questions 12..15

76
[QUESTION 12] SUNDAY, AUGUST 16, 2009 QUALITY POLICY AND QUALITY OBJECTIVES IN ISO 9001:2008 K. R. Singhal QUALITY POLICY Let us begin with the concept of quality policy in QMS. The quality policy of an organization shapes approach of the organization to its customers. A quality policy establishes: (i) a commitment to quality, (ii) a commitment to continual improvement of the quality management system, (iii) the context for quality objectives, and (iv) how the organization’s objectives relate to customers’ requirements. A quality policy of an organization must meet the following minimum criteria: (a) It should be linked to overall organizational goals, (b) It should be relevant to the needs and expectations of the customers of the organization. Accordingly, the quality policy of an organization must provide a framework for establishing and reviewing organization’s quality objectives. A quality policy should also include explicit commitments to customer satisfaction and continual improvement. Quality policy of an organization should have a clear statement of outcomes. The policy should have understood by the staff of the organization. Product quality depends both on perceived customer satisfaction and on well motivated staff. Here it should be noted that the term ‘customer satisfaction’ could refer to both types of customers: (a) internal customers (staff of the organization), and (b) external customers (who buy product from the organization by paying the value). There may be a situation that your organization may not have a quality policy, then you should try to develop a quality policy for your organization. It is often useful to first develop the overall organization’s policy, including policies for marketing, sales, production, finance etc. This exercise could make the quality policy easier to prepare. Organization’s commitment to quality should describe

Upload: ryder3901

Post on 14-May-2017

216 views

Category:

Documents


2 download

TRANSCRIPT

Page 1: Questions 12..15

[ Q U E S T I O N 1 2 ]

S U N D A Y , A U G U S T 1 6 , 2 0 0 9

QUALITY POLICY AND QUALITY OBJECTIVES IN ISO 9001:2008

K. R. Singhal

QUALITY POLICY

Let us begin with the concept of quality policy in QMS. The quality policy of an organization shapes approach of the organization to its customers. A quality policy establishes: (i) a commitment to quality, (ii) a commitment to continual improvement of the quality management system, (iii) the context for quality objectives, and (iv) how the organization’s objectives relate to customers’ requirements.

A quality policy of an organization must meet the following minimum criteria:(a) It should be linked to overall organizational goals,(b) It should be relevant to the needs and expectations of the customers of the organization.

Accordingly, the quality policy of an organization must provide a framework for establishing and reviewing organization’s quality objectives.

A quality policy should also include explicit commitments to customer satisfaction and continual improvement. Quality policy of an organization should have a clear statement of outcomes. The policy should have understood by the staff of the organization.

Product quality depends both on perceived customer satisfaction and on well motivated staff. Here it should be noted that the term ‘customer satisfaction’ could refer to both types of customers: (a) internal customers (staff of the organization), and (b) external customers (who buy product from the organization by paying the value).

There may be a situation that your organization may not have a quality policy, then you should try to develop a quality policy for your organization. It is often useful to first develop the overall organization’s policy, including policies for marketing, sales, production, finance etc. This exercise could make the quality policy easier to prepare. Organization’s commitment to quality should describe organization’s overall vision of what quality means to organization’s business and its customers. Clause 4.2.1 of ISO 9001:2008 Standard requires organization to document quality policy statement.

Clause 5.3 of ISO 9001:2008 Standard frames requirements with regard to quality policy, which include to ensure that quality policy is (i) appropriate to the purpose of the organization, (ii) includes a commitment to comply with requirements and continually improve the effectiveness of the quality management system, (iii) provides a framework for establishing and reviewing quality objectives, (iv) is communicated and understood within the organization, and (v) is reviewed for continuing suitability.

Page 2: Questions 12..15

Tony Johnston (AJ Quality Management Consulting, Ireland) describes his three fold approach to writing a quality policy – (i) Write quality policy in a language that anyone can understand, (ii) Quality policy should be relative to the organization and believe by its employees when they read it, and (iii) It should make reference to the eight quality management principles, namely customer focus, leadership (management commitment), process approach, continual improvement, factual approach to decision making, mutually beneficial supplier relationship, system approach to management, and involvement of people. The quality policy should be endorsed by the managing director and it should be reviewed at least annually for suitability and updated if necessary.

While the John’s approach is good for writing quality policy and in addition to his approach if a reference for establishing and reviewing quality objectives is given in the quality policy, then it will be better.

If your organization has a quality policy, then you should evaluate your quality policy. Evaluate, whether your quality policy clearly linked to your overall organizational goals. If quality policy of your organization is not linked to your organizational goals, then you need to re-examine your policy and goals. Also find out answers to following questions:- Does the quality policy include commitment to customer satisfaction?- Does the quality policy include commitment to continual improvement?- Does the quality policy include aspects of service quality that are to be emphasized?- Does the quality policy include benefits for customers (quality outcomes)?- Is the quality policy focused on maximizing customer satisfaction with the services received?- Is the quality policy focused on maximizing customer satisfaction with the service received?- Is the quality policy focused on maximizing staff morale in providing client services?

On the basis of answers to above questions, you may wish to revise the quality policy of your organization.

An illustration of a Quality Policy

…. (name of the organization) …. is committed in achieving customer satisfaction by providing … (the quality characteristics of product provided by the organization) …. For our customers, in context of continual improvement, so that our customers will … (outcomes in relation to customers’ needs / expectations to be met) ….

Another illustration of Quality Policy

We, … (name of the organization) …, manufactures … (name of the products) …. We manufacture and market these products both for domestic and abroad markets. Our purpose is to produce products to satisfy needs of our customers. We continually improve our products and services to satisfy needs of our customers better. Our quality management system is designed to ensure the maintenance of the product quality through evaluation, inspection and verification processes at all stages of production.

We are committed to comply with customer as well as legal requirements and also

Page 3: Questions 12..15

committed to continually improve the effectiveness of our quality management system. Our organization has decided to achieve quality objectives as set in the documented statement of quality objectives. The top management of our organization in the meeting of board of directors, at least once in every six months, reviews the quality management system of our organization.

QUALITY OBJECTIVES

ISO 9001:2008 QMS Standard requires that organization develop measurable quality objectives, consistent with the quality policy of the organization. Internal and external auditors review quality objectives at each audit to see if they are being met. For planning of the quality management system, it is necessary to establish measurable quality objectives. Requirements with respect to quality objectives are mentioned in clause 5.4.1 of ISO 9001:2008 Standard.

The top management of the organization needs to establish quality objectives. Top management of the organization must ensure that quality objectives (including those needed to meet requirements for the product) are established at relevant functions and levels within the organization. The quality objectives must be measurable and consistent with the quality policy of the organization. Clause 7.1 (a) of ISO 9001:2008 QMS Standard lays down that in planning product realization, the organization must determine quality objectives and requirements for the product. It is evident from this clause that the ISO 9001:2008 Standard now calls for objectives not only for the quality management system but also for the product.

Now questions arise:- How to set or develop quality objectives?- How to monitor quality objectives?

Developing Quality Objectives

Developing quality objectives provides the organization with the opportunity to identify areas of inefficiency. The organization can address such areas to improve customer satisfaction. The Management Representative of the organization should frame a committee (with the approval of the top management) for developing quality objectives. This committee should have members from all departments of the organization. The committee members should have conceptual knowledge on ISO 9001:2008 QMS Standard and also on eight quality management principles.

Members of the committee should be advised to frame quality objectives for their respective departments. Management Representative should act as a convener and call a meeting to finalize the quality objectives. Quality objectives finalized in such meeting should be sent to the top management for considering the same in the management review meeting and finalizing them as organization’s quality objectives.

For developing measurable quality objectives for your organization, you may use a worksheet. Worksheet for creating quality objectives may be as under:- List specific measurable activities that would improve customer satisfaction. Example – Responding to customer’s complaint on the day of its receipt, replying to letters within three days of receipt.- List specific measurable activities that would improve staff morale. Example – Monthly staff feedback on their performance.- List specific measurable activities that would improve staff efficiency. Example –

Page 4: Questions 12..15

Providing computer training to staff.

From the answers that you would have listed for above questions, you may select quality objectives clearly linked to the quality policy of the organization and for each quality objective, you should specify:- What is to be done?- How often the organization will achieve the level of performance?- The date by which the organization will achieve that level of performance.

On careful study of clause 7.1 (a) of ISO 9001:2008 Standard, you will find that the standard calls for quality objectives not only for the quality management system but also for the product. Quality objectives need to be realistic and related to achievable outcomes, such as:- Meeting agreed customer requirements for delivery or other product characteristics within a certain percentage of time.- Meeting regulatory and other requirements for product and services.- Meeting the planned schedule for achieving the quality objectives targets.- Identifying opportunities for improvement.- Minimizing the cost of poor quality, rework or scrap.- Identifying new opportunities.

The Standard also requires that relevant objectives be established at appropriate parts of the organization. For example – Process performance targets, continual improvement targets be established at human resources, production, sales departments.

When setting up quality objectives, look for activities or indicators that employees can relate to and that can be measured. A few examples may be:- Reducing the production time- Achieving no failures or defects in production- Achieving cost reduction- Improving productivity- Increasing market share

It is very important point that people in the organization must be aware of how they contribute to the achievement of the quality objectives. Therefore, employees in the organization must know and understand the specific quality objectives that have been set up for their functions and level and how they can achieve them. For awareness of quality objectives, specific training sessions or campaigns may be organized.

At the service delivery, customer interface or at the production line, quality objectives should be very simple and direct.

Think carefully about the quality objectives set by you for the organization and the timeframe you intend to allow for them to be achieved. Keep in mind that quality objectives must be measurable. The organization should be able to check that the organization is achieving the objective and, if not, what the organization is going to do about the quality management system.

Monitoring Quality Objectives

It is the intention of the ISO 9001:2008 QMS Standard that the organization is producing quality product. Monitoring and measurement activities are planned and carried out to carefully improve. Question arises – how to monitor quality objectives?

Page 5: Questions 12..15

If we carefully read clause 5.6.1 of ISO 9001:2008 QMS Standard, we will come to know that it is the responsibility of the top management to ensure continuing suitability, adequacy and effectiveness of the QMS and to review the organization’s quality management system at planned intervals. Review must include assessing opportunities for improvement and need for changes to the quality management system, including the quality policy and quality objectives.

Quality objectives may be monitored from the input information received from the following:- Internal and external audits- Customer feedback- Process performance reports- Product conformity reports

A Management Representative (MR) acts a link person between the top management and the organization. His role is very important for maintaining and improving the quality management system in the organization. It is the duty of the Management Representative to report to the top management on the performance of the quality management system and any need for improvement. Accordingly, he should monitor quality objectives from the input information received from various corners.

It is also important to tell employees in the organization regularly how well specified quality objectives are being met and where improvements are required. Quality objectives must be reviewed and revised from time to time as part of the continual improvement process.

Courtesy Source References

- ISO 9001:2008 QMS Standard- ISO 9004:2000- ISO 9001 for small businesses – What to do (Joint publication from International Organization for Standardization and International Trade Centre UNCTAD / WTO)- ISO 9001:2000 – A workbook for service organizations (Joint publication from International Organization for Standardization and International Trade Centre UNCTAD / WTO)- ISO 9001 Fitness Checker – A practical, easy to use checklist designed to help SMEs assess their readiness for ISO 9001 certification- Implementing ISO 9001:2000 Quality Management System – A Reference Guide, Dr. Divya Singhal and K. R. Singhal (Publication from PHI Learning Pvt. Ltd., New Delhi) - Comments from Mr. Tony Johnston (Ireland)

Note

Author’s profile may be seen at http://www.linkedin.com/in/krsinghal

Posted by National Centre for Quality Management, Ajmer Centre at 8:29 AM Labels: Write-up

2 comments:

Jim said...

Page 6: Questions 12..15

The ISO 9001 process provides a robust framework for improving every organisation’s quality system by adopting 8 quality management principles:

* Customer focus* Leadership* Involvement of people* Documented processes* Integrated systems* Continuous improvement* A factual approach to decision making* Mutually beneficial supplier relationships

[Question 13]ISO 9001 was first published in 1987. Later, it went through three revisions in 1994, 2000 and 2008. The latest version version of the ISO 9001 standard was published on 14th November 2008. This is the structure of the standard:

Clause 1 Scope Clause 2 Normative reference Clause 3 Terms and definitions Clause 4 Quality management system Clause 5 Management responsibility Clause 6 Resource management Clause 7 Product realization Clause 8 Measurement, analysis and improvement

This list of Frequently Asked Questions (FAQs) has been prepared by ISO/TC 176/SC 2 to support

the publication of ISO 9001:2008 and the revision of ISO 9004. Input has been obtained from

experts and users of the ISO 9000 standards, expressed during seminars and presentations

around the world.

The list will be reviewed and updated on a regular basis to maintain its accuracy, and to include

new questions where appropriate.  It is intended that this list will also provide a good source of

information for new users of the standards.

For the latest version of the FAQs, reference should be made to the open access web site at

www.iso.org/tc176/sc2.

1.    What is ISO?

Page 7: Questions 12..15

The International Organization for Standardization (ISO) was established in 1947 and is (currently)

an association of 163 members, which each represent their own country. ISO employs a system of

Technical Committees, Sub-committees and Working Groups to develop International Standards.

Besides the National Standards Bodies, ISO permits other international organizations that develop

standards to participate in its work, by accepting them as Liaison members. ISO works in

accordance with an agreed set of rules of procedure, the ISO/IEC Directives, which also include

requirements on the presentation of standards.

2.    Who are the National Standards Bodies, and who represents my country at ISO?

Please see the relevant page on ISO Online that gives details, including contact information, of the

National Standards Bodies.

3.    What are the ISO 9000 standards ?

The ISO 9000 standards are a collection of formal International Standards, Technical

Specifications, Technical Reports, Handbooks and web based documents on Quality Management.

There are approximately 25 documents in the collection altogether, with new or revised documents

being developed on an ongoing basis.

(It should be noted that many of the International Standards in the ISO 9000 family are numbered

in the ISO 10000 range.)

4.    Who is responsible for developing the ISO 9000 standards?

ISO Technical Committee (TC) number 176 (ISO/TC 176), and its Sub-committees, are responsible

for the development of the standards. The work is conducted on the basis of "consensus" among

quality and industry experts nominated by the National Standards Bodies, representing a wide

range of interested parties.

5.    Where can copies of the standards be obtained?

Copies of the standards may be purchased from your National Standards Body (see list with

contact details), or from ISO Central Secretariat through the ISO Store of by contacting the

Marketing and Communication department ([email protected]). Many National Standards Bodies have

them available in local-language versions.

6.    Where can copies of the supporting ISO 9000 guidance notes or other documents be found ?

Copies of the ISO 9000 Introduction and Support Package modules:

Guidance on ISO 9001:2008 Sub-clause 1.2 'Application'

Guidance on the Documentation Requirements of ISO 9001:2008

Page 8: Questions 12..15

Guidance on the Terminology used in ISO 9001 and ISO 9004

Guidance on the Concept and Use of the Process Approach for management systems

Guidance on 'Outsourced Processes'

as well as details of the Quality Management Principles can be found at:  www.iso.org/tc176/sc2

Copies of the ISO 9001 Auditing Practices Group guidance notes.  

Copies of the sanctioned ISO/TC 176 sanctioned “Interpretations” of ISO 9001 can be found at:

http://www.tc176.org/

7.    Where can information be obtained on the ISO 9000 standards?

There are a number of sources of information on the ISO 9000 quality management system

standards, including ISO's web site (www.iso.org), which carry information on the standards. Your

National Standards Body should be able to provide copies of the standards, and

registrars/certification bodies will be able to provide guidance on registration arrangements.

8.    Why are the standards being revised?

ISO’s formal review process:

Requires continual review to keep standards up to date. Must be initiated within 3 years of

publication of a standard.

User inputs from:

A global user questionnaire/survey

A market Justification Study

Suggestions arising from the interpretation process

Opportunities for increased compatibility with ISO 14001

The need for greater clarity, ease of use, and improved translation

Current trends:

Keeping up with recent developments in management system practices.

9.    Who is responsible for revising the standards?

The revision process is the responsibility of ISO Technical Committee no.176, Sub-committee no.2

(ISO/TC 176/SC 2) and is conducted on the basis of consensus among quality and industry experts

nominated by ISO Member bodies, and representing all interested parties.

10.    When will the revised standards be available?

Page 9: Questions 12..15

The revised quality management system standards (ISO 9000, 9001 and 9004) are scheduled as

follows:

ISO 9000:2005 already published – no major changes expected for 2009

Current plan is for small changes to ISO 9001 (an “amendment”) to be published in November

2008.

More significant changes are planned for ISO 9004 (a “revision”) to be published in mid 2009.

11.    How much is the implementation of the new standard going to cost?

One of the goals of ISO/TC 176/SC 2 is to produce standards that will minimize any potential costs

during a smooth implementation.  Any additional costs may be considered as a value-adding

investment. A key factor in the development of ISO 9001:2008 was to limit the impact of changes

on users.

12.    Where can I obtain information on the revised standards?

See the ISO Catalogue on ISO Online web site that carries general information on the revision

program. Your National Standards Body will give you additional information and the

certification/registration bodies will be able to provide guidance on transitional arrangements in due

course.

13.    Where can my organization go if it needs additional clarification or interpretation of the ISO 9001:2008 standard?

The starting point for any individual request for an interpretation should be with the enquirer's

National Standards Body. ISO Central Secretariat and ISO/TC 176/SC 2 cannot accept direct

requests from individuals for interpretations of the ISO 9000 standards. ISO/TC 176 has a Working

Group that only accepts formal requests for interpretations from the National Standards Bodies.

The agreed interpretations can be found at http://www.tc176.org/.

14.    Will my organization need a full reassessment once the revised standards are available?

This is primarily an issue between your organization and your registration/certification body.

ISO/TC 176 is working with the IAF (International Accreditation Forum) and ISO/CASCO (the ISO

Policy Committee for Conformity Assessment) in order to provide relevant information in a timely

manner. ISO/CASCO is responsible for the standards to which the Certification Bodies work

(ISO/IEC 17021), and the Accreditation Bodies are responsible for monitoring and approving the

performance of Certification Bodies within their geographical area.

It is expected that conformity to the new ISO 9001:2008 standard will be evaluated by certification

bodies during regular surveillance visits and that full reassessment will only take place once current

certificates expire. However, it should be noted that ISO and the IAF have agreed that all

Page 10: Questions 12..15

certificates to ISO 9001 should be upgraded to ISO 9001:2008 within 2 years of publication of the

amended standard.

15.    Will the revised standards be available in my national language immediately after they are published by ISO?

The active participation of experts from around the world in the preparation of the new standards,

and the broad distribution of the draft standards, will facilitate the timely translation of the

International Standards.

Given the global importance of the quality management system standards, many National

Standards Bodies are already working on the translation issue.  ISO itself will publish the new

standards in English and French, but if national language translations of the standards are currently

available from your National Standards Body, we expect that they will have the translation of the

revised standards ready at the time of publication by ISO or very soon thereafter.

For further details contact your National Standards Body.

16.    Will my organization have to re-write all its documentation?

No. ISO 9001:2008 doesn’t introduce major changes to the requirements, when compared to ISO

9001:2000. However, to benefit from the changes, we suggest you get acquainted with the new

version of the standard and the clarifications introduced. If, during your analysis of the clarifications

you find there are differences from your current interpretation of ISO 9001:2000, then you should

analyse the impact on your current documentation and make the necessary arrangements to

update it. It is intended that the amendment of ISO 9001 will have minimal or no impacts on

documentation.

17.    Will the revised standards address financial issues?

Financial issues are not addressed in ISO 9001:2008, which is a requirements standard.

The ISO 10014:2006 and ISO 9004:2000, Guidelines for performance improvements standards will

emphasize the financial resources needed for the implementation and improvement of a quality

management system.

18.    What are the benefits of the revised standards?

For ISO 9001:2008 the major benefits are:

Simple to use

Clear in language

Readily translatable and easily understandable

Compatibility with other management systems such as ISO 14001.

Page 11: Questions 12..15

For ISO 9004:

Facilitates improvement in users’ quality management systems.

Provides guidance to an organization for the creation of a quality management system that:

- creates value for its customers, via the products it provides

- creates value for all other interested parties

- balances all interested-party viewpoints.

Provides guidance for managers on leading their organization towards sustained success.

Forward compatibility to allow organizations to build on existing quality management systems.

19.    What are the main changes in ISO 9001:2008?

ISO 9001:2008 has been developed in order to introduce clarifications to the existing requirements

of ISO 9001:2000 and changes that are intended to improve compatibility with ISO 14001:2004.

ISO 9001:2008 does not introduce additional requirements nor does it change the intent of the ISO

9001:2000 standard.

Certification to ISO 9001:2008 is not an “upgrade”, and organizations that are certified to ISO

9001:2000 should be afforded the same status as those who have already received a new

certificate to ISO 9001:2008

All changes between ISO 9001:2000 and ISO 9001:2008 are detailed in Annex B to ISO

9001:2008.

20.    What are the main benefits to be derived from implementing an ISO 9000 quality management system?

The ISO 9000 standards give organizations an opportunity to increase value to their activities and

to improve their performance continually, by focusing on their major processes. The standards

place great emphasis on making quality management systems closer to the processes of

organizations and on continual improvement.  As a result, they direct users to the achievement of

business results, including the satisfaction of customers and other interested parties.

The management of an organization should be able to view the adoption of the quality

management system standards as a profitable business investment, not just as a required

certification issue.

Among the perceived benefits of using the standards are:

The connection of quality management systems to organizational processes

The encouragement of a natural progression towards improved organizational performance, via:

- the use of the Quality Management Principles

Page 12: Questions 12..15

- the adoption of a "process approach"

- emphasis of the role of top management

- requirements for the establishment of measurable objectives at relevant functions and levels

- being orientated toward "continual improvement" and "customer satisfaction", including the

monitoring of information on "customer satisfaction" as a measure of system performance.

- measurement of the quality management system, processes, and product

- consideration of statutory and regulatory requirements.

- attention to resource availability

21.    How will the implementation of the amended standard help my organization to improve its efficiency?

ISO 9001:2008 aims at guaranteeing the effectiveness (but not necessarily the efficiency) of the

organization. For improved organizational efficiency, however, the best results can be obtained by

using ISO 9004 in addition to ISO 9001:2008. The guiding quality management principles are

intended to assist an organization in continual improvement, which should lead to efficiencies

throughout the organization.

22.    What benefits are there to an organization implementing ISO 9004 ?

If a quality management system is appropriately implemented, utilizing the eight Quality

Management Principles, and in accordance with ISO 9004, all of an organization's interested

parties should benefit. For example:

Customers and users will benefit by receiving the products (see ISO 9000:2005 , Fundamentals and

vocabulary) that are:

Conforming to the requirements

Dependable and reliable

Available when needed

Maintainable

People in the organization will benefit by:

Better working conditions

Increased job satisfaction

Improved health and safety

Improved morale

Improved stability of employment

Owners and investors will benefit by:

Increased return on investment

Page 13: Questions 12..15

Improved operational results

Increased market share

Increased profits

Suppliers and partners will benefit by:

Stability

Growth

Partnership and mutual understanding

Society will benefit by:

Fulfilment of legal and regulatory requirements

Improved health and safety

Reduced environmental impact

Increased security

23.    Are the standards compatible with national quality award criteria?

The standards are based on 8 Quality Management Principles, which are aligned with the

philosophy and objectives of most quality award programs.

These principles are:

Customer focus,

Leadership,

Involvement of people,

Process approach,

System approach to management,

Continual improvement,

Factual approach to decision making, and

Mutually beneficial supplier relationships.

ISO 9004 recommends that organizations perform self-assessments as part of their management

of systems and processes, and includes an annex giving guidance on this approach. This is similar

to many quality awards programmes.

24.    Why is the requirement for monitoring "customer satisfaction" included in ISO 9001?

"Customer satisfaction" is recognized as one of the driving criteria for any organization. In order to

evaluate if a product meets customer needs and expectations, it is necessary to monitor the extent

of customer satisfaction. Improvements can be made by taking action to address any identified

issues and concerns.

Page 14: Questions 12..15

25.    Can the standards improve "customer satisfaction"?

The quality management system details that are described in the standards are based on Quality

Management Principles that include the "process approach" and "customer focus". The adoption of

these principles should provide customers with a higher level of confidence that products will meet

their needs and increase their satisfaction.

26.    What is meant by "continual improvement"?

Continual improvement is the process focused on continually increasing the effectiveness and/or

efficiency of the organization to fulfil its policies and objectives. Continual improvement (where

"continual" highlights that an improvement process requires progressive consolidation steps)

responds to the growing needs and expectations of the customers and ensures a dynamic

evolution of the quality management system.

27.    What is a process?

Any activity or operation, which receives inputs and converts them to outputs, can be considered as

a process.  Almost all activities and operations involved in generating a product or providing a

service are processes.

For organizations to function, they have to define and manage numerous inter-linked processes.

Often the output from one process will directly form the input into the next process.  The systematic

identification and management of the various processes employed within an organization, and

particularly the interactions between such processes, may be referred to as the ‘process approach’

to management.

For further information, refer to the paper Guidance on the Concept and Use of the Process

Approach, available from www.iso.org/tc176/sc2.

28.    What is the "process approach"?

The "process approach" is a way of obtaining a desired result, by managing activities and related

resources as a process. The "process approach" is a key element of the ISO 9000 standards. For

further guidance, please refer to the ISO 9000 Introduction and Support Package module:

Guidance on the Concept and Use of the Process Approach for management systems.

29.    Can the "process approach" be applied to other management systems?

Yes. The "process approach" is a generic management principle, which can enhance an

organization’s effectiveness and efficiency in achieving defined objectives.

30.    How can the PDCA cycle be used in the "process approach"?

Page 15: Questions 12..15

The PDCA cycle is an established, logical, method that can be used to improve a process.

This requires:

(P) planning (what to do and how to do it),

(D) executing the plan (do what was planned),

(C) checking the results (did things happened according to plan) and

(A) act to improve the process (how to improve next time).

The PDCA cycle can be applied within an individual process, or across a group of processes.

31.    Can any organization apply the "process approach"?

Yes. Many organizations already apply a "process approach" without recognizing it. They could

achieve additional benefits by understanding and controlling it.  

32.    Why should an organization apply the "process approach"?

By applying the "process approach" an organization should be able to obtain the following types of

benefits:

The integration and alignment of its processes to enable the achievement of its planned results.

An ability to focus effort on process effectiveness and efficiency.

An increase in the confidence of customers and other interested parties as to the consistent

performance of the organization.

Transparency of operations within the organization.

Lower costs and shorter cycle times through effective and efficient use of resources.

Improved, consistent and predictable results.

The identification of opportunities for focused and prioritized improvement initiatives.

The encouragement and involvement of people, and the clarification of their responsibilities.

The elimination of barriers between different functional units and the unification of their focus to

the objectives of the organization.

Improved management of process interfaces.

33.    What is meant by the “sequence” of processes and their "interactions"?

The "sequence" of processes shows how the processes follow, or link, to each other to result in a

final output.

For example, the output from one process may become the input of the next process or processes.

The "interactions" show how each process affects or influences one or more of the other

processes. For example, the monitoring or controlling of a process may be established in a

separate process.

Page 16: Questions 12..15

34.    How can the processes in an organization be determined?

Identify the organization's intended outputs, and the processes needed for achieving them. These

will need to include processes for Management, Resources, Realization and Measurement and

Improvement.

Identify all process inputs and outputs, along with the suppliers and customers, who may be

internal or external.

Identify the sequence and interactions of the processes.

35.    Should an organization define and document all its processes?

The main purpose of documentation is to enable the consistent and stable operation of an

organization's processes.

Although statutory, standards' or customer requirements may require certain documentation, there

is no defined “catalogue”, or list of processes that has to be documented in ISO 9001, apart from

the 6 indicated ones.

The organization should determine which processes are to be documented on the basis of:  

The size of the organization and type of its activities,

The complexity of its processes and their interactions,

The criticality of the processes and

Availability of competent personnel.

A number of different methods can be used to document processes, such as graphical

representations, written instructions, checklists, flow charts, visual media, or electronic methods.

36.    How much detail is required in process documentation?

The extent of detail is likely to depend upon factors such as:

the size of an organisation and its types of activities,

the complexity of its processes and their interactions, and

the competence (level of education, training, skills and experience) of its personnel.

37.     Is there a standard way of describing a process?

No, there is no standard way to describe a process. It depends on the culture, management style,

staff literacy, personal attributes and their interactions.

A process may be described using a flow chart, block diagram, responsibility matrix, written

procedures or pictures.

Page 17: Questions 12..15

Process flowcharts or block diagrams can show how policies, objectives, influential factors, job

functions, activities, material, equipment, resources, information, people and decision making

interact and/or interrelate in a logical order.

38.    What should an organization do to adopt the "process approach"?

To adopt the "process approach" an organization should apply the following steps:

Identify the processes of the organization,

Plan the processes,

Implement and measure the processes,

Analyse the processes,

Improve the processes.

39.    What is a "process owner"?

A person who is given the responsibility and authority for managing a particular process is

sometimes referred to as the "process owner".

It may be useful for an organization's Management to appoint individual "process owners" and to

define their roles and responsibilities; these should include the responsibility for ensuring the

implementation, maintenance and improvement of their specific process and its interactions.

It should be noted, however, that ISO 9001:2008 does not specifically require the appointment of

"process owners".

40.    How can a process be measured?

There are various methods of measuring process controls and process performance, ranging from

simple monitoring systems up to sophisticated statistically based systems (e.g. statistical process

control, or SPC, systems). The selection and use of any particular method will be dependent on the

nature and complexity of an organization's processes and products. The effectiveness of an

individual process may be measured by the conformity of its output or product to customer

requirements. Its efficiency may be measured from its use of resources. In all cases the

measurement of the process determines if its (measurable) objectives have been achieved.

Sometimes it only requires monitoring to confirm process operations.

Typical factors that are useful to consider when identifying measures of process control and

process performance include:  

Conformity with requirements,

Customer satisfaction,

Supplier performance,

Page 18: Questions 12..15

On time delivery,

Lead times,

Failure rates,

Waste,

Process costs.

Incident frequency

41.    What is the difference between a "process" and a "procedure"?

A "process" may be explained as a set of interacting or interrelated activities, which are employed

to add value. A "procedure" is a method of describing the way or How in which all or part of that

process activities shall/should be performed.

ISO 9000:2005 defines a procedure as a "specified way to carry out an activity or a process", which

does not necessarily have to be documented.

42.    An organization has a well-established set of procedures. Can these procedures be used to help describe its processes?

Yes, if the procedures describe inputs and outputs, appropriate responsibilities, controls and

resources needed to satisfy customer requirements.

43.    What documentation is required by ISO 9001?

ISO 9001:2008 refers specifically to only 6 documented procedures; however, other documentation

(including more documented procedures not specifically mentioned in ISO 9001:2008) may be

required by an organization, in order to manage the processes that are necessary for the effective

operation of the quality management system. This will vary depending on the size of the

organization, the kind of activities in which it is involved and their complexity. For further guidance,

please also refer to the ISO 9000 Introduction and Support Package module "Guidance on the

Documentation Requirements of ISO 9001:2008"

44.    Which standard are organizations registered/certified to?

Organizations have their quality management system registered/certified to ISO 9001:2008. The

scope of registration/ certification will need to reflect precisely and clearly the activities covered by

the organization's quality management system; any exclusion to non-applicable requirements of the

standard (permitted through ISO 9001 clause 1.2 "Application") will need to be documented and

justified in the quality manual (see also the ISO/TC 176/SC2 ISO 9000 Introduction and Support

Package module Guidance on ISO 9001:2008 clause 1.2 'Application').

45.    What does an organization need to do to comply with ISO 9001?

Page 19: Questions 12..15

When initially starting to use ISO 9001, an organization should familiarize its personnel with the

Quality Management Principles, analyze the standards (especially ISO 9000 and ISO 9004), and

consider how their guidance and requirements may affect your activities and related processes. If it

then wishes to proceed to registration/certification, it should perform a gap analysis against the

requirements of ISO 9001 to determine where its current quality management system does not

address the applicable ISO 9001:2008 requirements, before developing and implementing

additional processes to ensure that compliance will be achieved.

46.    What will happen to the 2000 version of ISO 9001?

ISO 9001:2008 will supersede ISO 9001:2000 However, noting the IAF/ISO-CASCO/ISO TC176

agreement that accredited certification to the 2000 edition should remain possible for up to 2 years

after the publication of ISO 9001:2008, copies of the 2000 edition will still be available on request

from ISO and the national standards bodies during that period, and possibly for even longer.

47.    Can organizations remain certified/registered to the 2000 version?

Yes. Certification to ISO 9001:2008 is not an “upgrade”, and organizations that are certified to ISO

9001:2000 should be afforded the same status as those who have already received a new

certificate to ISO 9001:2008. However, certificates to ISO 9001:2000 will only remain valid until 2

years after the publication of ISO 9001:2008. Contact your certification/registration body to get

details on the certificates transition process.

48.    What will happen to the other standards and documents in the current (2000) ISO 9000 family?

The four primary standards of the current ISO 9000 family are the following:

ISO 9000:2005 already published – no major changes expected for 2009

ISO 9001:2000 to be superseded by ISO 9001:2008

More significant changes are planned for ISO 9004 with a planned publication date of late 2009.

ISO 19011:2002 is currently beginning the revision process, with a new version expected in

2011.

The other standards and documents will be reviewed and updated as necessary

49.    How soon can my organization seek certification to ISO 9001:2008?

ISO 9001: 2008 certificates can only be granted after its publication as an International Standard.

50.    Will I be able to certify/register my organization to ISO 9004:2009?

Since ISO 9004:2009 will be a guidance document, it is not intended to be used for third party

certification purposes.

Page 20: Questions 12..15

51.    My organization is thinking about developing a Quality Management System to ISO 9001. Should we wait until the revised standards are published?

No, you should not delay the introduction of the quality management system in your organization.

Like those who are currently in the process of being registered/certified, anything you do now to lay

the foundation of a quality management system within your organization will be beneficial.

52.    My organization is applying for ISO 9001 certification in 2008. What should I do?

Organizations in the process of certification to ISO 9001:2000 are recommended to apply for

certification to ISO 9001:2008, as soon it is published. Up to its publication you can still apply for

certification to ISO 9001:2000.

53.    Can an organization be certified/registered to ISO 9004?

ISO 9004 is a guidance standard, which is not intended to be used for third party

registration/certification purposes. A key element of ISO 9004 is the ability to perform self-

assessments. Third party quality management system certifications/ registrations are performed to

ISO 9001:2008.

54.    Is an organization's ISO 9001 certificate applicable to all of its products ?

When an organization seeks to have its quality management system registered/certified to ISO

9001:2008, it is required to agree a "scope of certification" with its registrar/certification body. This

will define the products to which the organization's quality management system is applicable, and

against which it will be assessed. An organization is not obliged to include within its "scope of

certification" all the products that it provides (note that the ISO 9000:2005 definition of "Product"

includes "services"), but may be selective about those that are included. All applicable

requirements of ISO 9001:2008 will need to be addressed by the organization's quality

management system that covers those products that are included in the "scope of certification".

Customers should ensure that a potential supplier's "scope of certification"covers the products that

they wish to order. Caveat Emptor!

55.    What can an organization do if it is not able to comply with all of the requirements of ISO 9001?

ISO 9001 allows for the exclusion of some of its requirements (via clause 1.2 “Application”), but

only if it can be shown that these requirements are not applicable to the organization.

Exclusions are limited to the requirements given in Section 7 ("Product Realization"), where

individual requirements may only be excluded if it can be shown that they do not affect the

organization's ability to provide product that meets customer and applicable statutory or regulatory

Page 21: Questions 12..15

requirements. Justification for such exclusions is also required to be detailed within the

organization's quality manual.

For example, if design activities are not required by an organization to demonstrate its capability to

meet customer and applicable statutory /regulatory requirements, or if its product is provided on the

basis of established design, then it may be able to exclude some of the "design" requirements but

still be able to be registered/certified to ISO 9001:2008.

For further guidance, see the ISO 9000 Introduction and Support Package module: Guidance on

ISO 9001:2008 clause 1.2 'Application'.

56.    How will a small organization be able to adapt the requirements of ISO 9001?  What flexibility will be allowed?

The requirements of the amended ISO 9001:2008 remain applicable to small, medium, and large

organizations alike, and such organizations should acquaint themselves with the clarifications in

ISO 9001:2008. ISO/TC 176 has published a handbook “ISO 9001 for Small Businesses – What to

do ?” giving specific advice to small businesses.

The requirements of ISO 9001 are applicable to small, medium, and large organizations alike. ISO

9001:2008 provides some flexibility, through clause 1.2 “Application”, on the exclusion of certain

requirements for specific processes that may not be performed by the organization.

If, for example, the nature of your products does not require you to perform design activities, or if

your product is provided on the basis of established design, you could discuss and justify the

exclusion of these requirements with your certification/registration body (see also the ISO 9000

Introduction and Support Package module Guidance on ISO 9001:2008 clause 1.2 'Application').

However, individual organizations will still need to be able demonstrate their capability to meet

customer and applicable statutory or regulatory requirements for their products, and will need to

consider this when determining the complexity of their quality management systems.

Further guidance for small businesses may be found in the ISO handbook: ISO 9001 for Small

Businesses – What to do, Advice from ISO/TC 176

57.    What will happen to the ISO handbook “ISO 9001 for Small Businesses”?

It remains fully applicable. A project has been started to update the handbook to reflect the

changes in ISO 9001:2008.

58.     What’s the relationship between the revised ISO 9001 and ISO 14001?

Compatibility with ISO 14001:2004 has been maintained and enhanced. “Compatibility” means that

common elements of the standards can be implemented by organizations in a shared manner, in

whole or in part, without unnecessary duplication or the imposition of conflicting requirements.

Page 22: Questions 12..15

59.    Are there any guidelines covering joint implementation of ISO 9001 and ISO 14001?

The two standards are compatible. It is not expected that an ISO guideline will be prepared on this

subject at the present time.  If the need for such a document arises, ISO will consider the request

as a new project. However, both ISO 9001 and ISO 14001 include an annex to show the

correspondence between the two standards.

60.    Is there a common guideline standard for auditing QMS and EMS according to ISO 9001 and 14001?

Yes, ISO 19011:2002 provides guidelines for quality and/or environmental management systems

auditing. Note that a project to revise ISO 19011 was started in 2008, and is expected to be

completed in 2011.

61.    How are the standards applicable to organizations that provide services. ?

The standards are applicable to all types of organizations, operating in all types of sectors,

including service providers.

(Note: the definition of the term 'product' in ISO 9000:2005 also includes 'services'. ISO 9001:2008

and ISO 9004:2000 have been written to reflect this definition.)

62.    My organization provides services. Is the new ISO 9001:2008 applicable to us?

ISO 9001 is equally appropriate to all sectors, including service providers. The standard is

applicable to all types of organizations.

63.    What do quality management practitioners (consultant, auditor, or trainer) need to know about the standards?

As a minimum, quality management practitioners should familiarize themselves with the

requirements of ISO 9001:2008, and also with the content and philosophies of ISO 9000:2005, ISO

9004 and the Quality Management Principles.

Practitioners who are already familiar with ISO 9001:2000 should become aware of the

clarifications introduced in ISO 9001:2008, and their implications, prior to conducting audits to that

standard, or giving training and consultancy.

They should understand their client’s activities and processes, before providing appropriate

interpretations of the requirements of the standards, to add value to the client's operations.

ISO/TC 176 has developed the standard ISO 10019 Guidelines for the selection of quality

management system consultants and use of their services, which may be useful to refer to for

further guidance.

Page 23: Questions 12..15

64.    How should regulatory bodies use the standards?

Regulatory bodies should review their regulations currently in effect (or under development) and

identify points where reference to the quality management system standards would be appropriate,

before making recommendations to the legislative body.

65.    What do auditors need to know about the standards?

Auditors, whether external or internal, should be able to demonstrate their competence on the

structure, content and terminology of the standards, and also on the underlying Quality

Management Principles.

The standards require that auditors are able to understand the organization's activities and

processes and appropriately audit against the requirements of the ISO 9001 in relation to the

organization's objectives. According to joint advice from the International Accreditation Forum

(IAF), ISO's Policy Committee for Conformity Assessment (ISO-CASCO) and ISO TC 176, auditors

should be able to demonstrate competency in:

The requirements of the ISO 9001:2008.

The concepts and terminology of the ISO 9000:2005.

The eight Quality Management Principles

A general understanding of ISO 9004

Familiarity with the auditing guidance standard ISO 19011.

ISO/TC 176, ISO/CASCO and the IAF have established an ISO 9001 Auditing Practices Group,

which has issued a number of web based guidance notes to assist auditors (see

www.iso.org/tc176/ISO9001AuditingPracticesGroup)

66.    How will ISO 9001:2008 relate to the needs of specific business sectors?

ISO 9001:2008 remains compatible with the existing management systems standards for specific

business sectors like ISO/TS 16949, AS 9000/EN 9100 and TL 9000.

Users of a specific sector scheme are recommended to refer to the organization that is responsible

for that sector scheme, e.g. for:

ISO/TS 16 949 refer to the IATF,

TL 9000 refer to the QuEST Forum

For AS 9000/EN 9100 refer to the IAQG

67.    My organisation fulfils the ISO 9001:2000 requirements. What do I need to do?

An organization who’s QMS fulfils the requirements of ISO 9001:2000 should check that they are

following the clarifications introduced in the amended standard ISO 9001:2008.

Page 24: Questions 12..15

ISO 9001:2008 has been developed in order to introduce clarifications to the existing requirements

of ISO 9001:2000. It does not introduce additional requirements nor does it change the intent of the

ISO 9001:2000 standard.

68.    What is the impact of ISO 9001:2008 on certification?

Certification to ISO 9001:2008 is not an “upgrade”, and organizations that are certified to ISO

9001:2000 should be afforded the same status as those who have already received a new

certificate to ISO 9001:2008.

ISO and the International Accreditation Forum (IAF) have agreed the following “Implementation

Plan” with respect to accredited certification to ISO 9001:2008:

“Accredited certification to the ISO 9001:2008 shall not be granted until the publication of ISO

9001:2008 as an International Standard.

Certification of conformity to ISO 9001:2008 and/or national equivalents shall only be issued after

official publication of ISO 9001:2008 (which should take place before the end of 2008) and after a

routine surveillance or re-certification audit against ISO 9001:2008.

Validity of certifications to ISO 9001:2000

One year after publication of ISO 9001:2008 all accredited certifications issued (new certifications

or re-certifications) shall be to ISO 9001:2008.

Twenty four months after publication by ISO of ISO 9001:2008, any existing certification issued to

ISO 9001:2000 shall not be valid.”

69.    Is there any way I can participate in the development of standards?

Yes. If you are interested you should contact your National Standards Body for further details.

Information on ISO’s member National Standards Bodies can be found at:

http://www.iso.org/iso/about/iso_members.htm

The following text is an integral reproduction of the content of the document "Quality Management

Principles".

Introduction

This document introduces the eight quality management principles on which the quality

management system standards of the ISO 9000:2000 and ISO 9000:2008 series are based. These

principles can be used by senior management as a framework to guide their organizations towards

improved performance. The principles are derived from the collective experience and knowledge of

Page 25: Questions 12..15

the international experts who participate in ISO Technical Committee ISO/TC 176, Quality

management and quality assurance, which is responsible for developing and maintaining the ISO

9000 standards.

The eight quality management principles are defined in ISO 9000:2005, Quality management

systems Fundamentals and vocabulary, and in ISO 9004:2000, Quality management systems

Guidelines for performance improvements.

This document gives the standardized descriptions of the principles as they appear in ISO

9000:2005 and ISO 9004:2000. In addition, it provides examples of the benefits derived from their

use and of actions that managers typically take in applying the principles to improve their

organizations' performance.

Principle 1: Customer focus

Principle 2: Leadership

Principle 3: Involvement of people

Principle 4: Process approach

Principle 5: System approach to management

Principle 6: Continual improvement

Principle 7: Factual approach to decision making

Principle 8: Mutually beneficial supplier relationships

The next step

Page 26: Questions 12..15

Principle 1: Customer focus Organizations depend on their customers and therefore should understand current and future customer needs, should meet customer requirements and strive to exceed customer expectations. Key benefits:

Increased revenue and market share obtained through flexible and fast responses to market opportunities.

Increased effectiveness in the use of the organization's resources to enhance customer satisfaction.

Improved customer loyalty leading to repeat business.

Applying the principle of customer focus typically leads to: Researching and understanding customer needs and expectations. Ensuring that the objectives of the organization are linked to customer

needs and expectations. Communicating customer needs and expectations throughout the

organization. Measuring customer satisfaction and acting on the results. Systematically managing customer relationships. Ensuring a balanced approach between satisfying customers and other

interested parties (such as owners, employees, suppliers, financiers, local communities and society as a whole).

Principle 2: Leadership Leaders establish unity of purpose and direction of the organization. They should create and maintain the internal environment in which people can become fully involved in achieving the organization's objectives. Key benefits:

People will understand and be motivated towards the organization's goals and objectives.

Activities are evaluated, aligned and implemented in a unified way. Miscommunication between levels of an organization will be minimized. Applying the principle of leadership typically leads to:

Considering the needs of all interested parties including customers, owners, employees, suppliers, financiers, local communities and society as a whole.

Establishing a clear vision of the organization's future. Setting challenging goals and targets. Creating and sustaining shared values, fairness and ethical role models

at all levels of the organization. Establishing trust and eliminating fear. Providing people with the required resources, training and freedom to

act with responsibility and accountability. Inspiring, encouraging and recognizing people's contributions.

Page 27: Questions 12..15

Principle 3: Involvement of people People at all levels are the essence of an organization and their full involvement enables their abilities to be used for the organization's benefit.

Key benefits: Motivated, committed and involved people within the organization. Innovation and creativity in furthering the organization's objectives. People being accountable for their own performance. People eager to participate in and contribute to continual improvement.

Applying the principle of involvement of people typically leads to: People understanding the importance of their contribution and role in

the organization. People identifying constraints to their performance. People accepting ownership of problems and their responsibility for

solving them. People evaluating their performance against their personal goals and

objectives. People actively seeking opportunities to enhance their competence,

knowledge and experience. People freely sharing knowledge and experience. People openly discussing problems and issues.

Principle 4: Process approach A desired result is achieved more efficiently when activities and related resources are managed as a process.

Key benefits: Lower costs and shorter cycle times through effective use of resources. Improved, consistent and predictable results. Focused and prioritized improvement opportunities.

Applying the principle of process approach typically leads to: Systematically defining the activities necessary to obtain a desired

result. Establishing clear responsibility and accountability for managing key

activities. Analysing and measuring of the capability of key activities. Identifying the interfaces of key activities within and between the

functions of the organization. Focusing on the factors such as resources, methods, and materials that

will improve key activities of the organization. Evaluating risks, consequences and impacts of activities on customers,

suppliers and other interested parties.

Page 28: Questions 12..15

Principle 5: System approach to management Identifying, understanding and managing interrelated processes as a system contributes to the organization's effectiveness and efficiency in achieving its objectives.

Key benefits: Integration and alignment of the processes that will best achieve the

desired results. Ability to focus effort on the key processes. Providing confidence to interested parties as to the consistency,

effectiveness and efficiency of the organization.

Applying the principle of system approach to management typically leads to:

Structuring a system to achieve the organization's objectives in the most effective and efficient way.

Understanding the interdependencies between the processes of the system.

Structured approaches that harmonize and integrate processes. Providing a better understanding of the roles and responsibilities necessary

for achieving common objectives and thereby reducing cross-functional barriers.

Understanding organizational capabilities and establishing resource constraints prior to action.

Targeting and defining how specific activities within a system should operate.

Continually improving the system through measurement and evaluation.

Principle 6: Continual improvement Continual improvement of the organization's overall performance should be a permanent objective of the organization.

Key benefits: Performance advantage through improved organizational capabilities. Alignment of improvement activities at all levels to an organization's

strategic intent. Flexibility to react quickly to opportunities.

Applying the principle of continual improvement typically leads to: Employing a consistent organization-wide approach to continual

improvement of the organization's performance. Providing people with training in the methods and tools of continual

improvement. Making continual improvement of products, processes and systems an

objective for every individual in the organization. Establishing goals to guide, and measures to track, continual improvement. Recognizing and acknowledging improvements.

Page 29: Questions 12..15

Principle 7: Factual approach to decision making Effective decisions are based on the analysis of data and information

Key benefits: Informed decisions. An increased ability to demonstrate the effectiveness of past decisions

through reference to factual records. Increased ability to review, challenge and change opinions and

decisions.

Applying the principle of factual approach to decision making typically leads to:

Ensuring that data and information are sufficiently accurate and reliable. Making data accessible to those who need it. Analysing data and information using valid methods. Making decisions and taking action based on factual analysis, balanced

with experience and intuition.

Principle 8: Mutually beneficial supplier relationships An organization and its suppliers are interdependent and a mutually beneficial relationship enhances the ability of both to create value

Key benefits: Increased ability to create value for both parties. Flexibility and speed of joint responses to changing market or customer

needs and expectations. Optimization of costs and resources.

Applying the principles of mutually beneficial supplier relationships typically leads to:

Establishing relationships that balance short-term gains with long-term considerations.

Pooling of expertise and resources with partners. Identifying and selecting key suppliers. Clear and open communication. Sharing information and future plans. Establishing joint development and improvement activities. Inspiring, encouraging and recognizing improvements and

achievements by suppliers.

Page 30: Questions 12..15

Understand the basics This section explains what generic management system standards are.

Generic

Generic means that the same standard can be applied to any organization, large or small,

whatever its product or service, in any sector of activity, and whether it is a business enterprise, a

public administration, or a government department.

Management system

Management system refers to what the organization does to manage its processes, or activities,

so that its products or services meet the objectives it has set itself, such as:

satisfying the customer's quality requirements,

complying with regulations, or

meeting environmental objectives.

Management system standards

Management system standards provide a model to follow in setting up and operating a

management system. This model incorporates the features on which experts in the field have

reached a consensus as being the international state of the art.

Plan – Do – Check – Act

The Plan – Do – Check – Act (PDCA) cycle is the operating principle of ISO's management

system standards.

Plan – establish objectives and make plans (analyze your organization's situation, establish your overall

objectives and set your interim targets, and develop plans to achieve them).

Do – implement your plans (do what you planned to).

Page 31: Questions 12..15

Check – measure your results (measure/monitor how far your actual achievements meet your planned

objectives).

Act – correct and improve your plans and how you put them into practice (correct and learn from your

mistakes to improve your plans in order to achieve better results next time).

ISO 14000 essentials This section concisely describes the essential features of the ISO 14000 family.

The ISO 14000 family addresses various aspects of environmental management. The very first two

standards, ISO 14001:2004 and ISO 14004:2004 deal with environmental management systems

(EMS). ISO 14001:2004 provides the requirements for an EMS and ISO 14004:2004 gives

general EMS guidelines.

The other standards and guidelines in the family address specific environmental aspects, including:

labeling, performance evaluation, life cycle analysis, communication and auditing.

An ISO 14001:2004-based EMS

An EMS meeting the requirements of ISO 14001:2004 is a management tool enabling an

organization of any size or type to:

identify and control the environmental impact of its activities, products or services, and to

improve its environmental performance continually, and to

implement a systematic approach to setting environmental objectives and targets, to achieving

these and to demonstrating that they have been achieved.

How it works

ISO 14001:2004 does not specify levels of environmental performance. If it specified levels of

environmental performance, they would have to be specific to each business activity and this would

require a specific EMS standard for each business. That is not the intention.

ISO has many other standards dealing with specific environmental issues. The intention of ISO

14001:2004 is to provide a framework for a holistic, strategic approach to the organization's

environmental policy, plans and actions.

ISO 14001:2004 gives the generic requirements for an environmental management system. The

underlying philosophy is that whatever the organization's activity, the requirements of an effective

EMS are the same.

Page 32: Questions 12..15

This has the effect of establishing a common reference for communicating about environmental

management issues between organizations and their customers, regulators, the public and other

stakeholders.

Because ISO 14001:2004 does not lay down levels of environmental performance, the standard

can to be implemented by a wide variety of organizations, whatever their current level of

environmental maturity. However, a commitment to compliance with applicable environmental

legislation and regulations is required, along with a commitment to continual improvement – for

which the EMS provides the framework.

The EMS standards

ISO 14004:2004 provides guidelines on the elements of an environmental management system

and its implementation, and discusses principal issues involved.

ISO 14001:2004 specifies the requirements for such an environmental management system.

Fulfilling these requirements demands objective evidence which can be audited to demonstrate that

the environmental management system is operating effectively in conformity to the standard.

What can be achieved

ISO 14001:2004 is a tool that can be used to meet internal objectives:

provide assurance to management that it is in control of the organizational processes and

activities having an impact on the environment

assure employees that they are working for an environmentally responsible organization.

ISO 14001:2004 can also be used to meet external objectives:

provide assurance on environmental issues to external stakeholders – such as customers, the

community and regulatory agencies

comply with environmental regulations

support the organization's claims and communication about its own environmental policies,

plans and actions

provides a framework for demonstrating conformity via suppliers' declarations of conformity,

assessment of conformity by an external stakeholder - such as a business client - and for

certification of conformity by an independent certification body.

Introduction and support package: Guidance on the Terminology used in ISO 9001 and ISO 9004

Page 33: Questions 12..15

Document ISO/TC 176/SC 2/N 526R2

October 2008

1.    Introduction

Great care has been taken during the development of ISO 9001 and ISO 9004 to use the correct

English words and terms to describe their concepts and requirements, to assist in their readability

and translation. The objective is to use simple technically accurate terms, and to the greatest extent

possible, rely on common dictionary definitions. As with most technical subjects, there are some

terms that have a very specific meaning different from the common dictionary one; in such cases,

the appropriate technical definition is provided in one of the following:

ISO 9000:2005, Quality management systems - Fundamentals and Vocabulary

ISO/IEC Guide 2:2004, Standardization and related activities – General vocabulary

ISO/IEC Directives - Part 2:2004, Rules for the Structure and drafting of International Standards

ISO/IEC Guide 99:2007, International Vocabulary of Metrology – Basic and General Concepts

and Associated Terms (VIM)

In all other cases, for the purpose of this guidance, definitions are selected from the Concise

Oxford Dictionary.  Definitions in ISO 9000:2005 have normative status, which takes precedence

over their common dictionary definitions.

The table below provides the selected dictionary definitions for common words, which should be

applied when using the standards.

2.    Table of important words and terms used in the ISO 9000 family of Standards

Word Form Meaning

accordance noun (In accordance with) in a manner conforming with

activity noun something done in pursuit of an objective

adequacy noun sufficiency to satisfy a requirement or meet a need

adjustment noun operation of bringing a measuring instrument into a state of performance

suitable for its use [VIM]

analysis noun Detailed examination of the elements or structure of something

appropriate adjective suitable (for, to)

applicable adjective - relevant

- appropriate

Page 34: Questions 12..15

assess verb - evaluate

- estimate the value of

assure verb synonym: ensure

make certain

authority noun - right to command or give a final decision

- body that has legal powers and rights

available adjective able to be used or obtained

awareness noun knowledge or perception of a situation or fact

calibration noun - set of operations that establish, under specified

- conditions, the relationship between values of

- quantities indicated by a measuring instrument

- or measuring system, or values represented by

- a material measure or a reference material, and

- the corresponding values realized by standards

- [VIM]

can verb SO/IEC Directives Part 2 Annex G

- be able to

- there is a possibility of

- it is possible to

cannot verb ISO/IEC Directives Part 2 Annex G

- be unable to

- there is no possibility of

- it is not possible to

state of being dedicated to a cause or policy

commitment noun state of being dedicated to a cause or policy

communication noun action of sharing or exchanging information ideas

complain verb express discontent, displeasure

comply verb (person or organization) meet specified standards

compromise noun support or establish the certainty or validity of

Page 35: Questions 12..15

confirm verb (item) meet specified requirements

consistent adjective (consistent with) conforming to or in agreement with

consistently adverb unchanging over time

control noun - power to direct or to restrain something

- means of restraining or regulating

control verb - direct or restrain something

- restrain or regulate

data noun - facts and/or statistics, used for reference or analysis

- information based on facts

deficiency noun lack or shortage

define verb state or describe exactly the nature, scope or meaning of

demonstrate verb show clearly (with objective evidence)

deploy verb put into use or action

deployment noun implementation

determine verb establish or find out with certainty by research, examination or

calculation

distribution noun act of allocating to recipients

disposition noun action of dealing with things in a particular way

documentation noun see Note 2 to ISO 9000:2005 clause 3.7.2

A set of documents, for example specifications and records, is

frequently called “documentation”.

enhance verb Improve the quality, value or extent of

ensure verb synonym: assure

make certain

essential adjective absolutely necessary, fundamental

establish verb set up

Page 36: Questions 12..15

evaluate verb assess

exclusion noun - process or state of keeping out or preventing

the occurrence of

- item or eventuality specifically not covered

expectation noun - belief about (or mental picture of) the future

- wishing with confidence of fulfilment

experience noun practical contact with and observation of facts and events

facilitate verb - make easy or easier

- promote, help forward (an action, result, etc.)

facility noun building, service or piece of equipment provided for a particular purpose

feedback noun information given in response to a product, a person’s performance of a

task, etc., used as a basis for improvement

focus noun centre of interest or activity

framework noun essential supporting or underlying structure

functional adjective designed to be practical and useful rather than attractive

hardware noun see the definition of “product” in ISO 9000:2005

clause 3.4.2

identify verb establish the identity of someone or somebody

identity noun the individual characteristics by which a thing or person is recognized or

known

identifiable adjective recognizable through a unique characteristic

impartiality noun state of being without prejudice or bias

implement verb put into effect

improvement noun action or process of making or becoming better, also see “continual

improvement” and “quality improvement” in this table.

independent

(noun:

adjective - not connected with another; separate

- not subject to another’s authority

Page 37: Questions 12..15

independence)

integrity noun - state of being whole; the condition of being unified or sound in

construction

- quality of having strong moral principles

irrespective adjective in spite of everything

justification noun evidence proving that something is right or reasonable

learning

organization

noun institution, place, organization, etc. where the cognitive process of

acquiring skill and knowledge is carried out

legible adjective possible to be read by a person or a machine for intended use

liaison noun communication or cooperation between people or organizations

maintain verb cause or enable (a condition or state of affairs) to continue

maintenance noun process or state of keeping (a system, building, machine, etc) in good

condition by checking or repairing it regularly

may verb ISO/IEC Directives Part 2 Annex G

- is permitted

- is allowed

- is permissible

measurable adjective adjectiveable to be measured

measure verb ascertain the size, amount, or degree of

(something) by comparison with a standard unit

or with an object of known size

methodology noun system of methods used in a particular field

monitor verb observe and check over a period of time;

maintain regular close observation over

necessary adjective required to be done, achieved or present

need noun something that is wanted or required

objective noun something to be achieved

Page 38: Questions 12..15

objective adjective not influenced by personal feelings or opinions

in considering or representing facts

obsolete adjective no longer produced or used; out of date

origin noun point at which something begins or arises

outsource verb obtain goods or services from an outside

supplier

perception noun way of regarding, understanding or interpreting

something

performance noun - the ability to achieve something

- the achievement itself

periodic adjective - recurring or reappearing at regular or any intervals (of time or space)

- intermittent

permissible adjective - that can or ought to be permitted

- allowable

personal

qualification

noun attribute that must be met or complied with and that fits a person for

something

physical adjective tangible or concrete

plan noun scheme, programme or method worked out beforehand for the

accomplishment of an objective

plan verb decide on and arrange in advance

preservation noun action or act of maintaining something in its original or existing state

prevention noun action of keeping something from happening or arising

previous adjective existing or occurring before something else in time or in order

process

approach

noun systematic identification and management of the processes employed

within an organization and particularly the interactions between such

processes

promote verb further the progress of, support or encourage

Page 39: Questions 12..15

property noun thing or things belonging to a person, persons or organization

protect verb keep safe from damage

quotation noun contractor’s (supplier’s) estimate for a specified

job, etc.

rationale noun exposition of principles or reasons

realization noun action of achieving something desired or anticipated; fulfilment

recognize verb be fully aware of

regulatory adjective required, permitted or enacted by a rule or directive passed by an

authority

relevant adjective closely connected or appropriate to the matter in hand

require verb need because it is essential to the fulfilment of something

resource noun stock or supply of materials or assets

responsibility noun something which a person or organization is required to do or control as

part of a job, role or legal obligation

responsible adjective having an obligation to do something or having control over or care for

someone

retain verb keep possession of; not abolish, discard or alter

retrievable adjective capable of being brought back

safeguard verb protect or prevent something undesirable (from happening)

scope noun extent of the area or subject matter that something deals with or to

which it is relevant

sequence noun a particular order in which related events, movements, etc, follow each

other

shall verb ISO/IEC Directives Part 2 Annex G

- is to

- is required to

- it is required that

Page 40: Questions 12..15

- has to

- only … is permitted

- it is necessary

shall not verb ISO/IEC Directives Part 2 Annex G

- is not allowed [permitted] [acceptable] [permissible]

- is required to be not

- is required that … be not

- is not to be

should verb ISO/IEC Directives Part 2 Annex G

- it is recommended that

- ought to

should not verb ISO/IEC Directives Part 2 Annex G

- it is not recommended that

- ought not to

skill noun ability to do something well

software noun see definition of “product” in ISO 9000:2005

clause 3.4.2

specific adjective of or relating to a particular subject

specify verb state explicitly, clearly and definitely

statutory adjective required, permitted or enacted by a written law

passed by a body having the power to make laws

strategy noun an elaborate and systematic plan of action

suitability noun characteristics that are right or appropriate for a particular purpose

suitable adjective right or appropriate for a particular purpose

supply verb make available for use

systematic adjective done or acting according to a fixed plan or system; methodical

training noun act of teaching a particular skill or type of behaviour through practice

and instruction

Page 41: Questions 12..15

unambiguous adjective having only one meaning

utilities noun services such as gas, water, electricity, telecommunication, etc.

validate verb carry out validation, see ISO 9000:2005 clause 3.8.5

validity noun conformity to fact, accuracy or precision

verify verb carry out verification, See ISO 9000:2005 clause 3.8.4

workspace noun area in which work is performed

Introduction and support package:Guidance on the concept and use of the process approach for management systems

Document: ISO/TC 176/SC 2/N544R3

October 2008

1.    Introduction

This guidance document provides an understanding of the concepts, intent and the application of

the “process approach” to the ISO 9000 family of Quality Management System standards. The

guidance may also be used to apply the process approach to any management system regardless

the type or the size of organization. This includes but is not limited to management systems for:

Environment (ISO 14000 family),

Occupational Health and Safety,

Business Risk,

Social Responsibility.

This guide also aims to promote a consistent approach to the description of processes and use of

process related terminology.

The purpose of the process approach is to enhance an organization’s effectiveness and efficiency

in achieving its defined objectives. In relation to ISO 9001:2008 this means enhancing customer

satisfaction by meeting customer requirements.

Benefits of the process approach are:

Integration and alignment of processes to enable achievement of desired outcomes

Ability to focus effort on process effectiveness and efficiency.

Page 42: Questions 12..15

Provision of confidence to customers, and other interested parties, about the consistent

performance of the organization.

Transparency of operations within the organization.

Lower costs and creation of shorter cycle times, through the effective use of resources.

Improved, consistent and predictable results.

Provision of opportunities for focused and prioritized improvement initiatives.

Encouragement of the involvement of people and the clarification of their responsibilities.

2.    What is a process?

A “Process” can be defined as a “set of interrelated or interacting activities, which transforms inputs

into outputs”.  These activities require allocation of resources such as people and materials. Figure

1 shows a generic process.

A major advantage of the process approach, when compared to other approaches, is in the

management and control of the interactions between these processes and the interfaces between

the functional hierarchies of the organization (as further explained in section 4).

Figure 1 - Generic process

Inputs and intended outputs may be tangible (such as equipment, materials or components) or

intangible (such as energy or information). Outputs can also be unintended, such as waste or

pollution.

Page 43: Questions 12..15

Each process has customers and other interested parties (who may be either internal or external to

the organization), with needs and expectations about the process, who define the required outputs

of the process.

A system should be used to gather data to provide information about process performance, which

should then be analyzed to determine if there is any need for corrective action or improvement.

All processes should be aligned with the objectives, scope and complexity of the organization, and

should be designed to add value to the organization.

Process effectiveness and efficiency can be assessed through internal or external review

processes.

3.    Types of processes

3.1    References to processes in ISO 9001:2008:

ISO 9001:2008 states:

In sub clause 0.1 General: “The design and implementation of an organization‘s quality

management system is influenced by: its business environment, changes in that environment, or

risks associated with that environment; its varying needs; its particular objectives; the products it

provides; the processes it employs; its size and organizational structure. It is not the intent of this

International Standard to imply uniformity in the structure of quality management systems or

uniformity of documentation”.

In sub clause 0.2 Process Approach: “The application of a system of processes within an

organization, together with the identification and interactions of these processes, and their management to produce the desired outcome, can be referred to as the “process approach“.

In sub clause 4.1 General requirements: “The organization shall establish, document, implement

and maintain a quality management system and continually improve its effectiveness in accordance

with the requirements of this International Standard. The organization shall:

a) determine the processes needed for the quality management system and their application

throughout the organization (see 1.2),

b) determine the sequence and interaction of these processes,

c) determine criteria and methods needed to ensure that both the operation and control of these

processes are effective,

d) ensure the availability of resources and information necessary to support the operation and

monitoring of these processes,

e) monitor, measure (where applicable), and analyse these processes, and

f) implement actions necessary to achieve planned results and continual improvement of these

processes.

Page 44: Questions 12..15

These processes shall be managed by the organization in accordance with the requirements of this

International Standard”.

Based on the above, each organization should define the number and type of processes needed to

fulfil its business objectives. It is permissible for a process that is required by ISO 9001:2008 to be

part of a process (or processes) that is already established by the organization, or to be defined by

the organization in terms that are different to those in ISO 9001.

3.2    Typical types of processes that can be identified:

In accordance with 3.1 above, organizations have to define the number and types of processes

needed to fulfil their business objectives. While these will be unique to each organization, it is

however possible to identify typical processes, such as:

Processes for the management of an organization. These include processes relating to strategic

planning, establishing policies, setting objectives, ensuring communication, ensuring availability of

resources for the other organization’s quality objectives and desired outcomes and for

management reviews.

Processes for managing resources. These include all the processes that are necessary to

provide the resources needed for the organization’s quality objectives and desired outcomes.  

Realization processes. These include all processes that provide the desired outcomes of the

organization.

Measurement, analysis and improvement processes. These include the processes needed to

measure and gather data for performance analysis and improvement of effectiveness and

efficiency. They include measuring, monitoring, auditing, performance analysis and improvement

processes (e.g. for corrective and preventive actions). Measurement processes are often

documented as an integral part of the management, resource and realization processes; whereas

analysis and improvement processes are treated frequently as autonomous processes that

interact with other processes, receive inputs from measurement results, and send outputs for the

improvement of those processes.

4.    Understanding the process approach

A process approach is a powerful way of organizing and managing activities to create value for the

customer and other interested parties.

Organizations are often structured into a hierarchy of functional units. Organizations are usually

managed vertically, with responsibility for the intended outputs being divided among functional

units.

The end customer or other interested party is not always visible to all involved. Consequently,

problems that occur at the interface boundaries are often given less priority than the short-term

Page 45: Questions 12..15

goals of the units. This leads to little or no improvement to the interested party, as actions are

usually focused on the functions, rather than on the intended output.

The process approach introduces horizontal management, crossing the barriers between different functional units and unifying their focus to the main goals of the organization.

It also improves the management of process interfaces (see Figure 2).

Figure 2 - Example of Process linkages across departments in an organization.

The performance of an organization can be improved through the use of the process approach.

The processes are managed as a system, by creating and understanding a network of the

processes and their interactions.

Note: The consistent operation of this network is often referred to as the "system approach" to

management.

The outputs from one process may be inputs to other processes and interlinked into the overall

network or system (for generic examples, see Figure 3 and Figure 4).

Page 46: Questions 12..15

Figure 3 - Example of a generic process sequence

Page 47: Questions 12..15

Figure 4 - Example of a process sequence and its interactions

5.    Implementing the process approach

The following implementation methodology can be applied to any type of process. The step

sequence is only one method and is not intended to be prescriptive. Some steps may be carried

out simultaneously.

5.1.    Identification of processes of the organization

Steps in the

process

approach

What to do? Guidance

5.1.1

Define the

purpose of the

organization

The organization should

identify its customers and

other interested parties as well

as their requirements, needs

and expectations to define the

organization's intended

outputs.

Gather, analyze and determine customer and

other interested parties requirements, and other

needs and expectations. Communicate

frequently with customers and other interested

parties to ensure continual understanding of their

requirements, needs and expectations.

Determine the requirements for quality

management, environmental management,

Page 48: Questions 12..15

occupational health and safety, management,

business risk, social responsibilities and other

management system disciplines that will be

applied within the organization.

5.1.2

Define the policies

and objectives of

the organization

Based on analyses of the

requirements, needs and

expectations, establish the

organization's policies and

objectives

Top management should decide which markets

the organization should address and develop

relevant policies. Based on these policies,

management should then establish objectives for

the intended outputs (e.g. products,

environmental performance, occupational health

and safety performance)

5.1.3

Determine the

processes in the

organization

Determine all the processes

needed to produce the

intended outputs.

DDetermine the processes needed for achieving

the intended outputs. These processes include

Management, Resources, Realization and

Measurement, Analysis and Improvement.

Identify all process inputs and outputs, along with

the suppliers, customers and other interested

parties (who may be internal or external).

5.1.4

Determine the

sequence of the

processes

Determine how the processes

flow in sequence and

interaction

Define and develop a description of the network

of processes and their interaction.Consider the

following:

- The customer of each process,

- The inputs and outputs of each process,

- Which processes are interacting,

- Interfaces and what are their characteristics,

- Timing and sequence of the interacting

processes,

- Effectiveness and efficiency of the sequence.

Note: As an example, a realization process that

results in an output, such as product delivered to

a customer, will interact with other processes

Page 49: Questions 12..15

(such as the management, measurement and

monitoring, and resource provision processes).

Methods and tools such as block diagrams,

matrix and flowcharts can be used to support the

development of process sequences and their

interactions.

5.1.5

Define process

ownership

Assign responsibility and

authority for each process

Management should define individual roles and

responsibilities for ensuring the implementation,

maintenance and improvement of each process

and its interactions. Such an individual is usually

referred to as the "process owner".

To manage process interactions, it may be useful

to establish a "process management team", that

has an overview across all the processes, and

which includes representatives from each of the

interacting processes.

5.1.6

Define process

documentation

Determine those processes

that are to be documented and

how they are to be

documented.

Processes exist within the organization and the

initial approach should be limited to identifying

and managing them in the most appropriate way.

There is no "catalogue", or list of processes, that

have to be documented.

The main purpose of documentation is to enable

the consistent and stable operation of the

processes.

The organization should determine which

processes are to be documented, on the basis of:

- The size of the organization and its type of

activities,

- The complexity of its processes and their

interactions,

- The criticality of the processes, and·

- The availability of competent personnel.

Page 50: Questions 12..15

When it is necessary to document processes, a

number of different methods can be used such

as graphical representations, written instructions,

checklists, flow charts, visual media, or electronic

methods.

Note: For more guidance see the ISO 9000

Introduction and Support Package module

Guidance on the Documentation Requirements

of ISO 9001:2008

5.2    Planning of a process

Steps in the

process

approach

What to do? Guidance

5.2.1

Define the

activities within

the process

Determine the activities needed to achieve the

intended outputs of the process

Define the required inputs and

outputs of the process.

Determine the activities

required to transform the

inputs into the required

outputs.

Determine and define the

sequence and interaction of

the activities within the

process.

Determine how each activity

will be performed.

Note: In some cases, the

customer may specify the way

the process is to be

performed.

5.2.2 Determine where and how monitoring and Identify the measures and

Page 51: Questions 12..15

Define the

monitoring and

measurement

requirements

measuring should be applied. This should be both

for control and improvement of the processes and

the intended process outputs. Monitoring is

always applicable but measurement may not be

practicable or even possible. Nevertheless

measurement gives more objective data on the

performance of the process and it is a powerful

management and improvement tool.

Determine the need for recording results.

monitoring criteria for process

control and process

performance, to determine the

effectiveness and efficiency of

the process, taking into

account factors such as:

- Conformity with

requirements,

- Customer satisfaction,

- Supplier performance,

- On time delivery,

- Lead times,

- Failure rates,

- Waste,

- Process costs,

- Incident frequency.

5.2.3

Define the

resources needed

Determine the resources needed for the effective

operation of each process

Examples of resources

include:

- Human resources,

- Infrastructure,

- Work environment,

- Information,

- Natural resources,

- Materials,

- Financial resources

5.2.4

Verify the process

and its activities

against its

planned

objectives

Confirm that the characteristics of the processes

are consistent with the purpose of the

organization (see 5.1.1)

Verify that all the

requirements identified in

5.1.1 are satisfied. If not,

consider what additional

process activities are required

and return to 5.2.1 to improve

the process.

5.3.    Implementation and measurement of the process

Page 52: Questions 12..15

Implement the processes and their activities as planned.

The organization may develop a project for implementation that includes, but is not limited to

Communication,

Awareness,

Training,

Change management,

Management involvement,

Applicable review activities.

Apply the controls, and perform the monitoring and measurements as planned.

5.4.    Analysis of the process

Analyze and evaluate process information obtained from monitoring and measuring data, in order

to quantify process performance.  Where appropriate, use statistical methods.

Compare the results of process performance information with the defined requirements of the

process, to confirm process effectiveness and efficiency and to identify any need for corrective

action.

Identify process improvement opportunities based on the results of the analysis of process

information.

Report to top management, and other relevant people in the organization, on the performance of

the process, as appropriate.

5.5.    Corrective action and improvement of the process

Whenever corrective actions are needed, the method for implementing them should be defined.

This should include the identification and elimination of the root causes of the problems (e.g. errors,

defects, lack of adequate process controls). The effectiveness of the actions taken should be

reviewed. Implement the corrective actions and verify their effectiveness according to plan.

When planned process outcomes are being achieved and requirements fulfilled, the organization

should focus its efforts on actions to improve process performance to higher levels, on a continual

basis.  

The method for improvement should be defined and implemented (examples of improvements

include: process simplification, enhancement of efficiency, improvement of effectiveness, reduction

of process cycle time). Verify the effectiveness of the improvement.

Page 53: Questions 12..15

Risk analysis tools may be employed to identify potential problems. The root cause(s) of these

potential problems should also be identified and eliminated, preventing occurrence in all processes

with similarly identified risks.

The Plan-Do-Check-Act (PDCA) methodology can be a useful tool to define, implement and control

corrective actions and improvements. Extensive literature exists about the PDCA cycle in

numerous languages.

PLAN >>  Establish the objectives and processes necessary to

deliver results in accordance with customer, statutory and regulatory requirements and the

organization's policies;

DO >>  Implement the processes;

CHECK >>  Monitor and measure processes and product against policies, objectives and

requirements for the product and report the results;

ACT >> Take actions to continually improve process performance;”

The PDCA is a dynamic methodology that can be deployed within each of the organization’s

processes and across their interactions. It is intimately associated with planning, implementation,

verification and improvement.

Maintaining and improving process performance can be achieved by applying the PDCA concept at

all levels within an organization. This applies equally to all processes, from high-level strategic

processes to simple operational activities.

Introduction and support package :Guidance on 'Outsourced processes'

Document: ISO/TC 176/SC 2/N 630R3

October 2008

1.    Introduction

The aim of this document is to provide guidance on the intent of ISO 9001:2008 clause 4.1,

regarding the control of outsourced processes.

Page 54: Questions 12..15

ISO 9001:2008 clause 4.1 states:

“Where an organization chooses to outsource any process that affects product conformity to

requirements, the organization shall ensure control over such processes. The type and extent of

control to be applied to these outsourced processes shall be defined within the quality management

system.

NOTE 1: Processes needed for the quality management system referred to above include

processes for management activities, provision of resources, product realization and measurement,

analysis and improvement.

NOTE 2: An “outsourced process” is a process that the organization needs for its quality

management system and which the organization chooses to have performed by an external party.

NOTE 3: Ensuring control over outsourced processes does not absolve the organization of the

responsibility of conformity to all customer, statutory and regulatory requirements. The type and

extent of control to be applied to the outsourced process may be influenced by factors such as:

a) the potential impact of the outsourced process on the organization’s capability to provide product

that conforms to requirements;

b) the degree to which the control for the process is shared;

c) the capability of achieving the necessary control through the application of clause 7.4.”

2.    Guidance

2.1    What is an “outsourced process”?

The Oxford English Dictionary defines the verb “outsource” as “to obtain….. by contract from a

source outside the organization or area; to contract (work) out”

As now defined in ISO 9001:2008 Sub clause 4.1 NOTE 2, an “outsourced process” is a process

that the organization needs for its quality management system and which the organization chooses

to have performed by an external party.

Note: ISO 9000:2005 clause 3.4.1 defines “process” as “set of interrelated or interacting activities

which transforms inputs into outputs”.

An outsourced process can be performed by a supplier that is totally independent from the

organization, or which is part of the same parent organization (e.g. a separate department or

division that is not subject to the same quality management system). It may be provided within the

physical premises or work environment of the organization, at an independent site, or in some other

manner.

2.2    Intent of Clause 4.1

Page 55: Questions 12..15

The intent of Clause 4.1 of ISO 9001:2008 is to emphasize that when an organization chooses to

outsource (either permanently or temporarily) a process that affects product conformity with

requirements (see ISO 9001:2008 clause 7.2.1), it can not simply ignore this process, nor exclude it

from the quality management system.

The organization has to demonstrate that it exercises sufficient control to ensure that this process is performed according to the relevant requirements of ISO 9001:2008, and any other requirements

of the organization’s quality management system. The nature of this control will depend on the

importance of the outsourced process, the risk involved, and the competence of the supplier to

meet the process requirements. Based on the nature of the control, it should consider the

processes referred to quality management system for management activities, provision of

resources, product realization and measurement, analysis and improvement. The outsourced

organization does not necessarily have to have a certified Quality Management System, but it has

to demonstrate the capability of the previously mentioned processes.

Outsourced processes will interact with other processes from the organization's quality

management system (these other processes may be carried out by the organization itself, or may

themselves be outsourced processes). These interactions also need to be managed (see ISO

9001:2008 clause 4.1 (a) and (b)).

2.3    Control of outsourced processes

2.3.1    The acquisition of outsourced processes will normally be subject to the capability of

achieving the necessary control through the application of requirements of both ISO 9001:2008

clause 7.4 (Purchasing) and clause 4.1 (General Requirements)

As mentioned in the Note, in some situations, the organization might not “purchase” the outsourced

process in the traditional sense; it might, for example, receive the service from a corporate head

office or from another division within a group of organizations, without any monetary transaction

taking place (see 2.1 above). Under these circumstances, however, ISO 9001:2008 Clauses 7.4

and 4.1 are still applicable.

2.3.2    There are two situations that frequently need to be considered when deciding the

appropriate level of control of an outsourced process:

When an organization has the competence and ability to carry out a process, but chooses to

outsource that process (for commercial or other reasons).

In this situation the process control criteria should already have been defined, and can be

transposed into requirements for the supplier of the outsourced process, if necessary.

When the organization does not have the competence to carry out the process itself, and

chooses to outsource it.

In this situation the organization has to ensure that the controls proposed by the supplier of the

Page 56: Questions 12..15

outsourced process are adequate. In some cases it may be necessary to involve external

specialists in making this evaluation.

2.3.3    It may be convenient, or even necessary, to define some or all of the methods to be used

for control of the outsourced processes in a contract between the organization and the supplier.

The potential impact of the outsourced process is based on the outsourcing’s capability to provide

product that conforms to requirements. Care should be taken, however, not to inhibit the supplier

from proposing innovations to the outsourced process.

The organization’s control of the outsourced process has to be based on the need for product

conformity to requirements.

Ensuring control over outsourced processes does not absolve the organization of the responsibility

of conformity to all customer, statutory and regulatory requirements.

2.3.4    In some situations it might not be possible to verify the output from the outsourced process

by subsequent monitoring or measurement. In these cases, the organization needs to ensure that

the control over the outsourced process includes process validation in accordance with ISO

9001:2008 clause 7.5.2.

Introduction and support package:Implementation guidance for ISO 9001:2008

Document: ISO/TC 176/SC 2/N836

October 2008

1.    Introduction

This Implementation Guidance has been developed to assist users in understanding the issues that

need to be considered during the co-existence period between ISO 9001:2000 and ISO 9001:2008.

While the changes between ISO 9001:2000 and ISO 9001:2008 are expected to have a limited

impact on users, some arrangements regarding implementation are needed.

Note: To reflect the limited scope of the changes the term “implementation” is now being used to

make a clear distinction with the former “transition” from ISO 9001:1994 to ISO 9001:2000, when

there were significant changes throughout the standard.

A wide diffusion of this implementation guidance is recommended, in particular the comparison

table between ISO 9001:2008 and ISO 9001:2000, given in Annex B to ISO 9001:2008.

Page 57: Questions 12..15

ISO 9001:2008 has been developed in order to introduce clarifications to the existing requirements

of ISO 9001:2000 and to improve compatibility with ISO 14001:2004. ISO 9001:2008 does not

introduce additional requirements nor does it change the intent of the ISO 9001:2000 standard.

Certification to ISO 9001:2008 is not an “upgrade”, and organizations that are certified to ISO

9001:2000 should be afforded the same status as those who have already received a new

certificate to ISO 9001:2008

No new requirements were introduced in this edition but, in order to benefit from the clarifications of

ISO 9001:2008, users of the former version will need to take into consideration whether the

clarifications introduced have an impact on their current interpretation of ISO 9001:2000, as

changes may be necessary to their QMS

2.    Background to the ISO 9001:2008 revision process

In order to assist organizations to have a full understanding of the new ISO 9001:2008, it may be

useful to have an insight on the revision process, how this revision reflects the inputs received from

users of the standard, and the consideration given to benefits and impacts during its development.

Prior to the commencement of a revision (or amendment) to a management system standard,

ISO/Guide 72:2001, Guidelines for the justification and development of management system

standards recommends that a “Justification Study” is prepared to present a case for the proposed

project and that it outlines details of the data and inputs used to support its arguments. In relation to

the development of ISO 9001:2008 user needs were identified from the following:

the results of a formal “Systematic Review” on ISO 9001:2000 that was performed by the

members of ISO/TC 176/SC2 during 2003-2004

feedback from the ISO/TC 176/Working Group on “Interpretations”

the results of an extensive worldwide “User Feedback Survey on ISO 9001 and ISO 9004” by

ISO/TC 176/SC 2/WG 18 and similar national surveys.

The Justification Study identified the need for an amendment, provided that the impact on users

would be limited and that changes would only be introduced when there were clear benefits to

users.

The key focuses of the ISO 9001:2008 amendment were to enhance the clarity of ISO 9001:2000

and to enhance its compatibility with ISO 14001:2004.

A tool for assessing the impacts versus benefits for proposed changes was created to assist the

drafters of the amendment in deciding which changes should be included, and to assist in the

verification of drafts against the identified user needs. The following decision making principles

were applied:

Page 58: Questions 12..15

1. No changes with high impact would be incorporated into the standard;  

2. Changes with medium impact would only be incorporated when they provided a correspondingly

medium or high benefit to users of the standard;

3. Even where a change was low impact, it had to be justified by the benefits it delivered to users,

before being incorporated.

The changes incorporated in this ISO 9001:2008 edition were classified in terms of impact into the

following categories:

No changes or minimum changes on user documents, including records

No changes or minimum changes to existing processes of the organization

No additional training required or minimal training required

No effects on current certifications

The benefits identified for the ISO 9001:2008 edition fall into the following categories:

Provides clarity

Increases compatibility with ISO 14001.

Maintains consistency with ISO 9000 family of standards.

Improves translatability.

3.    User groups

3.1    Individual organizations using ISO 9001 (including industry associations)

a)    Current Users of ISO 9001:2000

This user group is defined as having completed or being in the process of implementing ISO

9001:2000, regardless of whether they are certified or not, or whether they intend to be certified or

not.

b)    New Users

A New User is defined as an organisation that is either beginning to use ISO 9001:2000 or ISO

9001:2008 for the first time or is a potential user of the standard in the future.

c)    Users of Industry Sector Schemes, based on ISO 9001:2000

This user group is defined as those using quality management system programmes based on ISO

9001:2000 that include additional quality management system requirements, that can either be

certified or accredited under the guidance of a particular Industry Sector Scheme (e.g. ISO/TS

16949 Quality systems – Automotive suppliers – Particular requirements for the application of ISO

9001:2000).

3.2    Other user groups

Page 59: Questions 12..15

These are defined as being:

1. National Standards Bodies (NSBs)

2. Accreditation Bodies (ABs)

3. Certification/Registration Bodies (CB/RBs)

4. Trainers and Consultants

4.    Implementation guidance

4.1    Generic guidance

All users groups are strongly advised to note the Joint IAF-ISO communiqué for Implementation of

accredited certification to ISO 9001:2008, which details the agreed implementation plan for

accredited certification as follows:

Accredited certification to ISO 9001:2008 shall not be granted until the publication of ISO 9001:2008 as an International Standard. Certification of conformity to ISO 9001:2008 and/or national equivalents shall only be issued after

official publication of ISO 9001:2008 (which should take place before the end of 2008) and after a

routine surveillance or re-certification audit against ISO 9001:2008.

Validity of certifications to ISO 9001:2000One year after the publication of ISO 9001:2008 all accredited certifications issued (new

certifications or re-certifications) shall be to ISO 9001:2008.

Twenty four months after publication by ISO of ISO 9001:2008, any existing certification issued to

ISO 9001:2000 shall not be valid.

Page 60: Questions 12..15

Figure 1 - Implementation timetable for ISO 9001:2008, for all user groups

To benefit from the clarifications introduced into ISO 9001:2008, users (from all user groups)

should note the recommendations given in the table below. Recommendations for specific user

groups are given in section 4.2 further down.

>> Get acquainted with the new edition of the standard. Use Annex B in ISO 9001:2008 to facilitate

identification of the clarifications

>> Was your former interpretation of ISO 9001:2000 different from the clarifications provided by

ISO 9001:2008 ?

>> If not, communicate to both internal and external parties the conclusion and results of your

implementation of ISO 9001:2008.

>> If yes, determine the impact of the clarifications of the new version on your current use of ISO

9001 and plan any necessary remedial actions.

>> Use the Plan-Do-Check-Act methodology to manage the implementation of your remedial

actions, but keep in mind the timeframe provided in Figure 1.

Note that the actions may need to vary according to your user group (see 4.2 below).

4.2    Guidance for specific user groups

Page 61: Questions 12..15

These recommendations complement the generic guidance to all user groups given in section 3.0

above.

4.2.1    Organizations using ISO 9001:2000

a)    Current users

Organisations that are already certified to ISO 9001:2000 should contact their

certification/registration bodies (CB/RB) to agree a programme for analysing the clarifications in

ISO 9001:2008 in relation to their individual quality management systems and for upgrading their

certificates.

Certified organizations should bear in mind that ISO 9001:2000 certificates have the same status

as new ISO 9001:2008 certificates during the co-existence period.

Organizations in the process of certification to ISO 9001:2000 should change to using ISO

9001:2008 and apply for certification to it.

b)    New users

New users should start by using ISO 9001:2008.

c)    Industry Sector Schemes

Users of specific sector schemes are recommended to refer to the organization that is responsible

that sector scheme’, e.g. for:

ISO/TS 16 949 refer to the IATF,

TL 9000 refer to the QuEST Forum

AS 9000/ EN 9100 refer to the IAQG

4.2.2    National Standards Bodies

Information regarding the 2008 edition of ISO 9001 should be communicated to standard users, in

a timely manner, by the national standards bodies (NSBs). It is recommended that NSB actions be

synchronized with the information flows from ISO and ISO/TC 176.

NSBs are responsible, at a national level, for communicating the issues regarding the changes

from ISO 9001:2000 to ISO 9001:2008 to all interested parties and for providing translations of the

new edition of the standard in their national languages. It is recommended that they coordinate

their communications regarding these issues with other local interested parties (for example: ABs,

CB/RBs, professional quality associations, etc.).

Page 62: Questions 12..15

Translation Issues - If a requirement for translation of the new standards exists, the translation

process should be started as early as possible, in order to provide the equivalent national edition as

soon as possible.

An NSB should analyse if there are interpretation problems in the national ISO 9001:2000 version

due to former translation problems. In affirmative cases the NSB should carry out an extensive

translation of the standard. If interpretation divergences still remain, the NSB is recommended to

apply for clarification to the “ISO/TC 176, Interpretations Working Group” using the established

“Interpretations” process.

If an NSB has no translation problem with its version of ISO 9001:2000 it can use Annex B to ISO

9001:2008 as a quick guide for preparing its translation of the standard.

4.2.4    Accreditation Bodies

ABs should refer to the joint IAF-ISO communiqué for the implementation of accredited certification

to ISO 9001:2008 (see 4.1 above).

4.2.5    Certification Bodies

CBs should refer to the joint IAF-ISO communiqué for the implementation of accredited certification

to ISO 9001:2008 (see 4.1 above).

CBs should remember that certificates of conformity to ISO 9001:2008 and/or its national

equivalent adoptions can only be issued after the official publication of the amended standard.

It is important that accredited certification bodies ensure that their auditors are aware of the

clarifications introduced in ISO 9001:2008, and their implications, prior to conducting audits to that

standard.

4.2.6    Training Bodies and Consultants

All trainers and consultants should be aware of the clarifications in ISO 9001:2008. All training

bodies and consultants are recommended to determine the need for updating training programs

and documentation, or any other changes necessary, to the services they provide.

5.0    Frequently asked questions

While this Implementation Guidance provides recommendations on a number of issues facing the

different user groups during the co-existence period, it does not address more general questions

about the ISO 9000 standards. Instead ISO/TC 176/SC 2 has prepared a set of frequently asked

questions (FAQs) to provide such advice.

Page 63: Questions 12..15

It is expected that the FAQs will be updated on a more regular basis than this Implementation

Guidance. For the latest version of the FAQs, reference should be made to the open access web

site at www.iso.org/tc176/sc2

6.0    Authenticity of information regarding ISO 9001:2008

The first point of contact for information regarding the requirements of ISO 9001:2008 should be

your National Standards Body (for a listing of ISO’s member National Standards Bodies, see

www.iso.org/iso/about/iso_members.htm).   

Other recommended sources of information are:

ISO’s Web site provides general information regarding ISO 9001:2008 and the ISO 9004

revision programme (as well as details of its member National Standards Bodies).

The ISO/TC176 Web site www.tc176.org provides more specific information on the structure

and work programme of ISO/TC176, and on the formal “interpretations” issued on ISO 9001

The ISO/TC176/SC2 Web site, www.iso.org/tc176/sc2 provides detailed information on the ISO

9001/9004 revision program, updated on a regular basis