ISO 9001:2015 | In Plain English

As a layman would understand it, here is another attempt to know the importance of ISO 9001:2015 standard in the day to day working of an organization.

As we know, an  organization comes into being to achieve certain purposes - purposes of its own & the purposes of people/entities that get associated with it.

Additionally, an organization is nothing but a "portfolio of activities".

Hence, an organization has to manage the portfolio of activities to fulfill these purposes in order to maintain its existence.

---------------------------------------------------------------------------------------------------------

Matter of thought:

ISO 9001 is not "saying" what you do, but, "showing" what you do.

ISO 9001 is not about "intentions", but, how you "implement the intentions".

When one studies the standard, we frequently come across the words like "identify", "determine", "establish" etc.

These words connote the meaning "to know". This means that an organization has to be conscious/awake to the fact as to what it is doing & how it is doing it.

The word "control" is also frequently mentioned in the standard. Its because you have got to have the control on any particular thing in order that you can take it in the desired direction or to the desired destination.

However, many of the companies continue to work in a haphazard manner  - not knowing where they want to go & how they want to go there. Indulging in patch works. Instead of consistently marching forward towards its purpose, the organization keeps going left & right.

Can you control an unbridled horse or a rudderless boat? Or can you manage a stampede?

ISO 9001:2015 requires you to lay down the track (the system) & make your train (the company) run on it. And it continues to do so thorough need based or periodic course corrections.

Now, what is this track or the system & how one establishes it?

The track here consists of the activities that an organization does, specifically the signification ones. Interesting thing about these activities is that they do not happen on their own. These activities happen only when men & machines act.

Hence, you have got to rein in or harness these men & machines so that each of these prove to be a step forward in the direction of your destination/goal. 

The top management at the firm, the boss, is the driver of this train & he/she has the responsibility to drive the train to its destination. And this is what ISO 9001:2015 recommends to achieve this through PDCA cycle- Plan, Do, Check & Act -

Plan: Plan the activities that you want to do. What is to be done(action), how it is to be done(concept), when it is to be done (time/sequence), by whom it is to be done (man/machine), how & when the activity/man & machine will be monitored, etc.

Do: Execute the plan by putting it into action. Get you men, material & machine rolling.

Check: Verify if your men, material & machines are operating as per the plan or not. Validate if your plan is effective, whether it is achieving the intended result or not. Do periodic reviews to know whether you are on right track or not.

Act: The feedback obtained through the "check" mechanism, be acted upon by incorporating it into your system. These are course correction activities.

Yes, though PDCA cycle, you go round & round to move forward.

Documentation Requirements:

The standard requires you to document/write down what an organization does.

This way, you make the applied concepts & actions VISIBLE which further helps in better understanding, control & management.

ISO 9001 -Quality Management System

What is at the core?

ISO 9001 - quality management system is fundamentally based on PDCA.

The aim of this methodology is to bring consistency in the management system.

"To ensure that the best mechanism that has been identified, is done repeatedly at all times by all concerned."

PDCA stands for - 

P  =  Plan

D = Do

C = Check

A = Act

Plan: 

As is obvious, to achieve the desired results, an organization is required to plan its activities. 

Planning involves identifying & aligning activities/resources in a manner that the desired result is achieved.

Yes, to plan is to get it on paper before it is to be put into practice.

This addresses the key questions like - What is to be done? Why it is to be done? How it is to be done? When it is to be done? By whom it is to be done? Where it is to be done?

To get a feel of how important planning is, think of the contrary words like haphazardly, arbitrarily, randomly, etc.

Do:

Once you have done the planning, next is the implementation/execution of that plan. Put to use the processes you have identified, the resources (man-material-machine) you have aligned.

Check:

Review what you planned & what you did. Address the gaps if you find any. May be the plan can be improved upon; may be the plan was okay but there was derailment in implementation, take note of the insights that your planning & doing must have brought up.

Act:

Now, you are required to incorporate the results back into your planning, that you must have got while checking/reviewing process.

Then act again on the revised plan & follow it up with check & act processes.

DOCUMENT CONTROL IN  ISO 9001 | ISO 14001 | ISO 22000 | OHSAS 18001 & OTHER STANDARDS

Document Control is yet another very important requirement of ISO 9001, ISO 14001, ISO 22000, OHSAS 18001 & other ISO certification standards.

Its like a soul for any management standard.

To have the documentations [the paper work, as some of us fondly like to call it] in an entity/company, small, medium or large, is very important.

This is so because it makes principles, policies, intentions, ideologies & all other things that we contemplate in our heads, visible to one & all. And when things are visible, it is easier & effective to understand, control & analyze them. It eliminates confusions, ambiguity, duplicacy, etc. They set the "reference frame" against which all activities are to be evaluated.

Further, this way, we do not loose the sight of the goal posts, the lighthouses that are supposed to guide us, keep us on track.

In brief, anything & everything, that we intend to do, is more effective when we write it down.

So much for the importance of documentation !!!

In the context of ISO 9001 | ISO 14001 | ISO 22000 | OHSAS 18001, the following types of documents are required by any organization. Either all or some of these are definitely applicable. 

> Quality Manual = Describes the quality management system in accordance with the stated policies & objectives [the intentions & the landmarks that one wants to achieve]. This answers the question 'What you want to do".

> Quality Management System Procedures = Describes the interrelated activities & processes required to implement the management system. This answer the questions "How you will do it".

> Work instructions & other documents for quality management system = These are the subsets of what point 2 intends to achieve. It says how a specific activity needs to be specifically done. An activity done appropriately will ensure that the entire process is completed appropriately. Yes, a process is nothing but a set of interrelated activities performed in a specified / pre-deteremined sequence.

The primary aim of an organization is to achieve efficiency & effectiveness. In line with these objectives, all activities are designed & delivered.

Document control means that that there will be a written mechanism to control the documents. Control in terms of which authority, a person or committee, will prepare/make/revise the documents. Which authority will approve these. The history & tractability of documents. Legibility. Up-to-date documents in usage & obsolete ones in their rightful place.

How to Achieve ISO 9001 Quality Management System Certification

ISO 9001 is one of the most popular standards among all ISO certification standards. This is the standard to which the maximum of number of organizations have been certified the world over. 

The reason for its popularity & acceptability is hidden in its name only, "Quality". All organizations, irrespective of their size, whether a manufacturer or service provider, aim to provide quality products/services to their end customers. Therefore, due to its huge scope, this standard is far way ahead of other ISO standards.

In order to achieve ISO 9001 certification, an organization needs to effectively implement the requirements of this standard. Once the organization is fully convinced that it has an effective management system in place, it can apply for ISO 9001 certification with an accredited registrar/certification body. The certification body, after the succesful audit, will grant the ISO 9001 certifiucation, which is valid for 3 years.

The 5 major requirements of ISO 9001 standard can be summarized as given below -  

4. Overall Requirements for the System

4.1   Set up your quality management system: develop, use and improve it.

4.2   Document your system to say how it should work.

   4.2.1 Write documents including a quality policy, objectives, manual, procedures and records; decide what procedures you need for your system; must include those listed below

   4.2.2 Have a quality manual

   4.2.3 Control your documents to make sure they are accurate and suitable, including a procedure

   4.2.4 Manage your records (which show your system works as you say it does) suitably, including a procedure.

5 Requirements for Management

5.1 Demonstrate your commitment to the quality management system by

      - communicating to personnel how important quality is

      - setting a quality policy and objectives for your system.

      - providing adequate resources (people, plant, equipment, IT etc.).

      - ensuring there is adequate planning

      - reviewing how the system performs.   

5.2 Focus on customers

       Identify their requirements and aim to enhance their satisfaction.

5.3 Write a quality policy. Use it.

      Commit to meeting requirements of the quality system and ISO 9001, including continual improvement.

      Make sure you communicate this policy and that it's understood.

5.4 Plan for quality

  5.4.1 Set objectives (aims/goals) that you can measure.

  5.4.2 Have suitable plans to achieve these objectives

5.5    Define and communicate 'who does what'

  5.5.1 Identify who has what responsibility and authority

  5.5.2 Give a senior manager responsibility for the quality system overall

  5.5.3 Have effective methods of internal communication.

5.6   Review your quality management system (management review) at regular intervals

 5.6.1 Review the system and performance.

 5.6.2 Include consideration of: customer feedback, performance, nonconformity, audits, actions raised, changes and any need to improve

 5.6.3 Keep records of outcomes from your reviews; include decisions and actions.

6 Resource Requirements

6.1 Decide what resources are need for the system, and to enhance customer satisfaction. Provide them.

6.2 Make sure people are competent:

 6.2.1 Include this for anyone whose work affects whether your services/products meet requirements

 6.2.2 Decide what competencies are needed; provide and maintain them

6.3 Infrastructure: Decide what you need (to meet requirements). Provide it and maintain it.

6.4 Work environment: provide what you need so that your services/products meet requirements.

7 Requirements for Products or Services

7.1 Plan

Plan and develop the processes needed for your products/services.

7.2 Have effective 'customer-related' processes:

7.2.1 Know what requirements apply to your products/services

7.2.2 Make sure you can meet them (or don't take the order)

7.2.3 Have effective ways to communicate with your customers.

7.3 Have effective processes for designing & developing products/services

7.3.1 Plan design/development.

7.3.2 Define what inputs are needed to design/create/develop

7.3.3 Do the 'design' /plan in some form that enables you to verify the output (see 7.3.5?)

7.3.4 Review the design/plan at suitable stages

7.3.5 Make sure the result meets the agreed & defined requirements (verification)

7.3.6 Validate design (where practicable).

7.3.7 If changes happen during design, manage them.

7.4 Control what you buy, outsource or subcontract (goods, materials or services) if it affects your services or products

7.4.1 Make sure what you buy meets the requirements you specified; assess and monitor your suppliers/supply chain.

7.4.2 Describe what you plan to purchase.

7.4.3 Make sure it meets requirements.

7.5 Manage your operations

7.5.1 Have effective ways to control what you do (providing products/ services)

7.5.2 Validate production/service provision (if required).

7.5.3 Identify and track services/products (when appropriate)

7.5.4 Take care of any property supplied by your customers, including IP and confidential information

7.5.5 Care for products/components during storage/delivery, etc.to make sure they stay in good condition

7.6 Control measuring and monitoring equipment

When measuring, make sure your results are valid.  Identify what equipment and processes you need for this. Choose suitable equipment or instruments.  Make sure the results are and stay accurate.

8 Requirements for Analysis and Improvement

8.1 Have processes suitable to ensure your services/products meet all relevant requirements (customer, yours, contractual, legal, etc.). Include improvement.

8.2 Monitor and measure processes and services/products (as necessary) to check you got the results you wanted:

8.2.1 Monitor customer perception of satisfaction.

8.2.2 Plan and implement a suitable program of internal system audits, including a procedure

8.2.3 Have suitable methods to monitor / measure your processes.

8.2.4 Monitor and measure products/services at suitable stages.  Release the final only when all requirements are met.

8.3 Control nonconformity (services/products not meeting requirements) in suitable ways, including a written procedure.

8.4 Collect and analyses information

Decide what information is needed to tell you how your system is working and for improvement.

Collect, analyses and use it.

 

8.5 Continually improve.

8.5.1 Improve your system.

8.5.2 Have a systematic approach to fix nonconformity and stop it recurring, including a procedure.

8.5.3 Have a systematic approach to prevent potential nonconformity or failures happening, including a procedure.