ISO 9001 Standard / ISO 9001 Standards – ISO 9000 Standard / ISO 9000 Standards Certification & Implementation

The implementation of an ISO 9001 conformance system must recognize that it is but a step in a long-term development of a continually improving QMS. Unfortunately, it is often the case that ISO 9001 is taken as a means to an end, where the implementation of a QMS is not the primary objective, rather certification is. As a result, SMEs may end up with stacks of documentation waiting to be processed that adds no value, but cost.
According to the requirements of ISO 9001, an organization must develop only six documented procedures: (1) control of documents, (2) control of quality records, (3) ISO 9001 Internal Audits, (4) control of non-conformities in ISO 9001 Standard, (5) ISO 9001 Standard Corrective Action, and (6) preventative action. A quality manual and several records are also required. The development of other ISO 9001 Standard Procedures, ISO 9001 Standard Work Instructions, and other ISO 9001 Standard documents is largely at the discretion of the organization. From the very beginning of the process, it is therefore essential that SMEs establish a balanced view between a short-term focus (marketing/sales) and a long-term focus (achieving company-wide quality awareness through TQM). ISO 9001 documentation should be considered as an enabler along that way and SMEs must guard against the creation of unnecessary documentation.

However, even when such a view is adopted, many SMEs struggle to move from their initial state to a fully functional ISO 9001 QMS. Over the last several years, we have been involved in ISO 9001 implementation projects in seven different SMEs. The SMEs have ranged in size from approximately 20 employees to 500 employees. The SMEs have been drawn from a variety of sectors in Virginia, including manufacturing, distribution, and services. Based on our experience, we developed a schematic of initial states of an organization in terms of the existence and functionality the ISO 9001 standard documentation required by the standard while functionality is equated with an effectively operated QMS that leads to increased customer satisfaction and continuous improvement of business results. A successful QMS must be fully functional and appropriately documented. With that in mind, there are four main states in which SMEs can be located in the beginning of the implementation process.

Visit http://www.iso9001store.com for more information on ISO 9001 Standard

ISO 9001 Standard Youtube video at http://www.youtube.com/watch?v=EsF8_iAeVIA

When an organization chooses not to pursue ISO 9001 certification or not to retain the ISO 9001 certificate, it should make no difference to the way the organization is managed. Its similar to the man who chooses not to take the
course examination. He still has the knowledge he has acquired whether or not he takes the exam and gets a certificate. What he cannot do is demonstrate to others that he has reached a certain level of education without having to prove it every time. People who know him dont care that he didnt take the exam. It is only those who dont know him that he will have difficulty convincing.

Many organizations were driven to seek ISO 9001 certification by pressure from customers rather than as an incentive to improve business performance and therefore sought the quickest route to certification. The critics called this
coercion and like most command and control strategies, believed it resulted in managers cheating just to get the badge. What was out of character was that suppliers that were well known to customers were made to jump through this
hoop in order to get a tick in a box in a list of approved suppliers. It became a necessary evil to do business. Certainly when perceived as a means to get a badge, the standard was no more than a marketing tool. It could have been
used as a framework for improvement but the way it was imposed on organizations generated fear brought about by ignorant customers who mistakenly believed that imposing ISO 9001 would improve quality. To achieve anything in our society we inevitably have to impose rules and regulations what the critics regard as command and control but unfortunately, any progress we make masks the disadvantages of this strategy and because we only do what we are required to do, few people learn. When people make errors more rules are imposed until we are put in a straightjacket and productivity plummets. There is a need for regulations to keep sharks out of the bathing area, but if the regulations prevent bathing we defeat the objective, as did many of the customers that imposed ISO 9001.

The International Organization for Standardization (ISO) is a managing body that was founded to provide quality and environmental management systems to industries across the world. The ISO 14001 and ISO 9001 standards are accreditations that are issued to organizations that meet or exceed the criteria set by the ISO. The certifications, which differ in criteria, have been proven to increase profitability and commercial status for the holding parties.

Some of the core differences between ISO 14001 and ISO 9001 stem from the criteria covered by each standard. As a quality management certification, ISO 9001 is awarded based on set standards being met in key areas. These areas include quality management systems, management responsibility, resource management, and how quality performance is measured, analyzed, and improved.

The standard ISO 14001 is an environmental management certification that is designed to assist organizations as they develop in-house environmental management systems. This standard is based on a model of continual improvement, which differentiates it from the fixed criteria that must be met to be awarded ISO 9001 accreditation. For an organization to achieve the certification, it must develop an ISO 14001-compliant environmental management system through a process of planning objectives, implementing processes, measuring and monitoring the processes, and improving the system based on the results of the monitoring stage.

As a part of ISO 14001 accreditation, a continual improvement process (CIP) is required. This CIP is based on expanding the environmental management system across all sectors of the business, using the system to enrich other processes and improving over time by continual monitoring. Many organizations seek to be awarded both ISO 14001 and ISO 9001 certification as it demonstrates a high overall standard of quality and environmental management structures.

The scope of each standard is what defines the differences between ISO 14001 and ISO 9001. The routes to accreditation and methods of maintaining the systems once certification has been achieved are similar across both standards. Both ISO 14001 and ISO 9001 standards can be applied for once a compliant management system has been implemented following the ISOguidelines. An intensive external audit will be required for either standard with an additional internal audit required for ISO 9001.

Both ISO 14001 and ISO 9001 are measures of the processes used by an organization, not the end product. This means that a company that holds ISO 9001 accreditation can still produce a poor end product providing the correct paperwork is in place and the quality is consistent. Similarly, ISO 14001 certification simply means that there is a system in place to meet that organization’s specific environmental targets.

Read more on ISO 14001 Standards at http://www.iso14000store.com

ISO stands for International standard organisationwhich is an non-governmental body. This body was developed in Switzerland in 1945, right after World War II. The reason behind the development of ISO is to create international standards for industrial and commercial products within a business. ISO is a network of the national standards institutes of 163 countries, one member per country, with a Central Secretariat in Geneva, Switzerland, that coordinates the system.

Standards ensure desirable characteristics of products and services such as quality, environmental friendliness, safety, reliability, efficiency and interchangeability – and at an economical cost. Receiving certification by the ISO means that a business has agreed to uphold certain standards and practices in its day-to-day operations. These standards are of particular importance when it comes to industries and commercial interests that may have a significant environmental impact through the discharge of waste of by-products. ISO standards are an internationally recognised set of benchmarks for any association that enable you to create as well as maintain a structured management system with a clearly defined set of processes.

ISO 9001 is known across the world as the standard for high quality business operations and management whereas ISO 14001 for environmental management. Both big and small companies prefer going by ISO 9001 and ISO 14001 standards because of its versatility and efficiency. Today, over 875,000 companies are ISO certified. The ISO 9001and 14001 standard is designed to be implemented in various business procedures necessary for the creation and quality control of a given product or service that a company offers. A solid monitoring and control system is incorporated, making sure that a company provides consistent, high-quality production outputs that always satisfy customer demands. ISO 9001and 14001 can be implemented in any process, regardless of the location of the company or department facility.

Having ISO 9001 Certification is an indication that a company or business firm is committed to providing customers with high quality products and services. It also shows that a company is willing to do what it takes to achieve better production efficiency. For environmental management system ISO 14001 helps you to identify the key impacts that you have on the environment, important legislation and then set about controlling as well as improving these impacts. These are the two traits all customers and organizations look for when choosing a company to do business with. An ISO 9001 certificate also shows that it has a solid and excellent Quality Management System that is capable of passing the rigors of independent and external auditing. By enhancing a company’s image in the customer’s eyes, an ISO 9001 certified business firm has a competitive advantage over other businesses in the same industry.

ISO 9001 Standards Requirements checklist

1. Has the organization established, documented, implemented and maintained a quality management system in accordance with the requirements of ISO 9001?

2. Is the effectiveness of the quality management system continually improved?

3. Has the organization:
a) Identified the processes needed for the quality management system including theirapplications throughout the organization?

b) Determined the sequence and interaction of these processes?

c) Determined the criteria and methods needed to ensure that both the operation and control of these processes are effective?

d) Ensured the availability of resources and information necessary to support the operation and monitoring of these processes?

e) Measured, monitored and analyzed these processes?

f) Implemented actions needed to achieve planned results and continual improvement of these processes?

4. Does the organization manage these processes in accordance with the requirements of ISO 9001?

5. Where processes that affect product conformity with requirements are outsourced, are the controls for these processes identified within the quality management system?

Management of the Audit Function In ISO 9001

An effective audit function should provide all levels of management an independent appraisal of their operations andassist them in achieving maximum efficiency while achieving overall organizational goals (Institute of Internal Auditors, “Standards for the Professional Practice of Internal Auditing”). However, before the manager of the organization’s audit function can begin to promote the audit department’s positive contributions to the organization, improve upon the products generated by auditing (i.e., audit reports, analysis), or contribute to the overall continuous improvement of the organization in general, the audit department’s leadership must seek feedback on its own performance. There are many sources of feedback; both internal and external to the audit department.

In order to meet the ISO 9001 Quality Standards, the business organization need to fulfill the following:

Standardizing Quality Systems

The ISO, or International Organization for Standardization, was established in 1947 to develop international standards for everything from electronics to management systems. Having over 13,000 standards currently in place, ISO has created the auditing and certification process known as ISO 9001. This began the drive toward quality standards.

Improving Customer Satisfaction

Companies choose to implement ISO 9001 and get certified because many customers and industries require it. By keeping customers happy, they can increase sales and profitability for their business. And if an area of the company’s program appears to be too bureaucratic and non-value-adding, then it might also be an area for continuous improvement efforts.

Enhancing Company Performance

Both customers and industries alike use ISO certification as a way to evaluate and audit their suppliers and products. Through an independent verification process, customers can gain assurance of their suppliers’ products. And as a supplier becomes certified, the testing requirement is waved, which saves the company both time and money.

Developing Best Practices

Employed as a “Best Practices” model, ISO 9001 utilizes the philosophy of the “Plan-Do-Check-Act” continuous improvement cycle to achieve requirements. This process approach centers around eight quality management principles used by management as a guide toward improving performance and identifying the main elements needed in a good quality system:

1. Customer Focus
2. Leadership
3. Involvement of People
4. Process Approach
5. Systems Approach to Management
6. Continuous improvement
7. Factual Approach to Decision-Making
8. Mutually Beneficial Supplier Relationship

Building Stable Processes

ISO 9001 policies, procedures and forms can provide employers, managers and employees with a systematic and consistent approach to implementing policies, plans, procedures and work routines. Instead of building their own policies and procedures from scratch, some companies prefer to hire professional writers that have already prepared a set of written policies and procedures to help on the way to certification.

Auditing a Company System

In the certification process, an independent registrar will perform an on-site audit of a company’s operations to verify that it complies with the ISO standard. If the business complies, then that company will be registered as ISO 9001 compliant.

Meeting Company and Customer Needs

On the way to certification, a business can meet its ISO needs by:

• Using well-defined processes and procedures to build stable processes
• Training in the audit and certification process
• Continuously improving with ISO 9001 standards

Noticing the Difference

With complete procedures manuals for ISO 9001 Quality Management System, required HR procedures, and an ISO training class, a template like an ISO 9001 Quality Manager Procedures Manual Series can help a business on its way to ISO 9001 certification. Sometimes the effort can be very great, but companies typically notice a remarkable difference in efficiency and effectiveness after the first year.

Identiication Of Processes In ISO 9001 Standards

Configuration management is about managing change of the multiple items composing an information system. This article puts in reference the configuration management function andthe ISO 9001 standard. This standard offers a wide range of advice on how todeal with this important, but often neglected, aspect of software engineering.

The software engineering practices associated with software configuration management (SCM or CM) offer a number of opportunities to addressrequirements found in the International Standard, ISO 9001. From a managementperspective, the principles and practices of CM represent an accepted andunderstood foundation for implementing ISO-compliant processes in softwareengineering organizations. In addition, the growing number of tools forautomating CM practices is chance for improving the efficiency and effectiveness of these processes.

This article begins with brief, general definitions of configuration management and of ISO 9001.

While there is no single definition of CM, there are three widely disseminated views from three different sources: the Institute ofElectrical and Electronics Engineers (IEEE), The International Organisation forStandardisation (ISO), and the Software Engineering Institute (SEI) at Carnegie Mellon University.

A most widely understood description of the practices associated with configuration management is found in the IEEE Standard 828-1990,Software Configuration Management Plans.

[Numbers in brackets are added]

“SCM activities are traditionally grouped into four functions: [1] configuration identification, [2] configuration control, [3]status accounting, and [4] configuration audits and reviews.”

IEEE Standard 828-1990 goes on to list specific activities associated with each of the four functions (the number of the paragraphcontaining the reference appears in parentheses):

• Identification: identify, name, and describe the documented physical and functional characteristics of the code, specifications, design, and data elements to be controlled for the project. (Paragraph 2.3.1)
• Control: request, evaluate, approve or disapprove, and implement changes (Paragraph 2.3.2)
• Status accounting: record and report the status of project configuration items [initial approved version. status of requested changes, implementation status of approved changes] (Paragraph 2.3.3)
• Audits and reviews: determine to what extent the actual configuration item reflects the required physical and functional characteristics (Paragraph 2.3.4)

This list is similar to the set of activities noted by Pressman:

“Software configuration management is an umbrella activity … developed to (1) identify change, (2) control change, (3) ensure that change is being properly implemented, and (4) report change to others who may have an interest.”

In the guideline document, ISO 9000-3:1991 Guidelines for the application of ISO 9001 to the development, supply and maintenance of software, the International Organisation for Standardisation identifies a similar set of practices as CM:

“Configuration management provides a mechanism for identifying, controlling and tracking the versions of each software item. In many cases earlier versions still in use must also be maintained and controlled.

“The [CM] system should

“a) identify uniquely the versions of each software item;

“b) identify the versions of each software item which together constitute a specific version of a complete product;

“c) identity the build status of software products in development or delivered and installed;

“d) control simultaneous updating of a given software item by more than one person;

“e) provide coordination for the updating of multiple products in one or more locations as required;

“f) identify and track all actions and changes resulting from a change request, from initiation … to release.”

Based on a review of currently available tools and an evolving understanding of the organizational role of CM, the SEI advocates a broader definition of CM in SEI-92-TR-8:

“The standard definition for CM taken from IEEE standard 729-1983 [updated as IEEE Std 610.12-1990] includes:

“Identification: identifying the structure of the product, its components and their type, and making them unique and accessible in some form

“Control: controlling the release of product and changes to it throughout the life cycle …

“Status Accounting: recording and reporting the status of components and change requests, and gathering vital statistics about components in the product

“Audit and review: validating the completeness of a product and maintaining consistency among the components …

“[The IEEE] definition of CM … needs to be broadened to encompass … :

“Manufacturing: managing the construction and building of the product

“Process management: ensuring the correct execution of the organization’s procedures, policies, and life-cycle model

“Team work: controlling the work and interactions between multiple developers on a product.”

In 1987, the International Organisation for Standardisation in Geneva Switzerland published ISO 9001, Quality Systems – Model for quality assurance in design / development, production, installation, and servicing.

ISO 9001 is the most comprehensive model in the ISO 9000 series of standards. It describes a minimum set of activities found in companies and organizations that consistently produce products that satisfy customer requirements. The policies, procedures, standards, records, and associated business activities are the quality system. While ISO 9001 is written to describe any company providing any product or service, it tends to employ manufacturing terminology, which must be interpreted for non-manufacturing environments, including service and software providers.

To ensure a uniform interpretation of ISO 9001 for software engineering organizations, ISO published ISO 9000-3, Guidelines for the Application of ISO 9001 to the development, supply and maintenance of software.

The key issues ISO 9000-3 addresses are those:

• Product exists earlier in software (during design and development)
• Software product can be proliferated easily

Focusing on these issues mirrors the guidance in Clause 7.4 of ISO 9000-1:1994:

The process of development, supply, and maintenance of software is different from that of most other types of industrial products in that there is no distinct manufacturing phase. Software does not “wear out” and, consequently, quality activities during the design phase are of paramount importance to the final quality of the product.

Note that ISO 9000-1 and ISO 9000-3 provides guidance. ISO 9001 is the only source of the requirements against which compliance in software engineering practices is assessed.

ISO 9001 and Configuration Management

Tracing the relationship between ISO 9001′s requirements and CM practices begins with an examination of the guidance in ISO 9000-3.

ISO 9000-3 and configuration management

ISO 9000-3 contains two appendices, Annex A and Annex B, that provide cross-references between ISO 9001 and ISO 9000-3. According to Annex A, five sections of ISO 9001 correlate to ISO 9000-3, Paragraph 6.1, Configuration Management:

• 4.4 Design control
• 4.5 Document data control
• 4.8 Product identification and traceability
• 4.12 Inspection and test status
• 4.13 Control of nonconforming product

Each of these sections of ISO 9001 contains a portion of the traditional CM process.

4.4 Design control addresses all of the steps in the software development life cycle: planning, specification, design, coding, testing

Section 4.4 requires that design inputs and outputs be documented, reviewed, verified, controlled, approved, and modified according todocumented procedures. Design inputs and outputs include plans(project life cycle definition), specifications, prototypes, requirementsdocuments, progress reports, review results, test plans, test cases/scripts, development tools, code, and test reports.

ISO 9001 4.4.9 Design changes, in conjunction with ISO 9001 4.14.2 Corrective action, and 4.13 Control ofnonconforming product, requires that each change be traceable to an appropriate source and approval.

For software product there should be a clear path between a change request spawned by a fault report or enhancement request and a change ina specific product component to correct the fault or to implement the enhancement.

An interested party should be able to pick up the path at any point and follow it forward to the released change and backward to the changerequest or to the fault report.

4.5 Document and data control addresses the identification, protection, approval, and availability of current issues of allpertinent product- and project-related documents, including designs, specifications, plans, and schedules.

Because a fundamental function of CM is making current configuration items available, the CM practices and tools can be applied to thecontrol of product- and process-related documentation and data.

4.8 Product identification and traceability requires that each version of a configuration item be identified by some appropriate means.

4.12 Inspection and Test Status requires procedures to identify what verification steps and tests have been completed and what resultshave been achieved by the product or product components at each phase in the defined development life cycle.

4.13 Control of Nonconforming Product requires procedures to ensure that untested, defective, or incorrect versions (e.g., down level) ofthe product are not inadvertently used. This paragraph of ISO 9001also requires a procedure to determine the disposition of nonconforming product at all stages.

For software, the bulk of the activity related to non-conforming product is in the correction of faults identified during allphases of development (e.g., during requirements definition, prototyping,integration testing, and beta testing) and after the product has been released (e.g., customer reported faults).