questions 12..15
TRANSCRIPT
[ Q U E S T I O N 1 2 ]
S U N D A Y , A U G U S T 1 6 , 2 0 0 9
QUALITY POLICY AND QUALITY OBJECTIVES IN ISO 9001:2008
K. R. Singhal
QUALITY POLICY
Let us begin with the concept of quality policy in QMS. The quality policy of an organization shapes approach of the organization to its customers. A quality policy establishes: (i) a commitment to quality, (ii) a commitment to continual improvement of the quality management system, (iii) the context for quality objectives, and (iv) how the organization’s objectives relate to customers’ requirements.
A quality policy of an organization must meet the following minimum criteria:(a) It should be linked to overall organizational goals,(b) It should be relevant to the needs and expectations of the customers of the organization.
Accordingly, the quality policy of an organization must provide a framework for establishing and reviewing organization’s quality objectives.
A quality policy should also include explicit commitments to customer satisfaction and continual improvement. Quality policy of an organization should have a clear statement of outcomes. The policy should have understood by the staff of the organization.
Product quality depends both on perceived customer satisfaction and on well motivated staff. Here it should be noted that the term ‘customer satisfaction’ could refer to both types of customers: (a) internal customers (staff of the organization), and (b) external customers (who buy product from the organization by paying the value).
There may be a situation that your organization may not have a quality policy, then you should try to develop a quality policy for your organization. It is often useful to first develop the overall organization’s policy, including policies for marketing, sales, production, finance etc. This exercise could make the quality policy easier to prepare. Organization’s commitment to quality should describe organization’s overall vision of what quality means to organization’s business and its customers. Clause 4.2.1 of ISO 9001:2008 Standard requires organization to document quality policy statement.
Clause 5.3 of ISO 9001:2008 Standard frames requirements with regard to quality policy, which include to ensure that quality policy is (i) appropriate to the purpose of the organization, (ii) includes a commitment to comply with requirements and continually improve the effectiveness of the quality management system, (iii) provides a framework for establishing and reviewing quality objectives, (iv) is communicated and understood within the organization, and (v) is reviewed for continuing suitability.
Tony Johnston (AJ Quality Management Consulting, Ireland) describes his three fold approach to writing a quality policy – (i) Write quality policy in a language that anyone can understand, (ii) Quality policy should be relative to the organization and believe by its employees when they read it, and (iii) It should make reference to the eight quality management principles, namely customer focus, leadership (management commitment), process approach, continual improvement, factual approach to decision making, mutually beneficial supplier relationship, system approach to management, and involvement of people. The quality policy should be endorsed by the managing director and it should be reviewed at least annually for suitability and updated if necessary.
While the John’s approach is good for writing quality policy and in addition to his approach if a reference for establishing and reviewing quality objectives is given in the quality policy, then it will be better.
If your organization has a quality policy, then you should evaluate your quality policy. Evaluate, whether your quality policy clearly linked to your overall organizational goals. If quality policy of your organization is not linked to your organizational goals, then you need to re-examine your policy and goals. Also find out answers to following questions:- Does the quality policy include commitment to customer satisfaction?- Does the quality policy include commitment to continual improvement?- Does the quality policy include aspects of service quality that are to be emphasized?- Does the quality policy include benefits for customers (quality outcomes)?- Is the quality policy focused on maximizing customer satisfaction with the services received?- Is the quality policy focused on maximizing customer satisfaction with the service received?- Is the quality policy focused on maximizing staff morale in providing client services?
On the basis of answers to above questions, you may wish to revise the quality policy of your organization.
An illustration of a Quality Policy
…. (name of the organization) …. is committed in achieving customer satisfaction by providing … (the quality characteristics of product provided by the organization) …. For our customers, in context of continual improvement, so that our customers will … (outcomes in relation to customers’ needs / expectations to be met) ….
Another illustration of Quality Policy
We, … (name of the organization) …, manufactures … (name of the products) …. We manufacture and market these products both for domestic and abroad markets. Our purpose is to produce products to satisfy needs of our customers. We continually improve our products and services to satisfy needs of our customers better. Our quality management system is designed to ensure the maintenance of the product quality through evaluation, inspection and verification processes at all stages of production.
We are committed to comply with customer as well as legal requirements and also
committed to continually improve the effectiveness of our quality management system. Our organization has decided to achieve quality objectives as set in the documented statement of quality objectives. The top management of our organization in the meeting of board of directors, at least once in every six months, reviews the quality management system of our organization.
QUALITY OBJECTIVES
ISO 9001:2008 QMS Standard requires that organization develop measurable quality objectives, consistent with the quality policy of the organization. Internal and external auditors review quality objectives at each audit to see if they are being met. For planning of the quality management system, it is necessary to establish measurable quality objectives. Requirements with respect to quality objectives are mentioned in clause 5.4.1 of ISO 9001:2008 Standard.
The top management of the organization needs to establish quality objectives. Top management of the organization must ensure that quality objectives (including those needed to meet requirements for the product) are established at relevant functions and levels within the organization. The quality objectives must be measurable and consistent with the quality policy of the organization. Clause 7.1 (a) of ISO 9001:2008 QMS Standard lays down that in planning product realization, the organization must determine quality objectives and requirements for the product. It is evident from this clause that the ISO 9001:2008 Standard now calls for objectives not only for the quality management system but also for the product.
Now questions arise:- How to set or develop quality objectives?- How to monitor quality objectives?
Developing Quality Objectives
Developing quality objectives provides the organization with the opportunity to identify areas of inefficiency. The organization can address such areas to improve customer satisfaction. The Management Representative of the organization should frame a committee (with the approval of the top management) for developing quality objectives. This committee should have members from all departments of the organization. The committee members should have conceptual knowledge on ISO 9001:2008 QMS Standard and also on eight quality management principles.
Members of the committee should be advised to frame quality objectives for their respective departments. Management Representative should act as a convener and call a meeting to finalize the quality objectives. Quality objectives finalized in such meeting should be sent to the top management for considering the same in the management review meeting and finalizing them as organization’s quality objectives.
For developing measurable quality objectives for your organization, you may use a worksheet. Worksheet for creating quality objectives may be as under:- List specific measurable activities that would improve customer satisfaction. Example – Responding to customer’s complaint on the day of its receipt, replying to letters within three days of receipt.- List specific measurable activities that would improve staff morale. Example – Monthly staff feedback on their performance.- List specific measurable activities that would improve staff efficiency. Example –
Providing computer training to staff.
From the answers that you would have listed for above questions, you may select quality objectives clearly linked to the quality policy of the organization and for each quality objective, you should specify:- What is to be done?- How often the organization will achieve the level of performance?- The date by which the organization will achieve that level of performance.
On careful study of clause 7.1 (a) of ISO 9001:2008 Standard, you will find that the standard calls for quality objectives not only for the quality management system but also for the product. Quality objectives need to be realistic and related to achievable outcomes, such as:- Meeting agreed customer requirements for delivery or other product characteristics within a certain percentage of time.- Meeting regulatory and other requirements for product and services.- Meeting the planned schedule for achieving the quality objectives targets.- Identifying opportunities for improvement.- Minimizing the cost of poor quality, rework or scrap.- Identifying new opportunities.
The Standard also requires that relevant objectives be established at appropriate parts of the organization. For example – Process performance targets, continual improvement targets be established at human resources, production, sales departments.
When setting up quality objectives, look for activities or indicators that employees can relate to and that can be measured. A few examples may be:- Reducing the production time- Achieving no failures or defects in production- Achieving cost reduction- Improving productivity- Increasing market share
It is very important point that people in the organization must be aware of how they contribute to the achievement of the quality objectives. Therefore, employees in the organization must know and understand the specific quality objectives that have been set up for their functions and level and how they can achieve them. For awareness of quality objectives, specific training sessions or campaigns may be organized.
At the service delivery, customer interface or at the production line, quality objectives should be very simple and direct.
Think carefully about the quality objectives set by you for the organization and the timeframe you intend to allow for them to be achieved. Keep in mind that quality objectives must be measurable. The organization should be able to check that the organization is achieving the objective and, if not, what the organization is going to do about the quality management system.
Monitoring Quality Objectives
It is the intention of the ISO 9001:2008 QMS Standard that the organization is producing quality product. Monitoring and measurement activities are planned and carried out to carefully improve. Question arises – how to monitor quality objectives?
If we carefully read clause 5.6.1 of ISO 9001:2008 QMS Standard, we will come to know that it is the responsibility of the top management to ensure continuing suitability, adequacy and effectiveness of the QMS and to review the organization’s quality management system at planned intervals. Review must include assessing opportunities for improvement and need for changes to the quality management system, including the quality policy and quality objectives.
Quality objectives may be monitored from the input information received from the following:- Internal and external audits- Customer feedback- Process performance reports- Product conformity reports
A Management Representative (MR) acts a link person between the top management and the organization. His role is very important for maintaining and improving the quality management system in the organization. It is the duty of the Management Representative to report to the top management on the performance of the quality management system and any need for improvement. Accordingly, he should monitor quality objectives from the input information received from various corners.
It is also important to tell employees in the organization regularly how well specified quality objectives are being met and where improvements are required. Quality objectives must be reviewed and revised from time to time as part of the continual improvement process.
Courtesy Source References
- ISO 9001:2008 QMS Standard- ISO 9004:2000- ISO 9001 for small businesses – What to do (Joint publication from International Organization for Standardization and International Trade Centre UNCTAD / WTO)- ISO 9001:2000 – A workbook for service organizations (Joint publication from International Organization for Standardization and International Trade Centre UNCTAD / WTO)- ISO 9001 Fitness Checker – A practical, easy to use checklist designed to help SMEs assess their readiness for ISO 9001 certification- Implementing ISO 9001:2000 Quality Management System – A Reference Guide, Dr. Divya Singhal and K. R. Singhal (Publication from PHI Learning Pvt. Ltd., New Delhi) - Comments from Mr. Tony Johnston (Ireland)
Note
Author’s profile may be seen at http://www.linkedin.com/in/krsinghal
Posted by National Centre for Quality Management, Ajmer Centre at 8:29 AM Labels: Write-up
2 comments:
Jim said...
The ISO 9001 process provides a robust framework for improving every organisation’s quality system by adopting 8 quality management principles:
* Customer focus* Leadership* Involvement of people* Documented processes* Integrated systems* Continuous improvement* A factual approach to decision making* Mutually beneficial supplier relationships
[Question 13]ISO 9001 was first published in 1987. Later, it went through three revisions in 1994, 2000 and 2008. The latest version version of the ISO 9001 standard was published on 14th November 2008. This is the structure of the standard:
Clause 1 Scope Clause 2 Normative reference Clause 3 Terms and definitions Clause 4 Quality management system Clause 5 Management responsibility Clause 6 Resource management Clause 7 Product realization Clause 8 Measurement, analysis and improvement
This list of Frequently Asked Questions (FAQs) has been prepared by ISO/TC 176/SC 2 to support
the publication of ISO 9001:2008 and the revision of ISO 9004. Input has been obtained from
experts and users of the ISO 9000 standards, expressed during seminars and presentations
around the world.
The list will be reviewed and updated on a regular basis to maintain its accuracy, and to include
new questions where appropriate. It is intended that this list will also provide a good source of
information for new users of the standards.
For the latest version of the FAQs, reference should be made to the open access web site at
www.iso.org/tc176/sc2.
1. What is ISO?
The International Organization for Standardization (ISO) was established in 1947 and is (currently)
an association of 163 members, which each represent their own country. ISO employs a system of
Technical Committees, Sub-committees and Working Groups to develop International Standards.
Besides the National Standards Bodies, ISO permits other international organizations that develop
standards to participate in its work, by accepting them as Liaison members. ISO works in
accordance with an agreed set of rules of procedure, the ISO/IEC Directives, which also include
requirements on the presentation of standards.
2. Who are the National Standards Bodies, and who represents my country at ISO?
Please see the relevant page on ISO Online that gives details, including contact information, of the
National Standards Bodies.
3. What are the ISO 9000 standards ?
The ISO 9000 standards are a collection of formal International Standards, Technical
Specifications, Technical Reports, Handbooks and web based documents on Quality Management.
There are approximately 25 documents in the collection altogether, with new or revised documents
being developed on an ongoing basis.
(It should be noted that many of the International Standards in the ISO 9000 family are numbered
in the ISO 10000 range.)
4. Who is responsible for developing the ISO 9000 standards?
ISO Technical Committee (TC) number 176 (ISO/TC 176), and its Sub-committees, are responsible
for the development of the standards. The work is conducted on the basis of "consensus" among
quality and industry experts nominated by the National Standards Bodies, representing a wide
range of interested parties.
5. Where can copies of the standards be obtained?
Copies of the standards may be purchased from your National Standards Body (see list with
contact details), or from ISO Central Secretariat through the ISO Store of by contacting the
Marketing and Communication department ([email protected]). Many National Standards Bodies have
them available in local-language versions.
6. Where can copies of the supporting ISO 9000 guidance notes or other documents be found ?
Copies of the ISO 9000 Introduction and Support Package modules:
Guidance on ISO 9001:2008 Sub-clause 1.2 'Application'
Guidance on the Documentation Requirements of ISO 9001:2008
Guidance on the Terminology used in ISO 9001 and ISO 9004
Guidance on the Concept and Use of the Process Approach for management systems
Guidance on 'Outsourced Processes'
as well as details of the Quality Management Principles can be found at: www.iso.org/tc176/sc2
Copies of the ISO 9001 Auditing Practices Group guidance notes.
Copies of the sanctioned ISO/TC 176 sanctioned “Interpretations” of ISO 9001 can be found at:
http://www.tc176.org/
7. Where can information be obtained on the ISO 9000 standards?
There are a number of sources of information on the ISO 9000 quality management system
standards, including ISO's web site (www.iso.org), which carry information on the standards. Your
National Standards Body should be able to provide copies of the standards, and
registrars/certification bodies will be able to provide guidance on registration arrangements.
8. Why are the standards being revised?
ISO’s formal review process:
Requires continual review to keep standards up to date. Must be initiated within 3 years of
publication of a standard.
User inputs from:
A global user questionnaire/survey
A market Justification Study
Suggestions arising from the interpretation process
Opportunities for increased compatibility with ISO 14001
The need for greater clarity, ease of use, and improved translation
Current trends:
Keeping up with recent developments in management system practices.
9. Who is responsible for revising the standards?
The revision process is the responsibility of ISO Technical Committee no.176, Sub-committee no.2
(ISO/TC 176/SC 2) and is conducted on the basis of consensus among quality and industry experts
nominated by ISO Member bodies, and representing all interested parties.
10. When will the revised standards be available?
The revised quality management system standards (ISO 9000, 9001 and 9004) are scheduled as
follows:
ISO 9000:2005 already published – no major changes expected for 2009
Current plan is for small changes to ISO 9001 (an “amendment”) to be published in November
2008.
More significant changes are planned for ISO 9004 (a “revision”) to be published in mid 2009.
11. How much is the implementation of the new standard going to cost?
One of the goals of ISO/TC 176/SC 2 is to produce standards that will minimize any potential costs
during a smooth implementation. Any additional costs may be considered as a value-adding
investment. A key factor in the development of ISO 9001:2008 was to limit the impact of changes
on users.
12. Where can I obtain information on the revised standards?
See the ISO Catalogue on ISO Online web site that carries general information on the revision
program. Your National Standards Body will give you additional information and the
certification/registration bodies will be able to provide guidance on transitional arrangements in due
course.
13. Where can my organization go if it needs additional clarification or interpretation of the ISO 9001:2008 standard?
The starting point for any individual request for an interpretation should be with the enquirer's
National Standards Body. ISO Central Secretariat and ISO/TC 176/SC 2 cannot accept direct
requests from individuals for interpretations of the ISO 9000 standards. ISO/TC 176 has a Working
Group that only accepts formal requests for interpretations from the National Standards Bodies.
The agreed interpretations can be found at http://www.tc176.org/.
14. Will my organization need a full reassessment once the revised standards are available?
This is primarily an issue between your organization and your registration/certification body.
ISO/TC 176 is working with the IAF (International Accreditation Forum) and ISO/CASCO (the ISO
Policy Committee for Conformity Assessment) in order to provide relevant information in a timely
manner. ISO/CASCO is responsible for the standards to which the Certification Bodies work
(ISO/IEC 17021), and the Accreditation Bodies are responsible for monitoring and approving the
performance of Certification Bodies within their geographical area.
It is expected that conformity to the new ISO 9001:2008 standard will be evaluated by certification
bodies during regular surveillance visits and that full reassessment will only take place once current
certificates expire. However, it should be noted that ISO and the IAF have agreed that all
certificates to ISO 9001 should be upgraded to ISO 9001:2008 within 2 years of publication of the
amended standard.
15. Will the revised standards be available in my national language immediately after they are published by ISO?
The active participation of experts from around the world in the preparation of the new standards,
and the broad distribution of the draft standards, will facilitate the timely translation of the
International Standards.
Given the global importance of the quality management system standards, many National
Standards Bodies are already working on the translation issue. ISO itself will publish the new
standards in English and French, but if national language translations of the standards are currently
available from your National Standards Body, we expect that they will have the translation of the
revised standards ready at the time of publication by ISO or very soon thereafter.
For further details contact your National Standards Body.
16. Will my organization have to re-write all its documentation?
No. ISO 9001:2008 doesn’t introduce major changes to the requirements, when compared to ISO
9001:2000. However, to benefit from the changes, we suggest you get acquainted with the new
version of the standard and the clarifications introduced. If, during your analysis of the clarifications
you find there are differences from your current interpretation of ISO 9001:2000, then you should
analyse the impact on your current documentation and make the necessary arrangements to
update it. It is intended that the amendment of ISO 9001 will have minimal or no impacts on
documentation.
17. Will the revised standards address financial issues?
Financial issues are not addressed in ISO 9001:2008, which is a requirements standard.
The ISO 10014:2006 and ISO 9004:2000, Guidelines for performance improvements standards will
emphasize the financial resources needed for the implementation and improvement of a quality
management system.
18. What are the benefits of the revised standards?
For ISO 9001:2008 the major benefits are:
Simple to use
Clear in language
Readily translatable and easily understandable
Compatibility with other management systems such as ISO 14001.
For ISO 9004:
Facilitates improvement in users’ quality management systems.
Provides guidance to an organization for the creation of a quality management system that:
- creates value for its customers, via the products it provides
- creates value for all other interested parties
- balances all interested-party viewpoints.
Provides guidance for managers on leading their organization towards sustained success.
Forward compatibility to allow organizations to build on existing quality management systems.
19. What are the main changes in ISO 9001:2008?
ISO 9001:2008 has been developed in order to introduce clarifications to the existing requirements
of ISO 9001:2000 and changes that are intended to improve compatibility with ISO 14001:2004.
ISO 9001:2008 does not introduce additional requirements nor does it change the intent of the ISO
9001:2000 standard.
Certification to ISO 9001:2008 is not an “upgrade”, and organizations that are certified to ISO
9001:2000 should be afforded the same status as those who have already received a new
certificate to ISO 9001:2008
All changes between ISO 9001:2000 and ISO 9001:2008 are detailed in Annex B to ISO
9001:2008.
20. What are the main benefits to be derived from implementing an ISO 9000 quality management system?
The ISO 9000 standards give organizations an opportunity to increase value to their activities and
to improve their performance continually, by focusing on their major processes. The standards
place great emphasis on making quality management systems closer to the processes of
organizations and on continual improvement. As a result, they direct users to the achievement of
business results, including the satisfaction of customers and other interested parties.
The management of an organization should be able to view the adoption of the quality
management system standards as a profitable business investment, not just as a required
certification issue.
Among the perceived benefits of using the standards are:
The connection of quality management systems to organizational processes
The encouragement of a natural progression towards improved organizational performance, via:
- the use of the Quality Management Principles
- the adoption of a "process approach"
- emphasis of the role of top management
- requirements for the establishment of measurable objectives at relevant functions and levels
- being orientated toward "continual improvement" and "customer satisfaction", including the
monitoring of information on "customer satisfaction" as a measure of system performance.
- measurement of the quality management system, processes, and product
- consideration of statutory and regulatory requirements.
- attention to resource availability
21. How will the implementation of the amended standard help my organization to improve its efficiency?
ISO 9001:2008 aims at guaranteeing the effectiveness (but not necessarily the efficiency) of the
organization. For improved organizational efficiency, however, the best results can be obtained by
using ISO 9004 in addition to ISO 9001:2008. The guiding quality management principles are
intended to assist an organization in continual improvement, which should lead to efficiencies
throughout the organization.
22. What benefits are there to an organization implementing ISO 9004 ?
If a quality management system is appropriately implemented, utilizing the eight Quality
Management Principles, and in accordance with ISO 9004, all of an organization's interested
parties should benefit. For example:
Customers and users will benefit by receiving the products (see ISO 9000:2005 , Fundamentals and
vocabulary) that are:
Conforming to the requirements
Dependable and reliable
Available when needed
Maintainable
People in the organization will benefit by:
Better working conditions
Increased job satisfaction
Improved health and safety
Improved morale
Improved stability of employment
Owners and investors will benefit by:
Increased return on investment
Improved operational results
Increased market share
Increased profits
Suppliers and partners will benefit by:
Stability
Growth
Partnership and mutual understanding
Society will benefit by:
Fulfilment of legal and regulatory requirements
Improved health and safety
Reduced environmental impact
Increased security
23. Are the standards compatible with national quality award criteria?
The standards are based on 8 Quality Management Principles, which are aligned with the
philosophy and objectives of most quality award programs.
These principles are:
Customer focus,
Leadership,
Involvement of people,
Process approach,
System approach to management,
Continual improvement,
Factual approach to decision making, and
Mutually beneficial supplier relationships.
ISO 9004 recommends that organizations perform self-assessments as part of their management
of systems and processes, and includes an annex giving guidance on this approach. This is similar
to many quality awards programmes.
24. Why is the requirement for monitoring "customer satisfaction" included in ISO 9001?
"Customer satisfaction" is recognized as one of the driving criteria for any organization. In order to
evaluate if a product meets customer needs and expectations, it is necessary to monitor the extent
of customer satisfaction. Improvements can be made by taking action to address any identified
issues and concerns.
25. Can the standards improve "customer satisfaction"?
The quality management system details that are described in the standards are based on Quality
Management Principles that include the "process approach" and "customer focus". The adoption of
these principles should provide customers with a higher level of confidence that products will meet
their needs and increase their satisfaction.
26. What is meant by "continual improvement"?
Continual improvement is the process focused on continually increasing the effectiveness and/or
efficiency of the organization to fulfil its policies and objectives. Continual improvement (where
"continual" highlights that an improvement process requires progressive consolidation steps)
responds to the growing needs and expectations of the customers and ensures a dynamic
evolution of the quality management system.
27. What is a process?
Any activity or operation, which receives inputs and converts them to outputs, can be considered as
a process. Almost all activities and operations involved in generating a product or providing a
service are processes.
For organizations to function, they have to define and manage numerous inter-linked processes.
Often the output from one process will directly form the input into the next process. The systematic
identification and management of the various processes employed within an organization, and
particularly the interactions between such processes, may be referred to as the ‘process approach’
to management.
For further information, refer to the paper Guidance on the Concept and Use of the Process
Approach, available from www.iso.org/tc176/sc2.
28. What is the "process approach"?
The "process approach" is a way of obtaining a desired result, by managing activities and related
resources as a process. The "process approach" is a key element of the ISO 9000 standards. For
further guidance, please refer to the ISO 9000 Introduction and Support Package module:
Guidance on the Concept and Use of the Process Approach for management systems.
29. Can the "process approach" be applied to other management systems?
Yes. The "process approach" is a generic management principle, which can enhance an
organization’s effectiveness and efficiency in achieving defined objectives.
30. How can the PDCA cycle be used in the "process approach"?
The PDCA cycle is an established, logical, method that can be used to improve a process.
This requires:
(P) planning (what to do and how to do it),
(D) executing the plan (do what was planned),
(C) checking the results (did things happened according to plan) and
(A) act to improve the process (how to improve next time).
The PDCA cycle can be applied within an individual process, or across a group of processes.
31. Can any organization apply the "process approach"?
Yes. Many organizations already apply a "process approach" without recognizing it. They could
achieve additional benefits by understanding and controlling it.
32. Why should an organization apply the "process approach"?
By applying the "process approach" an organization should be able to obtain the following types of
benefits:
The integration and alignment of its processes to enable the achievement of its planned results.
An ability to focus effort on process effectiveness and efficiency.
An increase in the confidence of customers and other interested parties as to the consistent
performance of the organization.
Transparency of operations within the organization.
Lower costs and shorter cycle times through effective and efficient use of resources.
Improved, consistent and predictable results.
The identification of opportunities for focused and prioritized improvement initiatives.
The encouragement and involvement of people, and the clarification of their responsibilities.
The elimination of barriers between different functional units and the unification of their focus to
the objectives of the organization.
Improved management of process interfaces.
33. What is meant by the “sequence” of processes and their "interactions"?
The "sequence" of processes shows how the processes follow, or link, to each other to result in a
final output.
For example, the output from one process may become the input of the next process or processes.
The "interactions" show how each process affects or influences one or more of the other
processes. For example, the monitoring or controlling of a process may be established in a
separate process.
34. How can the processes in an organization be determined?
Identify the organization's intended outputs, and the processes needed for achieving them. These
will need to include processes for Management, Resources, Realization and Measurement and
Improvement.
Identify all process inputs and outputs, along with the suppliers and customers, who may be
internal or external.
Identify the sequence and interactions of the processes.
35. Should an organization define and document all its processes?
The main purpose of documentation is to enable the consistent and stable operation of an
organization's processes.
Although statutory, standards' or customer requirements may require certain documentation, there
is no defined “catalogue”, or list of processes that has to be documented in ISO 9001, apart from
the 6 indicated ones.
The organization should determine which processes are to be documented on the basis of:
The size of the organization and type of its activities,
The complexity of its processes and their interactions,
The criticality of the processes and
Availability of competent personnel.
A number of different methods can be used to document processes, such as graphical
representations, written instructions, checklists, flow charts, visual media, or electronic methods.
36. How much detail is required in process documentation?
The extent of detail is likely to depend upon factors such as:
the size of an organisation and its types of activities,
the complexity of its processes and their interactions, and
the competence (level of education, training, skills and experience) of its personnel.
37. Is there a standard way of describing a process?
No, there is no standard way to describe a process. It depends on the culture, management style,
staff literacy, personal attributes and their interactions.
A process may be described using a flow chart, block diagram, responsibility matrix, written
procedures or pictures.
Process flowcharts or block diagrams can show how policies, objectives, influential factors, job
functions, activities, material, equipment, resources, information, people and decision making
interact and/or interrelate in a logical order.
38. What should an organization do to adopt the "process approach"?
To adopt the "process approach" an organization should apply the following steps:
Identify the processes of the organization,
Plan the processes,
Implement and measure the processes,
Analyse the processes,
Improve the processes.
39. What is a "process owner"?
A person who is given the responsibility and authority for managing a particular process is
sometimes referred to as the "process owner".
It may be useful for an organization's Management to appoint individual "process owners" and to
define their roles and responsibilities; these should include the responsibility for ensuring the
implementation, maintenance and improvement of their specific process and its interactions.
It should be noted, however, that ISO 9001:2008 does not specifically require the appointment of
"process owners".
40. How can a process be measured?
There are various methods of measuring process controls and process performance, ranging from
simple monitoring systems up to sophisticated statistically based systems (e.g. statistical process
control, or SPC, systems). The selection and use of any particular method will be dependent on the
nature and complexity of an organization's processes and products. The effectiveness of an
individual process may be measured by the conformity of its output or product to customer
requirements. Its efficiency may be measured from its use of resources. In all cases the
measurement of the process determines if its (measurable) objectives have been achieved.
Sometimes it only requires monitoring to confirm process operations.
Typical factors that are useful to consider when identifying measures of process control and
process performance include:
Conformity with requirements,
Customer satisfaction,
Supplier performance,
On time delivery,
Lead times,
Failure rates,
Waste,
Process costs.
Incident frequency
41. What is the difference between a "process" and a "procedure"?
A "process" may be explained as a set of interacting or interrelated activities, which are employed
to add value. A "procedure" is a method of describing the way or How in which all or part of that
process activities shall/should be performed.
ISO 9000:2005 defines a procedure as a "specified way to carry out an activity or a process", which
does not necessarily have to be documented.
42. An organization has a well-established set of procedures. Can these procedures be used to help describe its processes?
Yes, if the procedures describe inputs and outputs, appropriate responsibilities, controls and
resources needed to satisfy customer requirements.
43. What documentation is required by ISO 9001?
ISO 9001:2008 refers specifically to only 6 documented procedures; however, other documentation
(including more documented procedures not specifically mentioned in ISO 9001:2008) may be
required by an organization, in order to manage the processes that are necessary for the effective
operation of the quality management system. This will vary depending on the size of the
organization, the kind of activities in which it is involved and their complexity. For further guidance,
please also refer to the ISO 9000 Introduction and Support Package module "Guidance on the
Documentation Requirements of ISO 9001:2008"
44. Which standard are organizations registered/certified to?
Organizations have their quality management system registered/certified to ISO 9001:2008. The
scope of registration/ certification will need to reflect precisely and clearly the activities covered by
the organization's quality management system; any exclusion to non-applicable requirements of the
standard (permitted through ISO 9001 clause 1.2 "Application") will need to be documented and
justified in the quality manual (see also the ISO/TC 176/SC2 ISO 9000 Introduction and Support
Package module Guidance on ISO 9001:2008 clause 1.2 'Application').
45. What does an organization need to do to comply with ISO 9001?
When initially starting to use ISO 9001, an organization should familiarize its personnel with the
Quality Management Principles, analyze the standards (especially ISO 9000 and ISO 9004), and
consider how their guidance and requirements may affect your activities and related processes. If it
then wishes to proceed to registration/certification, it should perform a gap analysis against the
requirements of ISO 9001 to determine where its current quality management system does not
address the applicable ISO 9001:2008 requirements, before developing and implementing
additional processes to ensure that compliance will be achieved.
46. What will happen to the 2000 version of ISO 9001?
ISO 9001:2008 will supersede ISO 9001:2000 However, noting the IAF/ISO-CASCO/ISO TC176
agreement that accredited certification to the 2000 edition should remain possible for up to 2 years
after the publication of ISO 9001:2008, copies of the 2000 edition will still be available on request
from ISO and the national standards bodies during that period, and possibly for even longer.
47. Can organizations remain certified/registered to the 2000 version?
Yes. Certification to ISO 9001:2008 is not an “upgrade”, and organizations that are certified to ISO
9001:2000 should be afforded the same status as those who have already received a new
certificate to ISO 9001:2008. However, certificates to ISO 9001:2000 will only remain valid until 2
years after the publication of ISO 9001:2008. Contact your certification/registration body to get
details on the certificates transition process.
48. What will happen to the other standards and documents in the current (2000) ISO 9000 family?
The four primary standards of the current ISO 9000 family are the following:
ISO 9000:2005 already published – no major changes expected for 2009
ISO 9001:2000 to be superseded by ISO 9001:2008
More significant changes are planned for ISO 9004 with a planned publication date of late 2009.
ISO 19011:2002 is currently beginning the revision process, with a new version expected in
2011.
The other standards and documents will be reviewed and updated as necessary
49. How soon can my organization seek certification to ISO 9001:2008?
ISO 9001: 2008 certificates can only be granted after its publication as an International Standard.
50. Will I be able to certify/register my organization to ISO 9004:2009?
Since ISO 9004:2009 will be a guidance document, it is not intended to be used for third party
certification purposes.
51. My organization is thinking about developing a Quality Management System to ISO 9001. Should we wait until the revised standards are published?
No, you should not delay the introduction of the quality management system in your organization.
Like those who are currently in the process of being registered/certified, anything you do now to lay
the foundation of a quality management system within your organization will be beneficial.
52. My organization is applying for ISO 9001 certification in 2008. What should I do?
Organizations in the process of certification to ISO 9001:2000 are recommended to apply for
certification to ISO 9001:2008, as soon it is published. Up to its publication you can still apply for
certification to ISO 9001:2000.
53. Can an organization be certified/registered to ISO 9004?
ISO 9004 is a guidance standard, which is not intended to be used for third party
registration/certification purposes. A key element of ISO 9004 is the ability to perform self-
assessments. Third party quality management system certifications/ registrations are performed to
ISO 9001:2008.
54. Is an organization's ISO 9001 certificate applicable to all of its products ?
When an organization seeks to have its quality management system registered/certified to ISO
9001:2008, it is required to agree a "scope of certification" with its registrar/certification body. This
will define the products to which the organization's quality management system is applicable, and
against which it will be assessed. An organization is not obliged to include within its "scope of
certification" all the products that it provides (note that the ISO 9000:2005 definition of "Product"
includes "services"), but may be selective about those that are included. All applicable
requirements of ISO 9001:2008 will need to be addressed by the organization's quality
management system that covers those products that are included in the "scope of certification".
Customers should ensure that a potential supplier's "scope of certification"covers the products that
they wish to order. Caveat Emptor!
55. What can an organization do if it is not able to comply with all of the requirements of ISO 9001?
ISO 9001 allows for the exclusion of some of its requirements (via clause 1.2 “Application”), but
only if it can be shown that these requirements are not applicable to the organization.
Exclusions are limited to the requirements given in Section 7 ("Product Realization"), where
individual requirements may only be excluded if it can be shown that they do not affect the
organization's ability to provide product that meets customer and applicable statutory or regulatory
requirements. Justification for such exclusions is also required to be detailed within the
organization's quality manual.
For example, if design activities are not required by an organization to demonstrate its capability to
meet customer and applicable statutory /regulatory requirements, or if its product is provided on the
basis of established design, then it may be able to exclude some of the "design" requirements but
still be able to be registered/certified to ISO 9001:2008.
For further guidance, see the ISO 9000 Introduction and Support Package module: Guidance on
ISO 9001:2008 clause 1.2 'Application'.
56. How will a small organization be able to adapt the requirements of ISO 9001? What flexibility will be allowed?
The requirements of the amended ISO 9001:2008 remain applicable to small, medium, and large
organizations alike, and such organizations should acquaint themselves with the clarifications in
ISO 9001:2008. ISO/TC 176 has published a handbook “ISO 9001 for Small Businesses – What to
do ?” giving specific advice to small businesses.
The requirements of ISO 9001 are applicable to small, medium, and large organizations alike. ISO
9001:2008 provides some flexibility, through clause 1.2 “Application”, on the exclusion of certain
requirements for specific processes that may not be performed by the organization.
If, for example, the nature of your products does not require you to perform design activities, or if
your product is provided on the basis of established design, you could discuss and justify the
exclusion of these requirements with your certification/registration body (see also the ISO 9000
Introduction and Support Package module Guidance on ISO 9001:2008 clause 1.2 'Application').
However, individual organizations will still need to be able demonstrate their capability to meet
customer and applicable statutory or regulatory requirements for their products, and will need to
consider this when determining the complexity of their quality management systems.
Further guidance for small businesses may be found in the ISO handbook: ISO 9001 for Small
Businesses – What to do, Advice from ISO/TC 176
57. What will happen to the ISO handbook “ISO 9001 for Small Businesses”?
It remains fully applicable. A project has been started to update the handbook to reflect the
changes in ISO 9001:2008.
58. What’s the relationship between the revised ISO 9001 and ISO 14001?
Compatibility with ISO 14001:2004 has been maintained and enhanced. “Compatibility” means that
common elements of the standards can be implemented by organizations in a shared manner, in
whole or in part, without unnecessary duplication or the imposition of conflicting requirements.
59. Are there any guidelines covering joint implementation of ISO 9001 and ISO 14001?
The two standards are compatible. It is not expected that an ISO guideline will be prepared on this
subject at the present time. If the need for such a document arises, ISO will consider the request
as a new project. However, both ISO 9001 and ISO 14001 include an annex to show the
correspondence between the two standards.
60. Is there a common guideline standard for auditing QMS and EMS according to ISO 9001 and 14001?
Yes, ISO 19011:2002 provides guidelines for quality and/or environmental management systems
auditing. Note that a project to revise ISO 19011 was started in 2008, and is expected to be
completed in 2011.
61. How are the standards applicable to organizations that provide services. ?
The standards are applicable to all types of organizations, operating in all types of sectors,
including service providers.
(Note: the definition of the term 'product' in ISO 9000:2005 also includes 'services'. ISO 9001:2008
and ISO 9004:2000 have been written to reflect this definition.)
62. My organization provides services. Is the new ISO 9001:2008 applicable to us?
ISO 9001 is equally appropriate to all sectors, including service providers. The standard is
applicable to all types of organizations.
63. What do quality management practitioners (consultant, auditor, or trainer) need to know about the standards?
As a minimum, quality management practitioners should familiarize themselves with the
requirements of ISO 9001:2008, and also with the content and philosophies of ISO 9000:2005, ISO
9004 and the Quality Management Principles.
Practitioners who are already familiar with ISO 9001:2000 should become aware of the
clarifications introduced in ISO 9001:2008, and their implications, prior to conducting audits to that
standard, or giving training and consultancy.
They should understand their client’s activities and processes, before providing appropriate
interpretations of the requirements of the standards, to add value to the client's operations.
ISO/TC 176 has developed the standard ISO 10019 Guidelines for the selection of quality
management system consultants and use of their services, which may be useful to refer to for
further guidance.
64. How should regulatory bodies use the standards?
Regulatory bodies should review their regulations currently in effect (or under development) and
identify points where reference to the quality management system standards would be appropriate,
before making recommendations to the legislative body.
65. What do auditors need to know about the standards?
Auditors, whether external or internal, should be able to demonstrate their competence on the
structure, content and terminology of the standards, and also on the underlying Quality
Management Principles.
The standards require that auditors are able to understand the organization's activities and
processes and appropriately audit against the requirements of the ISO 9001 in relation to the
organization's objectives. According to joint advice from the International Accreditation Forum
(IAF), ISO's Policy Committee for Conformity Assessment (ISO-CASCO) and ISO TC 176, auditors
should be able to demonstrate competency in:
The requirements of the ISO 9001:2008.
The concepts and terminology of the ISO 9000:2005.
The eight Quality Management Principles
A general understanding of ISO 9004
Familiarity with the auditing guidance standard ISO 19011.
ISO/TC 176, ISO/CASCO and the IAF have established an ISO 9001 Auditing Practices Group,
which has issued a number of web based guidance notes to assist auditors (see
www.iso.org/tc176/ISO9001AuditingPracticesGroup)
66. How will ISO 9001:2008 relate to the needs of specific business sectors?
ISO 9001:2008 remains compatible with the existing management systems standards for specific
business sectors like ISO/TS 16949, AS 9000/EN 9100 and TL 9000.
Users of a specific sector scheme are recommended to refer to the organization that is responsible
for that sector scheme, e.g. for:
ISO/TS 16 949 refer to the IATF,
TL 9000 refer to the QuEST Forum
For AS 9000/EN 9100 refer to the IAQG
67. My organisation fulfils the ISO 9001:2000 requirements. What do I need to do?
An organization who’s QMS fulfils the requirements of ISO 9001:2000 should check that they are
following the clarifications introduced in the amended standard ISO 9001:2008.
ISO 9001:2008 has been developed in order to introduce clarifications to the existing requirements
of ISO 9001:2000. It does not introduce additional requirements nor does it change the intent of the
ISO 9001:2000 standard.
68. What is the impact of ISO 9001:2008 on certification?
Certification to ISO 9001:2008 is not an “upgrade”, and organizations that are certified to ISO
9001:2000 should be afforded the same status as those who have already received a new
certificate to ISO 9001:2008.
ISO and the International Accreditation Forum (IAF) have agreed the following “Implementation
Plan” with respect to accredited certification to ISO 9001:2008:
“Accredited certification to the ISO 9001:2008 shall not be granted until the publication of ISO
9001:2008 as an International Standard.
Certification of conformity to ISO 9001:2008 and/or national equivalents shall only be issued after
official publication of ISO 9001:2008 (which should take place before the end of 2008) and after a
routine surveillance or re-certification audit against ISO 9001:2008.
Validity of certifications to ISO 9001:2000
One year after publication of ISO 9001:2008 all accredited certifications issued (new certifications
or re-certifications) shall be to ISO 9001:2008.
Twenty four months after publication by ISO of ISO 9001:2008, any existing certification issued to
ISO 9001:2000 shall not be valid.”
69. Is there any way I can participate in the development of standards?
Yes. If you are interested you should contact your National Standards Body for further details.
Information on ISO’s member National Standards Bodies can be found at:
http://www.iso.org/iso/about/iso_members.htm
The following text is an integral reproduction of the content of the document "Quality Management
Principles".
Introduction
This document introduces the eight quality management principles on which the quality
management system standards of the ISO 9000:2000 and ISO 9000:2008 series are based. These
principles can be used by senior management as a framework to guide their organizations towards
improved performance. The principles are derived from the collective experience and knowledge of
the international experts who participate in ISO Technical Committee ISO/TC 176, Quality
management and quality assurance, which is responsible for developing and maintaining the ISO
9000 standards.
The eight quality management principles are defined in ISO 9000:2005, Quality management
systems Fundamentals and vocabulary, and in ISO 9004:2000, Quality management systems
Guidelines for performance improvements.
This document gives the standardized descriptions of the principles as they appear in ISO
9000:2005 and ISO 9004:2000. In addition, it provides examples of the benefits derived from their
use and of actions that managers typically take in applying the principles to improve their
organizations' performance.
Principle 1: Customer focus
Principle 2: Leadership
Principle 3: Involvement of people
Principle 4: Process approach
Principle 5: System approach to management
Principle 6: Continual improvement
Principle 7: Factual approach to decision making
Principle 8: Mutually beneficial supplier relationships
The next step
Principle 1: Customer focus Organizations depend on their customers and therefore should understand current and future customer needs, should meet customer requirements and strive to exceed customer expectations. Key benefits:
Increased revenue and market share obtained through flexible and fast responses to market opportunities.
Increased effectiveness in the use of the organization's resources to enhance customer satisfaction.
Improved customer loyalty leading to repeat business.
Applying the principle of customer focus typically leads to: Researching and understanding customer needs and expectations. Ensuring that the objectives of the organization are linked to customer
needs and expectations. Communicating customer needs and expectations throughout the
organization. Measuring customer satisfaction and acting on the results. Systematically managing customer relationships. Ensuring a balanced approach between satisfying customers and other
interested parties (such as owners, employees, suppliers, financiers, local communities and society as a whole).
Principle 2: Leadership Leaders establish unity of purpose and direction of the organization. They should create and maintain the internal environment in which people can become fully involved in achieving the organization's objectives. Key benefits:
People will understand and be motivated towards the organization's goals and objectives.
Activities are evaluated, aligned and implemented in a unified way. Miscommunication between levels of an organization will be minimized. Applying the principle of leadership typically leads to:
Considering the needs of all interested parties including customers, owners, employees, suppliers, financiers, local communities and society as a whole.
Establishing a clear vision of the organization's future. Setting challenging goals and targets. Creating and sustaining shared values, fairness and ethical role models
at all levels of the organization. Establishing trust and eliminating fear. Providing people with the required resources, training and freedom to
act with responsibility and accountability. Inspiring, encouraging and recognizing people's contributions.
Principle 3: Involvement of people People at all levels are the essence of an organization and their full involvement enables their abilities to be used for the organization's benefit.
Key benefits: Motivated, committed and involved people within the organization. Innovation and creativity in furthering the organization's objectives. People being accountable for their own performance. People eager to participate in and contribute to continual improvement.
Applying the principle of involvement of people typically leads to: People understanding the importance of their contribution and role in
the organization. People identifying constraints to their performance. People accepting ownership of problems and their responsibility for
solving them. People evaluating their performance against their personal goals and
objectives. People actively seeking opportunities to enhance their competence,
knowledge and experience. People freely sharing knowledge and experience. People openly discussing problems and issues.
Principle 4: Process approach A desired result is achieved more efficiently when activities and related resources are managed as a process.
Key benefits: Lower costs and shorter cycle times through effective use of resources. Improved, consistent and predictable results. Focused and prioritized improvement opportunities.
Applying the principle of process approach typically leads to: Systematically defining the activities necessary to obtain a desired
result. Establishing clear responsibility and accountability for managing key
activities. Analysing and measuring of the capability of key activities. Identifying the interfaces of key activities within and between the
functions of the organization. Focusing on the factors such as resources, methods, and materials that
will improve key activities of the organization. Evaluating risks, consequences and impacts of activities on customers,
suppliers and other interested parties.
Principle 5: System approach to management Identifying, understanding and managing interrelated processes as a system contributes to the organization's effectiveness and efficiency in achieving its objectives.
Key benefits: Integration and alignment of the processes that will best achieve the
desired results. Ability to focus effort on the key processes. Providing confidence to interested parties as to the consistency,
effectiveness and efficiency of the organization.
Applying the principle of system approach to management typically leads to:
Structuring a system to achieve the organization's objectives in the most effective and efficient way.
Understanding the interdependencies between the processes of the system.
Structured approaches that harmonize and integrate processes. Providing a better understanding of the roles and responsibilities necessary
for achieving common objectives and thereby reducing cross-functional barriers.
Understanding organizational capabilities and establishing resource constraints prior to action.
Targeting and defining how specific activities within a system should operate.
Continually improving the system through measurement and evaluation.
Principle 6: Continual improvement Continual improvement of the organization's overall performance should be a permanent objective of the organization.
Key benefits: Performance advantage through improved organizational capabilities. Alignment of improvement activities at all levels to an organization's
strategic intent. Flexibility to react quickly to opportunities.
Applying the principle of continual improvement typically leads to: Employing a consistent organization-wide approach to continual
improvement of the organization's performance. Providing people with training in the methods and tools of continual
improvement. Making continual improvement of products, processes and systems an
objective for every individual in the organization. Establishing goals to guide, and measures to track, continual improvement. Recognizing and acknowledging improvements.
Principle 7: Factual approach to decision making Effective decisions are based on the analysis of data and information
Key benefits: Informed decisions. An increased ability to demonstrate the effectiveness of past decisions
through reference to factual records. Increased ability to review, challenge and change opinions and
decisions.
Applying the principle of factual approach to decision making typically leads to:
Ensuring that data and information are sufficiently accurate and reliable. Making data accessible to those who need it. Analysing data and information using valid methods. Making decisions and taking action based on factual analysis, balanced
with experience and intuition.
Principle 8: Mutually beneficial supplier relationships An organization and its suppliers are interdependent and a mutually beneficial relationship enhances the ability of both to create value
Key benefits: Increased ability to create value for both parties. Flexibility and speed of joint responses to changing market or customer
needs and expectations. Optimization of costs and resources.
Applying the principles of mutually beneficial supplier relationships typically leads to:
Establishing relationships that balance short-term gains with long-term considerations.
Pooling of expertise and resources with partners. Identifying and selecting key suppliers. Clear and open communication. Sharing information and future plans. Establishing joint development and improvement activities. Inspiring, encouraging and recognizing improvements and
achievements by suppliers.
Understand the basics This section explains what generic management system standards are.
Generic
Generic means that the same standard can be applied to any organization, large or small,
whatever its product or service, in any sector of activity, and whether it is a business enterprise, a
public administration, or a government department.
Management system
Management system refers to what the organization does to manage its processes, or activities,
so that its products or services meet the objectives it has set itself, such as:
satisfying the customer's quality requirements,
complying with regulations, or
meeting environmental objectives.
Management system standards
Management system standards provide a model to follow in setting up and operating a
management system. This model incorporates the features on which experts in the field have
reached a consensus as being the international state of the art.
Plan – Do – Check – Act
The Plan – Do – Check – Act (PDCA) cycle is the operating principle of ISO's management
system standards.
Plan – establish objectives and make plans (analyze your organization's situation, establish your overall
objectives and set your interim targets, and develop plans to achieve them).
Do – implement your plans (do what you planned to).
Check – measure your results (measure/monitor how far your actual achievements meet your planned
objectives).
Act – correct and improve your plans and how you put them into practice (correct and learn from your
mistakes to improve your plans in order to achieve better results next time).
ISO 14000 essentials This section concisely describes the essential features of the ISO 14000 family.
The ISO 14000 family addresses various aspects of environmental management. The very first two
standards, ISO 14001:2004 and ISO 14004:2004 deal with environmental management systems
(EMS). ISO 14001:2004 provides the requirements for an EMS and ISO 14004:2004 gives
general EMS guidelines.
The other standards and guidelines in the family address specific environmental aspects, including:
labeling, performance evaluation, life cycle analysis, communication and auditing.
An ISO 14001:2004-based EMS
An EMS meeting the requirements of ISO 14001:2004 is a management tool enabling an
organization of any size or type to:
identify and control the environmental impact of its activities, products or services, and to
improve its environmental performance continually, and to
implement a systematic approach to setting environmental objectives and targets, to achieving
these and to demonstrating that they have been achieved.
How it works
ISO 14001:2004 does not specify levels of environmental performance. If it specified levels of
environmental performance, they would have to be specific to each business activity and this would
require a specific EMS standard for each business. That is not the intention.
ISO has many other standards dealing with specific environmental issues. The intention of ISO
14001:2004 is to provide a framework for a holistic, strategic approach to the organization's
environmental policy, plans and actions.
ISO 14001:2004 gives the generic requirements for an environmental management system. The
underlying philosophy is that whatever the organization's activity, the requirements of an effective
EMS are the same.
This has the effect of establishing a common reference for communicating about environmental
management issues between organizations and their customers, regulators, the public and other
stakeholders.
Because ISO 14001:2004 does not lay down levels of environmental performance, the standard
can to be implemented by a wide variety of organizations, whatever their current level of
environmental maturity. However, a commitment to compliance with applicable environmental
legislation and regulations is required, along with a commitment to continual improvement – for
which the EMS provides the framework.
The EMS standards
ISO 14004:2004 provides guidelines on the elements of an environmental management system
and its implementation, and discusses principal issues involved.
ISO 14001:2004 specifies the requirements for such an environmental management system.
Fulfilling these requirements demands objective evidence which can be audited to demonstrate that
the environmental management system is operating effectively in conformity to the standard.
What can be achieved
ISO 14001:2004 is a tool that can be used to meet internal objectives:
provide assurance to management that it is in control of the organizational processes and
activities having an impact on the environment
assure employees that they are working for an environmentally responsible organization.
ISO 14001:2004 can also be used to meet external objectives:
provide assurance on environmental issues to external stakeholders – such as customers, the
community and regulatory agencies
comply with environmental regulations
support the organization's claims and communication about its own environmental policies,
plans and actions
provides a framework for demonstrating conformity via suppliers' declarations of conformity,
assessment of conformity by an external stakeholder - such as a business client - and for
certification of conformity by an independent certification body.
Introduction and support package: Guidance on the Terminology used in ISO 9001 and ISO 9004
Document ISO/TC 176/SC 2/N 526R2
October 2008
1. Introduction
Great care has been taken during the development of ISO 9001 and ISO 9004 to use the correct
English words and terms to describe their concepts and requirements, to assist in their readability
and translation. The objective is to use simple technically accurate terms, and to the greatest extent
possible, rely on common dictionary definitions. As with most technical subjects, there are some
terms that have a very specific meaning different from the common dictionary one; in such cases,
the appropriate technical definition is provided in one of the following:
ISO 9000:2005, Quality management systems - Fundamentals and Vocabulary
ISO/IEC Guide 2:2004, Standardization and related activities – General vocabulary
ISO/IEC Directives - Part 2:2004, Rules for the Structure and drafting of International Standards
ISO/IEC Guide 99:2007, International Vocabulary of Metrology – Basic and General Concepts
and Associated Terms (VIM)
In all other cases, for the purpose of this guidance, definitions are selected from the Concise
Oxford Dictionary. Definitions in ISO 9000:2005 have normative status, which takes precedence
over their common dictionary definitions.
The table below provides the selected dictionary definitions for common words, which should be
applied when using the standards.
2. Table of important words and terms used in the ISO 9000 family of Standards
Word Form Meaning
accordance noun (In accordance with) in a manner conforming with
activity noun something done in pursuit of an objective
adequacy noun sufficiency to satisfy a requirement or meet a need
adjustment noun operation of bringing a measuring instrument into a state of performance
suitable for its use [VIM]
analysis noun Detailed examination of the elements or structure of something
appropriate adjective suitable (for, to)
applicable adjective - relevant
- appropriate
assess verb - evaluate
- estimate the value of
assure verb synonym: ensure
make certain
authority noun - right to command or give a final decision
- body that has legal powers and rights
available adjective able to be used or obtained
awareness noun knowledge or perception of a situation or fact
calibration noun - set of operations that establish, under specified
- conditions, the relationship between values of
- quantities indicated by a measuring instrument
- or measuring system, or values represented by
- a material measure or a reference material, and
- the corresponding values realized by standards
- [VIM]
can verb SO/IEC Directives Part 2 Annex G
- be able to
- there is a possibility of
- it is possible to
cannot verb ISO/IEC Directives Part 2 Annex G
- be unable to
- there is no possibility of
- it is not possible to
state of being dedicated to a cause or policy
commitment noun state of being dedicated to a cause or policy
communication noun action of sharing or exchanging information ideas
complain verb express discontent, displeasure
comply verb (person or organization) meet specified standards
compromise noun support or establish the certainty or validity of
confirm verb (item) meet specified requirements
consistent adjective (consistent with) conforming to or in agreement with
consistently adverb unchanging over time
control noun - power to direct or to restrain something
- means of restraining or regulating
control verb - direct or restrain something
- restrain or regulate
data noun - facts and/or statistics, used for reference or analysis
- information based on facts
deficiency noun lack or shortage
define verb state or describe exactly the nature, scope or meaning of
demonstrate verb show clearly (with objective evidence)
deploy verb put into use or action
deployment noun implementation
determine verb establish or find out with certainty by research, examination or
calculation
distribution noun act of allocating to recipients
disposition noun action of dealing with things in a particular way
documentation noun see Note 2 to ISO 9000:2005 clause 3.7.2
A set of documents, for example specifications and records, is
frequently called “documentation”.
enhance verb Improve the quality, value or extent of
ensure verb synonym: assure
make certain
essential adjective absolutely necessary, fundamental
establish verb set up
evaluate verb assess
exclusion noun - process or state of keeping out or preventing
the occurrence of
- item or eventuality specifically not covered
expectation noun - belief about (or mental picture of) the future
- wishing with confidence of fulfilment
experience noun practical contact with and observation of facts and events
facilitate verb - make easy or easier
- promote, help forward (an action, result, etc.)
facility noun building, service or piece of equipment provided for a particular purpose
feedback noun information given in response to a product, a person’s performance of a
task, etc., used as a basis for improvement
focus noun centre of interest or activity
framework noun essential supporting or underlying structure
functional adjective designed to be practical and useful rather than attractive
hardware noun see the definition of “product” in ISO 9000:2005
clause 3.4.2
identify verb establish the identity of someone or somebody
identity noun the individual characteristics by which a thing or person is recognized or
known
identifiable adjective recognizable through a unique characteristic
impartiality noun state of being without prejudice or bias
implement verb put into effect
improvement noun action or process of making or becoming better, also see “continual
improvement” and “quality improvement” in this table.
independent
(noun:
adjective - not connected with another; separate
- not subject to another’s authority
independence)
integrity noun - state of being whole; the condition of being unified or sound in
construction
- quality of having strong moral principles
irrespective adjective in spite of everything
justification noun evidence proving that something is right or reasonable
learning
organization
noun institution, place, organization, etc. where the cognitive process of
acquiring skill and knowledge is carried out
legible adjective possible to be read by a person or a machine for intended use
liaison noun communication or cooperation between people or organizations
maintain verb cause or enable (a condition or state of affairs) to continue
maintenance noun process or state of keeping (a system, building, machine, etc) in good
condition by checking or repairing it regularly
may verb ISO/IEC Directives Part 2 Annex G
- is permitted
- is allowed
- is permissible
measurable adjective adjectiveable to be measured
measure verb ascertain the size, amount, or degree of
(something) by comparison with a standard unit
or with an object of known size
methodology noun system of methods used in a particular field
monitor verb observe and check over a period of time;
maintain regular close observation over
necessary adjective required to be done, achieved or present
need noun something that is wanted or required
objective noun something to be achieved
objective adjective not influenced by personal feelings or opinions
in considering or representing facts
obsolete adjective no longer produced or used; out of date
origin noun point at which something begins or arises
outsource verb obtain goods or services from an outside
supplier
perception noun way of regarding, understanding or interpreting
something
performance noun - the ability to achieve something
- the achievement itself
periodic adjective - recurring or reappearing at regular or any intervals (of time or space)
- intermittent
permissible adjective - that can or ought to be permitted
- allowable
personal
qualification
noun attribute that must be met or complied with and that fits a person for
something
physical adjective tangible or concrete
plan noun scheme, programme or method worked out beforehand for the
accomplishment of an objective
plan verb decide on and arrange in advance
preservation noun action or act of maintaining something in its original or existing state
prevention noun action of keeping something from happening or arising
previous adjective existing or occurring before something else in time or in order
process
approach
noun systematic identification and management of the processes employed
within an organization and particularly the interactions between such
processes
promote verb further the progress of, support or encourage
property noun thing or things belonging to a person, persons or organization
protect verb keep safe from damage
quotation noun contractor’s (supplier’s) estimate for a specified
job, etc.
rationale noun exposition of principles or reasons
realization noun action of achieving something desired or anticipated; fulfilment
recognize verb be fully aware of
regulatory adjective required, permitted or enacted by a rule or directive passed by an
authority
relevant adjective closely connected or appropriate to the matter in hand
require verb need because it is essential to the fulfilment of something
resource noun stock or supply of materials or assets
responsibility noun something which a person or organization is required to do or control as
part of a job, role or legal obligation
responsible adjective having an obligation to do something or having control over or care for
someone
retain verb keep possession of; not abolish, discard or alter
retrievable adjective capable of being brought back
safeguard verb protect or prevent something undesirable (from happening)
scope noun extent of the area or subject matter that something deals with or to
which it is relevant
sequence noun a particular order in which related events, movements, etc, follow each
other
shall verb ISO/IEC Directives Part 2 Annex G
- is to
- is required to
- it is required that
- has to
- only … is permitted
- it is necessary
shall not verb ISO/IEC Directives Part 2 Annex G
- is not allowed [permitted] [acceptable] [permissible]
- is required to be not
- is required that … be not
- is not to be
should verb ISO/IEC Directives Part 2 Annex G
- it is recommended that
- ought to
should not verb ISO/IEC Directives Part 2 Annex G
- it is not recommended that
- ought not to
skill noun ability to do something well
software noun see definition of “product” in ISO 9000:2005
clause 3.4.2
specific adjective of or relating to a particular subject
specify verb state explicitly, clearly and definitely
statutory adjective required, permitted or enacted by a written law
passed by a body having the power to make laws
strategy noun an elaborate and systematic plan of action
suitability noun characteristics that are right or appropriate for a particular purpose
suitable adjective right or appropriate for a particular purpose
supply verb make available for use
systematic adjective done or acting according to a fixed plan or system; methodical
training noun act of teaching a particular skill or type of behaviour through practice
and instruction
unambiguous adjective having only one meaning
utilities noun services such as gas, water, electricity, telecommunication, etc.
validate verb carry out validation, see ISO 9000:2005 clause 3.8.5
validity noun conformity to fact, accuracy or precision
verify verb carry out verification, See ISO 9000:2005 clause 3.8.4
workspace noun area in which work is performed
Introduction and support package:Guidance on the concept and use of the process approach for management systems
Document: ISO/TC 176/SC 2/N544R3
October 2008
1. Introduction
This guidance document provides an understanding of the concepts, intent and the application of
the “process approach” to the ISO 9000 family of Quality Management System standards. The
guidance may also be used to apply the process approach to any management system regardless
the type or the size of organization. This includes but is not limited to management systems for:
Environment (ISO 14000 family),
Occupational Health and Safety,
Business Risk,
Social Responsibility.
This guide also aims to promote a consistent approach to the description of processes and use of
process related terminology.
The purpose of the process approach is to enhance an organization’s effectiveness and efficiency
in achieving its defined objectives. In relation to ISO 9001:2008 this means enhancing customer
satisfaction by meeting customer requirements.
Benefits of the process approach are:
Integration and alignment of processes to enable achievement of desired outcomes
Ability to focus effort on process effectiveness and efficiency.
Provision of confidence to customers, and other interested parties, about the consistent
performance of the organization.
Transparency of operations within the organization.
Lower costs and creation of shorter cycle times, through the effective use of resources.
Improved, consistent and predictable results.
Provision of opportunities for focused and prioritized improvement initiatives.
Encouragement of the involvement of people and the clarification of their responsibilities.
2. What is a process?
A “Process” can be defined as a “set of interrelated or interacting activities, which transforms inputs
into outputs”. These activities require allocation of resources such as people and materials. Figure
1 shows a generic process.
A major advantage of the process approach, when compared to other approaches, is in the
management and control of the interactions between these processes and the interfaces between
the functional hierarchies of the organization (as further explained in section 4).
Figure 1 - Generic process
Inputs and intended outputs may be tangible (such as equipment, materials or components) or
intangible (such as energy or information). Outputs can also be unintended, such as waste or
pollution.
Each process has customers and other interested parties (who may be either internal or external to
the organization), with needs and expectations about the process, who define the required outputs
of the process.
A system should be used to gather data to provide information about process performance, which
should then be analyzed to determine if there is any need for corrective action or improvement.
All processes should be aligned with the objectives, scope and complexity of the organization, and
should be designed to add value to the organization.
Process effectiveness and efficiency can be assessed through internal or external review
processes.
3. Types of processes
3.1 References to processes in ISO 9001:2008:
ISO 9001:2008 states:
In sub clause 0.1 General: “The design and implementation of an organization‘s quality
management system is influenced by: its business environment, changes in that environment, or
risks associated with that environment; its varying needs; its particular objectives; the products it
provides; the processes it employs; its size and organizational structure. It is not the intent of this
International Standard to imply uniformity in the structure of quality management systems or
uniformity of documentation”.
In sub clause 0.2 Process Approach: “The application of a system of processes within an
organization, together with the identification and interactions of these processes, and their management to produce the desired outcome, can be referred to as the “process approach“.
In sub clause 4.1 General requirements: “The organization shall establish, document, implement
and maintain a quality management system and continually improve its effectiveness in accordance
with the requirements of this International Standard. The organization shall:
a) determine the processes needed for the quality management system and their application
throughout the organization (see 1.2),
b) determine the sequence and interaction of these processes,
c) determine criteria and methods needed to ensure that both the operation and control of these
processes are effective,
d) ensure the availability of resources and information necessary to support the operation and
monitoring of these processes,
e) monitor, measure (where applicable), and analyse these processes, and
f) implement actions necessary to achieve planned results and continual improvement of these
processes.
These processes shall be managed by the organization in accordance with the requirements of this
International Standard”.
Based on the above, each organization should define the number and type of processes needed to
fulfil its business objectives. It is permissible for a process that is required by ISO 9001:2008 to be
part of a process (or processes) that is already established by the organization, or to be defined by
the organization in terms that are different to those in ISO 9001.
3.2 Typical types of processes that can be identified:
In accordance with 3.1 above, organizations have to define the number and types of processes
needed to fulfil their business objectives. While these will be unique to each organization, it is
however possible to identify typical processes, such as:
Processes for the management of an organization. These include processes relating to strategic
planning, establishing policies, setting objectives, ensuring communication, ensuring availability of
resources for the other organization’s quality objectives and desired outcomes and for
management reviews.
Processes for managing resources. These include all the processes that are necessary to
provide the resources needed for the organization’s quality objectives and desired outcomes.
Realization processes. These include all processes that provide the desired outcomes of the
organization.
Measurement, analysis and improvement processes. These include the processes needed to
measure and gather data for performance analysis and improvement of effectiveness and
efficiency. They include measuring, monitoring, auditing, performance analysis and improvement
processes (e.g. for corrective and preventive actions). Measurement processes are often
documented as an integral part of the management, resource and realization processes; whereas
analysis and improvement processes are treated frequently as autonomous processes that
interact with other processes, receive inputs from measurement results, and send outputs for the
improvement of those processes.
4. Understanding the process approach
A process approach is a powerful way of organizing and managing activities to create value for the
customer and other interested parties.
Organizations are often structured into a hierarchy of functional units. Organizations are usually
managed vertically, with responsibility for the intended outputs being divided among functional
units.
The end customer or other interested party is not always visible to all involved. Consequently,
problems that occur at the interface boundaries are often given less priority than the short-term
goals of the units. This leads to little or no improvement to the interested party, as actions are
usually focused on the functions, rather than on the intended output.
The process approach introduces horizontal management, crossing the barriers between different functional units and unifying their focus to the main goals of the organization.
It also improves the management of process interfaces (see Figure 2).
Figure 2 - Example of Process linkages across departments in an organization.
The performance of an organization can be improved through the use of the process approach.
The processes are managed as a system, by creating and understanding a network of the
processes and their interactions.
Note: The consistent operation of this network is often referred to as the "system approach" to
management.
The outputs from one process may be inputs to other processes and interlinked into the overall
network or system (for generic examples, see Figure 3 and Figure 4).
Figure 3 - Example of a generic process sequence
Figure 4 - Example of a process sequence and its interactions
5. Implementing the process approach
The following implementation methodology can be applied to any type of process. The step
sequence is only one method and is not intended to be prescriptive. Some steps may be carried
out simultaneously.
5.1. Identification of processes of the organization
Steps in the
process
approach
What to do? Guidance
5.1.1
Define the
purpose of the
organization
The organization should
identify its customers and
other interested parties as well
as their requirements, needs
and expectations to define the
organization's intended
outputs.
Gather, analyze and determine customer and
other interested parties requirements, and other
needs and expectations. Communicate
frequently with customers and other interested
parties to ensure continual understanding of their
requirements, needs and expectations.
Determine the requirements for quality
management, environmental management,
occupational health and safety, management,
business risk, social responsibilities and other
management system disciplines that will be
applied within the organization.
5.1.2
Define the policies
and objectives of
the organization
Based on analyses of the
requirements, needs and
expectations, establish the
organization's policies and
objectives
Top management should decide which markets
the organization should address and develop
relevant policies. Based on these policies,
management should then establish objectives for
the intended outputs (e.g. products,
environmental performance, occupational health
and safety performance)
5.1.3
Determine the
processes in the
organization
Determine all the processes
needed to produce the
intended outputs.
DDetermine the processes needed for achieving
the intended outputs. These processes include
Management, Resources, Realization and
Measurement, Analysis and Improvement.
Identify all process inputs and outputs, along with
the suppliers, customers and other interested
parties (who may be internal or external).
5.1.4
Determine the
sequence of the
processes
Determine how the processes
flow in sequence and
interaction
Define and develop a description of the network
of processes and their interaction.Consider the
following:
- The customer of each process,
- The inputs and outputs of each process,
- Which processes are interacting,
- Interfaces and what are their characteristics,
- Timing and sequence of the interacting
processes,
- Effectiveness and efficiency of the sequence.
Note: As an example, a realization process that
results in an output, such as product delivered to
a customer, will interact with other processes
(such as the management, measurement and
monitoring, and resource provision processes).
Methods and tools such as block diagrams,
matrix and flowcharts can be used to support the
development of process sequences and their
interactions.
5.1.5
Define process
ownership
Assign responsibility and
authority for each process
Management should define individual roles and
responsibilities for ensuring the implementation,
maintenance and improvement of each process
and its interactions. Such an individual is usually
referred to as the "process owner".
To manage process interactions, it may be useful
to establish a "process management team", that
has an overview across all the processes, and
which includes representatives from each of the
interacting processes.
5.1.6
Define process
documentation
Determine those processes
that are to be documented and
how they are to be
documented.
Processes exist within the organization and the
initial approach should be limited to identifying
and managing them in the most appropriate way.
There is no "catalogue", or list of processes, that
have to be documented.
The main purpose of documentation is to enable
the consistent and stable operation of the
processes.
The organization should determine which
processes are to be documented, on the basis of:
- The size of the organization and its type of
activities,
- The complexity of its processes and their
interactions,
- The criticality of the processes, and·
- The availability of competent personnel.
When it is necessary to document processes, a
number of different methods can be used such
as graphical representations, written instructions,
checklists, flow charts, visual media, or electronic
methods.
Note: For more guidance see the ISO 9000
Introduction and Support Package module
Guidance on the Documentation Requirements
of ISO 9001:2008
5.2 Planning of a process
Steps in the
process
approach
What to do? Guidance
5.2.1
Define the
activities within
the process
Determine the activities needed to achieve the
intended outputs of the process
Define the required inputs and
outputs of the process.
Determine the activities
required to transform the
inputs into the required
outputs.
Determine and define the
sequence and interaction of
the activities within the
process.
Determine how each activity
will be performed.
Note: In some cases, the
customer may specify the way
the process is to be
performed.
5.2.2 Determine where and how monitoring and Identify the measures and
Define the
monitoring and
measurement
requirements
measuring should be applied. This should be both
for control and improvement of the processes and
the intended process outputs. Monitoring is
always applicable but measurement may not be
practicable or even possible. Nevertheless
measurement gives more objective data on the
performance of the process and it is a powerful
management and improvement tool.
Determine the need for recording results.
monitoring criteria for process
control and process
performance, to determine the
effectiveness and efficiency of
the process, taking into
account factors such as:
- Conformity with
requirements,
- Customer satisfaction,
- Supplier performance,
- On time delivery,
- Lead times,
- Failure rates,
- Waste,
- Process costs,
- Incident frequency.
5.2.3
Define the
resources needed
Determine the resources needed for the effective
operation of each process
Examples of resources
include:
- Human resources,
- Infrastructure,
- Work environment,
- Information,
- Natural resources,
- Materials,
- Financial resources
5.2.4
Verify the process
and its activities
against its
planned
objectives
Confirm that the characteristics of the processes
are consistent with the purpose of the
organization (see 5.1.1)
Verify that all the
requirements identified in
5.1.1 are satisfied. If not,
consider what additional
process activities are required
and return to 5.2.1 to improve
the process.
5.3. Implementation and measurement of the process
Implement the processes and their activities as planned.
The organization may develop a project for implementation that includes, but is not limited to
Communication,
Awareness,
Training,
Change management,
Management involvement,
Applicable review activities.
Apply the controls, and perform the monitoring and measurements as planned.
5.4. Analysis of the process
Analyze and evaluate process information obtained from monitoring and measuring data, in order
to quantify process performance. Where appropriate, use statistical methods.
Compare the results of process performance information with the defined requirements of the
process, to confirm process effectiveness and efficiency and to identify any need for corrective
action.
Identify process improvement opportunities based on the results of the analysis of process
information.
Report to top management, and other relevant people in the organization, on the performance of
the process, as appropriate.
5.5. Corrective action and improvement of the process
Whenever corrective actions are needed, the method for implementing them should be defined.
This should include the identification and elimination of the root causes of the problems (e.g. errors,
defects, lack of adequate process controls). The effectiveness of the actions taken should be
reviewed. Implement the corrective actions and verify their effectiveness according to plan.
When planned process outcomes are being achieved and requirements fulfilled, the organization
should focus its efforts on actions to improve process performance to higher levels, on a continual
basis.
The method for improvement should be defined and implemented (examples of improvements
include: process simplification, enhancement of efficiency, improvement of effectiveness, reduction
of process cycle time). Verify the effectiveness of the improvement.
Risk analysis tools may be employed to identify potential problems. The root cause(s) of these
potential problems should also be identified and eliminated, preventing occurrence in all processes
with similarly identified risks.
The Plan-Do-Check-Act (PDCA) methodology can be a useful tool to define, implement and control
corrective actions and improvements. Extensive literature exists about the PDCA cycle in
numerous languages.
PLAN >> Establish the objectives and processes necessary to
deliver results in accordance with customer, statutory and regulatory requirements and the
organization's policies;
DO >> Implement the processes;
CHECK >> Monitor and measure processes and product against policies, objectives and
requirements for the product and report the results;
ACT >> Take actions to continually improve process performance;”
The PDCA is a dynamic methodology that can be deployed within each of the organization’s
processes and across their interactions. It is intimately associated with planning, implementation,
verification and improvement.
Maintaining and improving process performance can be achieved by applying the PDCA concept at
all levels within an organization. This applies equally to all processes, from high-level strategic
processes to simple operational activities.
Introduction and support package :Guidance on 'Outsourced processes'
Document: ISO/TC 176/SC 2/N 630R3
October 2008
1. Introduction
The aim of this document is to provide guidance on the intent of ISO 9001:2008 clause 4.1,
regarding the control of outsourced processes.
ISO 9001:2008 clause 4.1 states:
“Where an organization chooses to outsource any process that affects product conformity to
requirements, the organization shall ensure control over such processes. The type and extent of
control to be applied to these outsourced processes shall be defined within the quality management
system.
NOTE 1: Processes needed for the quality management system referred to above include
processes for management activities, provision of resources, product realization and measurement,
analysis and improvement.
NOTE 2: An “outsourced process” is a process that the organization needs for its quality
management system and which the organization chooses to have performed by an external party.
NOTE 3: Ensuring control over outsourced processes does not absolve the organization of the
responsibility of conformity to all customer, statutory and regulatory requirements. The type and
extent of control to be applied to the outsourced process may be influenced by factors such as:
a) the potential impact of the outsourced process on the organization’s capability to provide product
that conforms to requirements;
b) the degree to which the control for the process is shared;
c) the capability of achieving the necessary control through the application of clause 7.4.”
2. Guidance
2.1 What is an “outsourced process”?
The Oxford English Dictionary defines the verb “outsource” as “to obtain….. by contract from a
source outside the organization or area; to contract (work) out”
As now defined in ISO 9001:2008 Sub clause 4.1 NOTE 2, an “outsourced process” is a process
that the organization needs for its quality management system and which the organization chooses
to have performed by an external party.
Note: ISO 9000:2005 clause 3.4.1 defines “process” as “set of interrelated or interacting activities
which transforms inputs into outputs”.
An outsourced process can be performed by a supplier that is totally independent from the
organization, or which is part of the same parent organization (e.g. a separate department or
division that is not subject to the same quality management system). It may be provided within the
physical premises or work environment of the organization, at an independent site, or in some other
manner.
2.2 Intent of Clause 4.1
The intent of Clause 4.1 of ISO 9001:2008 is to emphasize that when an organization chooses to
outsource (either permanently or temporarily) a process that affects product conformity with
requirements (see ISO 9001:2008 clause 7.2.1), it can not simply ignore this process, nor exclude it
from the quality management system.
The organization has to demonstrate that it exercises sufficient control to ensure that this process is performed according to the relevant requirements of ISO 9001:2008, and any other requirements
of the organization’s quality management system. The nature of this control will depend on the
importance of the outsourced process, the risk involved, and the competence of the supplier to
meet the process requirements. Based on the nature of the control, it should consider the
processes referred to quality management system for management activities, provision of
resources, product realization and measurement, analysis and improvement. The outsourced
organization does not necessarily have to have a certified Quality Management System, but it has
to demonstrate the capability of the previously mentioned processes.
Outsourced processes will interact with other processes from the organization's quality
management system (these other processes may be carried out by the organization itself, or may
themselves be outsourced processes). These interactions also need to be managed (see ISO
9001:2008 clause 4.1 (a) and (b)).
2.3 Control of outsourced processes
2.3.1 The acquisition of outsourced processes will normally be subject to the capability of
achieving the necessary control through the application of requirements of both ISO 9001:2008
clause 7.4 (Purchasing) and clause 4.1 (General Requirements)
As mentioned in the Note, in some situations, the organization might not “purchase” the outsourced
process in the traditional sense; it might, for example, receive the service from a corporate head
office or from another division within a group of organizations, without any monetary transaction
taking place (see 2.1 above). Under these circumstances, however, ISO 9001:2008 Clauses 7.4
and 4.1 are still applicable.
2.3.2 There are two situations that frequently need to be considered when deciding the
appropriate level of control of an outsourced process:
When an organization has the competence and ability to carry out a process, but chooses to
outsource that process (for commercial or other reasons).
In this situation the process control criteria should already have been defined, and can be
transposed into requirements for the supplier of the outsourced process, if necessary.
When the organization does not have the competence to carry out the process itself, and
chooses to outsource it.
In this situation the organization has to ensure that the controls proposed by the supplier of the
outsourced process are adequate. In some cases it may be necessary to involve external
specialists in making this evaluation.
2.3.3 It may be convenient, or even necessary, to define some or all of the methods to be used
for control of the outsourced processes in a contract between the organization and the supplier.
The potential impact of the outsourced process is based on the outsourcing’s capability to provide
product that conforms to requirements. Care should be taken, however, not to inhibit the supplier
from proposing innovations to the outsourced process.
The organization’s control of the outsourced process has to be based on the need for product
conformity to requirements.
Ensuring control over outsourced processes does not absolve the organization of the responsibility
of conformity to all customer, statutory and regulatory requirements.
2.3.4 In some situations it might not be possible to verify the output from the outsourced process
by subsequent monitoring or measurement. In these cases, the organization needs to ensure that
the control over the outsourced process includes process validation in accordance with ISO
9001:2008 clause 7.5.2.
Introduction and support package:Implementation guidance for ISO 9001:2008
Document: ISO/TC 176/SC 2/N836
October 2008
1. Introduction
This Implementation Guidance has been developed to assist users in understanding the issues that
need to be considered during the co-existence period between ISO 9001:2000 and ISO 9001:2008.
While the changes between ISO 9001:2000 and ISO 9001:2008 are expected to have a limited
impact on users, some arrangements regarding implementation are needed.
Note: To reflect the limited scope of the changes the term “implementation” is now being used to
make a clear distinction with the former “transition” from ISO 9001:1994 to ISO 9001:2000, when
there were significant changes throughout the standard.
A wide diffusion of this implementation guidance is recommended, in particular the comparison
table between ISO 9001:2008 and ISO 9001:2000, given in Annex B to ISO 9001:2008.
ISO 9001:2008 has been developed in order to introduce clarifications to the existing requirements
of ISO 9001:2000 and to improve compatibility with ISO 14001:2004. ISO 9001:2008 does not
introduce additional requirements nor does it change the intent of the ISO 9001:2000 standard.
Certification to ISO 9001:2008 is not an “upgrade”, and organizations that are certified to ISO
9001:2000 should be afforded the same status as those who have already received a new
certificate to ISO 9001:2008
No new requirements were introduced in this edition but, in order to benefit from the clarifications of
ISO 9001:2008, users of the former version will need to take into consideration whether the
clarifications introduced have an impact on their current interpretation of ISO 9001:2000, as
changes may be necessary to their QMS
2. Background to the ISO 9001:2008 revision process
In order to assist organizations to have a full understanding of the new ISO 9001:2008, it may be
useful to have an insight on the revision process, how this revision reflects the inputs received from
users of the standard, and the consideration given to benefits and impacts during its development.
Prior to the commencement of a revision (or amendment) to a management system standard,
ISO/Guide 72:2001, Guidelines for the justification and development of management system
standards recommends that a “Justification Study” is prepared to present a case for the proposed
project and that it outlines details of the data and inputs used to support its arguments. In relation to
the development of ISO 9001:2008 user needs were identified from the following:
the results of a formal “Systematic Review” on ISO 9001:2000 that was performed by the
members of ISO/TC 176/SC2 during 2003-2004
feedback from the ISO/TC 176/Working Group on “Interpretations”
the results of an extensive worldwide “User Feedback Survey on ISO 9001 and ISO 9004” by
ISO/TC 176/SC 2/WG 18 and similar national surveys.
The Justification Study identified the need for an amendment, provided that the impact on users
would be limited and that changes would only be introduced when there were clear benefits to
users.
The key focuses of the ISO 9001:2008 amendment were to enhance the clarity of ISO 9001:2000
and to enhance its compatibility with ISO 14001:2004.
A tool for assessing the impacts versus benefits for proposed changes was created to assist the
drafters of the amendment in deciding which changes should be included, and to assist in the
verification of drafts against the identified user needs. The following decision making principles
were applied:
1. No changes with high impact would be incorporated into the standard;
2. Changes with medium impact would only be incorporated when they provided a correspondingly
medium or high benefit to users of the standard;
3. Even where a change was low impact, it had to be justified by the benefits it delivered to users,
before being incorporated.
The changes incorporated in this ISO 9001:2008 edition were classified in terms of impact into the
following categories:
No changes or minimum changes on user documents, including records
No changes or minimum changes to existing processes of the organization
No additional training required or minimal training required
No effects on current certifications
The benefits identified for the ISO 9001:2008 edition fall into the following categories:
Provides clarity
Increases compatibility with ISO 14001.
Maintains consistency with ISO 9000 family of standards.
Improves translatability.
3. User groups
3.1 Individual organizations using ISO 9001 (including industry associations)
a) Current Users of ISO 9001:2000
This user group is defined as having completed or being in the process of implementing ISO
9001:2000, regardless of whether they are certified or not, or whether they intend to be certified or
not.
b) New Users
A New User is defined as an organisation that is either beginning to use ISO 9001:2000 or ISO
9001:2008 for the first time or is a potential user of the standard in the future.
c) Users of Industry Sector Schemes, based on ISO 9001:2000
This user group is defined as those using quality management system programmes based on ISO
9001:2000 that include additional quality management system requirements, that can either be
certified or accredited under the guidance of a particular Industry Sector Scheme (e.g. ISO/TS
16949 Quality systems – Automotive suppliers – Particular requirements for the application of ISO
9001:2000).
3.2 Other user groups
These are defined as being:
1. National Standards Bodies (NSBs)
2. Accreditation Bodies (ABs)
3. Certification/Registration Bodies (CB/RBs)
4. Trainers and Consultants
4. Implementation guidance
4.1 Generic guidance
All users groups are strongly advised to note the Joint IAF-ISO communiqué for Implementation of
accredited certification to ISO 9001:2008, which details the agreed implementation plan for
accredited certification as follows:
Accredited certification to ISO 9001:2008 shall not be granted until the publication of ISO 9001:2008 as an International Standard. Certification of conformity to ISO 9001:2008 and/or national equivalents shall only be issued after
official publication of ISO 9001:2008 (which should take place before the end of 2008) and after a
routine surveillance or re-certification audit against ISO 9001:2008.
Validity of certifications to ISO 9001:2000One year after the publication of ISO 9001:2008 all accredited certifications issued (new
certifications or re-certifications) shall be to ISO 9001:2008.
Twenty four months after publication by ISO of ISO 9001:2008, any existing certification issued to
ISO 9001:2000 shall not be valid.
Figure 1 - Implementation timetable for ISO 9001:2008, for all user groups
To benefit from the clarifications introduced into ISO 9001:2008, users (from all user groups)
should note the recommendations given in the table below. Recommendations for specific user
groups are given in section 4.2 further down.
>> Get acquainted with the new edition of the standard. Use Annex B in ISO 9001:2008 to facilitate
identification of the clarifications
>> Was your former interpretation of ISO 9001:2000 different from the clarifications provided by
ISO 9001:2008 ?
>> If not, communicate to both internal and external parties the conclusion and results of your
implementation of ISO 9001:2008.
>> If yes, determine the impact of the clarifications of the new version on your current use of ISO
9001 and plan any necessary remedial actions.
>> Use the Plan-Do-Check-Act methodology to manage the implementation of your remedial
actions, but keep in mind the timeframe provided in Figure 1.
Note that the actions may need to vary according to your user group (see 4.2 below).
4.2 Guidance for specific user groups
These recommendations complement the generic guidance to all user groups given in section 3.0
above.
4.2.1 Organizations using ISO 9001:2000
a) Current users
Organisations that are already certified to ISO 9001:2000 should contact their
certification/registration bodies (CB/RB) to agree a programme for analysing the clarifications in
ISO 9001:2008 in relation to their individual quality management systems and for upgrading their
certificates.
Certified organizations should bear in mind that ISO 9001:2000 certificates have the same status
as new ISO 9001:2008 certificates during the co-existence period.
Organizations in the process of certification to ISO 9001:2000 should change to using ISO
9001:2008 and apply for certification to it.
b) New users
New users should start by using ISO 9001:2008.
c) Industry Sector Schemes
Users of specific sector schemes are recommended to refer to the organization that is responsible
that sector scheme’, e.g. for:
ISO/TS 16 949 refer to the IATF,
TL 9000 refer to the QuEST Forum
AS 9000/ EN 9100 refer to the IAQG
4.2.2 National Standards Bodies
Information regarding the 2008 edition of ISO 9001 should be communicated to standard users, in
a timely manner, by the national standards bodies (NSBs). It is recommended that NSB actions be
synchronized with the information flows from ISO and ISO/TC 176.
NSBs are responsible, at a national level, for communicating the issues regarding the changes
from ISO 9001:2000 to ISO 9001:2008 to all interested parties and for providing translations of the
new edition of the standard in their national languages. It is recommended that they coordinate
their communications regarding these issues with other local interested parties (for example: ABs,
CB/RBs, professional quality associations, etc.).
Translation Issues - If a requirement for translation of the new standards exists, the translation
process should be started as early as possible, in order to provide the equivalent national edition as
soon as possible.
An NSB should analyse if there are interpretation problems in the national ISO 9001:2000 version
due to former translation problems. In affirmative cases the NSB should carry out an extensive
translation of the standard. If interpretation divergences still remain, the NSB is recommended to
apply for clarification to the “ISO/TC 176, Interpretations Working Group” using the established
“Interpretations” process.
If an NSB has no translation problem with its version of ISO 9001:2000 it can use Annex B to ISO
9001:2008 as a quick guide for preparing its translation of the standard.
4.2.4 Accreditation Bodies
ABs should refer to the joint IAF-ISO communiqué for the implementation of accredited certification
to ISO 9001:2008 (see 4.1 above).
4.2.5 Certification Bodies
CBs should refer to the joint IAF-ISO communiqué for the implementation of accredited certification
to ISO 9001:2008 (see 4.1 above).
CBs should remember that certificates of conformity to ISO 9001:2008 and/or its national
equivalent adoptions can only be issued after the official publication of the amended standard.
It is important that accredited certification bodies ensure that their auditors are aware of the
clarifications introduced in ISO 9001:2008, and their implications, prior to conducting audits to that
standard.
4.2.6 Training Bodies and Consultants
All trainers and consultants should be aware of the clarifications in ISO 9001:2008. All training
bodies and consultants are recommended to determine the need for updating training programs
and documentation, or any other changes necessary, to the services they provide.
5.0 Frequently asked questions
While this Implementation Guidance provides recommendations on a number of issues facing the
different user groups during the co-existence period, it does not address more general questions
about the ISO 9000 standards. Instead ISO/TC 176/SC 2 has prepared a set of frequently asked
questions (FAQs) to provide such advice.
It is expected that the FAQs will be updated on a more regular basis than this Implementation
Guidance. For the latest version of the FAQs, reference should be made to the open access web
site at www.iso.org/tc176/sc2
6.0 Authenticity of information regarding ISO 9001:2008
The first point of contact for information regarding the requirements of ISO 9001:2008 should be
your National Standards Body (for a listing of ISO’s member National Standards Bodies, see
www.iso.org/iso/about/iso_members.htm).
Other recommended sources of information are:
ISO’s Web site provides general information regarding ISO 9001:2008 and the ISO 9004
revision programme (as well as details of its member National Standards Bodies).
The ISO/TC176 Web site www.tc176.org provides more specific information on the structure
and work programme of ISO/TC176, and on the formal “interpretations” issued on ISO 9001
The ISO/TC176/SC2 Web site, www.iso.org/tc176/sc2 provides detailed information on the ISO
9001/9004 revision program, updated on a regular basis