The Changes in ISO 9001:2000 and the Implications
for Smaller Businesses
By Mike Stone
This paper is designed to highlight some of the issues
small and medium sized businesses may consider with the advent of ISO
9001:2000. Consequently, only certain clauses in the new Standard have
been selected for comment.
The notes below are referenced to the paragraph numbers
and headings in ISO 9001:2000.
| 1 The Preliminary Sections of ISO
9001 (‘Scope’ and 'Application') |
Organisations will need to prove
that legal issues surrounding products are being
addressed. |
| 1.2 Permissible Exclusions (Reduced Scope and
Tailoring) - see 4.2.2 below |
|
| 4.2 Documentation Requirements |
It is mandatory to document only six procedures:
1. Document Control
2. Record Keeping
3. Nonconformance Control
4. Auditing
5. Corrective Action and
6. Preventive Action
In all other cases, management must decide whether they need documentation
to facilitate control. |
| 4.2.2 Quality Manual |
Omissions in a current manual satisfying ISO
9001, 1994, might include:
• the need to specify
and explain the organisation’s processes and their interactions
(a suitable flowchart could suffice) and
• an explanation
of ‘permissible exclusions’
Processes need to be specified and it may be easiest to show these
in a simple flowchart form. |
| 5.1 General |
This section emphasises the
need for commitment to quality and improvement from top management,
including the meeting of all legal requirements.
This section will not be particularly onerous as only 'top management'
will ordinarily have the authority to manage the issues raised,
especially those of resourcing. |
| 5.2 Customer Focus |
In smaller organisations, customer focus is normally
very well handled, but assumptions are often made by both parties.
Every effort must be made on a contract by contract, or order by order,
basis to ensure that any 'limitations' are fully understood by the
customer. See also 8.2.1 below. |
| 5.3 Quality Policy |
There is no detailed guidance
as to what constitutes, or is acceptable as, a quality policy statement.
It is advisable to mention commitment to continuous improvement.
Continuous improvement may sound daunting. However, some basic techniques
may suffice, eg: internal audits and staff suggestions identifying
issues for improvement. |
| 5.4.1 Quality Objectives |
Top management shall ensure that quality objectives
are established for products and the quality system itself.
This will almost certainly be done: product objectives may be a drawing
or basic specification, whereas quality system issues will be covered
by procedures including document control, corrective action and internal
auditing. |
| 5.4.2 Quality Planning |
Plans may be minimal in documentation terms,
but personnel performing work will need laid down criteria to achieve
(see 5.4.1 above). Drawings or simple instructions might suffice.
The fact that there are procedures for various 'infrastructure' activities,
such as document control etc, will prove that some form of quality
system planning has been implemented. |
| 5.5.1 Responsibility and Authority |
Job descriptions are not
mandatory. Procedures may define 'jobs'.
It is no longer specified that 'interrelationships' of personnel
be defined. |
| 5.5.2 Management Representative for Quality |
The management representative may responsibilities
other than ‘quality’. The quality management representative
may well be the business owner: in the event of conflict between quality
and other issues, quality must be accorded a fair hearing and it is
recommended that a record of such be maintained. |
| 5.5.3 Internal Communication |
There is no requirement for formal procedures
here. However, some evidence of communication will be required, such
as a record of 'key briefings'. |
| 5.6 Management Review |
Exceptionally, in a very small organisation,
the management review may not involve anyone other than the business
owner. In such a case, although there will be no formal meeting, it
will still be necessary to record the issues considered. |
| 6 Resource Management |
It could be argued that there is little new in
this section - an interpretation of various clauses of the 1994 Standard
may be considered to cover most of the points raised in the new Standard.
However, there is more emphasis on facilities and the working environment
and the need for training evaluation. |
7.1 Planning of Product Realisation
If the organisation’s procedures, instructions and specifications
cover the planning requirements, it should not be necessary to demand
a separate document called a ‘plan’. |
A minimalist approach to the requirements here
might be the production of a simple written statement specifying the
desired product or service 'output'. Detailing the sequence of activities
should not be necessary where simple work is concerned. |
| 7.2.1 Determination of Requirements Related to
the Product |
The requirement to review legal and regulatory
obligations needs to be addressed and demonstrated. |
| 7.2.2 Review Requirements Related to the Product
(or Service) |
This section applies to proposals,
original orders and amendments.
Before submission of a tender or acceptance of an order/contract,
customer requirements, whether specified by the customer or the
organisation, shall be reviewed The review does not have to be carried
out by a second, independent person, but a record should be available.
In some sectors, eg retailing, the only definition of what has been
agreed between the buyer and seller may be a credit card slip or
till receipt of some sort. |
| 7.2.3 Customer Communication |
There may well be no need to make changes here
as long as it is clear who it is in the customer's organisation who
needs to be contacted over such matters as confirmation of requirements,
change authorisation and delivery arrangements. |
| 7.3 Design and / or Development |
There are no really major changes here in relation
to the previous Standard, other than the removal of the need for documented
procedures. |
| 7.4 Purchasing |
There is little change from the previous Standard
in this section. No reference is made to a requirement for documented
procedures. |
| 7.4.3 Verification of Purchased Product and Services |
This has clarified the previous
Standard's section 4.6.4, but also covers incoming inspection.
Incoming checks on input goods and services at the organisation’s
own premises will be at the level or depth determined by the management.
|
| 7.5.1 Control of Production and Service Provision |
7.1 requires work planning and this section, 7.5.1,
requires some form of written or pictorial instruction specifying
standards of work. These two issues may be combined: a drawing alone
may specify what is required. |
| 7.5.3 Identification and Traceability |
Product and Service should
be identified throughout all ‘production’ processes
- where appropriate.
Traceability shall be maintained if this is a requirement and then
appropriate records kept.
Documented procedures are not specifically required now for controlling
identification and traceability.
The status of product and indeed services should be established
during processing. For example, the status of a car service during
the service process needs to be determined and this is normally
achieved by a ‘tick list’ indicating those tasks which
have been completed and those which have not. |
| 7.5.4 Customer Property |
The requirements here are
generally clear.
This may now include non-products such as intellectual property. |
| 7.5.5 Preservation of Product (Handling, Storage,
Packaging, Preservation and Delivery) |
Apart from the demand in
the old Standard for documented procedures, the new, shortened,
requirements actually cover most of whatever went before.
The '94 Standard hints very strongly at the need to log goods in
and out of stores, but this is no longer stipulated. This will help
organisations where exceptionally low value items are kept in store
pending use in production. Precise stock levels are not essential.
Whilst checking ‘the condition of product in stock at appropriate
intervals’ is no longer a specific requirement, management
will need to be able to control shelf-lifed items to ensure product
conformity. |
| 7.6 Control of Measuring, Inspection and Test
Equipment |
It might be considered that
the requirements in the new Standard are less stringent than the
old.
The statements 'Where necessary to ensure valid results, measuring
equipment shall be….calibrated' and '…. monitoring and
measuring can be carried out in a manner consistent with measuring
requirements' suggest that managements and certification organisations
might take a more lenient view over what equipment needs to be calibrated |
| 8.2.1 Customer Satisfaction |
A formal arrangement needs to be set up to evaluate
customer satisfaction (not just dissatisfaction/complaints).
The arrangement can not be a ‘one-off’ exercise: the wording
is ‘customer satisfaction must be monitored’, implying
at least periodic if not continuous monitoring. |
| 8.2.2 Internal Audit |
Truly independent auditing may be difficult in
a really small organisation. The new Standard effectively asks for
objectivity. In this case, the most senior person in the business
may be the one who is less involved in the minutiæ of the business
and be best suited to undertake internal auditing. |
| 8.2.3 Measurement and Monitoring of Processes |
This section has introduced
process checking in addition to product measurement (see 8.2.4 below).
Examples of process monitoring checks might include:
• temperature and pressure measurement in
chemical processes
• checking / adjusting grass cutting blades in mowing machines
• the voltage on 'flash test' equipment for insulation checks |
| 8.2.4 Measurement of Product and/or Service |
In addition to process measurement, product measurement
is required: the amount of checking and measuring carried out is down
to management. A minimum could probably be some form of final check
immediately prior to delivery to customer. |
| 8.3 Control of Nonconforming Product |
Arrangements for dealing
with items found to be nonconforming after delivery now need to
be in place.
Control of nonconformances is a serious, formal process. There are
no shortcuts for smaller organisations. |
| 8.4 Analysis of Data for Improvement |
This section stipulates some
new requirements, but many organisations will be carrying out this
work anyway.
Data from the quality management system is required to be analysed.
Action resulting from analysis of this data, ie the introduction
of improvements, is then required by other sections, viz: 5.6 (Management
Review) and 8.5 (Improvement).
The extent of data collection and analysis is not specified. |
| 8.5.1 Planning for Continual Improvement |
Improvement processes must
be established within the organisation.
Although there is no requirement for a documented procedure, a plan
is required to explain how the following are used to generate continual
improvement:
• quality policy
• objectives
• internal audit results
• analysis of data
• corrective action
• preventive action
• management review |
| 8.5.2 Corrective Action |
The meaning of corrective
action is clearly explained in the first sentence of this section:
‘establishing a process for reducing or eliminating the causes
of nonconformity by preventing recurrence’.
Corrective action is to be 'commensurate with the risks involved'.
This means that it not necessary to spend a pound to save a penny,
or take action over events, which, after due consideration, are
considered to be extremely unlikely to recur. |
| 8.5.3 Preventive Action |
The first statement in this section defines
what is meant by preventive action: ‘establishing a process
for eliminating the causes of potential nonconformities to prevent
occurrence’ (ie there is no problem as yet). Although the
old Standard contained requirements for preventive action, it was
not clearly defined and many organisations failed to address this
area of activity with any conviction.
Preventive Action shall be taken ‘appropriate to the impact’
of the potential problem.
The most basic techniques to address this involve only internal
auditing and staff suggestions to identify possible problems. |
| "Many SME's, therefore, may not have so very much
to do to accommodate the new Standard. Modifications to the structure
of their existing documentation may be worthwhile. The quality manual
(where that currently exists) may well need to be amended to address
the modest number of new requirements, such as:
• the monitoring of customer satisfaction
• continuous improvement and
• describing the organisation's processes
SMEs may review existing procedures to see if
it might be possible to abandon some of them and restructure others
to address the enhanced requirements for process control. However,
ISO 9001:2000 may not be the headache expected by many SMEs.
References: ISO 9001:2000 |
