Monday, November 30, 2009

ISO 9000 Standards – Document control procedures

ISO 9000 Standards – Document control procedures

The ISO 9000 Standards requires that a documented procedure be established to define the controls needed.

This requirement means that the methods for performing the various activities required to control different types of documents should be defined and documented.

Although the ISO 9000 standards implies that a single procedure is required, should you choose to produce several different procedures for handling the different types of documents it is doubtful that any auditor would deem this noncompliant. Where this might be questionable is in cases where there is no logical reason for such differences and where merging the procedures and settling on a best practice would improve efficiency and effectiveness.

Documents are recorded information and the purpose of the document control process is to firstly ensure the appropriate information is available where needed and secondly to prevent the inadvertent use of invalid information. At each stage of the process are activities to be performed that may require documented procedures in order to ensure consistency and predictability. Procedures may not be necessary for each stage in the process.

Every process is likely to require the use of documents or generate documents and it is in the process descriptions that you define the documents that need to be controlled. Any document not referred to in your process descriptions is therefore, by definition, not essential to the achievement of quality and not required to be under control. It is not necessary to identify uncontrolled documents in such cases. If you had no way of tracing documents to a governing process, a means of separating controlled from uncontrolled may well be necessary.

The procedures that require the use or preparation of documents should also specify or invoke the procedures for their control. If the controls are unique to the document, they should be specified in the procedure that requires the document. You can produce one or more common procedures that deal with the controls that apply to all documents. The stages in the process may differ depending on the type of document and organizations involved in its preparation, approval, publication and use. One procedure may cater for all the processes but several may be needed.
The aspects you should cover in your document control procedures, (some of which are addressed further in this chapter) are as follows Planning new documents, funding, prior authorization, establishing need
etc.

- Preparation of documents, who prepares them, how they are drafted, conventions for text, diagrams, forms etc.
- Standards for the format and content of documents, forms and diagrams.
- Document identification conventions.
- Issue notation, draft issues, post approval issues.
- Dating conventions, date of issue, date of approval or date of distribution.
- Document review, who reviews them and what evidence is retained.
- Document approval, who approves them and how approval is denoted.
- Document proving prior to use.
- Printing and publication, who does it and who checks it.
- Distribution of documents, who decides, who does it, who checks it.
- Use of documents, limitations, unauthorized copying and marking.
- Revision of issued documents, requests for revision, who approves the request, who implements the change.
- Denoting changes, revision marks, reissues, sidelining, underlining.
Amending copies of issued documents, amendment instructions, and amendment status.
- Indexing documents, listing documents by issue status.
- Document maintenance, keeping them current, periodic review.
- Document accessibility inside and outside normal working hours.
- Document security, unauthorized changes, copying, disposal, computer
viruses, fire and theft.
- Document filing, masters, copies, drafts, and custom binders.
- Document storage, libraries and archive, who controls location, loan
arrangements.
- Document retention and obsolescence.

With electronically stored documentation, the document database may provide many of the above features and may not need to be separately prescribed in your procedures. Only the tasks carried out by personnel need to be defined in your procedures. A help file associated with a document database is as much a documented procedure as a conventional paper based procedure.

Posted by at No comments:
Labels:

Identifying and Recording Design Changes In ISO 9000 Standards

Identifying and Recording Design Changes In ISO 9000 Standards

The documentation for design changes in ISO 9000 Standards should comprise the change proposal, the results of the evaluation, the instructions for change and traceability in the changed documents to the source and nature of the change. You will therefore need:
- A Change Request form which contains the reason for change and the results of the evaluation – this is used to initiate the change and obtain approval before being implemented.
- A Change Notice that provides instructions defining what has to be changed this is issued following approval of the change as instructions to the owners of the various documents that are affected by the change.
- A Change Record that describes what has been changed – this usually forms part of the document that has been changed and can be either in the form of a box at the side of the sheet (as with drawings) or in the form of a table on a separate sheet (as with specifications).
Where the evaluation of the change requires further design work and possibly experimentation and testing, the results for such activities should be documented to form part of the change documentation.
At each design review a design baseline should be established which identifies the design documentation that has been approved. The baseline
should be recorded and change control procedures employed to deal with any changes. These change procedures should provide a means for formally
requesting or proposing changes to the design. For complex designs you may prefer to separate proposals from instructions and have one form for proposing design changes and another form for promulgating design changes after approval. You will need a central registry to collect all proposed changes and provide a means for screening those that are not suitable to go before the review board, (either because they duplicate proposals already made or because they may not satisfy certain acceptance criteria which you have prescribed). On receipt, the change proposals should be identified with a unique number that can be used on all related documentation that is subsequently produced. The change proposal needs to:
- Identify the product of which the design is to be changed
- State the nature of the proposed change identify the principal requirements, specifications, drawings or other design documents which are affected by the change
- State the reasons for the change either directly or by reference to failure reports, nonconformity reports, customer requests or other sources
- Provide for the results of the evaluation, review and decision to be recorded

Posted by at No comments:
Labels:

Thursday, November 26, 2009

Establishing Quality Policy In ISO 9001 Standards

Establishing Quality Policy In ISO 9001 Standards

The standard requires that top management establish
the quality policy.
ISO 9001 defines a quality policy as the overall
intentions and direction of an organization related to
quality as formally expressed by top management. It
also suggests that the policy be consistent with the
overall policy of the organization and provide a
framework for setting quality objectives. Further-
more ISO 9001 advises that the eight quality manage-
ment principles be used as a basis for forming the quality policy. The quality
policy can therefore be considered as the values, beliefs and rules that guide
actions, decisions and behaviours. A value may be ‘integrity’ and expressed as:
We will be open and honest in our dealings with those inside and outside the
organization. A rule may be ‘confidentiality’ and expressed as Company
information shall not be shared with those outside the organization. Both these are
also beliefs because it might be believed that deceiving people only leads to
failure in the long run. It might also be believed that disclosing confidential
information fuels the competition and will drive the organization out of
business. Both values guide actions, decisions and behaviours and hence may
be termed policies. They are not objectives because they are not achieved – they
are demonstrated by the manner in which actions and decisions are taken and
the way your organization behaves towards others.
The detail of quality policy will be addressed later. What is important in this
requirement is an understanding of why a quality policy is needed, what is
required to establish a quality policy and where it fits in relation to other
policies.
Defining the purpose or mission of the business is one thing but without
some guiding policies, the fulfilment of this mission may not happen unless
effort is guided in a common direction. If every manager chooses his or her
direction, and policies, the full potential of the organization would not be
realized. A shared vision is required that incorporates shared values and
shared policies.
The purpose of corporate policies is to influence the short and long-term
actions and decisions and to influence the direction in which the mission will
be fulfilled. If there were policies related to the organization’s customers, they
could be fulfilled at the expense of employees, shareholders and society. If
there were policies related to profit, without other policies being defined, profit
is positioned as a boundary condition to all actions and decisions. Clearly this
may not direct the organization towards its mission.
As stated above, the quality policy is the corporate policy and such policies
exist to channel actions and decisions along a path that will fulfil the
organization’s purpose and mission. A goal of the organization may be the
attainment of ISO 9001 certification and thus a quality policy of meeting the
requirements of ISO 9001 would be consistent with such a goal, but goals are not
the same as purpose as indicated in the box to the right. Clearly no organization
would have ISO 9000 certification as its purpose because certification is not a
reason for existence – an objective maybe but not a purpose.
Policies expressed as short catchy phrases such as “to be the best” really do
not channel actions and decisions. They become the focus of ridicule when the
organization’s fortunes change. There has to be a clear link from mission to
policy.
Policies are not expressed as vague statements or emphatic statements using
the words may, should or shall, but clear intentions by use of the words ‘we will’
– thus expressing a commitment or by the words ‘we are, we do, we don’t, we
have’ expressing shared beliefs. Very short statements tend to become slogans
which people chant but rarely understand the impact on what they do. Their
virtue is that they rarely become outdated. Long statements confuse people
because they contain too much for them to remember. Their virtue is that they
not only define what the company stands for but how it will keep its
promises.
In the ISO 9001 definition of quality policy it is suggested that the eight
quality management principles be used as a basis for establishing the policy.
One of these principles is the Customer Focus principle. By including in the
quality policy the intention to identify and satisfy the needs and expectations
of customers and other interested parties and the associated strategy by which
this will be achieved, this requirement would be fulfilled. The inclusion of the
strategy is important because the policy should guide action and decision.
Omitting the strategy may not ensure uniformity of approach and direction.

The standard requires that top management establish the quality policy.

ISO 9001 defines a quality policy as the overall intentions and direction of an organization related to quality as formally expressed by top management. It also suggests that the policy be consistent with the overall policy of the organization and provide a framework for setting quality objectives. Furthermore ISO 9001 advises that the eight quality management principles be used as a basis for forming the quality policy. The quality policy can therefore be considered as the values, beliefs and rules that guide actions, decisions and behaviours. A value may be ‘integrity’ and expressed as:

We will be open and honest in our dealings with those inside and outside the organization. A rule may be ‘confidentiality’ and expressed as Company information shall not be shared with those outside the organization. Both these are also beliefs because it might be believed that deceiving people only leads to failure in the long run. It might also be believed that disclosing confidential information fuels the competition and will drive the organization out of business. Both values guide actions, decisions and behaviours and hence may be termed policies. They are not objectives because they are not achieved – they are demonstrated by the manner in which actions and decisions are taken and the way your organization behaves towards others.

The detail of quality policy will be addressed later. What is important in this requirement is an understanding of why a quality policy is needed, what is required to establish a quality policy and where it fits in relation to other policies.

Defining the purpose or mission of the business is one thing but without some guiding policies, the fulfilment of this mission may not happen unless effort is guided in a common direction. If every manager chooses his or her direction, and policies, the full potential of the organization would not be realized. A shared vision is required that incorporates shared values and shared policies.

The purpose of corporate policies is to influence the short and long-term actions and decisions and to influence the direction in which the mission will be fulfilled. If there were policies related to the organization’s customers, they could be fulfilled at the expense of employees, shareholders and society. If there were policies related to profit, without other policies being defined, profit is positioned as a boundary condition to all actions and decisions. Clearly this may not direct the organization towards its mission.

As stated above, the quality policy is the corporate policy and such policies exist to channel actions and decisions along a path that will fulfil the organization’s purpose and mission. A goal of the organization may be the attainment of ISO 9001 certification and thus a quality policy of meeting the requirements of ISO 9001 would be consistent with such a goal, but goals are not the same as purpose as indicated in the box to the right. Clearly no organization would have ISO 9000 certification as its purpose because certification is not a reason for existence – an objective maybe but not a purpose.

Policies expressed as short catchy phrases such as “to be the best” really do not channel actions and decisions. They become the focus of ridicule when the organization’s fortunes change. There has to be a clear link from mission to policy.

Policies are not expressed as vague statements or emphatic statements using the words may, should or shall, but clear intentions by use of the words ‘we will’ – thus expressing a commitment or by the words ‘we are, we do, we don’t, we have’ expressing shared beliefs. Very short statements tend to become slogans which people chant but rarely understand the impact on what they do. Their virtue is that they rarely become outdated. Long statements confuse people because they contain too much for them to remember. Their virtue is that they not only define what the company stands for but how it will keep its promises.

In the ISO 9001 definition of quality policy it is suggested that the eight quality management principles be used as a basis for establishing the policy.

One of these principles is the Customer Focus principle. By including in the quality policy the intention to identify and satisfy the needs and expectations of customers and other interested parties and the associated strategy by which this will be achieved, this requirement would be fulfilled. The inclusion of the strategy is important because the policy should guide action and decision.

Omitting the strategy may not ensure uniformity of approach and direction.
Posted by at No comments:
Labels:

Tuesday, November 3, 2009

Free ISO 9000 Standards E-Books

Subscribe For ISO 9000 E-Book
  • 3 subscribers
GetResponse Email Marketing
Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)