOMIC CO-OPERATION AND DEVELOPMENT, PAN AMERICAN HEALTH ORGANISATION, WORLD HEALTH ORGANISATION, International Basic Safety Standards for Protection against Ionizing Radiation and for the Safety of Radiation Sources, Safety Series No. 115, IAEA, Vienna (1996).
[5] INTERNATIONAL ORGANISATION FOR STANDARDIZATION, ISO / IEC GUIDE 2:1996 , Standardization and related activities -- General vocabulary, ISO, Geneva (1996).
[6] INTERNATIONAL ORGANISATION FOR STANDARDIZATION, ISO 9001:2000, Quality management systems — Requirements, ISO, Geneva (2000).
[7] INTERNATIONAL ORGANISATION FOR STANDARDIZATION, ISO/IEC 17025 (1999), General requirements for the competence of testing and calibration laboratories, ISO, Geneva (1998).
[8] INTERNATIONAL ATOMIC ENERGY AGENCY, INTERNATIONAL LABOUR OFFICE, Occupational Radiation Protection, Safety Standards Series No. RS-G-1.1, IAEA, Vienna (1999).
[9] INTERNATIONAL ATOMIC ENERGY AGENCY, INTERNATIONAL LABOUR OFFICE, Assessment of Occupational Exposure due to Intakes of Radionuclides, Safety Standards Series, No. RS-G-1.2, IAEA, Vienna (1999).
[10] INTERNATIONAL ATOMIC ENERGY AGENCY, INTERNATIONAL LABOUR OFFICE, Assessment of Occupational Exposure due to External Sources of Radiation, Safety Standards Series, No. RS-G-1.3, IAEA, Vienna (1999).
[11] INTERNATIONAL ATOMIC ENERGY AGENCY, INTERNATIONAL LABOUR ORGANISATION, WORLD HEALTH ORGANISATION, Health Surveillance of Persons Occupationally Exposed to Ionizing Radiation: Guidance for Occupational Physicians, Safety Reports Series No.5, IAEA, Vienna (1998).
56
[12] INTERNATIONAL ATOMIC ENERGY AGENCY, Optimization of Radiation Protection in Occupational Exposure, Safety Reports Series No. 21, IAEA, Vienna (2002).
[13] INTERNATIONAL ATOMIC ENERGY AGENCY, Direct methods for measuring radionuclides in the human body, Safety Series No. 114, IAEA, Vienna (1996).
[14] INTERNATIONAL ATOMIC ENERGY AGENCY, Safety Report on Indirect methods for assessing intakes of radionuclides causing occupational exposure, Safety Reports Series No. 18, IAEA, Vienna (2000).
[15] INTERNATIONAL ATOMIC ENERGY AGENCY, Safety Report on Assessment of radiation doses from intakes of radionuclides by workers, Safety Report (in preparation), IAEA, Vienna (2003).
[16] INTERNATIONAL ATOMIC ENERGY AGENCY, Calibration of Radiation Protection Monitoring Instruments, Safety Reports Series No. 16, IAEA, Vienna (2000).
[17] INTERNATIONAL ATOMIC ENERGY AGENCY, Radiation and Waste Safety in the Oil and Gas Industry, Safety Reports Series (in preparation), IAEA, Vienna.
[18] INTERNATIONAL ATOMIC ENERGY AGENCY, Radiation Protection against Radon in Workplaces other than Mines, Safety Reports Series (in preparation), IAEA, Vienna.
[19] INTERNATIONAL ATOMIC ENERGY AGENCY, Methods for Reducing Occupational Exposure during Decommissioning of Nuclear Facilities, Technical Reports Series No. 278, IAEA, Vienna (1987).
[20] INTERNATIONAL ATOMIC ENERGY AGENCY, Neutron Monitoring in Radiation Protection, Technical Reports Series No. 252, IAEA, Vienna (1985).
[21] INTERNATIONAL ATOMIC ENERGY AGENCY, Compendium of Neutron Spectra and Detector Responses for Radiation Protection Purposes, Technical Reports Series No. 318, IAEA, Vienna (1990).
[22] INTERNATIONAL ATOMIC ENERGY AGENCY, Compendium of Neutron Spectra, Detector Responses for Radiation Protection Purposes. Supplement to Technical Reports Series No. 318, Technical Reports Series No. 403, IAEA, Vienna (2001).
[23] INTERNATIONAL ORGANISATION FOR STANDARDIZATION, ISO9000:2000, Quality management systems - Fundamentals and vocabulary, ISO, Geneva (2000).
[24] INTERNATIONAL ATOMIC ENERGY AGENCY, Practical Radiation Technical Manual on Personal Monitoring, IAEA, Vienna (1995).
[25] INTERNATIONAL ATOMIC ENERGY AGENCY, Practical Radiation Technical Manual on Workplace Monitoring for Radiation and Contamination, IAEA, Vienna (1995).
[26] INTERNATIONAL ATOMIC ENERGY AGENCY, Practical Radiation Technical Manual on Personal Protective Equipment (in preparation), IAEA, Vienna.
57
[27] INTERNATIONAL ORGANISATION FOR STANDARDIZATION, ISO9004:2000, Quality management systems — Guidelines for performance improvements, ISO, Geneva (2000).
58
BIBLIOGRAPHY
[1] INTERNATIONAL COMMISSION ON RADIOLOGICAL PROTECTION, General Principles for the Radiation Protection of Workers, Publication No. 75, Pergamon Press, Oxford and New York (1997).
[2] INTERNATIONAL COMMISSION ON RADIOLOGICAL PROTECTION, 1990 Recommendations of the International Commission on Radiological Protection, Publication No. 60, Pergamon Press, Oxford and New York (1991).
[3] INTERNATIONAL COMMISSION ON RADIOLOGICAL PROTECTION, INTERNATIONAL COMMISSION ON RADIATION UNITS AND MEASUREMENTS, Conversion Coefficients for Use in Radiological Protection Against External Radiation, Report of the Joint Task Group, ICRP Publication No. 74, ICRU Report No. 57 (1997).
[4] INTERNATIONAL COMMISSION ON RADIATION UNITS AND MEASUREMENTS, Quantities and Units in Radiation Protection Dosimetry, Report No. 51, ICRU, Bethesda, MD (1993).
[5] INTERNATIONAL COMMISSION ON RADIATION UNITS AND MEASUREMENTS, Measurement of Dose Equivalents from External Photon and Electron Radiations, Report No. 47, ICRU, Bethesda, MD (1992).
[6] INTERNATIONAL LABOUR OFFICE, Radiation Protection of Workers (ionising radiations) and ILO Code of Practice, ILO, Geneva (1987).
[7] INTERNATIONAL COMMISSION ON RADIOLOGICAL PROTECTION, Protection Against Radon-222 at Home and at Work, Publication No. 65, Pergamon Press, Oxford and New York (1993).
[8] UNITED NATIONS SCIENTIFIC COMMITTEE ON THE EFFECTS OF ATOMIC RADIATION, Sources and Effects of Ionizing Radiation: 1993 Report to the General Assembly with Scientific Annexes, United Nations, New York (1993).
[9] EURADOS, Exposure of Air Crew to Cosmic Radiation: A Report of EURADOS Working Group 11, Radiation Protection No. 85, European Commission, Luxembourg (1996).
[10] INTERNATIONAL COMMISSION ON RADIOLOGICAL PROTECTION, Dose Coefficients for Intakes of Radionuclides by Workers, Publication No. 68, Pergamon Press, Oxford and New York (1994).
[11] NUCLEAR ENERGY AGENCY OF THE ORGANISATION FOR ECONOMIC CO-OPERATION AND DEVELOPMENT, Work Management in the Nuclear Power Industry: A Manual prepared for the NEA Committee on Radiation Protection and Public Health by the ISOE Expert Group on the Impact of Work Management on Occupational Exposure, OECD/NEA, Paris (1997).
[12] NUCLEAR ENERGY AGENCY OF THE ORGANISATION FOR ECONOMIC CO-OPERATION AND DEVELOPMENT, Considerations on the Concept of Dose
59
Constraint: A Report by a Joint Group of Experts from the OECD Nuclear Energy Agency and the European Commission, OECD/NEA, Paris (1996).
[13] INTERNATIONAL ATOMIC ENERGY AGENCY, The Safety of Radiation Sources, Safety Standards Series, (in preparation), IAEA, Vienna.
[14] INTERNATIONAL ORGANISATION FOR STANDARDIZATION, Quality Management and Quality Assurance Standards, Part 1: Guidelines for Selection and Use, ISO 9000-1, Geneva (1994).
[15] INTERNATIONAL ATOMIC ENERGY AGENCY, Quality Assurance for Safety in Nuclear Power Plants and other Nuclear Installations, Safety Series No. 50-C/SG-Q, IAEA, Vienna (1996).
[16] INTERNATIONAL ORGANISATION FOR STANDARDIZATION, INTERNATIONAL ELECTROTECHNICAL COMMISSION, General Requirements for the Competence of Calibration and Testing Laboratories, ISO/IEC Guide 25, Geneva (1990).
[17] INTERNATIONAL ATOMIC ENERGY AGENCY, Intervention Criteria in a Nuclear or Radiation Emergency, Safety Series No. 109, IAEA, Vienna (1994).
[18] INTERNATIONAL ATOMIC ENERGY AGENCY, WORLD HEALTH ORGANISATION, Diagnosis and Treatment of Radiation Injuries, Safety Reports Series No. 2, IAEA, Vienna (1998).
[19] INTERNATIONAL ATOMIC ENERGY AGENCY, WORLD HEALTH ORGANISATION, Planning the Medical Response to Radiological Accidents, Safety Reports Series No. 4, IAEA, Vienna (1998).
[20] INTERNATIONAL ORGANISATION FOR STANDARDIZATION, ISO10005: 1995, Quality management - Guidelines for quality plans, ISO, Geneva (1995).
[21] INTERNATIONAL ORGANISATION FOR STANDARDIZATION, ISO10007: 1995, Quality management - Guidelines for configuration management, ISO, Geneva (1995).
[22] INTERNATIONAL ORGANISATION FOR STANDARDIZATION, ISO100011-1: 1990, Guidelines for auditing quality systems.-Part 1: Auditing, ISO, Geneva (1990).
[23] INTERNATIONAL ORGANISATION FOR STANDARDIZATION, ISO/DIS10012-1:1992, Quality assurance requirements for measuring equipment — Part 1: Metrological confirmation system for measuring equipment, ISO, Geneva (1992).
[24] INTERNATIONAL ORGANISATION FOR STANDARDIZATION, ISO10012-2:1997, Quality assurance for measuring equipment — Part 2: Guidelines for control of measurement of processes, ISO, Geneva (1997).
[25] INTERNATIONAL ORGANISATION FOR STANDARDIZATION, ISO10013:1995, Guidelines for developing quality manuals, ISO, Geneva (1995).
[26] INTERNATIONAL ORGANISATION FOR STANDARDIZATION. ISO/IEC Guide 58:1993, Calibration and testing laboratory accreditation systems — General requirements for operation and recognition, ISO/IEC, Geneva (1993).
60
[27] INTERNATIONAL ORGANISATION FOR STANDARDIZATION, ISO/IEC Guide 43-1, Proficiency testing by interlaboratory comparisons — Part 1: Development and operation of proficiency testing schemes, ISO/IEC, Geneva (1994).
[28] INTERNATIONAL ORGANISATION FOR STANDARDIZATION, ISO/IEC Guide 43-2, Proficiency testing by interlaboratory comparisons — Part 2: Selection and use of proficiency testing schemes by laboratory accreditation bodies, ISO/IEC, Geneva (1994).
61
ANNEX I
GROUPED PROCESSES LIST
It is advisable to group all processes and actions needed according to Section 4.3.5.
MANAGEMENT RESPONSIBILITY
In the frame of management responsibility processes the following issues and related
actions shall be covered:
a) Management commitment (ISO9001 – 5.1) Define a quality policy, quality objectives
and applicable performance indicators for all processes.
b) Customer focus (ISO9001 – 5.2) Define methods of determining customer needs and
enhancing customer satisfaction.
c) Quality policy (ISO9001 – 5.3) Define a policy according to organization purpose.
Define methods to:
— make all staff comply with and improve the QMS;
— communicate the quality policy within the organization; and
— review the quality policy to keep it suitable to the organizational purpose.
d) Planning (ISO9001 – 5.4) Define methods to produce, maintain and improve a quality
manual.
Set-up rules for controlling relevant documents, including those supporting methods:
— for approving, issuing, reviewing and updating existing documents;
— for ensuring that existing documents are up to date;
— for preventing the use of obsolete documents.
Define ways of treating quality records deriving from procedures, including:
— establishing an identification system;
62
— devising storage and retrieval methods;
— guaranteeing adequate minimum protection period to the records;
— imposing an adequate time for retention of the records; and
— defining a method of disposal after the retention-time has run out.
e) Responsibility, Authority and Communication (ISO9001 – 5.5) Define the
organizational structure; set up responsibilities and authorities (job description); appoint
a quality manager and define ways of communication within the organization.
f) Management review (ISO9001 – 5.6) Define the method for assessment of the QMS
through a management review4, for assessment of the performance of the organization
and for dealing with regulatory bodies.
RESOURCE MANAGEMENT
In the frame of resource management processes the following issues (discussed in
greater detail in section 6) shall be covered:
a) Provision of resources (ISO9001– 6.1) Implement, maintain and improve the QMS and
to enhance customer satisfaction.
b) Human resources (ISO9001– 6.2) Define the provision of human resources including:
developing methods of job evaluation; identifying competency needs for personnel;
devising training plans for personnel and evaluating the effectiveness of training.
c) Infrastructure (ISO9001– 6.3) Define the provision of working facilities including:
— safe handling, transport, storage, use and planned maintenance of equipment;
— provision of working equipment (hardware and software);
— ensuring proper calibration of measuring instruments; and
4 An activity undertaken to ensure the suitability, adequacy, effectiveness and efficiency of the subject
matter to achieve established objectives (see ISO9000 2.8.6)
63
— maintaining and servicing facilities and equipment.
d) Work environment (ISO9001 – 6.4) Define ways to control the working environment.
PRODUCT REALIZATION
In the frame of product realization processes, the following issues (discussed in greater
detail in section 0) shall be covered:
a) Planning of product realization (ISO9001-7.1) Define quality objectives and
requirements for the product, the necessary processes and process descriptions, control
processes needed for the production process including acceptance criteria and records
necessary to document the production process.
b) Customer-related processes (ISO9001 – 7.2) Define methods to determine customer
requirements, including those:
— specified for the product by the customer;
— not specified by the customer, but necessary;
— stipulated by legal and regulatory authorities related to the products.
Define methods to establish and review the customer contracts and to ensure the ability
of the organization to meet the contracted requirements.
Define arrangements for communication with the customer.
c) Design and development (ISO9001 – 7.3) Define methods to design the product for the
customer including definition of design process stages; definition of adequate review,
verification and validation activities; definition of responsibilities and authorities for the
activities.
d) Purchasing (ISO9001 – 7.4) Define arrangements for purchasing goods, including
necessary approvals and activities to verify the purchased products.
e) Production and service provision (ISO9001 – 7.3) Define methods to realize the
designed product including monitoring and recording the realization process; caring for
customer property needed for the realization process and using qualified personnel and
equipment.
64
f) Control of monitoring and measuring devices (ISO9001 – 7.6) Define methods of
controlling necessary measuring devices including establishment of adequate calibration
procedures and calibration plans; and protection of all instruments from damage,
deterioration and maladjustment. Define the necessary corrective actions if measuring
devices malfunction.
MEASUREMENT, ANALYSIS AND IMPROVEMENT
In the frame of measurement, analysis and improvement processes, the following issues
(discussed in greater detail in section 0) shall be covered:
a) General (ISO9001 – 8.1) Define methods of measurement, analysis, monitoring and
improvement including adequate statistical data analysis.
b) Monitoring and measurement (ISO9001 – 8.2) Define the arrangement of internal audits
and a method to monitor and evaluate customer satisfaction.
c) Control of non-conforming product (ISO9001 – 8.3) Define ways of controlling
nonconformities.
d) Analysis of data (ISO9001 – 8.4) Define methods to identify, collect and analyse data to
demonstrate the effectiveness of the QMS, including data on customer satisfaction,
product compliance, and process and supplier performance.
e) Improvement (ISO9001 – 8.5) Define procedures to correctly carry out corrective and
preventive actions.
65
ANNEX II
QUALITY POLICY
This Annex presents an example of quality policy example.
QUALITY POLICY OF OUR ORGANIZATION
We are fully committed to meeting or exceeding our customers’ expectations, and
achieving our objective of being a preferred supplier.
We believe quality consists of services provided on time and in conformance with
customer requirements. We believe in effective service definition with our customers (‘doing
it right the first time’).
In order to meet the requirement of our customers our organization applies well
established good professional praxis to all services and has developed a quality management
system (QMS) based on ISO9001:2000 and ISO/IEC17025 which applies to all operational
services. The aim of this QMS is to ensure the highest quality of services to our customers.
Management commits itself, in the course of its own work, to complying with the
quality system it has endorsed and to improving the quality of operations.
All staff members of our organization shall be familiar with the QMS and it is their
responsibility to ensure full compliance with this System. In order to support staff in this
endeavour, the management commits itself to identifying and meeting current and anticipated
training needs.
As a company, we are committed to continuous improvement in the quality of all our
services. We are also committed to continuous improvement and enhancement of our
relationships with customers, shareholders, employees, suppliers and partners.
Meeting this commitment requires management and employees to work together as a
team, establish objectives to support this quality commitment, and continually review
performance to these objectives.
66
ANNEX III
QUALITY OBJECTIVES
This Annex presents examples of quality objectives. First an example that may be valid
for an organization during initial implementation of a quality management system (QMS).
QUALITY OBJECTIVES OF OUR ORGANIZATION
supplying our customers with reliable and consistent services, and to this end
implementing a QMS complying with the international standards ISO9001:2000
and ISO/IEC 17025;
operating our advisory groups and/or laboratories under full implementation of QMS;
acquiring accreditation for all services rendered by our laboratories.
For an organization running a well established QMS, the quality objectives may look
different as a result of management reviews already performed, where quality objectives have
been adapted:
QUALITY OBJECTIVES OF OUR ORGANIZATION
endeavouring, at any time, to maximize customer satisfaction with the services provided;
promoting customer/supplier relationships through fulfilling customer needs by providing the
necessary service delivered on time;
continuously improving quality and productivity and by that obtaining and maintaining market
leadership;
promoting, developing and improving the skills of our staff at all levels in order to enhance
quality awareness and maintain a highly motivated and competitive team;
maintaining the high standard of our quality system through the application of regular audits
and reviews;
67
ANNEX IV
DUTIES OF QUALITY MANAGER
QUALITY MANUAL
To establish and update the quality management system
To ensure compliance with the relevant standards of any documents within the QA system
To keep all records (e.g. internal and external audit reports, quality policy, quality goals,
protocols of management reviews, reports of non-compliance, equipment list) originating
within the QA system if not otherwise stated within a procedure
To organize and supervise the quality audits, to write a quality report annually and to organize
the management review
To provide training and assistance in quality matters to all members of OP staff
To report on any non-compliance with the established procedures within the work of the
organization.
DOCUMENT CONTROL
To keep the documentation in compliance with applicable standards
To update the list of internal and external documents in force
To archive one copy of all distributed versions of documents.
To distribute the quality documentation to all staff members.
To perform a review of the documentation status every two years.
REQUESTS AND CONTRACTS
To keep the records of denied requests for further evaluation.
SUBCONTRACTING
To keep the records of subcontractor evaluation
68
To keep a list of competent subcontractors used by the testing laboratory
PURCHASING SERVICES AND SUPPLIES
To validate the acceptability of documents of compliance received from suppliers
To keep a list of acceptable suppliers.
SERVICE TO CUSTOMERS
To keep a list of customer visits to the laboratory
To keep records of customer feedback
To help gather feedback from the customers at regular (annual) intervals.
COMPLAINTS
To keep the ensuing records.
CONTROL OF NONCONFORMITIES
To keep the records
To assist in processing the corrective action procedure.
CORRECTIVE AND PREVENTIVE ACTION
To keep the ensuing records
CONTROL OF RECORDS
As author of a procedure
To identify necessary records
To propose a record keeper
To define how records are stored (optional).
As nominated record keeper (by procedure)
To collect, file and store the records
69
To maintain the legibility of records
To facilitate access to the records for authorized persons.
To decide how to dispose of managerial records when the period of storage has expired.
Internal audits
To plan the audit at the prescribed intervals
To select, train and appoint the auditor(s)
To prepare an audit questionnaire
To ascertain that the audit has been successfully completed
To collect the individual audit reports.
Acting as Auditor
To be informed about the scope of the audit
To read and check the relevant quality documentation
To adapt, if deemed necessary, the audit questionnaire
To adhere strictly to the scope and time frame of the audit
To record audit questions, answers and controlled documentation
To prepare an audit report.
MANAGEMENT REVIEW
To prepare all necessary input documents
To document the results of the review.
70
ANNEX V
CHECKLIST TO EVALUATE REQUESTS FOR CONTRACTS
Are the requirements of the request well defined ? yes no n/a
Is there already a validated, documented and authorized method
of delivering the service in force ? yes no n/a
Does the method reach the necessary accuracy and
precision (limits of uncertainty) ? yes no n/a
Does the method reach the necessary limits of detection
according to the customer’s requirements ? yes no n/a
Is the necessary equipment physically available
within the timeframe of the request ? yes no n/a
Do we have a valid calibration for the equipment ? yes no n/a
Do we have time to do a calibration ? yes no n/a
Do we have standards to do a calibration ? yes no n/a
Is a technician available to do the calibration in time ? yes no n/a
Are all the necessary supplies available ? yes no n/a
Do we have time to purchase them ? yes no n/a
Do we have funding to purchase them ? yes no n/a
Is a technician available to do the work within the customers timeframe ? yes no n/a
Is this technician experienced in the work to be done ? yes no n/a
Can the available technician be trained in time ? yes no n/a
To approve a request, ‘NO’ is acceptable for a main question if it is compensated by ‘YES’
for all the subsidiary questions !!
Date Name Signature
71
ANNEX VI
EXAMPLE OF A JOB DESCRIPTION
JOB DESCRIPTION FOR PROFESSIONAL POSTS
Working out the following requirements will result in a thorough description of any job in a
testing laboratory
Functional title and current grade of post
Incumbent’s supervisor
Functional title
State the main purposes (objectives) of the post (Overall role/functions of the post with stress
being placed on the more important aspects):
Summarize the major duties and responsibilities of the position in order of importance and
indicate in the margin the percentage of time spent on each (most jobs contain no more than 5
or 6 major responsibilities). First state what is being done, then how it is being done:
Describe the minimum knowledge requirements of the job:
Level and field of study of university degree (or the equivalent acquired through training or
self-study):
Minimum length and type of practical experience required:
at national level
at international level
Language(s):
proficiency required
other languages preferred
Work Role: What the job requires the incumbent to do (i.e. describe the analysis,
interpretation, adaptation, innovation, planning, co-ordination, and directing that the job
requires):
72
Describe the control exercised or guidance given by the supervisor in terms of planning,
controlling and reviewing the incumbent’s work, e.g. how often do you meet, how are
priorities handled, how is work achieved, how are instructions given
Indicate which regulations, manuals, precedents, policies, or other administrative and
technical guidelines apply to the incumbent’s work, and to what extent the incumbent is
permitted to interpret, deviate from, or establish new guidelines:
With whom (indicate title only), for what purpose, and how often is the incumbent required to
have contacts in the job? (Describe the most typical, not the most unusual, contacts) :
Describe the most important type(s) of decisions the incumbent is authorized to take and why
these are important
Describe the most important types of proposals expected of the incumbent in the job and why
these are important
Describe the most damaging involuntary error(s) that could be made in the work and the
effect(s) that would result:
Total staff in organizational units supervised by incumbent. (Note: ‘supervised’ means ‘held
accountable for the work.’)
73
CONTRIBUTORS TO DRAFTING AND REVIEW
Baehrle, H. Paul Scherrer Institute, Switzerland
Cruz-Suarez, R. International Atomic Energy Agency
Dias Acar, M.E. Instituto de Radioprotecảo e Dosimetria, Brazil
Dicey, B. Air Force Center for Radiation Dosimetry, United States of America
Fantuzzi, E. Radiation Protection Institute, Italy; EURADOS WG 2.
Zeger, J. ARC Seibersdorf Research, Austria
Prendes-Alonso, M. Centro de Proteccion e Higiene de las Radiaciones, Cuba