Principles of ISO 9001
Quality Management Principles are a set of fundamental beliefs, norms, rules and values that are accepted as a basis or foundation to guide an organizationâ€™s performance.
The new ISO 9001:2015 standard is based on seven Quality Management Principles. ISO 9001 Consultants should guide their clients about the importance and benefits of these principles and how to incorporate them into their businesses.
The seven Quality Management Principles are as below. You can ask your ISO 9001 Consultant about the explanation of each.
- Customer focus
- Engagement of people
- Process approach
- Evidence-based decision making
- Relationship management
Context of the organization
Context of the organization means the business or organizational environment of the organization. To put it simply Context means the issues affecting the organization. Issues can be both positive and negative, meaning that their effect on the organization can result in a loss or a profit.
Context can be both External and Internal. External Context can be the issues arising from technological, competitive, market, cultural, social and economic environment which can be international, national or at a local level.
Internal Issues can relate to values, culture, knowledge and performance of the organization.
An organizationâ€™s context may include:
- Specific objectives and targets of the organization;
- Products and services it provides;
- Complexity of the organizational processes and their interaction;
- Competency of employees within or behalf of the organization;
- The size and structure of the organization.
Design & development
Design & Development is one of the most important processes in an organization. It has been recognized by the ISO 9001:2015 Quality Management Standard and special requirements have been elaborated for conducting Design & Development of product or service in any organization.
The standard says that the Design & Development process should be able to meet the subsequent requirements and delivery of products or services.
There should be a systematic process for controlling design & development. That will involve design planning which shall include stages of design, review, verification and validation. Commonly a design plan is developed to write down all the stages which are given in the section below.
While devising the stages and controls for design & development process the organization has to consider the following:
- The complexity, nature and duration of design & development process
- The stages that are required including reviews
- The verification and validation (verification of actual resulting prototype product characteristic) activities required
- Responsibilities and authorities of personnel who are involved in this process
- Resources that are needed for this process including internal and external resources
- Requirement to control the interface between different persons involved
- Need to involve the customers and users input in the process
- Finding out the requirement for the subsequent provision of products and services
- The control level expected by customers and other relevant interested parties over the design & development process
Documented Information that is required e.g. Procedure and Records for demonstrating that design & development requirements have been met.
Review of design should be taken at planned intervals to make sure that the design is satisfactory and to find out solutions to any problems that are encountered. Records of reviews can include minutes of meetings, altered sketches and drawings and approval documents.
Verification is a process where the design is checked to make sure that what has been designed meets the input requirements. Records of verification can include alternative calculations, approvals and comparison reports. Example can be checking the design calculations if a refrigerator can perform at desired level at a high external temperature of the environment.
Validation is performed on the actual or prototype product to find out that it meets the requirements. Records can include test results, prototype feedback, user testing etc. validation shall be conducted before delivery of product to customer. An example can be testing a prototype refrigerator to see if it can keep the food stuff inside at a required coldness for an extended period of time.
Control of externally provided processes, products and services
There are two types of external providers. The first one is those external providers that are not part of the organization. Examples are Producers, Distributors, Retailers or Vendors of a product or service.
The second type is where the organization makes an arrangement with an external organization which undertakes part of the organizationâ€™s function or process. An external organization is outside the scope of the quality management system but an outsourced process or function is within the scope of the QMS. Examples of outsources processes can be painting, plating or anodizing.
The organization shall make sure that outsourced processes are controlled. The organization shall do planning during the make or buy decision. It shall understand the nature of the process outsourced or commodity purchased. It shall also understand the risks and opportunities.
The organization shall determine and apply criteria for the selection, approval and monitoring such as quality, cost, on time delivery, sustainability focus. It should also consider the risks and opportunities for sourcing. It should determine which external providers require control and how to develop strategic partnership or long term relationship.
Production and Service Provision
The standard requires the organization to undertake production and service under controlled conditions including delivery and post-delivery activities.
The organization shall use suitable means to identify process outputs, where necessary so as to ensure conformity of products and services.
It shall identify the current status of process outputs regarding monitoring and measurement requirements throughout the production process.
It shall control the unique identification of process outputs where traceability is required. Keep documented information or records required to maintain traceability.
External provider property can be equipment, tool, material or drawing etc. The organization shall take care of the external provider property while it is in its care so that there is no damage or deterioration.
The organization shall identify, verify, safeguard and protect external provider property given for incorporation or use in the products or services.
The organization shall ensure the preservation of process outputs during the production and service provision up to that extent required to maintain conformity of products and services.
The organization shall meet the requirements for post-delivery activities required for products and services.
The organization shall review and control changes that are unplanned that are essential for production and service to the level required to ensure conformity with the specified requirements.
Control of nonconforming outputs
The organization conforming to ISO 9001 certification shall ensure that nonconforming outputs in its processes, its products or services are controlled. The nonconformity may arise because of not meeting customer requirements, regulatory or statutory requirements or your organizations own requirements. The organization should have an effective Quality Control system for early detection of nonconformities. Raw material Inspection, In Process Inspection and final inspection should be carried out for outputs.
Nonconformities can occur in material or product supplied by subcontractors or in outsourced work. The organization should have to appropriate controls so that nonconforming products or services are prevented from unintended use or delivery. You should prevent further processing of affected part or product. You should keep records about the nature and details of nonconformity.
You should take appropriate action based on the nature of nonconformity and its impact on conformity of products and services. Appropriate personnel and customer where appropriate shall be notified of the nonconformity. Then evaluation of options shall be done for disposition. Even if deliver of product or service has been made and delivered then also the same steps are to be taken.
Monitoring, measurement, analysis and improvement
ISO 9001 Quality Management System requires the organization to use factual information as a basis for decision making. The clause 9.1 monitoring, measurement, analysis and evaluation in ISO 9001 caters to this requirement.
Monitoring means observing the status of a system, process or activity.
Measurement is the process to determine a value.
For your Quality Management System (QMS) to work effectively, you need evidence on the basis of which you make your decisions and for continuous improvement. Measurement and Monitoring is the process in ISO 9001with which you can collect that evidence.
ISO 9001 requires you to generally determine
- What is needed to be monitored and measured?
- What methods shall be used for the monitoring, measurement, analysis and evaluation needed to ensure valid results?
- When the monitoring and measuring shall be carried out?
- When results from monitoring and measurement be analyzed and evaluated?
It is a requirement that the organization shall evaluate the performance and effectiveness of the Quality Management System. It is also required that the records for monitoring, measurement, analysis and evaluation shall be kept.
Audit is defined by ISO as
â€œSystematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which audit criteria are fulfilled.â€
Internal audits are also called first party audits. They are undertaken to assess the working of the organizations Quality Management System and its conformance to ISO 9001:2015 and regulatory and statutory requirements. They also provide inputs to the management review and help in improving the system. They also find out the nonconformities and lead to corrective actions to remove the cause of nonconformity.
Reasons for a first party audit
- It is required by ISO 9001:2015 clause 9.2
- Provided feedback and control for management
- Leads to the correction of nonconformities before the external auditors find them
- Leads to systematic improvement of the quality management system
Management review is a very important part of an organizationâ€™s quality management system based on ISO 9001:2015. It is the most important source for continuous improvements. It can be used to bring together all the elements of your quality program and bring cohesiveness to it. It allows the organization to focus on trends, objective evidences as well as data based decisions. It is used to assess the performance of the QMS and find out opportunities for its improvement. It is held at-least once a year and is a platform for reviewing the quality policy and setting new quality objectives. It is important that the top management be involved in the management review.
The management review requires that a periodic review of the QMS shall be held so as to ensure it is suitable, adequate and effective. It is also required that the alignment of the Quality Management System with the organizationâ€™s strategic direction be checked. You should ask your ISO consultant to guide you one how to hold an effective management review.
It is the responsibility of the organization to find out and select opportunities for improvement in its management system, processes and products or services. It is also the responsibility of the ISO 9001 certified organization to implement actions in order to meet customer requirements and enhance customer satisfaction.
These actions can be the following:
- The organization shall improve products and services so as to meet product/service and well as statutory and regulatory requirements. Another reason for engaging in improvement activities is to meet future needs and expectations.
- Other actions can be correcting reducing or preventing undesired effects. These are highlighted during monitoring and internal audits and should be minimized.
- The third group of actions is improving the performance and effectiveness of the quality management system.
The strategies for improvements can be correction, corrective action, continual improvement, breakthrough change, innovation and re-organization of the business.