Interpretations: M Rama Krishna
Introduction
Much awaited ISO 9001: 2008, is finally out for implementation. Organizations already certified to ISO 9001: 2000 are supposed to migrate to ISO 9001: 2008 latest by 15-11-2010. However, any new registrations after 15-11-2009 will be only against ISO 9001: 2008. The existing edition of quality management system ISO 9001: 2000 cease to be valid from 14-Nov-2010, and will be withdrawn. The changes in the new edition are trivial, and need no major efforts from already certified organizations. The technical committee for developing this standard used the word ‘implementation’ as against the word ‘transition’ which was used when ISO-9001: 2000 was released with a number of significant changes.
The latest version has no new requirements; there are a few explanations, clarifications to the existing standard. Further, this new standard has been made more compatible with ISO 14001; 2004. This helps organizations to have an integrated management system for QMS, and EMS.
To benefit from the new standard, the organizations need to re-look into their existing QMS for any changes, with the help of clarifications provided critically review the implementation aspects. Re-examine the requirements, hitherto ambiguous, for better implementation.
Why there are only minor changes
The mandate of ISO is to provide up-to-date standards to the world; hence the standards are periodically reviewed for their suitability. Before publishing the new standard ISO 9001: 2008, a web-based global survey was conducted by ISO/TC/176/SC 2 to get user feedback. More than 1500 users from 63 countries responded, and 85% of the users are satisfied with ISO-9001: 2000 requirements. Further, the ‘impact vs benefit’ analysis was also carried out for each suggested change. Wherever the benefit is ‘medium or high’, and impact is ‘low or medium’ the corresponding changes were incorporated. Hence, there were only minor changes, except for clarifications, and explanations. There were no new requirements. ISO/TC 176 explain the objectives of releasing new standard are – providing clarity, increasing compatibility with ISO 14001: 2004, maintaining consistency with ISO 9000 family of standards, and improving translatability.
How to implement them
The following are not exhaustive list of changes, but a few important changes that could affect the existing QMS, hence need explanation.
Clause 0.1 General
The intention of the standard is not bringing uniformity in structure of the quality management system across different organizations. The structure of the quality management system is based on organizational environment, changes, risks associated in the environment. The quality management system can be unique to a particular organization. This intention was rephrased and emphasized with additional bullet point---
The organizational quality management system is influenced by
a. its organizational environment, changes in that environment, and the risks associated with that environment.
Clause 1.1 General
A Note-2 has been added to clarify the definition of ‘product’. ISO 9001: 2000 defined the product as ‘any intended for or required by a customer’. This included ‘services’ also. The Note-2 explains that product also includes any intended output from product realization process. This means, internal customer concept has been strengthened. Many organizations already follow this concept. The by-products, intermediate products need to be brought into quality management system. Waste was predominantly treated in ISO-14001, now finds a place here. Probably, ISO aims to have an integrated management system standard, in future.
Clause 4.1 General Requirements
Clarity on outsourced processes brought in, two additional Notes have been included. The outsourced activity is a process that the organization chooses to have performed by an external party for various reasons, and needs in its quality management system. The reasons for outsourcing may be –
Organization does not have competence to perform that particular activity. In this case, the controls can be mutually agreed upon.
Organization has competence, but chooses to outsource for commercial/economic reasons. In this situation, the controls are known to the organization, hence same will apply.
The additional Note-3 in clause-4.1 clarifies that outsourced activity should be treated as any purchasing activity, and to be dealt in conjunction with clause-7.4. This means the specifications (in other words controls) to be documented, monitored, and measured. Outsourced party to be evaluated, and rated for its performance same as other suppliers.
For example, an organization chooses to outsource ‘heat treatment’ activity. As per ISO-9001; 2000, as it is outsourced, identification, incoming quality checks were sufficient. The organization simply excluded the clause-7.5.2 validation of ‘heat treatment’ process. Now, the organization must ask validation reports from the outsourced party, evaluate the capability of the supplier, and have sufficient controls on supplier to perform the task qualitatively.
Finally, the outsourced process is still a responsibility of the organization, and to be included in the quality management system.
Clause 4.2.1 General
Note-1 has an additional clarification “A single document may address the requirements for one or more procedures. A requirement for a documented procedure may be covered by more than one document”
This change gives the flexibility to the user to club two or more than two requirements into one procedure. For example, user can document one procedure for corrective action (8.5.2) and preventive action (8.5.3), or one procedure for document (4.2.3) and record control (4.2.4), or internal audit (8.2.2) and corrective action (8.5.2), or non-conforming product (8.3) and corrective action (8.5.2). Similarly, the user can now address the requirements of internal audit (8.2.2) in a single or more than one procedure.
Clause 5.5.2 Management Representative
Top management shall appoint a member of the organization’s management who, irrespective of other responsibilities, shall have responsibility and authority that includes;
Though the intent was not to outsource, a few organizations had chosen to outsource the role of management representative to a third party or a consultant. But, this new edition disagrees and discourages similar actions and emphasizes the intention clear and sound. The management representative must be the member of the organization’s management team.
Clause 6.2.2 Competence, training and awareness
The title words are rearranged in line with ISO-14001: 2004. Clause 6.2.2b is modified “where applicable, provide training or take other actions to achieve the necessary competence”.
This change gives flexibility to the organizations to provide training where applicable. But, demands the competency mapping for each employee and updating of the same regularly. Identify necessary competencies for each position and map the competencies of the employees against the identified competencies. If the competency level is adequate, no need for training the employee; otherwise, provide training to achieve the necessary competency level. Subsequently, update the competency matrix of that particular employee.
Clause 6.3 Infrastructure
The standard recognises the increased use of Information Systems in organizational effectiveness, and included Information Systems as a support service.
The maintenance of Information Systems such as back-ups, fail-safe systems, fire-walls, anti-virus protections, disaster management etc are to be defined and maintained.
Clause 7.6 Control of monitoring and measuring equipment
The word ‘devices’ from the earlier version changed to ‘equipment’ in this new version.
This change is brought in to have uniform nomenclature. The equipment family invariably include huge testing equipment, tiny volt meters, sensors, dedicated computers, oscilloscopes, go-nogo gauges, templates etc.
Clause 7.6a has included an additional mandatory record. The calibration or verification has to be carried out against measurement standards which are traceable to national / international standards. When no such standards are available, the organization has to record the basis for calibration or verification and maintain the record as per 4.2.4. In the earlier version, the basis was a requirement but not a mandatory record. The basis can be a formula, template, chemical mixture, bacteriological assay etc.
Clause 7.6c is changed to “have identification in order to determine its calibration status”.
The change in clause 7.6c demands the identified equipment must contain the ‘calibration/verification-status’. It is asking the organization to have a ‘tag’ or a ‘sticker’ to show calibration status of the equipment. ISO 9001: 2000 was silent on the status tag, it required only unique identification to determine the status. Status could be in a record room, office computer, or with the superior; and it was accepted. Now, this new version demands a status tag.
Clause 8.5.2 Corrective Action
The key thread of the entire standard the ‘effectiveness’ is emphasized, in 8.5.2f. Earlier standard required a review, now the corrective actions to be reviewed for their effectiveness (8.5.2f). The repetitive failures, for which corrective actions are not adequate, are to be looked into critically.
To sum up, ISO 9001: 2008 has been developed in order to provide clarifications to the existing requirements, also, to improve compatibility with ISO 14001: 2004. The intent of the standard is not changed, as the users expressed their consensus.
The reader can further refer http://www.iso.org/, http://www.iso.org/tc176/sc2
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment