Iso9001 2008 Transition Asq Govind

ISO 9001:2008 Impact Assessment & Transition planning Govind Ramu, P.Eng, ASQ CQMgr, CQE, CSSBB, CQA, CSQE, CRE, ASQ Fellow, QMS 2000 Principal Auditor IRCA (UK) Past Section Chair Ottawa Valley- ASQ Canada http://www.asq.org/sixsigma/about/govind.html

ISO 9001:2008 – Why this amendment? ISO 9000 series standards periodically go through continual review to keep standards up to date. The review process involve: – A global user questionnaire/survey – A market Justification Study – Suggestions arising from the interpretation process – Opportunities for increased compatibility with ISO 14001 – The need for greater clarity, ease of use, and improved translation Current trends: Keeping up with recent developments in management system practices. (e.g. outsourcing) “ISO 9001:2008 does not introduce additional requirements nor does it change the intent of the ISO 9001:2000 standard”.

ISO 9001:2008 – What to do? FACT: There are NO NEW requirements. The transition should be accomplished with minimal effort and should be smooth. REALITY: This does not mean organizations sit back and receive an ISO 9001:2008 certificate from the registrars with no effort! I believe organizations should perform due diligence in reviewing the amendments to the standard and assess the impact- effort. The very reason, ISO has taken the effort to clarify requirements in over 60 instances within the standard tells us that there has been inconsistencies and opportunities for misinterpretation of the requirements. This is why: What if a small organization had their consultant as Quality Management representative? What if an organization thus far only trained employees who work on product quality? What if an outsourced process did not have adequate controls in relation to risk?

ISO 9001:2008 – How to go about? Planning Communication Execution Purchase copies of ISO Let your management Changes to Quality Manual, related 9001:2008. (Check your know of the change to documentation. external document the standard and impact. distribution list to see the number of copies to be Let your employees Where applicable, revise internal purchased). know of the change to audit checklists. the standard. Read and understand transition guidance Changes summary Training material Let your registrar know documents from the ISO for auditors and appropriate of your intent to transition website. employees. to new standard in the next planned audit. Compare the changes to 2000 Standard and Address changes to QMS in the create change analysis management review, perform internal If contractually required, audits using new standard. let your customers know that you are planning for What does these this transition. changes mean in terms Get your registration audit completed of impact ? Perform to the new standard. Impact assessment Let your supplier Quality Make any required changes to Review the impact function find out if your Intranet, Internet posting, marketing, assessment with your suppliers are aware of promotional materials, etc (after internal auditors and this amendment and are receipt of new ISO 9001:2008 extended QMS team. planning to transition. registration certificate)

ISO 9001:2008 – What should auditors do? Understand The organization's activities and processes and appropriately audit against the requirements of the ISO 9001 in relation to the organization's objectives. The requirements of the ISO 9001:2008. The concepts and terminology of the ISO 9000:2005. The eight Quality Management Principles ISO 9004 (general understanding) Familiarity with the auditing guidance standard ISO 19011 Key differences between 2000 and 2008 version. The implications of these differences for effective auditing. Attend 2 hours of professional development training. This may be achieved by: Reading relevant materials (items mentioned above) On the job training, in house training Conference, seminar, etc e.g. section program event.

Graphical Summary of Changes See attachment for detailed item by item change analysis Requirement Change does Minor Impact? – No – not mean NEW requirement. does not automatically mean This standard has NO new Major impact. requirement. Hence this is This depends on the current called amendment. maturity of the organization.

ISO 9001:2008 Key changes & guidance

4.1 on Outsourced process ISO 9001:2008 clause 4.1 states: “Where an organization chooses to outsource2 any process that affects product conformity to requirements, the organization shall ensure control over such processes. The type and extent of control3 to be applied to these outsourced processes shall be defined within the quality management system. Note 2: about Outsourced process Note 3: guideline for type and extent of control

4.1 Outsourced Process (some background) An “outsourced process” is a process that the organization needs for its quality management system and which the organization chooses to have performed by an external party. (E.g. contract manufacturing, subcontracting, consulting, calibration, maintenance, etc) An outsourced process can be performed by a supplier that is totally independent from the organization. An outsourced process can be performed by part of the same parent organization (e.g. a separate department or division that is not subject to the same quality management system) Outsourced process may be provided within the physical premises or work environment of the organization, at an independent site, or in some other manner. (e.g. virtually)

4.1 Outsourced Process (criteria for controls) ISO 9001:2008 Clauses 7.4 and 4.1 are applicable. The organization has to demonstrate that it exercises sufficient control. The nature of this control will depend on – the importance of the outsourced process, – the risk involved (the potential impact), and – the competence of the supplier to meet the process requirements. Ensuring control over outsourced processes does not absolve the organization of the responsibility of conformity to all customer, statutory and regulatory requirements. For special processes- Ensure that the control over the outsourced process includes process validation in accordance with ISO 9001:2008 clause 7.5.2.(e.g. ion implantation, wire bonding, epoxy joint, etc)

4.1 Outsourced Process- Scenarios When an organization has the competence and ability to carry out a process, but chooses to outsource that process (for commercial or other reasons). – Defined process control criteria. (e.g. Procurement specifications, control plan, quality plan, etc) – Criteria transposed into requirements for the supplier of the outsourced process. (if necessary) (e.g. service level agreements, contracts, etc.) When the organization does not have the competence to carry out the process itself, and chooses to outsource it. – Ensure that the controls proposed by the supplier of the outsourced process are adequate. – involve external specialists in making this evaluation (where essential)

4.2.1 Documentation requirements (General) to ensure that documents of external origin determined by the organization to be necessary for the planning and operation of the quality management system are identified and their distribution controlled, and The amendment provides clarity on external documents. – identify and control the distribution of only those external documents that are needed to plan and operate our QMS. – In other words, only relevant external QMS documents need to be controlled, not all of them. (ISO 9000 series standards, ISO 19011, ANSI/ASQ Z1.4, Z1.9, Telcordia, product safety standards, etc are examples of relevant external QMS document)

6.2.1 Human resources - Competency Personnel performing work affecting conformity to product quality requirements shall be competent on the basis of appropriate education, training, skills and experience. – Note: Conformity to product requirements can be affected directly or indirectly by personnel performing any task within the quality management system. – Product quality requirement changed to product requirements. – This opens up the requirement- any task within the QMS may directly or indirectly affect the organization’s ability or willingness to meet product requirements. – competence of anyone who carries out any task related to Quality Management System needs verification.

7.6 control of monitoring and measuring equipment Notes: Confirmation of the ability of computer software to satisfy the intended application would typically include its verification and configuration management to maintain its suitability for use. This is not a requirement change but important clarification. Complex measurement test system that uses hardware (also firmware), software, integration to provide output will require verification (testing against a set of software requirements) and controlling the configuration (version control) Changes to configuration may have impact on intended application, performance, calibration, etc.

8.5.2,3 Corrective and preventive action reviewing effectiveness of the corrective action taken. reviewing effectiveness of the preventive action taken. Effectiveness: Extent to which planned corrective/ preventive actions are realized and planned results achieved. – CA Effectiveness: Monitoring the process for defect trending using trend chart, PAYNTER charts, use of sampling methods will reveal if there are any recurrence. – PA Effectiveness verification require monitoring across the organization for any recurrence. This may involve effective communication, centralized knowledge management and consolidated systemic effort.

Other changes 4.2.1- QMS documentation includes not only the records required by the standard but also the records that your organization needs to have in order to be able to plan, operate, and control its QMS processes. 4.2.1 makes it clear that a single document may contain several procedures or several documents may be used to describe a single procedure. 5.5.2 Standard now makes it clear that the management representative must be a member of the organization’s own management. (Consultants, outsiders are no longer allowed to be QMR) 6.3.c infrastructure that includes support services like quot;communicationsquot; can also mean information systems.- Consider, Information Security 7.2.1 Note: post delivery requirements include things like warranty provisions, contractual obligations (such as maintenance), and supplementary services (such as recycling and final disposal). 7.3.1. Note: development review, verification, and validation activities serves a different purpose. However, standard makes it clear that these three activities can be carried out and recorded separately or in any combination 7.3.3. Note: design and development outputs could include information that explains how products can be preserved during production and service provision. Red fonts- Items to ponder

Reference: ISO 9001:2008 standard. ISO 9000:2005 standard ISO9001:2008 Introduction and support package Downloads from IRCA UK Requirements for QMS auditor http://www.praxiom.com/iso-new.htm

Iso9001 2008 Transition Asq Govind

by Govind Ramu

Accessibility

Upload Details

Usage Rights

3 Embeds 11

Statistics