Yellow font on Black background Black font on White background Black font on Cream background
Call us today 01621 857841 or Email us
Quality Matters Logo

"Quality Matters in your Business"

Tuesday, 30 August 2016

A detailed look at the ISO 9001:2015 Quality Management Standard: Part 4

 

8. OPERATION


Details the requirement for the planning, implementation and control of the processes needed to meet the requirements for the provision of products and services, and to implement the actions determined in Section 6 (Planning), by:

  • Determining the requirements for the products and services;
  • Establishing the criteria for:
    • The processes;
    • The acceptance of products and services;
  • Determining the resources needed to achieve conformity to the product and service requirements;
  • Implementing control of the processes in accordance with the criteria;
  • Determining and keeping documented information to the extent necessary:

    • To have confidence that the processes have been carried out as planned;
    • To demonstrate the conformity of products and services to their requirements.


The output of this planning must be suitable for the organisation’s operations.


The organisation must control planned changes and review the consequences of unintended changes, taking actions to mitigate any adverse effects, as necessary.


The organisation must ensure that any outsourced processes are controlled.


REQUIREMENTS FOR PRODUCTS AND SERVICES

 

CUSTOMER COMMUNICATION


This includes:


  • Providing information relating to products and services;
  • Handling enquiries, contracts or orders, including changes;
  • Obtaining customer feedback relating to products and services, including customer complaints;
  • Handling or controlling customer property;
  • Establishing specific requirements for contingency actions, where relevant.


DETERMINING THE REQUIREMENTS RELATED TO PRODUCTS AND SERVICES


When determining the requirements for products and services to be offered to customers, the following must be addressed:


  • The requirements for the products and services are defined, including:
    • Any applicable statutory and regulatory requirements;
    • Those considered necessary by the organisation
  • The organisation can meet the claims for the products and services it offers.


REVIEW OF REQUIREMENTS RELATED TO PRODUCTS AND SERVICES


The organisation must ensure that it has the ability to meet the requirements for products and services being offered to customers. The organisation must conduct a review before committing to supply products and services to a customer to include:


  • Requirements specified by the customer, including the requirements for delivery and post-delivery activities;
  • Requirements not stated by the customer, but necessary for the specified or intended use, where known;
  • Requirements specified by the organisation;
  • Statutory and regulatory requirements applicable to the products and services;
  • Contract or order requirements differing from those previously expressed are resolved.
  • The customer’s requirements must be confirmed by the organisation before acceptance, when the customer does not provide a documented statement of their requirements.
  • Where internet sales are involved, a formal review is impractical for each order. Instead the review can cover relevant product information, such as catalogue or advertising material.
  • The organisation must retain documented information, as applicable:
    • On the results of the review;
    • On any new requirements for the products and services.


CHANGES TO REQUIREMENTS FOR PRODUCTS AND SERVICES



The organisation must ensure that relevant documented information is amended, and that relevant persons are made aware of the changed requirements, when the requirements for products and services are changed.
 


DESIGN AND DEVELOPMENT OF PRODUCTS AND SERVICES



Details the requirements that the organisation must establish, implement and maintain a design and development process that is appropriate to ensure the subsequent provision of products and services.



DESIGN AND DEVELOPMENT PLANNING



The stages and controls for design and development including:


  • The nature, duration and complexity of the design and development activities;
  • The required process stages, including applicable design and development reviews;
  • The required design and development verification and validation activities;
  • The responsibilities and authorities involved in the design and development process;
  • The internal and external resource needs for the design and development of products and services;
  • The need to control interfaces between persons involved in the design and development process;
  • The need for involvement of customers and users in the design and development process;
  • The requirements for subsequent provision of products and services;
  • The level of control expected for the design and development process by customers and other relevant interested parties;
  • The documented information needed to demonstrate that design and development activities have been met.



DESIGN AND DEVELOPMENT INPUTS



Functional and performance requirements, information derived from previous similar design and development activities, statutory and regulatory requirements, standards or codes of practice that the organisation has committed to implement, potential consequences of failure due to the nature of the products and services.


Inputs must be adequate for design and development purposes, complete and unambiguous.


Conflicting design and development inputs must be resolved


Documented information on design and development inputs must be kept.



DESIGN AND DEVELOPMENT OUTPUTS   



  • Must meet input requirements;
  • Are adequate for the subsequent processes for the provision of products and services;
  • Include or reference monitoring and measuring requirements, as appropriate, and acceptance criteria;
  • Specify the characteristics of the products and services that are essential for their intended purpose and their safe and proper provision;


Documented information on design and development inputs must be kept.



CONTROL OF DESIGN AND DEVELOPMENT CHANGES



The organisation must identify, review and control changes made during, or subsequent, to the design and development of products and services, to the extent necessary to endure that there is no adverse impact on conformity to requirements.


Change documented information must include, as appropriate:


  • Design and development changes;
  • The results of reviews;
  • The authorisation of the changes;
  • The actions taken to prevent adverse impacts.


CONTROL OF EXTERNALLY PROVIDED PRODUCTS AND SERVICES



Details the requirements the organisation must ensure that externally provided processes, products and services conform to requirements.  The organisation must determine the controls to be applied to externally provided processes, products and services, when:


  • Products and services from external providers are intended for incorporation into the organisation’s own products and services;
  • Products and services are provided directly to the customer(s) by external providers on behalf of the organisation;
  • A process, or part of a process, is provided by an external provider as a result of a decision by the organisation.


The organisation must determine and apply criteria for the evaluation, selection, monitoring of performance, and re-evaluation of external providers, based on their ability to provide processes or product and services in accordance with requirements.


The organisation must retain documented information of these activities and any necessary actions arising from the evaluations.



TYPE AND EXTENT OF CONTROL



The organisation must ensure that externally provided processes, products and services do not adversely affect the organisations ability to consistently deliver conforming products to its customers.



INFORMATION FOR EXTERNAL PROVIDERS


Details the requirements that the organisation must ensure the adequacy of requirements prior to their communication to the external provider.  The organisation must communicate to external providers its requirements for:

  • The processes, products or services to be provided;
  • The approval of:
    • Products and services
    • Methods, processes and equipment;
    • The release of products and services;
    • The external providers’ interactions with the organisation;
    • Control and monitoring of the external providers’ performance to be applied to the organisation;
    • Verification or validation activities that the organisation, or its customer intends to perform at the external providers’ premises.
  
 

PRODUCTION AND SERVICE PROVISION



CONTROL OF PRODUCTION AND SERVICE PROVISION-  



Details of the controlled conditions in place for actual product manufacture or service delivery.   Controls must be sufficient to ensure that there is quality of consistent conformance to the specification. These may include, as applicable:

  • The availability of documented information that defines:
    • The characteristics of the products to be produced, the services to be provided, or the activities to be performed;
    • The results to be achieved;
  • The availability and use of suitable monitoring and measuring resources;
  • The implementation of monitoring and measuring activities at appropriate stages to verify that criteria for control processes or outputs, and acceptance criteria for products and services, have been met;
  • The use of suitable infrastructure and environment for the operation of processes;
  • The appointment of competent persons, including any required qualification;
  • The validation, and periodic re-validation, of the ability to achieve planned results of the processes for production And service provision;
  • The implementation of actions to prevent human error;
  • The implementation of release, delivery and post-delivery activities.



IDENTIFICATION AND TRACEABILITY



Details the requirements that the organisation must use suitable means to identify outputs when it is necessary to ensure the conformity of products and services.


The organisation must identify the status of outputs with respect to monitoring and measurement requirements throughout production and service provision.


The organisation must control the unique identification of the outputs when traceability is a requirement, and must retain documented information necessary to enable traceability.



PROPERTY BELONGING TO CUSTOMERS OR EXTERNAL PROVIDERS



The organisation must exercise care with property belonging to customers or external providers while under the organisation’s control or being used by the organisation.


The organisation must identify, verify, protect and safeguard customers’ or external providers’ property provided for use or incorporation into the products or services.


When the property of a customer or external provider is lost, damaged or otherwise found to be unsuitable for use, the organisation must report this to the customer or external provider and retain documented information on what has occurred.


This property can include material, components, tools and equipment, premises, intellectual; property and personal data.



PRESERVATION



Details the requirement for the organisation to preserve the outputs during production and service provision, to the extent necessary to ensure conformity to requirements.


Preservation can include identification, handling, contamination control, packaging, storage, transmission or transportation, and protection.


POST DELIVERY ACTIVITIES



Details the requirements for post-delivery activities associated with products and services.  The following must be considered:

  • Statutory and regulatory requirements;
  • The potential undesired consequences associated with its products and services;
  • The nature, use and intended lifetime of its products and services;
  • Customer requirements;
  • Customer feedback;
  • Warranty and servicing, where appropriate and recycling or final disposal.


CONTROL OF CHANGES



Details the requirement to review and control changes for production or service provision, to the extent necessary to ensure continuing conformity with requirements.


The organisation must retain documented information describing the results of the review of changes, the person(s) authorising the change, and any necessary actions arising from the change, and any necessary actions arising from the review.



RELEASE OF PRODUCTS AND SERVICES



Details the planned arrangements, at appropriate stages, to verify that the product or service requirements have been met.


The release of products and services to the customer must not proceed until the planned arrangements have been satisfactorily completed, unless otherwise approved by a relevant authority and, as applicable, by the customer.


The organisation must retain documented information on the release of products and services.  The documented information must include:


  • Evidence of conformity with acceptance criteria;
  • Traceability to the person(s) authorising the release.


CONTROL OF NONCONFORMING PROCESS OUTPUTS



Details the requirements to ensure that outputs that do not conform to their requirements are identified and controlled to prevent their unintended use or delivery.


The organisation must take appropriate action based on the nature of the nonconformity of products and services.  This must also apply to nonconforming products and services.  This must also apply to nonconforming products and services detected after delivery of products, during or after provision of services.


The organisation must deal with nonconforming products and services in one of the following ways;


  • Correction;
  • Segregation, containment, return or suspension of  provision of products and services;
  • Informing the customer
  • Obtaining authorisation for acceptance under concession.

Conformity to the requirements to the requirements must be verified when nonconforming outputs are corrected.


The organisation must retain documented information that:


  • Describes the nonconformity;
  • Describes the actions taken;
  • Describes any concessions obtained;
  • Identifies the authority deciding the action taken in respect to the nonconformity.

Friday, 12 August 2016

A detailed look at the ISO 9001:2015 Quality Management Standard: Part 3

6. PLANNING FOR THE QUALITY MANAGEMENT SYSTEM

Details the requirements for concepts of risk (and opportunity).

  • ACTIONS TO ADDRESS RISKS AND OPPORTUNITIES - The requirement to understand the risks and opportunities relevant to the scope of the organisation and determine actions, objectives and plans to address them.

  • The risks and opportunities use the inputs that the organisation has identified in understanding its context and the views from interested parties.

  • Options to address risks and opportunities can include:

    • Avoiding risk;
    • Taking risk in order to pursue an opportunity eliminating the risk source;
    • Changing the likelihood or consequences;
    • Sharing the risk; or
    • Retaining risk by informed decision.
  • Opportunities:

    • Can lead to the adoption of new practices:
    • Launching new products;
    • Opening new markets;
    • Addressing new clients;
    • Building partnerships;
    • Using new technology and other desirable and viable possibilities to address the organisation’s or its customers’ needs.
  • QUALITY OBJECTIVES AND PLANNING TO ACHIEVE THEM - The requirement for the organisation to set quality objectives at relevant functions, levels and processes needed for the quality management system.  These objectives must be SMART (Specific, Measurable, Achievable, Realistic and Timely) and can include:

    • Market position/growth;
    • Process effectiveness/efficiency;
    • Maintenance of present position;
    • Reduction in costs of quality;
    • Improvements in product conformity;
    • Reduction in defects/poor service;
    • Improved customer/client satisfaction.


    Objectives can be part of staff development/appraisals and records need to be kept on levels of achievement.

    • What will be done?
    • What resources will be required?
    • Who will be responsible?
    • When will it be completed?
    • How the results will be evaluated?

  • PLANNING OF CHANGES- The requirement is to ensure changes and the impact of changes are considered in terms of risk and are effectively planned, controlled and managed.

7. SUPPORT

Details the requirement for the activities for People, Infrastructure, Environment for the Operation of Processes and Monitoring and Measurement Resources, Measurement Traceability, together with Organisational Knowledge Procedural Requirements of the quality management system.

  • RESOURCES -   The requirement for the resources needed for the establishment, implementation, maintenance and continual improvement of  the quality management, including the requirement for externally supplied resources.

  • PEOPLE – Determine and provide the persons necessary for effective implementation of the quality management system and for the operation and control of its processes.

  • INFRASTRUCTURE – Determine, provide and maintain the infrastructure necessary for the operation of its processes and to achieve conformity of products and services.

  • ENVIRONMENT FOR THE OPERATION OF ITS PROCESSES – Determine, provide and maintain the environment necessary for the operation of its processes and to achieve conformity of products and services.

  • These can be a combination of social, psychological and physical.

  • MONITORING AND MEASURING RESOURCES – The requirement to determine and provide the resources needed to ensure valid and reliable results when monitoring or measuring is used to verify the conformity of products and services to requirements.  Documented information as evidence of fitness for purpose of the monitoring and measurement resources are kept.

  • MEASUREMENT TRACEABILITY – When measurement traceability is a requirement, or is considered to be an essential part of providing confidence in the validity of measuring results, measuring equipment must be:

    • Calibrated, or verified, or both, at specified intervals, or prior to use, against measurement standards traceable to international or national measurement standards.  Where no standard exists the basis for calibration or verification must be documented.
    • Identified in order to determine their status
    • Safeguarded from adjustments that would invalidate the calibration status.
    • Where equipment is found to be unfit for its intended purpose then the validity of previous measurements must be reviewed.

  • ORGANISATIONAL KNOWLEDGE – Determine the knowledge necessary for the operation of its processes and to achieve conformity of products and services.   This knowledge must be maintained and be made available to the extent necessary.  

  • This knowledge can be from internal resources (e.g. intellectual property, knowledge specific to the organisation, gained from experience, lessons learned from failures and successful projects, capturing and sharing undocumented knowledge and experience, the results of improvements in processes, products and services).

  • External sources (e.g. standards, academia, conferences, gathering knowledge for customers or external providers).

  • COMPETENCE -  The requirement to determine the necessary competence of persons doing work under its control that affects the performance and effectiveness of the quality management system; where competence criteria are not met then the training required to acquire such competence.   There is a requirement to manage recruitment, induction and ongoing training and maintain documented information.

  • AWARENESS – The requirement to ensure that staff are made aware of the relevance of the quality policy, relevant quality objectives and their activities and how they contribute to the achievement of quality objectives.  Conversely the implications of not contributing to the specific and overall quality management system.

  • COMMUNICATION – The requirement for the organisation to determine the internal and external communications relevant to the quality management system including:

    • On what it will communicate?
    • When to communicate?
    • With whom to communicate?
    • How to communicate?
    • Who communicates?
  • DOCUMENTED INFORMATION – the requirement for documented information required by ISO 9001:2015 and documented information determined by the organisation as being necessary for the effectiveness of the quality management system.
There is no longer a requirement for mandatory documented procedures or manuals, but there is a requirement to maintain documented evidence of the system being operated.

In practice many organisations will maintain manuals and procedures to act as a guide and ensure operations are carried out effectively and efficiently.     
    
Documents, documented information can be in any format.                                           

  • CREATING AND UPDATING – When creating and updating documented information the following must be observed;

    • Identification and description (e.g. Title, date, version, author, or reference number).
    • Format (e.g. language, software version, graphics) and media (e.g. Paper or electronic).
    • Review and approval for suitability and adequacy.
  • CONTROL OF DOCUMENTED INFORMATION -  Documented information required by the quality management system and by ISO 9001:2015 must be controlled to ensure:

    • It is available and suitable for use, where and when it is needed;
    • It is adequately protected (e.g. from loss of confidentiality, improper use, or loss of integrity).


  • The following activities must be addressed, as appropriate:

    • Distribution, access, retrieval and use;
    • Storage, preservation, including preservation of legibility;
    • Control, of changes (e.g. version control);
    • Retention and disposition.
Documented information of external origin determined by the organisation to be necessary for the planning and operation of the quality management system is identified, as appropriate and controlled.

Documented information retained as evidence of conformity is protected from unintended alterations.

Monday, 1 August 2016

A detailed look at the ISO 9001:2015 Quality Management Standard: Part 2

ISO 9001 BY SECTION


4. CONTEXT OF THE ORGANISATION

 

Details the requirements for:

  • UNDERSTANDING THE ORGANISATION AND ITS CONTEXT- the requirement for the organisation to consider a wide range of potential factors, both external and internal, that can impact on the management system, in terms of its structure, scope, implementation and operation, including:

    • Social;
    • Economic;
    • National;
    • Governance;
    • Technological;
    • Political;
    • Products and services


  • UNDERSTANDING THE NEEDS AND EXPECTATIONS OF INTERESTED PARTIES – The requirement to consider the needs of interested parties both internal and external, including, as appropriate:

    • Directors;
    • Employees;
    • Contractors;
    • Clients/Customers;
    • Suppliers;
    • Regulators;
    • Legislation;
    • Shareholders;
    • Neighbours;
    • Non-Government Organisations (NGO’s);
    • Parent Organisations.

The best way to demonstrate this is to have both the context and interested parties logged in a database, register or similar. This should include details of Legislation or Regulation to which the organisation must comply

  • DETERNMINING THE SCOPE OF THE QUALITY MANAGEMENT SYSTEM – Now includes a requirement to consider both the Context and Interested parties along with the products or services being delivered.

    Naturally the scope must include a requirement to comply with the Quality Management Standard ISO 9001:2015.

  • QUALITY MANAGEMENT SYSTEM AND ITS PROCESSES – The requirement to establish, implement, maintain and continually improve the management system, including the processes needed and their interactions in order to deliver the required products, services and performance required under the scope.

    The term processes (a set of interrelated activities which transforms inputs into outputs).

    Organisations need to address risks and opportunities (Section 6)

    Organisations will also need to demonstrate the resources needed, ensuring their availability.

5. LEADERSHIP

This clause used to be “management commitment” but now requires that top management engage more fully with the critical, aspects of the quality management system.

  • LEADERSHIP AND COMMITMENT – The requirement that top management must demonstrate leadership and commitment to it. It is now a requirement that this top level oversight of the quality management system is a key component of the organisation and its core business processes and activities.

    The quality management system must be integrated into the organisation’s business processes.

  • CUSTOMER FOCUS - A requirement to demonstrate leadership and commitment with respect to customer focus:

    • Fully determine market/customer needs and expectations.  This information then acts as an input to determining strategy, direction and facilities development of a management system capable of satisfying the targeted market or customer.

      An example could be:

    • Market surveys;
    • Customer/client meeting minutes;
    • Questionnaires;
    • Other areas of research.

    Customer/Client focus has been extended to include determination of risks and opportunities that affect conformity of products and services.

    This could be a S.W.O.T analysis (strengths, weaknesses opportunities and threats) or PESTLE (Political, Economic, Social, Technological, Legal and Environmental) or similar.

  • QUALITY POLICY – The requirement for a quality policy establishing goals and commitments appropriate to the organisation & not simply a bland statement that could apply to any business.  The policy must be communicated to all employees and they need to understand the part that they have play in its deployment.  Additionally, the policy must be available to interested parties.  The policy is authorised by the most senior person in the organisation, CEO, MD, Senior Partner, etc.

  • ORGANISATIONAL ROLES, RESPONSIBILITIES and AUTHORITIES – The requirement to ensure those involved are fully aware of their role. Top management must be identified as being responsible for ensuring that aspects of the system are properly assigned, communicated and understood.

  • Top management must ensure that key responsibilities are defined. An organisation chart and job descriptions or procedures to identify responsibilities and authorities.

    Unlike previous versions of this standard the specific role of Management Representative is not used.  The activities of the role however, are now referenced within the core structure of the organisation, including top management.

Quality Matters

P.O.Box 5479
Maldon
Essex
CM9 8GG
England

T: 01621 857841
F: 01621 856016
M: 07702 193788

© 2015 Quality Matters Ltd. All rights reserved. Responsive Design